From jimbell at pacifier.com Sat Jun 1 00:45:28 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 1 Jun 1996 15:45:28 +0800 Subject: "Anonymity is bad," says a source who wishes to remain anonymous Message-ID: <199606010435.VAA24130@mail.pacifier.com> At 07:27 PM 5/31/96 -0700, Timothy C. May wrote: >In both cases--and these were not the first such cases I've seen--a source >"who wishes to remain anonymous" is announcing just how bad and dangerous >crypto, anonymity, remailers and stuff like that are. > >"But the official, speaking on condition of anonymity, insisted that any >computer system that did not include a way for authorities to decipher data >would 'pose very costly and time-consuming problems' for law enforcement >officials." But Tim, you know he is absolutely and literally correct! It will, indeed, cause SERIOUS problems for those law-enforcement officials. It'll put'em out of a job, at the very least. Termination. Possibly with extreme prejudice. Seriously, however, for once I'd like to see some reporter pursue this kind of allegation with the person they're talking to. He should ask, "what percentage of existing crime could be accomplished more effectively with good encryption that the cops can't break." The truthful answer is, "not too damn much!" It seems to me that official-types must be thinking overtime about this kind of thing, because we're getting so much out of them along these lines. They're scared, for sure. Jim Bell jimbell at pacifier.com From adamsc at io-online.com Sat Jun 1 00:56:34 1996 From: adamsc at io-online.com (Chris Adams) Date: Sat, 1 Jun 1996 15:56:34 +0800 Subject: Ok, what about PGP (was: MD5 collisions) Message-ID: <199606010433.VAA21006@toad.com> On 29 May 1996 19:03:04 pdt, wlkngowl at unix.asb.com wrote: >I poked around the pgp.h and pgformat.txt files in the PGP 2.6.2 >distribution. There *are* designator bytes for the hash (and cipher) >algorithms, hash size, etc. > >It seems quite doable to add support for SHA-1 signatures (and possibly key >generation for encrypting secret keys?). > >Adding 3DES (and maybe Luby-Rackoff-SHA, assuming it hasn't been cracked >recently at the Fast Software Conf.... more info?!?) would be nifty too... >unless, of course, there's meaning to the Real Soon Now that PGP3 folx >claim. How about a NSA-stomper option that would use all-of-the-above? For the truly paranoid (or owners of Pentium-Pro 200Mhz multi-processor machines Also, what's the verdict on IDEA? Is there a switch yet that would allow straight RSA? (with the obvious speed decrease...) >I'd work on the hack now (and just might...) but I'm stuck stranded in the >United States. :( I've always wondered what it says about a country that is afraid to let its citizens work on privacy... /* From Chris Adams on a Warped PC running a proudly unregistered (for now) PMMAIL 1.5! The Enigman Group - We do Web Pages! */ This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. From shamrock at netcom.com Sat Jun 1 01:10:33 1996 From: shamrock at netcom.com (Lucky Green) Date: Sat, 1 Jun 1996 16:10:33 +0800 Subject: Statistical analysis of anonymous databases Message-ID: At 0:56 6/1/96, Alan Horowitz wrote: >> In medical research, third party audit, i.e., the Department of Health and >> Human Services, is often required. A simple pseudonym picked by the patient >> won't do. > > It's not clear to me that the second sentence follows from the first. HSS needs to verify that the researcher didn't just make up the data. The Department therefore has to be able to audit the results of the study by contacting a small subset of the participants directly. How can the Department contact the participants if they are known only under their nyms? No, pseudonymous remailers are not a valid answer. All this has to be done without requiring any type of email/Internet access. US Mail only. Disclaimer: My opinions are my own, not those of my employer. -- Lucky Green PGP encrypted mail preferred. From alanh at infi.net Sat Jun 1 01:10:50 1996 From: alanh at infi.net (Alan Horowitz) Date: Sat, 1 Jun 1996 16:10:50 +0800 Subject: Statistical analysis of anonymous databases In-Reply-To: Message-ID: > In medical research, third party audit, i.e., the Department of Health and > Human Services, is often required. A simple pseudonym picked by the patient > won't do. It's not clear to me that the second sentence follows from the first. All the time, in medical or official identification situations (clearances, weapons permits, etc) I'm asked how tall I am. I can't remember ever being measured. Thus, the answer I give about my height, might as well be "made up" by me. I guess they do have to bother measuring homocide victims - they can't talk...... From WlkngOwl at unix.asb.com Sat Jun 1 01:14:22 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sat, 1 Jun 1996 16:14:22 +0800 Subject: FTC online workshop on privacy Message-ID: <199606010555.BAA24442@unix.asb.com> On 23 May 96 at 7:46, Declan B. McCullagh wrote: [..] > More to the point, the left and the right come together on privacy issues. > > Remember the Christian Coalition's take on national ID cards? "Mark of > the Beast!" (Does anyone have an original cite for this? I also recall > the CC opposing Clipper...) There was actually a pretty good special on the 700-Club when Clipper first came out (at least from a transcript posted on the comp.org.eff newsgroup). Yep. They were against it. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From WlkngOwl at unix.asb.com Sat Jun 1 01:27:16 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sat, 1 Jun 1996 16:27:16 +0800 Subject: The Political Map [NOISE?] Message-ID: <199606010555.BAA24446@unix.asb.com> On 23 May 96 at 9:45, Bill Frantz wrote: > This is because any analysis of political opinion that tries to reduce it > to a one dimensional metric is ipso facto wrong. Two dimensions gives you > a much better match. (Try personal freedom on one axis and economic > freedom on the other.) I suspect the more dimensions you include, the > better you analysis will be. Just two dimensions? I'd be cautious of the personal freedom scale, since many groups aren't consistently in one place there. Certain groups assign priorities to some freedoms over others, as well as who those freedoms apply to, etc. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From WlkngOwl at unix.asb.com Sat Jun 1 01:35:23 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sat, 1 Jun 1996 16:35:23 +0800 Subject: The Anti-Briefing... Message-ID: <199606010555.BAA24461@unix.asb.com> On 24 May 96 at 10:12, Peter Wayner wrote: > I'm sure the "Briefing" is quite impressive and it includes > several strong arguments for government surveillance. There are > bound to be more than a few kids that are alive today thanks to > eavesdropping and the quick thinking of folks in FBI, NSA et al. > > That being said, I'm sure that there is also an "anti-Briefing" > that can be given that illustrates that the huge cost of [..] So where did J.Edgar Hoover's infamous "Blue Files" go? Then again, what about the alleged pictures of him wearing a dress and going down on his (male) companion? It seems invoking the name of L.Ron Hoover and the Church of Applientology does plenty for an 'anti-briefing'. > redesigning the phone system and forcing businesses and people > to operate without protection. Here are some examples from the > recent press that I think are good arguments for why strong > crypto won't change the status quo. On the contrary. Much of the status quo needs to be changed. [..] > Some might argue that if weak crypto can save one child's life > than it is worth it. This is a strong, sentimental argument, but Worth what? Ruining his life when he becomes an adult? Or preventing him from ever becoming an adult? --Mutant Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From bogus@does.not.exist.com Sat Jun 1 01:41:00 1996 From: bogus@does.not.exist.com () Date: Sat, 1 Jun 1996 16:41:00 +0800 Subject: No Subject Message-ID: <199606010545.WAA16309@netcom.netcom.com> yes -- Love, Qut at netcom.com From bogus@does.not.exist.com Sat Jun 1 02:00:35 1996 From: bogus@does.not.exist.com () Date: Sat, 1 Jun 1996 17:00:35 +0800 Subject: No Subject Message-ID: <199606010453.VAA05321@netcom.netcom.com> ! > Copyright 1996 The New York Times Company ! > ^^^^^^^^^^^^^^ ! > Report Warns of Security Threats Posed by Computer Hackers ! > ^^^^^^ ^^^^^^^^ ^^^^^^^ ! > [W] ASHINGTON -- Government investigators warned ! > Wednesday that computer hackers cruising the ! > ^^^^^^^^ ! > Internet posed a serious and growing threat to national ! > ^^^^^^^^ ! > security, with the Pentagon suffering as many as 250,000 ! > ^^^^^^^ ! > "attacks" on its computers last year. ! > ^ ^ ! > ! > ! > -- ! > Love, ! > Qut at netcom.com ! > -- Love, Qut at netcom.com From bogus@does.not.exist.com Sat Jun 1 02:02:16 1996 From: bogus@does.not.exist.com () Date: Sat, 1 Jun 1996 17:02:16 +0800 Subject: No Subject Message-ID: <199606010614.XAA20292@netcom.netcom.com> gui is jw unix i ns From tcmay at got.net Sat Jun 1 02:32:24 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 1 Jun 1996 17:32:24 +0800 Subject: "The 666 Club" Message-ID: At 1:27 AM 6/1/96, Deranged Mutant wrote: >On 23 May 96 at 7:46, Declan B. McCullagh wrote: >[..] >> More to the point, the left and the right come together on privacy issues. >> >> Remember the Christian Coalition's take on national ID cards? "Mark of >> the Beast!" (Does anyone have an original cite for this? I also recall >> the CC opposing Clipper...) > >There was actually a pretty good special on the 700-Club when Clipper >first came out (at least from a transcript posted on the comp.org.eff >newsgroup). > >Yep. They were against it. I saw a videotape of this episode of "The 700 Club," in November 1992. Pat Robertson and his co-anchor were worked up about (and against) Clipper. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From ogren at cris.com Sat Jun 1 04:27:17 1996 From: ogren at cris.com (David F. Ogren) Date: Sat, 1 Jun 1996 19:27:17 +0800 Subject: Where does your data want to go today? Message-ID: <199606010706.DAA29049@darius.cris.com> -----BEGIN PGP SIGNED MESSAGE----- Me: > >Using a random IV also limits the effectiveness of using known > >headers for "known plaintext" attacks. Also note that a good block > > cipher isn't that vulnerable even to "known plaintext" attacks. Bill Frantz: > I don't think this is true given a brute force attack. Let me > assume DES-CBC as a specific system. Let us assume that the > plaintext is: > > The brute force system decrypts the first, and second blocks (8 > bytes each) of the cyphertext, XORs them, and compares the result > with "PKZIP2.1". If the comparison is equal it has the key. > > If we eliminated the header and just started with the compressed > data, then the brute force system would have to decrypt and > decompress enough of the data to run statistical tests. The cost of > the additional decryptions, decompression, and statistical tests > substantially raise the cost of the brute force attack. I will concede that having a known header, such as a PKZIP header, does weaken a crypto to certain degree, but I still believe that it is not a significant problem. Here's why: 1. If the best attack against the crypto system is to brute force attack (having to decrypt two blocks per key) I don't consider that a weakness. Assuming you are using IDEA or another 128 bit key algorithm and if everyone in the world owned two computers, each powerful enough to make a million attacks a second, and they all decided to cooperate in cracking your key it would still take (on average) until the next ice age to complete this attack. Admittedly DES wouldn't hold up nearly as well, but if you are using straight DES you have bigger concerns than the occaisional known plaintext attack. 2. Known plaintext is something that you have to assume that your enemy has at least occaisional access to. Lots of messages have known beginnings and endings. Sure it would be nice to reduce the amount of known plaintext, but I think there are much more significant concerns. 3. The disadvantages of not having the headers. The headers are there for a reason: to communicate that the following file is in a specific format. Without the headers, you have to use another secure channel to communicate what file type is being transmitted. Again, I concede that a crypto system would be more secure if no known plaintext was ever transmitted, such as compressed file headers. But this minor loss of security is nearly inescapable and also relatively insignificant. David F. Ogren ogren at concentric.net PGP Key ID: 0xC626E311 PGP Key Fingerprint: 24 23 CD 15 BF 8D D1 DE 81 71 84 C8 2C E0 4B 01 (public key available via server or by sending a message to ogren at concentric.net with a subject of GETPGPKEY) -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMa/qu/BB6nnGJuMRAQH8MAP/epcVGiS+9U1aWs1diuiVsMSjellYRjNm p9huFrzT9eaBrfVz0MI2yhZ8IWNctDWznQdmtcmdRKoFm5Knfu+vIyKH6oILplyB dgfPsSh3R/pJKXs2hD4q8PgE+laaTyFZyW1MqPbAjlKUS/T1w9bhL3lQnsrKZPf+ Qyxa19Vlya0= =sHIE -----END PGP SIGNATURE----- From bqm1808 at is.nyu.edu Sat Jun 1 04:35:57 1996 From: bqm1808 at is.nyu.edu (Brendon Macaraeg) Date: Sat, 1 Jun 1996 19:35:57 +0800 Subject: [Off-Topic] "Curfews" Message-ID: <1.5.4.32.19960601090003.006cec9c@is.nyu.edu> hi Tim and all: Been lurking on this list for about a month and find it really interesting. I'm still working my way through the FAQ from the talk.politics.crypto newsgroup to get up to speed, but have been using PGP for about six months now. I've been toying with starting an anon-remailer as well....that Quickremail program looks cool...anyone install and run it yet? I think Tim's post relates to the idea that we're living in a society that finds it acceptable to monitor our movement of all sorts. Not just physical, but --for lack of a better word-- virtual as well. By that I mean, organizations both large and small have the means to track our purchases and activities --generally, any activity that is logged or leaves a data/paper trail says something about us and creates a virtual persona-- and using such info. to make inferrences about our lifestyles. Just the other day I had a heated talk with someone about drug tests in the workplace. She said they're fine. Frankly, I am against them. Take your jar and shove it. "Life, Liberty, and the Pursuit of Happiness" implies a right to privacy. That's why I started using PGP and want to make an effort to keep up on topics related to keeping my life private and shielded from those who would like otherwise. What will employers want to know next? What movies I rent? What books and magazines I read? What else do I do on my freetime that may or may not be "unacceptable"? I worry that our personal lives are becoming more and more regulated by government, regulation that allows employers and other institutions to rationalize their privacy-invading actions and that's why I too find Clinton's push for a state-instituted curfew disturbing as well. What next? Will my employer start telling me I have to be home by 11 p.m. so I can be a happier, more productive worker? -B At 07:08 PM 5/31/96 -0700, you wrote: > >As I said, should such curfews become widespread, children will of course >need forms of age identification, and this opens yet another door for >universal I.D. cards. And for "travel papers." > >Maybe it would be easier to just put a tattoo on their arms--especially as >the younger generation is so into tattoos these days. "Pappieren, bitte. >Macht schnell!" > > ===================================================== Brendon Macaraeg http://www.itp.tsoa.nyu.edu/~brendonm Finger macaragb at acf2.nyu.edu for my PGP Public Key From rah at shipwright.com Sat Jun 1 05:44:22 1996 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 1 Jun 1996 20:44:22 +0800 Subject: Cassidy's Sacremento Bee article. In-Reply-To: Message-ID: As I said here before, cypherpunk (and DCSB founder) Peter Cassidy, who did an article in the last Wired on the Bernstein case, just did a story on the NSA's involvement in the digital telephony bill in this Sunday's Sacremento Bee. Pete says, > I spoke with an editor at the BEE. The story takes up most of the front > section of the FORUM section. Headline screams: > SILENT COUP IN CYBERSPACE > US Intelligence Agencies Threaten Businesses and Personal Privacy. Since this story is also supposed to hit the wires, it would be interesting if it goes anywhere else... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "If they could 'just pass a few more laws', we would all be criminals." --Vinnie Moscaritolo The e$ Home Page: http://www.vmeng.com/rah/ From rah at shipwright.com Sat Jun 1 06:01:24 1996 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 1 Jun 1996 21:01:24 +0800 Subject: Paper about legal aspects of electronic cash Message-ID: --- begin forwarded text From: "Simon Schlauri" To: "ecash at digicash.com" Date: Sat, 01 Jun 96 11:56:48 Reply-To: "Simon Schlauri" Priority: Normal Subject: Paper about legal aspects of electronic cash Sender: owner-ecash at digicash.com Precedence: bulk Hello all I'm a law student at the University of Zurich, Switzerland. During the last months I've been working on an paper about legal aspects of electronic cash, in which DigiCash's ecash is one of the two main models I examined. The main part of the paper consists of a thesis on the qualification of ecash as an analogy to bank cheques or private banknotes based on digital documents. The paper contains a large list (40 items) of further literature, too. This paper is now available via Internet at the following Address: http://www.inf.ethz.ch/department/IS/ea/iur/1996/Arbeiten.html with a link to the file ftp://ftp.inf.ethz.ch/pub/org/ti/ga/Patru/legal/1996/schlauri.ar.ps (PostScript, 36 pages, about 370K. The paper is written in German.) I'm looking forward to your comments. Regards Simon Schlauri ______________________________ Simon Schlauri St.Gallen, Switzerland schlauri at pobox.com http://www.pobox.com/~schlauri --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "If they could 'just pass a few more laws', we would all be criminals." --Vinnie Moscaritolo The e$ Home Page: http://www.vmeng.com/rah/ From nobody at REPLAY.COM Sat Jun 1 06:10:52 1996 From: nobody at REPLAY.COM (Anonymous) Date: Sat, 1 Jun 1996 21:10:52 +0800 Subject: Find Article. (Hack China?!?) Message-ID: <199606011027.MAA29937@basement.replay.com> Posted in alt.privacy..... In article <4oo7dj$3am at sunrise.pku.edu.cn> deezxl at sunstation2.tsinghua.edu.cn (HOME_Xuelong Zhu) writes: From: deezxl at sunstation2.tsinghua.edu.cn (HOME_Xuelong Zhu) Subject: Find Article. Date: 1 Jun 1996 01:46:27 GMT Please tell me where I can find the WWW site or FTP site with many articles (thesis,all kinds of paper,etc) about date security and cryptology. please send your answer to deezxl at tsinghua.edu.cn Thank you very much. -- From jya at pipeline.com Sat Jun 1 06:45:36 1996 From: jya at pipeline.com (John Young) Date: Sat, 1 Jun 1996 21:45:36 +0800 Subject: NYT on NRC Report Message-ID: <199606011049.KAA14185@pipe2.t1.usa.pipeline.com> The New York Times, May 31, 1996, p. D2. White House Challenged on Data Security By John Markoff The United States Government should immediately relax export controls on electronic data coding products and allow the computer, software and telecommunications industries to set data security standards, a new report urged yesterday. The report, commissioned by Congress and prepared for the National Research Council of the National Academy of Sciences, stands in direct opposition to existing Clinton Administration proposals for data security standards and for linking the relaxation of export controls to the adoption of such standards. The report calls for the widespread commercial adoption of technologies used to prevent illegal wiretapping of computer data, telephone, cellular and other wireless communications. The National Research Council provides science and technology advice under a Congressional charter. The report also states that despite creating potential problems for law enforcement agencies by making it easier for criminals to shield their communications from Government wiretappers, cryptography would also help prevent crime by sheltering communications and electronic transactions from the prying eyes of electronic interlopers. "Without information security, computer crime in this country will rise very rapidly," said Kenneth W. Dam, the chairman of the panel that prepared the report. Mr. Dam, Deputy Secretary of State during the Reagan Administration, is also professor of American and foreign law at the University of Chicago. The report, industry executives said, is likely to become a key weapon in the battle between the Federal Government and industry and civil liberties groups. "It echoes things we have been saying for some time," said Jim Bidzos, chief executive of RSA Data Security Inc., a developer of computer security software. "The next battleground is going to be Capitol Hill because the Administration isn't going to give up easily." In particular, the report takes issue with Administration efforts to force the use of data-scrambling systems using "escrowed" keys that would let law enforcement and intelligence agencies use built-in backdoors to read coded information. Cryptography, once used only by spies and the military, has become an increasingly vital technology for insuring security in electronic commerce and personal privacy. It relies on the use of mathematical formulas to scramble electronic information so that it cannot be read without the proper digital "key." Key escrow systems like those proposed by the Administration in its Clipper chip program would split the key and have trusted third parties like the Treasury Department hold parts of it, making it possible for law enforcement agencies to generate keys without consulting the sources of the data. As recently as two weeks ago, the Administration was pushing for key escrow coding approaches to data scrambling. A draft White.House policy paper has proposed linking relaxation of export controls to systems that included key escrowing. The recent paper also indicated that the Government was willing to accept "self-escrow" systems for some large corporations that would allow them to to hold all parts of the keys. Critics of key escrow management technology note that it can be abused by agencies that wish to exceed their surveillance authority and that the technology is vulnerable to a single point of failure. If a so-called master key is stolen, they say, the entire coding system can be compromised. Because strong cryptography would complicate the mission of United States intelligence agencies, the Federal Government currently places tight controls on the export of software and hardware that offer stronger cryptographic protection than 40-bit keys. Such keys are made up of a binary number that is 40 digits long. Computer experts have shown that 40-bit keys are vulnerable to attacks. The report released yesterday, "Cryptography's Role in Securing the Information Society," calls for dropping stiff export controls on products that use the Data Encryption Standard, which relies on a 56-bit key and offers stronger protection against computerized attacks than a 40-bit key. [End] From gary at systemics.com Sat Jun 1 08:29:33 1996 From: gary at systemics.com (Gary Howland) Date: Sat, 1 Jun 1996 23:29:33 +0800 Subject: Backdoor in RSA Discovered Message-ID: <199606011216.OAA15537@internal-mail.systemics.com> Hi, Here is an example of a PGP key that has been generated, but with a secret backdoor. It is not possible by looking at the generated key to see that it has a backdoor. The key generation code contains Mallets public key. When generating a key, the upper bytes of N are set to an encrypted factor of N. The encryption is done using Mallets public key, so only Mallet can retrieve the factor from N. I think this example demonstrates the need not only for having key generation source code (which is required anyway in order to verify the quality of the random number generator), but also for being able to compile and link this source, since without this ability it is too easy to have such a backdoor in the system (yes, the code could be reversed engineered, but this can be made very difficult by having self modifying code etc.) There does however appear to be one way to assure the user that this trickery is not going on. This can be done by generating "vanity keys", that allow the user to specify a phrase that will appear in the PGP ascii key. If this were done, then there would be little room left in N to store details about its factors. Here is a working example of this backdoor: This is Mallets secret key (passphrase "xyzzy"): Type bits/keyID Date User ID sec 496/5D925633 1996/06/01 Bill Klinton -----BEGIN PGP SECRET KEY BLOCK----- Version: 2.6.2 lQD5AjGwJnsAAAEB8M6FnxIdQZrORfKlb6/l74S6YUT0GQHvzrioiXJoRd2gnAAs e99C/XPKZShiylm+nu5UD8zDBBtcoiBdklYzAAURAQxi1EDMl1u+Aew7e7bKTY6c l/RAUacgZ9zbL1tl96kxQucLrt8l6Sz11EOmnV9eDZdf1LYG9jg5WbLvNGqpmzyY PlNKBJn/7gD4hu3YUt9caDyY5/X2ASMaL40gb1y1YZxjbTbB4Xjd8wD4+Iv9qhEQ fLjeYi+iUhnNkMtPyeg/+TR6rdP/c42UXAD2mqW0VuM8wiib0nbwfXwC0SlJveLG UwNOgRIujTwS7k35tCJCaWxsIEtsaW50b24gPGJpbGxAd2hpdGVob3VzZS5nb3Y+ =oOrI -----END PGP SECRET KEY BLOCK----- The key consists of the following: n: ce859f121d419ace45f2a56fafe5ef84ba6144f41901efceb8a889726845dd a09c002c7bdf42fd73ca652862ca59be9eee540fccc3041b5ca2205d925633 e: 11 d: 0c25fa4c5c12eafd132c6415a0ef68713823d6e12ea5c2cfecbe9eac607c94 75d1b60c2a3aef89438692326d70d88080317b0cd04432d5a0230de572e819 p: d2640ede17e8c05545aa9ecfd5154f934021e4ef8ef22a248abe0ab3f1aaed q: fb4ada7f960c9a8ab23010ff4936a9a2db834346694979c72f90296cff419f This is Joe's PGP key (passphrase is "xyzzy"): Type bits/keyID Date User ID sec 1024/D0351D23 1996/06/01 Joe Sixpack -----BEGIN PGP SECRET KEY BLOCK----- Version: 2.6.2 lQHgAjGwKUIAAAEEAIBG2pH3rabYMSWhVjcnG8v9HVU4vwtBuBysnvuJI4PvjV3o +YnuFD+x3aF8O52jgpBTllAxhndDSPUXQaj+sXEGDkV0Nq8RCZ02usaj24ogn0+S KW9ej8GgWL8EmlP1H1Qrv39/qz1VSqvxczCLYoRetHETR0JirwcMj9fQNR0jAAUR AYwvF+QHqifbA/4oAli05pLm0QlkbOqimdm4QS3OC1r9kdqvO88GF5nj9EgLm1a+ svRThXiO586Udi1UkSXvM60o4nz6tGASavgc7X8JaL/B2yOcMH9gF6CN6zabiyAb anrJe06IuKH3980GoQ2Sp1sssFHqxgper1ga3STmUVj/dQBjaFUI1qwDkwIAnRPO F7qIopIcEhnxW1OXcv0/9Afhugy3ERbGZwTaaw2fAiiyD41FpkbOUbao8D5Vkndr y6h2LEC7P5iwfdAF3AIAPz/2nRuZAnyNrA4ESvryyHMejwsz9BAkok+MT2z2E85W h8laL76yok5DZz56bRqH2gyQkPR5Rx3hnLx+fqL45gIAzy3CkdR77yw8bXUH8/Av azYh0m4KzEsw8P1a10YkVxP8xiTbqYbN0lmzOrdWlEW6dZjkx5q67vt1op7hDtqW LJwYtBlKb2UgU2l4cGFjayA8am9lQGFvbC5jb20+ =evl9 -----END PGP SECRET KEY BLOCK----- The key consists of the following: n: 8046da91f7ada6d83125a15637271bcbfd1d5538bf0b41b81cac9efb89 2383ef8d5de8f989ee143fb1dda17c3b9da382905396503186774348f5 1741a8feb171060e457436af11099d36bac6a3db8a209f4f92296f5e8f c1a058bf049a53f51f542bbf7f7fab3d554aabf173308b62845eb47113 474262af070c8fd7d0351d23 e: 11 d: 2d462f06576a771f2067a25aaa0dcd934a46968c7fa99eb97388381c8a c13d9fd78a8e7630ae617fe46c571cc9bf2aa68d4aad85b7206653fba1 cbf90e78026398a33f3a99dd4ced780f9bd854b2560f5cd9c6113ab837 7443d9e946a3c2c74989f26f775635cd6ebd8a665e0885e28c60d714b3 c9981c0ff09fa561a7d7d8f1 p: 804e00dc8ea1c0a55c2f5a5b14fdb05f84ecb1c5d1463562925637624e 6f1d945adbc4ed2cb4dd266f8f9c59f6c07d7b3d3ee20328bfdf12f54f 654256a63e01 q: fff1bc1c496fa118c2307c31498f3b403df9d9dd77b91295a3191d5a26 924d8ff276696adeb344ca6cbeddb976fa387b64697f12b8a8dec43d4e 2b561e00a323 If we look at bytes 1-63 of n: 46da91f7ada6d83125a15637271bcbfd1d5538bf0b41b81cac9efb892383ef 8d5de8f989ee143fb1dda17c3b9da382905396503186774348f51741a8feb1 and decrypt this using Mallets private 'd', we get 4e00dc8ea1c0a55c2f5a5b14fdb05f84ecb1c5d1463562925637624e6f1d94 5adbc4ed2cb4dd266f8f9c59f6c07d7b3d3ee20328bfdf12f54f654256a63e which you can see is Joe's P without the leading 0x80 and trailing 0x01 Here is the code (in Perl) that generated Joe's key. This code contains only Mallets public key. my $bits = 512; # Bits in p and q, not in n # # Set up Mallets public key # my $me = new MPI 17; my $mn = restore MPI pack("H*", "ce859f121d419ace45f2a56fafe5ef84ba6144f41901efceb8a889726845dda09c002c7bdf42fd73ca652862ca59be9eee540fccc3041b5ca2205d925633"); # # Note - first byte is 0x80, # first bit of second byte is zero # to ensure that P is less than Mallets n # my $p; do { $p = randomSpecial($bits, "100000000", "00000001"); } while (!isPrime($p)); # # Now encrypt P for Mallet # my $ss = $p->save(); substr($ss, 0, 1) = ''; # Remove high and low bytes substr($ss, -1, 1) = ''; # since we know what they are my $tmp = restore MPI $ss; my $s = new MPI; MPI::mod_exp($s, $tmp, $me, $mn); $s = restore MPI pack("C", 128) . $s->save() . pack("C", 1); my $tmp = new MPI; my $q = new MPI; MPI::lshift($tmp, $s, $bits); MPI::add($tmp, $tmp, new MPI 256); # To prevent Q being too large MPI::div($q, new MPI, $tmp, $p); do { $q->inc(); } while (!isPrime($q)); my $e = new MPI 17; my $sk = RSAKeyGen::deriveKeys($p, $q, $e); # # Save our key # my $passphrase = "xyzzy"; my $skc = new SecretKeyCertificate($sk, $passphrase); my $fos = new FileOutputStream("secring.pgp"); my $dos = new DataOutputStream($fos); $skc->saveToDataStream($dos); my $id = new UserIdPacket 'Joe Sixpack '; $id->saveToDataStream($dos); This is the code to recover P from Joes public key (Mallet's private key is required) # # Mallets secret key # my $mn = restore MPI pack("H*", "ce859f121d419ace45f2a56fafe5ef84ba6144f41901efceb8a889726845dda09c002c7bdf42fd73ca652862ca59be9eee540fccc3041b5ca2205d925633"); my $md = restore MPI pack("H*", "0c25fa4c5c12eafd132c6415a0ef68713823d6e12ea5c2cfecbe9eac607c9475d1b60c2a3aef89438692326d70d88080317b0cd04432d5a0230de572e819"); my $rp = new MPI; my $pe = restore MPI substr($sk->n()->save(), 1, 62); MPI::mod_exp($rp, $pe, $md, $mn); # Decrypt Gary -- pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From aba at dcs.ex.ac.uk Sat Jun 1 08:30:23 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Sat, 1 Jun 1996 23:30:23 +0800 Subject: opinions on book "The Truth Machine" In-Reply-To: Message-ID: <199606011153.MAA00654@server.test.net> Tim May wrote: > At 7:06 AM 5/31/96, Timothy C. May wrote: > >It sounds like a "make.money.fast.by.promoting.this.book" scam to me. If you mean myself, this had not occured to me and I assure you I have no connections with the author, and no interest in promoting sales of his book. There is no charge to read the book on line -- and I for one wouldn't buy a paper book I have electronic copy for. I saw the URL posted (by the author of the book judging by the From line) in talk.politics.crypto and read it on line. The only "charge" for reading is to fill in short questionaires as you read. > It was truly bad stuff. Terribly written, confusing no character > development except in a cartoonish way. The writing style wasn't great, and I'd agree there were plenty of flaws, but what I was interested in was cypherpunks opinions on the technology, rather than the quality of the book, or making money for the author! This was my reason for making the post to cypherpunks. Admitedly it was 5am when I made the post (having just finished reading said book) and I didn't explain myself... lets try again: The interesting technologies touched on were: - cheap video used by everyone to record their own lives This has been talked about in cyperpunks in the past, and from that discussion I seem to remember that there was talk of a trial with police in some area of the US wearing mini-cams to protect them from claims of police brutality. - the book has video streams transmitted in real time to some database (state run? I'm not sure it was clear, also no mention of encryption). If it was an option to have video stored in the device itself encrypted or transmitted to a data haven encrypted, I don't see anything wrong with that so long as it's voluntary and nothing to do with government. That government might have a go at mandating a "voluntary" video survielance set up doesn't seem that unrealistic in the current political climate. Having just read your post on curfews my response was what the fuck, are you serious? It totally amazes me that public opinion has got to the stage that something like this would be accepted. Sounds like a military dictatorship. Children first, adults next? The level of peoples paranoia about reducing crime at any cost has been severely underestimated. Surely that's way out of line constitutionally? The price and the storage technology for a tamper resistant storage device linked to a CCD at cheap commodity price hasn't quite come about yet. When it gets cheap enough, I think this could become called for -- children first perhaps as the curfew. Random police searches asking you what your business is. - wide use of accurate lie detectors the book has everyone wearing a wrist communicator / lie detector / video recorder. If someone wants to walk around with a light that will flash if they tell a lie, again that's there problem. It would be kind of fun to see politicians required to wearing one. But as Sandy pointed out the `national security' and the need to lie to the people for the benefit of the people might be bought up as a reason to defend dishonest politicians. the book talks about 100% accurate lie detectors with no qualifications which is obviously nonsense, I'm not sure what success current lie detectors have, but there would no doubt be lots of problems. People are able to fool current lie detectors, and as I understand it the detectors look for subtle physical signs of distress, changes in skin conductivity caused by distress, and some are able to lie without suffering any distress. It seems reasonable that use of a wider range of sensory devices as input, and more sophisticated analysis of the signals could improve on reliability of the current lie detectors. Interesting questions arise if they become accurate enough that they can be used to supplement or even replace much of the legal system. The state mandated requirement of people to routinely submit to lie detector tests is of course totally unacceptable, but if you get to the stage of having curfews (still amazed at that) and the police are legally allowed to ask you to submit to a lie detector test asking a few more questions during the random spot check seems likely. For instance I have been stopped by the police four times late at night driving home, as I live some distance from the university. The questions are basically what is your business (ie what are you doing so late at night), and then they get you to take in your papers to the police station within 1 week which is an inconvenience. Also the practice over here seems to be to do a spot check on the state of the vehicle, quick visual inspection of the tires with flashlight, check on the lights, do they all work -- dip / full, indicate. Also at the same time they ask for ID. On one of the occasions the officer asked what an object inside the car was (it was on the floor beteen the seat and the door well and visible with the door open) -- a wheel wrench (2 foot wrench and socket), I said it was a wheel wrench, and he made a comment that he had thought it was something to hit someone with. Jeez. It would have been a pretty good object to hit someone with as far as that goes, but it has also proved a remarkably useful object for changing a flat tyre. I'm not sure where I would stand on this legally, but I have so far resisted the temptation to tell them it's none of their business. While we're on the topic of the increase in the police state mentality: in the UK recently as the result of some nut shooting up a school, gun laws are due to get stricter yet. They are I think talking about making it law that all target pistols must be kept at the gun club (whereas currently you can take them home to clean (but not shoot)). Also they are actually talking about restricting the sale of replica guns. What'll they do now recall childrens toys which are too realistic? Idiots. Adam From jwilk at iglou.com Sat Jun 1 09:23:21 1996 From: jwilk at iglou.com (Blake Wehlage) Date: Sun, 2 Jun 1996 00:23:21 +0800 Subject: [Off-Topic] "Curfews" Message-ID: At 07:08 PM 5/31/96 -0700, Timothy C. May wrote: >Cypherpunks, > >This is off-topic for the list, but I want to share it anyway. It touches >on issues of increasing police surveillance, and also touches on the issue >of "age credentials" (in the sense that how else is a cop who stops a young >person for "curfew violation" to determine if a violation has occurred when >most 14- and 15-year-olds carry no driver's licenses?) > >The "curfew" meme is spreading quickly, with Clinton calling for a federal >curfew, at least in cities, and Dole trying to outdo him with even more >draconian curfew laws. Many communities already have them, including San >Jose, New Orleans, and other large cities. And my own community, Santa Cruz >County, ironically begins a curfew program on Saturday, tomorrow. > >I wrote this item for our local newsgroup, scruz.general, announcing that >"my household" will not abide by this law. I didn't come out and say "my >kids" would not abide by it, inasmuch as I have no kids. So I elliptically >referred to "parents and guardians"...after all, my sister visits with her >husband and son, and in theory I could be the guardian of this kid. And >friends bring their kids. > >My point is to send a "warning" to the Sheriff's office that at least some >households think this crackdown on the movements of children is >unacceptable. Children have the right to travel, especially as the parents >permit it, without being stopped, questioned, forced to state their >destinations, and, if the answers don't satisfy the cop, taken into >detention at some children's equivalent of a "drunk tank." > >(Some purists claim that children are exempted from normal constitutional >protections, such as the right of free association, the right to be free >from unwarranted searches and seizures, the right of free speech, etc. >Especially this comes up in debates about rights in public schools (speech, >locker searches, movements are controlled, etc.). But I think a public >school environment is a dramatically different situation, whatever one >thinks of these claims about rights, from a kid walking on a public street. >To claim that such a child may be stopped, interrogated, taken to a >detention center, without a crime having been committed, is a clear >violation of his or her rights.) > >As I said, should such curfews become widespread, children will of course >need forms of age identification, and this opens yet another door for >universal I.D. cards. And for "travel papers." > >Maybe it would be easier to just put a tattoo on their arms--especially as >the younger generation is so into tattoos these days. "Pappieren, bitte. >Macht schnell!" > >Here's what I sent in to scruz.general tonight: > > >So Santa Cruz begins its own fascist crackdown on the free movements of >persons. The "curfew" begins Saturday night. > >Allegedly these persons are children, but it is up to parents and >guardians to control the movements of their children or charges in public >places, NOT the function of the police to detain these children or >charges. (Initially a "warning," but the child's name is recorded in >police data bases....if the child is detained a second time, he or she may >face detention time, community service, fines on the parents or guardians, >and so forth.) > >ANNOUNCEMENT: I am responsible for the children in my household or in my >custody or guardianship. Not the cops. Not the Sheriff. Not the CAMP >helicopters. Not the narcs. Not the vice squad. Not anyone but me. > >I am instructing those in my household or who visit to IGNORE all >interrogations by cops. I am telling them not to let the cops search their >bags, not to let the cops ask where they are going, not to let the cops >demand that they give a reason for being out. If they pick up people from >my household, I expect the children to remain silent and to just fill up >the god-damned jail cells until I eventually raise a ruckus and (maybe) >pick them up. > >If some kids are out and about and making mischief, the cops should >concentrate on catching _those_ children! Don't immobilize all kids for >the sake of supposedly cutting down on the activities of the perps. As >with so many do-gooder laws, the effect will largely be felt on the "good" >kids and will be ignored or evaded by the "bad" kids. > >As to the claims that children have no valid reason to be out after 9, or >11, or whatever, this is not for anyone but the parents and guardians to >decide. The god-damned cops are not the ones to decide what a valid reason >for being out is. > >(I have heard that "religious worship," a la "Midnight Mass," is one of >the valid reasons for a child to be out after curfew. Fine, religion is >then the stated reason those in my household are out! I will tell them to >tell any nosy cops or Sheriff's Deputies that they are worshippers of >Baal, and Baal requires them to be out to appreciate the darkness. If the >cops claim this is "not a valid religion," I will recite to them the First >Amendment of the U.S. Constitution, where it says: "Congress shall make no >law respecting the establishment of religion or prohibiting the free >exercise thereof.") > >I moved to the rural part of Santa Cruz, Corralitos, to escape this >fascist and socialist nonsense, and now I find it primarily the >Sheriff-dominated parts of this county which will now claim to tell >parents and guardians they no longer control their children. > >Fuck this. > >--Tim May > >-- >Boycott "Big Brother Inside" software! >We got computers, we're tapping phone lines, we know that that ain't allowed. >---------:---------:---------:---------:---------:---------:---------:---- >Timothy C. May | Crypto Anarchy: encryption, digital money, >tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero >W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, >Licensed Ontologist | black markets, collapse of governments. >"National borders aren't even speed bumps on the information superhighway." > > > > Timothy, For the first time in my life I agree with you. I am 13 and the cop here a assholes. I have been caught about 13 times, yelled at me called my parents who could give a rat's ass. I feel spend tax payer's money on more cops to catch the bastard who kill people, not on the kids who just like to take a walk with my girlfriend. Or when I'm going to the corner store to buy a 6-pack. A 6-pack of coke. Well as the old saying goes, fuck this and everything that has to do with it!!!!!!!! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Blake "Pokey" Wehlage Gaa- 3.69 Record- 2-4-4 Age- 13 Final Standings- 2nd Place (Beat in Championship) President & Founder: Revolution Software "I have the fastest glove in the east!" Profanity Software "Hackers never stop hacking they just get caught" VSoft My life- Rarely eat or sleep, Hack til' 7:00a, goto school, play goalie til' 5:00p, hack til' 7:00a Hank Aaron- d:-)!-< Pope- +<:-) Santa Claus- *<:-) Yo Mama- :-0 Current Girlfriend(s)- Lindsey Wilcox, Laura Schubring ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From ravage at ssz.com Sat Jun 1 09:39:01 1996 From: ravage at ssz.com (Jim Choate) Date: Sun, 2 Jun 1996 00:39:01 +0800 Subject: Remailer chain length? Message-ID: <199606011336.IAA11002@einstein.ssz.com> Hi Scott, Forwarded message: > Subject: Re: Remailer chain length? > Date: Fri, 31 May 1996 14:55:58 -0500 > From: Scott Brickner > > >If this is strictly true, why not simply run several instances of a remailer > >on the same machine. Then randomly chain them prior to sending them off > >site. This would be a lot cheaper and faster than trying to convince > >hobbyist to set it up or businesses to to use their profit & legal council. > > Because it's not strictly true. Implicit in traffic analysis is looking > at the "envelopes" of the traffic. Since this means intercepting those > envelopes, once you've put your monitor on the first remailer at a site, > you've probably gotten all the rest at the site for free. > > I don't think multiple remailers at the same site help anything. > I agree completely. If traffic analysis is going to be done on a single box it isn't going to matter how many remailers are there. The monitor will simply grab them all. At this point it simply maps them thusly: incoming message > remailer #1 > .... > remailer #n > outgoing That this really maps to is obvious: incoming message > remailer #1-#n > outgoing The only thing this does is increase the number of valid entries in the From: field. Succesful traffic analysis does not require that the From: field contain only a single item. As a matter of fact it makes no difference what the headers contain unless the body is put in some kind of envelope for final delivery. Why? Because all one has to do is look at the body of the text which will not have changed. This leads to a simple model, based on a physical remailer: 1. Physical remailer receives an evelope addressed to them. 2. They open it and find a $1 money order (for paying the remailer) and another envelope with another delivery address on it. 3. Remailer puts $1 in bank and the interior letter in the mail. To convert this to electronic means: 1. Remailer receives a email that is encrypted except for the header. 2. Remailer decrypts mail (ie removes the outer envelope) and find three items, block of encrypted data (ie inner envelope) with header to next site and e$ token for $1. 3. Remailer sends the data on its way. There are a couple of points to be made. 1. No traffic is handled in the clear except for the header to the current destination all others are nested in encryption. 2. Remailer chaining is handled entirely by the customer (ie customer addresses the envelopes) 3. $1 is the smallest amount normaly accepted as a fee for a valid contract. 4. Remailer can't look at data because there is no way to find the correct sequence of keys to unlock the nested encryption. 5. Automaticaly limits spamming unless a remailer allows cloning AND all recipients share a commen private key. 6. It maps 1:1 onto the physical remailer model with the same limits on information at each stage. This allows one to directly apply the current history of precedence involving anonymity and physical remailers. Under todays current legal and social structure this is the only model that will prevent remailers from being held accountable for their traffic and at the same time provide enough income to keep legal protection at hand. Note that I am not saying you still can't be brought brought up on charges, simply that you (as a remailer) now have the structure in place to fight it succesfuly. This is the basic model that the Austin Cypherpunks are working on at the currrent time. The big problem we have right now is determining if the body is actualy encrypted. We have done some basic tests of encryption-spoofing using pgp and it is looks to be a thorny problem. It simply is not trivial to look at a block of characters and determine if they are actualy encrypted. You can't rely on the wrapper around the data put there by the encryption program because this can be kept intact and the data changed. As long as the checksum matches it all looks the same. Even if the test is done with a dictionary this won't help because rsa does not guarantee that once the data is encrypted that the output would be gibberish, sort of like the "All the monkeys in the world typing create Shakespeare" story. It is completely feasible (though unlikely) for the encrypted text to be something meaningful in some language or another. Jim Choate From ravage at ssz.com Sat Jun 1 09:43:25 1996 From: ravage at ssz.com (Jim Choate) Date: Sun, 2 Jun 1996 00:43:25 +0800 Subject: Fairness, Justice, and Cypherpunks (fwd) Message-ID: <199606011349.IAA11019@einstein.ssz.com> Hi Tim, Forwarded message: > Date: Tue, 28 May 1996 13:55:36 -0700 > From: tcmay at got.net (Timothy C. May) > Subject: Fairness, Justice, and Cypherpunks > > Several recent messages have raised issues about "ownership of > information," "compilation of dossiers," and the (putative) imbalance > between personal power and corporate power (which some think justifies > denying corporations certain basic rights or Constitutional protections). > Businesses (and government) have no rights under the Constitution and should enjoy no rights under the Constitution. Rights are the sole purvue of real live human beings (ie individuals) and not groups or paper individuals (stupidest idea I have ever seen in the legal field). It is not reasonable to support a motion which allows a group to have the same or possibly more rights than the individuals that make it up. Business should not get the right to vote, they should be completely prohibited from being involved in politics even to the point of making contributions to politicians. Eisenhower once warned this country of the military-industrial complexes threat, we have ignored it to date. Jim Choate From jya at pipeline.com Sat Jun 1 12:32:15 1996 From: jya at pipeline.com (John Young) Date: Sun, 2 Jun 1996 03:32:15 +0800 Subject: NRC Report, 7, 8 Message-ID: <199606011617.QAA01878@pipe2.t1.usa.pipeline.com> Part III Policy Options, Findings and Recommendations Chapter 7 Policy Options for the Future http://pwp.usa.pipeline.com/~jya/nrc07.txt (124 kb) Chapter 8 Synthesis, Findings and Recommendations http://pwp.usa.pipeline.com/~jya/nrc08.txt (134 kb) ---------- 14 (quite meaty) Appendices later today. From tcmay at got.net Sat Jun 1 13:02:21 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 2 Jun 1996 04:02:21 +0800 Subject: opinions on book "The Truth Machine" Message-ID: At 11:53 AM 6/1/96, Adam Back wrote: >Tim May wrote: >> At 7:06 AM 5/31/96, Timothy C. May wrote: >> >It sounds like a "make.money.fast.by.promoting.this.book" scam to me. > >If you mean myself, this had not occured to me and I assure you I have >no connections with the author, and no interest in promoting sales of >his book. No, Adam, I certainly was not implying you are profiting from this in any way. Maybe the "make.money.fast" description was a poor one...what I meant to imply is that the book is being advertised widely (I've seen half a dozen announcements of it), and it reminds me of either the Craig Shergold or make.money.fast posts, not sure which. >The writing style wasn't great, and I'd agree there were plenty of >flaws, but what I was interested in was cypherpunks opinions on the >technology, rather than the quality of the book, or making money for The main technology, "the truth machine," is so bogus as to be boring. >The interesting technologies touched on were: > >- cheap video used by everyone to record their own lives A better treatment of this is in David Brin's "Earth." >That government might have a go at mandating a "voluntary" video >survielance set up doesn't seem that unrealistic in the current >political climate. Having just read your post on curfews my response >was what the fuck, are you serious? It totally amazes me that public >opinion has got to the stage that something like this would be >accepted. Sounds like a military dictatorship. Children first, >adults next? The level of peoples paranoia about reducing crime at >any cost has been severely underestimated. Surely that's way out of >line constitutionally? We agree. I once jokingly wrote a post about "position escrow," and I now fear it is not so far off. ("The Positional Update Tracking Zoner (PUTZ) meets law enforcement's legitimate needs, with proper court authority, to track the movements of citizen-units.") However, what you say below about being required to explain your movements to cops who stop you on the highway and then present "papers" to them within one week is truly horrifying, far beyond anything we yet have here in these beknighted states: >For instance I have been stopped by the police four times late at >night driving home, as I live some distance from the university. The >questions are basically what is your business (ie what are you doing >so late at night), and then they get you to take in your papers to the >police station within 1 week which is an inconvenience. Also the ... !!! Glad I don't live in Britain. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From anonymous-remailer at shell.portal.com Sat Jun 1 13:24:31 1996 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Sun, 2 Jun 1996 04:24:31 +0800 Subject: Optimism re NRC Cryptography Report Message-ID: <199606011703.KAA10297@jobe.shell.portal.com> At 07.40 AM 5/31/96 -0700, tcmay at got.net wrote: >Unless laws are passed very quickly to outlaw the things we are involved >with, including such things as superencryption, steganography, anonymous >remailers, and digital money, I think we will "win the race to the fork in >the road." The "fork in the road" being the point at which the changes are >unstoppable. How fast is very quickly? From cea01sig at gold.ac.uk Sat Jun 1 13:58:36 1996 From: cea01sig at gold.ac.uk (Sean Gabb) Date: Sun, 2 Jun 1996 04:58:36 +0800 Subject: Paper about legal aspects of electronic cash In-Reply-To: Message-ID: On Sat, 1 Jun 1996, Robert Hettinga wrote: > > (PostScript, 36 pages, about 370K. The paper is written in German.) > > I'm looking forward to your comments. I wish I could read German well enough to use the paper. Will it be translated into English? While writing, I have a short paper of my own on money laundering and digital cash. It's at: http://www.gold.ac.uk/~cea01sig/monlaund.htm Sean Gabb. From markm at voicenet.com Sat Jun 1 13:59:16 1996 From: markm at voicenet.com (Mark M.) Date: Sun, 2 Jun 1996 04:59:16 +0800 Subject: Ok, what about PGP (was: MD5 collisions) In-Reply-To: <199606010433.VAA21006@toad.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Thu, 30 May 1996, Chris Adams wrote: > On 29 May 1996 19:03:04 pdt, wlkngowl at unix.asb.com wrote: > > >I poked around the pgp.h and pgformat.txt files in the PGP 2.6.2 > >distribution. There *are* designator bytes for the hash (and cipher) > >algorithms, hash size, etc. > > > >It seems quite doable to add support for SHA-1 signatures (and possibly key > >generation for encrypting secret keys?). > > > >Adding 3DES (and maybe Luby-Rackoff-SHA, assuming it hasn't been cracked > >recently at the Fast Software Conf.... more info?!?) would be nifty too... > >unless, of course, there's meaning to the Real Soon Now that PGP3 folx > >claim. > > How about a NSA-stomper option that would use all-of-the-above? For the truly > paranoid (or > owners of Pentium-Pro 200Mhz multi-processor machines Using 3DES and SHA does not decrease speed that much (it may even be faster). Both of them are very secure algorithms. > > Also, what's the verdict on IDEA? Is there a switch yet that would allow straight RSA? > (with the obvious speed decrease...) Why would you want to use straight RSA? IDEA is as strong as a 3000-bit RSA modulus. So far, the only known way to crack IDEA is to brute-force the key space. RSA relies on the fact that it is assumed to be difficult to factor large numbers. If an efficient way is discovered to factor very large moduli, then RSA is basically worthless. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "In Christianity neither morality nor religion come into contact with reality at any point." -- Friedrich Nietzsche -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMbB/n7Zc+sv5siulAQHJuQP/dxToToctPbfjBQE7j1sjO214kVK9TtLX 9mwRuoDppxVhMPATr3k7tdlw+COFPOQZgf0bog+RpCW+iTjlmug6tr56rkTRdUod AJ0mR11MfQ6yNasPz81WxQracdc48ZXBFEaZYBKFCZRVAoK434dVM3slBtNVCvOn znHMlt+W9yU= =fvbq -----END PGP SIGNATURE----- From cea01sig at gold.ac.uk Sat Jun 1 14:00:34 1996 From: cea01sig at gold.ac.uk (Sean Gabb) Date: Sun, 2 Jun 1996 05:00:34 +0800 Subject: I told you so In-Reply-To: <199605311928.PAA07729@jekyll.piermont.com> Message-ID: On Fri, 31 May 1996, Perry E. Metzger wrote: > > I retract the following story, it was told to me by a contractor > who attended a MBONE group meeting on the MBONE, where the story > originated: > I'm greatly heartened by retractions. Anyone who retracts so promptly shows a commitment to truth that I admire - and that also inclines me to believe whatever that person does not retract. I wish it were a more common thing. Sean Gabb. From watson at tds.com Sat Jun 1 14:28:32 1996 From: watson at tds.com (watson at tds.com) Date: Sun, 2 Jun 1996 05:28:32 +0800 Subject: NRC Cryptography Report: The Text of the Recommendations In-Reply-To: <199605302304.QAA14424@jobe.shell.portal.com> Message-ID: Anybody know who the NRC is and whether they have any influence with anyone? Dave From WlkngOwl at unix.asb.com Sat Jun 1 15:01:08 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sun, 2 Jun 1996 06:01:08 +0800 Subject: [Off-Topic] "Curfews" Message-ID: <199606011838.OAA21114@unix.asb.com> On 31 May 96 at 19:08, Timothy C. May wrote: > This is off-topic for the list, but I want to share it anyway. It touches > on issues of increasing police surveillance, and also touches on the issue Not really too off topic at all, considering the surveillance state and GAK relate very much to what we're doing here. An aside: at the University I used to attend, there were field trips to this small museum on the campus by elementary school children, who apparently regarded the motion detectors for the automatic doors as being cameras which they'd happily wave hello to. Images of Huxley's Brave New World intermingled with Warhol's 15-minutes-of-fame stewed up with Orwell here.... > of "age credentials" (in the sense that how else is a cop who stops a young > person for "curfew violation" to determine if a violation has occurred when > most 14- and 15-year-olds carry no driver's licenses?) Since when are we now to carry ID everywhere. And of course the local police will (as usual) be selective about who they stop to ask about directions. Also note that a reasonable exception will be for kids to go to work or school-related activities (institutional), but nothing non-institutional such as a party at a friend's house (drugs or no drugs), band practice, etc. etc. > The "curfew" meme is spreading quickly, with Clinton calling for a federal > curfew, at least in cities, and Dole trying to outdo him with even more > draconian curfew laws. Many communities already have them, including San > Jose, New Orleans, and other large cities. And my own community, Santa Cruz > County, ironically begins a curfew program on Saturday, tomorrow. Some communities here in Long Island have them. Others have fought them, and I think a couple of attempts were struck down by courts. Also a blurb in the local papers about police not wanting the curfew here, believing it to be a waste of their time or unnecessary... (I'll have to dig the article up; I only rememebr it wasn't reassuring.) [..] > (Some purists claim that children are exempted from normal constitutional > protections, such as the right of free association, the right to be free > from unwarranted searches and seizures, the right of free speech, etc. > Especially this comes up in debates about rights in public schools (speech, > locker searches, movements are controlled, etc.). But I think a public A problem indeed. Children grow up used to the surveillance society and don't mind it when they become adults. Imagine a whole generation coming of age being told they are "criminals". Things will be very "interesting" (in the Chinese fortune cookie sense) during the next 10-20 years... > As I said, should such curfews become widespread, children will of course > need forms of age identification, and this opens yet another door for > universal I.D. cards. And for "travel papers." ...or they'll stay at home and net surf. Beware the Four (or six?) Horsemen... Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From perry at piermont.com Sat Jun 1 15:07:37 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 2 Jun 1996 06:07:37 +0800 Subject: I told you so In-Reply-To: Message-ID: <199606011803.OAA17188@jekyll.piermont.com> I did NOT write what you are attributing to me. I was quoting someone else. Please be more careful with your attributions. .pm Sean Gabb writes: > On Fri, 31 May 1996, Perry E. Metzger wrote: > > > > > I retract the following story, it was told to me by a contractor > > who attended a MBONE group meeting on the MBONE, where the story > > originated: > > > > I'm greatly heartened by retractions. Anyone who retracts so promptly > shows a commitment to truth that I admire - and that also inclines me to > believe whatever that person does not retract. I wish it were a more > common thing. > > Sean Gabb. > > From vince at offshore.com.ai Sat Jun 1 16:03:32 1996 From: vince at offshore.com.ai (Vincent Cate) Date: Sun, 2 Jun 1996 07:03:32 +0800 Subject: Arms Trafficker Page Made CNN! Message-ID: The Offshore Information Services Arms Trafficker page made CNN Computer Connection just moments ago. :-) The page: http://online.offshore.com.ai/arms-trafficker/ is now famous. :-) -- Vince From asgaard at sos.sll.se Sat Jun 1 16:11:28 1996 From: asgaard at sos.sll.se (Asgaard) Date: Sun, 2 Jun 1996 07:11:28 +0800 Subject: Statistical analysis of anonymous databases In-Reply-To: Message-ID: On Fri, 31 May 1996, Lucky Green wrote: > HSS needs to verify that the researcher didn't just make up the data. The > Department therefore has to be able to audit the results of the study by > contacting a small subset of the participants directly. How can the > Department contact the participants if they are known only under their > nyms? The evaluation of medical, and other, research is based on trust. Some scientific journals are more trusted than others. Some research institutions/heads of institutions are more trusted than others. Original medical data are very rarely checked by outsiders, and if they are the participating physical entities (patients) are never involved. Verifying studies by other groups are usually needed before anything is taken for a truth. So, in medical research in general, de-identified data are perfectly useful. In long-term epidemiological research identities are a big plus, though, but for another reason than checking for scientific cheating. F ex, the addition of a life-time SSN to peoples' credit cards would make it possible in 50 years, when the 20-year old's of today start dying, to compare causes of death with the items in the grocery store data banks of today, finally deciding the cholesterol controversy (and other things to make us live longer). The Swedish National Medical Registry, where all diagnoses and surgical procedures relating to hospital stays are entered, was de-identified (except for year of birth) in 1993, by order from the Bureau of Data Inspection. The epidemiologists haven't been able to sleep since, and now there is a legislative initiative to enter full identities (our infamous Person Numbers) again. I think it will pass. In the discussions of this legislative initiative it has become public knowledge that the database isn't even encrypted, and those responsible for it see no need for changing this, since it's not publically available. Epidemiologists are usually as naive as they come. Asgaard From tcmay at got.net Sat Jun 1 17:05:20 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 2 Jun 1996 08:05:20 +0800 Subject: Fairness, Justice, and Cypherpunks (fwd) Message-ID: At 1:49 PM 6/1/96, Jim Choate wrote: >Businesses (and government) have no rights under the Constitution and should >enjoy no rights under the Constitution. Rights are the sole purvue of real live >human beings (ie individuals) and not groups or paper individuals (stupidest >idea I have ever seen in the legal field). It is not reasonable to support This may come as a surprise to newspapers, which are corporations for the most part, and other publishing companies. Here we thought the First Amendment covered them. Apparently not. The government of the U.S. may freely tell "Time" magazine what to right, may tell "Wired" what official slant to put on a story, and what images "Playboy" may not publish. Oh, and the various religious institutions are clearly not covered, either, as they are groups. While _individuals_ are free to worship as they please, they'd better not form a church or synagogue, lest the government give them instructions on what to do. And the Fourth Amendment and other amendments don't cover small businesses, large corporations, etc., so the cops are perfectly free to knock the doors down, enter whenever they wish, force companies to quarter troops, seize property without due process,.... Is this what you're saying is the case, or is this what you want to be the case? --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dbell at maths.tcd.ie Sat Jun 1 17:13:02 1996 From: dbell at maths.tcd.ie (Derek Bell) Date: Sun, 2 Jun 1996 08:13:02 +0800 Subject: [Off-Topic] "Curfews" In-Reply-To: Message-ID: <9606012134.aa29661@salmon.maths.tcd.ie> I agree with Tim May on this - it's a draconian solution to crime. I've heard claims made that it reduces crime - I wonder if that's true and if so, would that still be true in the long term. A quick web search produced a case of a teenager who broke the law talking to a friend outside her own family's home. I guess that it wouldn't be wise to allow a child to use a telescope outside - there goes astronomy. The hardest hit will probably be homeless children - especially those who have run away from abuse - they'll be getting a criminal record if they're caught a few times during curfew. Derek From fletch at ain.bls.com Sat Jun 1 17:30:34 1996 From: fletch at ain.bls.com (Mike Fletcher) Date: Sun, 2 Jun 1996 08:30:34 +0800 Subject: Interesting forum on CSPAN Message-ID: <9606012058.AA24962@outland.ain_dev> Was channel surfing last night while MST3K was in a commercial and wound up watching a panel on CSPAN from the World Economic Forum on "Technology & Security". The pannelists were Nicholas Negroponte from MIT's Media Lab, John Barlow from the EFF, a Mike Nelson from the White House (no relation to MST3K's :), and two other people whom I can't for the life of me remember their names (one was from a security consulting firm, and the other was a lawyer from something like the "Bristol Group"). It was 3am, so sue me. :) I missed the first few minutes, but there was a bunch of administration encryption policy bashing from all sides. Nelson kept saying that the administration wanted to support "good strong encryption" and they wanted to be able to say (paraphrasing) "We think this is good. Use this." (Trust us, we're from a TLA. :) He also kept saying that (again, paraphrasing) "most encryption out there is no good". Which begs the question then why are they wanting to ban its use and export. Negroponte kept bringing up the point that their policy was based on the (flawed, as we all believe) assumption that no one outside the US could create good crypto. Other topics that were touched on were intellectual property rights and e$. It was interesting that the lawyer person agreed to a good extent with a lot of the remarks Barlow made. Overall it was pretty interesting (and not just to watch the White House guy squirm as his premises were invalidated out from under him :). CSPAN usually replays stuff like this at odd times during the weekend so you might want to keep your eyes peeled. --- Fletch __`'/| fletch at ain.bls.com "Lisa, in this house we obey the \ o.O' ______ 404 713-0414(w) Laws of Thermodynamics!" H. Simpson =(___)= -| Ack. | 404 315-7264(h) PGP Print: 8D8736A8FC59B2E6 8E675B341E378E43 U ------ From jlasser at rwd.goucher.edu Sat Jun 1 17:39:30 1996 From: jlasser at rwd.goucher.edu (Moltar Ramone) Date: Sun, 2 Jun 1996 08:39:30 +0800 Subject: NRC Cryptography Report: The Text of the Recommendations In-Reply-To: <199605311725.KAA21348@mail.pacifier.com> Message-ID: On Fri, 31 May 1996, jim bell wrote: > >This is then followed with a couple of pages of justification for why > >this relaxation of the export policies should be allowed. Much is made > >of the fact that people will be more likely to use 56 bit encryption than > >the 40 bit which is currently allowed. (This is an example of the > >perspective issue I mentioned above.) However, nowhere is it stated why > >more than 56 bits is not OK, and why it is necessary to forbid repeated > >use to increase confidentiality. There is not one word of discussion of > >this proviso. > > A very curious omission! It seems to me that if they're trying to explain > any sort of limits on encryption, they should focus carefully on WHY those > limits should exist, and why, exactly, those limits should be selected at > any particular level. The way it was explained in the press conference is that 56 bit DES was their feeling about what business needed now, and that 56 bit DES was _not_ a once-and-for-all stopping point, but just an example of "industry needs" etc. What this really means is that they were too chicken to mention PGP. Jon Lasser ---------- Jon Lasser (410)532-7138 - Obscenity is a crutch for jlasser at rwd.goucher.edu inarticulate motherfuckers. http://www.goucher.edu/~jlasser/ Finger for PGP key (1024/EC001E4D) - Fuck the CDA. From WlkngOwl at unix.asb.com Sat Jun 1 17:52:01 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sun, 2 Jun 1996 08:52:01 +0800 Subject: (Fwd) Developers Directory Message-ID: <199606012208.SAA24097@unix.asb.com> I got the following 'junk' email so I bit. They asked for updated descriptions of software that I've thrown on the net, along with shareware/freeware/GPL/comm. ratings, etc. Also violence ratings... I set all my source codes to "Gruesome" Interesting to see what proggies of mine they listed and what they didn't. --Mutant Rob ------- Forwarded Message Follows ------- Date: Sat, 1 Jun 1996 15:21:29 -0600 From: Author Database Maintenance Subject: Developers Directory Dear Author, We're building a public database called the "Developer's Directory" which contains information about authors of shareware/freeware programs. We'd like to include you and some information about your programs. We'd sure appreciate it if you'd visit our website and help us fill in some info. http://pacific.pht.com/ [ my info deleted ;] Since this system is still in the testing phase, we'd like to hear your comments and suggestions. Please send them to: authors at pht.com Thank you! Koji Ashida --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From jamesd at echeque.com Sat Jun 1 18:04:55 1996 From: jamesd at echeque.com (jamesd at echeque.com) Date: Sun, 2 Jun 1996 09:04:55 +0800 Subject: WSJ on "IRS-bashing" Message-ID: <199606012148.OAA24297@dns1.noc.best.net> At 04:01 PM 5/29/96 -0700, Rich Graves, who lives in a parallel universe where political correctness is no threat to liberty, and the FBI and BATF no threat to law abiding people wrote: > any such law > would be invalidated by R.A.V. v. St. Paul. The only exceptions are > restrictions on "fighting words" that meet the tests in Chaplinsky v. New > Hampshire and "hostile working environment" discrimination, which I assume > is what you're talking about, in some elliptical way. When I was looking for a house in Oregon, I pointed at the map and asked the real estate lady "Why are houses in this area cheap". She did not give a straight answer I pressed her, and then she then started asking me questions that indicated she suspected I was an agent provocateur from the government trying to entrap her into revealing forbidden information. I eventually discovered that the area in question was occupied predominantly by people of a particular ethnic group, but she was forbidden to tell me this information. This explanation of the price disparity did not occur to me until she started feeling me out to see if I was a cop. But Rich Graves does not regard that sort of thing as any violation on freedom of speech. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From reagle at MIT.EDU Sat Jun 1 18:22:34 1996 From: reagle at MIT.EDU (Joseph M. Reagle Jr.) Date: Sun, 2 Jun 1996 09:22:34 +0800 Subject: NRC Cryptography Report: The Text of the Recommendations Message-ID: <9606012215.AA24993@rpcp.mit.edu> At 10:55 AM 6/1/96 -0700, watson at tds.com wrote: >Anybody know who the NRC is and whether they have any influence with anyone? They have influence in that their reports have a fair amount of credibility with the extra boost of NAS's "scientific authority." If one wanted to distinguish what they do with what the OTA did for instance, one could say that while the OTA generally had a very smart/competent staff (and had a turbulent, poorly managed history and political troubles) the NRC has the strength in that it is non-governmental and has the shroud of "scientific neutrality" about it it could hope to pull from its parent organization, the NAS. The NAS and NRC have interesting histories, the NAS was an honorary society that had some fundings for it snuck into an appropriations bill back in 1863, but generally it was not supported by the government aside from specific "contract" studies which the Congress might ask for. The NRC (known as the NDRC) was created as an advisory council under NAS to help the government with munitions research and development during WWI. Since, they conduct hoc scientific/policy studies to investigate a topic on Congress's behalf. Their "Realizing the Information Future" that came out a couple of years ago was highly regarded. For history on these topics I recommend: Hunter Dupree, Sciene in the Federal Government: A History to 1940, Harper & Row, 1974. Bruce L. R. Smith, American Science Policy Since World War II, Brookings Institution, 1990. >From their WEB page: National Research Council NRC Logo The National Research Council was organized by the National Academy of Sciences in 1916 to associate the broad community of science and technology with the Academy's purposes of further knowledge and advising the federal government. Functioning in accordance with general policies determined by the Academy, the National Research Council has become the principal operating agency of both the National Academy of Sciences and the National Academy of Engineering in providing services to the government, the public, and the scientific and engineering communities. The National Research Council is administered jointly by both Academies and the Institute of Medicine. Dr. Bruce M. Alberts is the chairman of the National Research Council. _______________________ Regards, Real generosity toward the future lies in giving all to the present. - Albert Camus Joseph Reagle http://farnsworth.mit.edu/~reagle/home.html reagle at mit.edu E0 D5 B2 05 B6 12 DA 65 BE 4D E3 C1 6A 66 25 4E From WlkngOwl at unix.asb.com Sat Jun 1 18:51:11 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sun, 2 Jun 1996 09:51:11 +0800 Subject: Saw this on CNN: Anonymous Stock tips over IRC as bad??? Message-ID: <199606012311.TAA25220@unix.asb.com> There was a story on CNN about how anonymous people on IRC (and other commercial online chats) giving stock tips is a Bad Thing (tm). Actually had some guy saying that a law should ban anonymous discussions of stocks online. Yeesh. What ever happened to caveat emptor? (Like a recommendation on IRC is automatically more trustworthy than overhearing a conversation in a public bathroom?) --Mutant Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From medea at alpha.c2.org Sat Jun 1 19:11:12 1996 From: medea at alpha.c2.org (Medea) Date: Sun, 2 Jun 1996 10:11:12 +0800 Subject: NRC Cryptography Report: The Text of the Recommendations Message-ID: <199606012130.OAA00695@infinity.c2.org> Dave Watson wrote: >Anybody know who the NRC is and whether they have any influence >with anyone? Dave, Maybe the following article might answer your question.... Medea +++++++++++++++Forwarded Article+++++++++++++++++++ WASHINGTON (Reuter) - Cryptography, the art and science of secret writing, has long been the province of soldiers, rulers and spies. But a study for Congress released Thursday said the U.S. government should promote widespread commercial use of such tricks to curb theft of computer data, wireless communications and other electronic information. A committee of the National Research Council, which gives science and technology advice under a congressional charter, said a broad use of cryptography would help the United States in many ways including making banking and telecommunications networks more secure and giving individuals greater privacy. In a report requested by Congress, the panel said no law should bar the manufacture, sale or use in the United States of any form of encryption -- mathematical formulas to scramble electronic data to thwart eavesdroppers. Largely siding with industry in a long tug-of-war with law enforcement officials, it also said export controls on encryption technologies should be "progressively relaxed but not eliminated." The Clinton administration and its predecessors have blocked the export of powerful cryptography, fearing it would hinder officials in thwarting terrorism and counter-espionage. Committee chair Kenneth Dam, a law professor at the University of Chicago, acknowledged that the spread of encryption technologies would make some law enforcement and spying tougher for the United States. "But the many benefits to society of widespread commercial and private use of cryptography outweigh the disadvantages," he said in a statement accompanying the report, entitled "Cryptography's Role in Securing the Information Society". The administration wants to set up government-approved repositories that keep copies of mathematical keys for decoding encrypted information so officials can lift the veil on secret communications if granted a court order. Industry executives and privacy advocates strongly oppose such "escrowed" encryption, arguing that reliable coding technology is critical for commerce and for privacy in the information age and on the Internet, the worldwide collection of computer networks. In its study, the committee said U.S. policy should take account of national security concerns but should be driven more by market forces than by law. "Since the committee believes that widespread deployment and use of cryptography are in the national interest, it believes that national cryptography policy should align itself with user needs and market forces to the maximum feasible extent," it said. From jya at pipeline.com Sat Jun 1 19:12:09 1996 From: jya at pipeline.com (John Young) Date: Sun, 2 Jun 1996 10:12:09 +0800 Subject: NSCP, PRZ Hit NRC Crypto Rec Message-ID: <199606012246.WAA00647@pipe3.t1.usa.pipeline.com> Netscape (WSJ) and PRZ (Globe) say the NRC crypto export recommendations don't go far enough. ---------- Wall Street Journal, May 31, 1996, p. B5. U.S. Strategy Should Promote Computer Codes Panel Says a Free Market Is Best Policy, Urges Easing of Export Curbs By John J. Fialka Washington -- The federal government should promote rather than discourage widespread commercial use of powerful codes that can protect electronic communications, a panel sponsored by the National Research Council recommended. The government also should relax its export controls on such codes, according to the 16-member panel, which included a mix of business, academic and government experts. The NRC is an affiliate of the National Academy of Sciences, a private, nonprofit organization that advises the government on scientific matters. Encryption coding software scrambles computer data by using mathematical formulas that can't be read if intercepted. Only personnel with the correct "keys" can access the data. More Study Needed The NRC study, which took 18 months to complete, calls for greater trust in freemarket demands for protection and less reliance on the U.S. National Security Agency and the Federal Bureau of Investigation to set the nation's code policy. It said the two agencies' recent promotion of "escrowed encryption," in which the government would hold a mathematical key to unlock codes, requires further study because it poses liability risks and introduces weakness into information protection systems. Kenneth W. Dam, a University of Chicago law professor who headed the panel, said changes are needed to counter "an explosion of computer-based crime" and other forms of espionage that threaten U.S. companies' ability to protect proprietary information, especially overseas. By promoting the use of more-elaborate codes, U.S. law-enforcement agencies would be better prepared to ward off hacker or terrorist attacks on the nation's electric power grid, banking and telecommunications systems and its air-traffic control networks, he added. Potential Problems Mr Dam said the widespread use of encryption by private business is "inevitable" and the government must "recognize this changing reality." The report noted that the FBI has argued for years that its law-enforcement efforts would be hampered if drug cartels and other organized criminals began using codes that couldn't be deciphered. Courtordered wiretaps, a major tool used to break organized-crime cases, could become useless, the FBI has contended. Edward Schmults, general counsel for GTE Corp. and a former deputy attorney general during the Reagan administration, said he and other panel members believe the FBI and other law-enforcement agencies would be helped more than hurt if legitimate businesses were better protected. "It's a balancing issue," he said. Spokesmen for the FBI and NSA referred questions to the White House, where an official said the Clinton administration disagrees with the panel's recommendation to relax export controls and wants to continue to explore the use of escrows by private industry to keep the keys to powerful codes. "We have equities to protect that the people who wrote the NRC report do not," he said. The administration, he said, still wants to review the export of more powerful codes on a case-by-case basis. The use of private, third-party escrows, he said, might be one way to protect the secrecy of companies while allowing federal agents with court orders access to code keys. New Markets Would Open The panel called for the U.S. to permit the export of codes containing a "56-bit" Data Encryption Standard algorithm. The algorithm, or formula, was developed by the National Bureau of Standards in 1975 and is 65,000 times tougher to break than current "40-bit" codes that are permitted for unlicensed exports. The panel estimated its recommendations would open up new markets for information security products, possibly increasing software-industry revenue "many tens of billions of dollars." Until now, export controls tended to set industry standards for a level of protection because companies were reluctant to use different systems for domestic and international applications. Jeffrey Treuhaft, director of security at Internet software giant Netscape Communications Corp., welcomed the report, but said exports shouldn't be limited to 56-bit keys. That would still blunt the competitive edge of U.S. software vendors, given that code-cracking computer power is multiplying, he said. "The U.S. has a lead right now and these arcane policies from the Cold War are giving U.S. industry cement shoes to compete with foreign competitors," Mr. Treuhaft said. "We can't run as fast as they ean." - Jared Sandberg in New York contributed to this article. [End] ---------- The Boston Globe, May 31, 1996, p. 36 Panel criticizes US government's encryption stand 'Net, cell phone security at stake, National Research Center says By Hiawatha Bray The Clinton administration's efforts to limit the sale of software that generates coded messages, already unfire from Congress and civil libertarians, is now facing criticism from a committee of the National Academy Sciences. The National Research Center, which gives science and technology advice under a congressional charter, yesterday said the government should promote the commercial use of encryption software to help cut down on the theft of computer data and other electronic communications. Law enforcement officials and intelligence agencies are worried about the development of cheap encryption grams, for fear it could become impossible to intercept a mobster's telephone call or read an enemy spy's electronic mail messages. But the center's report says that encryption software is essential for businesses and individuals who need to transmit confidential data using the Internet or cellular telephones. "On balance, the advantages of more widespread use of cryptography outweigh the disadvantages," the report says. Encrypted messages can easily be read by someone with the correct code "key." Without this key, it can take centuries of computer analysis to decode a message. The longer the key, the tougher it is to break the code. Under current federal law, US companies cannot export encryption programs that use keys longer than 40 bits. Computer experts say that 40-bit encryption systems are easy to break, and provide little security. As a result, many software companies that sell their products worldwide do not build in sophisticated encryption features. Industry experts say that this costs them millions of dollars in sales, as customers in foreign countries buy encryption software made outside the United States. The report urges a change in the federal law, to allow sale of an encryption system called DES that uses 56-bit keys. "Except in some very specialized situations, it gives adequate security," said council chairman Kenneth Dam, a law professor at the University of Chicago. The report also urges the administration to abandon efforts to force businesses and individuals to use "key escrowed" encryption software. Under this plan, companies could use encryption, keys of any length, but only if the keys were held in escrow, and could be made available to the government. The council urges the federal government to adopt key escrow to prove that the system is trustworthy. The report argues that many businesses will voluntarily adopt such a plan to guard against the loss of its encryption keys. A prominent critic of encryption policy was less than thrilled by-the council report. "It doesn't go far enough," said Philip Zimmermann, inventor of the Pretty Good Privacy encryption program. Zimmermann scoffed at the idea that DES encryption is secure enough for use by businesses. "It can be broken in seconds by the NSA [National Security Agency]," Zimmermann said. "All major governments can break DES. In fact, any Fortune 500 company can afford a machine that can break DES." But even if DES were secure enough, Zimmermann said he opposes any restrictions on the export of encryption software. [End] From nobody at REPLAY.COM Sat Jun 1 19:58:32 1996 From: nobody at REPLAY.COM (Anonymous) Date: Sun, 2 Jun 1996 10:58:32 +0800 Subject: Hello there!Re: Where does your data want to go today? Message-ID: <199606020009.CAA03429@basement.replay.com> Someone who claimed to be David F. Ogren said on Sat, 1 Jun 1996: > > The brute force system decrypts the first, and second blocks (8 > > bytes each) of the cyphertext, XORs them, and compares the result > > with "PKZIP2.1". If the comparison is equal it has the key. > I will concede that having a known header, such as a PKZIP header, > does weaken a crypto to certain degree, but I still believe that it is > not a significant problem. Here's why: Why not simply use two session keys, and encrypt the headers with one while encrypting the actual data with the other? That seems to solve both problems, except that more CPU cycles are required. From jya at pipeline.com Sat Jun 1 21:20:52 1996 From: jya at pipeline.com (John Young) Date: Sun, 2 Jun 1996 12:20:52 +0800 Subject: NRC Report, Appendices Message-ID: <199606020123.BAA11417@pipe3.t1.usa.pipeline.com> Appendices A-D: http://pwp.usa.pipeline.com/~jya/nrca-d.txt (187 kb) With images of Tables D.1 and D.2 for Appendix D: http://pwp.usa.pipeline.com/~jya/nrcd1.jpg (101 kb) http://pwp.usa.pipeline.com/~jya/nrcd2.jpg (118 kb) Appendices E-N: http://pwp.usa.pipeline.com/~jya/nrce-n.txt (199 kb) ---------- Thanks to DN. ---------- APPENDICES A Contributors to the NRC Project on National Cryptography Policy B Glossary C A Brief Primer on Cryptography D An Overview of Electronic Surveillance: History and Current Status E A Brief History of Cryptography Policy F A Brief Primer on Intelligence G The International Scope of Cryptography Policy H Summary of Important Requirements for a Public-Key Infrastructure I Industry-Specific Dimensions of Security J Examples of Risks Posed by Unprotected Information K Cryptographic Applications Programming Interfaces L Laws, Regulations, and Documents Relevant to Cryptography M Other Looming Issues Related to Cryptography Policy N Federal Information Processing Standards From markm at voicenet.com Sat Jun 1 21:23:03 1996 From: markm at voicenet.com (Mark M.) Date: Sun, 2 Jun 1996 12:23:03 +0800 Subject: Compressed data vulnerable to known-plaintext? In-Reply-To: <199606020009.CAA03429@basement.replay.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sun, 2 Jun 1996, Anonymous wrote: > Someone who claimed to be David F. Ogren said on Sat, 1 Jun 1996: > > > > The brute force system decrypts the first, and second blocks (8 > > > bytes each) of the cyphertext, XORs them, and compares the result > > > with "PKZIP2.1". If the comparison is equal it has the key. > > > I will concede that having a known header, such as a PKZIP header, > > does weaken a crypto to certain degree, but I still believe that it is > > not a significant problem. Here's why: > > Why not simply use two session keys, and encrypt the headers with one > while encrypting the actual data with the other? That seems to solve both > problems, except that more CPU cycles are required. An easier solution would be to just strip of the headers. If the header is always the same, then it is redundant. If it varies, then it cannot be used as known-plaintext. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "In Christianity neither morality nor religion come into contact with reality at any point." -- Friedrich Nietzsche -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMbDtYrZc+sv5siulAQETVQP8DtIyI+pKr/cP7dNrQbnCeqSL+Dzu24ZR 4IL6FdaxYaGNQsT+GYBh1iFW++V1mtnyx8JNKKZ7huiLIMKqp1Iw+92q+tc+4T/o Owd8a70Ld4rT6ma0pZOskLzLZCov4FitSfYKAonIsTYiMenmsYwo/rz6tdzKHPrg oM6wdHfv1hg= =fhBX -----END PGP SIGNATURE----- From winn at Infowar.Com Sat Jun 1 21:28:11 1996 From: winn at Infowar.Com (winn at Infowar.Com) Date: Sun, 2 Jun 1996 12:28:11 +0800 Subject: Class III InfoWar Message-ID: <199606020133.VAA17985@mailhost.IntNet.net> Feel Free To Distribute Widely: Class III Information Warfare: Has It Begun? The June 2, 1996 Sunday Times from London front page headline reads: "City Surrenders to L400 million Gangs" And HERF Guns, Electromagnetic Pulses and sophisticated logic bombs may be responsible. At InfoWarCon II, Montreal Canada, I made reference to investigations I was conducting regarding concerted and organized attacks on up to 43 financial institutions in Europe and the US; an example of Class III Information Warfare. This issue of London Sunday Times brings a glimpse of the story that will eventually be told. The first attack in my files dates to January 6, 1993. A trading house in London was blackmailed into paying L10million to unknown extortionists who demonstrated they could crash the company's computers at will. The next incident in the Times article is also in my files: January 14, 1993 where similar demonstrations and demands were made for this time L12.5Million. And so is the next, January 29, 1993 and another L10Million siphoned off by the bad guys. According to my figures and those in the Times article, hundreds of millions of pounds have been paid ransom in what is clearly an example of Class III Information Warfare. According to officials in Washington, Whitehall, London, City of London Police, the National Security Agency, Kroll Associates, Bank of England and others (in the article) the threats are credible. The attackers have the clear ability to bring trading and financial operations to a halt - exactly when they say they will. "Banks, brokerage firms and investment houses in America have also secretly paid ransom to prevent costly computer meltdowns and a collapse in the confidence among their customers," sources said in the article. The article discussed the advanced information warfare techniques used by the perpetrators. "According to the American National Security Agency (NSA), they have penetrated computer systems using 'logic bombs' (coded devices that can be remotely detonated), electromagnetic pulses and 'high emission radio frequency guns' which blow a devastating electronic 'wind' through the computer systems." [For a complete description of HERF Guns (coined by Schwartau in 1990), see "Information Warfare: Chaos on the Electronic Superhighway," Thunders Mouth Press, 1994] The perpetrators have also left encrypted messages, apparently bypassing the highest security levels of the systems, leaving messages such as "Now do you believe we can destroy your computers?" The NSA and other officials believe that four gangs are involved; probably one from the US and probably one from Russia. But, because the crimes are international, national borders still prevail, making investigation more difficult. Investigations and official inquiries have been in progress for some time according to the article. Now, for a few things you will not see in the articlem, but will hopefully [if I am lucky] come out in the near future. The number of attacks is way above 40. They have been known about for almost three years, but only recently have people been willing to come out of the closet and discuss this highly sensitive issue with the media. Long briefs and analyses of these events have been submitted to high level officials and select business persons for at least a year, but to no avail. [Security by obscurity reigns all too often.] Banking is not the only industry that has been attacked and the attacks have been spread around Europe as well as Australia. As an industry many of us have said that the only way something will really be done is if we experience a Computer Chernobyl [Peter Neumann Phrase as I recall] or as I first said in Congressional Testimony, An Electronic Pearl Harbor. Are these events the harbinger of strong reaction by the community at large? As events unfold and more information is permitted to be disseminated over the next few days and weeks, we will see. We have essentially solved the issues of confidentiality and integrity. But, I have maintained that the real problem is going to be Denial of Service. These events are unfortunate, but clear examples of that reality. A Bank of England official also said of the incidents, "it is not the biggest issue in the banking market." Hmmm. I have to think about that. Peace Winn Winn Schwartau - Interpact, Inc. Information Warfare and InfoSec V: 813.393.6600 / F: 813.393.6361 Winn at InfoWar.Com From frissell at panix.com Sat Jun 1 21:52:00 1996 From: frissell at panix.com (Duncan Frissell) Date: Sun, 2 Jun 1996 12:52:00 +0800 Subject: [Off-Topic] "Curfews" Message-ID: <2.2.32.19960602015920.00b2dfb8@panix.com> At 07:08 PM 5/31/96 -0700, Timothy C. May wrote: >(Some purists claim that children are exempted from normal constitutional >protections, such as the right of free association, the right to be free >from unwarranted searches and seizures, the right of free speech, etc. I'm afraid that some courts have explicitly held that "the child does not have a right to liberty but only a right to custody." That is old law, however. Kids have lost many rights recently too including gun rights, etc. >So Santa Cruz begins its own fascist crackdown on the free movements of >persons. The "curfew" begins Saturday night. Of course curfew laws only control the inarticulate and scruffy. Well dressed children (coat and tie for the boys dress or suit for the girls) who can claim that they are out doing tons of protected things like work and school and worship and political campaigning and "trying to save street children for Jesus" will not be picked up. They can also say things like "Ossifer, I'm peaceably assembling to petition the government for redress of grievances. It's in the First Amendment. You could read about it and everything." Home schooled children face this problem frequently and can usually find something to say. Kids older than 15 or so can claim to be "emancipated minors." Parents can emancipate their children by signing a simple declaration to back up this claim. A good idea in any case. You don't want to be accused of "owning slaves just like Thomas Jefferson." Parents can also give their kids blanket notes of permission to be out on the streets. DCF "Whose children never got stopped by cops because at 14 they passed for 21. Clothing and bearing alone can do it." From sandfort at crl.com Sat Jun 1 21:56:35 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Sun, 2 Jun 1996 12:56:35 +0800 Subject: Saw this on CNN: Anonymous Stock tips over IRC as bad??? Message-ID: <2.2.32.19960602015403.0070d0a0@popmail.crl.com> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ C'punks, At 06:44 PM 6/1/96 +0000, Deranged Mutant wrote: >There was a story on CNN about how anonymous people on IRC (and other >commercial online chats) giving stock tips is a Bad Thing (tm). >Actually had some guy saying that a law should ban anonymous >discussions of stocks online. > >Yeesh. What ever happened to caveat emptor? (Like a recommendation >on IRC is automatically more trustworthy than overhearing a >conversation in a public bathroom?) One of the oldest tricks for running a stock up (or down) is to put rumor teams on elevators in the financial district of major cities. All day long, they ride up and down elevators having whispered, but not unintelligable, conversations about the target company. Of course, they "accidentally" drop what sounds like important insider information. Just think how much more efficient the Net can be for such activities. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From anonymous-remailer at shell.portal.com Sat Jun 1 22:15:58 1996 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Sun, 2 Jun 1996 13:15:58 +0800 Subject: Compressed data vulnerable to known-plaintext? Message-ID: <199606020213.TAA00981@jobe.shell.portal.com> Someone who claimed to be Mark M. said on Sat, 1 Jun 1996: (I said:) > > Why not simply use two session keys, and encrypt the headers with one > > while encrypting the actual data with the other? That seems to solve both > > problems, except that more CPU cycles are required. > > An easier solution would be to just strip of the headers. If the header is > always the same, then it is redundant. If it varies, then it cannot be used > as known-plaintext. But then you still have the problem of identifying the contents. If there were no headers, one could not tell if the message was compressed using ZIP, LHA, StuffIt, tar*, compress, gzip, Alice's Magical Supercompressor, or even if it was left alone. One could also not tell if the decryption happened successfully. ( * Yes, I know tar is not compression. ) From daemon at anon.penet.fi Sat Jun 1 22:34:41 1996 From: daemon at anon.penet.fi (daemon at anon.penet.fi) Date: Sun, 2 Jun 1996 13:34:41 +0800 Subject: Reply to anonymous ping. Message-ID: <9606020233.AA05600@anon.penet.fi> Your code name is: an611909 at anon.penet.fi. From tcmay at got.net Sat Jun 1 22:38:32 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 2 Jun 1996 13:38:32 +0800 Subject: [Off-Topic] "Curfews" Message-ID: At 1:59 AM 6/2/96, Duncan Frissell wrote: >Of course curfew laws only control the inarticulate and scruffy. Well >dressed children (coat and tie for the boys dress or suit for the girls) who >can claim that they are out doing tons of protected things like work and >school and worship and political campaigning and "trying to save street >children for Jesus" will not be picked up. They can also say things like This, by the way, is the main thing that concerns certain civil rights groups (including the Santa Cruz chapter of the ACLU). They say they'll be monitoring enforcement patterns to see if more "children of color" are picked up than their percentage in the population represents. >"Ossifer, I'm peaceably assembling to petition the government for redress of >grievances. It's in the First Amendment. You could read about it and >everything." Personally, I liked my "religious exemption" example. The Baal worshippers can claim that they are engaging in their religion by grokking the darkness. If picked up and held, they can claim they are "being held without Baal." >to be accused of "owning slaves just like Thomas Jefferson." Parents can >also give their kids blanket notes of permission to be out on the streets. > Most of the ordinances, including the one here, specifically state that "blanket permission" by parents is not acceptable. They want _specific_ reasons for being out after curfew. (It's this taking control from both the kids and their parents and putting it in the hands of cops that really bugs me.) By the way, if being out after curfew is breaking the law, can I make a "citizen's arrest" of some of those nice young chicas in Watsonville? --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From markm at voicenet.com Sun Jun 2 00:25:01 1996 From: markm at voicenet.com (Mark M.) Date: Sun, 2 Jun 1996 15:25:01 +0800 Subject: Compressed data vulnerable to known-plaintext? In-Reply-To: <199606020213.TAA00981@jobe.shell.portal.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Sat, 1 Jun 1996 anonymous-remailer at shell.portal.com wrote: > But then you still have the problem of identifying the contents. If there > were no headers, one could not tell if the message was compressed using > ZIP, LHA, StuffIt, tar*, compress, gzip, Alice's Magical Supercompressor, > or even if it was left alone. One could also not tell if the decryption > happened successfully. OK, I think I misunderstood. You were talking about encrypting a file that has already been compressed and I was talking about an encryption program that would compress then encrypt. In the latter case, headers would be completely unnecessary, whereas in the former, they are necessary. Generally, checksums or parity bits are much better ways of checking if the decryption was successful. While this does make cryptanalysis easier, a known-plaintext will not work. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "In Christianity neither morality nor religion come into contact with reality at any point." -- Friedrich Nietzsche -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMbEWH7Zc+sv5siulAQFA0gP9FMd68l1J8K12FDLkx5+p5j0TwrAlCLn0 cqSHVouOw2mhqk1LEgxMBPuI+6Vw2Bnzhj8QxDz7Qjjs98Jqu4p+4ky9FLzVn4vh oGi2j/W0P1onLi4bSoq6u1SE8vPCNRresTox36DMWOMSN4Lxybx363xDx+8vD627 5D9n3fW5e/0= =V+t3 -----END PGP SIGNATURE----- From stevenw at best.com Sun Jun 2 00:28:42 1996 From: stevenw at best.com (Steven Weller) Date: Sun, 2 Jun 1996 15:28:42 +0800 Subject: RISKS: Pachinko card counterfeit background Message-ID: ------------------------------ Date: Tue, 28 May 1996 22:09:28 +0900 (JST) From: Chiaki Ishikawa Subject: re: TILT! Counterfeit pachinko cards ... (Wayner, RISKS-18.15) I would like to add some background as someone who has played in pachinko parlors in Japan. (The origin of the game of pachinko is rather vague. Some say it is based on the ball game popular after the WW-II in U.S.A.. Anyway, it is a gambling business.) The card in question acts as a kind of debit card inside the pachinko parlors. It was introduced a few years ago by an former police official, with the expressed intention of keeping the money flow easy to track. (I would say it was a ruse to make a few companies where the ex-police officials can find jobs after retirement from the office. But I digress.) The cards are sold to the pachinko parlors and the customers buy the cards from the parlors, and obtain steel balls to play the game by inserting the card into the slot next to the game machine. Pachinko gambling works as follows. When you win the game, the number of steel balls in your possession increases and the customer can exchange the balls with gifts. (Therein lies a complication. Japanese law prohibits gambling, and so exchanging the steel balls with real money is illegal. *However*, first exchanging the balls with gifts, and then exchanging the gifts with money at a third party outlet [which is quite likely to be operated by the parlor owner] has been allowed by the police.) Speaking of loophole! Some people do bring back the gifts to homes: depending on the places, parlors carry game-boy cartridges, latest bestseller books, snack food such as cookies, instant noodles, umbrella, purse, movie video tape, music CD, to name a few as gifts. But if the customer wants to exchange his/her win indirectly to money at the outlet, then he/she has to ask for special gifts used essentially as money tokens by these establishments. These are often a tiny gold/silver foil embedded in thin plastic slab, etc.. Each parlor/outlet pair uses different stuff. In my hometown, a special brand of silk stocking was used as money token. This whole thing is a farce in view of the anti-gambling law in Japan.) Back to the card: the cards in question are used by two leading card manufacturers. (There are another couple of late-entry companies whose cards are not known to be attacked yet.) The card is based on the design done by NTT Data. NTT is the Japanese equivalent of old Ma Bell in the USA. NTT Data is a company that specializes in computer software integration, communication and such. I believe it designs the telephone card (debit card used for pay-phone in Japan), too. The pachinko card is the size of name card and plastic. The details are not published. To the best of my knowledge, I think there is a magnetic strip that contains the card ID information such as its serial number and the amount of debit money. There were 10,000 yen, 5,000 yen, 3,000 yen, 2,000 yen, and 1,000 yen cards. (I said "were" because 10,000 yen and 5,000 yen cards are no longer available.) Attack method: >From what I saw and read, the first card verification mechanism used by the pachinko game machine was so primitive to defy rational explanation: each time the card was used, a tiny hole was punched to indicate the amount left in the card. As the customer uses the card, the position of the punched hole on card shifts toward the zero position. Once there is a hole on the zero position, the card is no longer usable. The first simple attack as far as I can tell was to fill in the hole in the card with tiny plastic (essentially the chaff produced when the hole is punched was used to fill in the hole). I am not sure if such simple attack was possible, but it seemed possible really at the beginning with crude modification of the magnetic data. Then, of course, the magnetic information on the card was also modified in more sophisticated ways when the card was used. However, the bad people also learned and somebody stole the reader mechanism and figure out the part of the magnetically-coded information: the result was that bad people could buy the pristine 10,000 yen card and then uses up to 2500 yen of the debit amount legally and then "re-fill" the card to 9500 yen worth, thus gaining 2000 yen for free again and again. (Until 3000 yen was used from the 10,000 yen card, the physical hole was not produced on the card, and only the magnetic information was changed. Hence the mere counterfeiting of the magnetic information was necessary to "revive" the card. No physical re-filling of the card was necessary. Physically re-filling the hole is easy to spot visually and was avoided by the bad guys.) [I have to confess that the exact amount involved in the counterfeiting is a little uncertain. But the general idea still holds.] Similar attack was possible with 5,000 yen card. Presumably the gain by attacking 3,000 yen, 2,000 yen and 1,000 yen card was small compared with the risk, the bad guys didn't attack these cards until lately. Now the situation is that of cats and mouse. New counterfeiting methods and counter-measures follow each other in rapid succession. I believe that the cloning of the card was also done. But I don't know the details. Now, the card companies and pachinko parlors stopped issuing 10,000 yen and 5,000 yen cards because the damage was so large. Also, they have installed special readers to verify the validity of the card by incorporating more vigourous checking not available on the readers next to the game machine: it used to be that the cards sold could by used by any pachinko parlors in Japan. Now cards sold elsewhere have to be verified with this machine before used at a local game parlor. Cards sold at the local parlor can be used without such checking. Already, there are reports of counterfeit-card usage: - either the cards are so sophisticated that they can pass the enhanced reader. - Or the bad guys buy the cards locally and then use some of the debit amount and then bring the cards to their factory to re-fill and re-use it at the local store again and again. The card companies have installed countermeasures in selected stores to the cloning of the card by checking the serial number of the card and stopped the operation of the whole game machines in the store if a card with the serial number of the previously used (finished?) card is ever inserted into the game machine. Another simple method of fooling the reader was also reported about a month ago. Essentially, it cuts out a long strip of the 3,000 yen card (now the most expensive card after 10,000 yen and 5,000 yen card are gone) and rotates the strip to invert its direction and then reassembles the card again using cement or something. To my surprise, it was reported to be deemed valid by some readers (!?). Apparently some readers only check for the position of the hole on fixed position and fooled to believe the card is valid if the hole is not in the expected position, etc.. Once not so rigorous readers are distributed, it is very difficult to upgrade all of them in Japan, I guess. The problem is complicated in that the counterfeiting only damages the card company. The parlors report the amount of debit money used in their shops and then compensated for the amount (less the small surcharge by the card company.) This means that every time the counterfeit card is used the card company alone loses money and the local parlor doesn't lose. There have already been reports of the owners of the pachinko parlors involved in the usage of the counterfeit cards. These bad owners allowed the bad guys to use the counterfeit cards in their parlors and pass the used debit amount to the card company and getting compensated. In these cases, the bad guys bring back the money (by simply exchanging the phony debit money into the steel balls, and then without playing (they can play if they wish), exchange the steel balls to the special gifts, and then exchange the gifts with money. [Usually, buying the steel balls and then exchanging them with gifts, and subsequently with money leaves you less money than you started with. The house always wins. In this case, the bad guys started out with counterfeit debit money and ends up with real money, so it is OK for the bad guys.] The parlor also gets the money for the used debit money. So they win, too. Only the card companies lose. Counterfeiting probably has existed since the first money (or equivalent) was ever invented. But, it surprised me that NTT Data approached the whole scheme so naively, especially since there have been reports of telephone card counterfeiting in Japan before. Some of the counterfeiting methods reported seemed so simple, and I have a doubt whether NTT Data was serious enough to deter counterfeiting. At least, I can safely say they have underestimated the ingenuity of the counterfeiters badly and didn't learn from the counterfeiting of telephone cards very well. Ishikawa, Chiaki (family name, given name) Personal Media Corp., Shinagawa, Tokyo, Japan 142 ishikawa at personal-media.co.jp ------------------------------ ------------------------------------------------------------------------- Steven Weller | Technology (n): | | A substitute for adulthood. stevenw at best.com | Popular with middle-aged men. From blancw at accessone.com Sun Jun 2 00:39:34 1996 From: blancw at accessone.com (blanc) Date: Sun, 2 Jun 1996 15:39:34 +0800 Subject: [Off-Topic] "Curfews" Message-ID: <01BB5005.1D2F0560@blancw.accessone.com> From: Timothy C. May Most of the ordinances, including the one here, specifically state that "blanket permission" by parents is not acceptable. They want _specific_ reasons for being out after curfew. ................................................................................... (sigh) Once again, the individual is backed up against the wall and made to answer to the State ("specifically") for their behavior in the world of human action. ("so who are you that I must explain myself to you?") I was considering the inclination of the list membership to focus upon technological, rather than political, solutions to certain social problems. Would a focus upon the idea of individual self-ownership & authority have any effect upon the State? (who *are* those people, anyway) The State resorts to the use of forcible methods in order to keep their non-valuable citizens in line. The citizens who feel themselves unfairly included resort to the use of technology to deal with impositions of the State upon them when their own ideas on morality are not accepted as legitimate. A lot of people talk about morality and justice, but really who gives a flip. The place of these ideas in the everyday life of each person reduces to irrelevance in the face of all the ignorance and cynicism, and in consideration of the alternative technologies which can be used in place of reasoning, when reasoning makes no difference (when you can't force people to think, as often happens). "I think it's time we re-evaluate the nature of our relationship". .. Blanc From stevenw at best.com Sun Jun 2 00:40:30 1996 From: stevenw at best.com (Steven Weller) Date: Sun, 2 Jun 1996 15:40:30 +0800 Subject: RISKS: Pachinko card counterfeiting update Message-ID: ------------------------------ Date: Tue, 28 May 1996 22:09:28 +0900 (JST) From: Chiaki Ishikawa Subject: re: TILT! Counterfeit pachinko cards ... (Wayner, RISKS-18.15) I would like to add some background as someone who has played in pachinko parlors in Japan. (The origin of the game of pachinko is rather vague. Some say it is based on the ball game popular after the WW-II in U.S.A.. Anyway, it is a gambling business.) The card in question acts as a kind of debit card inside the pachinko parlors. It was introduced a few years ago by an former police official, with the expressed intention of keeping the money flow easy to track. (I would say it was a ruse to make a few companies where the ex-police officials can find jobs after retirement from the office. But I digress.) The cards are sold to the pachinko parlors and the customers buy the cards from the parlors, and obtain steel balls to play the game by inserting the card into the slot next to the game machine. Pachinko gambling works as follows. When you win the game, the number of steel balls in your possession increases and the customer can exchange the balls with gifts. (Therein lies a complication. Japanese law prohibits gambling, and so exchanging the steel balls with real money is illegal. *However*, first exchanging the balls with gifts, and then exchanging the gifts with money at a third party outlet [which is quite likely to be operated by the parlor owner] has been allowed by the police.) Speaking of loophole! Some people do bring back the gifts to homes: depending on the places, parlors carry game-boy cartridges, latest bestseller books, snack food such as cookies, instant noodles, umbrella, purse, movie video tape, music CD, to name a few as gifts. But if the customer wants to exchange his/her win indirectly to money at the outlet, then he/she has to ask for special gifts used essentially as money tokens by these establishments. These are often a tiny gold/silver foil embedded in thin plastic slab, etc.. Each parlor/outlet pair uses different stuff. In my hometown, a special brand of silk stocking was used as money token. This whole thing is a farce in view of the anti-gambling law in Japan.) Back to the card: the cards in question are used by two leading card manufacturers. (There are another couple of late-entry companies whose cards are not known to be attacked yet.) The card is based on the design done by NTT Data. NTT is the Japanese equivalent of old Ma Bell in the USA. NTT Data is a company that specializes in computer software integration, communication and such. I believe it designs the telephone card (debit card used for pay-phone in Japan), too. The pachinko card is the size of name card and plastic. The details are not published. To the best of my knowledge, I think there is a magnetic strip that contains the card ID information such as its serial number and the amount of debit money. There were 10,000 yen, 5,000 yen, 3,000 yen, 2,000 yen, and 1,000 yen cards. (I said "were" because 10,000 yen and 5,000 yen cards are no longer available.) Attack method: >From what I saw and read, the first card verification mechanism used by the pachinko game machine was so primitive to defy rational explanation: each time the card was used, a tiny hole was punched to indicate the amount left in the card. As the customer uses the card, the position of the punched hole on card shifts toward the zero position. Once there is a hole on the zero position, the card is no longer usable. The first simple attack as far as I can tell was to fill in the hole in the card with tiny plastic (essentially the chaff produced when the hole is punched was used to fill in the hole). I am not sure if such simple attack was possible, but it seemed possible really at the beginning with crude modification of the magnetic data. Then, of course, the magnetic information on the card was also modified in more sophisticated ways when the card was used. However, the bad people also learned and somebody stole the reader mechanism and figure out the part of the magnetically-coded information: the result was that bad people could buy the pristine 10,000 yen card and then uses up to 2500 yen of the debit amount legally and then "re-fill" the card to 9500 yen worth, thus gaining 2000 yen for free again and again. (Until 3000 yen was used from the 10,000 yen card, the physical hole was not produced on the card, and only the magnetic information was changed. Hence the mere counterfeiting of the magnetic information was necessary to "revive" the card. No physical re-filling of the card was necessary. Physically re-filling the hole is easy to spot visually and was avoided by the bad guys.) [I have to confess that the exact amount involved in the counterfeiting is a little uncertain. But the general idea still holds.] Similar attack was possible with 5,000 yen card. Presumably the gain by attacking 3,000 yen, 2,000 yen and 1,000 yen card was small compared with the risk, the bad guys didn't attack these cards until lately. Now the situation is that of cats and mouse. New counterfeiting methods and counter-measures follow each other in rapid succession. I believe that the cloning of the card was also done. But I don't know the details. Now, the card companies and pachinko parlors stopped issuing 10,000 yen and 5,000 yen cards because the damage was so large. Also, they have installed special readers to verify the validity of the card by incorporating more vigourous checking not available on the readers next to the game machine: it used to be that the cards sold could by used by any pachinko parlors in Japan. Now cards sold elsewhere have to be verified with this machine before used at a local game parlor. Cards sold at the local parlor can be used without such checking. Already, there are reports of counterfeit-card usage: - either the cards are so sophisticated that they can pass the enhanced reader. - Or the bad guys buy the cards locally and then use some of the debit amount and then bring the cards to their factory to re-fill and re-use it at the local store again and again. The card companies have installed countermeasures in selected stores to the cloning of the card by checking the serial number of the card and stopped the operation of the whole game machines in the store if a card with the serial number of the previously used (finished?) card is ever inserted into the game machine. Another simple method of fooling the reader was also reported about a month ago. Essentially, it cuts out a long strip of the 3,000 yen card (now the most expensive card after 10,000 yen and 5,000 yen card are gone) and rotates the strip to invert its direction and then reassembles the card again using cement or something. To my surprise, it was reported to be deemed valid by some readers (!?). Apparently some readers only check for the position of the hole on fixed position and fooled to believe the card is valid if the hole is not in the expected position, etc.. Once not so rigorous readers are distributed, it is very difficult to upgrade all of them in Japan, I guess. The problem is complicated in that the counterfeiting only damages the card company. The parlors report the amount of debit money used in their shops and then compensated for the amount (less the small surcharge by the card company.) This means that every time the counterfeit card is used the card company alone loses money and the local parlor doesn't lose. There have already been reports of the owners of the pachinko parlors involved in the usage of the counterfeit cards. These bad owners allowed the bad guys to use the counterfeit cards in their parlors and pass the used debit amount to the card company and getting compensated. In these cases, the bad guys bring back the money (by simply exchanging the phony debit money into the steel balls, and then without playing (they can play if they wish), exchange the steel balls to the special gifts, and then exchange the gifts with money. [Usually, buying the steel balls and then exchanging them with gifts, and subsequently with money leaves you less money than you started with. The house always wins. In this case, the bad guys started out with counterfeit debit money and ends up with real money, so it is OK for the bad guys.] The parlor also gets the money for the used debit money. So they win, too. Only the card companies lose. Counterfeiting probably has existed since the first money (or equivalent) was ever invented. But, it surprised me that NTT Data approached the whole scheme so naively, especially since there have been reports of telephone card counterfeiting in Japan before. Some of the counterfeiting methods reported seemed so simple, and I have a doubt whether NTT Data was serious enough to deter counterfeiting. At least, I can safely say they have underestimated the ingenuity of the counterfeiters badly and didn't learn from the counterfeiting of telephone cards very well. Ishikawa, Chiaki (family name, given name) Personal Media Corp., Shinagawa, Tokyo, Japan 142 ishikawa at personal-media.co.jp ------------------------------------------------------------------------- Steven Weller | Technology (n): | | A substitute for adulthood. stevenw at best.com | Popular with middle-aged men. From ezekiel at alpha.c2.org Sun Jun 2 01:39:30 1996 From: ezekiel at alpha.c2.org (ezekiel at alpha.c2.org) Date: Sun, 2 Jun 1996 16:39:30 +0800 Subject: No Subject Message-ID: <199606020532.WAA28053@infinity.c2.org> winn at Infowar.Com wrote: > > The article discussed the advanced information warfare techniques used by the > perpetrators. "According to the American National Security Agency (NSA), they > have penetrated computer systems using 'logic bombs' (coded devices that can be > remotely detonated), electromagnetic pulses and 'high emission radio frequency > guns' which blow a devastating electronic 'wind' through the computer systems." > [For a complete description of HERF Guns (coined by Schwartau in 1990), see > "Information Warfare: Chaos on the Electronic Superhighway," Thunders Mouth > Press, 1994] > Thanks for the info (and for the excellent book, by the way). Can you explain in little detail what are these logic bombs? Also, why these institutions do not install protection from HERF radiation and TEMPEST-type protection from information leaks? Do they think that paying ransom is cheaper than all investment in IW-protection? thanx From nobody at REPLAY.COM Sun Jun 2 02:22:15 1996 From: nobody at REPLAY.COM (Anonymous) Date: Sun, 2 Jun 1996 17:22:15 +0800 Subject: Riding online elevators (Was CNN: Anonymous Stock Tips) Message-ID: <199606020638.IAA15227@basement.replay.com> In my mail this morning was this bit of spam, I never heard of this guy before, Likely scooped my mailing address from misc.invest.stocks. -Newman --Fwd-- >http://chancellor.stockpick.com > >I just got wind that Chancellor Group is reporting big quarterly earnings. >SGA Goldstar is just sending out a "buy" recommendation. I understand other >investment advisors are looking to recommend CHAG. The company has a >strong book value. The short sellers need to cover. This looks like a >good situation to me. What do you think? They are located at: > >http://chancellor.stockpick.com > >Bruce Keller, 203-869-8137 > >To terminate from my Internet Investment Opportunities, Reply to >term at portlandweb.com with "remove" in the subject field. From hal9001 at panix.com Sun Jun 2 02:41:59 1996 From: hal9001 at panix.com (Robert A. Rosenberg) Date: Sun, 2 Jun 1996 17:41:59 +0800 Subject: Class III InfoWar In-Reply-To: <199606020133.VAA17985@mailhost.IntNet.net> Message-ID: At 21:33 -0400 6/1/96, winn at Infowar.Com wrote: >The article discussed the advanced information warfare techniques used by the >perpetrators. "According to the American National Security Agency (NSA), they >have penetrated computer systems using 'logic bombs' (coded devices that >can be >remotely detonated) Unless the definition has changed recently, a "logic bomb" is normally a piece of code in a program that is triggered when a specific event occurs (such as the programmer's name not appearing in a payroll file for a designated period of time [which might trigger a salami round off routine to start cutting checks 2 months after s/he is no longer working for the company]). From stewarts at ix.netcom.com Sun Jun 2 02:50:16 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sun, 2 Jun 1996 17:50:16 +0800 Subject: Multiple Remailers at a site? Message-ID: <199606020659.XAA25720@toad.com> >I don't think multiple remailers at the same site help anything. Assume Alice, Bob, and Carol are on abc.com and Xenu, Yak, and Zut are on xyz.com. Remailing between Alice, Bob, and Carol doesn't make appear to make much difference, but it does reduce the damage if one of the remailer's keys is compromised. On the other hand, mail from Alice -> Xenu -> Bob -> Yak -> Carol -> Zut adds traffic to the system, and makes traffic analysis more difficult, even if the Bad Guys are watching site abc.com and have stolen Alice, Bob, and Carol's keys. The other threat it helps with is that if XYZ.COM gets complaints about that evil user Zut, she can kick her off (Bad Zut!) and still leave Xenu and Yak alone; if the remailer service were provided by the machine owner herself she might be directly liable. # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Rescind Authority! From WlkngOwl at unix.asb.com Sun Jun 2 02:51:32 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sun, 2 Jun 1996 17:51:32 +0800 Subject: Come to think of it (was Something that just crossed my mind.... Message-ID: <199606020734.DAA20016@unix.asb.com> On 30 May 96 at 22:35, snow wrote: > In some of the discussion on this list there has been some concern > about the governments position on anonymous fund transfers. Well, maybe > concern is incorrect. We _know_ (or should) what it is. They are dead set > against it. Hm. The more I think about it, the more that it seems foolish to be against anonymous payee systems. Mainly because those who want it now (and who will want it in the future) and who have the resources will already have it. As for catching tax-evaders, criminals, etc... for most the five BMWs, indoor heated pool and yacht should be enough attention for those who really want to know. Of course the gov't isn't that interested in doing the legwork... better for them to have everything on a computer for easy data-crunching rather than do real footwork. (Can you say downsizing? Nah.... they'd put twice the savings into useless gadgets like attack helicopters to patrol minority neighborhoods with...) Off the track, slightly: It seems the effect that these laws have are to make it so only the very wealthy and connected (or perhaps incredibly ambitious and smart) have access to privacy and de facto loopholes in the law. The only "criminals" who will be able to get away with anything are those who are already so well off (and possibly buddy-buddy with the Powers That Bee, Bzzt!). [..] > The discussion here seems to assume that business will accept, or > even welcome the ability of it's customers to remain unknown, or nymknown. > It is my position (until proven wrong--please) that larger business DON'T > want anonymity. They _want_ to be able to track purchases and use of their > product for several reasons. Good point. But many consumers want anonymity, or at least to control what information they give customers. Many might even settle for pseudo-anonymity (ie, account number 123456 likes to buy product X, but whoever 123456 *is* is known only to 123456....). [..] > The questions that this raises are: > > 1) Am I full of shit. This is very possible. Everyone is at some time or another, unless you never eat. [..] --Mutant Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From WlkngOwl at unix.asb.com Sun Jun 2 02:51:42 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sun, 2 Jun 1996 17:51:42 +0800 Subject: Compressed data vulnerable to known-plaintext? Message-ID: <199606020748.DAA20117@unix.asb.com> On 1 Jun 96 at 19:13, anonymous-remailer at shell.port wrote: [..] > But then you still have the problem of identifying the contents. If there > were no headers, one could not tell if the message was compressed using > ZIP, LHA, StuffIt, tar*, compress, gzip, Alice's Magical Supercompressor, > or even if it was left alone. One could also not tell if the decryption > happened successfully. Actually you could, since the actual encoding isn't random. It means something to the compressor. And if you know something about compression algorithms you could probably make some good estimates. (I've seen some arguments that bit-wise a compressed file is easier to make a known plaintext attack against than an uncompressed text file...) Try taking various small (but compressable) text files that are different and run them through compressors. Ignore the usual compressor header information and look at a hex dump of the compressed data... think about it in terms of bits. Look at the algorithm that encoded the data. A good way to avoid known plaintext is to use a feedback mode with a random IV (from a good RNG!). Not perfect, of course... Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From WlkngOwl at unix.asb.com Sun Jun 2 03:00:15 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sun, 2 Jun 1996 18:00:15 +0800 Subject: [Off-Topic] "Curfews" Message-ID: <199606020741.DAA20077@unix.asb.com> On 1 Jun 96 at 21:59, Duncan Frissell wrote: > I'm afraid that some courts have explicitly held that "the child does not > have a right to liberty but only a right to custody." That is old law, > however. Kids have lost many rights recently too including gun rights, etc. ....which dates back to laws that said women and children were mens' possessions. Very archaic. A case from several years ago comes to mind. Apparently a federal(?) court ruled that a 16-yr-old girl's parents were in the legal right to burn her krshna books and ban her from practicing it. [There was a protest in downtown SF sometime in 1989 or '90 about this.] --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From stewarts at ix.netcom.com Sun Jun 2 03:15:22 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sun, 2 Jun 1996 18:15:22 +0800 Subject: How can you protect a remailer's keys? Message-ID: <199606020659.XAA25725@toad.com> Encryption is critical for protecting against traffic analysis, but it's tough to protect a remailer's keys. Unlike regular email, where you can type the key in as you read it, remailers need to run automatically once you set them up. Some of the choices are: - leave it around in plaintext with only Unix file protections (Ghio2 works this way - does Mixmaster? My ghio2 version has it compiled into the binary, and I try to delete it from source.) - type it in to a long-running remailer process (with human intervention to start) - SSL-based remailers, where the web server handles crypto on a per-machine basis instead of per-remailer - use unauthenticated Diffie-Hellman (either hanging off a TCP port somewhere instead of mail, or 3 pieces of email) - off-line or off-site remailer such as a POP3 winsock remailer that makes it Somebody Else's Problem, and separates the remailer's public interface from the working parts - human intervention on every message (which may not be totally worthless for moderated news postings, if you want to take that approach to spam prevention.) Anybody have any other approaches? These are mostly weak, annoying, or both. # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Rescind Authority! From bart at netcom.com Sun Jun 2 03:48:11 1996 From: bart at netcom.com (Harry Bartholomew) Date: Sun, 2 Jun 1996 18:48:11 +0800 Subject: Riding online elevators (Was CNN: Anonymous Stock Tips) In-Reply-To: <199606020638.IAA15227@basement.replay.com> Message-ID: <199606020800.BAA15224@netcom2.netcom.com> > > In my mail this morning was this bit of spam, I never heard of this guy > before, Likely scooped my mailing address from misc.invest.stocks. > > -Newman > > --Fwd-- > >http://chancellor.stockpick.com > > > >I just got wind that Chancellor Group is reporting big quarterly earnings. > >SGA Goldstar is just sending out a "buy" recommendation. I understand other ... No. Seems to have gone to all cypherpunks. I've never heard of misc.invest.stocks. b From blancw at accessone.com Sun Jun 2 04:06:01 1996 From: blancw at accessone.com (blanc) Date: Sun, 2 Jun 1996 19:06:01 +0800 Subject: Riding online elevators (Was CNN: Anonymous Stock Tips) Message-ID: <01BB5023.866A2000@blancw.accessone.com> From: Anonymous In my mail this morning was this bit of spam, I never heard of this guy before, Likely scooped my mailing address from misc.invest.stocks. -Newman ..................................................................... No, I received it as well. Must have taken names at addresses from the list. .. Blanc --Fwd-- >http://chancellor.stockpick.com > >I just got wind that Chancellor Group is reporting big quarterly earnings. >SGA Goldstar is just sending out a "buy" recommendation. I understand other >investment advisors are looking to recommend CHAG. The company has a >strong book value. The short sellers need to cover. This looks like a >good situation to me. What do you think? They are located at: > >http://chancellor.stockpick.com > >Bruce Keller, 203-869-8137 > >To terminate from my Internet Investment Opportunities, Reply to >term at portlandweb.com with "remove" in the subject field. From frissell at panix.com Sun Jun 2 07:06:09 1996 From: frissell at panix.com (Duncan Frissell) Date: Sun, 2 Jun 1996 22:06:09 +0800 Subject: WSJ on "IRS-bashing" Message-ID: <2.2.32.19960602111135.009e740c@panix.com> At 04:01 PM 5/29/96 -0700, Rich Graves wrote: >Fascinating. Could you provide citations to these laws so that people in >this plane of reality might take a look at them? Over here, any such law >would be invalidated by R.A.V. v. St. Paul. The only exceptions are >restrictions on "fighting words" that meet the tests in Chaplinsky v. New >Hampshire and "hostile working environment" discrimination, which I assume >is what you're talking about, in some elliptical way. Pittsburgh Press vs Pittsburgh Human Relations Commission (sex specific help wanted advertizing outlawed). Various Fair Housing Laws ("we don't rent to your kind here" punishable by confiscation of property). Civil Rights Act of 1964 (verbal expressions of discrimination in the course of employment, housing, or service in public accommodations punished in numerous ways). Expressions of ill-will towards the President or members of his family punishable as threats in circumstances where similar comments made about anyone else would not be actionable. Note that work is a big part of most people's lives and there are substantial governmental restrictions imposed on speech in the work place with fellow employees and customers. DCF From WlkngOwl at unix.asb.com Sun Jun 2 08:16:44 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Sun, 2 Jun 1996 23:16:44 +0800 Subject: Riding online elevators (Was CNN: Anonymous Stock Tips Message-ID: <199606021259.IAA21895@unix.asb.com> On 2 Jun 96 at 1:00, Harry Bartholomew wrote: > > In my mail this morning was this bit of spam, I never heard of this guy > > before, Likely scooped my mailing address from misc.invest.stocks. [..] > No. Seems to have gone to all cypherpunks. I've never heard of > misc.invest.stocks. The only time I saw it was in that post... thankfully. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From jervin at server1.netpath.net Sun Jun 2 10:59:52 1996 From: jervin at server1.netpath.net (John D. Ervin) Date: Mon, 3 Jun 1996 01:59:52 +0800 Subject: No Subject Message-ID: <199606021453.KAA11735@server1.netpath.net> list John D. Ervin Also known as "Felix1" jervin at netpath.net From cea01sig at gold.ac.uk Sun Jun 2 11:55:38 1996 From: cea01sig at gold.ac.uk (Sean Gabb) Date: Mon, 3 Jun 1996 02:55:38 +0800 Subject: I told you so In-Reply-To: <199606011803.OAA17188@jekyll.piermont.com> Message-ID: On Sat, 1 Jun 1996, Perry E. Metzger wrote: > > I did NOT write what you are attributing to me. I was quoting someone else. > > Please be more careful with your attributions. > Since I did not address my praise to you, I fail to see why you should have any reason to be outraged by it. However, let me record now for the avoidance of ambiguity that I have never accused YOU of retracting any falsehood. Yours sincerely, Sean Gabb. From gregmi at galileo.mis.net Sun Jun 2 12:16:06 1996 From: gregmi at galileo.mis.net (Greg Miller) Date: Mon, 3 Jun 1996 03:16:06 +0800 Subject: Riding online elevators (Was CNN: Anonymous Stock Tips) In-Reply-To: <199606020800.BAA15224@netcom2.netcom.com> Message-ID: <31b1c9a5.80296887@pop.mis.net> On Sun, 2 Jun 1996 01:00:04 -0700 (PDT), you wrote: > No. Seems to have gone to all cypherpunks. I've never heard of > misc.invest.stocks. I never got a copy. But it sounds like to good deal to me :) "Randomness is in the eye of the beholder" --Numerical Recipes gregmi at mis.net (Greg Miller) http://grendel.ius.indiana.edu/~gmiller/ From minow at apple.com Sun Jun 2 12:35:05 1996 From: minow at apple.com (Martin Minow) Date: Mon, 3 Jun 1996 03:35:05 +0800 Subject: Saw this on CNN: Anonymous Stock tips over IRC as bad??? Message-ID: > >One of the oldest tricks for running a stock up (or down) is >to put rumor teams on elevators in the financial district of >major cities. It would be more efficient to talk about the rumor on a cellular phone. Probably make a nice sting scenario, too. Martin Minow (who expects a cut of the reward money). minow at apple.com From minow at apple.com Sun Jun 2 12:40:56 1996 From: minow at apple.com (Martin Minow) Date: Mon, 3 Jun 1996 03:40:56 +0800 Subject: Java Crypto API questions Message-ID: >Today, CP's own Marianne Mueller was scheduled to give a talk at JavaOne on >the eagerly awaited (at least by this user) Java Crypto API. Here are my notes (and between-the-lines observations) from the Java crypto sesions (which were very well received). Watch the Java web sites for transcripts from JavaOne sessions. (but I don't know if the BOF will be available). -- Security is *important* -- zero tolerance for security bugs. Gosling said in his keynote that it changes things when people send their bug reports to USA Today. -- They're working with standards folk: W3C, IETF. -- Clean, simple design, paying attention toll aspects of security design: language, virtual machine, components (libraries). -- Adding digital signatures to code enables greater trust -- the user can allow an applet to "escape from the sandbox." -- Policies = Assertions + Capabilities. That's what my notes say -- I think it means that the user can use a signature to authenticate the applet's author/publisher and allow it greater capabilities. For example, a stock trading applet might be granted the capability to access a stock price service (Dow Jones) *and* a stock trading service. The current applet model only allows remote connection to the site that distributed the applet. -- Java will allow signing archives (a set of classes and resources). -- Network-centered security: digital signatues, encryption, key exchange, hash, bignum, random number generators. -- Packages (third-party applets) communicate with security packages through an abstract layer. There may be multiple packages. -- They will provide a secure key storage (like Apple's PowerTalk today, I presume) where "all" of your keys are held under a a single password. Rogue applications (applets?) can't leak keys. -- Feedback to security-api at java.sun.com. -- There's a white paper on the verifyier on the sun web site. -- They're writing a security policy for applications (applications function like "ordinary" Unix/Mac/whatever applications. -- User preference to designate capabilities for signed/unsigned applets. ---- ---- ---- Notes from the security birds of a feather session ---- ---- ---- -- Need multiple security managers: if any say no, reject the request. -- Servet, applet need different security managers. -- Problem with firewalls: client accesses server via firewall via proxy servers. May not be able to open a URL directly. -- Java Commerce API coming for payment functions. -- Problem with foreign applet vendors: how can a non-US security class vendor certify a class to be used (outside the US). Currently, it must be imported and signed by Sun. But, then it can't be exported without a Commerce Department license. No (current) plans to establish a signing authority outside of the U.S. Martin Minow minow at apple.com From test921148 at alpha.c2.org Sun Jun 2 13:04:07 1996 From: test921148 at alpha.c2.org (test921148 at alpha.c2.org) Date: Mon, 3 Jun 1996 04:04:07 +0800 Subject: premail manual info Message-ID: <199606021630.JAA10996@infinity.c2.org> Whopee! Just installed premail. But I have a Question on how to use it. I need some Manual explaining how to use Premail and what can I put into its Configuration-file. I use Version 0.43 of Premail. The perl Script is somewhat readable but it is better if some User-manual was available. Send Answers to test921148 at alpha.c2.org From shabbir at vtw.org Sun Jun 2 14:00:24 1996 From: shabbir at vtw.org (Voters Telecommunications Watch) Date: Mon, 3 Jun 1996 05:00:24 +0800 Subject: INFO: Sen. Burns urges White House to follow NRC recommendations (6/2/96) Message-ID: <199606021726.NAA27994@panix3.panix.com> ============================================================================= ____ _ _ _ / ___|_ __ _ _ _ __ | |_ ___ | \ | | _____ _____ | | | '__| | | | '_ \| __/ _ \ _____| \| |/ _ \ \ /\ / / __| | |___| | | |_| | |_) | || (_) |_____| |\ | __/\ V V /\__ \ \____|_| \__, | .__/ \__\___/ |_| \_|\___| \_/\_/ |___/ |___/|_| SEN. CONRAD BURNS URGES CLINTON TO REASSES ENCRYPTION POLICY AND ANNOUNCES HEARINGS ON THE ISSUE for 6/12/96 REP. RICK WHITE (R-WA) SCHEDULED FOR HOTWIRED CHAT 6/5/96 9-10PM EST SEN. CONRAD BURNS (R-MT) SCHEDULED FOR HOTWIRED CHAT 6/11/96 10-11PM EST Date: June 2, 1996 URL:http://www.crypto.com/ crypto-news at panix.com If you redistribute this, please do so in its entirety, with the banner intact. ----------------------------------------------------------------------------- Table of Contents News Text of Sen. Burns' letter to President Clinton How to receive crypto-news ----------------------------------------------------------------------------- NEWS Sen. Conrad Burns (R-MT), principal co-sponsor of legislation to ease restrictions on encryption, yesterday sent President Clinton a letter urging the Administration to reassess its encryption policy in light of a recent report by the National Research Council. The findings contained in the NRC study, released at a briefing in Washington DC on Thursday, raise serious questions about the rational for the Administration's current approach to cryptography policy. The study states explicitly, "Current national cryptography policy is not adequate to support the information security requirements of an information society." In his letter to the President, Senator Burns said that the NRC study presents overwhelming evidence that the current approach to encryption policy has failed. Burns also pledged to hold hearings in the Senate Commerce Committee on June 12 and 26. The night before the hearings (June 11 at 10 pm ET), Senator Burns will be live online at HotWired (http://www.hotwired.com/wiredside). Be sure to save the date and stop by to talk with the Senator about his efforts to encourage the widespread availability of strong encryption and get a preview of the hearings on the Pro_CODE bill. Information on Senator Burns' legislation, as well as information on the NRC report, is available at http://www.crypto.com DON'T FORGET! Representative Rick White (R-WA) will be on HotWired Wednesday June 5th at 9pm EST at http://www.hotwired.com/wiredside/ You can tune in and listen to the chat with the RealAudio software (http://www.realaudio.com). You can ask questions of the Representative through a moderator and get real, immediate responses. ----------------------------------------------------------------------------- TEXT OF SEN. BURNS' LETTER TO PRESIDENT CLINTON May 30, 1996 The President The White House Washington, D.C. 20500 Dear Mr. President, I urge you to reassess the administration's position on cryptography policy in light of the report released today by the National Research Council, "Cryptography's Role in Securing the Information Society." The report was put together by the NRC Committee to Study National Cryptography, which included members from across the spectrum of the business, academic, defense and intelligence communities. The fact that such a diverse roster of our brightest minds could achieve consensus after taking two years to pore over the details of encryption policy is remarkable, and their recommendations should be taken most seriously. The acronym of the report's title-CRISIS-is especially apt given the massive economic and national security costs of the current policy, which severely restricts the export of software containing strong encryption. As the report states, "Current national cryptography policy is not adequate to support the information security requirements of an information society. Indeed, current policy discourages the use of cryptography, whether intentional or not, and in so doing impedes the ability of the nation to use cryptographic tools that would help to remediate certain important vulnerabilities." As the Chairman of the NRC Committee to Study National Cryptography, Kenneth Dam, states in the report "the crisis is a policy crisis, rather than a technology crisis, an industry crisis, a law enforcement crisis, or an intelligence-gathering crisis..." The most recent version of the administration's policy, as reflected in the draft white paper of the interagency working group on encryption, unfortunately reveals a continuing commitment to government-imposed mandates rather than private-sector solutions. The proposal, which was quickly dubbed "Clipper III" because of its close alignment with the earlier rejected Clipper schemes, has the support of neither the software industry nor the Net community. Indeed, as the Committee noted, an essential flaw behind the administration's policy is the continuing reliance on the national security and law enforcement communities to drive the policy through administrative diktat rather than open legislative action. As the report states, rather than vainly attempting to reign in the inevitable widespread use of strong encryption, the administration should be actively promoting it. The use of strong encryption has become vital to both ensuring the privacy of individuals and fostering the growth of the Global Information Infrastructure into the 21st century. As for the national security aspects of encryption policy, the report states that cryptography can protect proprietary information and reduce economic espionage. In addition, strong encryption can protect nationally sensitive information systems and networks against unauthorized penetration. Therefore, the use of strong encryption serves to protect national security rather than hinder it. Simply put, "on balance, the advantages of more widespread use of cryptography outweigh the disadvantages." I further call your attention to specific recommendations by the Committee: *National cryptography policy should be developed by the executive and legislative branches on the basis of open public discussion and governed by the rule of law. *No law should bar the manufacture, sale, or use of any form of encryption within the United States. *Export Controls on cryptography should be progressively relaxed. *The U.S. government should promote the security of the telecommunications networks more actively. *The U.S. government should take steps to assist law enforcement and national security to adjust to new technical realities of the information age. *Aggressive government promotion of escrowed encryption is not appropriate... *The debate over national cryptography policy can be carried out in a reasonable manner on an unclassified basis. *National cryptography policy affecting the development and use of commercial cryptography should be more closely aligned with market forces. A core recommendation of the Committee is that the administration foster an open public debate so that a national consensus on cryptography can be developed. I agree wholeheartedly and hope that the public hearings beginning on June 12 in the Commerce Committee's Subcommittee on Science, Space and Technology, which I chair, will help foster this process. Many of the NRC's recommendations are reflected in the "Burns Pro-CODE bill," S. 1726, which will be debated on that date, with an additional hearing to be held on June 26. Now that some of the best scientific and technical minds in the country have essentially endorsed the position that business and policy advocates have been taking for years, it's time for the administration to come around as well. In conclusion, I can only agree with the Chairman Dam's statement: We believe that our report makes some reasonable proposals for national cryptography policy. But a proposal for action. What is needed now is a public debate, using and not sidestepping the full processes of government, leading to a judicious resolution of pressing cryptography policy issues and including, on some important points, legislative action. Only in this manner will the policy crisis come to a satisfactory and stable resolution. Sincerely, /s/ Conrad Burns U.S. Senator ----------------------------------------------------------------------------- HOW TO RECEIVE CRYPTO-NEWS To subscribe to crypto-news, sign up from our WWW page (http://www.crypto.com) or send mail to majordomo at panix.com with "subscribe crypto-news" in the body of the message. ----------------------------------------------------------------------------- End crypto-news ============================================================================= From tcmay at got.net Sun Jun 2 14:10:40 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 3 Jun 1996 05:10:40 +0800 Subject: Saw this on CNN: Anonymous Stock tips over IRC as bad??? Message-ID: At 4:30 PM 6/2/96, Martin Minow wrote: >> >>One of the oldest tricks for running a stock up (or down) is >>to put rumor teams on elevators in the financial district of >>major cities. > >It would be more efficient to talk about the rumor on a cellular >phone. Probably make a nice sting scenario, too. An interesting example, but I'm having a hard time figuring out who has committed a crime, even by SEC rules. Namely, are the people "talking up" a stock committing a crime? Even if the SEC forbids this (under defined circumstances and for defined persons, as most of us are not covered by any such laws), how can talking over a "putatively secure" cell phone be construed as talking up a stock? And, how can someone who acts on overheard information--as in the elevator example Sandy cited--be charged with any crime? Unless they are "insiders," covered by SEC rules about trading, they are free to act on essentially anything they hear. "He who hesitates to act on inside information is lost." (To elaborate on this: I was never classified as an "insider" during my time at Intel, and I certainly bought and sold the stock based on what products and news I knew was coming out or what rumors I'd heard. Only a select group of executives and staff in the specific departments generating earnings announcements, auditing, etc., were covered. And senior executives are covered by various rules about trading stocks. And family members and friends may be covered, if they learn of "inside" (in the SEC sense) information. But ordinary people, even employees of a company, are not considered to be "insiders" and hence are not covered by insider trading laws.) So, the only way I can imagine the cell phone case leading to an insider trading charge is if the cell phone users _knew_ that the cell phones were not secure, and _planned_ to have their conversations overheard. The people doing the intercepting could be charged under one of the laws covering unauthorized interception of cell phone conversations, but probably not for insider trading. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jimbell at pacifier.com Sun Jun 2 14:14:10 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 3 Jun 1996 05:14:10 +0800 Subject: [Off-Topic] "Curfews" Message-ID: <199606021726.KAA29200@mail.pacifier.com> At 07:45 PM 6/1/96 -0700, Timothy C. May wrote: >At 1:59 AM 6/2/96, Duncan Frissell wrote: > >>Of course curfew laws only control the inarticulate and scruffy. Well >>dressed children (coat and tie for the boys dress or suit for the girls) who >>can claim that they are out doing tons of protected things like work and >>school and worship and political campaigning and "trying to save street >>children for Jesus" will not be picked up. They can also say things like > >This, by the way, is the main thing that concerns certain civil rights >groups (including the Santa Cruz chapter of the ACLU). They say they'll be >monitoring enforcement patterns to see if more "children of color" are >picked up than their percentage in the population represents. This, the curfew situation, is yet another of the reasons I'd favor "playing hardball" with the government. I'm very much against discriminatory enforcement, but on the other hand I don't think my liberty should be dependent on getting an organization like the ACLU to look out for and complain against discrimination against me. I feel if a group of left-handed albinos think the police are being too hard on left-handed albinos, they shouldn't have to convince the ACLU of this, and should be entitled and able to fight back effectively and prevent what they view as abuse. True, such a situation may occasionally lead to abuses, but I strongly expect that those abuses will be far fewer than the current system. Jim Bell jimbell at pacifier.com From ira at panix.com Sun Jun 2 14:38:43 1996 From: ira at panix.com (ira) Date: Mon, 3 Jun 1996 05:38:43 +0800 Subject: (no subject) Message-ID: <31A9718A.5DD8@panix.com> From jimbell at pacifier.com Sun Jun 2 15:06:57 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 3 Jun 1996 06:06:57 +0800 Subject: Java Crypto API questions Message-ID: <199606021828.LAA01244@mail.pacifier.com> At 09:30 AM 6/2/96 -0700, Martin Minow wrote: >>Today, CP's own Marianne Mueller was scheduled to give a talk at JavaOne on >>the eagerly awaited (at least by this user) Java Crypto API. >---- ---- ---- >Notes from the security birds of a feather session >---- ---- ---- > >-- Need multiple security managers: if any say no, reject the request. >-- Servet, applet need different security managers. >-- Problem with firewalls: client accesses server via firewall via > proxy servers. May not be able to open a URL directly. >-- Java Commerce API coming for payment functions. >-- Problem with foreign applet vendors: how can a non-US security > class vendor certify a class to be used (outside the US). > Currently, it must be imported and signed by Sun. But, then > it can't be exported without a Commerce Department license. > No (current) plans to establish a signing authority outside > of the U.S. We've heard this assertion before. Why not import the software, generate a detachable signature, and then export the signature for re-attachment overseas? Surely export of signatures isn't controlled (even arguably) by ITAR. Jim Bell jimbell at pacifier.com From mpd at netcom.com Sun Jun 2 15:43:27 1996 From: mpd at netcom.com (Mike Duvos) Date: Mon, 3 Jun 1996 06:43:27 +0800 Subject: Insider Trading and Inside Information Message-ID: <199606021915.MAA26734@netcom14.netcom.com> tcmay at got.net (Timothy C. May) writes: > And, how can someone who acts on overheard information--as > in the elevator example Sandy cited--be charged with any > crime? Unless they are "insiders," covered by SEC rules > about trading, they are free to act on essentially anything > they hear. "He who hesitates to act on inside information is > lost." > (To elaborate on this: I was never classified as an > "insider" during my time at Intel, and I certainly bought > and sold the stock based on what products and news I knew > was coming out or what rumors I'd heard. Only a select group > of executives and staff in the specific departments > generating earnings announcements, auditing, etc., were > covered. And senior executives are covered by various rules > about trading stocks. And family members and friends may be > covered, if they learn of "inside" (in the SEC sense) > information. The SEC, in cooperation with the courts, has been gradually shifting the definitions of "insider" and "inside information" to more all-encompassing ones. It used to be that an insider was an officer of the company, or someone with a fiduciary relationship to the firm, such as a auditor or investment banker with which the firm did business. Inside information was also similarly limited to a narrow collection of material subject to regulatory restrictions on its disclosure. Nowdays "inside information" has been expanded to include anything that the general public is not privy to, and "insiders" can be almost anyone as well. Indeed, the current definitions can subject to criminal sanctions low level employees trading their company's stock on the basis of rumors, or newspaper columnists trading in anticipation of reaction to their published speculations. It's not even safe to trade on what formerly would have been known as "hot tips" any more, unless the average person in the street had a mechanism to access the information. The legal theory behind all this is that anyone, no matter who they are, trading on any publicly unavailable information, no matter what it is, might be perceived as profiting at the expense of the zillions of ordinary investors, whose continued playing of the Stock Lottery^H^H^H^H^H^H^H Market the govermment and big business definitely want to encourage. Not to mention the huge public support for the prosecution of anyone who the public thinks has "gotten away with something" that Joe Six-Pack didn't have the opportunity to do, and made a few bucks in the process. If this trend continues, I won't even be able to take an Intel janitor to lunch, and trade the stock based on his impression that Andy Grove looked particularly happy while having his office cleaned, without risking an "insider trading violation" should the stock go up. A new and interesting manifestation of the "Surveilance State." -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From WlkngOwl at unix.asb.com Sun Jun 2 16:52:50 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Mon, 3 Jun 1996 07:52:50 +0800 Subject: Ok, what about PGP (was: MD5 collisions) Message-ID: <199606022112.RAA27954@unix.asb.com> On 30 May 96 at 1:26, Chris Adams wrote: > How about a NSA-stomper option that would use all-of-the-above? For the truly paranoid (or > owners of Pentium-Pro 200Mhz multi-processor machines Chances are that if the algorithms alone aren't "NSA-stompers", an all-of-the-above option won't be. > Also, what's the verdict on IDEA? Is there a switch yet that would allow straight RSA? > (with the obvious speed decrease...) That would actually be less secure. RSA may be PGP's weakest link. Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From mirele at xmission.com Sun Jun 2 17:23:06 1996 From: mirele at xmission.com (Deana Holmes) Date: Mon, 3 Jun 1996 08:23:06 +0800 Subject: penet to be compromised again? More Scientology lawsuit crap Message-ID: <199606022055.OAA17534@xmission.xmission.com> I just received some information on IRC channel #scientology that Julf Helsinghuis is being sued by $cientology *yet again* for a name. Apparently this has to do with the deposition request to Homer Wilson Smith (lightlink.com). Scamizdat #3 was posted through lightlink.com and the $cientologists have wanted for a long time to figure out who did it. (Which is why they sued Grady Ward.) Homer, in response to the deposition request, consulted his logs, and said that the original post came from penet.fi. So $cientology has apparently gone to the Finns again to ask that Julf be forced to give up the name. I'm appending a copy of the IRC log, as I'm too lazy to edit it down to particulars. It includes the name of the police officer involved (Kaj Malmberg) as well as a Finnish newsgroup and article id for the whole story. If someone knows Finnish and can give a rough translation, it would be terribly appreciated by a lot of people. hi guys... do you have the latest news on Julf Helsingius' case? > Ig: what do you mean, latest news? The julf case? * Sherilyn didn;t know there _was_ a julf case... ok... copyright offences are crimes under Finnish law, not torts. Kaj Malmberg, the Finnish police officer who handles the investigation of the copyrighted material through penet.fi, posted an article to a domestic newsgroup today. Do you have the message-id and group name? the scienos have filed a motion at a local court in Helsinki to force Julf Helsingius to give out the name of the poster. sherilyn, are you good at Finnish? ig: lol! Who posted what through penet?? the hearing is scheduled for the beginning of next week... perhaps already tomorrow. So was penet the server before lightlink in the scamizdat case? Homer gave them the name of the prior server, or was going to *** skaplin changes topic to "Penet under attack...Again!" Well this needs to be put out loud on groups where people use penet Ignatus: How good are you at translating? Last attack on penet got the scientologists a very bad rep > Ig: We need that post. > IN ENGLISH > ASAP! > even if it's a lousy translation. This cop guy speaks English Didn't he post in English to a.r.s.? > Sheri: he may not want to post it on a.r.s It's true, skap i don't know more than what I already mentioned. The police officer didn't even mention Scientology; he just mentioned that he was investigating a copyright offence. She would make a lovely domina > sheri: you should see what I'm reading now :) We're sure penet is under attack for a name though... Bloody hell fire! I have 6440 posts downloading! i'm writing an article to post to the ng:s, but it's obvious we don't have all the bits of the puzzle yet. Want some kippers with your spam sheri?? :) Ignatus: What newsgroup was it in? > ig: please post it asap. > also, send it to rnewman at cybercom.net. skap, sfnet.keskustelu.laki; <4os5bu$flp at idefix.eunet.fi> the police officer, Kaj Malmberg, is at kaj.malmberg at helsinki.poliisi.fi Deana Holmes mirele at xmission.com From alanh at infi.net Sun Jun 2 17:23:21 1996 From: alanh at infi.net (Alan Horowitz) Date: Mon, 3 Jun 1996 08:23:21 +0800 Subject: [Off-Topic] "Curfews" In-Reply-To: <199606021726.KAA29200@mail.pacifier.com> Message-ID: I'm more concerned about the other side of the coin. The next time there's street riots because a jury decided to think for itself, will the ACLU be issuing quota guidelines that mandate that all black arrestees above (percentage-of-population) be given a "get-out-of-jail-free-for-pulling-a-bystanding-trucker-out-of-his-cab-and slamming-his-head-with-bricks" card? From minow at apple.com Sun Jun 2 17:26:22 1996 From: minow at apple.com (Martin Minow) Date: Mon, 3 Jun 1996 08:26:22 +0800 Subject: Java Crypto API questions Message-ID: Jim Bell writes: >>-- Problem with foreign applet vendors: how can a non-US security >> class vendor certify a class to be used (outside the US). >> Currently, it must be imported and signed by Sun. But, then >> it can't be exported without a Commerce Department license. >> No (current) plans to establish a signing authority outside >> of the U.S. > >We've heard this assertion before. Why not import the software, generate a >detachable signature, and then export the signature for re-attachment overseas? > I suspect (but don't have any direct knowledge) that strong crypto classes are distributed after encryption by Sun's private key. The corresponding public key is enbedded in the Java Class Loader and/or virtual machine (or the security framework class -- I'm only speculating here). This means that "rogue" encryptors can't work under Sun's security manager as they will be rejected as "unloadable" Martin Minow minow at apple.com From ichudov at algebra.com Sun Jun 2 18:26:23 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 3 Jun 1996 09:26:23 +0800 Subject: Fate of Ecash if RSA is cracked? Message-ID: <199606022242.RAA19983@manifold.algebra.com> Hello, After reading Comm. of ACM and Schneier's book about ecash, a question arose: what if the underlying public key cryptographic scheme gets broken somehow? Suppose, for example, that someone discovers an ultra-fast factoring algorithm or something like that. What would happen with all ecash that's been issued? Of course criminals would be able to forge large amounts of authentic-looking ecash, so banks should not be honoring requests to convert e-cash into real cash. I apologize in advance is this question is silly, and will appreciate your corrections. - Igor. From jya at pipeline.com Sun Jun 2 18:50:24 1996 From: jya at pipeline.com (John Young) Date: Mon, 3 Jun 1996 09:50:24 +0800 Subject: Class III InfoWar: TST Article Message-ID: <199606022238.WAA16332@pipe2.t1.usa.pipeline.com> This is the article Winn Schwartau cited to last night: ---------- The Sunday Times (London), June 2, 1996, pp. 1, 24. City surrenders to L400m gangs [Insight column] City of London financial institutions have paid huge sums to international gangs of sophisticated "cyber terrorists" who have amassed up to L400m worldwide by threatening to wipe out computer systems. Banks, broking firms and investment houses in America have also secretly paid ransom to prevent costly computer meltdown and a collapse in confidence among their customers, according to sources in Whitehall and Washington. An Insight investigation has established that British and American agencies are examining more than 40 "attacks" on financial institutions in London and New York since 1993. Victims have paid up to L13m a time after the blackmailers demonstrated their ability to bnng trading to a halt using advanced "information warfare" techniques learnt from the military. According to the American National Security Agency (NSA), they have penetrated computer systems using "logic bombs" (coded devices that can be remotely detonated), electromagnetic pulses and "high emission radio frequency guns", which blow a devastating electronic "wind" through a computer system. They have also left encrypted threats at the highest security levels, reading: "Now do you believe we can destroy your computers?" The authorities have been unable to stem the attacks, which are thought to onginate from the United States. In most cases, victim banks have failed to notify the police. "They have given in to blackmail rather than risk a collapse in confidence in their security systems," said a security director at one blue-chip merchant bank in the City. A senior detective in the City of London police said: "We are aware of the extortion methods, but the banking community has ways of dealing with it and rarely reports to the police." European and American police forces have set up special units to tackle the cyber criminals, who, Ministry of Defence sources believe, have netted between L200m and L400m globally over the past three years. But law enforcement agencies complain that senior financiers have closed ranks and are hindering inquiries. Experts in the field of information warfare met in Brussels last month to discuss defensive measures. Representatives included Captain Patrick Tyrrell, assistant director of computer information strategy at the Ministry of Defence; General James McCarthy, professor of national security at the US Air Force Academy; General Jean Pichot-Duclos, director of the economic intelligence department of the French Defence Council, and senior figures from the civilian computer industries. A separate closed meeting involving representatives from Whitehall and the intelligence community was held to analyse the 40 attacks on British and American financial centres since 1993. A further secret seminar took place in Washington this weekend. Kroll Associates, the international investigating firm, confirmed last week that it had acted for financial institutions that have been blackmailed. "One of the problems we face is that the potential embarrassment from loss of face is very senous," said a spokesman in New York. Kroll had evidence that firms in London and New York had been targeted. "The problem for law enforcement is that the crime is carried out globally, but law enforcement stops at the frontier," he said. Yesterday a Bank of England spokesman acknowleged the threat from the extortionists: "We are aware of this. It does exist. It is extortion and fraud." But the spokesman also insisted: "It is not the biggest issue in the banking market." Scotland Yard is now taking part in a Europe-wide initiative to catch the cyber criminals and has appointed a senior detective from its computer crime unit to take part in an operation codenamed Lathe Gambit. Such is the secrecy that few details about the inquiry have emerged. In America, the FBI has set up three separate units to investigate computer extortion. The NSA believes there are four cyber gangs and has evidence that at least one is based in Russia. The agency is now examining four examples of blackmail said to have occurred in London: + January 6, 1993: Trading halted at a broking house after blackmail threat and computer crash. Ransom of L10m paid to account in Zurich. + January 14, 1993: a blue-chip bank paid L12.5m after blackmail threats. + January 29, 1993: a broking house paid L10m in ransom after similar threats. + March 17, 1995: a defence firm paid L10m in ransom. In all four incidents, the gangs made threats to senior directors and demonstrated that they had the capacity to crash a computer system. Each victim conceded to the blackmailers' demands within hours and tranferred the money to offshore bank accounts, from which it was removed by the gangs within minutes. The techniques have varied. In London, criminals posing as marketing firms have gained detailed knowledge of a target's system by interviewing the heads of information technology departments. In some cases, they have even issued questionnaires to unsuspecting officials. Armed with this information, they have been able to breach security and leave encrypted messages warning of their capability. The gangs are believed to have gained expertise in information warfare techniques from the American military, which is developing "weapons" that can disable or destroy computer hardware. Some are also known to have infiltrated banks simply by placing saboteurs on their payroll as temporary staff. Little is yet known about the identities of the gangs but, according to the NSA, America is the main source of the attacks. It believes that at least one other group originates from Russia and has followed the movement of money to the former Soviet states. A spokesman for the Metropoiitan poiice said: "There is potential for extortion from those purporting to know how to damage computer systems. "The computer crime unit liaises where necessary with its Euro counterparts to discuss cross-frontier crimes." One merchant bank director said yesterday: "You will never get a financial institution to admit it has an extortion policy, let alone that it has paid money to blackmailers." ----- Additional reporting: Peter Warren [End] From sandfort at crl.com Sun Jun 2 19:05:12 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Mon, 3 Jun 1996 10:05:12 +0800 Subject: [Off-Topic] "Curfews" In-Reply-To: <199606020741.DAA20077@unix.asb.com> Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Sun, 2 Jun 1996, Deranged Mutant wrote: > ....which dates back to laws that said women and children were > mens' possessions. Very archaic. I've heard this claim for years. While it may be true, I don't recall anything in my legal training that would support it with respect to Anglo-American jurisprudence. Can anyone provide a citation (an original source, please, not some radical feminist revisionist writings) that sheds light on this curious belief? S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From an633169 at anon.penet.fi Sun Jun 2 19:12:38 1996 From: an633169 at anon.penet.fi (an633169 at anon.penet.fi) Date: Mon, 3 Jun 1996 10:12:38 +0800 Subject: No subject Message-ID: <9606022252.AA01540@anon.penet.fi> replying to ping --****ATTENTION****--****ATTENTION****--****ATTENTION****--***ATTENTION*** Your e-mail reply to this message WILL be *automatically* ANONYMIZED. Please, report inappropriate use to abuse at anon.penet.fi For information (incl. non-anon reply) write to help at anon.penet.fi If you have any problems, address them to admin at anon.penet.fi From aba at dcs.ex.ac.uk Sun Jun 2 20:45:21 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Mon, 3 Jun 1996 11:45:21 +0800 Subject: opinions on book "The Truth Machine" In-Reply-To: Message-ID: <199606030014.BAA00330@server.test.net> Tim May wrote: > At 11:53 AM 6/1/96, Adam Back wrote: > >Tim May wrote: > [...] Maybe the "make.money.fast" description was a poor one...what I meant > to imply is that the book is being advertised widely (I've seen half a > dozen announcements of it), Ah .. I misunderstood, the ad is being spammed. We have a truly awful news feed which gets around 2 weeks of lag, at time of posting that was the only one I'd seen. > >The writing style wasn't great, and I'd agree there were plenty of > >flaws, but what I was interested in was cypherpunks opinions on the > >technology, rather than the quality of the book, or making money for > > The main technology, "the truth machine," is so bogus as to be boring. um, ok. The presentation of it in the book was sketchy, and many of his conclusions I felt shaky, but here's a few entries I think plausible for lie detectors: - travelling by car in the US a few years ago at a border check point between two US states the border gaurds asked if anyone in the car was not US, they made a point of looking you in the eye while questioning you. In conversation later it was suggested that they are trained to observe and notice people who look nervous for some reason. Seems that if a technology was available to improve the reliability of quick spot check questions they wouldn't have any compunction using it. - drink driving breath tests (a real lie detector) to check if you have been drinking. No longer content with asking if you've been drinking they ask, and then breathalize you. In the UK it is an offence to refuse a breath test if stopped whilst driving. - some automation for `anything to declare?' questions at customs, a lie detector, say put your hand on here, then `anything to declare?' Just trying to think up some plausible examples of where it might one day be legally required to take a lie detector test in the course of your normal business. > >- cheap video used by everyone to record their own lives > > A better treatment of this is in David Brin's "Earth." ta, will take a look. > However, what you say below about being required to explain your movements > to cops who stop you on the highway and then present "papers" to them lest that was misleading: the documents required for presentation at police station are insurance certificate, and MOT document (roadworthiness certificate (another infringement of liberty in my view, you are legally required to keep your vehicles in A1 condition, and the strictness of the tests keeps creeping up)). Explaining your movements as I say I'm unsure of the legal position, but they ask you anyway. > !!! > > Glad I don't live in Britain. Well, we don't have curfews yet, but they're getting keen on security video cameras lately, the university has a few even, on top of buildings, the steerable variety, and with what I presume are IR spots mounted on them. Adam From llurch at networking.stanford.edu Sun Jun 2 20:55:42 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Mon, 3 Jun 1996 11:55:42 +0800 Subject: WSJ on "IRS-bashing" In-Reply-To: <199606012148.OAA24297@dns1.noc.best.net> Message-ID: On Sat, 1 Jun 1996 jamesd at echeque.com wrote: > At 04:01 PM 5/29/96 -0700, Rich Graves, who lives in a parallel > universe where political correctness is no threat to liberty, > and the FBI and BATF no threat to law abiding people wrote: [...] > But Rich Graves does not regard that sort of thing as any violation on > freedom of speech. One of these days I must meet this person that shares my name. I've never seen him or her post to cypherpunks. Duncan Frissell's message had some good points, but I get the odd sense that he thought he was disagreeing with me. Taken to private email again. -rich From adamsc at io-online.com Sun Jun 2 21:28:20 1996 From: adamsc at io-online.com (Chris Adams) Date: Mon, 3 Jun 1996 12:28:20 +0800 Subject: NSCP, PRZ Hit NRC Crypto Rec Message-ID: <199606030145.SAA16749@toad.com> > The report noted that the FBI has argued for years that its > law-enforcement efforts would be hampered if drug cartels > and other organized criminals began using codes that > couldn't be deciphered. Courtordered wiretaps, a major tool > used to break organized-crime cases, could become useless, > the FBI has contended. I've wondered the same thing about gun control efforts. Who are they worried about? Criminals. By definition, what is a criminal? One who breaks the laws. Are they seriously thinking that a) criminals might stop doing things because they are illegal? (For shame - I was going to use PGP to protect my child pornography sources. Good thing I found out it was illegal before I did that!) and b) criminals would not be able to buy programmers/etc to secure *their* privacy if they felt it was needed? /* From Chris Adams on a Warped PC running a proudly unregistered (for now) PMMAIL 1.5! The Enigman Group - We do Web Pages! */ This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. From dlv at bwalk.dm.com Sun Jun 2 21:51:40 1996 From: dlv at bwalk.dm.com (Dr. Dimitri Vulis) Date: Mon, 3 Jun 1996 12:51:40 +0800 Subject: Fate of Ecash if RSA is cracked? In-Reply-To: <199606022242.RAA19983@manifold.algebra.com> Message-ID: ichudov at algebra.com (Igor Chudov @ home) writes: > scheme gets broken somehow? Suppose, for example, that someone > discovers an ultra-fast factoring algorithm or something like that. This'll happen, probably sooner than later. --- Dr. Dimitri Vulis Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jwilk at iglou.com Sun Jun 2 22:03:30 1996 From: jwilk at iglou.com (Blake Wehlage) Date: Mon, 3 Jun 1996 13:03:30 +0800 Subject: [Off-Topic] "Curfews" Message-ID: At 05:22 PM 6/2/96 -0400, Alan Horowitz wrote: >I'm more concerned about the other side of the coin. > >The next time there's street riots because a jury decided to think for >itself, will the ACLU be issuing quota guidelines that mandate that all >black arrestees above (percentage-of-population) be given a >"get-out-of-jail-free-for-pulling-a-bystanding-trucker-out-of-his-cab-and >slamming-his-head-with-bricks" card? > > Cool where can I get one of those? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Blake "Pokey" Wehlage Gaa- 3.69 Record- 2-4-4 Age- 13 Final Standings- 2nd Place (Beat in Championship) President & Founder: Revolution Software "I have the fastest glove in the east!" Profanity Software "Hackers never stop hacking they just get caught" VSoft My life- Rarely eat or sleep, Hack til' 7:00a, goto school, play goalie til' 5:00p, hack til' 7:00a Hank Aaron- d:-)!-< Pope- +<:-) Santa Claus- *<:-) The Unabrower |:-) Current Girlfriend(s)- Lindsey Wilcox, Laura Schubring ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From jya at pipeline.com Sun Jun 2 22:12:37 1996 From: jya at pipeline.com (John Young) Date: Mon, 3 Jun 1996 13:12:37 +0800 Subject: NRC Session Hiss Message-ID: <199606030150.BAA27932@pipe2.t1.usa.pipeline.com> During the Q&A of the NRC public session, it was asked why 56-bit DES was selected as the standard of export over other widely distributed programs such as PGP. The panelists seemed to me uneasy in answering this. Primarily their view was that DES was "ubquitious," well- known and tested by use. However, when pressed by later questioners on this topic, they expanded their view: that if another, stronger, program became "ubiquitous" -- in wide use -- they would support it as the standard of export. When it was pointed out that PGP now fit this definition, the panel merely repeated the statement about ubiquity without specifically affirming or denying the PGP claim. Their poker faces seemed uniformly in place to dampen a potential inflammatory topic. Perhaps other attendees will amplify this odd demeanor, but it seems to me that the panel was attempting to avoid commenting one way or the other on PGP's worldwide ubiquity for unstated reasons. I wonder if this was a nudge to the audience that the informal spread of unapproved encryption is the best way to establish its ubiquity and thereby to set a new standard for export, sort of under the noses of the authorities -- as if PGP was exemplary. Recall that this fits the Clinton administration's way of getting around the Croatian arms embargo -- the "no position" position of sidestepping legality. Also, I wonder if the panel wants avoid an open conflict with the administration, the LEAs and the security agencies about PGP. (Or do they know something about PGP that we don't know, or have been led to think they do?) Peter Neumann had pointed out earlier that crypto was going to be ubiquitous, and fairly soon, no matter what. He noted that it is the NRC's recommendation that LEAs take the "long-term, pro-active" view about this and get on with developing other technologies, and training personnel in them, to fight computer crime -- like traffic analysis, packet trace, etc. -- and to accept that prohibiting and cracking crypto is not effective. (This may have been diversionary, but he seemed sincere.) Perhaps the panel is agreeing the crypto genie is out of the bottle, and are advising the authorities to recognize that stronger and stronger crypto is going to become ubiquitous, and it's time to move on to other, presumably less ubiquitious, cyber-crime fighting technolgies. Perhaps the committee was briefed on these technolgies, or maybe some members are even developing them -- Mr. Neumann, for example, in conjunction with Ms. Denning, et al. Those who plan to attend the June 6 session might want to pursue the "no position" position about PGP's ubiquity, and why. Diversionary sop, say, to cover the promotion of non- crypto invasion of privacy. Further, it would be helpful to learn more about what the the committee members were told about "long-term" cyber- surveillance technologies in the pipeline. What bothered me more than anything else about the session was that individual privacy got such short shrift by panelists and by the audience. While there was a bit of discussion on personal privacy protection, government and business, and their mutual back-scratching, seemed to the the primary focus. Pretty Lousy Privacy appears to be in the works, judging from what was not disclosed in the session (and in the report) about two 800-pounders working in concert at citizen data gathering, mining, selling, controlling, dominating -- at the expense of individual privacy, and, shout it, liberty. Peter Neumann got to me when he described the "downside" of anonymity, encryption and security: how can we know who are the criminals if we don't for sure who is who and know for sure who is doing what? Not a single panelist disagreed with his statement about this, but then I heard only a few snorts from the criminal-fraught-fed audience. I kept mum. Jesus, who knows who was recording every titter and hiss -- besides anonymous beside me and me. From tcmay at got.net Sun Jun 2 23:18:39 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 3 Jun 1996 14:18:39 +0800 Subject: opinions on book "The Truth Machine" Message-ID: At 12:14 AM 6/3/96, Adam Back wrote: >Well, we don't have curfews yet, but they're getting keen on security >video cameras lately, the university has a few even, on top of >buildings, the steerable variety, and with what I presume are IR spots >mounted on them. Today's newspaper (SJ Mercury News) carried a long article about increasingly ubiquitous video surveillance cameras, and singled out the U.K. as a place that is leading. Apparently even small villages have 50 or more cameras scattered around...men have been arrested for urinating in bushes outside pubs, caught by the infrared pickups (I hadn't thought about the cameras being IR, but this makes sense, as a large fraction of street crimes take place in dark or semidark areas). The article claimed that the cameras and microphones are the latest in surveillance technology, provided by the U.K. defense establishment. Privacy advocates gave comments--they were predictably quite worried. The links with crypto policy are of course apparent. --Winston Smith Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From mattt at microsoft.com Sun Jun 2 23:32:57 1996 From: mattt at microsoft.com (Matt Thomlinson) Date: Mon, 3 Jun 1996 14:32:57 +0800 Subject: Fate of Ecash if RSA is cracked? Message-ID: but probably not for decent RSA key lengths -- more probably the hashing algorithm used will fall, with much the same consequences. mattt >---------- >From: dlv at bwalk.dm.com[SMTP:dlv at bwalk.dm.com] >Sent: Sunday, June 02, 1996 6:49 PM >To: cypherpunks at toad.com >Subject: Re: Fate of Ecash if RSA is cracked? > >ichudov at algebra.com (Igor Chudov @ home) writes: >> scheme gets broken somehow? Suppose, for example, that someone >> discovers an ultra-fast factoring algorithm or something like that. > >This'll happen, probably sooner than later. > >--- > >Dr. Dimitri Vulis >Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, >14.4Kbps > From MELODYJAMES at delphi.com Sun Jun 2 23:49:54 1996 From: MELODYJAMES at delphi.com (MELODYJAMES at delphi.com) Date: Mon, 3 Jun 1996 14:49:54 +0800 Subject: Reminder on PBS Show Message-ID: <01I5G8VNPC768WWQT1@delphi.com> CYBER SECRETS (This week on Life on the Internet) Law enforcement agencies say that in the wrong hands, email encryption software called PGP (Pretty Good Privacy) threatens the public good. Check out the online transcript, hyperlinks and live video stream of this week's feature "Cyber Secrets" on the Life on the Internet web site. The program *Life on the Internet* is broadcast on Saturday mornings in some areas. Check your listings. From tcmay at got.net Sun Jun 2 23:56:28 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 3 Jun 1996 14:56:28 +0800 Subject: "Insider Non-Trading" (Re: Insider Trading and Inside Information) Message-ID: At 7:15 PM 6/2/96, Mike Duvos wrote: >The SEC, in cooperation with the courts, has been gradually >shifting the definitions of "insider" and "inside information" to >more all-encompassing ones. ... >Nowdays "inside information" has been expanded to include >anything that the general public is not privy to, and "insiders" >can be almost anyone as well. ... Indeed, the recent changes to U.S. Code 18503-666, have been dubbed the "Insider Non-Trading Law." What, you may ask, is "insider non-trading"? Just as inside information may affect decisions to engage in a stock trade, so too can insider information cause a decision _not_ to engage in a stock trade! Imagine that Trader Joe was planning to sell Security Dynamics short. Perhaps with a direct short sale, or purchase of puts, or other variants. However, he learns from his golfing partner, Jim Bidzos, that RSA Data is about to be sold to SD for $250 million. Returning from his golf game, he cancels his short plans. Voila, "insider non-trading." The SEC tumbled to this some time ago, and now demands that all those who are insiders, or who are married to insiders, or who are golfing buddies of insiders register their trading intentions 90 days in advance of any transaction. (This will increase to 120 days in 1997, and 180 days the following year.) This form of "intention escrow" ensures that insider information cannot be used to cancel trades which were planned and then not pursued. Key escrow, signature escrow, identity escrow, position escrow, and, now, intention escrow. Welcome to the Escrow Society. --Tim May (P.S. Stu Brownstein, a Bay Area friend of mine, came up with this "insider non-trading" joke several years ago. He once thought about writing a letter to the "NYT" pointing out how insider trading laws must also imply insider non-trading laws, but a Washington friend of his, he claims, told him not to. "It may give the SEC ideas," he said.) Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From shamrock at netcom.com Mon Jun 3 00:09:54 1996 From: shamrock at netcom.com (Lucky Green) Date: Mon, 3 Jun 1996 15:09:54 +0800 Subject: NRC Session Hiss In-Reply-To: <199606030150.BAA27932@pipe2.t1.usa.pipeline.com> Message-ID: On Mon, 3 Jun 1996, John Young wrote: > However, when pressed by later questioners on this topic, > they expanded their view: that if another, stronger, > program became "ubiquitous" -- in wide use -- they would > support it as the standard of export. When it was pointed > out that PGP now fit this definition, the panel merely > repeated the statement about ubiquity without specifically > affirming or denying the PGP claim. Their poker faces > seemed uniformly in place to dampen a potential > inflammatory topic. That PGP is ubiquitous is subject to discussion. PGP is widely available, but that doesn't mean that it is widely used. What percentage of email is PGP encrypted? Less than half a percent? PGP was a failure in the mass market, regardless how popular it may be with some subscribers of this list. The email encryption method that *will* be ubiquitous and that will cause PGP to be used only by a relatively small fringe is S/MIME. Within a few months, S/MIME will be on the desktops of some 20 million people. It, not PGP is the future standard. Of course S/MIME will default to 40 bit RC-4 and carry the signatures outside the encryption envelope. There is little doubt in my mind that the pannel will find it much easier to support than PGP. From gregmi at galileo.mis.net Mon Jun 3 00:11:21 1996 From: gregmi at galileo.mis.net (Greg Miller) Date: Mon, 3 Jun 1996 15:11:21 +0800 Subject: Fate of Ecash if RSA is cracked? In-Reply-To: <199606022242.RAA19983@manifold.algebra.com> Message-ID: <31b270f2.123131630@pop.mis.net> On Sun, 2 Jun 1996 17:42:49 -0500 (CDT), you wrote: >What would happen with all ecash that's been issued? Of course >criminals would be able to forge large amounts of authentic-looking >ecash, so banks should not be honoring requests to convert e-cash into >real cash. As I understand it, ecash shouldn't be withdrawn until shortly before it is spent. If the RSA algorithm is broken, then then banks could refuse the withdrawal (and depositing) of money as ecash. The remainder of the money in each users' account would have to be withdrawn through conventional methods. Of course all the outstanding (between withdrawl and deposit) ecash could be a problem. "Randomness is in the eye of the beholder" --Numerical Recipes gregmi at mis.net (Greg Miller) http://grendel.ius.indiana.edu/~gmiller/ From ichudov at algebra.com Mon Jun 3 01:05:37 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 3 Jun 1996 16:05:37 +0800 Subject: Fate of Ecash if RSA is cracked? In-Reply-To: Message-ID: <199606030447.XAA22063@manifold.algebra.com> Dr. Dimitri Vulis wrote: > > ichudov at algebra.com (Igor Chudov @ home) writes: > > scheme gets broken somehow? Suppose, for example, that someone > > discovers an ultra-fast factoring algorithm or something like that. > > This'll happen, probably sooner than later. > Hm, how about using two public-key algorithms simultaneously (ie, providing signatures made using two algorithms with each coins)? This way, if one algorithm gets broken, there would be supposedly enough time to make a transition to another method or at least honor the issued ecash. Just curious. Another question: what happens to the ecash issued by a bank if it's secret keys get stolen? Thanks, - Igor. From remailer at 2005.bart.nl Mon Jun 3 01:16:17 1996 From: remailer at 2005.bart.nl (Senator Exon) Date: Mon, 3 Jun 1996 16:16:17 +0800 Subject: Something that just crossed my mind. Sorry. Message-ID: <199606030519.HAA08335@spoof.bart.nl> At 10:01 AM 5/31/96 -0700, Sandy wrote: >At 10:35 PM 5/30/96 -0500, snow wrote: > >>It is my position (until proven wrong--please) that larger business DON'T >>want anonymity. They _want_ to be able to track purchases and use of their >>product for several reasons. Let me first claim that I am an employee of a "larger business." Not that unless someone tracks me through the remailers is there any proof of that, but accept for now that it's not outside of the realm of possibility. I wish I could prove you wrong. I can inform you that you are correct, actually. There are large retail companies that track sales data on credit card account numbers and cardholder names in direct violation of any contract you may have with American Express (and possibly Visa and others, I have not seen those contracts). The data they capture is pretty impressive. I'm sure most of you probably get a direct mailing or two from them every now and then, based on your shopping habits. >Two quick answers: > >1) What big business wants and what it would be > willing to accept in order to make sales, are > two different things. While demographic data > are nice, an more robust economy full of big > spenders is better. And demographic data on big spenders is worth more than anonymous cash from people who buy packages of gum. Much more. The best part of the equation is that the big spenders are giving up the demographic information for free, every time they hand over a credit card. You even filter out the gum-buyers because gum-buyers use cash, which you don't track. An economy of big spenders is worthless unless they're in your store. The cards give evidence of who spends in your store, so you target your advertisements accordingly. >2) Big businesses are made up of individuals. > Most individuals would still prefer to have > their own privacy preserved even if they would > prefer less privacy for others. All it takes is one well-positioned executive who values profits more than his own privacy to say "Capture this personal data" and that data gets captured, regardless of who gets fired complaining about it. Trust me. And I value my job more than I value your privacy, which is why this is going out through a remailer. I also shop only with cash, here and elsewhere. Double-blinded e-cash will be the only way to go, if it ever is the way to go. From tcmay at got.net Mon Jun 3 01:20:13 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 3 Jun 1996 16:20:13 +0800 Subject: opinions on book "The Truth Machine" Message-ID: At 12:14 AM 6/3/96, Adam Back wrote: >Tim May wrote: >> At 11:53 AM 6/1/96, Adam Back wrote: >> >Tim May wrote: >> [...] Maybe the "make.money.fast" description was a poor one...what I meant >> to imply is that the book is being advertised widely (I've seen half a >> dozen announcements of it), > >Ah .. I misunderstood, the ad is being spammed. We have a truly awful >news feed which gets around 2 weeks of lag, at time of posting that >was the only one I'd seen. And I thought my newsfeed was bad! Do an Alta Vista (or DejaNews, etc.) search of "The Truth Machine" and you'll find about 300 articles on Usenet about it. However, about 95% of them are from jhalpe at ix.netcom.com, the author of this media event novel or from ivypress at ix.netcom.com, his vanity publisher. (Actually, maybe Ivy Press is not a vanity publisher. Maybe Ivy Press is what might me dubbed a "Cantwell and Siegel publisher.") And the groups this was posted to....mama mia! This is why I was irked that this spam was leaking into the Cypherpunks group as well. But no harm done, and it demonstrates another example of how the Net is being used for such advertising. Imminent death of the Net predicted--news at 11. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From WlkngOwl at unix.asb.com Mon Jun 3 02:48:57 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Mon, 3 Jun 1996 17:48:57 +0800 Subject: The Elevator Problem Message-ID: <199606030719.DAA26321@unix.asb.com> This may be old hat, but an earlier post (around the time the Kocher RSA-timing attack came out) to the list asked about the "Elevator Problem", where two parties who think they share the same secret want to confirm it on an open channel. I came up with an idea for a protocol but never got around to posting it, and dropped off the list briefly... so pardon me if this is already touched upon. Alice and Bob are in a crowded place and want to confirm they share a secret. Each picks a couple of random numbers, b and i. The secret P is hashed i times, something like: H_0(P) = H(P,0) [H can be something like SHA-1...] H_i(P) = H(H_i-1(P), i) They then tell each other bit b of H_i(P). This is repeated a number of times to make random guessing very unlikely. If all bits match, they agree that they share the secret (we assume neither wants to lie but discover if the other knows the secret). Since this is a mutual protocol, an eavesdropper who listens in shouldn't be able to spoof Alice or Bob. Or maybe Alice and Bob can agree never to reuse combinations of b and i anyway (or they can append a counter to the secret, so that combinations of b and i never give the same values). Could be useful for implementing as a remote login? Comments? Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From ravage at ssz.com Mon Jun 3 03:31:20 1996 From: ravage at ssz.com (Jim Choate) Date: Mon, 3 Jun 1996 18:31:20 +0800 Subject: IR Cameras Message-ID: <199606030534.AAA13745@einstein.ssz.com> Forwarded message: > Date: Sun, 2 Jun 1996 20:19:34 -0700 > From: tcmay at got.net (Timothy C. May) > Subject: Re: opinions on book "The Truth Machine" > > Today's newspaper (SJ Mercury News) carried a long article about > increasingly ubiquitous video surveillance cameras, and singled out the > U.K. as a place that is leading. Apparently even small villages have 50 or > more cameras scattered around...men have been arrested for urinating in > bushes outside pubs, caught by the infrared pickups (I hadn't thought about > the cameras being IR, but this makes sense, as a large fraction of street > crimes take place in dark or semidark areas). Here in Austin, TX there is at least 1 IR camera located at the top of the police building downtown (8th & IH-35). Many intersections have stoplight synchronized cameras for getting license plates of red light runners (eg N. Lamar & 51st). I know the output of the cameras is cabled off-pole (can see the cables) to a NEMA style box. Don't know the format from there. It would be no technological leap to buy cable channels and mux the pictures back to a centralized site. This city is lousy with cable and fiber and the city bought in from the get-go with a project called I-Net in the mid-80's. Jim Choate From timd at consensus.com Mon Jun 3 03:46:50 1996 From: timd at consensus.com (Tim Dierks) Date: Mon, 3 Jun 1996 18:46:50 +0800 Subject: The Elevator Problem Message-ID: At 7:50 PM 6/2/96, Deranged Mutant wrote: >Alice and Bob are in a crowded place and want to confirm they share a >secret. > >Each picks a couple of random numbers, b and i. The secret P is >hashed i times, something like: > > H_0(P) = H(P,0) [H can be something like SHA-1...] > H_i(P) = H(H_i-1(P), i) > >They then tell each other bit b of H_i(P). > >This is repeated a number of times to make random guessing very >unlikely. > >If all bits match, they agree that they share the secret (we assume >neither wants to lie but discover if the other knows the secret). It doesn't seem to me like it needs to be this complex. Here's a couple of protocols I can think of: For a secret S: Alice and Bob generate and exchange random nonces. Then they calculate the HMAC of S using the other's nonce as the MAC secret. They exchange HMACs and each verify that their peer has correctly calculated the HMAC given the secret and the nonce. - or - Each of Alice and Bob hash S and use the result as a symmetric encryption key; they then attempt to exchange messages. If they can exchange messages, they must have arrived at the same key, and thus be using the same S. To avoid replay attacks, exchange nonces and use them as a part of the key calculation. Note that neither of these reveals that you know S unless your peer knows S; noone who doesn't know S can determine if Alice or Bob actually know S or if they're using some other faked value (except for analysis of the repercussions of the exchange). - Tim Tim Dierks -- timd at consensus.com -- www.consensus.com Head of Thing-u-ma-jig Engineering, Consensus Development From hayden at krypton.mankato.msus.edu Mon Jun 3 04:23:04 1996 From: hayden at krypton.mankato.msus.edu (Robert A. Hayden) Date: Mon, 3 Jun 1996 19:23:04 +0800 Subject: Security of PGP if Secret Key Available? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- About once a week we get some lame-o flame bait posted to alt.security.pgp or this mailing list or somewhere abotu some hole in PGP. We further say with fairly good reliability that they are bogus, get a light chuckle, and then go back to dealing with the real issues. However, I got to wondering about the security of PGP assuming somebody trying to read my PGPed stuff has my 1024-bit secret key. ie, if I have it on my personal computer, and somebody gets my secret key, how much less robust has PGP just become, and what are appropriate and reasonable steps to take to protect this weakness? Thanks -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: PGP Signed with PineSign 2.2 iQCVAwUBMbJ5xTokqlyVGmCFAQGcAgQAvjFdZ+YLdQGxDHcT+GOwP82BSwiTYlaQ F9RV8L+radCK/SyeLnEtoodkKVqpcsItIQ/JJ44FOAmnsBLljuWqbhZMl8G8+uCB pcpkXpre83CwoM6qDKkCEyqCiMxq857ioCoqb+WRNJYbb++muVBDHADVzGoGOjLg cvIMxnnXF3c= =tnTb -----END PGP SIGNATURE----- ____ Robert A. Hayden <=> hayden at krypton.mankato.msus.edu \ /__ Finger for Geek Code Info <=> Finger for PGP Public Key \/ / -=-=-=-=-=- -=-=-=-=-=- \/ http://krypton.mankato.msus.edu/~hayden/Welcome.html -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GED/J d-- s:++>: a- C++(++++)$ ULUO++ P+>+++ L++ !E---- W+(---) N+++ o+ K+++ w+(---) O- M+$>++ V-- PS++(+++)>$ PE++(+)>$ Y++ PGP++ t- 5+++ X++ R+++>$ tv+ b+ DI+++ D+++ G+++++>$ e++$>++++ h r-- y+** ------END GEEK CODE BLOCK------ From WlkngOwl at unix.asb.com Mon Jun 3 05:18:46 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Mon, 3 Jun 1996 20:18:46 +0800 Subject: Why PGP isn't so ubiquitous (was NRC Session Hiss) Message-ID: <199606030902.FAA27168@unix.asb.com> On 2 Jun 96 at 21:15, Lucky Green wrote: > That PGP is ubiquitous is subject to discussion. PGP is widely available, > but that doesn't mean that it is widely used. What percentage of email is > PGP encrypted? Less than half a percent? In part because it's not well integrated with mailers. That could change with a PGP3 DLL. PGP isn't only used for email: o files distributed over the net that are PGP-signed o signed email o non-emailed file distributions (over BBS, or physical transfer of disks) o personal storage (though other utilities are better-suited for that than PGP) o related utilities that make use of PGP-keys (HPack archiver) The reasons PGP hasn't become widely used are because of it's lack of user-friendliness and poor integration into other tools, irregardless of S/MIME. Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From apache at quux.apana.org.au Mon Jun 3 05:27:08 1996 From: apache at quux.apana.org.au (TT) Date: Mon, 3 Jun 1996 20:27:08 +0800 Subject: The decline and fall of Australia Message-ID: Just in case people on this list were under any delusions that Australia part of the free world get a load of this... **begin press release** Hon. J.W. Shaw, QC, MLC Attorney-General and Minister for Industrial Relations ------------------------------------------------------------------------ Level 20, Goodsell Building, Facsimile (02) 228 7301 Chifley Square, Sydney NSW 2000 Telephone (02) 228 8188 ------------------------------------------------------------------------ PAEDOPHILIA SHOULD NOT BE ENCOURAGED BY THE INTERNET The Attorney General Mr Jeff Shaw, QC, MLC, today explained the draft internet regulation legislation to members of the internet community who had apparently misunderstood the plans. "Despite their protests, those who support total freedom on the internet have yet to explain to me why material involving paedophilia should be readily available and encouraged on the internet", he said. "Those who assert that the proposals are a knee jerk reaction are completely wrong and appear to have been totally uninterested in the issue until very recently. For on 7 July 1995, a consultation paper on internet regulation was released both on the World Wide Web and in paper form. "That 'Consultation paper on the Regulation of On-Line Information Services,' has now been available from the Federal Attorney General's Department for almost a year. "When it was released, submissions were requested, and 121 submissions were received by the closing date of 1 September 1995. "Following unanimous endorsement of the proposals by all Attorney's General, the NSW Parliamentary Counsel drafted legislation based on the discussion paper and the consultation process. This legislation will be discussed by the Standing Committee of Attorney's General in July. "Those protesting about the proposed offences and penalties are conveniently ignoring half the story - the fact that the draft legislation creates broad defences that encourage compliance with approved codes of practice or the taking of reasonable steps to ensure the proscribed behaviour does not occur. "Why should a Government not prosecute a service provider who supplies the Internet to schools, yet refuses to install appropriate firewalls to screen out material involving explicit sex and violence or child sexual abuse? "The broad defences recognise, as I do, the impossibility of monitoring all data that goes through service providers systems, but encourage providers to maintain maximum awareness, not maximum ignorance, about the material disseminated. "Criminal sanctions are only aimed at operators and users who culpably breach the standards that are set out regarding material that they transmit or advertise, or those who fail or refuse to exercise any effective controls over material that is publicly available through their information services. "For example, people who have objectionable material placed on their bulletin board without their knowledge could argue that they are not liable as they had obtained undertakings from users that certain types of material would not be posted or posted inappropriately. They may also be able to demonstrate that they had conducted random checks of material available through their information service. "I do not believe that the community condones the easy availability of material encouraging paedophilia and other sexual abuse. The impossibility of absolute regulation does not justify a complete failure to do what we can to meet reasonable concerns. "I would hope that organisations like the Electronic Frontiers Association are interested in assisting the State and Federal Governments formulate workable proposals that will protect children while allowing adults freedom of expression on the internet. If they in fact are, detailed proposals about how this could be best achieved would be useful." **end** As to that last para I think u could read..."cos we have no bloody idea what we are doing or how to achieve this all on our lil lonesomes" Thank the gods for cypherpunks.. From jsw at netscape.com Mon Jun 3 06:09:04 1996 From: jsw at netscape.com (Jeff Weinstein) Date: Mon, 3 Jun 1996 21:09:04 +0800 Subject: Java Crypto API questions In-Reply-To: Message-ID: <31B2ADA5.577D@netscape.com> Andrew Loewenstern wrote: > > Moltar Ramone writes: > > Probably. But they won't be able to export the signed 3DES > > package :) It leaves foreign vendors in trouble, is where. > > Sun can export the signature though. The vendor already has the package, > they just need the sig/cert... Not likely. Sun will probably be required to agree not to do this as a condition of exporting software with "pluggable crypto". Software with hooks for crypto functions is treated the same as the actual crypto as far as the ITAR is concerned. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw at netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine. From jya at pipeline.com Mon Jun 3 07:41:19 1996 From: jya at pipeline.com (John Young) Date: Mon, 3 Jun 1996 22:41:19 +0800 Subject: PRY_ing Message-ID: <199606031105.LAA22382@pipe2.t1.usa.pipeline.com> 6-3-96. NYP: "As privacy grows scarcer on the Internet, people finally start to take notice." Denise Caruso column. Tomorrow, the Federal Trade Commission's Bureau of Consumer Protection is sponsoring a public workshop in Washington called "Consumer Privacy on the Global Information Infrastructure." The F.T.C.'s intention is to find out how much consumers and the industry really know about critical privacy issues created by what it calls "the emerging on-line marketplace," and to look at various ways to protect personal data. Privacy on data networks is a complex issue. It includes thorny questions about anonymity -- who should be allowed to be anonymous in network interactions, and under what circumstances -- and the red-hot debate over digital encryption, which can protect private communication and transactions from all prying eyes, including the Government's. PRY_ing From jwilk at iglou.com Mon Jun 3 08:42:32 1996 From: jwilk at iglou.com (Blake Wehlage) Date: Mon, 3 Jun 1996 23:42:32 +0800 Subject: The Elevator Problem Message-ID: At 02:50 AM 6/3/96 +0000, Deranged Mutant wrote: > >This may be old hat, but an earlier post (around the time the Kocher >RSA-timing attack came out) to the list asked about the "Elevator >Problem", where two parties who think they share the same secret want >to confirm it on an open channel. I came up with an idea for a >protocol but never got around to posting it, and dropped off the list >briefly... so pardon me if this is already touched upon. > >Alice and Bob are in a crowded place and want to confirm they share a >secret. > >Each picks a couple of random numbers, b and i. The secret P is >hashed i times, something like: > > H_0(P) = H(P,0) [H can be something like SHA-1...] > H_i(P) = H(H_i-1(P), i) > >They then tell each other bit b of H_i(P). > >This is repeated a number of times to make random guessing very >unlikely. > >If all bits match, they agree that they share the secret (we assume >neither wants to lie but discover if the other knows the secret). > >Since this is a mutual protocol, an eavesdropper who listens in >shouldn't be able to spoof Alice or Bob. Or maybe Alice and Bob can >agree never to reuse combinations of b and i anyway (or they can >append a counter to the secret, so that combinations of b and i never >give the same values). > >Could be useful for implementing as a remote login? > > >Comments? > > > >Rob. > >--- >No-frills sig. >Befriend my mail filter by sending a message with the subject "send help" >Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) > AB1F4831 1993/05/10 Deranged Mutant >Send a message with the subject "send pgp-key" for a copy of my key. > > Its a good thought, I never even thought about it, but it should work. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Blake "Pokey" Wehlage Gaa- 3.69 Record- 2-4-4 Age- 13 Final Standings- 2nd Place (Beat in Championship) President & Founder: Revolution Software "I have the fastest glove in the east!" Profanity Software "Hackers never stop hacking they just get caught" VSoft My life- Rarely eat or sleep, Hack til' 7:00a, goto school, play goalie til' 5:00p, hack til' 7:00a Hank Aaron- d:-)!-< Pope- +<:-) Santa Claus- *<:-) The Unabrower |:-) Current Girlfriend(s)- Lindsey Wilcox, Laura Schubring ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From m5 at vail.tivoli.com Mon Jun 3 10:48:35 1996 From: m5 at vail.tivoli.com (Mike McNally) Date: Tue, 4 Jun 1996 01:48:35 +0800 Subject: Sun pushing SKIP for intranets and java In-Reply-To: <199605272346.TAA08318@jekyll.piermont.com> Message-ID: <31B2E2E3.5D1A@vail.tivoli.com> Perry E. Metzger wrote: > If thats true, its a remarkably bad idea. The IP security layer isn't > anywhere near the layer where you should be doing things like signing > Java applets. I think that the SKIP stuff would be intended to protect on-the-wire marshalled objects when using the CORBA or RMI stuff to do inter-VM method invocation. The signature stuff is a whole 'nuther enchilada. (I assume, Perry, that you weren't at the fabulous JavaOne thing last week, because I didn't notice anyone spontaneously combusting from all the hype :-) ______c_____________________________________________________________________ Mike M Nally * Tiv^H^H^H IBM * Austin TX * pain is inevitable m5 at tivoli.com * m101 at io.com * * suffering is optional From jya at pipeline.com Mon Jun 3 11:23:50 1996 From: jya at pipeline.com (John Young) Date: Tue, 4 Jun 1996 02:23:50 +0800 Subject: Newsweek on Crypto Message-ID: <199606031301.NAA29204@pipe2.t1.usa.pipeline.com> Newsweek, June 10, 1996, pp. 49-55. Scared Bitless The arcane world of cryptography used to be the exclusive realm of spies. Now it's everybody's business -- to the chagrin of the government. By Steven Levy [Photo] Loosen up: Sen. Conrad Burns says the United States should ease the export rules on crypto software On the face of it, the issue of cryptography -- the technology that employs secret codes to protect information -- seems more suited to math class than "The McLaughlin Group." Yet this once esoteric subject has wound up in the center of a Beltway controversy, complete with congressional infighting, lobbyists, entrenched government agencies, blue-ribbon reports and even a bit of presidential politics. This sudden spotlight on what was previously the domain of deep-black spy stuff turns out to be a good thing, because in the Information Age crypto policy is more than an abstraction: it could provide the difference between security and vulnerability, or even between life and death. Unfortunately, choosing the right policy is not a given, and there the controversy lies. Here's the problem: we're increasingly entrusting information to computers -- everything from confidential medical records to business plans to money itself. But how can we provide security so that these data will be protected from eavesdroppers, thieves and saboteurs? The answer hinges on cryptography. By scrambling the information into digital codes, it allows only those entrusted with the keys to decipher those files to see them. Some hot-shot cryptographers have developed systems that can provide all of us with unprecedented security, automatically coding and decoding in such a way that we won't have to know it's there. (We can even have our phone calls encoded something Prince Charles might have appreciated.) Silicon Valley would love to set such a system in motion. It not only would generate revenues, but would also address the main problem that's keeping the Internet from fulfilling its potential as a center of commerce: security. Problem solved? Not quite. Law-enforcement and national-security agencies view this prospect with dread. Legal eavesdroppers, like FBI wiretappers and National Security Agency snoopers, couldn't make sense of intercepted transmissions. They warn that we could miss indications of a terrorist act, like a nuke smuggled into Manhattan. In addition, drug dealers, child pornographers and garden-variety thugs could mask their activities with a mere mouse click. Even before the Clinton administration took office, the NSA and FBI presented those nightmare scenarios to the transition team. The Clintonites were scared bitless. They vowed to make sure that the worst didn't happen. They understood that cryptography should be put to general use -- but only if it were altered in such a way that the government could, if necessary, get access to secret messages, using a new technology known as "key escrow." The best-known of those schemes was the ill-fated Clipper Chip, and subsequent systems haven't caught on. (Yet another was presented two weeks ago.) Until then they would maintain the strict export controls that treat crypto software as powerful munitions. That's right -- Uncle Sam regards that copy of Netscape you downloaded as sort of a Stinger missile. But now the government position of slowing down the flow of crypto is under increasing attack. Software companies complain that regulations cost them money and hold down innovation. Privacy groups complain that the controls reek of Orwell's "1984." Congress is demanding changes. Bob Dole wants to make it an issue. And on Thursday came what Sen. Conrad Burns, a Montana Republican, called "the nail in the coffin" of the Clinton crypto policy: a report by the National Research Council that clearly rebukes the administration's position. Despite the Clinton-Gore attempt to protect us against the abuse of cryptography, says the Congress-commissioned report, our safety is at risk -- because the lack of cryptography has weakened our security. Under particular attack are the regulations that limit the strength of exported software like IBM's Lotus Notes, mostly by mandating that the keys that encode and decipher the information not exceed 40 bits (the longer the key, the stronger the protection). Often, domestic users have to settle for this crippled crypto: since software companies are loath to release two versions of their products, they simply choose to offer the weaker, approved-for-export version. Meanwhile, foreign companies have no such restrictions, and U.S. companies maintain they are losing sales. Congress has taken up their case; bills introduced by Sen. Patrick Leahy, Rep. Bob Goodlatte and Burns all would relax the export rules. "These bills are pro-privacy, pro-jobs and pro-business," says Leahy. While prospects for passage are slim, the fact that a sizable number of legislators are defying intelligence and law-enforcement agencies is itself significant. Crypto policy is even finding its way into the presidential campaign. On a visit to Silicon Valley, Bob Dole was alerted to the problem by Netscape CEO Jim Barksdale. He also saw a chance to chip away at Clinton's support in the high-tech world. Dole not only cosponsored the Senate bills but issued a neo-cypherpunk statement charging that "the administration's big brother proposal will literally destroy America's computer industry." The NRC report, entitled "Cryptography's Role in Securing the Information Society," stands as the most serious challenge to current policy. It is drenched in credibility: its 16 authors include former attorney general Benjamin Civiletti, onetime NSA deputy director Ann Caracristi, privacy expert Willis Ware and cryptographer Martin Hellman. The panel was briefed by all sides of the issue, including some classified sessions with government officials. Despite the group's diversity, it reached consensus: "Widespread commercial and private use of cryptography is inevitable in the long run and ... its advantages, on balance, outweigh its disadvantages." The NRC made some specific recommendations. The government should stop building a system around the umproven Clipper-style technology. The export regulations should be relaxed, specifically permitting free export of the well-tested Data Encryption Standard, which uses a 56-bit key. (While some argue for even bigger keys, this is a significant jump. The increase in key size alone means that theoretically it will be more than 65,000 times harder to crack a code.) Perhaps the strongest rebuke came with the rejection of the "if you only knew" defense. The committee concluded that informed decisions on crypto could be made without access to classified material. If the NRC advice was followed, would criminals hide nefarious activities behind a digital wall of gibberish? Quite possibly, admits the committee -- but without action to promote crypto, we are increasingly dependent on a computer-controlled world with insufficient protection. "We're encouraging a world that supports greater confidentiality -- but we think it's worth the risk," says panelist Ray Ozzie, creator of IBM's Lotus Notes. The committee cited security breaches like the recent raid on Citicorp by Russian hackers, and warned that without crypto, we are more vulnerable to "information warfare" threats -- endangering operations like the air-traffic-control system. The government's response? "We do care about the security of information, but we need to do it in a way that does not diminish law enforcement," says an administration official. "People writing academic reports can take chances. But when you are the policeman, you have to err on the side of protecting people." The question is, which approach provides the most protection? The NRC report undercuts the government's position at a time when many were already beginning to question it. On May 21, 11 senators sat down in a bugproof room for a classified briefing, presumably designed to make them rethink their proposals. But, said Leahy, "no one seemed to change their mind." Looks like they've cracked the code. [Two photos] 'Pro-privacy, pro-jobs, pro-business': Sen. Patrick Leahy (right) and Lotus Notes creator Ray Ozzie think strong codes will make a stronger economy _________________________________________________________ [Box] Sending Messages In Private Cryptography makes it possible to turn intelligible words into a hodgepodge of letters, numbers and symbols, keeping them out of the hands of cybersnoops. [Illustration: computer > key > encrypted message > key > computer.] To send a private message through a network, a cryptography program is used to "lock" the message -- making it unreadable to anyone who intercepts it. The program generates a secret, digital key when it scrambles the message. The receiver then uses the key to translate the message back into plain text. _________________________________________________________ [End] Thanks to SL and Newsweek. From jmoll at acquion.com Mon Jun 3 12:13:36 1996 From: jmoll at acquion.com (Joseph L. Moll) Date: Tue, 4 Jun 1996 03:13:36 +0800 Subject: Floating Point and Financial Software Message-ID: <2.2.32.19960603141003.006ebeb4@mail.acquion.com> I have seen monetary items represented as integers, with the software assuming that the last two digits are actually the "cents" part of the float. There are still round off problems with this scheme, but the calculations are much faster since they are integers. --- Joseph L. (Joe) Moll -- Network and Communications Engineering mailto:jmoll at acquion.com http://www.acquion.com phone:864-281-4108 ACQUION, Inc. Greenville, SC USA -- Specialists in Electronic Commerce disclaimer: This email is not to be considered official correspondence --- From raph at CS.Berkeley.EDU Mon Jun 3 12:19:47 1996 From: raph at CS.Berkeley.EDU (Raph Levien) Date: Tue, 4 Jun 1996 03:19:47 +0800 Subject: List of reliable remailers Message-ID: <199606031350.GAA01754@kiwi.cs.berkeley.edu> I operate a remailer pinging service which collects detailed information about remailer features and reliability. To use it, just finger remailer-list at kiwi.cs.berkeley.edu There is also a Web version of the same information, plus lots of interesting links to remailer-related resources, at: http://www.cs.berkeley.edu/~raph/remailer-list.html This information is used by premail, a remailer chaining and PGP encrypting client for outgoing mail. For more information, see: http://www.c2.org/~raph/premail.html For the PGP public keys of the remailers, finger pgpkeys at kiwi.cs.berkeley.edu This is the current info: REMAILER LIST This is an automatically generated listing of remailers. The first part of the listing shows the remailers along with configuration options and special features for each of the remailers. The second part shows the 12-day history, and average latency and uptime for each remailer. You can also get this list by fingering remailer-list at kiwi.cs.berkeley.edu. $remailer{"extropia"} = " cpunk pgp special"; $remailer{"portal"} = " cpunk pgp hash"; $remailer{"alumni"} = " cpunk pgp hash"; $remailer{"c2"} = " eric pgp hash reord"; $remailer{"penet"} = " penet post"; $remailer{"flame"} = " cpunk mix pgp. hash latent cut post reord"; $remailer{"mix"} = " cpunk mix pgp hash latent cut ek ksub reord ?"; $remailer{"replay"} = " cpunk mix pgp hash latent cut post ek"; $remailer{"ecafe"} = " cpunk mix"; $remailer{"amnesia"} = " cpunk mix pgp hash latent cut ksub"; $remailer{'alpha'} = ' alpha pgp'; $remailer{"lead"} = " cpunk pgp hash latent cut ek"; $remailer{"treehole"} = " cpunk pgp hash latent cut ek"; $remailer{"exon"} = " cpunk pgp hash latent cut ek"; $remailer{"vegas"} = " cpunk pgp hash latent cut"; $remailer{"haystack"} = " cpunk mix pgp hash latent cut ek"; catalyst at netcom.com is _not_ a remailer. lmccarth at ducie.cs.umass.edu is _not_ a remailer. usura at replay.com is _not_ a remailer. Groups of remailers sharing a machine or operator: (c2 alpha) (flame replay) (alumni portal) Use "premail -getkeys pgpkeys at kiwi.cs.berkeley.edu" to get PGP keys for the remailers. Fingering this address works too. Note: The remailer list now includes information for the alpha nymserver. Last update: Mon 3 Jun 96 6:47:19 PDT remailer email address history latency uptime ----------------------------------------------------------------------- replay remailer at replay.com ********+*** 6:17 99.89% vegas remailer at vegas.gateway.com ** * *--**** 37:04 99.82% amnesia amnesia at chardos.connix.com ------------ 3:52:31 99.74% flame remailer at flame.alias.net -----++---++ 1:25:32 99.74% exon remailer at remailer.nl.com +***#- * *+* 5:48 99.33% ecafe cpunk at remail.ecafe.org ####+**##*#* 1:17 99.31% alpha alias at alpha.c2.org *+ +++-++**+ 45:57 99.26% c2 remail at c2.org +- ++.-+++++ 57:37 99.24% haystack haystack at holy.cow.net +*-***#+# ## 10:00 98.62% penet anon at anon.penet.fi _-. .___ -- 40:43:38 97.37% extropia remail at miron.vip.best.com ----------- 9:35:17 97.17% alumni hal at alumni.caltech.edu *#-+##* -## 15:58 95.46% mix mixmaster at remail.obscura.com .--++--+++- 2:29:31 94.30% portal hfinney at shell.portal.com *#-+##*# ## 17:14 93.19% lead mix at zifi.genetics.utah.edu +++++++++++ 36:51 92.05% treehole remailer at mockingbird.alias.net - .--.-.- 8:47:35 90.83% History key * # response in less than 5 minutes. * * response in less than 1 hour. * + response in less than 4 hours. * - response in less than 24 hours. * . response in more than 1 day. * _ response came back too late (more than 2 days). cpunk A major class of remailers. Supports Request-Remailing-To: field. eric A variant of the cpunk style. Uses Anon-Send-To: instead. penet The third class of remailers (at least for right now). Uses X-Anon-To: in the header. pgp Remailer supports encryption with PGP. A period after the keyword means that the short name, rather than the full email address, should be used as the encryption key ID. hash Supports ## pasting, so anything can be put into the headers of outgoing messages. ksub Remailer always kills subject header, even in non-pgp mode. nsub Remailer always preserves subject header, even in pgp mode. latent Supports Matt Ghio's Latent-Time: option. cut Supports Matt Ghio's Cutmarks: option. post Post to Usenet using Post-To: or Anon-Post-To: header. ek Encrypt responses in reply blocks using Encrypt-Key: header. special Accepts only pgp encrypted messages. mix Can accept messages in Mixmaster format. reord Attempts to foil traffic analysis by reordering messages. Note: I'm relying on the word of the remailer operator here, and haven't verified the reord info myself. mon Remailer has been known to monitor contents of private email. filter Remailer has been known to filter messages based on content. If not listed in conjunction with mon, then only messages destined for public forums are subject to filtering. Raph Levien From warlord at MIT.EDU Mon Jun 3 12:21:00 1996 From: warlord at MIT.EDU (Derek Atkins) Date: Tue, 4 Jun 1996 03:21:00 +0800 Subject: Security of PGP if Secret Key Available? In-Reply-To: Message-ID: <199606031411.KAA01253@toxicwaste.media.mit.edu> > However, I got to wondering about the security of PGP assuming somebody > trying to read my PGPed stuff has my 1024-bit secret key. ie, if I have > it on my personal computer, and somebody gets my secret key, how much > less robust has PGP just become, and what are appropriate and reasonable > steps to take to protect this weakness? The security of the PGP system is based around the security of the PGP private (secret) key. The security of the secret key is based on two things: 1) The bits in the secring, and 2) the user pass phrase. An attacker needs both 1 and 2 to compromise a secret key. Posession of only one of them is not enough. It doesn't matter how big your key is. It could be 384 bits, it could be 2048 bits. You still have the same two walls protecting your key. If someone has read your secring file, that means they only have to get your pass phrase. This gives an attacker something to go for. Once they obtain your pass phrase as well, your key is compromised. If, however, they obtain your secret keyring but they CANNOT obtain your pass phrase, you are still safe. It just means you have one fewer walls surrounding your secret key. I always assume that someone has compromised my secret keyring, in that someone has obtained a copy of it. So I spend most of my "time" (granted, it's not a lot) trying to protect my pass phrase. I have a fairly long pass phrase, more than 40 characters, and I make sure I KNOW (not believe, KNOW) the path the bits take from the keyboard to the CPU -- and I make sure that path is secure. Otherwise I don't run PGP at that time. Since I have a laptop, that makes my life much easier -- I cut-and-paste my PGP mail over to the laptop and run PGP there. >From the laptop I can send mail out directly. I hope this answers your question, -derek From kevin.jessup at mail.mei.com Mon Jun 3 12:30:09 1996 From: kevin.jessup at mail.mei.com (Kevin Jessup) Date: Tue, 4 Jun 1996 03:30:09 +0800 Subject: Java Crypto API questions Message-ID: <01I5GTVSACW299NQKT@meipws.mis.mei.com> Jeff Weinstein wrote... > Not likely. Sun will probably be required to agree not to do this >as a condition of exporting software with "pluggable crypto". Software >with hooks for crypto functions is treated the same as the actual crypto >as far as the ITAR is concerned. > > --Jeff Just WHAT is a "hook" for crypto?? ;-) I've read about the Microsoft crypto API, other such hooks and the "ban on hooks", but who says a "hook" must be so "generic". With things such as the "component object model" stuff Microsoft is pushing and similar technologies in the UNIX world, I can still see "hooking" to crypto. Though perhaps more on an application-specific basis and not so "generically". I acknowledge that crypto which is nearly "invisible" to the end-user will make it more widespread, and thus the need for a generic API. Politicians and technology: like oil and water. -- "Rest enough for the individual man - [but] too Kevin Jessup much or too soon and we call it Death. But for software engineer MAN, no rest and no ending. He must go on, Marquette Medical Systems conquest beyond conquest...and when he has http://www.mei.com conquered all the depths of space and all the PGP Email preferred mysteries of time, still he will be beginning." kevin.jessup at meipws.mis.mei.com -- H.G. Wells, Things To Come From perry at piermont.com Mon Jun 3 13:16:15 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 4 Jun 1996 04:16:15 +0800 Subject: Saw this on CNN: Anonymous Stock tips over IRC as bad??? In-Reply-To: Message-ID: <199606031523.LAA05288@jekyll.piermont.com> Timothy C. May writes: > Namely, are the people "talking up" a stock committing a crime? Possibly. > And, how can someone who acts on overheard information--as in the elevator > example Sandy cited--be charged with any crime? Unless they are "insiders," > covered by SEC rules about trading, they are free to act on essentially > anything they hear. No, I'm afraid they aren't. Under the rules, if you have nonpublic information, even if you are not a corporate officer, you are an insider for purposes of "insider trading" and your trades are illegal. Don't go to Tim for advice on steering clear of the SEC's enforcement people. > (To elaborate on this: I was never classified as an "insider" during my > time at Intel, and I certainly bought and sold the stock based on what > products and news I knew was coming out or what rumors I'd heard. Only a > select group of executives and staff in the specific departments generating > earnings announcements, auditing, etc., were covered. Only they were covered by the rules that require registration of all trades, you mean. You are completely confusing two uses of the word "insider". > But ordinary people, even employees of a company, are not > considered to be "insiders" and hence are not covered by insider trading > laws.) Follow Tim's advice and wind up in jail. I can give people specific cases if they like. Securities laws are extremely complex, extraordinarily broad, and subject to extremely flexible interpretation. I would suggest not attempting to skate a fine line near them -- the ice is very thin. Perry From jthomas at gateway.webwon.com Mon Jun 3 13:55:14 1996 From: jthomas at gateway.webwon.com (RHS Linux User) Date: Tue, 4 Jun 1996 04:55:14 +0800 Subject: Java Crypto API questions In-Reply-To: <31B2ADA5.577D@netscape.com> Message-ID: On Mon, 3 Jun 1996, Jeff Weinstein wrote: > Andrew Loewenstern wrote: > > > > Sun can export the signature though. The vendor already has the package, > > they just need the sig/cert... > > Not likely. Sun will probably be required to agree not to do this > as a condition of exporting software with "pluggable crypto". Software > with hooks for crypto functions is treated the same as the actual crypto > as far as the ITAR is concerned. When Microsoft announced their crypto API, they also announced that their signatures on crypto modules would be export-restricted. According to e-mail I received from a Microsoft employee on the project, the act of signing was considered a "defense service" under ITAR, so exporting the signature would somehow be performing defense services for foreign persons. It makes slightly less sense to me than the rest of the crypto export restrictions do, but I guess that's the deal that Microsoft worked out with the Feds in order to be allowed to do a crypto API at all. Joe From jimbell at pacifier.com Mon Jun 3 13:56:35 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 4 Jun 1996 04:56:35 +0800 Subject: Java Crypto API questions Message-ID: <199606031521.IAA12484@mail.pacifier.com> At 02:17 AM 6/3/96 -0700, Jeff Weinstein wrote: >Andrew Loewenstern wrote: >> >> Moltar Ramone writes: >> > Probably. But they won't be able to export the signed 3DES >> > package :) It leaves foreign vendors in trouble, is where. >> >> Sun can export the signature though. The vendor already has the package, >> they just need the sig/cert... > > Not likely. Sun will probably be required to agree not to do this >as a condition of exporting software with "pluggable crypto". Software >with hooks for crypto functions is treated the same as the actual crypto >as far as the ITAR is concerned. But you haven't explained why somebody can't export JUST the signature. You know, import the software, have Sun sign it domestically, strip off everything that isn't a signature, and export the signature. Append it to the un-imported code outside the country. Jim Bell jimbell at pacifier.com From apache at quux.apana.org.au Mon Jun 3 14:18:59 1996 From: apache at quux.apana.org.au (TT) Date: Tue, 4 Jun 1996 05:18:59 +0800 Subject: Why PGP isn't so ubiquitous (was NRC Session Hiss) In-Reply-To: <199606030902.FAA27168@unix.asb.com> Message-ID: On Mon, 3 Jun 1996, Deranged Mutant wrote: > On 2 Jun 96 at 21:15, Lucky Green wrote: > > > That PGP is ubiquitous is subject to discussion. PGP is widely available, > > but that doesn't mean that it is widely used. What percentage of email is > > PGP encrypted? Less than half a percent? > > In part because it's not well integrated with mailers. That could > change with a PGP3 DLL. I think that is the main reason PGP is not more common place. If it was seamlessly integrated with Windows software such as mailers I am sure it would be used widely. It will be interesting to see if this develops. > PGP isn't only used for email: > > o files distributed over the net that are PGP-signed > o signed email > o non-emailed file distributions (over BBS, or physical > transfer of disks) > o personal storage (though other utilities are better-suited > for that than PGP) > o related utilities that make use of PGP-keys (HPack > archiver) > > The reasons PGP hasn't become widely used are because of it's lack of > user-friendliness and poor integration into other tools I think it is actually easy to use, although granted others may not; but that people tend not to use it as a matter of course (and it is my belief this is a desireable thing) due too the time taken to manually sign mail or sign and encrypt. Lets face it the average user has trouble with a dos command prompt and until there is a point and click emailer easily available most people just won't try PGP for email. It would also raise the general awareness of PGP and encryption and privacy issues I hope as it is my experience that outside the dedicated and the interested, very few have even heard of PGP or realise that their email may be read easily by persons other than the intended recipient. If this should occurr the horse would have bolted as far as any attempts at government outlawing its use; by and large; or at the very least would make it impossible to pass laws banning PGP without the public at large realising that they might possibly be loosing something which at the moment I doubt many would having never used encryption for email. -- .////. .// Charles Senescall apache at quux.apana.org.au o:::::::::/// apache at gil.com.au >::::::::::\\\ Finger me for PGP PUBKEY Brisbane AUSTRALIA '\\\\\' \\ http://quux.apana.org.au/~apache/ From perry at piermont.com Mon Jun 3 14:41:40 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 4 Jun 1996 05:41:40 +0800 Subject: Fate of Ecash if RSA is cracked? In-Reply-To: Message-ID: <199606031601.MAA05367@jekyll.piermont.com> Dr. Dimitri Vulis writes: > ichudov at algebra.com (Igor Chudov @ home) writes: > > scheme gets broken somehow? Suppose, for example, that someone > > discovers an ultra-fast factoring algorithm or something like that. > > This'll happen, probably sooner than later. Why do you assume that? There are plenty of problems that are provably not solvable in non-exponential time even if P=NP. What makes you think this one is going to be solved? .pm From jeffb at sware.com Mon Jun 3 15:22:54 1996 From: jeffb at sware.com (Jeff Barber) Date: Tue, 4 Jun 1996 06:22:54 +0800 Subject: Saw this on CNN: Anonymous Stock tips over IRC as bad??? In-Reply-To: <199606031523.LAA05288@jekyll.piermont.com> Message-ID: <199606031507.LAA15317@jafar.sware.com> Perry E. Metzger writes: > Timothy C. May writes: > > And, how can someone who acts on overheard information--as in the elevator > > example Sandy cited--be charged with any crime? Unless they are "insiders," > > covered by SEC rules about trading, they are free to act on essentially > > anything they hear. > > No, I'm afraid they aren't. Under the rules, if you have nonpublic > information, even if you are not a corporate officer, you are an > insider for purposes of "insider trading" and your trades are illegal. > > (To elaborate on this: I was never classified as an "insider" during my > > time at Intel, and I certainly bought and sold the stock based on what > > products and news I knew was coming out or what rumors I'd heard. Only a > > select group of executives and staff in the specific departments generating > > earnings announcements, auditing, etc., were covered. > > Only they were covered by the rules that require registration of all > trades, you mean. You are completely confusing two uses of the word > "insider". IANAL, but I think you must be wrong about this, Perry. If this were the case then, as an employee of company XYZ, I would never be permitted to buy XYZ stock (which is clearly not the case) since I *always* have information that others outside the company do not (about staff changes, product plans and such). I suspect the deciding factor must have to do with the ability to execute actions which have substantial direct effects on the stock price (i.e. buying a company, declaring dividends, having a massive downsizing, etc.). -- Jeff From mark at unicorn.com Mon Jun 3 15:39:08 1996 From: mark at unicorn.com (Rev. Mark Grant, ULC) Date: Tue, 4 Jun 1996 06:39:08 +0800 Subject: [Noisy] More curfews (was Re: opinions on book "The Truth Machine") Message-ID: On Sat, 1 Jun 1996, Adam Back wrote: > political climate. Having just read your post on curfews my response > was what the fuck, are you serious? It totally amazes me that public > opinion has got to the stage that something like this would be > accepted. Interesting that the day after you posted this the front-page of the UK's major newspapers carried a story about the Labour party proposing precisely the same thing in the UK. Of course the cops already have surveillance cameras all over the place. > I'm not sure where I would stand on this legally, but I have so far > resisted the temptation to tell them it's none of their business. I tried it a few weeks ago when they stopped me for a random breath test (illegal as far as I know) after following me for three miles while I scrupulously obeyed the law. They originally claimed that they had stopped me randomly, because "that's what I pay them for", but when I questioned the legality they decided that I'd crossed the centerline while passing a parked car and therefore must be drunk (even though my car was too wide to not cross the line). In other words, I don't think they care about the legal issues. Still, I suppose it's better than being stopped for "driving at 2:30 in the morning" again. Hmm, who said the UK didn't have a curfew already? > They are I think > talking about making it law that all target pistols must be kept at > the gun club (whereas currently you can take them home to clean (but > not shoot)). Gun-thieves will love that one. Why steal them one at a time when you can steal twenty or thirty in one go? Mark "Out of Europe in a few more days" Grant From norm at netcom.com Mon Jun 3 15:50:03 1996 From: norm at netcom.com (Norman Hardy) Date: Tue, 4 Jun 1996 06:50:03 +0800 Subject: Fate of Ecash if RSA is cracked? Message-ID: At 8:01 AM 6/3/96, Perry E. Metzger wrote: >Dr. Dimitri Vulis writes: .... >> This'll happen, probably sooner than later. > >Why do you assume that? There are plenty of problems that are >provably not solvable in non-exponential time even if P=NP. What makes >you think this one is going to be solved? > >.pm The "Idea Futures" forum has established odds on this. The current odds are currently 60% that a 1024 bit number will be factored by 2010 and 30% that a 512 bit number will be factored by 1997. See for Idea Futures and for odds for various questions. From hwh6k at fulton.seas.virginia.edu Mon Jun 3 15:59:42 1996 From: hwh6k at fulton.seas.virginia.edu (Henry Huang) Date: Tue, 4 Jun 1996 06:59:42 +0800 Subject: Security of PGP if Secret Key Available? Message-ID: <199606031648.MAA31489@fulton.seas.Virginia.EDU> On Jun 3, 2:36, "Robert A. Hayden" wrote: > However, I got to wondering about the security of PGP assuming somebody > trying to read my PGPed stuff has my 1024-bit secret key. ie, if I have > it on my personal computer, and somebody gets my secret key, how much > less robust has PGP just become, and what are appropriate and reasonable > steps to take to protect this weakness? If someone else has your secret key, it's safe to assume you're toast. ;) Better a new key and revocation certificate before the forgeries start (or before someone ELSE does before you ... ). More specifically, if you've failed to assign a passphrase to your secret key, you ARE toast, because anyone can just pick it up and use it. If you did use a passphrase, it becomes a question of breaking either the passphrase, or the IDEA algorithm used to encrypt your secret key. It's usually a lot easier to break the passphrase than it is to brute force IDEA. See the PGP Passphrase FAQ (http://www.stack.urc.tue.nl/~galactus/remailers/passphrase-faq.html) and Arnold Reinhold's page (http://world.std.com/~reinhold/papers.html) for more details. -H From perry at piermont.com Mon Jun 3 16:07:12 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 4 Jun 1996 07:07:12 +0800 Subject: Saw this on CNN: Anonymous Stock tips over IRC as bad??? In-Reply-To: <199606031507.LAA15317@jafar.sware.com> Message-ID: <199606031632.MAA05439@jekyll.piermont.com> Jeff Barber writes: > IANAL, but I think you must be wrong about this, Perry. Nope, I'm not. > If this were the case then, as an employee of company XYZ, I would > never be permitted to buy XYZ stock (which is clearly not the case) > since I *always* have information that others outside the company do > not (about staff changes, product plans and such). Funny, that, ain't it. Well, yes, as I noted, the law is very broad, and selectively enforced. However, yes indeed -- if you know that Secure Ware is introducing SuperBozo 2000 next week by virtue of your employment, and you know it will drive up the stock price, and SuperBozo 2000 is a deep dark secret, and you load up on shares in the expectation of making money from that rise, you are indeed cruising for a visit from the friendly boys at Stock Watch. > I suspect the deciding factor must have to do > with the ability to execute actions which have substantial direct effects > on the stock price (i.e. buying a company, declaring dividends, having a > massive downsizing, etc.). There is no real deciding factor other than what a jury will buy. The law is very broad and extremely vague. It is selectively enforced. A lot of what is and isn't a violation is based entirely on prosectorial discretion. Welcome to the world of securities regulation, where you live under a government of men, not of laws, and SEC edicts, er, no-action letters are needed before you sneeze because everything you do every day is probably a crime somehow. Perry From shamrock at netcom.com Mon Jun 3 16:21:01 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 4 Jun 1996 07:21:01 +0800 Subject: Java Crypto API questions Message-ID: At 2:17 6/3/96, Jeff Weinstein wrote: >> Sun can export the signature though. The vendor already has the package, >> they just need the sig/cert... > > Not likely. Sun will probably be required to agree not to do this >as a condition of exporting software with "pluggable crypto". Software >with hooks for crypto functions is treated the same as the actual crypto >as far as the ITAR is concerned. Then how can Sun claim that their system is 1. Exportable 2. Does RC-4 and DES? The Java Crypto AIP presentation slides that are available on Sun's website clearly make both claims. Unfortunately, the feedback address that Sun provides in the slides is unknow to their mailserver (at least it was last week) and no further information seem to be avaiable about their "public and open" policy. Confused, Disclaimer: My opinions are my own, not those of my employer. -- Lucky Green PGP encrypted mail preferred. From ses at tipper.oit.unc.edu Mon Jun 3 16:21:16 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Tue, 4 Jun 1996 07:21:16 +0800 Subject: Java Crypto API questions In-Reply-To: <199606031521.IAA12484@mail.pacifier.com> Message-ID: On Mon, 3 Jun 1996, jim bell wrote: > > But you haven't explained why somebody can't export JUST the signature. You > know, import the software, have Sun sign it domestically, strip off everything that isn't a > signature, and export the signature. Append it to the un-imported code > outside the country. Ancillary device... It's pretty clear cut. Simon From shamrock at netcom.com Mon Jun 3 16:28:49 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 4 Jun 1996 07:28:49 +0800 Subject: Why PGP isn't so ubiquitous (was NRC Session Hiss) Message-ID: At 21:33 6/2/96, Deranged Mutant wrote: >The reasons PGP hasn't become widely used are because of it's lack of >user-friendliness and poor integration into other tools, irregardless >of S/MIME. I concur. It is that lack of integration that gave S/MIME the space to grow in. Now it is too late to achieve the market dominance that PGP should have achieved long ago. S/MIME *will* be the email encryption standard used by Joe Sixpack. Disclaimer: My opinions are my own, not those of my employer. -- Lucky Green PGP encrypted mail preferred. From sandfort at crl.com Mon Jun 3 16:32:53 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Tue, 4 Jun 1996 07:32:53 +0800 Subject: DEMOGRAPHICS v. ANONYMITY Message-ID: <2.2.32.19960603171454.00717340@popmail.crl.com> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ C'punks, At 07:19 AM 6/3/96 +0200, "Senator Exon" wrote: >... demographic data on big spenders is worth more than >anonymous cash from people who buy packages of gum. Much >more. A true, but irrelevant. The correct dichotomy is between demographic data on big spenders and anonymous big spenders. Yes, it would be nice to have demographics on everyone, but demographics are secondary to sales. >An economy of big spenders is worthless unless they're in >your store. The cards give evidence of who spends in your >store, so you target your advertisements accordingly. Of course, there are other ways to get demographics and other ways to target advertising and other ways to get big spenders into your store. >I also shop only with cash, here and elsewhere. >Double-blinded e-cash will be the only way to go, if it >ever is the way to go. And I bet they don't turn down your cash just because it contains no demographic data. Thus demonstrating the pragmatism of the market with regard to anonymity. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From perry at piermont.com Mon Jun 3 16:37:46 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 4 Jun 1996 07:37:46 +0800 Subject: Fate of Ecash if RSA is cracked? In-Reply-To: Message-ID: <199606031810.OAA05553@jekyll.piermont.com> Norman Hardy writes: > At 8:01 AM 6/3/96, Perry E. Metzger wrote: > >Dr. Dimitri Vulis writes: > .... > >> This'll happen, probably sooner than later. > > > >Why do you assume that? There are plenty of problems that are > >provably not solvable in non-exponential time even if P=NP. What makes > >you think this one is going to be solved? > > The "Idea Futures" forum has established odds on this. The current odds are > currently 60% that a 1024 bit number will be factored by 2010 and 30% that > a 512 bit number will be factored by 1997. Thats totally different from a high speed polynomial time factoring algorithm. Thats saying we can factor bigger numbers with time. Exponential growth still holds, however. .pm From br at doppio.Eng.Sun.COM Mon Jun 3 16:46:35 1996 From: br at doppio.Eng.Sun.COM (Benjamin Renaud) Date: Tue, 4 Jun 1996 07:46:35 +0800 Subject: Java Crypto API questions Message-ID: <199606031746.KAA01680@springbank.eng.sun.com> Martin Minow (minow at apple.com) writes: [...] |-- Policies = Assertions + Capabilities. That's what my notes Policies are statements like: "code endorsed by any one of the following signatures (say three of my friends) can access the public part of my file system" This is hard. It's probably not going to make it in the first release. The simple first pass is to say "code signed by x, y, and z" can do whatever it wants. |-- Feedback to security-api at java.sun.com. The alias had some trouble over the week-end. It should be working fine now. -- Benjamin From vile at apdg.com Mon Jun 3 16:57:34 1996 From: vile at apdg.com (Kurt Vile) Date: Tue, 4 Jun 1996 07:57:34 +0800 Subject: "Insider Non-Trading" (Re: Insider Trading and InsideInformation) In-Reply-To: Message-ID: <9606031802.AA12382@smile.apdg.com> tcmay at mail.got.net wrote: >The SEC tumbled to this some time ago, and now demands that all >those who are insiders, or who are married to insiders, or who are >golfing buddies of insiders register their trading intentions 90 >days in advance of any transaction. (This will increase to 120 days >in 1997, and 180 days the following year.) Those intentions in all likelyhood will not be binding...When I used to work for Swiss Bank Corp, the SEC demanded that any person who was privy to trading information (basically everyone) had to file for approval before making a transaction. This approval was non-binding. I don't think the SEC has the power to mandate that a entity commit to a trade 180 days before the trade is suppose to happen, after all the instrument the entity is registering their intent to make a trasaction in; could have something horrible happen to it within 180 days (apple could blow up their headquarters for example) The SEC may however have the power to request a reason for your decision not to make the transaction. Which seems like it would be alot of work, since their are tons of and tons of approvals that get made. (I know alot of people who would make a request to trade something, not do a trade, but have another request become active when the original request expired (they give you a 2 week window or so)) --Kurt From bruce at aracnet.com Mon Jun 3 17:06:58 1996 From: bruce at aracnet.com (Bruce Baugh) Date: Tue, 4 Jun 1996 08:06:58 +0800 Subject: PGP's ubiquity (was Re: NRC Session Hiss) Message-ID: <2.2.32.19960603182730.006afff8@mail.aracnet.com> At 09:15 PM 6/2/96 -0700, Lucky Green wrote: >That PGP is ubiquitous is subject to discussion. PGP is widely available, >but that doesn't mean that it is widely used. What percentage of email is >PGP encrypted? Less than half a percent? Much, much less than that. I get about five hundred messages a day. On the average day, none of them are PGP-encrypted. On the average _week_, none of them are PGP-encrypted. And by virtue of having a PGP key signed and on the servers, I'm better prepared to send and receive such mail than at least 99.9% of the net.population. >PGP was a failure in the mass market, regardless how popular it may be >with some subscribers of this list. True, and important. In one sense it doesn't matter how good a security system is if a manageable set of people are the only ones using it. There are only a few thousand IDs in the key servers, and vast majority of those, I'd guess, are like me in not using PGP routinely. But even if we were, the institutions of the State have experience in the long-term surveillance of groups quite a bit larger than us. This is where I think some forms of cyber-elitism fail. So I've got access to darned good tools. The State has numbers and resources, and memes about how the masses do right when they acquiesce, on its side. We are not, I think, particularly secure in an environment where the very fact of using secure tools stands out from the herd. But what the herd needs are good tools with good simple front ends, and a) those who design the tools generally don't care about the herd and so do nothing to get outside the crypto ghetto and b) those in a position to design the front ends generally have more immediately rewarding things to do or don't know about the tools themselves. Five years ago I was quite optimistic about strong security as an important element in bringing about the post-statist society I desire. Now I'm pessimistic. I just don't see signs of the stuff spreading sufficiently. And while S/MIME has interesting features (based on what I've read so far), the default 40-bit setup is basically no protection at all. And I know just how hard it is to get people comfortable using non-default features. -- Bruce Baugh bruce at aracnet.com http://www.aracnet.com/~bruce From tcmay at got.net Mon Jun 3 17:17:16 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 4 Jun 1996 08:17:16 +0800 Subject: Crypto APIs Considered Harmful Message-ID: A typo when I wrote: 2. Eliminates a reason for controlling the distribution and export of browsers, mailers, newsreaders, etc. Imagine the glum reaction of the NSA when they realize that they can't control these programs, because the "crypto hooks" are only the hooks to basic message payloads...and they control these. ^ *can't* I meant to include the "can't." A Web browser with no hooks for crypto absolutely will not be export-controlled. But if users in Slovakia and Beninia can _see_ the messages, as they of course can, then crypto programs they supply themselves can of course see and act on the messages. (Copying to a clipboard, for example, and lots of other ways.) No way the NSA can control that. Concentrating on integrating crypto tightly into commercial programs is playing the NSA's game. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From br at doppio.Eng.Sun.COM Mon Jun 3 17:33:05 1996 From: br at doppio.Eng.Sun.COM (Benjamin Renaud) Date: Tue, 4 Jun 1996 08:33:05 +0800 Subject: Java Crypto API questions Message-ID: <199606031855.LAA01849@springbank.eng.sun.com> |Unfortunately, the feedback address that Sun provides in the slides is |unknow to their mailserver (at least it was last week) and no further |information seem to be avaiable about their "public and open" policy. In the actual talk, I said "will be public and open", that is when we actually announce the policy it will be public and open. The things that are certain about it is that it will be constrained only by export considerations, and that we'll sign competitors' packages. I am hoping that I can get a spec document for the API ready by the end of the month. By then we will have more details regarding the export stuff. In the meantime, I'll see if we can get an interim FAQ together. The security-api at java.sun.com address should be working now. -- Benjamin From bruce at aracnet.com Mon Jun 3 17:39:13 1996 From: bruce at aracnet.com (Bruce Baugh) Date: Tue, 4 Jun 1996 08:39:13 +0800 Subject: Why PGP isn't so ubiquitous (was NRC Session Hiss) Message-ID: <2.2.32.19960603182733.006b6250@mail.aracnet.com> At 04:33 AM 6/3/96 +0000, Deranged Mutant wrote: >In part because it's not well integrated with mailers. That could >change with a PGP3 DLL. I have a growing feeling that PGP 3 is never going to happen. Or that if it does, it will happen only after the passage of more draconian anti-privacy laws, and the guys working on it will be forced to include sundry backdoor stuff or drop it altogether. I suspect someone could do quite nicely by going ahead and developing a 2.6.2 or 2.6.3 DLL. -- Bruce Baugh bruce at aracnet.com http://www.aracnet.com/~bruce From frantz at netcom.com Mon Jun 3 17:40:31 1996 From: frantz at netcom.com (Bill Frantz) Date: Tue, 4 Jun 1996 08:40:31 +0800 Subject: Fate of Ecash if RSA is cracked? Message-ID: <199606031845.LAA26772@netcom7.netcom.com> At 5:04 AM 6/3/96 +0000, Greg Miller wrote: >On Sun, 2 Jun 1996 17:42:49 -0500 (CDT), you wrote: > >>What would happen with all ecash that's been issued? Of course >>criminals would be able to forge large amounts of authentic-looking >>ecash, so banks should not be honoring requests to convert e-cash into >>real cash. > > As I understand it, ecash shouldn't be withdrawn until shortly before >it >is spent. If the RSA algorithm is broken, then then banks could refuse the >withdrawal (and depositing) of money as ecash. The remainder of the money in >each users' account would have to be withdrawn through conventional methods. > > Of course all the outstanding (between withdrawl and deposit) ecash >could be a problem. Banks running Digicash might be able to credit you account for cash on your disk using the same mechanisms they use to recover your ecash after a hard disk crash. You shouldn't need too much electronic identification since the only result is to move money to yourself. ------------------------------------------------------------------------ Bill Frantz | The CDA means | Periwinkle -- Computer Consulting (408)356-8506 | lost jobs and | 16345 Englewood Ave. frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA From jimbell at pacifier.com Mon Jun 3 17:48:37 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 4 Jun 1996 08:48:37 +0800 Subject: Java Crypto API questions Message-ID: <199606031915.MAA25368@mail.pacifier.com> At 11:20 AM 6/3/96 -0400, RHS Linux User wrote: > > >On Mon, 3 Jun 1996, Jeff Weinstein wrote: > >> Andrew Loewenstern wrote: >> > >> > Sun can export the signature though. The vendor already has the package, >> > they just need the sig/cert... >> >> Not likely. Sun will probably be required to agree not to do this >> as a condition of exporting software with "pluggable crypto". Software >> with hooks for crypto functions is treated the same as the actual crypto >> as far as the ITAR is concerned. > >When Microsoft announced their crypto API, they also announced that their >signatures on crypto modules would be export-restricted. That doesn't mean that they are, LEGALLY, export-restricted. Microsoft can't generally bind third parties to agreements with the government. Even in circumstances where it might appear that they can enter into an agreement with a customer, Microsoft is sufficiently big that any terms it forces on customers are automatically suspect of being oppressive, especially if there is no valid business reason for a particular restriction. Besides, a violation of any such agreement is merely a violation of an agreement with Microsoft, not the USG. It is unlikely Microsoft is going to take individual customers of their customer to court for violation of some no-export agreement. > According to >e-mail I received from a Microsoft employee on the project, the act of >signing was considered a "defense service" under ITAR, so exporting the >signature would somehow be performing defense services for foreign >persons. Even if it is arguable that the signing of a piece of software constitutes a "defense service," that service is performed for somebody, domestically, who delivers that software to Microsoft. Once that software is signed, the "defense service" is over and done with. At that point, you merely have an object, a signature, which cannot encrypt or decrypt data. It is even less useful than a microprocessor or RAM at facilitating encryption. It makes slightly less sense to me than the rest of the crypto >export restrictions do, but I guess that's the deal that Microsoft worked >out with the Feds in order to be allowed to do a crypto API at all. I think you've hit the nail on the head: The Feds were well aware that Microsoft had plenty of money to challenge them in court, and they would almost certainly have lost. So the Feds gave in on the API issue, and in exchange Microsoft agreed to publicly state that "the signatures on crypto modules would be export-restricted." Doesn't make it so. Jim Bell jimbell at pacifier.com From tcmay at got.net Mon Jun 3 17:52:13 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 4 Jun 1996 08:52:13 +0800 Subject: Crypto APIs Considered Harmful Message-ID: There are obviously lots of snags and restrictions being imposed on crypto APIs. "Hooks for crypto" lead to trouble of various sorts. Well, we've talked about this before, but I'll say it again: * For now and for the foreseeable future, maybe the focus should be on better and more efficiently integrating crypto (e.g., straight PGP) with the _contents_ of programs (e.g, the innermost pure text blocks, such as what you are now reading). The integration can be done separately and orthogonally from the basic crypto package, just as PGP did. * This is largely, in my opinion, what made PGP so popular. Whether one had a PC. a Mac, an Amiga, various flavors of Unix, etc., one could send and receive messages with PGP to other users, regardless of their platforms or their choice of mailers, editors, word processors, newsreaders, or browsers. This was because PGP was a "payload-centric" (to coin a phrase) program. * PGP did not need to know any details of the message headers, MIME sorts of stuff (though a MIME field for PGP exists, as I understand it). Thus, there were no "hooks" in PGP for specific mailers, editors, etc., except things people added later. * Better integration is needed between crypto and mailers, editors, Web browsers, but then this runs smack into the "crypto API" issue. (It also narrows the richness of applications, in the sense that if a lot of work goes into "Netscape 4.x with S/MIME," as a likely example, then there are fewer combinations of crypto + tools.) Thus, it seems to me that we gain more overall leverage, and more flexibility, and less hassle from the ITAR folks, if more of the focus is kept on the "crypto API" it is essentially impossible to control: the message payload. So long as ASCII (or Unicode, increasingly) message blocks can be handled by a variety of editors, mailers, news programs, browsers, etc., it will be impossible to stop users from using crypto on these blocks. But if crypto is tied to specific browsers, mailers, etc., this gives the NSA and ITAR office a way to impose limits. I think there are a _lot_ of advantages to maintaining orthogonality, to _not_ more tightly integrating crypto with mailers and browsers. Sure, it would be very nice if hooks existed. But the fact is that this gives the NSA an avenue for restricting export of programs (e.g., Netscape), and such restrictions may cause companies like Netscape to compromise by giving _everyone_ a "weaker-but-more-tightly-integrated" crypto package. I would rather have a "strong-as-I-wish-but-loosely-integrated" package! (Greater convenience can be handled on a platform-by-platform basis, possibly easier than trying to get industry-wide compliance with a crypto API spec. Thus, on the Mac it is possible to have macros or scripts which take a received message (from whatever source and with whichever mailer, browser, etc.), process the message block, and return the result to another window or as a file. MacPGP mostly works this way, and other enhancements exist as well. At no point was the basic spec for PGP affected, and no "crypto API" was needed....since the fact that we can _see_ and _read_ messages is in fact the crypto API!) * Disadvantages of Not Having Crypto APIs in Popular Packages 1. Many users, especially those just getting on the Net, want "all-in-one" turnkey programs. Not having crypto APIs built into Netscape Navigator, for example, will reduce the number of users of crypto. (On the other hand, if most new users are using Navigator 4.x "now with extra strong 47-bit crypto," they at least get into the habit of using crypto and can "graduate" up to crypto packages external to Navigator, so maybe it won't be a disaster for Netscape to offer NSA-approved crypto APIs, so long of course as external packages can access the message blocks freely.) 2. Not having APIs may affect digital commerce, as robust systems involving many transfer points should have robust links to message internals, and not rely on something so potentially prone to error and glitches as a bunch of macros and scripts. (Can be done, but having a bunch of Macs and PCs communicating with a bunch of clipboard macros...ugh!) * Advantages of Not Having Crypto APIs in Popular Packages 1. Separates the development of strong crypto from the development of browsers, mailers, etc. (I'm not saying Netscape, for example, is developing the algorithms, but by including integrated crypto they are automatically in the loop on developments...and maybe it would be better if they weren't.) 2. Eliminates a reason for controlling the distribution and export of browsers, mailers, newsreaders, etc. Imagine the glum reaction of the NSA when they realize that they can't control these programs, because the "crypto hooks" are only the hooks to basic message payloads...and they control these. 3. Orthogonality and independent development means the _best_ crypto (PGP, S/MIME, whatever...) can be combined with whichever mailers and browsers people want to use. Netscape users will not be limited to S/MIME, for example, with its strange notions of where the signatures belongs, or its default key size. 4. In some sense, the "basic data structure" of nearly all personal communications _is_ the basic ASCII (or Unicode, rich MIME, etc.) message. At least for the things most _personal_ users are now sending. (I acknowledge that business users have needs for richer data structures. As noted in Disadvantage #2, running a commerce system (think of SWIFT) with macros and scripts reaching into message blocks...shudder! But business users can work out separate plans.) 5. Finally, placing more of a focus on the messages and not on crypto APIs for currently popular programs like Microsoft Explorer and Netscape Navigator makes better use of scarce programming resources. And it is, in my opinion, a more "grassroots" and "cypherpunkish" thing to do than to try to work with large corporations to integrate tools into their programs. (The NSA would clearly rather have crypto tools tightly integrated into popular programs, despite what some have said. It gives them control and it's easier for them to jawbone Netscape and Microsoft than a million users.) Obvious points. But in light of all the recent moves to limit deployment of crypto by limiting the "crypto API" approaches, it's useful to remember that for most applications, the message payload is perfectly suited for carrying digital signatures, encrypted blocks, etc. They can't stop the messages, can they? --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From unicorn at schloss.li Mon Jun 3 18:05:22 1996 From: unicorn at schloss.li (Black Unicorn) Date: Tue, 4 Jun 1996 09:05:22 +0800 Subject: Saw this on CNN: Anonymous Stock tips over IRC as bad??? In-Reply-To: <199606031507.LAA15317@jafar.sware.com> Message-ID: On Mon, 3 Jun 1996, Jeff Barber wrote: > Perry E. Metzger writes: > > > Timothy C. May writes: > > > > And, how can someone who acts on overheard information--as in the elevator > > > example Sandy cited--be charged with any crime? Unless they are "insiders," > > > covered by SEC rules about trading, they are free to act on essentially > > > anything they hear. > > > > No, I'm afraid they aren't. Under the rules, if you have nonpublic > > information, even if you are not a corporate officer, you are an > > insider for purposes of "insider trading" and your trades are illegal. > > > > (To elaborate on this: I was never classified as an "insider" during my > > > time at Intel, and I certainly bought and sold the stock based on what > > > products and news I knew was coming out or what rumors I'd heard. Only a > > > select group of executives and staff in the specific departments generating > > > earnings announcements, auditing, etc., were covered. > > > > Only they were covered by the rules that require registration of all > > trades, you mean. You are completely confusing two uses of the word > > "insider". > > IANAL, but I think you must be wrong about this, Perry. If this were > the case then, as an employee of company XYZ, I would never be permitted > to buy XYZ stock (which is clearly not the case) since I *always* have > information that others outside the company do not (about staff changes, > product plans and such). I suspect the deciding factor must have to do > with the ability to execute actions which have substantial direct effects > on the stock price (i.e. buying a company, declaring dividends, having a > massive downsizing, etc.). Incorrect. The deciding factor is the court's determiniation of whether the information was "material non-public information." As the question of materiality is vague, subjective and subject to whim, even a low level employee is risking time and fines. Often materiality has exactly zero to do with what effect it may have on stock price. There is a simple solution to avoiding liability. Don't trade in your own company's stock. You make the case that it is somehow shocking to think that an employee wouldn't be able to buy stock in their employer. Such restrictions have existed for decades. Why are you so stunned? > > > -- Jeff --- My preferred and soon to be permanent e-mail address:unicorn at schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information Opp. Counsel: For all your expert testimony needs: jimbell at pacifier.com From perry at piermont.com Mon Jun 3 18:08:54 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 4 Jun 1996 09:08:54 +0800 Subject: Saw this on CNN: Anonymous Stock tips over IRC as bad??? In-Reply-To: Message-ID: <199606031918.PAA05670@jekyll.piermont.com> Black Unicorn writes: > Incorrect. > The deciding factor is the court's determiniation of whether the > information was "material non-public information." As the question of > materiality is vague, subjective and subject to whim, even a low level > employee is risking time and fines. Often materiality has exactly zero > to do with what effect it may have on stock price. Mr. Unicorn has it exactly right. > There is a simple solution to avoiding liability. Don't trade in your > own company's stock. In reality, of course, you are fairly safe so long as no one is looking for your head and you aren't trading based on company secrets. However, in theory, its possible to prosecute almost anyone. > Such restrictions have existed for decades. Why are you so stunned? I guess this is all obvious to wall streeters like me, who live day to day with yellow xeroxed sheets being mass distributed to all employees informing us of the names of 150 companies that the firm has had peripheral dealings with recently that we aren't allowed to trade for some indeterminate period of time. People who don't live in regulatory paranoia land often just don't get that the SEC's regulatory authority is broad, based on very vague statutes, and capriciously applied. Thats reality, folks. I suppose since most people have never experienced it they don't understand what it's like.... Perry From WlkngOwl at unix.asb.com Mon Jun 3 18:29:55 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Tue, 4 Jun 1996 09:29:55 +0800 Subject: Security of PGP if Secret Key Available? Message-ID: <199606032026.QAA08222@unix.asb.com> With the MD5 collisions, can it be shown that plaintext passphrases are more likely to map to certain hashes than others? (And hence IDEA key search space reduced?) Just speculation. Rob. On 3 Jun 96 at 2:36, Robert A. Hayden wrote: [..] > However, I got to wondering about the security of PGP assuming somebody > trying to read my PGPed stuff has my 1024-bit secret key. ie, if I have > it on my personal computer, and somebody gets my secret key, how much > less robust has PGP just become, and what are appropriate and reasonable > steps to take to protect this weakness? --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From frissell at panix.com Mon Jun 3 18:36:38 1996 From: frissell at panix.com (Duncan Frissell) Date: Tue, 4 Jun 1996 09:36:38 +0800 Subject: Saw this on CNN: Anonymous Stock tips over IRC as bad??? Message-ID: <2.2.32.19960603200355.0075cc58@popserver.panix.com> At 11:23 AM 6/3/96 -0400, Perry E. Metzger wrote: >No, I'm afraid they aren't. Under the rules, if you have nonpublic >information, even if you are not a corporate officer, you are an >insider for purposes of "insider trading" and your trades are illegal. Though if I trade based on my non public knowledge that the Gray Aliens will strike at Midnight on 31 December 1999, I am probably safe. Doesn't the non-public knowledge have to have been generated or concern internal company information (or the intentions of a publisher or buyer concerning the company). If info that is too far removed is included then any stock analysis system would be illegal. Note BTW that the Feds lost almost all of the '80s insider trading cases that actually went to trial. They only won 2 or 3 that went through the full trial and appeals process. That is a very poor record since prosecutors usually have an 80-90% success rate in criminal trials. >Securities laws are extremely complex, extraordinarily broad, and >subject to extremely flexible interpretation. I would suggest not >attempting to skate a fine line near them -- the ice is very thin. And like most federal criminal procedures based more on hype than reality. One should emulate the head of Princeton Securities who showed up for settlement negotiations with the Feds wearing a "Shit Happens" baseball cap. All charges dismissed on appeal. I do think though that many actual "inside traders" are pretty dumb since it is not hard to trade securities anonymously. DCF From perry at piermont.com Mon Jun 3 18:41:49 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 4 Jun 1996 09:41:49 +0800 Subject: Saw this on CNN: Anonymous Stock tips over IRC as bad??? In-Reply-To: <199606031918.PAA15670@jafar.sware.com> Message-ID: <199606032029.QAA05821@jekyll.piermont.com> Jeff Barber writes: > I trust it won't stun you to find that many, many large and even small > corporations -- including my current employer [*NOT* SecureWare, BTW, > despite the email address] -- actually encourage their employees to buy > stock by offering stock purchase plans as a benefit of employment. Yup. Indeed, its perfectly legal and even common to trade in the stock of your own company, even if you are a corporate officer. HOWEVER, that doesn't mean that you are safe against insider trading charges. > So perhaps Tim over-simplified by saying that there were no limits on > what ordinary employees could do. OTOH, it seems that Perry also > over-simplified by flatly stating that Tim's trades while an Intel > employee were "illegal". First of all, I never said that Tim's trades were illegal -- indeed, I never mentioned Tim except to say that following his advice didn't seem like a particularly safe course to take. Second of all, I can't comment on whether Tim's trades were within the letter of the law or not. Indeed, it would be difficult even if one knew all the circumstances since the definition of "material non-public information" is so hard to pin down. The point of all this was not that one shouldn't participate in the employee payroll stock purchase plan. The point was that a random person on the street who gets told a 'hot tip' is probably subject to the insider trading laws, never mind that he wasn't an employee or what is conventionally thought to be an "insider". Perry From raph at cs.berkeley.edu Mon Jun 3 18:41:53 1996 From: raph at cs.berkeley.edu (Raph Levien) Date: Tue, 4 Jun 1996 09:41:53 +0800 Subject: NRC Session Hiss In-Reply-To: <199606030150.BAA27932@pipe2.t1.usa.pipeline.com> Message-ID: <31B34402.3B2C@cs.berkeley.edu> Lucky Green wrote: > That PGP is ubiquitous is subject to discussion. PGP is widely available, > but that doesn't mean that it is widely used. What percentage of email is > PGP encrypted? Less than half a percent? Full agreement here. Further, nothing that the PGP people are doing seems likely to fundamentally change this fact. > PGP was a failure in the mass market, regardless how popular it may be > with some subscribers of this list. The email encryption method that *will* > be ubiquitous and that will cause PGP to be used only by a relatively > small fringe is S/MIME. Within a few months, S/MIME will be on the > desktops of some 20 million people. It, not PGP is the future standard. Yes. > Of course S/MIME will default to 40 bit RC-4 and carry the signatures > outside the encryption envelope. There is little doubt in my mind that > the pannel will find it much easier to support than PGP. Actually, this is the case in the current standard, but in the next one, it might change. I'll try to bring cypherpunks up to date - the debate is still happening on the smime-dev mailing list. A couple of weeks ago, one of RSA's consultants in Washington got what appears to be approval for certain relaxation of the export rules for S/MIME. The rules themselves apply to S/MIME only. They are also quite confusing, mostly because capabilities for message sending and message receiving are so asymmetric. I'll try to briefly summarize the characteristics of exportable S/MIME clients here. Signature generation is quite good - signatures can be generated and verified at 2048 bits. This applies both to messages and certificates. The limitations apply to encryption only. Basically, an exportable S/MIME client can transmit messages up to 1024/40 bit RSA/RC2 (or RSA/DES), and receive messages up to 512/64 bit RSA/RC2 (or RSA/DES, but in the latter case I would imagine it's actually restricted to 512/56 because of the keysize of DES). Note that the asymmetry actually points in different directions for the public and symmetric keysizes. Most users of exportable clients will want to generate separate RSA keys for signatures and encryption, otherwise signatures would be limited to 512 bits. In any case, the fact that RSA keysizes are linked to symmetric keysizes is _extremely_ good news. It means that that it is possible to tell whether the recipient is an export version or not. If the keysize is 512 bits or less, the default algorithm should be 64-bit RC2. Otherwise, it should be 168-bit Triple-DES. If you work it out, you'll see that this policy will not cause any interoperability problems. For example, if the default encryption algorithm were simply changed to Triple-DES, then export clients would be unable to read the message at all. I'm pushing to get this policy codified in the S/MIME implementation guidelines and also widely implemented. If this happens, there really wouldn't be much point in trying to keep PGP alive. Of course, the division into export and domestic versions would still probably ensure that most of the clients in the field were restricted to export-grade, but I think it's likely that the population of non-export clients will far exceed that of PGP, so it's progress in any case. Also, if S/MIME catches on, it creates a fabulous opportunity for a company outside the US to market good S/MIME clients. Raph From jwilk at iglou.com Mon Jun 3 19:01:59 1996 From: jwilk at iglou.com (Blake Wehlage) Date: Tue, 4 Jun 1996 10:01:59 +0800 Subject: Idea 'bout banning the internet Message-ID: What if in the future a country banned the internet and all things that had to deal with it (ie- telnet, irc). It would be the "underground" thing. Just a thought, it would really suck! As I think about it it is impossible or is it???? Hell the usa cant even ban porn let alone the whole thing. They could ban it like they did fizzies. Hey there making a comeback did you here now they have nutrasweet in them. If you know what fizzies are than your pretty kewl. I'm only 13 and love then they are the drink of the future!!!! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Blake "Pokey" Wehlage Gaa- 3.69 Record- 2-4-4 Age- 13 Final Standings- 2nd Place (Beat in Championship) President & Founder: Revolution Software "I have the fastest glove in the east!" Profanity Software "Hackers never stop hacking they just get caught" VSoft My life- Rarely eat or sleep, Hack til' 7:00a, goto school, play goalie til' 8:00p, hack til' 7:00a Hank Aaron- d:-)!-< Pope- +<:-) Santa Claus- *<:-) The Unabrower |:-) Current Girlfriend(s)- Lindsey Wilcox, Laura Schubring Personal Quote- Mr Plow, thats my name, that name aguin is Mr. Plow -Homer Simpson ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From hoz at univel.telescan.com Mon Jun 3 19:05:55 1996 From: hoz at univel.telescan.com (rick hoselton) Date: Tue, 4 Jun 1996 10:05:55 +0800 Subject: Saw this on CNN: Anonymous Stock tips over IRC as bad??? Message-ID: <199606032018.NAA03658@toad.com> >Perry E. Metzger writes: >> Timothy C. May writes: Suggestion #1: Never get your legal advice from cypherpunks newsletter. Suggestion #2: If you absolutely can't resist going against Suggestion #1, then listen carefully to Perry. As just a lowly programmer around here, I have often been told that I would be breaking the law if I trade on some piece of information before it becomes public. I am not such an "insider" that I must register my trades 90 days in advance. I've read the actual statute. (though I am not a lawyer and, these days, even lawyers don't know what a law means until the final verdict) You might also want to ask Ivan Boeskey(sp?). I think he's out of Federal prison by now. He's the guy that cut a deal with the Feds to give him time to sell a few billion dollars worth of stock before being arrested, so that he could pay his fine. Once he was arrested, the value of those stocks fell. It looks to me like he and the Feds traded on inside information so that he could pay his fine for trading on inside information. He still went to jail, and he had enough money for good lawyers. Imagine what would happen to me! >IANAL, but I think you must be wrong about this, Perry. If this were >the case then, as an employee of company XYZ, I would never be permitted >to buy XYZ stock (which is clearly not the case) since I *always* have >information that others outside the company do not (about staff changes, >product plans and such). I suspect the deciding factor must have to do >with the ability to execute actions which have substantial direct effects >on the stock price (i.e. buying a company, declaring dividends, having a >massive downsizing, etc.). > > >-- Jeff > From jeffb at sware.com Mon Jun 3 19:07:26 1996 From: jeffb at sware.com (Jeff Barber) Date: Tue, 4 Jun 1996 10:07:26 +0800 Subject: Saw this on CNN: Anonymous Stock tips over IRC as bad??? In-Reply-To: Message-ID: <199606031918.PAA15670@jafar.sware.com> Black Unicorn writes: > Incorrect. > The deciding factor is the court's determiniation of whether the > information was "material non-public information." As the question of > materiality is vague, subjective and subject to whim, even a low level > employee is risking time and fines. Often materiality has exactly zero > to do with what effect it may have on stock price. > > There is a simple solution to avoiding liability. Don't trade in your > own company's stock. > > You make the case that it is somehow shocking to think that an employee > wouldn't be able to buy stock in their employer. Such restrictions have > existed for decades. Why are you so stunned? I trust it won't stun you to find that many, many large and even small corporations -- including my current employer [*NOT* SecureWare, BTW, despite the email address] -- actually encourage their employees to buy stock by offering stock purchase plans as a benefit of employment. They even make it convenient by deducting purchases from one's paycheck. Presumably then, we ordinary employees are so in-the-dark that any non-public information we do hold is considered non-material? So perhaps Tim over-simplified by saying that there were no limits on what ordinary employees could do. OTOH, it seems that Perry also over-simplified by flatly stating that Tim's trades while an Intel employee were "illegal". -- Jeff From froomkin at law.miami.edu Mon Jun 3 19:14:14 1996 From: froomkin at law.miami.edu (Michael Froomkin) Date: Tue, 4 Jun 1996 10:14:14 +0800 Subject: Saw this on CNN: Anonymous Stock tips over IRC as bad??? In-Reply-To: <199606031523.LAA05288@jekyll.piermont.com> Message-ID: On Mon, 3 Jun 1996, Perry E. Metzger wrote: [...] > Securities laws are extremely complex, extraordinarily broad, and > subject to extremely flexible interpretation. I would suggest not > attempting to skate a fine line near them -- the ice is very thin. Damn good advice, if you ask me. A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin at law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's warm and humid here. From shamrock at netcom.com Mon Jun 3 19:19:44 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 4 Jun 1996 10:19:44 +0800 Subject: Crypto APIs Considered Harmful Message-ID: At 11:06 6/3/96, Timothy C. May wrote: >So long as ASCII (or Unicode, increasingly) message blocks can be handled >by a variety of editors, mailers, news programs, browsers, etc., it will be >impossible to stop users from using crypto on these blocks. I agree. But it really doesn't matter. The goal of the governments is not to stop people that are willing to operate a crypto program on blocks of text. That goal would be impossible to achieve. The goal of the governments is to ensure that once Joe Sixpack clicks "Encrypt Mail" in Netscape or MS Mail, the resulting cyphertext can still be read, though not by Joe himself. It is *because* PGP operated on blocks of text and did not provide a decent API that Joe (and even Tim May) are still not encrypting the bulk of their email. PGP isn't being used, because it lacks the API. S/MIME doesn't lack the API and is therefore being supported by all the major players. >But if crypto is tied to specific browsers, mailers, etc., this gives the >NSA and ITAR office a way to impose limits. Crypto should not be tied to specific browsers and mailers. Nor should it be tied to a specific program such as PGP. That's why hooks and APIs are crucial to gaining market acceptance. [...] >Obvious points. But in light of all the recent moves to limit deployment of >crypto by limiting the "crypto API" approaches, it's useful to remember >that for most applications, the message payload is perfectly suited for >carrying digital signatures, encrypted blocks, etc. > >They can't stop the messages, can they? Of course not. Nor do they want to. A little leakage around the edges is fine, as long as the masses don't adopt strong crypto. And that is a given, thanks to PGP's lack of modularity. I am not just slamming PGP. It is not the only CP "friendly" software that was implemented in an outdated, application-centric way. This was fine some four years ago, when people were still using DA/Font Mover to install fonts on their Mac, but it isn't today. Today's realities of software development and customer expectations require that secondary functionality (in this example, sending and receiving mail is the primary functionality) such as encryption, message encoding, etc. are completely transparent and fully integrate in the software that provides the primary functionality. How many of you are still using UUencode (the stand-alone program) when emailing someone a binary file? How many of you are using the "Attach File" button in your mailer? How many more people are sending binary files via email now that you can click "Attach File" than did back when you had to use UUencode? I rest my case. Disclaimer: My opinions are my own, not those of my employer. -- Lucky Green PGP encrypted mail preferred. From anonymous-remailer at shell.portal.com Mon Jun 3 19:33:13 1996 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Tue, 4 Jun 1996 10:33:13 +0800 Subject: Surveillance Cameras Message-ID: <199606032014.NAA22221@jobe.shell.portal.com> Tim May wrote: >Today's newspaper (SJ Mercury News) carried a long article about >increasingly ubiquitous video surveillance cameras, and singled out the >U.K. as a place that is leading. There was a news report on this a couple of months ago. In addition to the government surveillance cameras, when there's a major crime in the U.K. the cops have started collecting all the security tapes from offices, gas stations, railway stations, etc, etc in the surrounding area and scanning them to try to find the culprits. The interesting things that they said were : 1. The cameras only reduce crime rates locally, as the criminals simply move to areas without cameras. 2. The real criminals (e.g. IRA bombers) know how to disguise themselves well enough that the cameras cannot easily be used to identify them. 3. The cameras are often pointed in the wrong direction, not switched on or aren't recording. A good example is the London club which was bombed a year or so back. The bomber walked up to the entrance and placed the bomb directly in view of the security camera. It was switched off at the time ... 4. Even when people are recorded, the resolution is often too poor to identify them. So it appears that the cameras are great for arresting people who urinate in bushes, but useless for catching real criminals. Alice de 'nonymous ... ...just another one of those... P.S. This post is in the public domain. C. S. U. M. O. C. L. U. N. E. From assassin at gladstone.uoregon.edu Mon Jun 3 19:33:48 1996 From: assassin at gladstone.uoregon.edu (assassin at gladstone.uoregon.edu) Date: Tue, 4 Jun 1996 10:33:48 +0800 Subject: Arms Trafficker Page Made CNN! Message-ID: <01I5H4HBQ11I8WW2JK@OREGON.UOREGON.EDU> Do you have the cnn story on .../arms-trafficker/? Just what mention of it was made? -A. From Clay.Olbon at dynetics.com Mon Jun 3 19:44:06 1996 From: Clay.Olbon at dynetics.com (Clay Olbon II) Date: Tue, 4 Jun 1996 10:44:06 +0800 Subject: Why PGP isn't so ubiquitous (was NRC Session Hiss) Message-ID: On Mon, 3 Jun 1996, TT wrote: >I think it is actually easy to use, although granted others may not; but >that people tend not to use it as a matter of course (and it is my belief >this is a desireable thing) due too the time taken to manually sign mail >or sign and encrypt. Lets face it the average user has trouble with a >dos command prompt and until there is a point and click emailer easily >available most people just won't try PGP for email. Most people I have encountered don't use PGP because of the initial learning curve, more than the overall ease of use. I work in a small office that is separate from corporate HQ. I have been trying for over a year to convince people to use PGP for intra-office communication. What I have found is that for people within the office, it is fairly easy - hands-on instruction works well. Convincing folks at HQ has been a royal pain however. Most of the problem appears to be the "you mean I have to learn new software?" variety. Once I have coached someone over the "knowledge hump" (often by phone), they tell me that using pgp is pretty easy. We use Eudora Light for the Mac, YMMV . The trick is convincing the user that the benefits associated with using pgp are greater than the initial pain. This is something I have only accomplished with a few people. This educational process will continue to be the stumbling block for widespread use until there is truly seamless encryption. My fear is that seamless encryption will be weak; witness the widespread use of 40bit Netscape and the supposedly 40bit default behavior for S/MIME. I think that export controls are a driver towards weak defaults. OK, that last part was a WA tangent from my "ease of using pgp" thread. It's late and I'm hungry. Sue me. Later, Clay --------------------------------------------------------------------------- Clay Olbon II | Clay.Olbon at dynetics.com Systems Engineer | ph: (810) 589-9930 fax 9934 Dynetics, Inc., Ste 302 | http://www.msen.com/~olbon/olbon.html 550 Stephenson Hwy | PGP262 public key: on web page Troy, MI 48083-1109 | pgp print: B97397AD50233C77523FD058BD1BB7C0 TANSTAAFL --------------------------------------------------------------------------- From frantz at netcom.com Mon Jun 3 20:09:37 1996 From: frantz at netcom.com (Bill Frantz) Date: Tue, 4 Jun 1996 11:09:37 +0800 Subject: Saw this on CNN: Anonymous Stock tips over IRC as bad??? Message-ID: <199606032229.PAA17614@netcom7.netcom.com> At 3:18 PM 6/3/96 -0400, Perry E. Metzger wrote: >Black Unicorn writes: >> There is a simple solution to avoiding liability. Don't trade in your >> own company's stock. > >In reality, of course, you are fairly safe so long as no one is >looking for your head and you aren't trading based on company >secrets. However, in theory, its possible to prosecute almost anyone. I hope insider trading never applies to the Company Stock Purchase plan or Stock Options. Otherwise they will kill the goose that lays Silicon Valley's golden egg. (I am always paranoid when the rules are vague and the penalties draconian.) ------------------------------------------------------------------------ Bill Frantz | The CDA means | Periwinkle -- Computer Consulting (408)356-8506 | lost jobs and | 16345 Englewood Ave. frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA From unicorn at schloss.li Mon Jun 3 20:35:05 1996 From: unicorn at schloss.li (Black Unicorn) Date: Tue, 4 Jun 1996 11:35:05 +0800 Subject: Saw this on CNN: Anonymous Stock tips over IRC as bad??? In-Reply-To: <199606031918.PAA05670@jekyll.piermont.com> Message-ID: On Mon, 3 Jun 1996, Perry E. Metzger wrote: > > There is a simple solution to avoiding liability. Don't trade in your > > own company's stock. > > In reality, of course, you are fairly safe so long as no one is > looking for your head and you aren't trading based on company > secrets. However, in theory, its possible to prosecute almost anyone. Both points conceeded. > > Such restrictions have existed for decades. Why are you so stunned? > > I guess this is all obvious to wall streeters like me, who live day to > day with yellow xeroxed sheets being mass distributed to all employees > informing us of the names of 150 companies that the firm has had > peripheral dealings with recently that we aren't allowed to trade for > some indeterminate period of time. People who don't live in regulatory > paranoia land often just don't get that the SEC's regulatory authority > is broad, based on very vague statutes, and capriciously > applied. Thats reality, folks. I suppose since most people have never > experienced it they don't understand what it's like.... For facinating discussions of why insider trading is actually good for the market, See e.g., Henry Manne, Insider Trading and the Stock Market (1966); Michael P. Dooley, Enforcement of Insider Trading Restrictions, 66 Va.L.Rev 1 (1980); James D. Cox, Insider Trading and Contracting: A Critial Response to the "Chicago School," 1986 Duke L.J. 628 (1986); Kenneth E. Scott, Insider Trading: Rule 10b-5, Disclosure and Corporate Privacy, 9 J. Legal Stud. 801 (1980); Dennis W. Carlton & Daniel R. Fischel, The Regulation of Insider Trading, 35 Stan.L.Rev 857 (1983). I'll sum up the general arguments for and against insider trading if there is enough interest. > Perry --- My preferred and soon to be permanent e-mail address:unicorn at schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information Opp. Counsel: For all your expert testimony needs: jimbell at pacifier.com From shamrock at netcom.com Mon Jun 3 20:35:42 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 4 Jun 1996 11:35:42 +0800 Subject: NRC Session Hiss Message-ID: At 15:58 6/3/96, Raph Levien wrote: > Basically, an exportable S/MIME client can transmit messages up to >1024/40 bit RSA/RC2 (or RSA/DES), and receive messages up to 512/64 bit >RSA/RC2 (or RSA/DES, but in the latter case I would imagine it's actually >restricted to 512/56 because of the keysize of DES). Note that the >asymmetry actually points in different directions for the public and >symmetric keysizes. What will be the maximum keysize for a domestic encryption client? It it is larger than 1024 bits, there will be interoperability problems with foreign clients. If the domestic client is limited to 1024 bits, it would set a bad precedence, since it would effectively require that the encryption key is smaller than the largest signature key. Disclaimer: My opinions are my own, not those of my employer. -- Lucky Green PGP encrypted mail preferred. From unicorn at schloss.li Mon Jun 3 20:38:26 1996 From: unicorn at schloss.li (Black Unicorn) Date: Tue, 4 Jun 1996 11:38:26 +0800 Subject: Saw this on CNN: Anonymous Stock tips over IRC as bad??? In-Reply-To: Message-ID: On Sun, 2 Jun 1996, Timothy C. May wrote: > At 4:30 PM 6/2/96, Martin Minow wrote: > >> > >>One of the oldest tricks for running a stock up (or down) is > >>to put rumor teams on elevators in the financial district of > >>major cities. > > > >It would be more efficient to talk about the rumor on a cellular > >phone. Probably make a nice sting scenario, too. > > An interesting example, but I'm having a hard time figuring out who has > committed a crime, even by SEC rules. > > Namely, are the people "talking up" a stock committing a crime? Even if the > SEC forbids this (under defined circumstances and for defined persons, as > most of us are not covered by any such laws), how can talking over a > "putatively secure" cell phone be construed as talking up a stock? If it's in relation to a tender offer, they are in deep. (As, for example, if they were hiking up price to deter a hostile aquisition). [...] > (To elaborate on this: I was never classified as an "insider" during my > time at Intel, and I certainly bought and sold the stock based on what > products and news I knew was coming out or what rumors I'd heard. Only a > select group of executives and staff in the specific departments generating > earnings announcements, auditing, etc., were covered. And senior executives > are covered by various rules about trading stocks. And family members and > friends may be covered, if they learn of "inside" (in the SEC sense) > information. But ordinary people, even employees of a company, are not > considered to be "insiders" and hence are not covered by insider trading > laws.) Incorrect. I direct you to Dirks v. Securities and Exchange Commission, 463 U.S. 646 (1983). Specifically footnote 14: "Under certain circumstances, such as where corporate information is revealed legitimately to an underwriter, accountant, lawyer, or consultant working for the corporation, these outsiders may become fiduciaries of the shareholders.... When such a person breaches his fiduciary relationship, he may be treated more properly as a tipper than a tipee...." This circumstance is classically refered to as a "footnote 14 insider." It has been held to apply to lower level employees within the corporation who "knowingly trade based on material non-public information acquired by virtue of their position within the company." After 1983, Mr. May may have committed a crime. The case against Mr. May would be strengthened if a court were to accept a misappropriation theory. (In short, that the employee used information intended for corporate purposes [development, etc.] in order to trade stock for his gain). Misappropriation theory, where it is accepted, fills in the needed "fraud" element in rule 10b-5 which would impose liability on a trader and which is otherwise absent in the case of an employee trading as Mr. May has indicated. While misappropriation theory is waning, it is not entirely dead. Remember that restrictions on senior management as per trading in the company's stock are to prevent director and corporate liability. No one cares much if a lower level employee gets zapped because it doesn't open the door for greater corporate liability like it would for senior management. Further, you don't want to have to circulate a memo to the whole company as to when trading is restricted. That would be asking for trouble. Be sure to distingiush between corporate policy with regard to employee trading and legality. > So, the only way I can imagine the cell phone case leading to an insider > trading charge is if the cell phone users _knew_ that the cell phones were > not secure, and _planned_ to have their conversations overheard. The people > doing the intercepting could be charged under one of the laws covering > unauthorized interception of cell phone conversations, but probably not for > insider trading. Or if they were artifically hiking up the price to defend against or interefere with a tender offer. > --Tim May --- My preferred and soon to be permanent e-mail address:unicorn at schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information Opp. Counsel: For all your expert testimony needs: jimbell at pacifier.com From andrew_loewenstern at il.us.swissbank.com Mon Jun 3 20:48:28 1996 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Tue, 4 Jun 1996 11:48:28 +0800 Subject: Java Crypto API questions In-Reply-To: <199606031746.KAA01680@springbank.eng.sun.com> Message-ID: <9606032248.AA00623@ch1d157nwk> Benjamin Renaud br at doppio.eng.sun.com writes: > Policies are statements like: > > "code endorsed by any one of the following signatures (say > three of my friends) can access the public part of my file > system" > > This is hard. It's probably not going to make it in the first > release. The simple first pass is to say "code signed by x, > y, and z" can do whatever it wants. Good thing Sun is spending millions pushing a brand-new language down our throats so we can do nothing we couldn't already do. After all the hype about security, security models, and sandboxes we get signed applets that can do anything. What a let-down. Currently, the only safe way to run untrusted Java code is to not run it. This probably isn't going to change (see cpunks archives for reasons). If Sun cannot prevent untrusted code from doing nasty things, how can they prevent code empowered with certain capabilities from doing things they are not certified to do? It now seems that all the effort, time, and money to move towards Java over another OO language was a waste in a way since it no longer appears to have any security advantages. Ignoring security, Java is not a bad language at all, but it still has distinct disadvantages over some of the possible alternatives (mainly immaturity, no dynamic message invocation, interpreters still not ready for prime-time). I wonder if Borland realizes that instead of putting so much time, effort, and money into someone else's product, Java, they could have just implemented signed Delphi code and gotten basically the same thing. I guess they didn't think of it in time. You have to hand it to Sun/JavaSoft's marketing team, though. While others have tried, few have been so successful at creating an "industry standard" from nothing. Indeed, the only reason left to use Java is "because everyone else is into it..." andrew From perry at piermont.com Mon Jun 3 20:55:00 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 4 Jun 1996 11:55:00 +0800 Subject: Saw this on CNN: Anonymous Stock tips over IRC as bad??? In-Reply-To: <2.2.32.19960603200355.0075cc58@popserver.panix.com> Message-ID: <199606032022.QAA05790@jekyll.piermont.com> Duncan Frissell writes: > Though if I trade based on my non public knowledge that the Gray > Aliens will strike at Midnight on 31 December 1999, I am probably > safe. I'm not so sure. If you got access to advance information on Department of Commerce or Agriculture reports and traded futures based on them you'd be in sheep dip. I would suggest checking carefully before trading that way. On the other hand, it is not against U.S. law to trade non-US securities, do foreign exchange transactions, etc, based on non-public information. > If info that is too far removed is included then any stock analysis > system would be illegal. Heh heh heh heh heh. The laws are vague and are arbitrarily and capriciously applied. Technical violations happen constantly. One of the mechanisms of control the SEC has at its disposal is the fact that almost anyone in the business they choose to target can probably be thrown in jail for something or other. > Note BTW that the Feds lost almost all of the '80s insider trading > cases that actually went to trial. They only won 2 or 3 that went > through the full trial and appeals process. That is a very poor > record since prosecutors usually have an 80-90% success rate in > criminal trials. If you are talking about the trials associated with the Boesky affair, most defendants plead guilty rather than face multiple lifetimes in jail. A few defendants were aquitted at trial. However, convictions for insider trading are not particularly rare. Perry From frissell at panix.com Mon Jun 3 21:57:03 1996 From: frissell at panix.com (Duncan Frissell) Date: Tue, 4 Jun 1996 12:57:03 +0800 Subject: Saw this on CNN: Anonymous Stock tips over IRC as bad??? Message-ID: <2.2.32.19960603223725.009fda80@panix.com> At 05:01 PM 6/3/96 -0400, Michael Froomkin wrote: >On Mon, 3 Jun 1996, Perry E. Metzger wrote: > >[...] >> Securities laws are extremely complex, extraordinarily broad, and >> subject to extremely flexible interpretation. I would suggest not >> attempting to skate a fine line near them -- the ice is very thin. > >Damn good advice, if you ask me. > >A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) However, it is becoming a deregulated industry. Like all the rest. DCF From alanh at infi.net Mon Jun 3 22:10:12 1996 From: alanh at infi.net (Alan Horowitz) Date: Tue, 4 Jun 1996 13:10:12 +0800 Subject: Fate of Ecash if RSA is cracked? In-Reply-To: <199606022242.RAA19983@manifold.algebra.com> Message-ID: US SEcret Service was always on top of criminal counterfeiting. I make that "criminal" distinction becaue there is allegedly a phenomenon of low-intensity-warfare going on, with Iran sponsoring more-or-less perfect counterfeits of hundred dollar bills. Criminal counterfeiting was a dangerous game. Secret Service pretty much knew every individuial/company who was involved in bona fide use of the relevant papers, inks, engraving/printing equipments, etc., and anyone ordering any of this stuff from the very limited number of suppliers, was placed under watch. It's a small world out there, kids. From br at doppio.Eng.Sun.COM Mon Jun 3 22:19:48 1996 From: br at doppio.Eng.Sun.COM (Benjamin Renaud) Date: Tue, 4 Jun 1996 13:19:48 +0800 Subject: Java Crypto API questions Message-ID: <199606040113.SAA02369@springbank.eng.sun.com> |> This is hard. It's probably not going to make it in the first |> release. The simple first pass is to say "code signed by x, |> y, and z" can do whatever it wants. | |Good thing Sun is spending millions pushing a brand-new language down our |throats so we can do nothing we couldn't already do. After all the hype |about security, security models, and sandboxes we get signed applets that can |do anything. What a let-down. Just to clarify a couple of things. We're not pushing anything down your throat. You are still perfectly free to use Visual C++ if that is what you prefer. A statement to the effect of "is probably not going to make it in the first release" means the following things: - If we can, we will make it happen (in some form) in the first release. We're just trying to set expectations realistically. - We think that the ability to let applets have free reign is useful,and since that is easier, we are certain to put it in the first release. - No matter what we do, we must address some very thorny issues of key management and user trust model, so doing this will be useful. |Currently, the only safe way to run untrusted Java code is to not run it. |This probably isn't going to change (see cpunks archives for reasons). If |Sun cannot prevent untrusted code from doing nasty things, how can they |prevent code empowered with certain capabilities from doing things they are |not certified to do? It now seems that all the effort, time, and money to |move towards Java over another OO language was a waste in a way since it no |longer appears to have any security advantages. Ignoring security, Java is |not a bad language at all, but it still has distinct disadvantages over some |of the possible alternatives (mainly immaturity, no dynamic message |invocation, interpreters still not ready for prime-time). The important thing to remember is that we're not going to come out with an implementation and claim to have solved the capabilities model problem. We're taking a first step at using signatures with Java for security purposes, but this is only a first step. We remain fully committed to finer and more powerful security models. Note that an application written to the Java platform will be able to implement security policies based on digital signatures which are not fully permissive. Cheers, -- Benjamin From m5 at vail.tivoli.com Mon Jun 3 22:26:22 1996 From: m5 at vail.tivoli.com (Mike McNally) Date: Tue, 4 Jun 1996 13:26:22 +0800 Subject: Java Crypto API questions In-Reply-To: <199606031746.KAA01680@springbank.eng.sun.com> Message-ID: <31B37DBA.5C8B@vail.tivoli.com> Andrew Loewenstern wrote: > > This is hard. It's probably not going to make it in the first > > release. The simple first pass is to say "code signed by x, > > y, and z" can do whatever it wants. > > Good thing Sun is spending millions pushing a brand-new language down our > throats so we can do nothing we couldn't already do. How can you do this currently? (With applets in browsers, I mean.) > After all the hype about security, security models, and sandboxes we get > signed applets that can do anything. What a let-down. Well, it's not perfect, but I hold out the hope that real support for some capability assignments can be provided by the time a serious infrastructure of certificate authorities of some sort can develop. Note also that this is not only a Sun issue; Netscape has to support it all too. Currently, note that the HotJava browser already allows some configuration to the Security Manager that Netscape doesn't. > Currently, the only safe way to run untrusted Java code is to not run it. > This probably isn't going to change (see cpunks archives for reasons). If > Sun cannot prevent untrusted code from doing nasty things, how can they > prevent code empowered with certain capabilities from doing things they are > not certified to do? Huh? They're explicitly saying that they won't make any attempt to prevent signed applets from doing anything they want to do, if you tell the thing that you trust a particular certificate. Thus, you are now able to grant complete trust to an applet with a given certificate. You can't readily do that now. This means that if you trust the certificate system itself, then allowing an applet from Borland or Microsoft or IBM to do whatever it wants to your machine is about the same risk as allowing a program on CD-ROM from Borland or Microsoft or IBM to do whatever it wants to your machine. > It now seems that all the effort, time, and money to > move towards Java over another OO language was a waste in a way since it no > longer appears to have any security advantages. I think you need to explain this; it seems to have nothing to do with the issue at hand. > I wonder if Borland realizes that instead of putting so much time, effort, > and money into someone else's product, Java, they could have just > implemented signed Delphi code and gotten basically the same thing. I > guess they didn't think of it in time. Based on the state of the Borland Java stuff I've seen, I wouldn't have very high expectations in the Delphi department. > You have to hand it to Sun/JavaSoft's marketing team, though. While others > have tried, few have been so successful at creating an "industry standard" > from nothing. Indeed, the only reason left to use Java is "because everyone > else is into it..." And for some applications (webish ones included or not) that's actually a very good reason. Business is business. ______c_____________________________________________________________________ Mike M Nally * Tiv^H^H^H IBM * Austin TX * pain is inevitable m5 at tivoli.com * m101 at io.com * * suffering is optional From drosoff at arc.unm.edu Mon Jun 3 22:27:17 1996 From: drosoff at arc.unm.edu (David Rosoff) Date: Tue, 4 Jun 1996 13:27:17 +0800 Subject: [Off-Topic] "Curfews" Message-ID: <1.5.4.16.19960603232043.4907661e@arc.unm.edu> Quoted text originated from tcmay at got.net -----BEGIN PGP SIGNED MESSAGE----- At 07.45 PM 6/1/96 -0700, you wrote: >Personally, I liked my "religious exemption" example. The Baal worshippers >can claim that they are engaging in their religion by grokking the >darkness. If picked up and held, they can claim they are "being held >without Baal." Isn't that a little far afield to go for a pun? :) >Most of the ordinances, including the one here, specifically state that >"blanket permission" by parents is not acceptable. They want _specific_ >reasons for being out after curfew. "To whom it may concern: My son, David Rosoff, is out of our house on this June 3, 1996, Monday night, to party with friends, cruise Central Avenue, and partake of the spores that grow of the earth. Signed, A. Parent" >(It's this taking control from both the kids and their parents and putting >it in the hands of cops that really bugs me.) "Me too." (Standard non-AOL disclaimer applies.) >By the way, if being out after curfew is breaking the law, can I make a >"citizen's arrest" of some of those nice young chicas in Watsonville? No comment. :) Really. - ------------------------------------------------------------------------------- David Rosoff (nihongo o chiisaku dekimasu) drosoff at arc.unm.edu For PGP key 0xD37692F9, finger drosoff at acoma.arc.unm.edu or get from keyservers pub 1024/D37692F9 1995/07/01 David Rosoff Key fingerprint = 25 7D AA 01 85 41 43 89 50 5A 33 76 F1 F1 99 67 I accept anonymous mail. If I didn't sign it, you don't know I wrote it. - --- "Made weak by time and fate, but strong in will / To strive, to seek, to find-- and not to yield." ----- "Ulysses", by Alfred, Lord Tennyson -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMbNtGBguzHDTdpL5AQGK3QQAhX6CSiEr3z8puAhwDYlbayF7dBEUMtsk DygPCjL2lJ5d//WrEZxKm6ku/PoDDF9NcGqKBlHhuMYzCfEkOzdcv1idQ6lrWoua ONM3fdGSJt46qplX4UuSQSyLhKqvAwaijw7QDPCAedEFJsVVBPaDT1vpxDOFdylO UJBwLDjYa4k= =+KQb -----END PGP SIGNATURE----- From qut at netcom.com Mon Jun 3 22:28:13 1996 From: qut at netcom.com (qut at netcom.com) Date: Tue, 4 Jun 1996 13:28:13 +0800 Subject: No Subject Message-ID: <199606040046.RAA17821@netcom6.netcom.com> ncr terminals are the most 31173 D0Dz From jimbell at pacifier.com Mon Jun 3 22:31:13 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 4 Jun 1996 13:31:13 +0800 Subject: Java Crypto API questions Message-ID: <199606032326.QAA09260@mail.pacifier.com> At 01:13 PM 6/3/96 -0400, Simon Spero wrote: >On Mon, 3 Jun 1996, jim bell wrote: >> >> But you haven't explained why somebody can't export JUST the signature. You >> know, import the software, have Sun sign it domestically, strip off everything that isn't a >> signature, and export the signature. Append it to the un-imported code >> outside the country. > >Ancillary device... It's pretty clear cut. Sure about that? Is a microprocessor an "ancillary device"? A DRAM module? A hard disk? How about an operating system, which stores and retrieves data for an encryption program? How about a BIOS? What about a keyboard? A video display? I think that any definition of "ancillary device" which is so broad as to include signatures just about has to include any any of these things too, but it won't be considered such because the government has already lost the battle on hardware exports. A signature is just that: A signature. It doesn't encrypt or decrypt. It doesn't even ALLOW the system it's in to encrypt or decrypt, because there are numerous encryption programs written that have no need for such a signature. If no program existed which _used_ that signature, nobody would think twice about exporting it. The fact is, it is LEGAL to import encryption code into the US. It is LEGAL to generate an hash of that code, and it is LEGAL to export that hash. To believe otherwise is to broadly expand the scope of export laws far beyond what they were intended to mean. Jim Bell jimbell at pacifier.com From drosoff at arc.unm.edu Mon Jun 3 22:31:39 1996 From: drosoff at arc.unm.edu (David Rosoff) Date: Tue, 4 Jun 1996 13:31:39 +0800 Subject: [Off-Topic] "Curfews" Message-ID: <1.5.4.16.19960603232047.490713e0@arc.unm.edu> -----BEGIN PGP SIGNED MESSAGE----- At 10.23 AM 6/2/96 -0800, jim bell wrote: >This, the curfew situation, is yet another of the reasons I'd favor "playing >hardball" with the government. I'm very much against discriminatory >enforcement, but on the other hand I don't think my liberty should be >dependent on getting an organization like the ACLU to look out for and >complain against discrimination against me. Are you then also in favor of killing, ruthlessly and brutally, not to mention somewhat randomly, both the police and the ACLU? - ------------------------------------------------------------------------------- David Rosoff (nihongo o chiisaku dekimasu) drosoff at arc.unm.edu For PGP key 0xD37692F9, finger drosoff at acoma.arc.unm.edu or get from keyservers pub 1024/D37692F9 1995/07/01 David Rosoff Key fingerprint = 25 7D AA 01 85 41 43 89 50 5A 33 76 F1 F1 99 67 I accept anonymous mail. If I didn't sign it, you don't know I wrote it. - --- "Made weak by time and fate, but strong in will / To strive, to seek, to find-- and not to yield." ----- "Ulysses", by Alfred, Lord Tennyson -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMbNx2xguzHDTdpL5AQE6bgQAreE5ikGCKxsyjue0fEcKWtmmGU6o2WiU zTXD2Py8y395NVQFuSlrnWSJ4eKmIpePv1oZjgd7sE9wcpKjhHwHq2Fs/ZmsdEb2 CZxPY1qexpxolo0k8uFNbWvqxs/3ieOa0BzE7jmp0jyopejq2OjXheE1v3zGGKtt OBSb4vADydw= =X8Zs -----END PGP SIGNATURE----- From joelm at eskimo.com Mon Jun 3 22:38:14 1996 From: joelm at eskimo.com (Joel McNamara) Date: Tue, 4 Jun 1996 13:38:14 +0800 Subject: Why PGP isn't so ubiquitous (was NRC Session Hiss) Message-ID: <199606040047.RAA12318@mail.eskimo.com> Well for crypto-novices that use Windows, I'm hoping life will get a whole lot easier. I'm putting the finishing touches on the next release of Private Idaho (http://www.eskimo.com/~joelm/pi.html). Aside from some new "power-user" options (working with Lance to support a DOS version of Mixmaster), the next release is going to be targeted at all those folks who are intimidated by PGP. This includes features like an auto-install app, expert and novice modes, and a series of wizards for stepping the user through common tasks (I'm sure the name "wizards" is trademarked by MS, so they won't be called that). Also included will be something called PGP QuickStart. This utility will hand-hold a user through the entire process of downloading PGP from the Net, and installing and configuring it. I just wrote an essay for one of the on-line magazines on "unintentional crypto-elitism." One of my points was that decent crypto technology is now in place, and one of the next evolutionary steps towards wide-scale acceptance is implementing simple and easy user interfaces. Developers of public domain and commercial crypto apps really need to take this to heart. Joel BTW - I'm guessing Private Idaho version 2.7 will be available within the next two weeks. Send me e-mail (joelm at eskimo.com) with PI_LIST as the subject to get on the notification list (people on the list will be able to download about a week or so before it goes into wide-scale release). From unicorn at schloss.li Mon Jun 3 22:43:11 1996 From: unicorn at schloss.li (Black Unicorn) Date: Tue, 4 Jun 1996 13:43:11 +0800 Subject: IR Cameras In-Reply-To: <199606030534.AAA13745@einstein.ssz.com> Message-ID: On Mon, 3 Jun 1996, Jim Choate wrote: > > Forwarded message: > > > Date: Sun, 2 Jun 1996 20:19:34 -0700 > > From: tcmay at got.net (Timothy C. May) > > Subject: Re: opinions on book "The Truth Machine" > > > > Today's newspaper (SJ Mercury News) carried a long article about > > increasingly ubiquitous video surveillance cameras, and singled out the > > U.K. as a place that is leading. Apparently even small villages have 50 or > > more cameras scattered around...men have been arrested for urinating in > > bushes outside pubs, caught by the infrared pickups (I hadn't thought about > > the cameras being IR, but this makes sense, as a large fraction of street > > crimes take place in dark or semidark areas). > > Here in Austin, TX there is at least 1 IR camera located at the top of the > police building downtown (8th & IH-35). Many intersections have stoplight > synchronized cameras for getting license plates of red light runners (eg N. > Lamar & 51st). I know the output of the cameras is cabled off-pole (can see > the cables) to a NEMA style box. Don't know the format from there. It would > be no technological leap to buy cable channels and mux the pictures back to a > centralized site. This city is lousy with cable and fiber and the city > bought in from the get-go with a project called I-Net in the mid-80's. Defense to all photo plate takers is best found in the back of Car and Driver in the form of a polarized plastic plate that is opaque at angles greater than about ten degrees. > > Jim Choate > > --- My preferred and soon to be permanent e-mail address:unicorn at schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information Opp. Counsel: For all your expert testimony needs: jimbell at pacifier.com From drosoff at arc.unm.edu Mon Jun 3 22:43:46 1996 From: drosoff at arc.unm.edu (David Rosoff) Date: Tue, 4 Jun 1996 13:43:46 +0800 Subject: [Off-Topic] "Curfews" Message-ID: <1.5.4.16.19960603232038.32a74aee@arc.unm.edu> -----BEGIN PGP SIGNED MESSAGE----- At 09.59 PM 6/1/96 -0400, Duncan Frissell wrote: >I'm afraid that some courts have explicitly held that "the child does not >have a right to liberty but only a right to custody." That is old law, >however. Kids have lost many rights recently too including gun rights, etc. I've known for a while that I have no rights as a minor. [ironic smilie] >Of course curfew laws only control the inarticulate and scruffy. Well >dressed children (coat and tie for the boys dress or suit for the girls) who I'll wear a suit if it means I won't get picked up ... :) >can claim that they are out doing tons of protected things like work and >school and worship and political campaigning and "trying to save street >children for Jesus" will not be picked up. They can also say things like >"Ossifer, I'm peaceably assembling to petition the government for redress of >grievances. It's in the First Amendment. You could read about it and >everything." You suggest that we minors stand up for ourselves? How odd. I'm sure no one has ever thought of that before, President Clinton especially. Since any nationally imposed curfew wouldn't have a leg to stand on in the first place, this can only improve the situation. >Home schooled children face this problem frequently and can usually find >something to say. Kids older than 15 or so can claim to be "emancipated >minors." Parents can emancipate their children by signing a simple >declaration to back up this claim. A good idea in any case. This sounds interesting. What are the particulars of being an emancipated minor? >"Whose children never got stopped by cops because at 14 they passed for 21. >Clothing and bearing alone can do it." I wish I were so lucky. At 15 I seem to pass for ... 12. I guess if the cops read from right to left ... - ------------------------------------------------------------------------------- David Rosoff (nihongo o chiisaku dekimasu) drosoff at arc.unm.edu For PGP key 0xD37692F9, finger drosoff at acoma.arc.unm.edu or get from keyservers pub 1024/D37692F9 1995/07/01 David Rosoff Key fingerprint = 25 7D AA 01 85 41 43 89 50 5A 33 76 F1 F1 99 67 I accept anonymous mail. If I didn't sign it, you don't know I wrote it. - --- "Made weak by time and fate, but strong in will / To strive, to seek, to find-- and not to yield." ----- "Ulysses", by Alfred, Lord Tennyson -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMbNsyxguzHDTdpL5AQGvfwP/f2PDE5JPiczwY/5EFt/ziT9UePbcxCV0 UCbYdkbl9hoNlMphUu+O+zneGntCVOIiEoPZLTpK35TYFgA/MCOQhuiCYnvbInMo pZlmnTvyoUI1rkHTUzf2cHRg1+18ieJqDDqBqBb58ZxaLxxJ1crUDrL+QHC/QZE9 mAiLT9tnwgc= =/+GV -----END PGP SIGNATURE----- From qut at netcom.com Mon Jun 3 22:51:11 1996 From: qut at netcom.com (qut at netcom.com) Date: Tue, 4 Jun 1996 13:51:11 +0800 Subject: No Subject Message-ID: <199606040043.RAA17449@netcom6.netcom.com> list cypherpunks From WlkngOwl at unix.asb.com Mon Jun 3 23:00:45 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Tue, 4 Jun 1996 14:00:45 +0800 Subject: Why PGP isn't so ubiquitous (was NRC Session Hiss) Message-ID: <199606040228.WAA17430@unix.asb.com> On 3 Jun 96 at 11:27, Bruce Baugh wrote: > Date: Mon, 03 Jun 1996 11:27:33 -0700 > At 04:33 AM 6/3/96 +0000, Deranged Mutant wrote: > > >In part because it's not well integrated with mailers. That could > >change with a PGP3 DLL. > > I have a growing feeling that PGP 3 is never going to happen. Or that if it I'm soft-of having that feeling too. Or what's going to happen is that enough people will get impatient and international versions will start to appear. > does, it will happen only after the passage of more draconian anti-privacy > laws, and the guys working on it will be forced to include sundry backdoor > stuff or drop it altogether. More likely drop it altogether, or be openly admit they were forced to include GAK (people will want the source, anyway). > I suspect someone could do quite nicely by going ahead and developing a > 2.6.2 or 2.6.3 DLL. There's been talk. But just talk. Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From nelson at crynwr.com Mon Jun 3 23:03:08 1996 From: nelson at crynwr.com (nelson at crynwr.com) Date: Tue, 4 Jun 1996 14:03:08 +0800 Subject: The problem with encryption, period. Message-ID: <19960604020034.30122.qmail@ns.crynwr.com> The problem with encryption is that 1) it takes effort, and so 2) you must have a non-empty threat model. With (2), you have to trust that you're really encrypting, which takes 3) a certain sense of paranoia. For most people, all three are lacking, which is why proposals like s/mime are succeeding. One button, no security, encryption. -russ http://www.crynwr.com/~nelson Crynwr Software | Crynwr Software sells packet driver support | PGP ok 11 Grant St. | +1 315 268 1925 voice | It's no mistake to err on Potsdam, NY 13676 | +1 315 268 9201 FAX | the side of freedom. From tcmay at got.net Mon Jun 3 23:20:22 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 4 Jun 1996 14:20:22 +0800 Subject: Message-ID: At 12:46 AM 6/4/96, qut at netcom.com wrote: >ncr terminals are the most 31173 D0Dz Kenneth, what is the frequency? Kenneth, what is the frequency? --John Hinckley, First Disciple of AP From perry at piermont.com Mon Jun 3 23:22:19 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 4 Jun 1996 14:22:19 +0800 Subject: Java Message-ID: <199606040222.WAA06345@jekyll.piermont.com> I've been rather hard on Java here lately. I'd like to state, for the record, that I have nothing against the folks at Sun. They are good, smart people, and I'm sure they mean well and aren't in on some evil plot. However, that doesn't make Java a good idea. For at least twenty or more years, people have known that for the ultimate in multimedia email or what have you all you would need to do is make the recipient execute a program that you sent them. This obviates all the questions of having to figure out what sort of things you would want to send -- if you can execute a program, you can do anything. Unfortunately, this is also so phenomenally obvious a security problem that no one ever proposed it as anything more than a joke -- until now. Sun is, unfortunately, suffering from a substantial hubris problem. As I have noted, the original Java applet security model and all the followups have had exactly the same problem -- they depend on perfect implementation of every element of the security model for the security to work, instead of having the realistic and conservative assumption that portions of the model will be misimplemented, and designing for defense in depth. Beyond that, however, they have created the ultimate hype monster. Java is a neat idea looking for a good application. I use the web all day long and I have yet to see a good use for Java. We have, essentially, mortgaged our system security for almost nothing better than the occassional gee whiz animation that could have been implemented with a safe graphics description format instead of a turing equivalent language. Again, I don't hate the Sun people or hold any animosity towards them. However, I will point out the lesson that any good student of Greek Tragedies could tell you -- the gods punish hubris, and severely. Perry From ichudov at algebra.com Mon Jun 3 23:22:36 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Tue, 4 Jun 1996 14:22:36 +0800 Subject: Anonymous stock TRADING (was Saw this on CNN: ) In-Reply-To: <199606032018.NAA03658@toad.com> Message-ID: <199606040240.VAA31145@manifold.algebra.com> rick hoselton wrote: > > You might also want to ask Ivan Boeskey(sp?). I think he's out of Boesky. Which brings up another ignorant question: suppose that I am a corporate officer who does receive substantial "insider" information, for example results of audits, before they become public. What would prevent such an insider from creating a phony offshore trading company, and sending orders to that company using cypherpunks technology? If we suppose that the agent executing trades (which may even be a computer, afaik) is trustworthy, the methods to deliver trade orders are reliable, the computers are protected from van eyck monitoring, and the officer is not spending too much money openly, what is there to prevent or prove such violations of the law? For example, the trading computer can have pseudonym address xyz at alpha.c2.org, forwarded through a chain of remailers to place_order at offshore.com.xx, and the officer sends pgp signed and encrypted trade orders to that address, again through remailers. What besides traffic analysis is there to stop such violations? Thanks, - Igor. From alc at trillion.demon.co.uk Mon Jun 3 23:22:47 1996 From: alc at trillion.demon.co.uk (alc) Date: Tue, 4 Jun 1996 14:22:47 +0800 Subject: Audit & Security reviews Message-ID: <1578@trillion.demon.co.uk> UNIX and DEC VMS Security Reviews I would like to take this opportunity to tell you about two of our audit software tools, PCUA and PCDA. PCUA and PCDA are PC based software tools designed to review the security of Unix or DEC computers using only the stand-alone PC in your office. There is no need for connections to the system, user-IDs or even a knowledge of computer security. Simply obtain a copy (usually on a floppy disk) of key files from the system under review, load these onto your PC and let our tools do all the work. These packages are ideal for use by auditors, security officers and computer system managers - anyone who takes computer security seriously. The programs produce a wide variety of reports which show the findings, explain the implications of the problems and then make recommendations about how to improve security. Reports range from a full, detailed report which is user-definable to a brief list of the problems found. Both packages are evolving products and we continue to add new tests to them, as well as keeping up to date with the latest releases of the operating systems. If you would like further tests added, we would be pleased to include these in our next release. To obtain more information or demonstration disks then please contact us. Thank you for taking the time to look through this email. Alastair Coxall Technical Director TRILLION SOFTWARE Ltd The Firs, Broadwalk, Cranleigh, Surrey GU6 7LS, England Tel: +44 1483 274001 Fax: +44 1483 274017 Email: alc at trillion.demon.co.uk From perry at piermont.com Mon Jun 3 23:23:04 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 4 Jun 1996 14:23:04 +0800 Subject: Java Crypto API questions In-Reply-To: <199606040113.SAA02369@springbank.eng.sun.com> Message-ID: <199606040200.WAA06306@jekyll.piermont.com> Benjamin Renaud writes: > >Good thing Sun is spending millions pushing a brand-new language > >down our throats so we can do nothing we couldn't already do. > >After all the hype about security, security models, and sandboxes > >we get signed applets that can do anything. What a let-down. > > Just to clarify a couple of things. We're not pushing anything down > your throat. You are still perfectly free to use Visual C++ if that is > what you prefer. Why, thank you. However, you haven't answered Mr. Lowenstern's point. Once you start signing Java apps, and executing them based on the trust implied in the signature, you really didn't need Java in the first place. You could just download and execute programs of any sort. Frankly, I really dislike the idea of my users downloading arbitrary apps all day long onto their workstations and running them. I'm not sure it really buys you too much, either, other than loss of security. > - We think that the ability to let applets have free reign is > useful, Lots of things are useful. Security often "gets in the way". However, as mature engineers operating in an environment where many users have highly mission critical equipment, some of us try to be more responsible than that. > The important thing to remember is that we're not going to come out > with an implementation and claim to have solved the capabilities model > problem. > > We're taking a first step at using signatures with Java for security > purposes, but this is only a first step. We remain fully committed to > finer and more powerful security models. Note that an application > written to the Java platform will be able to implement security > policies based on digital signatures which are not fully permissive. Java's security has always lacked defense in depth, continues to lack defense in depth, probably cannot be retrofitted to gain defense in depth, and is likely going to continue to be periodically penetrated. Java security continues to rely on the "all portions of the system are perfectly implemented" model, which as I have repeatedly noted in this forum is fundamentally flawed because humans can never produce perfectly designed and implemented systems. A system that was built to be failure tolerant would be better, but that isn't what you have proposed. I have a great fear. My great fear is that once you've solved the obvious and stupid problems and hyped how Java has become secure (which will doubtless make the stock market analysts happy), people may start to trust Java, and then, without warning, one day the evil applets on the web pages aren't going to be mere demonstrations any more but are going to be real nasty things that do stuff like embezzle money from your brand new funky ecash purse or whatever. At that point, it will be way too late to do anything because of all the Java crud pervading the net that all the users will insist on having access to. All this, mind you, to get fancy animation on web pages, and damn little else worthwhile. Perry From declan at well.com Mon Jun 3 23:25:51 1996 From: declan at well.com (Declan McCullagh) Date: Tue, 4 Jun 1996 14:25:51 +0800 Subject: CWD: "Jacking in from the "One that Got Away" Port Message-ID: (By Brock Meeks / brock at well.com / Archived at http://www.cyberwerks.com/) CyberWire Dispatch // Copyright (c) 1996 // Jacking in from the "One that Got Away" Port: Washington, DC -- President Clinton call your spooks, get FBI Director Louis Freeh on the phone. Tell them to order in pizza. Bill, it's going to be a long night. All your plans to hold the U.S. crypto market hostage have just been fucked... and you didn't even get kissed. A virtual tactical nuke was hurled into the arcane subculture of encryption technology Monday when RSA President Jim Bizdos revealed that his company's Japanese subsidiary had developed a monster chipset capable of scrambling voice and data real time with a so-called "key length" of up to 1024 bits. That key length stuff is just so much gibberish to those playing without a scorecard, so let me drill down on it for you. Basically, the longer the key length, the harder it is for a message to be broken by "brute force" automated attacks. Current U.S. laws prohibit the export of any encryption device with a key length longer than 40-bits, or roughly the equivalent of Captain Crunch decoder ring. For hardcore math types, I'm told that a 1024-bit key length is 10 to the 296th power more difficult to break than 40 bits. Bizdos, speaking during lunchtime at the Electronic Privacy Information Center (EPIC) 6th Cryptography and Privacy conference, told how his Japanese based company, Nihon-RSA, developed a set of two chips capable of scrambling messages at a level that will make the spooks in the Puzzle Palace (the National Security Administration) cough up hair balls that would make the First Cat Socks envious. Bizdos seems to have found crypto's magic bullet; a legit way to essentially give the finger to U.S. export laws for crypto product. For years now the White House has been locked into a kind of crypto war. The Administration insists that strong encryption products must not be exported for fear that "terrorists, child pornographers and drug barons" and a rabble of assorted "bad guys" would snag the technology and proceed to plot the destruction of the "World As We Know It"... or at least Western Democracy, if the inbred Iranians got in line first. The White House crypto-fascist team, led by the NSA, FBI and assorted military hawks, have offered braindead compromise plans, including three versions of the "Clipper Chip." This is a plan whereby you can buy strong locks for your data with the simple caveat that when you buy and use the products, you have to put the decoding key "in escrow." This way if a law enforcement agency ever has the need to unscramble any of your messages -- without you knowing it -- they can simply ask for these escrowed keys and have them handed over. Yes, even your local sheriff's department can ask for the keys. Now, the government promises it will use this power only for good and never for evil. Honest, that's what they say. Of course, the Justice Department, in writing the rules for getting the keys, totally absolves any law enforcement agency of all harm if this power is abused in any way. Oh.. and if that power is abused, the sheriff or the FBI or fucking Park Police for that matter, can still use any "evidence" they gin up on you. Honest, I'm not making any of this stuff up. So the battle has raged. The industry has been loathe to develop such products only for the American market because the cost of producing essentially duplicate products for domestic and foreign markets just wouldn't be cost effective. So, you and I are stuck having to use some pretty tedious encryption technologies, such as PGP (Pretty Good Privacy), which is great, but tough to use. Or we can use the Captain Crunch Decoder ring equivalents available off the shelf. In the meantime, other countries are happily making and distributing robust encryption technologies, at a possible loss of up to $60 billion for U.S. companies. In fact, it's a crime even to put a program like PGP on your laptop and go overseas. The State Department calls that "exporting." The government recently dropped a case against Phil Zimmermann, the inventor of PGP, after putting him through several hellish years in which they threatened to toss his ass in jail. There Phil would no longer be a threat to society at-large, but instead become a "girlfriend" for a 265 pound felon named Spike. Phil's "crime"?? That somehow his PGP app had been uploaded on to the Internet and whisked around the world. Phil didn't do it, but the U.S. government cried "export violation," anyway, eventually telling him, "Oh, never mind." So Bizdos, tired of fighting the wars here, enlisted the help of the Japanese. After setting up his Japanese unit, he hired a crack team of Japanese crypto experts who essentially "reverse engineered" the company's own U.S. crypto product, according to Kurt Stammberger, RSA director of technology marketing. It was a brilliant move. Bizdos can't be slammed by the State Department for violating crypto export laws because, well, he didn't export a damn thing, except some U.S. greenbacks, which of course, could have gone to U.S. cryptographers, but let's not quibble about jobs. Anyone want to kick around the subject of global competitiveness? What's happened here is the Japanese have now trumped the entire world on the crypto market. What's more, Clinton's brain-dead allegiance to the FBI, et al., has now allowed the Japanese government, which still owns a large share of NTT, which owns a minority share of RSA's Japanese subsidiary, to have a lock on the world's strongest encryption technology. Can you say "Remember the VCR" or "Remember the Semiconductor" or how about "Thanks, Bill. We're fucked." The boys in the Pentagon made a stink a few years ago when a Japanese company made a play for Fairchild, a top defense contractor. It was feared that the Japanese, by swallowing up the U.S. company, would also gain access to technologies vital to the U.S. military. The deal was squashed. Natch... now it looks like the G.I.'s with the stars on their shoulders have just put their spit-shined combat boots up their own ass by supporting Clinton and his continued ban on crypto exports. "We truly have ceded this market Japanese companies," Bizdos said. "It's almost too late to turn it around." Some 15 COUNTRIES have already placed orders for these chips, Bizdos said, adding that the Japanese will not build the chips with a key escrow function. EPIC Director Marc Rotenberg said he was told by a Japanese representative that the country's constitution wouldn't allow key escrow because it doesn't allow wire-tapping. Umm... maybe the Japanese just don't have *really* bad guys like the FBI assumes we have here. What's more, Bizdos says the deal with NTT is "no coup." He says the Germans and French "aren't far behind" in developing similar technologies. The RSA bombshell "fuels the argument that this stuff can't be contained in our own borders," said PGP's Zimmermann. Just how the relationship between NTT and RSA works out isn't set, Bizdos acknowledged. "They'll pay us a royalty for the chips they sell," he said. "We're working it all out." Meanwhile, from my office window here in DC I've already counted 17 Domino's Pizza delivery bikes go screaming by on their way to the White House. Through my telescope I can see the White House balcony; it looks like Bill is sick, like he's just heard some "really bad news." And behind him, just inside the double-doors, on a persian rug placed there by Warren G. Harding, I think Socks the Cat has just coughed up a hairball... or maybe it was Louis Freeh. From this angle, I just can't be sure. Meeks out... ------------ Additional reporting by Declan McCullagh (declan at well.com) From jeremey at forequest.com Mon Jun 3 23:57:49 1996 From: jeremey at forequest.com (Jeremey Barrett) Date: Tue, 4 Jun 1996 14:57:49 +0800 Subject: Fate of Ecash if RSA is cracked? In-Reply-To: Message-ID: On Mon, 3 Jun 1996, Norman Hardy wrote: > At 8:01 AM 6/3/96, Perry E. Metzger wrote: > >Dr. Dimitri Vulis writes: > .... > >> This'll happen, probably sooner than later. > > > >Why do you assume that? There are plenty of problems that are > >provably not solvable in non-exponential time even if P=NP. What makes > >you think this one is going to be solved? > > > >.pm > > The "Idea Futures" forum has established odds on this. The current odds are > currently 60% that a 1024 bit number will be factored by 2010 and 30% that > a 512 bit number will be factored by 1997. > True, but by that time I'll be able to use 2048 or bigger keys with the same or better performance as 1024 bit keys now. As long as factoring is exponential, you can always make it impossible to factor your keys. And I think it will always be exponential. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Jeremey Barrett Senior Software Engineer jeremey at forequest.com The ForeQuest Company http://www.forequest.com/ "less is more." -- Mies van de Rohe. Ken Thompson has an automobile which he helped design. Unlike most automobiles, it has neither speedometer, nor gas gage, nor any of the numerous idiot lights which plague the modern driver. Rather, if the driver makes any mistake, a giant "?" lights up in the center of the dashboard. "The experienced driver", he says, "will usually know what's wrong." -- 'fortune` output From gregmi at galileo.mis.net Tue Jun 4 00:12:40 1996 From: gregmi at galileo.mis.net (Greg Miller) Date: Tue, 4 Jun 1996 15:12:40 +0800 Subject: Fate of Ecash if RSA is cracked? In-Reply-To: <199606030447.XAA22063@manifold.algebra.com> Message-ID: <31b3a6b6.17653093@pop.mis.net> On Sun, 2 Jun 1996 23:47:32 -0500 (CDT), you wrote: >Another question: what happens to the ecash issued by a bank if it's >secret keys get stolen? The same thing that would happen if someone were to steal the keys to the bank, and the combination to the vault. "Randomness is in the eye of the beholder" --Numerical Recipes gregmi at mis.net (Greg Miller) http://grendel.ius.indiana.edu/~gmiller/ From tcmay at got.net Tue Jun 4 00:14:16 1996 From: tcmay at got.net (Timothy C. May) Date: Tue, 4 Jun 1996 15:14:16 +0800 Subject: Why PGP isn't so ubiquitous (was NRC Session Hiss) Message-ID: At 9:59 PM 6/3/96, Deranged Mutant wrote: >On 3 Jun 96 at 11:27, Bruce Baugh wrote: > >> Date: Mon, 03 Jun 1996 11:27:33 -0700 >> At 04:33 AM 6/3/96 +0000, Deranged Mutant wrote: >> does, it will happen only after the passage of more draconian anti-privacy >> laws, and the guys working on it will be forced to include sundry backdoor >> stuff or drop it altogether. > >More likely drop it altogether, or be openly admit they were forced >to include GAK (people will want the source, anyway). I can't imagine _any_ set of circumstances which would cause Zimmermann, Atkins (?), Plumb (?), and anyone else who might still be on the PGP development team to include GAK. After all, those heartwarming stories about Burmese rebels using PGP to communicate using laptops in the jungles would then be replaced by: "16 April 1998, A.P., Rangoon, Burma. Internal Security Minister Bopalong Myanmoon announced today that rebel communications were intercepted and decrypted two weeks ago with the cooperation of the International Key Authority. As a result of this raid, 63 rebels were captured, tried, and executed. Visiting Rangoon at the time, U.S. Attorney General Louis Freeh was said to be satisfied that international key escrow was having such positive effects." --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From llurch at networking.stanford.edu Tue Jun 4 00:19:33 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Tue, 4 Jun 1996 15:19:33 +0800 Subject: [NOISE] rec.music.white-power failed 592:33033 FYI Message-ID: The official result, including the votetaker's explanation for the extraordinary delay (which makes interesting reading), is in news.announce.newgroups, Message-ID <833851386.24895 at uunet.uu.net>. Or for people who only use Netscape: http://ww2.altavista.digital.com/cgi-bin/news?plain at msg@31323 at news%2egroups news:833851386.24895 at uunet.uu.net While I think I was one of the people presenting legitimate reasons for voting no (as opposed to all the "VOTE NO ON NAZIS!" -- see news.groups archives), I'm actually disappointed that there were only 592 yes votes. I'd have expected more than the estimated 400 anti-censorship and spam-annoyance reactions. I would urge people NOT to download the 3MB list of votes, as I haven't, because the vast majority of voters had no clue what they were voting on. The majority probably thought it was a secret ballot. The poor votetaker definitely deserves a medal, but PLEASE don't send him appreciative mail; he's getting far too much already. Sent separately to fight-censorship and cypherpunks. Followup discussion, if any, belongs in news.groups ONLY. -rich From WlkngOwl at unix.asb.com Tue Jun 4 00:22:56 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Tue, 4 Jun 1996 15:22:56 +0800 Subject: Saw this on CNN: Anonymous Stock tips over IRC as bad?? Message-ID: <199606040435.AAA20775@unix.asb.com> On 3 Jun 96 at 15:18, Jeff Barber wrote: > I trust it won't stun you to find that many, many large and even small > corporations -- including my current employer [*NOT* SecureWare, BTW, > despite the email address] -- actually encourage their employees to buy > stock by offering stock purchase plans as a benefit of employment. They > even make it convenient by deducting purchases from one's paycheck. [..] There's a difference between a) buying stock in your employer's company generally [above example] and b) buying stock in your employer's company because your department is working on something that will raise the stock value etc. etc. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From WlkngOwl at unix.asb.com Tue Jun 4 00:25:19 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Tue, 4 Jun 1996 15:25:19 +0800 Subject: Idea 'bout banning the internet Message-ID: <199606040432.AAA20740@unix.asb.com> On 3 Jun 96 at 16:16, Blake Wehlage wrote: > What if in the future a country banned the internet and all things that had > to deal with it (ie- telnet, irc). It would be the "underground" thing. Depends. If it were run by people like the Khmer Rouge than anybody who so much as knows how to use a pocket calculator is better off leaving the country. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From perry at piermont.com Tue Jun 4 00:33:22 1996 From: perry at piermont.com (Perry E. Metzger) Date: Tue, 4 Jun 1996 15:33:22 +0800 Subject: Anonymous stock TRADING (was Saw this on CNN: ) In-Reply-To: <199606040240.VAA31145@manifold.algebra.com> Message-ID: <199606040353.XAA06812@jekyll.piermont.com> Igor Chudov @ home writes: > Which brings up another ignorant question: suppose that I am a > corporate officer who does receive substantial "insider" information, > for example results of audits, before they become public. What would > prevent such an insider from creating a phony offshore trading company, > and sending orders to that company using cypherpunks technology? Very little. However, there would be a noticable shift in the price of the stock prior to the public information arriving. This would trigger an investigation. There would be a very limited number of people able to get at the inside information, so the pool of suspects would be small (usually on the order of a dozen people or less), and if you, say, wanted to spend your money, you might end up being caught. In other words, anonymity works better when the "crime" isn't visible to anyone watching the stock market and could be committed by more than a handful of people. Personally, I don't object to insider trading, but it can be hard to get away with depending on circumstances. Perry From declan at well.com Tue Jun 4 00:42:37 1996 From: declan at well.com (Declan McCullagh) Date: Tue, 4 Jun 1996 15:42:37 +0800 Subject: Markoff in NYT on NTT/RSA chip Message-ID: Heh. You read it first in the CyberWire Dispatch Brock and I put out earlier tonight. :) -Declan --- Japanese Data-Scrambling Chip Renews Debate By JOHN MARKOFF W ASHINGTON -- Nippon Telegraph and Telephone Corp. has quietly begun selling a powerful data-scrambling chip set that is likely to undermine the Clinton administration's efforts to restrict the export of the fundamental technology for protecting secrets and commerce in the information age. The existence of the two-chip set, which will have broad potential application for local computer networks, the Internet and telephone switching networks, was disclosed in Washington in a speech Monday at a public policy workshop by the chief executive of RSA Data Security, a Silicon Valley-based company that has frequently dueled with the administration over its export-control policies. [...] From snow at smoke.suba.com Tue Jun 4 00:47:18 1996 From: snow at smoke.suba.com (snow) Date: Tue, 4 Jun 1996 15:47:18 +0800 Subject: Something that just crossed my mind. Sorry. In-Reply-To: <199606030519.HAA08335@spoof.bart.nl> Message-ID: On Mon, 3 Jun 1996, Senator Exon wrote: > At 10:01 AM 5/31/96 -0700, Sandy wrote: > >At 10:35 PM 5/30/96 -0500, snow wrote: > >>It is my position (until proven wrong--please) that larger business DON'T > >>want anonymity. They _want_ to be able to track purchases and use of their > >>product for several reasons. > Let me first claim that I am an employee of a "larger business." Not > that unless someone tracks me through the remailers is there any proof > of that, but accept for now that it's not outside of the realm of > possibility. > I wish I could prove you wrong. I can inform you that you are correct, > actually. There are large retail companies that track sales data on > credit card account numbers and cardholder names in direct violation of > any contract you may have with American Express (and possibly Visa and > others, I have not seen those contracts). The data they capture is > pretty impressive. I'm sure most of you probably get a direct mailing > or two from them every now and then, based on your shopping habits. Hell, I just paid off all my credit cards, and they are in the process of decomposing. Credit is evil. Cash is much more difficult to track, and it is much harder to spend much beyond your means when paying cash. > >2) Big businesses are made up of individuals. > > Most individuals would still prefer to have > > their own privacy preserved even if they would > > prefer less privacy for others. > > All it takes is one well-positioned executive who values profits more > than his own privacy to say "Capture this personal data" and that data > gets captured, regardless of who gets fired complaining about it. Trust > me. And I value my job more than I value your privacy, which is why > this is going out through a remailer. Also remember, people like to live. They like their children to live. Governments are made of people, Governments start wars and get the population to go along with it. Bigger Corporations are like governments. Petro, Christopher C. petro at suba.com snow at crash.suba.com From dlv at bwalk.dm.com Tue Jun 4 00:52:32 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 4 Jun 1996 15:52:32 +0800 Subject: Saw this on CNN: Anonymous Stock tips over IRC as bad??? In-Reply-To: Message-ID: Black Unicorn writes: > I direct you to Dirks v. Securities and Exchange Commission, 463 U.S. 646 > (1983). rev'g 681 F.2d 824 (D.C.Cir.1982), SEC. Rel #34-17480 (Jan 22, 1981). > Specifically footnote 14: > > "Under certain circumstances, such as where corporate information is > revealed legitimately to an underwriter, accountant, lawyer, or > consultant working for the corporation, these outsiders may become > fiduciaries of the shareholders.... When such a person breaches his > fiduciary relationship, he may be treated more properly as a tipper than > a tipee...." > > This circumstance is classically refered to as a "footnote 14 insider." > > It has been held to apply to lower level employees within the corporation > who "knowingly trade based on material non-public information acquired by > virtue of their position within the company." The poor Dirks was a financial analyst who "received information from a former vice president of Equity Funding that there was widespread fraud at the company. Dirks confirmed this information with one current and several former Equity Funding employees and communicated it to five investment advisors. The five investment advisors sold or directed the sale of large blocks of Equity Funding stock without disclosure of the information they had received from Dirks. The SEC found that once Dirks had confirmed the information by contact with a number of former insiders, it had a reasonable probability of being true and was, for that reason, material nonpublic information. The SEC also held that Dirks aided and abetted violations of Section 10(b) on the part of the investment advisors who were his tippees. The decision was upheld by the Court of Appeals but _reversed by the Supreme Court on the grounds that the insider did not breach his fiduciary duty by disclosure of the information because there was no benefit to the insider, and thus Dirks did not breach any duty." I.e., Dirks got away with it, after spending lots of $$$ on shysters. IANAL, but I see a trend to let insiders get away with trading on material non-public information in Chiarella v. U.S. (455 US 222 (1980)) followed by Dirks. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Tue Jun 4 00:59:38 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 4 Jun 1996 15:59:38 +0800 Subject: Fate of Ecash if RSA is cracked? In-Reply-To: Message-ID: Alan Horowitz writes: > US SEcret Service was always on top of criminal counterfeiting. I make > that "criminal" distinction becaue there is allegedly a phenomenon of > low-intensity-warfare going on, with Iran sponsoring more-or-less perfect > counterfeits of hundred dollar bills. I wonder what would happen if someone posted PostScript code for printing counterfeit money on a color printer? :-) --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From adam at homeport.org Tue Jun 4 01:02:33 1996 From: adam at homeport.org (Adam Shostack) Date: Tue, 4 Jun 1996 16:02:33 +0800 Subject: MOSS vs. S/MIME vs. PGP/MIME Matrix (fwd) Message-ID: <199606040330.WAA26234@homeport.org> ----- Forwarded message from Rik Drummond ----- >From ietf-request at IETF.CNRI.Reston.VA.US Thu May 30 09:26:53 1996 Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Thu, 30 May 1996 08:05:48 -0500 To: ietf-ediint at imc.org, Electronic Data Interchange Issues , ietf at CNRI.Reston.VA.US Sender: ietf-request at IETF.CNRI.Reston.VA.US From: Rik Drummond Subject: MOSS vs. S/MIME vs. PGP/MIME Matrix Source-Info: From (or Sender) name not authenticated. The EDI over Internet (EDIINT) working group will recommend standards which facilitate "EDI interoperability over Internet - Now" during the third quarter of 1996. Two of the many requirements are the implementation of encryption and signature for EDI transactions using existing standards/products, such as: MOSS, S/MIME, PGP/MIME and DMS. These four standards/products "generally" fit the needs of the EDIINT effort. We must choose those that best fit our requirements. A Comparison Matrix compares the products/standards across over 30 technical and business areas. Please take time to contribute your expertise to the effort by commenting on the existing information. This matrix is the basis for determining which security products/standards/algorithms to use for EDI over Internet. The matrix is also a significant tool for selling our final recommendation to EDI business product development management. The comparison matrix is in html format at http://ftp.sterling.com/edi/ietf-ediint/decision.html. Thank you. Rik Drummond Chair EDIINT ------------------------------------------------------ | Rik Drummond - The Drummond Group | | 5008 Bentwood Ct., Ft. Worth, TX 76132 USA | | Voice: 817 294 7339 Fax: 817 294 7950 | ------------------------------------------------------ ----- End of forwarded message from Rik Drummond ----- -- "It is seldom that liberty of any kind is lost all at once." -Hume From ichudov at algebra.com Tue Jun 4 01:07:03 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Tue, 4 Jun 1996 16:07:03 +0800 Subject: Fate of Ecash if RSA is cracked? In-Reply-To: Message-ID: <199606040508.AAA01035@manifold.algebra.com> Jeremey Barrett wrote: > > The "Idea Futures" forum has established odds on this. The current odds are > > currently 60% that a 1024 bit number will be factored by 2010 and 30% that > > a 512 bit number will be factored by 1997. > > > > True, but by that time I'll be able to use 2048 or bigger keys with the same > or better performance as 1024 bit keys now. As long as factoring is > exponential, you can always make it impossible to factor your keys. > And I think it will always be exponential. Actually factoring is not exponential even now. For Number Fiels Sieve method the number of operations is estimated as N ~= exp(((1.923+O(1)) * (ln n)^(1/3) * ln ln n)^(2/3)) (taken from Schneier, A.C., page 256) - Igor. From vince at offshore.com.ai Tue Jun 4 01:08:26 1996 From: vince at offshore.com.ai (Vincent Cate) Date: Tue, 4 Jun 1996 16:08:26 +0800 Subject: Arms Trafficker Page Made CNN! In-Reply-To: <01I5H4HBQ11I8WW2JK@OREGON.UOREGON.EDU> Message-ID: On Mon, 3 Jun 1996 assassin at gladstone.uoregon.edu wrote: > Do you have the cnn story on .../arms-trafficker/? > Just what mention of it was made? They played it again, so I got it on video tape. They were talking about the encryption export issue and then showed my page and said: CNN >But privacy advocates are complaining loudly on the Internet. >This web site calls for civil disobedience by encouraging >people to send this encryption program overseas illegally. The arms trafficker page was shown on CNN computer connection about 3:05 pm Saturday June 1, 1996, and again at 4:05 am June 2. At some point a full transcript of the show should be on: http://www.cnn.com/TRANSCRIPTS/conn/ http://www.cnn.com/CNN/Programs/CompConn/ -- Vince From jeffb at sware.com Tue Jun 4 01:08:34 1996 From: jeffb at sware.com (Jeff Barber) Date: Tue, 4 Jun 1996 16:08:34 +0800 Subject: Saw this on CNN: Anonymous Stock tips over IRC as bad??? In-Reply-To: <199606032029.QAA05821@jekyll.piermont.com> Message-ID: <199606040227.WAA16036@jafar.sware.com> Perry E. Metzger writes: > Jeff Barber writes: > > So perhaps Tim over-simplified by saying that there were no limits on > > what ordinary employees could do. OTOH, it seems that Perry also > > over-simplified by flatly stating that Tim's trades while an Intel > > employee were "illegal". > > First of all, I never said that Tim's trades were illegal -- indeed, I > never mentioned Tim except to say that following his advice didn't > seem like a particularly safe course to take. Second of all, I can't > comment on whether Tim's trades were within the letter of the law or > not. Indeed, it would be difficult even if one knew all the > circumstances since the definition of "material non-public > information" is so hard to pin down. In response to Tim's message wherein he described trading in Intel stock while an employee there, you wrote (in message <199606031523.LAA05288 at jekyll.piermont.com>): > > Under the rules, if you have nonpublic > > information, even if you are not a corporate officer, you are an > > insider for purposes of "insider trading" and your trades are illegal. Sorry if I misinterpreted this. > The point of all this was not that one shouldn't participate in the > employee payroll stock purchase plan. The point was that a random > person on the street who gets told a 'hot tip' is probably subject to > the insider trading laws, never mind that he wasn't an employee or > what is conventionally thought to be an "insider". OK. The only point I want to make is that thousands of us do this to some extent every year and the risk apparently isn't terribly high. Each person who works for a large corporation has *some* "non-public information" which helps them decide whether to participate in the stock purchase plan next year. (Obviously if I think the company's going to tank, I won't buy any more shares.) I haven't seen anyone attempt to define "material" but I'll concede that it's vague enough to be dangerous to anyone whose trades are large enough to attract attention. -- Jeff From rah at shipwright.com Tue Jun 4 01:11:46 1996 From: rah at shipwright.com (Robert Hettinga) Date: Tue, 4 Jun 1996 16:11:46 +0800 Subject: e$: Interbank Digital Cash Clearing, Better Living through Message-ID: --- begin forwarded text Date: Mon, 3 Jun 1996 21:03:16 -0400 To: Multiple Recipients of e$pam From: e$pam at intertrader.com (e$pam) Reply-To: e$@thumper.vmeng.com X-Comment: To unsubscribe, send an email to e$pam-request at intertrader.com X-Comment: containing the command "unsubscribe e$pam" Precedence: Bulk Subject: e$: Interbank Digital Cash Clearing, Better Living through X-orig-from: Robert Hettinga X-e$pam-source: owner-ecash at digicash.com Forwarded by Robert Hettinga ----------------------------------------------------------------------- X-Sender: rah at tiac.net Mime-Version: 1.0 Date: Mon, 3 Jun 1996 17:34:31 -0400 To: ecash at digicash.com From: Robert Hettinga Subject: e$: Interbank Digital Cash Clearing, Better Living through Walletware, Microintermediation, Net.Currencies and ECM Sender: owner-ecash at digicash.com Precedence: bulk -----BEGIN PGP SIGNED MESSAGE----- e$: Interbank Digital Cash Clearing, Better Living through Walletware, Microintermediation, Net.Currencies and ECM June 3, 1996 Boston,Massachusetts People have asked me what I think about interbank digital cash clearing, and I say I'm all for it. Flippant comments aside, I'm not sure I can add anything to the discussion, but I'll take a shot at it. It's easy to argue that there's no real need right now for *on-net* interbank clearing, especially with online cash. If you handle the transactions right, the merchant just verifies and deposits cash as it comes in. This works especially well with the underwriter-as-internet-ATM-machine model I like to use in discussion. (I include that here only by reference, as I've beat it to death. The e$ home-page is http://thumper.vmeng.com/rah/ ) If the trustee behind the underwriter is, well, trusted, to do deposits as well as withdrawls, then the "problem" of interbank clearing on the net itself goes away. Actually, we just translate it into "normal" world of book-entry banking transactions, and the trustee does the interbank clearing there. Same as it ever was. In this scenario, if the customer presents a certificate requiring change, the change can be issued in the same transaction as the deposit of the rest of the transaction's proceeds. Frankly, in a world of ubiquitous networks, this is clearly the way to go for merchants of any means whatsoever, because it's completely safe for them, and it doesn't matter who the underwriter of the cash is. With the proper level of software abstraction, it may not even matter what the cash protocol is. However, networks are a long way from ubiquitous, and that means offline transactions for a lot of cases. Fortunately, if we want to think about offline transactions, we can pilfer some more ideas from, as usual, the market for traveller's checks. When a merchant deposits a traveller's check, her bank clears it like any other check. That's possible because not only is the check secured, but it is hard to replicate. Most importantly, American Express offers a virtual guarantee of payment even if the checks are proven to be lost or forged, which speaks volumes about the susceptability of the system to any large-scale fraud. However, in the unlikely event that AmEx goes out of business, the merchant, not the bank, would be left holding the bag, just like she would be with a bounced check. Obviously, the same thing happens with money orders, a market in which there are many more issuers. All banks issue money orders, but traveller's checks require large consumer marketing campaigns, so there are fewer underwriters of them. So, if it is possible to build linkages between digital cash and the checking system through the merchant's bank, we might have another solution. Fortunately, this is no problem. A merchant takes in various forms of off-line cash all day and deposits it electronically at the time she deposits her other money. The bank validates, clears, and deposits the cash right there at the teller/ATM, through it's connections to the net. This is (barely!) analogous to what happens to a traveller's check or money order, which is deposited and sometimes physically flown to the issuer's bank to clear, and paid back to the depositor by fed wire to settle the transaction. Making change for the transactions themselves in this scenario is problematic, but the merchant can just hand back physical cash, just like she does with traveller's checks. An all-electronic variant on this "mixed-money" change method is for the merchant to hand back whatever digital-note change she has, regardless of who issued, and this implies a lot of preconditions, but it's not as scary as it looks, which we'll see in a little bit. Right now, when we talk about the need for interbank clearing, a lot of people seem to be talking about offline cash. As we saw, online clearing is pretty much a geodesic process, because you're connected straight to the underwriter of the cash you're using for the transaction under way. It's hard for me to see any need for on-net intermediaries for online cash, at least for the time being, because the trustee, the actual financial intermediary in the transaction, is hooked into the "physical" financial system of banks, ATM networks, and central-bank fund-wires. I'll talk about on-the-net financial intermediaries a bit later, though, and there might be one wild card, but I'm not sure. In the same way that I claim that certificate-based clearing and settlement is always going to be cheaper than book-entry methods, I think that offline cash is always going to be cheaper at the margin than online cash. The risk of offine transactions is always going to be double-spending, and that has to be traded against convenience, lower cost of not needing net access and the absolute anonymity you can get by not having to ever reveal yourself to even the underwriter of the digital cash in question. My claim of "marginally cheaper" for offline cash is strictly because of the lack of a net connection, but this cost-component will continue to fall into the forseeable future, so it will be less of an issue. Today, however, with only tens of millions of people on the net out of a world population in the billions, off-line digital cash has a significant cost advantage, and as long there's a bank with in a few transactions' proximity to the offline transaction in question, I think it can still be pretty safe to do offline digital cash transactions. Precicely because we're only a transaction-hop or two from an on-line transaction, double spending is reduced to a physical phenomena at the smartcard-to-smartcard level, which is much easier to deal with. The hoary old bugbear people like trot out at times like this, that of a bajillion salami-slice transactions done simultaneously all over the net all at once, goes back under the bed -- or back into the monster closet -- where it belongs. (Speaking of bugbears, remember, the problem of someone stealing a bank's key, and literally printing free money, is more a problem of issuing digital cash batches with expiry dates than anything else. More to the point, the problem belongs to a single underwriter, and not to a robust market with many competing underwriters.) Anyway, the upshot of the double-spending problem is that it assumes a world of strictly offline transactions, which is almost as ludicrous as a world of strictly online transactions. ;-). Any robust and marketable system of digital cash will need to be able to do both. Like I said above, the transaction handling mechanisms are everything in a multi-underwriter, multi-trustee, and even multi-certificate-protocol regime. We need to have a set of standards for digital cash clearing and settlement which makes the actual issuer as transparent as possible to the transaction's participants. After all, that's what we have with checks. The bank the check's drawn on doesn't really matter. To a lesser extent, neither does the issuer of a traveller's check or money order. Who printed the check *certainly* doesn't matter. That's about where we want to be with digital cash. If I want to buy something from you with ecash, the last thing we should care about is the mechanics of the transaction, and *that* includes who the issuer of the cash is, who the trustee is who's going to do the interbank settlement out in the book-entry world, who the protocol designer is who invented the type of cash we're using, who the software developers were who developed my wallet and your register. None of that. We just want to settle the trade. Better living through walletware. That means that we need think about multi-underwriter clearing from the outset, preferrably at the merchant level, and I'm sure that's what Digicash is moving towards. Digicash's walletware and registerware, or anyone else's for that matter, should be able to transact business with ecash of any form, without discrimination. If I spend some ecash with you, your cash register should take any and all combinations of my Deutche-ecash, or my Twain-ecash, or my Finn-ecash, validate them online with their underwriters (whose responsibility for transaction clearing turnaround should make speed a major selling point to their customers), and hand me back change however I want it, choice of underwriter (or not) and all. In fact, if everything works out, and markets for digital cash underwriting become efficient and competitive, then *who* underwrites my ecash becomes less of an issue to me over time. One form of ecash is as good as another, because it all interoperates. So, if we assume that walletware takes different protocols, it seems that the dominant digital cash protocol would be that which operates best from the *underwriter's* standpoint, which is where it should be, since they're the ones whose reputations are being risked, "rented", as it were. Okay. Let's look quite a few years ahead, to a time when most money that comes onto the net stays here and just gets moved around, to digital bearer bonds, or to digital mutual fund certificates, or whatever. Let's say that Tatsuo Tanaka's scenario has come to pass. That is, because the money's not leaving the net as soon as the transaction takes place, like we've been talking about, the digital cash underwriters and trustees, most likely with the knowing collusion of users who want to pay lower purchase discounts, start "creating" money by issuing cash against fractional, instead of 100% reserves. More to the point, to follow Tanaka some more, a panic or two brought about by these shenanigans has caused the underwriters to police themselves by creating some kind of independent currency control for various associations of fractional-reserve underwriters, much in the same way that fractional reserve bank panics were handled prior to the advent of central banking. We may even have several full-blown internet currencies, controlled by currency boards of some kind. I'm not talking about nation-states, here, either. All of this could be done on a private basis. Real live private currencies, offered by an association of digital cash underwriters. This is a *long* way off, but do you see what I'm getting at here? What we end up with is an on-the-net interbank clearing system, doing just what the book entry system does now, only without governments or central banks in the middle. We have intermediaries in the form of a board which manages the quantity of a given private currency based on "foriegn" reserves, that is, the holdings in its member banks in the *other* currencies, which prevents monitary inflation, and that's one place where the "interbank" clearing takes place. In this environment, we also have currency hedgers and speculators, who make (or save) money by trying to figure out where currencies of various kinds are going to go relative to one another. These days we have institutions moving large amounts of currencies around, doing insecure trades on secure networks. However, the technology of digital bearer certificates and ubiquitous public networks could enable a legion of very small autonomous entities to do the same kinds of activity that the big boys do now. So we don't get "disintermediation", which lots of people see right now with the merger of your local savings bank into a big conglomerate, or your local stockbroker getting bought or put out of business by a discount broker or mutual fund. We end up with "microintermediation". Actually, I've written about the same idea elsewhere, of underwriting "bots" providing ubiquitous auction markets for things like personal digital bearer bonds, etc., but in this case we have a bunch of trading 'bots making secondary markets in currency, hedging and speculating on price fluctuations for money, all like a bunch of microscopic George Soroses. Like George Soros and his famous takedown of the EU's exchange mechanism, these bots would be who actually "determine" the price of a given net.currency versus another, and not the net.currency boards at all. Okay. I've wandered way out here on a limb, and I'm going to climb off of it soon, before I either fall or someone cuts it off. :-). However, before I go, let's look at something which actually happened, and which may be a pointer to what could happen again soon, without too much trouble. I'm talking about ecm, or the electronic cash market trading list. Last summer, when I got back from my New Orleans trip, I was up in Montana hanging out while my wife was at an educator's conference, and Lucky Green sends me e-mail about having just sold, for cash, some of the demo "cyberbuck" certificates that Digicash was issuing at the time. I commented about this to cypherpunks, one thing led to another, and the next thing I knew, Rich Lethin had started up a mailing list and set up a protocol for trading these beta-certificates for cash over that list. He named the list ecm. (Send "info ecm" in the body of a message to majordomo at ai.mit.edu, if you want to see what the fuss was all about.) It was used sporadically up to the time when, you guessed it, Mark Twain came on line with *actual* digital cash, and people stopped trading beta-certificates altogether. I can't even remember what the last settlement price was, but it was pennies on the dollar. Actually, now that I remember it, there was a period where the beta-certificates were traded for real Mark Twain ecash on someone's web-page and then announced on ecm, but things have pretty much gone moribund on ecm lately. I haven't seen a trade go across in many months. ECM is the "wild-card" exception to using the current banking system for interbank digital cash clearing. The one that I was talking about above, after I said we didn't really need an interbank clearing mechanism on the net itself. If someone wanted "clear" these different versions of ecash on the net some day, they could just take positions in both the Finnish, Mark Twain, and eventually Deutchebank certificates, and run a little currency exchange operation for fun, and maybe profit, between the three by announcing their bid/ask prices on ecm in both certificates. Hint: buy low, sell high. :-). They could even do currency-speculation-by-proxy by taking different positions in these certificates if they wanted to. It may even be that someone could do this and make a living at it, someday, if enough digital cash was used on the net, particularly if they could do it cheaper than it would cost someone to "deposit" their cash, through an underwriter, into their own bank account. Would income or capital gains taxes be considered part of that deposit "cost"? As Francis Urquart (RIP) used to say, "*You* might say that, but *I* couldn't possibly comment." Cheers, Bob Hettinga -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMbNaLPgyLN8bw6ZVAQHf6QP/aDY1bhj+ZaG/yTGqezDpnuYYn2Gp2lVE QTTb8z5e9CLWDRMfLCEsFYs8OoXaWNa6NWmDTnpM44NuDawzfqmywWV4RIUyTp1B /ArcruU7z1LiCJUFI8XByGwQiGKsqVRVaoybf2QXP2NGeNSYuYol8s6umcmznzbR cXqvCdBMW/s= =YW/2 -----END PGP SIGNATURE----- ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "If they could 'just pass a few more laws', we would all be criminals." --Vinnie Moscaritolo The e$ Home Page: http://www.vmeng.com/rah/ -------------------------------------------------- The e$ lists are brought to you by: Take Your Business Online with Intertrader Ltd, Edinburgh, U.K. Visit http://www.intertrader.com or email info at intertrader.com Making Commerce Convenient (tm) - Oki Advanced Products - Marlboro, MA Value-Checker(tm) smart card reader= http://www.oki.com/products/vc.html Where people, networks and money come together: Consult Hyperion http://www.hyperion.co.uk info at hyperion.co.uk See your name here. Be a charter sponsor for e$pam, e$, and Ne$ws! See http://thumper.vmeng.com/pub/rah/ or e-mail rah at shipwright.com for details... ------------------------------------------------- --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "If they could 'just pass a few more laws', we would all be criminals." --Vinnie Moscaritolo The e$ Home Page: http://www.vmeng.com/rah/ From unicorn at schloss.li Tue Jun 4 01:34:09 1996 From: unicorn at schloss.li (Black Unicorn) Date: Tue, 4 Jun 1996 16:34:09 +0800 Subject: your mail In-Reply-To: <199606040046.RAA17821@netcom6.netcom.com> Message-ID: On Mon, 3 Jun 1996 qut at netcom.com wrote: > ncr terminals are the most 31173 D0Dz I think you mean 31337. (eiite doesn't make much sense) --- My preferred and soon to be permanent e-mail address:unicorn at schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information Opp. Counsel: For all your expert testimony needs: jimbell at pacifier.com From dlv at bwalk.dm.com Tue Jun 4 01:40:18 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 4 Jun 1996 16:40:18 +0800 Subject: Anonymous stock TRADING (was Saw this on CNN: ) In-Reply-To: <199606040240.VAA31145@manifold.algebra.com> Message-ID: ichudov at algebra.com (Igor Chudov @ home) writes: > Which brings up another ignorant question: suppose that I am a > corporate officer who does receive substantial "insider" information, > for example results of audits, before they become public. What would > prevent such an insider from creating a phony offshore trading company, > and sending orders to that company using cypherpunks technology? If he doesn't report the income from the trades, the IRS may nail him. If he does, then they'll look at what trades he did. Interestingly, all this trading on inside information didn't use to be a crime in the U.S. at one time, and is not a crime in most of the world. Most non-Americans view access to material nonpublic information as one of the job perks, just like the ability to sexually harrass one's secretary. Interested cpunks should check out the book _International Investments_ by Bruno Solnik (0-201-56707-5). It doesn't talk about insider trading, but it has some fascinating comparisons of market practices in different countries, and some thoughts on the value of anonymity vs. reputation. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Tue Jun 4 01:48:15 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Tue, 4 Jun 1996 16:48:15 +0800 Subject: Saw this on CNN: Anonymous Stock tips over IRC as bad??? In-Reply-To: <199606032029.QAA05821@jekyll.piermont.com> Message-ID: "Perry E. Metzger" writes: > Jeff Barber writes: > > I trust it won't stun you to find that many, many large and even small > > corporations -- including my current employer [*NOT* SecureWare, BTW, > > despite the email address] -- actually encourage their employees to buy > > stock by offering stock purchase plans as a benefit of employment. > > Yup. Indeed, its perfectly legal and even common to trade in the stock > of your own company, even if you are a corporate officer. HOWEVER, > that doesn't mean that you are safe against insider trading charges. High-level corporate officers have to file a special form with the SEC whenever they trade the stock of their corporation. This information is then publicly available. The Wall St. Journal reports monthly on large insider trades reported to the SEC. I'm aware of at least one service (in Florida) that takes the paper forms from SEC, does data entry, and sells the data in computer-readable form. Several studies showed something interesting: a) If someone trades with the insiders, s/he'll have the same returns as the market or worse; b) If someone follows only the highest-level insiders (directors and CEO's) as soon as their trades become known (which is about 4 weeks after the trade), they'll generally beat the market. This seems to indicate that a) insiders on the average are misguided, b) highest level insiders do profit from their insider knowledge. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From grafolog at netcom.com Tue Jun 4 02:08:37 1996 From: grafolog at netcom.com (jonathon) Date: Tue, 4 Jun 1996 17:08:37 +0800 Subject: Saw this on CNN: Anonymous Stock tips over IRC as bad??? In-Reply-To: <199606031507.LAA15317@jafar.sware.com> Message-ID: Jeff: On Mon, 3 Jun 1996, Jeff Barber wrote: > IANAL, but I think you must be wrong about this, Perry. If this were Tim is calling any trade by an Insider, as being insider trading. Perry is saying anybody can do insider trading. > the case then, as an employee of company XYZ, I would never be permitted > to buy XYZ stock (which is clearly not the case) since I *always* have An Insider may trade stock. s/he simply has to announce their intention to do so 30 or more days beforehand. << I probably have the number of days wrong, but it is at least 30. >> From my little black legal dictionary: Insider: Defined in Securities and Exchagnes Act. 15 USC 78p(a) ( 1964) An insider is every officer and director of a corporation and any person who owns more than ten percent of the stock of taht corporation. Insider Trading: Buying or selling corporate stock by by a corporate officer or other insider who profits by his access to information not available to the public. << Skip several paragraphs >> The prohibition against trading on inside inforamtion is enforced regardless of whether the trading is done by an insider, or by an unscrupulous investor who has been tipped off by an insider. *** end of legal defination *** I don't have legal citations, but I do remember a scandal in the sixties, involving secretaries passing information on to others, who were convicted of insider trading, amongst other things. << Not the secretaries, but those they passed information onto, were convicted. >> Then for those who believe that TV is real life, at least one episode of LA Law dealt with insider trading --- a secretary << I think -- I don't watch TV >> was getting stock tips from an insider, and traded on that advice. She hadn't a clue as to what she was doing, but made a pretty penny. And was arrested for Insider Trading. She didn't even know taht that was what she was doing. << First aired three or four season's ago, I think. >> xan jonathon grafolog at netcom.com ********************************************************************** * * * Opinions expressed don't necessarily reflect my own views. * * * * There is no way that they can be construed to represent * * any organization's views. * * * ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * * * http://members.tripod.com/~graphology/index.html * * * *********************************************************************** From gcjones at ix.netcom.com Tue Jun 4 02:11:02 1996 From: gcjones at ix.netcom.com (gcjones at ix.netcom.com) Date: Tue, 4 Jun 1996 17:11:02 +0800 Subject: Editorial on Crypto Policy -- 6/3/1996 Sacramento Bee Message-ID: <1.5.4.16.19960603213652.224f84fa@popd.ix.netcom.com> Thought y'all might find this interesting: Editorial in The Sacramento Bee, June 3, 1996 --------------------------------------------- THE VALUE OF ENCRYPTION In a report commissioned by Congress, the National Research Council has injected some perspective into the noisy and often uncivil debate over encryption of electronic communications. Although the Clinton administration shows no signs of heeding the NRC's advice, Congress will find the NRC recommendations an excellent guide to national encryption policy. For years, the extremes in the debate over the administration's efforts to restrict the use of encryption have focused on rival bogeys. Intelligence and law enforcement have warned of the specter of terrorist or criminal groups able to use encryption to prevent detection by wiretapping. In reply, civil libertarians opposed to Clinton administration efforts to promote an encryption standard that would leave government agencies with the key to open up all communications to scrutiny have held up the specter of "Big Brother." By contrast, the NRC panel -- which was chaired by Kenneth Dam, a deputy secretary of state in the Reagan administration, and included a distinguished group of former top law enforcement and Pentagon officials -- took a more nuanced approach. The spread of encryption, the panel agreed, will make it harder for spies and cops to listen in on enemies and signals. But the greater terrorist and criminal threat, it concluded, arises from electronic networks vulnerable to tampering. The law enforcement benefit from the wider use of encryption to keep a terrorist hacker from shutting down the air traffic control system or an electronic criminal from looting bank transactions will outweigh the diminished utility of wiretapping. Thus, the panel recommends that national policy promote the use of encryption to protect vital communications systems, such as voice and cellular telephone systems, from intrusion by criminals. To give businesses and individuals confidence in encryption, standards and technology should be driven by the market and by users, not by the government. And because current restrictions on the export of encryption software leave U.S. firms abroad vulnerable and inhibit the use of the best encryption in U.S. products, it also recommends relaxation of those controls. The burgeoning Internet and expanding wireless communications will be essential to the economy's growth over the next generation. But those technologies can never achieve their full potential if commercial transactions and personal communications are vulnerable to interception. The NRC report makes plain that encryption is less of a problem than a solution. Its recommendations provide Congress with a guide to policy at a time that the Clinton administration is paralyzed, its finger in the dike, protecting against a technological flood that it cannot hope to control. Copyright, 1996, The Sacramento Bee -------------------------------- Glenn C. Jones "If you're walkin' on thin ice, you might as well dance." -------------------------------- From grafolog at netcom.com Tue Jun 4 02:34:47 1996 From: grafolog at netcom.com (jonathon) Date: Tue, 4 Jun 1996 17:34:47 +0800 Subject: DEMOGRAPHICS v. ANONYMITY In-Reply-To: <2.2.32.19960603171454.00717340@popmail.crl.com> Message-ID: On Mon, 3 Jun 1996, Sandy Sandfort wrote: Not Sandy, but somebody else wrote: > >I also shop only with cash, here and elsewhere. > >Double-blinded e-cash will be the only way to go, if it > And I bet they don't turn down your cash just because it > contains no demographic data. Thus demonstrating the If that purchase is for more than $5K, they will turn down your cash, unless you also provide #1: Your name #2: Your Address #3: Proof of Identity. Reason: _current_ IRS Requirements. xan jonathon grafolog at netcom.com ********************************************************************** * * * Opinions expressed don't necessarily reflect my own views. * * * * There is no way that they can be construed to represent * * any organization's views. * * * ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * * * http://members.tripod.com/~graphology/index.html * * * *********************************************************************** From frantz at netcom.com Tue Jun 4 02:47:31 1996 From: frantz at netcom.com (Bill Frantz) Date: Tue, 4 Jun 1996 17:47:31 +0800 Subject: Java Message-ID: <199606040626.XAA09729@netcom7.netcom.com> At 10:22 PM 6/3/96 -0400, Perry E. Metzger wrote: >I've been rather hard on Java here lately. I'll say. You have also ignored some of Java's other features. Machine independence is probably the most important. A nice, small, easy to learn language is another. [As an aside, when I attempted to compile Wai Dei's crypto lib 2.0 with the Symantec Project Manager C++ compilers, none of the 3 would compile it. The one which generated the fewest errors had "internal error" on two modules. This problem occurs because C++ is such a large language, with a number of obscure features which compiler writers don't always handle. In addition, C++ is in no way machine independent. The simplest example is that sizeof(int) is machine dependent.] > >... > >Sun is, unfortunately, suffering from a substantial hubris problem. As >I have noted, the original Java applet security model and all the >followups have had exactly the same problem -- they depend on perfect >implementation of every element of the security model for the security >to work, instead of having the realistic and conservative assumption >that portions of the model will be misimplemented, and designing for >defense in depth. If you want defense in depth, run your Java interpreter in an OS environment which limits the interpreter's access to only those resources you wish it to access. I get the impression that the environment you are concerned with is a bunch of PCs running W95 or NT. These OSs are fragile enough, particularly to the denial of service attacks your users can not tolerate, that the only way to approach safety is to only run software which has been approved by an in-house testing authority. Even with the in-house testing authority, you really need a better OS to protect against testing failures. >Beyond that, however, they have created the ultimate hype >monster. Java is a neat idea looking for a good application. I use the >web all day long and I have yet to see a good use for Java. There have been discussions of crypto applications in Java. Doing the crypto on the user's system before sending data thru the net is a useful application. While, as a number of us have pointed out, there are problems doing crypto with Java, it may be the easiest way to deliver strong crypto quickly to Joe Websurfer. In the long run, I hope to use Java to sell cycles. Java has the advantage in a cycle market that it is machine independent, and the Just In Time compilers should make the performance reasonable. Regards - Bill ------------------------------------------------------------------------ Bill Frantz | The CDA means | Periwinkle -- Computer Consulting (408)356-8506 | lost jobs and | 16345 Englewood Ave. frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA From shamrock at netcom.com Tue Jun 4 03:03:15 1996 From: shamrock at netcom.com (Lucky Green) Date: Tue, 4 Jun 1996 18:03:15 +0800 Subject: Java Crypto API questions Message-ID: At 16:22 6/3/96, jim bell wrote: >A signature is just that: A signature. It doesn't encrypt or decrypt. It >doesn't even ALLOW the system it's in to encrypt or decrypt, because there >are numerous encryption programs written that have no need for such a >signature. If no program existed which _used_ that signature, nobody would >think twice about exporting it. > >The fact is, it is LEGAL to import encryption code into the US. It is LEGAL >to generate an hash of that code, and it is LEGAL to export that hash. To >believe otherwise is to broadly expand the scope of export laws far beyond >what they were intended to mean. First, the ITAR are not laws, but regulations. Second, there are many that believe that applying ITAR to crypto software is already expanding the scope of the regulations far beyond what they were intended to mean. Let us not forget that the ITAR were written to prevent the proliferation of military technology. Applying them to mass market crypto software does not aid this original goal in any way. At one point, the existing ITAR began to be used to further a cause utterly unrelated to their original intend: limiting the domestic market penetration of strong crypto systems. Disclaimer: My opinions are my own, not those of my employer. -- Lucky Green PGP encrypted mail preferred. From jimbell at pacifier.com Tue Jun 4 03:55:41 1996 From: jimbell at pacifier.com (jim bell) Date: Tue, 4 Jun 1996 18:55:41 +0800 Subject: CWD: "Jacking in from the "One that Got Away" Port Message-ID: <199606040610.XAA02467@mail.pacifier.com> At 10:19 PM 6/3/96 -0500, Declan McCullagh wrote: >(By Brock Meeks / brock at well.com / Archived at http://www.cyberwerks.com/) > > > CyberWire Dispatch // Copyright (c) 1996 // > A virtual tactical nuke was hurled into the arcane subculture of > encryption technology Monday when RSA President Jim Bizdos revealed > that his company's Japanese subsidiary had developed a monster chipset > capable of scrambling voice and data real time with a so-called "key > length" of up to 1024 bits. I don't mean to be overly critical, but why not provide for the possibility of longer keys? The RSA key only has to be exchanged and decoded once per call, presumably, which suggests that there shouldn't be a problem to do 2048-bit keys. Admittedly, 1024 bits will be good for many years, but... > That key length stuff is just so much gibberish to those playing > without a scorecard, so let me drill down on it for you. Basically, > the longer the key length, the harder it is for a message to be broken > by "brute force" automated attacks. Current U.S. laws prohibit the > export of any encryption device with a key length longer than 40-bits, > or roughly the equivalent of Captain Crunch decoder ring. For hardcore > math types, I'm told that a 1024-bit key length is 10 to the 296th > power more difficult to break than 40 bits. I sure do wish they'd get things like this a bit more accurate... Oh, well, I suppose it doesn't really matter... Jim Bell jimbell at pacifier.com From WlkngOwl at unix.asb.com Tue Jun 4 04:39:33 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Tue, 4 Jun 1996 19:39:33 +0800 Subject: CWD: "Jacking in from the "One that Got Away" Port Message-ID: <199606040831.EAA12343@unix.asb.com> On 3 Jun 96 at 22:19, Declan McCullagh wrote: > (By Brock Meeks / brock at well.com / Archived at http://www.cyberwerks.com/) > CyberWire Dispatch // Copyright (c) 1996 // > Jacking in from the "One that Got Away" Port: [..] > That key length stuff is just so much gibberish to those playing > without a scorecard, so let me drill down on it for you. Basically, > the longer the key length, the harder it is for a message to be broken > by "brute force" automated attacks. Current U.S. laws prohibit the > export of any encryption device with a key length longer than 40-bits, > or roughly the equivalent of Captain Crunch decoder ring. For hardcore > math types, I'm told that a 1024-bit key length is 10 to the 296th > power more difficult to break than 40 bits. Too bad he got caught up in the gibberish. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From apache at quux.apana.org.au Tue Jun 4 04:44:13 1996 From: apache at quux.apana.org.au (TT) Date: Tue, 4 Jun 1996 19:44:13 +0800 Subject: Why PGP isn't so ubiquitous (was NRC Session Hiss) In-Reply-To: Message-ID: On Tue, 4 Jun 1996, TT wrote: > I think it is actually easy to use, although granted others may not; but > that people tend not to use it as a matter of course (and it is my belief > this is a desireable thing) due too the time taken to manually sign mail > or sign and encrypt. Correction: should read...it is my belief this is _not_ a desireable thing.. -- .////. .// Charles Senescall apache at quux.apana.org.au o:::::::::/// apache at gil.com.au >::::::::::\\\ Finger me for PGP PUBKEY Brisbane AUSTRALIA '\\\\\' \\ http://quux.apana.org.au/~apache/ From poh at iss.nus.sg Tue Jun 4 04:49:58 1996 From: poh at iss.nus.sg (Peter Oh Siu Wai) Date: Tue, 4 Jun 1996 19:49:58 +0800 Subject: Greetings from Star+Globe Message-ID: <199606040800.QAA24778@iss.nus.sg> Dear Sir/ Madam, Greetings from Star+Globe Technologies! Thank you for accessing & using our WinMASS. It is indeed our pleasure to bring you the multilingual world at your fingertips. To pursue our objective of delivering the best and most cost effective solution for all your multilingual computing needs, we appreciate your support and encouragement. May we take this opportunity to seek your views and suggestions on WinMASS, based on the Cyber Launch of May 15th, 1996 wherein you have registered. 1.Did you have any problems while downloading WinMASS? Please specify. 2.Have you tried and explored WinMASS? 3.Is WinMASS informative and complete? did you find anything missing? 4.With what application did you use WinMASS? were you satisfied? 5.Have you used / using any other Multilingual Software? 6.What is your working platform for Hardware and Software? 7.What features do you like most about WinMASS? 8.What additional features would you like to have? 9.Do you have any specific querries that you would like us to answer? 10.Any other valuable feedback is welcome. We want to improve our service to you. Your support and cooperation is highly desired and will be helpful to do our best. Thank you and look forward to receiving your valuable information at any of the following e-mail address: info at starglobe.com.sg sales at starglobe.com.sg venki at starglobe.com.sg Best Regards, Venki Char From WlkngOwl at unix.asb.com Tue Jun 4 05:55:12 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Tue, 4 Jun 1996 20:55:12 +0800 Subject: Why PGP isn't so ubiquitous (was NRC Session Hiss) Message-ID: <199606040833.EAA12366@unix.asb.com> On 3 Jun 96 at 21:59, Deranged Mutant wrote: [..] > More likely drop it altogether, or be openly admit they were forced > to include GAK (people will want the source, anyway). I retract the second part of that sentence. *Sigh* --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From gary at systemics.com Tue Jun 4 05:57:22 1996 From: gary at systemics.com (Gary Howland) Date: Tue, 4 Jun 1996 20:57:22 +0800 Subject: CWD: "Jacking in from the "One that Got Away" Port In-Reply-To: Message-ID: <31B3F920.31DFF4F5@systemics.com> > Current U.S. laws prohibit the > export of any encryption device with a key length longer than 40-bits, > or roughly the equivalent of Captain Crunch decoder ring. For hardcore > math types, I'm told that a 1024-bit key length is 10 to the 296th > power more difficult to break than 40 bits. No comment. > Bizdos seems to have found crypto's magic bullet; a legit way to > essentially give the finger to U.S. export laws for crypto product. Really? > In fact, it's a crime even to put a program like PGP on your laptop and > go overseas. The State Department calls that "exporting." Golly day! > After setting up his Japanese unit, he hired a crack team > of Japanese crypto experts who essentially "reverse engineered" the > company's own U.S. crypto product, according to Kurt Stammberger, RSA > director of technology marketing. Hot dang! > It was a brilliant move. Bizdos > can't be slammed by the State Department for violating crypto export > laws because, well, he didn't export a damn thing, except some U.S. > greenbacks, which of course, could have gone to U.S. cryptographers, > but let's not quibble about jobs. > Anyone want to kick around the subject of global competitiveness? > > What's happened here is the Japanese have now trumped the entire world > on the crypto market. What's more, Clinton's brain-dead allegiance to > the FBI, et al., has now allowed the Japanese government, which still > owns a large share of NTT, which owns a minority share of RSA's > Japanese subsidiary, to have a lock on the world's strongest encryption > technology. Can you say "Remember the VCR" or "Remember the > Semiconductor" or how about "Thanks, Bill. We're fucked." Yes, the guvmint is really stupid, huh? Remind me not to subscribe to cyberwire ... Serious point - what are the chances that the key generator has been tampered with? (assuming the generation is done within the chipset). Gary -- pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From reply at remail.ecafe.org Tue Jun 4 06:57:24 1996 From: reply at remail.ecafe.org (ECafe Anonymous Remailer) Date: Tue, 4 Jun 1996 21:57:24 +0800 Subject: Gov. archives Message-ID: <199606041107.LAA11420@avignon.hypereality.co.uk> For anyone who hasn't already, check out http://csrc.nist.gov. There is a ton of groovy government info on such things as: Computer Systems Security and Privacy Board NIST pubs and letters Privacy forum archives RISK forum archives Software Unix security info Secure internet connections Crypto module validation Secure hash standard NBS data encryption Key escrow Computer security roles in NIST and the NSA Secure telephone terminals Too much other info to be listed!!! Also, you can access them by ftp@ csrc.nist.gov, or access their BBS. (cs-bbs.nist.gov) Have fun. Remember, Big Brother is watching! From jya at pipeline.com Tue Jun 4 08:50:35 1996 From: jya at pipeline.com (John Young) Date: Tue, 4 Jun 1996 23:50:35 +0800 Subject: NYT on NTT/RSA Chips Message-ID: <199606041054.KAA14598@pipe2.t2.usa.pipeline.com> Connecting Declan's three dots [...]: The New York Times, June 4, 1996, pp. D1, D4. Japanese Chips May Scramble U.S. Export Ban By John Markoff Washington, June 3 -- The Nippon Telegraph and Telephone Corporation has quietly begun selling a powerful data- scrambling chip set that is likely to undermine the Clinton Administration's efforts to restrict the export of the fundamental technology for protecting secrets and commerce in the information age. The existence of the two-chip set, which will have broad potential application for local computer networks, the Internet and telephone switching networks, was disclosed here in a speech today at a public policy workshop by the chief executive of RSA Data Security, a Silicon Valley-based company that has frequently dueled with the Administration over its export-control policies. The executive, Jim Bidzos, said that his company was negotiating with N.T.T., the giant telecommunications concern, to resell the chips in the United States. Mr. Bidzos also said that N.T.T. had already made sales in 15 countries, including in the United States to I.B.M. "N.T.T. has done a lot of research and development work on this product" he said. "There is clearly going to be a lot of demand for their chips." An executive at NTT America said that although there were no restrictions on the export of cryptographic hardware or software from Japan, his company was still anxious to obtain software from RSA Data to use in its chips. That software is still controlled by United States export law, he said. "We'd like to use this technology," said Junichi Kishigami, director of NTT America, which is based in Mountain View, Calif. "It is important to employ good international standards." Mr. Bidzos has been a vocal and longtime opponent of United States export laws that prohibit the sale, without a special license, of products that have powerful data-scrambling capabilities. The Government's policy is directed at limiting the spread of systems that could make it more difficult for American intelligence and law-enforcement agencies to conduct electronic surveillance. Such restrictions have been bitterly opposed in recent years by American computer and telecommunications companies; they have argued that the technology is already widely available internationally and that manufacturers and software developers in the United States are in danger of losing markets to foreign competitors. The N.T.T. technology would seem to support those contentions. "The United States export controls are at risk from Japanese competition," said Stewart Baker, a Washington lawyer who is the former general counsel for the National Security Agency. The N.T.T. device also underscores fundamental differences that exist between Japan and the United States on the issue of privacy in the information age. While United States officials have struggled to maintain their ability to conduct electronic surveillance, Article 21 of Japan's Constitution specifically forbids wiretapping. "It's very interesting that the Japanese regard for privacy in their Constitution translates into better cryptographic technology," said Marc Rotenberg, director of the Electronic Privacy Information Center, a Washington public policy group and an organizer of today's workshop on data scrambling. Mr. Bidzos said that N.T.T.'s chips, which have been developed and manufactured by a subsidiary, N.T.T. Electronic Labs, were far more powerful than the so-called Clipper chip, a data-scrambling system that the Clinton Administration proposed for the nation's telephone system. While the Clipper system has a built-in "back door" intended to permit the F.B.I. to gain wiretap information, the N.T.T. system has no such surveillance feature, It also uses much stronger data-encryption algorithms than United States export laws permit. Those laws restrict the export of encryption systems which employ digital "keys" of more than 40 bits in length. The new N.T.T chips, however, are based on the United States data encryption standard, which has a 56-bit key, and actually triples the strength of that standard. Such a scrambling system is believed to be beyond the capability of the most powerful code-breaking system. In addition to the "private" key system for scrambling data, N.T.T. uses RSA Data's "public" key method to permit computer users who have not previously exchanged information to swap-private key information safely. The N.T.T. system uses the RSA Data key, which is 1,024 bits in length, also far stronger than the United States export regulations permit. "If there is anyone in the Government who hasn't already seen the writing on the wall, here it is," Mr. Bidzos said. He said that RSA Data had set up a small subsidiary in Japan last year and that he was now negotiating with N.T.T. to make a minority investment in that subsidiary in exchange for N.T.T.'s gaining access to the RSA Data public key technology. The N.T.T. technology is at least partly the result of an initiative by Japan's Ministry of International Trade and Industry, which 18 months ago made a $120 million national commitment to develop products to facilitate electronic commerce. "This is a major business opportunity that the Japanese see clearly," said Deborah Hurley, an official at the Organization for Economic Cooperation and Development, the Paris-based international group. RSA Data was acquired in April by Security Dynamics Technologies Inc., a computer security company based in Cambridge, Mass., in a stock deal valued at $250 million. Mr. Bidzos said that the two companies had continued to operate relatively independently. [End] From perry at piermont.com Tue Jun 4 10:49:13 1996 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 5 Jun 1996 01:49:13 +0800 Subject: Alan Coopersmith: BoS: Yet Another Java security bug Message-ID: <199606041258.IAA08929@jekyll.piermont.com> ------- Forwarded Message From: lady0065 at sable.ox.ac.uk (David Hopwood) Newsgroups: comp.lang.java,comp.security.misc,comp.security.unix Subject: Another Java security bug Date: 2 Jun 1996 07:15:06 GMT Organization: Oxford University, England Lines: 30 Sender: david.hopwood at lmh.ox.ac.uk Message-ID: <4orf1q$t6f at news.ox.ac.uk> There is another serious security bug in the class loading code for all currently available Java browsers: Netscape up to and including versions 2.02 and 3.0beta4 (except for Windows 3.x) Oracle PowerBrowser for Win32 HotJava 1.0beta 'appletviewer' from the Java Development Kit, up to and including version 1.0.2 Sun, Netscape, and Oracle have been sent details of the problem (which is partly related to the ClassLoader attack found by Drew Dean et al in March). The attack works by exploiting a design flaw in the mechanism that separates JVM classes into different namespaces. Using this bug, an attacker can bypass all of Java's security restrictions. This includes executing native code on the client, with the same permissions as the user of the browser. No preconditions are necessary other than viewing the attacker's web page, and the process can be made completely invisible to the victim. The only way to avoid this problem at the moment is to disable Java. For more information see http://ferret.lmh.ox.ac.uk/~david/java/bugs/ Further technical details will be posted when Sun, Netscape, and Oracle release patches. David Hopwood david.hopwood at lmh.ox.ac.uk http://ferret.lmh.ox.ac.uk/~david/ ------- End of Forwarded Message From declan at well.com Tue Jun 4 10:54:09 1996 From: declan at well.com (Declan McCullagh) Date: Wed, 5 Jun 1996 01:54:09 +0800 Subject: CWD: "Jacking in from the "One that Got Away" Port In-Reply-To: <199606040610.XAA02467@mail.pacifier.com> Message-ID: Yeah, we fucked up here and are getting rightfully flamed. A more accurate way to say this would be something like: 1024-bit RSA is as hard to crack as three nested iterations of 56-bit DES. The key length for symmetric-key cryptosystems isn't comparable to the key length for public key cryptosystems. And now that I'm at it, I'm now told that it was a Captain Marvel decoder ring. Apologies, all. -Declan > > That key length stuff is just so much gibberish to those playing > > without a scorecard, so let me drill down on it for you. Basically, > > the longer the key length, the harder it is for a message to be broken > > by "brute force" automated attacks. Current U.S. laws prohibit the > > export of any encryption device with a key length longer than 40-bits, > > or roughly the equivalent of Captain Crunch decoder ring. For hardcore > > math types, I'm told that a 1024-bit key length is 10 to the 296th > > power more difficult to break than 40 bits. > > I sure do wish they'd get things like this a bit more accurate... Oh, well, > I suppose it doesn't really matter... > > > Jim Bell > jimbell at pacifier.com > From perry at piermont.com Tue Jun 4 11:21:19 1996 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 5 Jun 1996 02:21:19 +0800 Subject: Fate of Ecash if RSA is cracked? In-Reply-To: <199606040508.AAA01035@manifold.algebra.com> Message-ID: <199606041254.IAA08918@jekyll.piermont.com> Igor Chudov @ home writes: > Actually factoring is not exponential even now. For Number Fiels Sieve > method the number of operations is estimated as > > N ~= exp(((1.923+O(1)) * (ln n)^(1/3) * ln ln n)^(2/3)) > > (taken from Schneier, A.C., page 256) The distinction between that and exponential is rather difficult for most ordinary people to see, and in any case subexponential and exponential are "practically the same" for purposes of this discussion. .pm From unicorn at schloss.li Tue Jun 4 11:31:02 1996 From: unicorn at schloss.li (Black Unicorn) Date: Wed, 5 Jun 1996 02:31:02 +0800 Subject: Anonymous stock TRADING (was Saw this on CNN: ) In-Reply-To: <199606040240.VAA31145@manifold.algebra.com> Message-ID: On Mon, 3 Jun 1996 ichudov at algebra.com wrote: > rick hoselton wrote: > > > > You might also want to ask Ivan Boeskey(sp?). I think he's out of > > Boesky. > > Which brings up another ignorant question: suppose that I am a > corporate officer who does receive substantial "insider" information, > for example results of audits, before they become public. What would > prevent such an insider from creating a phony offshore trading company, > and sending orders to that company using cypherpunks technology? The threat of discovery and punishment? Your mileage may vary. > If we suppose that the agent executing trades (which may even be a > computer, afaik) is trustworthy, the methods to deliver trade orders are > reliable, the computers are protected from van eyck monitoring, and the > officer is not spending too much money openly, what is there to prevent > or prove such violations of the law? Paper trails, informants, corrupt foreign officials, plants, attacks on voice calls between the U.S. and the company, the internal corporate calls. Anything that law enforcement is used to using. It'd be the IRS that you had to really watch for. SEC tends to give up on said programs. I discuss concealing insider trading in my longish work on the subbject of asset concealing. > For example, the trading computer can have pseudonym address > xyz at alpha.c2.org, forwarded through a chain of remailers to > place_order at offshore.com.xx, and the officer sends pgp signed and > encrypted trade orders to that address, again through remailers. What > besides traffic analysis is there to stop such violations? > > Thanks, > > - Igor. --- My preferred and soon to be permanent e-mail address:unicorn at schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information Opp. Counsel: For all your expert testimony needs: jimbell at pacifier.com From perry at piermont.com Tue Jun 4 11:51:03 1996 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 5 Jun 1996 02:51:03 +0800 Subject: CWD: "Jacking in from the "One that Got Away" Port In-Reply-To: Message-ID: <199606041331.JAA09003@jekyll.piermont.com> Declan McCullagh writes: > The key length for symmetric-key cryptosystems isn't comparable to the key > length for public key cryptosystems. You should have stuck with that. > 1024-bit RSA is as hard to crack as three nested iterations of 56-bit DES. Unknown. Cracking 3DES and 1024 bit RSA are both hard, but the algorithms used for brute forcing both of them are very different. I would say that making comparisons between them is probably in general a bad idea, especially given that over long periods of time the techniques used improve at different rates. The conservative attitude is, in any case, always "encrypt until it hurts and then back off a little bit." Perry From rah at shipwright.com Tue Jun 4 12:00:22 1996 From: rah at shipwright.com (Robert Hettinga) Date: Wed, 5 Jun 1996 03:00:22 +0800 Subject: Paper about electronic cash and common currencies available Message-ID: --- begin forwarded text Sender: e$@thumper.vmeng.com Reply-To: Wolfgang Roeckelein Mime-Version: 1.0 (NeXT Mail 3.3 v118.2) Precedence: Bulk Date: Tue, 4 Jun 96 11:14:41 +0200 From: Wolfgang Roeckelein To: Multiple recipients of Subject: Paper about electronic cash and common currencies available Hello everybody, our paper titled "A Common Currency System for Spontaneous Transactions on Public Networks" is available online under http://www.whu-koblenz.de/~wolfgang/CommonCurrency/ Perhaps somebody might be interested. Thank you for your attention, Wolfgang Roeckelein --- Dipl.-Wirtsch.Inf. Voice: +49 941 943 2998 Wolfgang Roeckelein Fax: +49 941 943 4986 Uni Regensburg E-Mail: roeckelein at wi.whu-koblenz.de Universitaetsstr. 31 Wolfgang.Roeckelein at wiwi.uni-regensburg.de D-93053 Regensburg (MIME and NeXTmail ok) Germany WWW: http://www.whu-koblenz.de/~wolfgang/ GCM/B d-- s: a- C++ US+++$ UX+++ P+ L E? W++ N++ w-- O-(++) M+ !V PS++ PE Y+ PGP(++) t+ 5? X? R+ tv b++ DI D++ G e+++>++++ h+ r++>% y? (Geek Code V3.x) --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "If they could 'just pass a few more laws', we would all be criminals." --Vinnie Moscaritolo The e$ Home Page: http://www.vmeng.com/rah/ From perry at piermont.com Tue Jun 4 12:30:20 1996 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 5 Jun 1996 03:30:20 +0800 Subject: Java In-Reply-To: <199606040626.XAA09729@netcom7.netcom.com> Message-ID: <199606041306.JAA08943@jekyll.piermont.com> Bill Frantz writes: > At 10:22 PM 6/3/96 -0400, Perry E. Metzger wrote: > >I've been rather hard on Java here lately. > > I'll say. You have also ignored some of Java's other features. Machine > independence is probably the most important. Many languages are machine independent. Thats hardly a new feature. > A nice, small, easy to learn language is another. Scheme, anyone? However, your point is taken. Java is a neat little language in many ways. However, that isn't cause enough for literally fifty books on the subject to be on display, including breathless ones proclaiming "Tips from experienced Java programmers!" as if there are any in the world at this point. There are dozens of cute little languages in the world -- scheme, smalltalk, etc, etc. I mean, with all the "Teach yourself Java in 21 days" and company books coming out, you would think you were dealing witht he major application programming language for the world instead of something that at the moment is used for almost nothing more interesting than fake scrolling LED sign applets. > If you want defense in depth, run your Java interpreter in an OS > environment which limits the interpreter's access to only those resources > you wish it to access. Since that doesn't exist, it isn't an option for my users. It is not, in any case, my obligation to make Java secure. I'm not the one hyping it. > >Beyond that, however, they have created the ultimate hype > >monster. Java is a neat idea looking for a good application. I use the > >web all day long and I have yet to see a good use for Java. > > There have been discussions of crypto applications in Java. Useless, almost, for a web environment. If you want to really put Crypto in netscape, the plugin facilities and a good C compiler are a better tool, and C is 99% portable. > While, as a number of us have pointed out, there are problems > doing crypto with Java, it may be the easiest way to deliver strong crypto > quickly to Joe Websurfer. You could hand any websurfer a Netscape PGP plugin without much work at all, and you could easily build it on lots of platforms. After all, look at how many platforms that lowly C code like PGP runs on. Perry From bryce at digicash.com Tue Jun 4 13:10:41 1996 From: bryce at digicash.com (bryce at digicash.com) Date: Wed, 5 Jun 1996 04:10:41 +0800 Subject: cycle market Message-ID: <199606041351.PAA21165@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- I was trying to think what I would use a cycle market for. The only thing that I wait for more than a minute on currently is compiling. It might be quicker to ship my source code to a remote compilation service with big pipes and big engines. Considering that I've got a Pentium 120 on my desktop, though, those would have be pretty big engines to make up for the time lost in transmission of source and compiler output (both compiler messages and object files.) Just musing out loud. Regards, Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMbQ/d0jbHy8sKZitAQHRFgL/Ydkbb4ieFryq1ZRwAVPR0/gksKdVMJ88 rWXGmqpHh810mi1vqgEjWL3XSJL1ogoN6GXuvpZQufvN0ldShOr+fDiodYX6g53K gK+6Z5WTUzTS6Wn1I/IGuSQ86Om4+JOg =MQ0q -----END PGP SIGNATURE----- From cme at ACM.ORG Tue Jun 4 14:00:20 1996 From: cme at ACM.ORG (Carl Ellison) Date: Wed, 5 Jun 1996 05:00:20 +0800 Subject: (VTW) BillWatch #48 In-Reply-To: <199606040139.VAA21219@panix3.panix.com> Message-ID: A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 1685 bytes Desc: not available URL: From ncognito at gate.net Tue Jun 4 14:13:20 1996 From: ncognito at gate.net (Ben Holiday) Date: Wed, 5 Jun 1996 05:13:20 +0800 Subject: Asendmail v0.5beta Message-ID: Okay, so i'm an idiot. :) I ran out the door in such a hurry on friday that I didn't bother to make the asendmail package globally readable. Apologies to everyone who tried to get a copy and got a permission denied. It is now really and truely available from: http://www.infonex.com/~ncognito/asendmail.tar.gz Sorry for the hassles. From maldrich at grci.com Tue Jun 4 14:17:31 1996 From: maldrich at grci.com (Mark O. Aldrich) Date: Wed, 5 Jun 1996 05:17:31 +0800 Subject: your mail In-Reply-To: <199606040046.RAA17821@netcom6.netcom.com> Message-ID: On Mon, 3 Jun 1996 qut at netcom.com wrote: > ncr terminals are the most 31173 D0Dz > Sheesh! Come up with a better backwards/upside-down spelling of "elite," will ya? "31173" is pretty lame (as, it would seem, are you), considering you ought to be able to use extended and international character sets..... ------------------------------------------------------------------------- | Liberty is truly dead |Mark Aldrich | | when the slaves are willing |GRCI INFOSEC Engineering | | to forge their own chains. |maldrich at grci.com | | STOP THE CDA NOW! |MAldrich at dockmaster.ncsc.mil | |_______________________________________________________________________| |The author is PGP Empowered. Public key at: finger maldrich at grci.com | | The opinions expressed herein are strictly those of the author | | and my employer gets no credit for them whatsoever. | ------------------------------------------------------------------------- From ncognito at gate.net Tue Jun 4 14:37:56 1996 From: ncognito at gate.net (Ben Holiday) Date: Wed, 5 Jun 1996 05:37:56 +0800 Subject: Electronic Signature Act Of 1996 Message-ID: (Condensed from AP article) Florida now recognizes electronic signatures as legal and binding. In other words - its okay to sign it by modem. The electronic Signature Act of 1996 passed the Legislature unanimously and became law Friday. The law does not specify how an electronic document must be signed, but it probably will mean coding the text and typed signature so they cannot be changed by anyone other than the writer. California and Utah are the only other states that have laws recognizing electronic signatures. From nelson at crynwr.com Tue Jun 4 16:43:12 1996 From: nelson at crynwr.com (nelson at crynwr.com) Date: Wed, 5 Jun 1996 07:43:12 +0800 Subject: Where are the cryptographers going to come from? Message-ID: <19960604152234.175.qmail@ns.crynwr.com> > >----- Forwarded Cyberia-L message (DAVID POST ) -----< > Someone else pointed to a recent story in the Economist, which > listed the leading encryption software/services companies > worldwide, each of which is Israeli. > > Bidzos made the claim, and many others echoed, that the export > controls are in the process of doing nothing more than ceding a > potentially lucrative market to others, a market in which the US > might otherwise be expected to be the dominant player. It may > even, in the eyes of some, be too late to undo this damage. Not only that, but where are the cryptographers of the future going to come from for the NSA to recruit? Israel?? Oh right, foreign nationals privy to our own highest secrets, give me a break. Do they intend to train them themselves? If so, that's identical in principle to universities granting tenure to their own graduates. You get inbred that way, so universities don't do that. The principle behind crypto secrecy presumes that other people don't have the secret. Once they do, you only hurt yourself by trying to keep a double-edged sword in the closet. The NSA believes that they can and should discard any amount of benefits of crypto in exchange for avoiding any harm of crypto. They are wrong. -russ http://www.crynwr.com/~nelson Crynwr Software | Crynwr Software sells packet driver support | PGP ok 11 Grant St. | +1 315 268 1925 voice | It's no mistake to err on Potsdam, NY 13676 | +1 315 268 9201 FAX | the side of freedom. From sinclai at ecf.toronto.edu Tue Jun 4 16:58:22 1996 From: sinclai at ecf.toronto.edu (SINCLAIR DOUGLAS N) Date: Wed, 5 Jun 1996 07:58:22 +0800 Subject: cycle market In-Reply-To: <199606041351.PAA21165@digicash.com> Message-ID: <96Jun4.111407edt.9324@cannon.ecf.toronto.edu> Graphical rendering is one place where I might like a cycle market. Finite element simulation is another. From Clay.Olbon at dynetics.com Tue Jun 4 17:03:08 1996 From: Clay.Olbon at dynetics.com (Clay Olbon II) Date: Wed, 5 Jun 1996 08:03:08 +0800 Subject: Java Message-ID: Bill Frantz wrote: >In the long run, I hope to use Java to sell cycles. Java has the advantage >in a cycle market that it is machine independent, and the Just In Time >compilers should make the performance reasonable. > Has anyone written a Java app to implement the Chinese Lottery? Seems like a natural way to do it. A small cash prize might entice lots of folks to let it run in the background... Clay --------------------------------------------------------------------------- Clay Olbon II | Clay.Olbon at dynetics.com Systems Engineer | ph: (810) 589-9930 fax 9934 Dynetics, Inc., Ste 302 | http://www.msen.com/~olbon/olbon.html 550 Stephenson Hwy | PGP262 public key: on web page Troy, MI 48083-1109 | pgp print: B97397AD50233C77523FD058BD1BB7C0 TANSTAAFL --------------------------------------------------------------------------- From jya at pipeline.com Tue Jun 4 17:23:37 1996 From: jya at pipeline.com (John Young) Date: Wed, 5 Jun 1996 08:23:37 +0800 Subject: (Fwd) Crypto conference Message-ID: <199606041439.OAA23122@pipe2.t1.usa.pipeline.com> >----- Forwarded Cyberia-L message (DAVID POST ) -----< I was at EPIC's annual crypto conference yesterday, and just thought I'd pass along my impressions. It was, as always, extremely interesting; EPIC does a terrific job at these things of getting a very diverse and thoughtful collection of people with interests in crypto policy into the room together, everyone from Whit Diffie and Phil Zimmermann and Eric Hughes to Scott Charney of DOJ and Bruce McConnell of the White House, people from the OECD and the hardware/software community, etc. There were panels on key escrow, digital cash, international developments, and the Karn/Bernstein cases and other domestic policy developments. To me, the most striking feature of the event was what I felt was a new bite to the complaints about export controls. People have been complaining, needless to say, about these for a while -- but the *economic* case for lifting controls is now in the forefront of the discussion in a way that was not the case before, imho. Indeed, there wasn't an enormous amount of talk about the *privacy* implications of encryption this time at all. Jim Bidzos of RSA gave a very powerful talk at lunch, at which he unveiled two chips that are now being mass produced by Nippon Telephone, one incorporating the Triple-DES algorithm, and one with the RSA public key algorithm. Someone else pointed to a recent story in the Economist, which listed the leading encryption software/services companies worldwide, each of which is Israeli. Bidzos made the claim, and many others echoed, that the export controls are in the process of doing nothing more than ceding a potentially lucrative market to others, a market in which the US might otherwise be expected to be the dominant player. It may even, in the eyes of some, be too late to undo this damage. Now, some of this may be exaggerated, special interest whining. But there's an interesting hook here. Many have talked about the importance of control over "standards " in network industries, the importance of obtaining an early dominant position in the market that can appropriate all of the network externalities waiting to be plucked out there. [Mark Lemley has an interesting discussion of this in a piece on antitrust on the Net -- Mark, is that out anywhere yet?] Acting quickly to penetrate the market becomes critical, not just because markets change on "Internet Time," but also because the early entrants have a chance of establishing themselves as de facto standards and thereby extending their dominance over time. This, one can plausibly argue, is what is happening -- has happened? -- in this market. It is more credible in these kinds of markets to argue, as Bidzos was arguing, that if government policymakers wait until there's actual evidence of damage, of "lost market share," to US companies, that it will at that point already be too late to do anything about the damage. ---------- [Second Cyberia-L message by David Post] One other interesting issue generated heated discussion -- as in yelling and screaming between audience and panel -- at the EPIC conference. Scott Charney of DOJ, who heads the US delegation to the OECD crypto guidelines conference, was subjected to pretty heated questioning about the possibility that the US is trying to use the international forum as a way to move a particular policy agenda that is *not* being successfully peddled at home, and then to use the international support as a means of moving the domestic policy debate in that direction. Jamie Boyle of AU was particularly eloquent about this concern (I raised it too, less eloquently) -- I think it fair to say that both of us had the copyright experience in the back of our minds, where, many of us believe, the US has been pushing the "Lehman agenda" in international discussions as a way of presenting Congress with a kind of fait accompli. Charney vigorously denied that this was going on -- he strongly argued that since the OECD guidelines are non-binding (unlike, say, the treaty obligations being discussed in the copyright context), there's simply nothing wrong with discussing these clearly global issues with our international partners. It was, as they say in the press, a spirited exchange. David ********************************* David G. Post, Georgetown University Law Center Postd at erols.com 202-364-5010 Cyberspace Law Institute home page http://www.cli.org ********************************* David ********************************* David G. Post, Georgetown University Law Center Postd at erols.com 202-364-5010 Cyberspace Law Institute home page http://www.cli.org ********************************* From brucem at wichita.fn.net Tue Jun 4 17:24:21 1996 From: brucem at wichita.fn.net (Bruce M.) Date: Wed, 5 Jun 1996 08:24:21 +0800 Subject: Cost of brute force decryption Message-ID: Windows NT Magazine ran an article in their May 1996 issue titled "Secure Enterprise Email - How Safe is Your Mail System" that goes into matters of keeping company email private. PGP and other means of encryption are mentioned along with the following: "If you can ensure secrecy either until no one cares about the information or so that cracking the code costs more than the information is worth, it's 'secure enough.' "For example a 40-bit key takes about $10,000 worth of supercomputer time and two weeks to crack. Although this key may be adequate to protect my checking account, it's probably not large enough for the accounts of a major corporation. "A slightly longer key of 56 bits requres millions of dollars to crack and should protect the information for years to come. A 56-bit encryption key has 2^56-or 72 quadrillion-possible keys. With 1,000 computers, each trying 1,000,000 keys per second, trying them all would take 833 days. On average, you find the key halfway through your search. I was curious as to what type of formula was used to determine these figures since it wasn't mentioned in the article. Obviously, the speed of the computers, method of cracking and other such factors would be important to know. Could anyone shed some additional light on this for me? Thanks. Bruce M. * brucem at feist.com ~---------------------------------------------------~ "Knowledge enormous makes a god of me." -- John Keats From perry at piermont.com Tue Jun 4 17:27:52 1996 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 5 Jun 1996 08:27:52 +0800 Subject: Electronic Signature Act Of 1996 In-Reply-To: Message-ID: <199606041511.LAA09110@jekyll.piermont.com> Ben Holiday writes: > Florida now recognizes electronic signatures as legal and binding. In > other words - its okay to sign it by modem. [...] > California and Utah are the only other states that have laws recognizing > electronic signatures. The lawyers here can correct me if I am wrong, but I get the impression that under the common law, an ink signature is merely a demonstration that a party assented to a contract, and except for certain contracts (which usually require witnesses etc.) there is no requirement in the law that a contract even be on paper. Given this, a digital signature could probably, under existing common law, be used as evidence of intent in a contract dispute just as a paper and ink signature could be, except in cases like real estate transfers which I already mentioned. Perry From raph at cs.berkeley.edu Tue Jun 4 17:59:30 1996 From: raph at cs.berkeley.edu (Raph Levien) Date: Wed, 5 Jun 1996 08:59:30 +0800 Subject: S/MIME key sizes In-Reply-To: Message-ID: <31B45529.747B@cs.berkeley.edu> Lucky Green wrote: > > At 15:58 6/3/96, Raph Levien wrote: > > > Basically, an exportable S/MIME client can transmit messages up to > >1024/40 bit RSA/RC2 (or RSA/DES), and receive messages up to 512/64 bit > >RSA/RC2 (or RSA/DES, but in the latter case I would imagine it's actually > >restricted to 512/56 because of the keysize of DES). Note that the > >asymmetry actually points in different directions for the public and > >symmetric keysizes. > > What will be the maximum keysize for a domestic encryption client? It it is > larger than 1024 bits, there will be interoperability problems with foreign > clients. If the domestic client is limited to 1024 bits, it would set a bad > precedence, since it would effectively require that the encryption key is > smaller than the largest signature key. There is no restriction on non-export keysize, as far as I know. Of course, if you do use a key larger than 1024 bits, then export clients can not encrypt to you. I don't consider this to be a serious limitation. I'd far rather see an error message of "cannot encrypt to client - your software is crippled" than "encrypting to recipient with super-duper 40-bit cipher". The more crippled the export version appears to be, the more pressure there is to upgrade to a non-export version. I object to the word "domestic" to refer to non-crippled encryption programs. I use "non-export" because that seems least likely to cause confusion. Keep in mind that clients developed outside the US are also non-crippled. The word "domestic" seems to unfairly exclude them. Raph From bdurham at metronet.com Tue Jun 4 18:28:17 1996 From: bdurham at metronet.com (Brian Durham) Date: Wed, 5 Jun 1996 09:28:17 +0800 Subject: Gov. archives - NSA In-Reply-To: <199606041107.LAA11420@avignon.hypereality.co.uk> Message-ID: <31B46EB2.4470@metronet.com> Also interesting from a historical cryptography standpoint is the NSA web site (which you probably already know about). http://www.nsa.gov:8080/ Interesting information about Soviet one-time pad ciphers and about crypto-related documents from the WW2 era that are being declassified. [I really want to see the picture of a Japanese purple cipher machine.] But keep in mind, as with the previous post: > > Remember, Big Brother is watching! > > Brian Durham bdurham at metronet.com From ncognito at gate.net Tue Jun 4 18:36:26 1996 From: ncognito at gate.net (Ben Holiday) Date: Wed, 5 Jun 1996 09:36:26 +0800 Subject: Asendmail yet again Message-ID: Ok so it isnt really and truely available. The right URL should have been: http://www.cyberpass.net/~ncognito If that still isn't right then im gonna assume that god is giving me a hint and go shoot myself in the head. Adios. From declan at well.com Tue Jun 4 19:53:50 1996 From: declan at well.com (Declan McCullagh) Date: Wed, 5 Jun 1996 10:53:50 +0800 Subject: How to explain crypto? Message-ID: Brock, the crypto-challenged, humbly apologizes for his gaffe. He was looking for a way to draw an understandable comparison of how much harder a 1024-bit implementation of RSA is to break than what current export controls allow. He's asking for suggestions on how in future articles he could word this so a layman could understand it... Preferably something that could be said in a few sentences. (Brock cops to the fact that it does an incredible disservice to a complex topic. Remember, tho, he writes for a broad audience with a way diverse range of understanding -- or misunderstanding, as the case may be!) For example, someone sent me this explanation: "The 1024 bit key is likely an RSA key, and is not comperable to a 40 bit symetric key. From memory, 1024 bit RSA is about as hard to crack as 90 bit symetric." Is this a reasonable comparison? -Declan From jimbell at pacifier.com Tue Jun 4 19:54:42 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 5 Jun 1996 10:54:42 +0800 Subject: Java Crypto API questions Message-ID: <199606041554.IAA23220@mail.pacifier.com> At 11:52 PM 6/3/96 -0700, Lucky Green wrote: >At 16:22 6/3/96, jim bell wrote: > >>A signature is just that: A signature. It doesn't encrypt or decrypt. It >>doesn't even ALLOW the system it's in to encrypt or decrypt, because there >>are numerous encryption programs written that have no need for such a >>signature. If no program existed which _used_ that signature, nobody would >>think twice about exporting it. >> >>The fact is, it is LEGAL to import encryption code into the US. It is LEGAL >>to generate an hash of that code, and it is LEGAL to export that hash. To >>believe otherwise is to broadly expand the scope of export laws far beyond >>what they were intended to mean. > >First, the ITAR are not laws, but regulations. Second, there are many that >believe that applying ITAR to crypto software is already expanding the >scope of the regulations far beyond what they were intended to mean. I agree. Which is why I think any acquiescence by Microsoft on the subject of exportability of signatures is wrong. Let the government press its case, if it wants to try. Don't assist it, even rhetorically. Jim Bell jimbell at pacifier.com From jimbell at pacifier.com Tue Jun 4 20:12:37 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 5 Jun 1996 11:12:37 +0800 Subject: NYT on NTT/RSA Chips Message-ID: <199606041616.JAA24515@mail.pacifier.com> At 10:54 AM 6/4/96 GMT, John Young wrote: >Connecting Declan's three dots [...]: > The New York Times, June 4, 1996, pp. D1, D4. > Japanese Chips May Scramble U.S. Export Ban > By John Markoff > Washington, June 3 -- The Nippon Telegraph and Telephone > Corporation has quietly begun selling a powerful data- > scrambling chip set that is likely to undermine the Clinton > Administration's efforts to restrict the export of the > fundamental technology for protecting secrets and commerce > in the information age. > An executive at NTT America said that although there were > no restrictions on the export of cryptographic hardware or > software from Japan, his company was still anxious to > obtain software from RSA Data to use in its chips. That > software is still controlled by United States export law, > he said. Maybe it's just me, but the solution to NTT's problem is obvious. Even assuming that the export of this software would be against the law, why doesn't somebody simply violate that law? RSA would publish that software, possibly encrypted with NTT's public key, on a public system protected against direct export. "Somebody" would download it, write it to a floppy (taking care not to leave any fingerprints, and wetting both the stamp and the envelope with tap water, rather than licking them) and mail that floppy off to NTT in Japan. (Naturally, you don't put a return address on that envelope. The truly paranoid would first take that floppy to some store's PC section, and cross-load the data onto a floppy written by some other floppy drive.) NTT finds that envelope in their mail, opens it, reads the floppy, decrypts the data, and say, "Wow! It's the data we wanted to get!" It verifies that the data is valid by emailing a copy back to RSA in America, who say, "Amazing! Somebody has illegally exported our software!" As far as I know, there is nothing wrong with NTT using this software even if it is assumed to have been exported illegally. Obviously, NTT won't _ask_ for somebody to do this, because then the government will claim it was all a conspiracy, but that doesn't prevent NTT from being the beneficiary of somebody else's activities. Jim Bell jimbell at pacifier.com From sandfort at crl.com Tue Jun 4 20:15:41 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 5 Jun 1996 11:15:41 +0800 Subject: Electronic Signature Act Of 1996 Message-ID: <2.2.32.19960604165840.00725e30@popmail.crl.com> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ C'punks, At 11:11 AM 6/4/96 -0400, Perry E. Metzger wrote: >...I get the impression that under the common law, an ink >signature is merely a demonstration that a party assented >to a contract, and except for certain contracts (which >usually require witnesses etc.) there is no requirement in >the law that a contract even be on paper... The "Statute of Frauds" lists the exceptions and they cover most important contracts. I seem to recall that contracts over a given amount or for interests in real property for periods of a year or more are covered. I'm sure someone with current access to legal research resources will post a better explanation. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From frantz at netcom.com Tue Jun 4 20:37:43 1996 From: frantz at netcom.com (Bill Frantz) Date: Wed, 5 Jun 1996 11:37:43 +0800 Subject: cycle market Message-ID: <199606041847.LAA22383@netcom7.netcom.com> At 11:14 AM 6/4/96 -0400, SINCLAIR DOUGLAS N wrote: >Graphical rendering is one place where I might like a cycle >market. Finite element simulation is another. Sinclair mentions some of my favorites. Others are: (1) Attacking RSA-nnn challanges. (2) Brute forcing 56 bit keys to demonstrate that 1DES is obsolete. ------------------------------------------------------------------------ Bill Frantz | The CDA means | Periwinkle -- Computer Consulting (408)356-8506 | lost jobs and | 16345 Englewood Ave. frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA From jimbell at pacifier.com Tue Jun 4 20:43:38 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 5 Jun 1996 11:43:38 +0800 Subject: Export what's imported Message-ID: <199606041824.LAA02369@mail.pacifier.com> Recently, Senator Burns introduced that bill, S.1726, "ProCode." Part of it had to do with changes in the export laws to allow export of things that are currently not allowed. It occurs to me that this bill should be amended to say, explicitly, that any object or software which has ever been imported into the US can be legally exported. (Including multiple copies of software.) It is particularly important that we do this now that the NTT encryption chip set has been announced. Why? Well, first, we CAN easily justify this. The claim for export controls is that they restrict the access of encryption to various of the horsemen, out there. But by definition anything which has ever been imported is already available outside the US, so it'll look rather silly if they try to control somebody from export that came from out of the country. What are the benefits? Maybe it'll destroy the entire crypto-export-regulation system. Domestic software companies can simply set up a practice of buying all their crypto expertise from overseas. If this happened over the long term this would be bad, but it won't because within a couple of years good crypto will be exported by American manufacturers based on foreign designs. Pretty soon the export bans will become meaningless (even more so than they are today) and the pressure to remove the last restrictions will be enormous. Jim Bell jimbell at pacifier.com From dhaskove at ucsd.edu Tue Jun 4 20:57:45 1996 From: dhaskove at ucsd.edu (Dan Haskovec) Date: Wed, 5 Jun 1996 11:57:45 +0800 Subject: Class III InfoWar: TST Article In-Reply-To: <199606022238.WAA16332@pipe2.t1.usa.pipeline.com> Message-ID: Here's the reply I got from a friend that I forwarded it to.... and the verdict is... NetMYTH! I checked the cite in the article on cyberterrorism... no such article ran on 6/2/96 in the Times (London)... nor, in fact, in any newspaper available on Nexis... just thought I would let you know... On Sun, 2 Jun 1996, John Young wrote: > This is the article Winn Schwartau cited to last night: > > ---------- > > > The Sunday Times (London), June 2, 1996, pp. 1, 24. > > > City surrenders to L400m gangs [Insight column] > > > City of London financial institutions have paid huge sums > to international gangs of sophisticated "cyber terrorists" > who have amassed up to L400m worldwide by threatening to > wipe out computer systems. [...] From jimbell at pacifier.com Tue Jun 4 21:05:50 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 5 Jun 1996 12:05:50 +0800 Subject: (VTW) BillWatch #48 Message-ID: <199606041724.KAA28886@mail.pacifier.com> At 10:17 AM 6/4/96 -0400, Carl Ellison wrote: >I was at the EPIC conference yesterday (6/3) -- where Whit Diffie, BTW, presented the same argument Steven Cherry gave in this BillWatch -- but at the end of the EPIC conference we had Scott Charney of DoJ on a panel about what the OECD is doing (pushing Clipper internationally) and we kept going round with him on the administration's pushing of Clipper (N). [One attendee described this as "forum shopping" -- looking for a friendly place to push Clipper.] > >There were people battling him over his alleged representation of the USA at the OECD -- claiming he was misrepresenting the country by pushing Clipper. His response was that the Executive is empowered to do all international meetings/negotiations/.... > >After the meeting ended it hit me what the problem is and I mentioned it to PRZ. We're complaining that the Executive has gone rogue -- is disobeying the will of the people. PRZ likened it to Nixon's war in Cambodia. I have a solution to that problem. Jim Bell jimbell at pacifier.com From paul at ljl.COM Tue Jun 4 21:14:59 1996 From: paul at ljl.COM (Paul Robichaux) Date: Wed, 5 Jun 1996 12:14:59 +0800 Subject: Markoff in NYT on NTT/RSA chip In-Reply-To: Message-ID: There are still a few unclear (to me) points about this story: 1. CWD says that RSA's Japanese subsidiary developed the chips. Markoff says NTT did. It sounds to me like NTT is the more likely developer, since they have a great deal of silicon design experience. 2. Markoff's story says that NTT doesn't have licenses to use RSA technology (the quote from Junichi Kishigami), but the bit about safely swapping private-key info makes me wonder if instead they're using DH-- the patent for which expires next year. A telecom chipset could make productive use of DH for key exchange at call setup. 3. Once you import an ITAR item, its export becomes controlled. Importing the NTT chipset for use, say, in a Motorola cell switch (made in IL) would seem to be problematic. Buying chips in Japan for shipment to Moto's phone factories in Singapore and Malaysia, however, would appear to be OK. Under the present export regs, it's not clear to me how many US manufacturers would adopt this chipset since it doesn't give them any export relief. If the NRC's recommendations are adopted, that still won't help, since triple-DES is over their recommended limit. The _good_ news is that US manufacturers could put these chipsets into domestic-only products, and I sincerely hope they will. -Paul -- Paul Robichaux LJL Enterprises, Inc. paul at ljl.com Be a cryptography user. Ask me how. From vinnie at webstuff.apple.com Tue Jun 4 21:21:01 1996 From: vinnie at webstuff.apple.com (vinnie moscaritolo) Date: Wed, 5 Jun 1996 12:21:01 +0800 Subject: Info on DES crypto program Message-ID: Hey all; Does anyone have experience or comments about a product called Code Cryptor from New Mexico Software. I belive it is yet another DES based product. tey have a web page at: http://www.swcp.com/cryptor/ "Rah's Samoan Attorney" Vinnie Moscaritolo ------------------ "friends come and friends go..but enemies accumulate." http://www.vmeng.com/vinnie/ Fingerprint: 4FA3298150E404F2782501876EA2146A From owner-cypherpunks at toad.com Tue Jun 4 21:30:23 1996 From: owner-cypherpunks at toad.com (owner-cypherpunks at toad.com) Date: Wed, 5 Jun 1996 12:30:23 +0800 Subject: No Subject Message-ID: <199606042003.NAA24707@toad.com> From sandfort at crl.com Tue Jun 4 21:31:53 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 5 Jun 1996 12:31:53 +0800 Subject: FOR WHOM THE BELL TOLLS Message-ID: <2.2.32.19960604193049.0072daf0@popmail.crl.com> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ C'punks, In a recent exchange, Carl Ellison wrote: >After the meeting ended it hit me what the problem is and I >mentioned it to PRZ. We're complaining that the Executive >has gone rogue -- is disobeying the will of the people. >PRZ likened it to Nixon's war in Cambodia. To which Jim Bell replied: >I have a solution to that problem. My question for member of this list is: When Bell finally goes too far and they arrest or shoot him, how can we best capitalize on his martyrdom? Or in a more negative light, what damage control will we need to do in that case? Now I know that barking dogs rarely bite, but Jim may just fool us and find his cajones. In any event, the sort of yapping he is doing could itself be considered a crime that could attract the sort of negative attention he apparently craves. Any suggestions? S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From gnu at toad.com Tue Jun 4 21:37:04 1996 From: gnu at toad.com (John Gilmore) Date: Wed, 5 Jun 1996 12:37:04 +0800 Subject: MELP: 2400 baud speech coding Message-ID: <199606042031.NAA25407@toad.com> Mixed-Excitation Linear Predictive encoding gives better speech quality than CELP at half the data rate. Encoding and decoding together burn up more than 100% of a TMS320C3x digital signal processor at 33MHz -- 64% to encode and 53% to decode. I don't know how it does on a Pentium or an Alpha. If you have the MIPS at both ends, this enables very robust encrypted speech across modem links to the Internet. John Walker's free SpeakFreely software (http://www.fourmilab.ch/speakfree/windows/speak_freely.html; or follow the link from there to the Unix version) is already doing packet replication for high reliability, using the earlier LPC-10 algorithm. (It doesn't implement MELP, though those on fast CPUs could add it.) I noticed an ad in EE Times that said, "MELP: The new Federal Standard for 2400 bps Speech Coding", so I did a web search for it. It reportedly comes from Georgia Tech research. Atlanta Signal Processors has the exclusive license. See http://www.ti.com/sc/docs/dsps/softcoop/voc-13-1.htm. John Gilmore From vznuri at netcom.com Tue Jun 4 22:02:23 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Wed, 5 Jun 1996 13:02:23 +0800 Subject: biometric id Message-ID: <199606042000.NAA14595@netcom19.netcom.com> info on a biometric id utilizing crypto techniques. ------- Forwarded Message Date: Fri, 31 May 1996 16:34:40 -0700 (PDT) From: Phil Agre To: rre at weber.ucsd.edu Subject: biometric encryption [A Canadian company called Mytec is marketing a biometric encryption system that, as far as anybody can tell, is an important step forward for privacy protection. It is based on fingerprint recognition, but it does not produce a representation of the fingerprint or recover the identity of the fingerprint's owner. Instead, it uses an optically transformed version of the fingerprint to decrypt a text string that could be, for example, the private key for a public-key cryptographic system such as RSA. Provided that one trusts the Mytec box, this would be a way to overcome many of the pragmatic hassles that would otherwise accompany the privacy-enhancing technologies that David Chaum and others have described. For example, they have built their device into a computer mouse, so that the computer will only generate your digital signature, or permit your mail to be read, if you are holding the mouse (or, I suppose, if you have been holding it very recently). In this message, the president of Mytec responds to some common concerns about his company's technology that arose in response to a query that I sent to the Computer Privacy Digest. He provides the company's web URL for those who wish to know more.] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= This message was forwarded through the Red Rock Eater News Service (RRE). Send any replies to the original author, listed in the From: field below. You are welcome to send the message along to others but please do not use the "redirect" command. For information on RRE, including instructions for (un)subscribing, send an empty message to rre-help at weber.ucsd.edu =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Date: Fri, 31 May 96 11:06:44 EST From: Computer Privacy Digest Moderator To: Comp-privacy at uwm.edu Subject: Computer Privacy Digest V8#044 Computer Privacy Digest Fri, 31 May 96 Volume 8 : Issue: 044 - - ---------------------------------------------------------------------- Date: 29 May 1996 09:42:54 -0400 (EDT) From: gtomko at noc.tor.hookup.net (George Tomko) Subject: Re: Biometric Encryption Dear Mr. Levine: Subject: Biometric Encryption I have noticed a number of communications in your news group regarding Biometric Encryption, especially some concerns about its use. As one of the developers of this technology, I would appreciate if the attached response could be posted in the news group to provide people with some answers and also to obtain feedback and discussion. Kind regards. George J. Tomko, Ph.D. Several people commented on four concerns in using a finger pattern for biometric encryption, namely: 1. It's easy to get someone's fingerprints since they are left on a vast number of everyday objects, such as drink cans and door handles; 2. Muggers would start cutting off people's fingers when stealing their cards; 3. The crooks would forcibly hold down an individual's finger against the biometric encryption authentication device to extract the string coded by the individual's Bioscrypt; and 4. If the finger used to code the Bioscrypt is damaged or destroyed, then an individual will not have access to the files associated with the Bioscrypt. I will try to answer these concerns in order. But, first, let me define a Bioscrypt. A Bioscrypt is a two-dimensional image of a string or set of characters which can represent a PIN, encryption key or pointer and which has been coded (encrypted) by the two-dimensional information in a fingerprint pattern. It has the following properties: - - - it has no resemblance to the original fingerprint. - - - it cannot be reconverted to the original fingerprint. - - - if an optical image of the correct live fingerprint is transmitted through the Bioscrypt, then the output light beam uniquely represents the coded number. By successfully decoding their Bioscrypt, the person also confirms who they claim to be. For purposes of the discussion below, it is important to note that the optical authentication device is a coherent system and uses the phase information in a finger pattern (complex domain) as a discriminating parameter. 1. "Picking up latent prints from door handles, etc." To perpetrate a masquerade using a latent fingerprint of a legitimate user is very difficult for the following reasons: * The system requires a three-dimensional reconstruction of the legitimate user's fingerprint because the height of the various fingerprint ridges can modify the two-dimensional complex optical image which is the input to the authentication device. There is little information in a two-dimensional latent print about the depth and the height of grooves and ridges of the actual fingerprint. * The three-dimensional reconstruction of the legitimate user's fingerprint from a latent print would also need to duplicate the approximate oil and moisture content of the skin, since this is one of the factors which affects (modulates) the two-dimensional image read by the system. Quantifying this information from a latent print is very difficult. Even if it were, the three-dimensional reconstruction would have to be made from a synthetic material which had the same oil and moisture properties as the legitimate user's skin. To use an oil/water based solution to place on the input scanning window would be useless since this would frustrate all of the light bouncing off the window and would convey little or no useful information to the optical system. * The reconstructed fingerprint would also need to be made from a material with approximately the same elastic properties as the legitimate user's finger skin. During enrollment, and subsequently on authentication attempts, the user slides a finger over the input scanning window. This action warps the skin and the corresponding fingerprint pattern based on the elastic properties of the skin. Within the population, warping can vary significantly based on age, dryness of skin, etc. and is thus another unique aspect of the individual's finger pattern. 2. "Severing the finger to obtain access." As already mentioned in some of the previous communications in this newsgroup, measuring the temperature, humidity, pulse rate and even heart rate to verify a live finger can be accomplished. One of the key factors, though, is after the finger is severed the elastic properties of the skin change rapidly and thereby would not warp in the same manner as a live finger pattern. This would make a cadaverous finger useless after a period of time. (Can't find subjects to do a double blind study though). 3. "Crooks would forcibly hold down the finger." By forcibly sliding an individual's finger against the biometric encryption authentication device (reading device), the string coded by the Bioscrypt can be extracted. The string coded by the individual's finger pattern Bioscrypt could then be used for a one-time access for whatever purposes the string was intended. However, assuming that the individual is freed, he can then use his finger pattern to code a completely different string to prevent repetitive access. The system is robust in that it is very easy to change PINs, encryption keys or computer pointers. It was suggested in some of the messages that a pass phrase be used in conjunction but, again, if an individual is holding your finger down forcibly, to extend that to pointing a gun to your head to divulge the pass phrase is not an extreme assumption. There is no perfect security system out there and I doubt one will ever be designed since it has to work with real human beings. I suggest that the goal is to provide privacy-enhancing technology that handles the majority of the infringement cases and that, for exceptional circumstances where extreme privacy and security must be guaranteed, we combine the biometrics (something you are) with the pass phrase (something you know) and a token (something you have). If the combination of those three doesn't do it, then at this stage of technological evolution, nothing will cut it. 4. "Losing or damaging a finger with the result of not being able to access the Bioscrypt and related files." One of the properties of optical processing is that composite patterns can be made and thereby used to make the Bioscrypt. Accordingly, more than one finger could be used or a finger and a proprietary pattern (which one keeps hidden away somewhere). Of course, there is a penalty. The more patterns one uses, the smaller the signal to noise ratio of the system. The system is currently designed to give signal to noise ratios in the order of 10 to 12 dB and thereby significant degradation can still occur which would allow comfortably two to three patterns to be superimposed in the same Bioscrypt. If you are interested, more information can be gained by accessing Mytec's web page at http://www.mytec.com. - - -- George J Tomko Mytec Technologies Inc. Toronto, Ontario - - ------------------------------ End of Computer Privacy Digest V8 #044 ****************************** - ------- End of Forwarded Message ------- End of Forwarded Message From sjb at universe.digex.net Tue Jun 4 22:02:34 1996 From: sjb at universe.digex.net (Scott Brickner) Date: Wed, 5 Jun 1996 13:02:34 +0800 Subject: Multiple Remailers at a site? In-Reply-To: <199606020659.XAA25720@toad.com> Message-ID: <199606042040.QAA15977@universe.digex.net> Bill Stewart writes: >>I don't think multiple remailers at the same site help anything. > >Assume Alice, Bob, and Carol are on abc.com and Xenu, Yak, and Zut >are on xyz.com. Remailing between Alice, Bob, and Carol doesn't >make appear to make much difference, but it does reduce the damage >if one of the remailer's keys is compromised. On the other hand, >mail from Alice -> Xenu -> Bob -> Yak -> Carol -> Zut adds traffic >to the system, and makes traffic analysis more difficult, >even if the Bad Guys are watching site abc.com and have stolen >Alice, Bob, and Carol's keys. Wait a minute. More traffic should make analysis easier, since traffic analysis is mostly statistical work on the source and destination (not necessarily "from" and "to"). A bigger sample makes more reliable results. For traffic analysis, I don't know *who* sent the message (it was, after all, anonymized), but I do know a site which transmitted it and one which received it, the time it was transmitted, and maybe its size. Multiply this times a whole bunch of messages, and I can infer information about "common interests" between those sources and destinations. The delays and mixing done by remailers make it harder by disassociating the true sender from the true receiver. If a remailer were to ignore this step, the analyst can deduce from the two data points "message a, source A, destination RemailerX, time t, size s" "message b, source RemailerX, destination B, time t+0.001s, size s" that there's some connection between A and B. The more such evidence, the stronger the connection. If the remailer does a good job with the delays and shuffling, then it becomes difficult for the analyst to match message a with message b, leaving him with what he already knew (that A and RemailerX have a common interest, as to B and RemailerX, but the interests may be wholly unrelated). Multiple remailers on the same machine increases the resolution of the address information, at best, improving the analysts ability to make connections. The same traffic load going to a single remailer at the site makes the analyst's job harder. >The other threat it helps with is that if XYZ.COM gets complaints >about that evil user Zut, she can kick her off (Bad Zut!) >and still leave Xenu and Yak alone; if the remailer service >were provided by the machine owner herself she might be directly liable. Hmm. Nothing really stops the machine owner from creating a personal anonymous account to run the remailer. When someone complains, shut it down and create a new one. There isn't yet a law which requires that the owner be able to identify the user. This affords the same protection that multiple users does. From cme at cybercash.com Tue Jun 4 22:04:45 1996 From: cme at cybercash.com (Carl Ellison) Date: Wed, 5 Jun 1996 13:04:45 +0800 Subject: CWD: "Jacking in from the "One that Got Away" Port (fwd) Message-ID: <2.2.32.19960604194607.0031e8dc@cybercash.com> >(By Brock Meeks / brock at well.com / Archived at http://www.cyberwerks.com/) > > > CyberWire Dispatch // Copyright (c) 1996 // > > Jacking in from the "One that Got Away" Port: > > Washington, DC -- President Clinton call your spooks, get FBI Director > Louis Freeh on the phone. Tell them to order in pizza. Bill, it's > going to be a long night. All your plans to hold the U.S. crypto > market hostage have just been fucked... and you didn't even get kissed. > > A virtual tactical nuke was hurled into the arcane subculture of > encryption technology Monday when RSA President Jim Bizdos revealed > that his company's Japanese subsidiary had developed a monster chipset > capable of scrambling voice and data real time with a so-called "key > length" of up to 1024 bits. Brock, you have probably heard by now -- this is wrong. The chip set was developed by a subsidiary of NTT called NEL. That's much worse, of course, than if it had been an RSA subsidiary. - Carl +--------------------------------------------------------------------------+ |Carl M. Ellison cme at cybercash.com http://www.clark.net/pub/cme | |CyberCash, Inc. http://www.cybercash.com/ | |207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 | |Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 | +--------------------------------------------------------------------------+ From jimbell at pacifier.com Tue Jun 4 22:07:15 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 5 Jun 1996 13:07:15 +0800 Subject: Where are the cryptographers going to come from? Message-ID: <199606042100.OAA11210@mail.pacifier.com> At 03:22 PM 6/4/96 -0000, nelson at crynwr.com wrote: > The NSA believes that they >can and should discard any amount of benefits of crypto in exchange >for avoiding any harm of crypto. They are wrong. I think the truth is even more revealing. We can hypothesize that allowing widespread use of good crypto has many advantages and just a few disadvantages. However, those disadvantages may almost all accrue to government and its employees, and very few to ordinary citizens. This means that talking up the disadvantages of good encryption is doubly fraudulent, because the audience they should be trying to convince (ordinary folks) doesn't realize that the disadvantages generally don't apply to them. And of those few crimes against ordinary citizens where crypto might play a role, that role will almost always be to PREVENT the crime rather than allow it. Jim Bell jimbell at pacifier.com From droelke at rdxsunhost.aud.alcatel.com Tue Jun 4 22:11:43 1996 From: droelke at rdxsunhost.aud.alcatel.com (Daniel R. Oelke) Date: Wed, 5 Jun 1996 13:11:43 +0800 Subject: cycle market Message-ID: <9606042028.AA08650@spirit.aud.alcatel.com> > > I was trying to think what I would use a cycle market for. The > only thing that I wait for more than a minute on currently is > compiling. Just try doing some large graphical operations - especially raytracing/rendering type stuff, or heavy graphical analysis of a set of image data. Fractal drawing falls in this realm as well. Then try doing some ASIC simulation, or finite element analysis. In this group it also goes without saying that there are also things like factoring large numbers that a cycle market would be ideal for. Dan ------------------------------------------------------------------ Dan Oelke Alcatel Network Systems droelke at aud.alcatel.com Richardson, TX From unicorn at schloss.li Tue Jun 4 22:18:01 1996 From: unicorn at schloss.li (Black Unicorn) Date: Wed, 5 Jun 1996 13:18:01 +0800 Subject: Electronic Signature Act Of 1996 In-Reply-To: <2.2.32.19960604165840.00725e30@popmail.crl.com> Message-ID: On Tue, 4 Jun 1996, Sandy Sandfort wrote: > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > SANDY SANDFORT > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > C'punks, > > At 11:11 AM 6/4/96 -0400, Perry E. Metzger wrote: > > >...I get the impression that under the common law, an ink > >signature is merely a demonstration that a party assented > >to a contract, and except for certain contracts (which > >usually require witnesses etc.) there is no requirement in > >the law that a contract even be on paper... > > The "Statute of Frauds" lists the exceptions and they cover > most important contracts. I seem to recall that contracts > over a given amount or for interests in real property for > periods of a year or more are covered. I'm sure someone > with current access to legal research resources will post > a better explanation. Section 2-201 of the Uniform Commercial Code (UCC) provides: (1) Except as otherwise provided in this section a contract for the sale of goods for the price of $500 or more is not enforceable by way of action or defense unless there is some writing sufficent to indicate that a contract for sale has been made between the parties and signed by the party aginst whom enforcement is sought or by his authorized agent or broker. [...] (3) A contract which does not satisify the requirements of subsection (1) but which is valid in other respects is enforceable: (a) If the goods are to be specially manufactured for the buyer and are not suitable for sale to others in the ordinary course of the seller's business and the seller, before notice of repudiation is received and under circumstances which reasonably indicate that the goods are for the buyer, has made either a substantial beginning of their manufacture or commitments for their procurement; or (b) If the party against whom enforcement is sought admits in his pleading, testomony or otherwise in court that a contract for sale was made, but the contract is not enforceable under this provision beyond a qualtity of goods admitted; or (c) With respect to goods for which payment has been made and accepted or which have been received and accepted (See section 2-606). *end Note: This only applies to the sale of GOODS. Not all states follow the UCC exactly. Note also that the term "good" is a term of art which has a complex and non-intuative meaning. Is it a sale of goods? (If yes, has the forum adopted the UCC? If no, then is there a state Statute of Frauds to look to?) If it's not a sale of goods, well, then you have piles of contracts reading to do. In short: While it is safest to provide for contracts larger then $500 in writing, there are many ways that contracts can be formed for millions of dollars without a drop of ink or scrap of paper. (Promisory Estoppel comes to mind). > S a n d y --- My preferred and soon to be permanent e-mail address:unicorn at schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information Opp. Counsel: For all your expert testimony needs: jimbell at pacifier.com From frantz at netcom.com Tue Jun 4 22:19:55 1996 From: frantz at netcom.com (Bill Frantz) Date: Wed, 5 Jun 1996 13:19:55 +0800 Subject: Markoff in NYT on NTT/RSA chip Message-ID: <199606042119.OAA07875@netcom7.netcom.com> At 12:08 PM 6/4/96 -0500, Paul Robichaux wrote: >2. Markoff's story says that NTT doesn't have licenses to use RSA >technology (the quote from Junichi Kishigami), but the bit about safely >swapping private-key info makes me wonder if instead they're using DH-- the >patent for which expires next year. A telecom chipset could make productive >use of DH for key exchange at call setup. They could use RSA for key exchange outside the USA because RSA is only patented in the USA. With a license for RSA they could also sell them in the USA. My reading of the New York Times article is compatible with the view that Jim Bidzos is driving a hard bargin for such a license. (However, the article does say that NTT has already sold chips to IBM in the US. I guess you can sell, but not deliver, until you get the license.) Obviously if you are outside the USA, you will buy your equipment from Japan Inc. US manfactures will be frozen out. (However the US can still compete for the Chinese market since such privacy will be illegal there :-). ) ------------------------------------------------------------------------ Bill Frantz | The CDA means | Periwinkle -- Computer Consulting (408)356-8506 | lost jobs and | 16345 Englewood Ave. frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA From steven at echonyc.com Tue Jun 4 22:28:52 1996 From: steven at echonyc.com (Steven Levy) Date: Wed, 5 Jun 1996 13:28:52 +0800 Subject: Class III InfoWar: TST Article In-Reply-To: Message-ID: If it's a myth, it's quite an elaborate one. On Saturday night I was interviewed by the BBC about this. The producer read the entire article to me, telling me in was on the front page of the Times. (My comments were not about the specific story, but the underlying security issues.) I don't think he was making it up. Maybe the London Times isn't on Nexus. Steven On Tue, 4 Jun 1996, Dan Haskovec wrote: > Here's the reply I got from a friend that I forwarded it to.... > > > and the verdict is... NetMYTH! I checked the cite in the article on > cyberterrorism... no such article ran on 6/2/96 in the Times > (London)... nor, in fact, in any newspaper available on Nexis... > just thought I would let you know... > > > > On Sun, 2 Jun 1996, John Young wrote: > > > This is the article Winn Schwartau cited to last night: > > > > ---------- > > > > > > The Sunday Times (London), June 2, 1996, pp. 1, 24. > > > > > > City surrenders to L400m gangs [Insight column] > > > > > > City of London financial institutions have paid huge sums > > to international gangs of sophisticated "cyber terrorists" > > who have amassed up to L400m worldwide by threatening to > > wipe out computer systems. > [...] > From vznuri at netcom.com Tue Jun 4 22:40:16 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Wed, 5 Jun 1996 13:40:16 +0800 Subject: whitehouse web incident, viva la web revolution Message-ID: <199606041959.MAA14492@netcom19.netcom.com> here's an interesting message about a white house aide pressuring HotWired to change their link pointing to a rant page about Clinton. it reminds me of a recent court decision in which a school tried to shut down a student's web page that he had done on his own time and referred to his school and other teachers. it used to be, "freedom of the presses only belongs to those who own a press". actually this still is, except now it only costs $20/mo to own a worldwide "cyberspace press" via web pages. hence what we get are interesting new social situations reminiscent of the tension that surrounded Martin Luther's posting of the 99 theses in the middle ages. you have people who had controlled the situation suddenly put off balance by a new medium. the power of information dissemination is rather significant, and the web is the most sophisticated information dissemination technology ever invented by man. I expect it to have very far-reaching social ramifications. we have barely scratched the surface.. cpunks are very interested in things like anonymity to save oneself from the government. another approach is to simply crow-bar the government in any way you can, whenever possible, to make it better serve your interests. web pages have this intrinsic power-- they're like a subtle, invisible crow bar that can influence the world via public opinion. could there be a day when nobody sees a need to hide from a government, because it is so uninvasive? ------- Forwarded Message From: "Steve Wingate" Date: Sat, 1 Jun 1996 20:27:28 -0700 Subject: (Fwd) WH Censorship of Web Sites (Attempted) - - -> SearchNet's snetnews Mailing List - - ------- Forwarded Message Follows ------- Date: Sat, 1 Jun 1996 20:38:12 -0500 (CDT) To: cs at oak.oakland.edu From: ed at athenet.net (Edward Immler) Subject: WH Censorship of Web Sites (Attempted) The Skeleton Closet (at http://www.realchange.org) provides a site for those things presidential candidates would rather not discuss. They cover all candidates and include a link to our current Prez. I've included the link below. Looks like this was quietly reversed, the offender sent on (to a nice job), and nothing in the national media. Clipper, V-chip, and now plain-old intimidation. The WH is working hard to control your info. Ed ********************************************************************* [Mr. Tall Skeleton2] Bill Clinton's Skeleton Closet [Mr. Tall Skeleton] [Picture of Clinton] News Flash: White House Suppresses Skeleton Closet In a shocking blunder, the White House successfully put pressure on Hotwired Magazine to stop linking President Clinton's name to this very web page. This was all done behind the scenes -- we had no idea until we read Brock Meek's Netizen column of April 30th. The White House official involved, David Lytel, was in charge of creating the popular Clinton White House web site. He recently left the White House, and is working for a private web page consultant. At a conference, he attacked Netizen for being cynical and unfair, citing the Skeleton Closet link. Meeks, in response, noted that Hotwired had removed the link after receiving official pressure from the White House. In Hotwired's "Threads" discussion, another Hotwired employee admitted that they had been "intimidated" by receiving email from the "whitehouse.gov" domain early in Netizen's infancy, and said she regretted that they caved in. Lytel's argument -- that it was "dishonest" to link Clinton's name to a page criticizing him -- is silly of course. Apparently, he thinks the only "honest" link is one that goes to a person's own web page, no matter how self- serving it is. More to the point, this is a terrible precedent. As far as we know, it is the first attempt by any American government to squelch part of the Internet for nakedly political reasons. (The attack on adult material online, while obviously political, has legitimate issues -- or at least a reasonable excuse -- behind it.) And doing it privately, behind closed doors, makes it even worse. If we were simply seeking publicity, we'd run to Republican politicians (who desperately need an issue) and hope they try to use it. But that would be hypocritical. It's exactly that kind of partisan misuse of legitimate scandals that we are trying to make obsolete here - - -- because it muddles legitimate issues (like White House censorship of critics) in stupid, partisan manipulation. We're trying to contact the White House directly, to get them to disavow Lytel's actions. We'll let you know what happens. Update: White House Backs Down, Sort Of. We challenged the White House to confirm or deny that Lytel pressured Hotwired, to disavow his actions if true, and commit to a policy of avoiding this type of censorship. Within two days, they replied as follows: "Date: Fri, 03 May 1996 17:06:49 -0400 (EDT) From: WEBMASTER (WEBMASTER at a1.eop.gov) Subject: RE: White House WWW Comments To: webmaster (webmaster at realchange.org) Posting-Date: Fri, 03 May 1996 17:09:00 -0400 (EDT) It is our policy not to interfere with the content of other WEB sites." We'll take that as an admission that Lytel was out of line, and a solid commitment to doing the right thing in the future. Of course, they didn't live up to that policy before, and words are cheap. - - ---------------------------------------------------------------------- - - ---- And now, on with the Clinton's Skeleton Closet page. What can we say about Bill and Hillary that hasn't been said before? Clinton's scandals are covered in such loving detail by his enemies that we are providing you with links to various Clinton scandal pages. Eventually, we will boil it all down and sort out the really good dirt from the crazy stuff, but there's JUST SO MUCH to wade through! The frustrating thing about Clinton's scandals is that the press focuses on two-bit scandals of little importance, such as Whitewater and this ridiculous travel office "scandal", while ignoring much more significant dirt, such as the Mena, Arkansas contra supply and drug operation (see link below), Hillary's $100,000 commodity profit from a $1,000 investment, and a new charge -- that a federally funded educational operation in New York paid her $100,000, for who knows what. And no one (save a few voices on the left) are protesting Clinton's hugely successful fundraising and favors for people who have provided it, including the Tyson Chicken empire. Running against Gramm, Dole and Alexander, this isn't likely to be an issue, but it is a major fault of the President. Political Favors for Campaign Contributors Though his administration floundered at first, Clinton has quickly learned one aspect of Washington -- how to raise money from business interests. He has set records in fund-raising, eclipsing even Dole's huge haul (though not by much.) Of course, if Dole was President he would no doubt regain the lead. And some contributors seem to think their money is well spent. For example, Clinton raised over a quarter million dollars from ADM, Bob Dole's major benefactor, and pushed through a regulation benefiting them mightily. On the other hand, 2 Arkansas firms that formerly bankrolled Clinton (and received help from his administration) have switched their support to Dole -- both Tyson Chicken and Stephens investment brokers apparently figure Dole gives a better return per contribution dollar, or is more likely to win. Money and Favors: Archer Daniels Midland For example, he has received at least $270,000 from Archer Daniels Midland corporation, the agricultural giant famous for spreading money among various influential people, from Bob Dole to National Public Radio. Just days after Clinton received a $100,000 check in June 1994, his administration ordered that 30% of gasoline sold in American's 9 most polluted cities contain ethanol based additives by 1996 (as opposed to cheaper methanol.) Archer Daniels makes 60% of US ethanol for gas, and none of the methanol. Bob Dole, who receives even more money from Archer Daniels and its president, actually supported the Clinton Administration's mandate, even while arguing against Clinton's health care proposal for nearly identical federal mandates. (Courts have block Clinton's 30% rule, saying he lacked power to favor ethanol over methanol.) $100,000 for Hillary from an Educational Foundation This allegation just came out January 10, so bear with us on it's sketchiness. New York state's new Attorney General Dennis Vacco (a Republican) is investigating a $100,000 in payments to Hillary or the Rose Law Firm from the National Center on Education and the Economy, a charity that was in Rochester New York and has since moved to Washington, DC Hillary was on their board, as were Mario Cuomo and Ira Magaziner, but no other board members were paid. The justification is that Hillary was paid to carry out some programs. When this story came out a month ago, Vacco announced he was asking for contracts with Hillary or the Rose Law Firm and a description of any work she actually did. Nothing more has come of it, which -- in an election year - indicates that nothing substantial has turned up. - - ---------------------------------------------------------------------- - - ---- Try these links, but use a grain of salt; some of the sources are pretty marginal. Disgraced Clinton Administration Officials Yahoo's Whitewater Scandal Page Mena, Arkansas: Contra & Drug Smuggling Center? Nick Chase's Mena, Arkansas and Whitewater pages. Quotes "I'm someone who has a deep emotional attachment to 'Starsky and Hutch.' " -- Bill Clinton, 1996 "I don't think [Bill Clinton] is fooling around anymore. Nor do I think he will. I read that Hillary threw a lamp at him. ... You know something? I think she did." -- Ann Landers Sources "Primary Colors", by 'Anonymous', 1996 Wall Street Journal, in general, and in particular: ....January 12, 1996 pA14 ....January 8, 1996 pA1 ....December 18, 1995 pA16 ....December 29, 1995 pA1 ....March 23, 1995 p A1 ....February 22, 1995 p A1 ....January 13, 1995 p A12 "The Mena Coverup", Micah Morrison, Wall Street Journal, October 18, 1994 p A18 "The Real Cost of Ethanol" and "Dwayne's World", Dan Carney, Mother Jones, January, 1995 "Aides Saw Political Threat In Clinton Loans From '90", Jeff Gerth, New York Times, May 6, 1995 p7 "Ann Landers Repents For Slurring The Pope", Associated Press, December 1, 1995 "Blocking the Box", Rick Marin, Newsweek, March 11, 1996 "NY Official Probes Payment to Mrs. Clinton", Associated Press, January 12, 1996 BACK TO SKELETON CLOSET Paid for by Real People For Real Change PAC and not authorized by any candidate or candidate's committee. Real People For Real Change is registered with the Federal Election Commission as a non-affiliated, independent political action committee. Copyright 1996 Real People For Real Change PAC ******************************************************************* *Edward F. Immler Lawrence Chemists * *ed at athenet.net are Free Radicals * * * *Lawrence University '95 * *Interests: HAZMAT, EPA/OSHA Compliance, SARA III, Wastewater * *DISCLAIMER: Opinions are mine...unless someone else agrees * ******************************************************************* Anomalous Images and UFO Files http://www.linex.com/ufo/ - - -> Send "subscribe snetnews " to majordomo at alterzone.com - - -> Posted by: "Steve Wingate" - ------- End of Forwarded Message ------- End of Forwarded Message From vznuri at netcom.com Tue Jun 4 22:43:59 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Wed, 5 Jun 1996 13:43:59 +0800 Subject: Java In-Reply-To: <199606041306.JAA08943@jekyll.piermont.com> Message-ID: <199606042058.NAA19741@netcom19.netcom.com> maybe Java is about a generation gap in programming languages...?? >Bill Frantz writes: >> At 10:22 PM 6/3/96 -0400, Perry E. Metzger wrote: >> >I've been rather hard on Java here lately. >> >> I'll say. You have also ignored some of Java's other features. Machine >> independence is probably the most important. > >Many languages are machine independent. Thats hardly a new feature. you don't get it, as others have pointed out repeatedly. you conveniently ignore Frantz' points about the well-known difficulties of porting C. there is a big difference in what is conneted by the word "portable". if it take a zillion different makefile rules to create the "same" program on different machines, is that "portable"? isn't that defeating the purpose somewhat? c is "sort of" portable. it is "in theory" portable. Java is portable "in theory and practice". >However, your point is taken. Java is a neat little language in many >ways. However, that isn't cause enough for literally fifty books on >the subject to be on display, including breathless ones proclaiming >"Tips from experienced Java programmers!" as if there are any in the >world at this point. There are dozens of cute little languages in the >world -- scheme, smalltalk, etc, etc. a little clue to you Perry, there are so many Java books because there is such a huge market for them. I always thought you were an anarchocapitalist and in favor of "letting the market decide". in a sense you are arguing with the market, it seems, in much the same way a liberal might say, "why are all you greedy businessmen hyping your railroads so much?!?!?" however I fully grant you that Java has been the most hyped computer language on the planet. (but then again, I didn't hear you whining when Intel started their "intel inside" campaign). I think what you are seeing is that people are excited by the possibilities. the public has grasped the message behind Java, which at this point is more about potentialities. its like saying, "who is the next marc andreesson?" the problem appears to be simply that you are annoyed that other people are excited about java, and you seem not to like excitement. you don't like hype. well, personally, I think the hype is pretty damn amusing. the world couldn't have given the slightest damn about geek computer programmers say 5 years ago, but after the internet and Netscape, Yahoo, and Java it's suddenly incredibly trendy. I think its quite enjoyable. I suppose if I was over 40 and worked in a conservative wall street firm, I'd have a totally different view. maybe Java is all about a generation gap in computing. hey!! the first language that the "older generation" hates. sounds like a good reason to go after it, sort of like rock-n-roll and Woodstock suddenly being aged and uncool. >I mean, with all the "Teach yourself Java in 21 days" and company >books coming out, you would think you were dealing witht he major >application programming language for the world instead of something >that at the moment is used for almost nothing more interesting than >fake scrolling LED sign applets. actually, the quality is not all that great in all of them, I agree. I thought for example Van Der Linden's "Just Java" is a pretty weak one. it has paper airplane instructions in parts of it. but hey, maybe again its a generation gap thing. I bet I would have really enjoyed the book and thought it "way cool" in my teens. >Since that doesn't exist, it isn't an option for my users. It is not, >in any case, my obligation to make Java secure. I'm not the one hyping >it. no, but you are the one ranting at it. why? it is not Java's obligation to make OSes more secure either!!! @#$%^&* >You could hand any websurfer a Netscape PGP plugin without much work >at all, and you could easily build it on lots of platforms. After all, >look at how many platforms that lowly C code like PGP runs on. look at the complicated PGP makefiles. count how many MAN MONTHS of additional testing and work is required merely to deal with the makefiles. count how many BUGS are due to improper compilations. count how hard it is to track this kind of thing. count how hard it is to test your makefiles not given that you have all the zillion different environments you are supporting immediately available for testing. every language is about tradeoffs. if you continue to say that C is better than Java for just about anything, then you clearly are not saying anything very relevant based on most people's opinions. why am I arguing with you on this? because while you are usually a pretty sensible person, you are really way off base on this one. the world requires a mix of conservatism and imagination. you've got the conservatism down totally, but the imagination part you are lacking, and hence your criticism of java. PM, imagine yourself at the invention of the LAN, or the PC, or the C language. what would you have said to the designers? "you are all boneheads!! what you are doing can't be done!! you are wasting your time!!" do you think perhaps that every useful computing tool that can be invented has already been invented? hee, hee. From perry at piermont.com Tue Jun 4 22:46:20 1996 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 5 Jun 1996 13:46:20 +0800 Subject: PM's Java Envy In-Reply-To: <199606042033.NAA17694@netcom19.netcom.com> Message-ID: <199606042232.SAA09572@jekyll.piermont.com> "Vladimir Z. Nuri" writes: > PM returns to rant on Java after being mowed down by most people > her. why? I think he has some more ulterior problems with Java > than those that he cites. for Perry, ranting at java reveals > certain psychological characteristics of his profile. Detweiler, just because you see lots of psychiatrists during your days in the sanitarium doesn't mean you qualify as one. Perry From frantz at netcom.com Tue Jun 4 22:56:25 1996 From: frantz at netcom.com (Bill Frantz) Date: Wed, 5 Jun 1996 13:56:25 +0800 Subject: Java Message-ID: <199606042119.OAA07878@netcom7.netcom.com> At 9:06 AM 6/4/96 -0400, Perry E. Metzger wrote: >Bill Frantz writes: >> I'll say. You have also ignored some of Java's other features. Machine >> independence is probably the most important. > >Many languages are machine independent. Thats hardly a new feature. >... >However, your point is taken. Java is a neat little language in many >ways. However, that isn't cause enough for literally fifty books on >the subject to be on display, including breathless ones proclaiming >"Tips from experienced Java programmers!" as if there are any in the >world at this point. There are dozens of cute little languages in the >world -- scheme, smalltalk, etc, etc. I guess I tend to react to the Java hype with bemusement rather than horror. I enjoy joking with the clerks at Computer Literacy Bookstore about the "Java book of the day". However, unlike so much of the industry's over hyped marketing, with Java there is actually something worth while hidden under the massive hype. Java appears to have a chance of being adopted widely in the industry. We can discuss until the cows come home why Smalltalk, Scheme etc. have not achieved wide usage. I suspect it may be a combination of unfamiliar syntax, licensing issues, version compatibility issues, and the inability to do low level programming. These issues may also hit Java, but for now it is the nicest language around with a bandwagon behind it. If it replaces Basic, that will be a significant step forward. >I mean, with all the "Teach yourself Java in 21 days" and company >books coming out, you would think you were dealing witht he major >application programming language for the world instead of something >that at the moment is used for almost nothing more interesting than >fake scrolling LED sign applets. I agree that all the hype has been about applets. However there is one common non-applet Java application that shows that significant applications can be written in Java. That application is the Java compiler itself. If you are running on a Sun system, you can do real applications today. (On the Mac you are still in the "applet jail", but I haven't opened the latest Java environment that arrived on my desk last month, so I may be obsolete.) >> If you want defense in depth, run your Java interpreter in an OS >> environment which limits the interpreter's access to only those resources >> you wish it to access. > >Since that doesn't exist, it isn't an option for my users. It is not, >in any case, my obligation to make Java secure. I'm not the one hyping >it. I thought this was the effect the Unix people get when they run applications such as firewall code in a "chroot jail". Perhaps Netscape could make you happy by having its Unix based browsers run Java applet interpreters in such a jail. (I don't know, Unix is an imperfectly spoken foreign language to me.) >You could hand any websurfer a Netscape PGP plugin without much work >at all, and you could easily build it on lots of platforms. After all, >look at how many platforms that lowly C code like PGP runs on. Why don't we have one of these now? (N.B. not a rhetorical question) ------------------------------------------------------------------------ Bill Frantz | The CDA means | Periwinkle -- Computer Consulting (408)356-8506 | lost jobs and | 16345 Englewood Ave. frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA From mark at unicorn.com Tue Jun 4 23:31:06 1996 From: mark at unicorn.com (Rev. Mark Grant, ULC) Date: Wed, 5 Jun 1996 14:31:06 +0800 Subject: Class III InfoWar: TST Article Message-ID: On Tue, 4 Jun 1996, Dan Haskovec wrote: > Here's the reply I got from a friend that I forwarded it to.... > and the verdict is... NetMYTH! I checked the cite in the article on > cyberterrorism... no such article ran on 6/2/96 in the Times > (London)... nor, in fact, in any newspaper available on Nexis... > just thought I would let you know... Hate to tell ya, but I read this article on Sunday on the front page of a real, physical, paper copy of the Sunday Times. Now admittedly I read it in a film studio so they might have faked it, but that would be some strange coincidence. Mark From warlord at MIT.EDU Tue Jun 4 23:53:39 1996 From: warlord at MIT.EDU (Derek Atkins) Date: Wed, 5 Jun 1996 14:53:39 +0800 Subject: Why PGP isn't so ubiquitous (was NRC Session Hiss) In-Reply-To: <199606040228.WAA17430@unix.asb.com> Message-ID: <9606041912.AA01215@bill-the-cat.MIT.EDU> > > I have a growing feeling that PGP 3 is never going to happen. Or that if it > > I'm soft-of having that feeling too. Or what's going to happen is > that enough people will get impatient and international versions will > start to appear. Unfortunately the 80-20 rule is hitting the PGP development team really hard. We had 80% of the code done about 6 months ago, and it's been taking a LONG time to get the other 20% up to speed. This is a COMPLETE re-write of the whole system, from scratch, from the bottom up (and top down). It was NOT a small feat, and it takes time. As it is I feel rushed to get it out the door. I know that I need to make the API document available, and I'm working to do that. But I have to offset the time I spend coding to the time I spend working on the API document(s) to the time I spend jumping through hoops to make the PGPlib project happen. The more time I spend working on one part, the longer it takes for the other parts to happen. So, would you rather see a document right away, or code released sooner? Take your pick and let me know. :) -derek From weidai at eskimo.com Wed Jun 5 00:09:29 1996 From: weidai at eskimo.com (Wei Dai) Date: Wed, 5 Jun 1996 15:09:29 +0800 Subject: C++ In-Reply-To: <199606040626.XAA09729@netcom7.netcom.com> Message-ID: > [As an aside, when I attempted to compile Wai Dei's crypto lib 2.0 with the > Symantec Project Manager C++ compilers, none of the 3 would compile it. > The one which generated the fewest errors had "internal error" on two > modules. This problem occurs because C++ is such a large language, with a > number of obscure features which compiler writers don't always handle. In > addition, C++ is in no way machine independent. The simplest example is > that sizeof(int) is machine dependent.] It's true that C++ is large and has many features, some obscure. But the fact is most of those features are actually very useful. I suspect many experienced C++ programmers do not like Java even though Java looks a lot like C++ because they are so used to having those features in C++. Take a look at Victor's earlier post on this subject. Portability is certainly one of the big problems of C++. But it can be done and should become easier in the future as the compilers standarize. If anyone has trouble compiling Crypto++, please send me a report so I can help you figure out workarounds. Also, send bug reports to the compiler company if you think there are bugs in the compiler. Wei Dai From unicorn at schloss.li Wed Jun 5 00:10:35 1996 From: unicorn at schloss.li (Black Unicorn) Date: Wed, 5 Jun 1996 15:10:35 +0800 Subject: Saw this on CNN: Anonymous Stock tips over IRC as bad??? In-Reply-To: Message-ID: On Mon, 3 Jun 1996, Dr.Dimitri Vulis KOTM wrote: > Black Unicorn writes: > > I direct you to Dirks v. Securities and Exchange Commission, 463 U.S. 646 > > (1983). > > rev'g 681 F.2d 824 (D.C.Cir.1982), SEC. Rel #34-17480 (Jan 22, 1981). [...] > his tippees. The decision was upheld by the Court of Appeals but _reversed > by the Supreme Court on the grounds that the insider did not breach his > fiduciary duty by disclosure of the information because there was no benefit > to the insider, and thus Dirks did not breach any duty." I'm not sure where you got this quote. Probably a commentator who knows jack about securities regulation. They reversed because the SECs conclusion was expansive even with respect to Chiarella, which it implied it was following: "Where 'tippees' - regardless of their motiviation or occupation- come into possession of material 'information that they know is confidential and know or should know came from a corporate insider,' they must either publically disclose that information or refrain from trading" 21 SEC Docket 1401, 1407 (1981). > I.e., Dirks got > away with it, after spending lots of $$$ on shysters. I'm not sure I agree with your read of the facts here at all. You failed to mention that Dirks called the Wall Street Journal with his findings in an effort to expose the massive frauds at three times and was ignored each time. (William Blundell was the Journal reporter). Dirks began to tell everyone under the sun about his own first hand investigations (he visited Equity Funding in LA and talked to officers and employees) only after he was repeatedly ignored by the Journal and other publications (which refused to believe that Equity was twisted as a pretzel). Neither Dirks nor his firm ever held interests in Equity Funding. As word spread of the fraud, Equity funding lost half its value in two weeks. California impounded Equity's records and revealed the fraud officially. Finally, the SEC (who Dirks had also yelled at and been ignored by) filed a complaint (3 weeks later) and the Journal Published a story (front page April 2, 1973). It was then, and amid criticism of the SEC, that a complaint was filed against Dirks and the SEC found Dirks had aided and abetted violations of section 17(a) of the Securities Act of 1933, rule 10b and 10b-5 among others. After a massive stink, the SEC backed off and stated that Dirks "played an important role in bringing [Equity Funding's] massive fraud to light," 21 SEC Docket at 1412. The SEC elected to drop charges, and only censured Dirks. Dirks wasn't buying this bill of goods (it seemed to have the tendency to repeatedly destroy his career) and instead and appealed to the Court of Appeals for the District of Columbia Circuit to clear his good name. (No fines or restrictions were imposed on Dirks, they merely held him out to be a crook in public). The District Court entered against Dirks and he appealed to the Supreme Court which reversed. Easy to demonize the defendant when you don't have all the facts. > IANAL, Apology accepted. > but I see a trend to let insiders get away with trading on material > non-public information in Chiarella v. U.S. (455 US 222 (1980)) followed by > Dirks. An odd analysis considering both Chiarella and Dirks simply refine the defintion of insider instead of allowing the SEC to designate it. > --- > > Dr.Dimitri Vulis KOTM > Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps --- My preferred and soon to be permanent e-mail address:unicorn at schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information Opp. Counsel: For all your expert testimony needs: jimbell at pacifier.com From unicorn at schloss.li Wed Jun 5 00:12:03 1996 From: unicorn at schloss.li (Black Unicorn) Date: Wed, 5 Jun 1996 15:12:03 +0800 Subject: On the Hill: Child Porn "Morphing" Message-ID: Hearings on the hill over the child pornographer horseman: "Morphing" seems to be the latest buzzword for putting childrens faces on the bodies of adult models in sexually explicit poses and seems to have attracted enough attention to warrant congressional attention. Interesting that the media is playing this up as a "net" deal. (As if somehow it were impossible to do without the all powerful and evil internet. I'd like to see exactly how they word the proposed prohibitons. What constitutes "child" when the face painted on is pure artistry? Will we see a simple and strict prohibition over modifiying sexually explicit pictures to make them appear to be of younger models (whatever their apparent age may be)? Will we see a subjective test as to what is "child looking" enough? Silliness. All silliness. Prediction: Some manner of law will be on the books (Or perhaps passed, but unsigned) before the election attempting to prohibit some form of this activity. Certainly Clinton is not going to veto such a bill before the election, which is doubtlessly when the right is going to try to push it through. (Can they streamline it enough to get a vote in time?) --- My preferred and soon to be permanent e-mail address:unicorn at schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information Opp. Counsel: For all your expert testimony needs: jimbell at pacifier.com From perry at piermont.com Wed Jun 5 00:16:09 1996 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 5 Jun 1996 15:16:09 +0800 Subject: Markoff in NYT on NTT/RSA chip In-Reply-To: <199606042119.OAA07875@netcom7.netcom.com> Message-ID: <199606042249.SAA09659@jekyll.piermont.com> Bill Frantz writes: > (However, the article does say that NTT has already sold chips to IBM in > the US. I guess you can sell, but not deliver, until you get the license.) IBM already has an RSA license, so perhaps that could cover it for IBM use. .pm From perry at piermont.com Wed Jun 5 00:17:33 1996 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 5 Jun 1996 15:17:33 +0800 Subject: Java In-Reply-To: <199606042058.NAA19741@netcom19.netcom.com> Message-ID: <199606042238.SAA09594@jekyll.piermont.com> "Vladimir Z. Nuri" writes: > >Many languages are machine independent. Thats hardly a new feature. > > you don't get it, as others have pointed out repeatedly. you conveniently > ignore Frantz' points about the well-known difficulties of porting > C. Who said anything about C, Detweiler. Smalltalk. Scheme. Postscript. There are dozens of them out there. All of them are totally machine independent. You could run Smalltalk images byte for byte identical on large numbers of different processors years and years and years ago. Byte codes aren't new either -- Smalltalk's virtual machine, PSL and others had them decades ago. The rest of your comments are equally silly. Perry From tcmay at got.net Wed Jun 5 00:20:46 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 5 Jun 1996 15:20:46 +0800 Subject: FOR WHOM THE BELL TOLLS Message-ID: At 7:30 PM 6/4/96, Sandy Sandfort wrote: >To which Jim Bell replied: > >>I have a solution to that problem. > >My question for member of this list is: When Bell finally >goes too far and they arrest or shoot him, how can we best >capitalize on his martyrdom? Or in a more negative light, >what damage control will we need to do in that case? > >Now I know that barking dogs rarely bite, but Jim may just >fool us and find his cajones. In any event, the sort of >yapping he is doing could itself be considered a crime that >could attract the sort of negative attention he apparently >craves. > >Any suggestions? As we've all learned from our studies of quantum cryptography, the answer lies in Bell's Theorem. As we know, Bell's Theorem says that if a Bell is ever removed in one place, another Bell appears someplace else instantaneously. Glad to be of help. --Klaus! von Future Prime From jya at pipeline.com Wed Jun 5 00:25:46 1996 From: jya at pipeline.com (John Young) Date: Wed, 5 Jun 1996 15:25:46 +0800 Subject: Class III InfoWar: TST Article Message-ID: <199606042153.VAA24301@pipe3.t1.usa.pipeline.com> On Jun 04, 1996 12:29:02, 'Dan Haskovec ' wrote: >Here's the reply I got from a friend that I forwarded it to.... > > >and the verdict is... NetMYTH! I checked the cite in the article on >cyberterrorism... no such article ran on 6/2/96 in the Times >(London)... nor, in fact, in any newspaper available on Nexis... >just thought I would let you know... Gosh, Dan, your friend may want to double-check. After reading Winn Schwartau's post, I bought a copy of The Sunday Times here in NYC late Sunday in which the article led at the top of the Front Page. Be glad to fax anyone a copy who may want such, ahem, verification. E-mail me a number. However, I acknowledge that there is a chance that the TLAs, or Net security/info war consultants (like Schwartau, et al) planted the article, a fake to generate scare-funding and boost conference attendance. Or maybe it's a classic Brit joke, a spoof -- or a sting by the Intergalactic Net Police. Strange terrorist ripoffs happen -- incredible IPOs, vaporware millionaires, and such. From jwilk at iglou.com Wed Jun 5 00:38:52 1996 From: jwilk at iglou.com (Blake Wehlage) Date: Wed, 5 Jun 1996 15:38:52 +0800 Subject: Senator Exon & me Message-ID: I am not one to lash out at anyone but now I feel it is appropite to tell the group what our very own Senator Exon has said to myself. If you do not care then delete this e-mail but if you would like to hear what a senator said to a 13 year old then read on. I will not put on the whole letter just the parts that I deem inapropite. He wrote: I'm not flaming you. You might not even get flamed this time. But you will be. This is just the kind of message which I hate. It is a waste of my time and a waste of time for people who have a lot less time than I. Please wait for a legitimate reason to post. I might patronize your age but I won't - I was a 13-year-old net kid once. #1 If you really wanted to show just had balls (I hate to use the phrase but I can't think of anything better) you wouldn't hide behide remailers. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >Current Girlfriend(s)- Lindsey Wilcox, Laura Schubring He wrote: I don't want to be around the first time you send your girlfriend(s) e-mail. I predict an ass-kicking of MAJOR proportion. #2 This is kinda an inside joke ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ I really hate to waste your people times with my messages but aren't we all on this mailing list to learn? I'm 13 hell, I bet there are people on the list that are 5 times as old as me. I want to say that I really wanted to talk to Senator Exon on an IRC channel but I can't seem to mail him due to his cowerdness. I want to apologize to everyone that I may have said some things things that were wrong in the past but I'm learning and hope to have a great job in the computer indusrty (if there really are any). i will close saying that it was wrong that someone would creatique a 13 year old's signatrure. I feel that is wrong but hell, I guess I just to young to be a cyberkid. Thank you for hearing me out. :-) Ps if you want the full letter e-mail me and i'll sent it to you. Quoting my computer teacher at school- "The internet has its share of cool people and its lamers. The lamers are your people on AOL, hacker wantabees and your government officals" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Blake "Pokey" Wehlage Gaa- 3.69 Record- 2-4-4 Age- 13 Final Standings- 2nd Place (Beat in Championship) President & Founder: Revolution Software "I have the fastest glove in the east!" Profanity Software "Hackers never stop hacking they just get caught" VSoft My life- Rarely eat or sleep, Hack til' 7:00a, goto school, play goalie til' 8:00p, hack til' 7:00a Hank Aaron- d:-)!-< Pope- +<:-) Santa Claus- *<:-) The Unabrower |:-) Current Girlfriend(s)- Lindsey Wilcox, Laura Schubring Personal Quote- Mr Plow, thats my name, that name aguin is Mr. Plow -Homer Simpson ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From tcmay at got.net Wed Jun 5 00:43:22 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 5 Jun 1996 15:43:22 +0800 Subject: Class III InfoWar: TST Article Message-ID: At 8:34 PM 6/4/96, Steven Levy wrote: >If it's a myth, it's quite an elaborate one. On Saturday night I was >interviewed by the BBC about this. The producer read the entire article >to me, telling me in was on the front page of the Times. (My comments >were not about the specific story, but the underlying security issues.) I >don't think he was making it up. On the substance of Schwartau's claims about "HERF guns," I'm a bit skeptical that this is a real threat _at this time_. I'll say more on this later. On some of the points raised by the article, some things don't compute. At one point it is claimed that no one who in London (and presumably elsewhere) would ever dare to comment on threats received or extortion demands met. If so, how does the author know such threats have actually been made? (I mean credible threats, not anonymous call-in threats, such as bomb threats.) I read Winn Schwartau's book, "Information Warfare," as preparation for being interviewed for a BBC "Horizon" show called "The I-Bomb." Coincidentally, a friend of mine who shall remain nameless was doing some consultation work on this very issue (HERF guns, suitcase impulse sources, etc.). Magnetohydrodynamic RF sources--not to be confused with "electromagnetic pulse" (EMP) from extraatmospheric nuclear blasts--can generate huge RF fields in small packages, by focussing explosions in conjunction with coils to launch the pulses. So, why am I so skeptical? For a couple of reasons: 1. Conventional explosives work perfectly fine for a lot of sabotage efforts. It is unlikely that a mysterrious van is likely to be parked next to a London brokerage or computer firm in the City of London, given their history of terrorism. 2. To be a credible threat, there usually needs to be some form of "demonstration." I have heard of no such thing. Absent such a public demonstration, I find it hard to believe that beancounters would OK the giving away of hundreds of millions of dollars for a threat which is abstract and hard to understand for laymen. 3. This recent story smacks of hype. I'm not saying Schwartau is hyping his conferences and his book, and his consulting business, just saying it strikes me as a hyped threat without direct confirmation. So sue me. (On second thought, in this litigious society, please don't.) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From teddygee at visi.net Wed Jun 5 00:51:49 1996 From: teddygee at visi.net (Ted Garrett) Date: Wed, 5 Jun 1996 15:51:49 +0800 Subject: NYT on NTT/RSA Chips Message-ID: <2.2.32.19960605005329.0076a668@mail.visi.net> At 09:12 AM 6/4/96 -0800, someone claiming to be wrote: >Maybe it's just me, but the solution to NTT's problem is obvious. Even >assuming that the export of this software would be against the law, why >doesn't somebody simply violate that law? RSA would publish that software, >possibly encrypted with NTT's public key, on a public system protected >against direct export. "Somebody" would download it, write it to a floppy (...) >As far as I know, there is nothing wrong with NTT using this software even >if it is assumed to have been exported illegally. Obviously, NTT won't >_ask_ for somebody to do this, because then the government will claim it was >all a conspiracy, but that doesn't prevent NTT from being the beneficiary of >somebody else's activities. What is wrong with this is that, because RSA did not, in practice deliver the software to NTT, they can have no expectation of payment. Thus begins a trumped up lawsuit in international court, and it will eventually cost RSA more to collect on the sale than the sale was worth. As many rock-solid implementations of the RSA algorithms as are out there, all NTT has to do is go to an FTP site in the netherlands. Done deal. But what about the copyrights (which are still unclear) and the US patents? NTT would not be able to market their system in the US without losing face. Not gonna happen. Just my $.02... -- PGP key available on the keyservers -- A wise man said that if one seeks to preserve his security by giving up a measure of his freedom, he shall not have either one for long... Dude's Dead. From mccoy at communities.com Wed Jun 5 01:01:08 1996 From: mccoy at communities.com (Jim McCoy) Date: Wed, 5 Jun 1996 16:01:08 +0800 Subject: FOR WHOM THE BELL TOLLS Message-ID: Sandy writes: > > In a recent exchange, Carl Ellison wrote: > > >After the meeting ended it hit me what the problem is and I > >mentioned it to PRZ. We're complaining that the Executive > >has gone rogue -- is disobeying the will of the people. > >PRZ likened it to Nixon's war in Cambodia. > > To which Jim Bell replied: Hmmm... time to fix my Jim Bell filter, this message seemed to have gotten around it. > > >I have a solution to that problem. Yes, I am sure Jim does. Expect a few Treasury agents to visit him in the near future regarding threats against the president, they seem to be a little overzealous about this statute... (a felony I believe...) > My question for member of this list is: When Bell finally > goes too far and they arrest or shoot him, how can we best > capitalize on his martyrdom? Or in a more negative light, > what damage control will we need to do in that case? A movement is not complete until it has a few nuts who claim you are not going far enough, only then does it have a chance of being incorporated into the mainstream. I would suggest just ignoring him, and once he is arrested claim he was a plant by the IRS :) jim From adam at homeport.org Wed Jun 5 01:21:25 1996 From: adam at homeport.org (Adam Shostack) Date: Wed, 5 Jun 1996 16:21:25 +0800 Subject: Info on DES crypto program In-Reply-To: Message-ID: <199606050248.VAA29523@homeport.org> They store keys in a TOKEN file. They don't encrypt this apparently, "Never send unencrypted TOKENS on the internet." Bad key management, if you ask me. 2 Versions, one with 40 bit keys (CMDF?) is $99, the other is 'more expensive.' An awful lot of money for plain old des. Viacrypt PGP for the mac is about $129. Adam vinnie moscaritolo wrote: | Hey all; | | Does anyone have experience or comments about a product called Code Cryptor | from New Mexico Software. I belive it is yet another DES based product. tey | have a web page at: | | http://www.swcp.com/cryptor/ -- "It is seldom that liberty of any kind is lost all at once." -Hume From mccoy at communities.com Wed Jun 5 01:23:25 1996 From: mccoy at communities.com (Jim McCoy) Date: Wed, 5 Jun 1996 16:23:25 +0800 Subject: cycle market Message-ID: Bryce writes: > I was trying to think what I would use a cycle market for. The > only thing that I wait for more than a minute on currently is > compiling. Tasks which are inherently parallel (preferably ones where the various processes are loosly coupled and the need for inter-task communication is low) are the first things that come to mind, because advances in the speed of CPUs does not give you the same advancement increment in solving these problems. Some examples: -rendering and ray tracing -simulation -analysis of large datasets -genetic algorithms and genetic programming (something I am working on creating a "cycle market" for in my spare time) The other class of tasks which could use such a market are those which are limited more by bandwidth than by processor speed. If the server can be given many "heads" which can provide the service (with the back-end processing done by cycle markets) then it is possible to make significant gains in distributing the I/O load and getting around network latency by creating server which is "virtually omnipresent." jim From perry at piermont.com Wed Jun 5 01:24:42 1996 From: perry at piermont.com (Perry E. Metzger) Date: Wed, 5 Jun 1996 16:24:42 +0800 Subject: Java In-Reply-To: <199606042119.OAA07878@netcom7.netcom.com> Message-ID: <199606042241.SAA09606@jekyll.piermont.com> Bill Frantz writes: > >You could hand any websurfer a Netscape PGP plugin without much work > >at all, and you could easily build it on lots of platforms. After all, > >look at how many platforms that lowly C code like PGP runs on. > > Why don't we have one of these now? (N.B. not a rhetorical question) I don't know. I suppose its because cypherpunks post stupid commentary on non-cryptographic issues. Perhaps you should suggest it as a project on CoderPunks. > I thought this was the effect the Unix people get when they run > applications such as firewall code in a "chroot jail". Perhaps Netscape > could make you happy by having its Unix based browsers run Java applet > interpreters in such a jail. (I don't know, Unix is an imperfectly spoken > foreign language to me.) Chroot isn't a real solution for this sort of application. Perry From nelson at crynwr.com Wed Jun 5 01:25:36 1996 From: nelson at crynwr.com (nelson at crynwr.com) Date: Wed, 5 Jun 1996 16:25:36 +0800 Subject: Multiple Remailers at a site? In-Reply-To: <199606020659.XAA25720@toad.com> Message-ID: <19960604232157.2053.qmail@ns.crynwr.com> Scott Brickner writes: > If the remailer does a good job with the delays and shuffling, then > it becomes difficult for the analyst to match message a with > message b, leaving him with what he already knew (that A and > RemailerX have a common interest, as to B and RemailerX, but the > interests may be wholly unrelated). Nope. Not if each of them runs a remailer. That's why mixmaster is SO WONDERFUL. -russ http://www.crynwr.com/~nelson Crynwr Software | Crynwr Software sells packet driver support | PGP ok 11 Grant St. | +1 315 268 1925 voice | It's no mistake to err on Potsdam, NY 13676 | +1 315 268 9201 FAX | the side of freedom. From vznuri at netcom.com Wed Jun 5 01:29:13 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Wed, 5 Jun 1996 16:29:13 +0800 Subject: PM's Java Envy In-Reply-To: <199606040222.WAA06345@jekyll.piermont.com> Message-ID: <199606042033.NAA17694@netcom19.netcom.com> PM returns to rant on Java after being mowed down by most people her. why? I think he has some more ulterior problems with Java than those that he cites. for Perry, ranting at java reveals certain psychological characteristics of his profile. >For at least twenty or more years, people have known that for the >ultimate in multimedia email or what have you all you would need to do >is make the recipient execute a program that you sent them. This >obviates all the questions of having to figure out what sort of things >you would want to send -- if you can execute a program, you can do >anything. Unfortunately, this is also so phenomenally obvious a >security problem that no one ever proposed it as anything more than a >joke -- until now. so you agree, what they are trying to solve is the holy grail of distributed computing, in some ways. but you start from a different assumption-- that such a thing is a joke to even try. they are forging ahead because they have started with the opposite assumption. >Sun is, unfortunately, suffering from a substantial hubris problem. As >I have noted, the original Java applet security model and all the >followups have had exactly the same problem -- they depend on perfect >implementation of every element of the security model for the security >to work, instead of having the realistic and conservative assumption >that portions of the model will be misimplemented, and designing for >defense in depth. true, but as I have reiterated here, there is nothing preventing someone from creating an IMPLEMENTATION of Java that has the "defense in depth" that you are always ranting about. why don't you INVENT it??? such a thing is possible. Java is mostly a theoretical construct: a language. implementations are left up to different licensees. how else would you propose handling it? surely the NSA would have plenty of suggestions for putting a lock and chain around ideas. the rest of us in the real world would like to get some computing done. I continue to believe that everything you are asking for could be integrated into somebody's ingenious invention of a Java interpreter. something that implements all the features of Java in a secure way. notice, Perry, that if there was such a thing as a secure OS, you could just stick your Java browser in it and not care at all. you have your "redundant systems protection" if you already have a good OS. what? there aren't good OSes? well, why are you blaming someone who is writing a computer language because their aren't fully secure OSes? wouldn't Java running on a Kerberos system come close to the kind of security and redundancy you are proposing? such systems will probably evolve in the future. but why is a problem outside of java considered a problem of java itself by you? speaking of "hubris", I think it is you that is the most "full of it". you don't seem to understand some simple conceptions, which I have stated before in response to your ranting but you have never really replied to in the past: 1. NOBODY IS ASKING PERRY METZGER TO USE JAVA. people who ARE using it may have different needs and demands than you have. who are you to criticize all the people who have made an independent decision, "java is what we want"? 2. java threatens CONTROL by individuals over what they allow to run on their machines. it's the old "mainframe vs. PC" problem all over again. surprise!! pc's won. WHY? because people wanted to get work done without going through an all-powerful MIS priesthood. but surprise, some companies still are implementing a priesthood around their PCs. Java will help break through such kinds of monopolies. you are free to reject it, but you are getting a glimmer of understanding that Java threatens the idea of monopolistic, monolithic control over computing resources. the sysadmin with his own narrow interests may no longer be the only one who has say over how company computing resources are used. 3. no one is claiming Java is perfect. it will take years before a high level of trust is established. no one is implementing all kinds of incredibly sensitive applications in Java, YET. it is an evolutionary process. 4. in evolutionary processes, you aren't trying to find nirvana or utopia, or solve problems that no one has ever been able to solve. you make an *incremental*step*. Java is precisely this very valuable incremental step. I don't know why you continue to rant so endlessly against it. NO ONE IS ASKING YOU TO USE IT. your comments are not very valuable, either, considering that YOU ARE NOT USING IT. perhaps the people who are USING IT are far more qualified to judge whether it is fulfilling their needs, eh? 5. the world is very insecure right now in terms of computer security. java is a step in the right direction. there are a bazillion places it can be plugged into right now in which you get *better*security* than what you had before by using it. now, I wouldn't recommend placing it anywhere where you would have *less* security, but I trust designers of systems to have some sense about that. (yes, there are a lot of bonehead designers in the world, but why do you think it is a problem with Java exclusively? granted, the hype machine is way out of control, and this can lead to improper uses of the language, but there are still a lot of places where it is useful). 6. if you could point to some EXAMPLES of people using Java that shouldn't be, and ARE, then you will have a much better case. but all you have at the moment is a nagging suspicion that all kinds of people are using Java where it shouldn't be placed. 7. frankly I think you have "security envy" of pioneers who are creating the next generation of cyberspace and didn't pay some monstrous consulting fee to you in doing so. I think you would have liked to have been behind Java, because it is the next step in a field you feel you are an expert in, but instead it appeared on the scene without you ever taking it seriously, and you are increasingly pissed off that other people are taking it seriously, and that your arguments, which at one point people might have agreed with, are becoming less valid in the face of reality as people begin to understand what java is for (and not for!!). 8. criticizing something because it is not evolved is a bad way to go. C started out as the most flimsy of languages. there were serious bigtime problems with it. early compilers had ambiguities, etc. things get better. the way of the world is evolution. the tools that *you* are using *now* could have been criticized in their infancy as completely insufficient for the jobs they were "aspiring" to. they *were*. things like PCs were once the most disrespected "toys" on the planet. and you criticize Java because it is "toylike"? beware, PM, because the toys of today become the tools of tomorrow. > >Beyond that, however, they have created the ultimate hype >monster. Java is a neat idea looking for a good application. I use the >web all day long and I have yet to see a good use for Java. We have, >essentially, mortgaged our system security for almost nothing better "we"??? hee, hee. someone who is the first to slash someone with claw-marks for using that term here among the Nihilists uses it himself. there was absolutely no system of security prior to java for what it is attempting to implement. the world is not going to end when everyone starts playing with java applets. I agree that there should be some serious question about where companies allow browsers with Java (or browsers for that matter) to be run. but you have this kind of siege mentality, "we're being invaded!! POUR DOWN THE HOT OIL!!" >than the occassional gee whiz animation that could have been >implemented with a safe graphics description format instead of a >turing equivalent language. a killer java app hasn't yet been written, imho and other. so what? why are you whining about it? again, no one is forcing you to use java. the killer app lies around the corner. the PC didn't start out with excel written for it, and only an illtempered, impatient bonehead would demand such a thing. > >Again, I don't hate the Sun people or hold any animosity towards >them. However, I will point out the lesson that any good student of >Greek Tragedies could tell you -- the gods punish hubris, and severely. hee, hee. sounds like you speak from experience. reminds me of that saying, "good judgement comes from experience and experience comes from bad judgement". From adam at homeport.org Wed Jun 5 01:32:39 1996 From: adam at homeport.org (Adam Shostack) Date: Wed, 5 Jun 1996 16:32:39 +0800 Subject: Remailer chain length? In-Reply-To: <199606011336.IAA11002@einstein.ssz.com> Message-ID: <199606050357.WAA29773@homeport.org> Jim Choate wrote: | > I don't think multiple remailers at the same site help anything. | > | | I agree completely. If traffic analysis is going to be done on a single box | it isn't going to matter how many remailers are there. The monitor will | simply grab them all. At this point it simply maps them thusly: | incoming message > remailer #1 > .... > remailer #n > outgoing | | | That this really maps to is obvious: | | | incoming message > remailer #1-#n > outgoing Analyzing the traffic through three remailers is more difficult than analyzing the traffic through one. One remailer with three N messages per day is more secure than an equivilant remailer with N mesasges. [much good thought deleted.] | 5. Automaticaly limits spamming unless a remailer allows cloning | AND all recipients share a commen private key. Or unless the remailer mails to a mail to news gateway. | 6. It maps 1:1 onto the physical remailer model with the same limits | on information at each stage. This allows one to directly apply | the current history of precedence involving anonymity and | physical remailers. With physical remailers, you can open the inner envelopes and read the message, leaving the end user to wonder where the post office lost the message. With 'real' remailers, the lost message can't be read, only not delivered. | This is the basic model that the Austin Cypherpunks are working on at the | currrent time. The big problem we have right now is determining if the body | is actualy encrypted. We have done some basic tests of encryption-spoofing | using pgp and it is looks to be a thorny problem. It simply is not trivial | to look at a block of characters and determine if they are actualy | encrypted. You can't rely on the wrapper around the data put there by the I'm not sure I see why this matters? If you check that the message is not obviously readable, why not assume that its well encrypted? You're rarely required to contort yourself to ensure your customers are obeying the law (weaponsmiths, cryptographers, and banks excepted.) Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From frissell at panix.com Wed Jun 5 01:34:38 1996 From: frissell at panix.com (Duncan Frissell) Date: Wed, 5 Jun 1996 16:34:38 +0800 Subject: Class III InfoWar: TST Article Message-ID: <2.2.32.19960605021224.00c9e1d8@panix.com> At 12:29 PM 6/4/96 -0700, Dan Haskovec wrote: >Here's the reply I got from a friend that I forwarded it to.... > > > and the verdict is... NetMYTH! I checked the cite in the article on > cyberterrorism... no such article ran on 6/2/96 in the Times > (London)... nor, in fact, in any newspaper available on Nexis... > just thought I would let you know... Not only is it visible in any copy of the Sunday Times available in NYC, it is also on the Times' website at: http://www.sunday-times.co.uk/news/pages/Sunday-Times/frontpage.html Registration required. DCF From jimbell at pacifier.com Wed Jun 5 01:41:20 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 5 Jun 1996 16:41:20 +0800 Subject: MELP: 2400 baud speech coding Message-ID: <199606050332.UAA03708@mail.pacifier.com> At 01:31 PM 6/4/96 -0700, John Gilmore wrote: >Mixed-Excitation Linear Predictive encoding gives better speech >quality than CELP at half the data rate. Encoding and decoding >together burn up more than 100% of a TMS320C3x digital signal >processor at 33MHz -- 64% to encode and 53% to decode. Does this mean to convert to compressed data AND encrypt, or just converting to compressed bits? > I don't know >how it does on a Pentium or an Alpha. If you have the MIPS at both >ends, this enables very robust encrypted speech across modem links to >the Internet. I'd rather see thousands of Internet-phone users transmitting at 2400 bps than 28.8 kbps... This is going to add to the telephone companies' woes: They obviously don't want people to have access to nearly-free Internet-LD phone service, but their arguments for its regulation will be weaker when it is pointed out that the bit rate for compressed, encrypted Internet phone are 2400 bps as opposed to 64,000 bps for POTS. Which raises another question: When are Internet ISP's going to start acting as Internet-phone gateways? Currently, you can't call somebody on POTS with Internet phone. This would be solved if ISP's could install modems and software which did audio-synthesis/digitization on an outbound call, driven by the data received on the Internet, and sending the data back to the calling end. Any guesses as to when this will be real? Jim Bell jimbell at pacifier.com From proff at suburbia.net Wed Jun 5 01:43:09 1996 From: proff at suburbia.net (Julian Assange) Date: Wed, 5 Jun 1996 16:43:09 +0800 Subject: Why PGP isn't so ubiquitous (was NRC Session Hiss) In-Reply-To: <9606041912.AA01215@bill-the-cat.MIT.EDU> Message-ID: <199606050320.NAA21843@suburbia.net> > So, would you rather see a document right away, or code released > sooner? Take your pick and let me know. :) > > -derek I'd rather see more good people working on it. -- "Of all tyrannies a tyranny sincerely exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies, The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis, _God in the Dock_ +---------------------+--------------------+----------------------------------+ |Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union | |proff at suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = | |proff at gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 | +---------------------+--------------------+----------------------------------+ From sandfort at crl.com Wed Jun 5 01:54:49 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Wed, 5 Jun 1996 16:54:49 +0800 Subject: LIMITED SF BAY AREA INTEREST Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, Those of you who know Dana Drenkowski are invited to his 50th birthday party on Saturday. There is some conflict with the monthly Cypherpunks meeting, but you could come late to the party. (It's in Golden Gate Park.) If you would like to attending, let me know as soon as possible. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From ravage at ssz.com Wed Jun 5 01:56:16 1996 From: ravage at ssz.com (Jim Choate) Date: Wed, 5 Jun 1996 16:56:16 +0800 Subject: update 273 (fwd) Message-ID: <199606050358.WAA01618@einstein.ssz.com> Forwarded message: >From physnews at aip.org Mon Jun 3 17:03:16 1996 Date: Mon, 3 Jun 96 14:06:02 EDT From: physnews at aip.org (AIP listserver) Message-Id: <9606031806.AA07182 at aip.org> To: physnews-mailing at aip.org Subject: update 273 PHYSICS NEWS UPDATE The American Institute of Physics Bulletin of Physics News Number 273 May 31, 1996 by Phillip F. Schewe and Ben Stein SCHRODINGER'S CAT-ION: Physicists at NIST (Christopher Monroe, 303-497-7415) have experimentally demonstrated the principles of the famous Schrodinger's cat thought experiment with a single beryllium ion. In a 1935 paper, physicist Erwin Schrodinger proposed the cat paradox: put a cat inside a box, add a container of poison gas which is activated by the decay of a radioactive atom, and close the box. Since the radioactive atom obeys the rules of quantum mechanics and since therefore its state is indeterminate until measured by an outside observer, opening the box and observing the atom (a microscopic quantum system) instantly determines the status of the cat (a decidedly macroscopic, non-quantum concept). The feline is neither alive nor dead until the radioactive atom is measured by an observer. Although this thought experiment is impossible to carry out for a number of reasons, including the fact that the quantum properties of a system tend to wash out in an object made of many atoms and molecules such as a cat, the NIST physicists have demonstrated the basic principles using a single beryllium ion. The researchers trap the ion with nonuniform electric fields and cool it to a near standstill. Laser pulses then cause the ion to oscillate as a combination of wavepackets representing two different electronic states. Additional laser pulses push apart the two wavepackets to separations of as much as 80 nanometers, a mesocopic-size scale far bigger than the normal spatial extent of the ion. So in this version of Schrodinger's cat, the ion's electronic state (a quantum property) is linked to (or "entangled" with) a mesocopic-scale position (a non-quantum property). By applying subsequent pulses that bring together the wavepackets, the researchers detected interference patterns which provided evidence of the original separation. Measurements of Schrodinger cat's states can provide information on how quantum properties wane with the amount of physical separation between quantum states. (C. Monroe et al., Science, 24 May 1996.) SUPERCONDUCTING TUNNEL JUNCTIONS (STJ), under development as efficient detectors of x rays, can now also be used as single-photon detectors at visible wavelengths. In this regard they will be welcomed by astronomers who increasingly record incoming light with charge-coupled device (CCD) arrays. In contrast to the silicon-based CCDs, which are insensitive to a photon's energy (one photon engenders one electron in the detector), the niobium-based STJ's do discriminate as to energy (one photon, depending on its energy, can generate thousands of electrons). Determining a photon's energy would allow astronomers to forego filters, which lower the detector's overall efficiency. A STJ device developed by an Oxford-Cambridge-European Space Agency (Netherlands) collaboration can detect light in the wavelength range 200-500 nm with a spectral resolution of 45 nm (this should improve to 20 nm or better). The STJ can also determine the photon's time of arrival at the millisecond level, a property the would be handy for studying fast astronomical processes such as pulsars. (A. Peacock et al., Nature, 9 May 1996.) PHYSICS BACHELOR'S DEGREES. Here are some highlights from a new AIP report on 1994 degree recipients in the U.S.---the annual number of degrees continues to decline slightly; more fresh graduates are looking for jobs rather than heading for graduate school; for those going on in their studies 89% receive financial support; women constitute 17% of the degree recipients; median starting salary was $27,000. (Patrick Mulvey, 301-209-3076.) From stevenw at best.com Wed Jun 5 02:06:08 1996 From: stevenw at best.com (Steven Weller) Date: Wed, 5 Jun 1996 17:06:08 +0800 Subject: [SF Bay Area] Steganography -- Peter Wayner Ph.D. Message-ID: Seen on the net: AN EVENT AT COMPUTER LITERACY BOOKSHOPS ---------------------------------------------------------------------- CAN SECRETS BE STOPPED? ---------------------------------------------------------------------- A free presentation by Peter Wayner Ph.D. Date: Wednesday, June 19, 1996 Time: 6:30 p.m. - 8:00 p.m. Location: Computer Literacy Bookshops 2590 North First Street (at Trimble) San Jose (408) 435-1118 "Steganography" is the art and science of making information disappear. If you don't know where it is, you won't even know it exists. If you can't find it, you can't censor it. Dr. Wayner will explore some of the basic ways that people are hiding information by making it look like something else; such as innocent ramblings or flames from a newsgroup or background noise in a digitized image or sound file. Dr. Peter Wayner has a Ph.D. in Computer Science. He has worked at Xerox PARC and consulted widely on various topics, including computer security. His writing has appeared in popular fora like "BYTE" magazine and the "New York Times". He is the author of "Agents Unleashed: A Public Domain Look at Agent Technology" and "Digital Cash: Commerce on the Net" and "Disappearing Cryptography". DID YOU KNOW THAT OUR EVENTS ARE ALSO POSTED ON OUR WEB PAGE? http://www.clbooks.com/ Stay tuned. There are more events to come. July 23 Programming Windows 95 with MFC by Jeff Prosise Events at our stores are always free. Have suggestions about event topics? Email them to: eventca_info at clbooks.com ------------------------------------------------------------------------ If you would like to receive e-mail announcements for upcoming store events, simply write to: events_ca-request at clbooks.com (for events held at our California stores) events_va-request at clbooks.com (for events held at our Virginia store) ------------------------------------------------------------------------ If you have signed up for email announcements but have not received any, or wish to be removed from this list, please contact us. We add names by request only. **************************************************** Computer Literacy Bookshops, Inc. Cherrie C. Chiu eventinfo_ca at clbooks.com (408) 435-5015 x116 ------------------------------------------------------------------------- Steven Weller | Technology (n): | | A substitute for adulthood. stevenw at best.com | Popular with middle-aged men. From ncognito at gate.net Wed Jun 5 02:06:38 1996 From: ncognito at gate.net (Ben Holiday) Date: Wed, 5 Jun 1996 17:06:38 +0800 Subject: How to explain crypto? In-Reply-To: Message-ID: Im quoting directly from the PGP manual from pgp2.6.2: "People who work in factoring research say that the workload to exhaust all the possible 128-bit keys in the IDEA cipher would roughly equal the factoring workload to crack a 3100-bit RSA key, which is quite a bit bigger than the 1024-bit RSA key size that most people use for high security applications..." If we take phil at his word, I would say that comparing 90bit symetric to 1024bit RSA would be a bit generous to RSA. On Tue, 4 Jun 1996, Declan McCullagh wrote: > "The 1024 bit key is likely an RSA key, and is not comperable to a 40 bit > symetric key. From memory, 1024 bit RSA is about as hard to crack as 90 > bit symetric." > > Is this a reasonable comparison? > > -Declan > > From drosoff at arc.unm.edu Wed Jun 5 02:07:01 1996 From: drosoff at arc.unm.edu (David Rosoff) Date: Wed, 5 Jun 1996 17:07:01 +0800 Subject: Security of PGP if Secret Key Available? Message-ID: <1.5.4.16.19960605000219.3a8734e2@arc.unm.edu> -----BEGIN PGP SIGNED MESSAGE----- At 02.36 AM 6/3/96 -0500, Robert A. Hayden wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >About once a week we get some lame-o flame bait posted to >alt.security.pgp or this mailing list or somewhere abotu some hole in >PGP. We further say with fairly good reliability that they are bogus, >get a light chuckle, and then go back to dealing with the real issues. > >However, I got to wondering about the security of PGP assuming somebody >trying to read my PGPed stuff has my 1024-bit secret key. ie, if I have >it on my personal computer, and somebody gets my secret key, how much >less robust has PGP just become, and what are appropriate and reasonable >steps to take to protect this weakness? > >Thanks > > >-----BEGIN PGP SIGNATURE----- >Version: 2.6.2 >Comment: PGP Signed with PineSign 2.2 > >iQCVAwUBMbJ5xTokqlyVGmCFAQGcAgQAvjFdZ+YLdQGxDHcT+GOwP82BSwiTYlaQ >F9RV8L+radCK/SyeLnEtoodkKVqpcsItIQ/JJ44FOAmnsBLljuWqbhZMl8G8+uCB >pcpkXpre83CwoM6qDKkCEyqCiMxq857ioCoqb+WRNJYbb++muVBDHADVzGoGOjLg >cvIMxnnXF3c= >=tnTb >-----END PGP SIGNATURE----- Once your secret key has been compromised, then all that prevents a Bad Guy from reading your message is your secret key passphrase. (I believe that, aside from grabbing keystrokes a la TEMPEST, the only way to get this passphrase is by brute-forcing it, or maybe searching your house for the little piece of paper that you may have written it on.) I have seen equations which claim to compute the security of your passphrase and also passphrase generators - I don't know if either are any good, though. - ------------------------------------------------------------------------------- David Rosoff (nihongo o chiisaku dekimasu) drosoff at arc.unm.edu For PGP key 0xD37692F9, finger drosoff at acoma.arc.unm.edu or get from keyservers pub 1024/D37692F9 1995/07/01 David Rosoff Key fingerprint = 25 7D AA 01 85 41 43 89 50 5A 33 76 F1 F1 99 67 I accept anonymous mail. If I didn't sign it, you don't know I wrote it. - --- "Made weak by time and fate, but strong in will / To strive, to seek, to find-- and not to yield." ----- "Ulysses", by Alfred, Lord Tennyson -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMbTCmBguzHDTdpL5AQEH4gP/TT3myaSislU3En4xwaB2cWmYhCItlhL/ nhLZM4uxOHv87zsHjYIBrHEHxVHnYOaH/Kd7zSRPRB0ArTDIMP/ZtYISMUNhfSd2 bX+LNdASX9rbiD1Vfcvb/vw6nKlfvdz2WoeeTE/yqSeHjnE7+izEX4Xi/9mHB4s/ N9DDK16kgi4= =snQo -----END PGP SIGNATURE----- From WlkngOwl at unix.asb.com Wed Jun 5 02:20:58 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Wed, 5 Jun 1996 17:20:58 +0800 Subject: Java Message-ID: <199606042334.TAA29203@unix.asb.com> I'll add a few comments about the "Java hype monster"... it seems a good way for people to make money off of computing in ways they haven't before (and in ways which probably won't work anyhow). A lot of the Java hype has been how one only needs a "network appliance" that logs in and uses remote applets which are instantly updated. Less risk of software piracy, more phone bills and network membership fees, of course. (Nevermind other risks added in this sort of system). It seems like a kind of cable-tv-for-the-internet. People will join a service that provides an array of applications. Network membership fees and phonebills... or maybe they'll use cable modems and it will be included with the cable bill on their JavaVision (tm) boxes? On the plud side, though: C never did standardize graphical interfaces. Notice most of the demos in the JDK are graphical? Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From drosoff at arc.unm.edu Wed Jun 5 02:31:09 1996 From: drosoff at arc.unm.edu (David Rosoff) Date: Wed, 5 Jun 1996 17:31:09 +0800 Subject: hacked version of PGP - win95 long filenames Message-ID: <1.5.4.16.19960605000224.3a874cf2@arc.unm.edu> -----BEGIN PGP SIGNED MESSAGE----- I suffer from the great misfortune of a dos computer, and despite my anti-micro$oft efforts, I still am stuck, most of the time, with Windows 95. This OS assigns long filenames (the sensible kind, that is) to the old-style eight-character and three-character separated by a dot. However, they did it in such a way that old filenames still work. So if I have a file I want to encrypt, PGP will mess up this system. oldname.txt -> oldname.asc This is the normal way PGP would encrypt. However, f I have assigned the oldname.txt file a new file name under the win95 system, it will look something like this. "Old File" (oldfil~1.txt) This conforms with the new scheme. If I PGP encrypt, this happens: oldfil~1.txt -> oldfil~1.asc Thus, the new filename is lost, both for the ciphered file, and for the file once I decrypt. Is there a way (aside from not using long filenames) such as a hacked version of PGP that has a workaround for this problem? Also, is this an issue on the list of improvements for future official versions of PGP? =============================================================================== David Rosoff (nihongo o chiisaku dekimasu) -------------> drosoff at arc.unm.edu For PGP key 0xD37692F9, finger drosoff at acoma.arc.unm.edu or get from keyservers pub 1024/D37692F9 1995/07/01 David Rosoff Key fingerprint = 25 7D AA 01 85 41 43 89 50 5A 33 76 F1 F1 99 67 I accept anonymous mail. If I didn't sign it, you don't know I wrote it. === "Made weak by time and fate, but strong in will / To strive, to seek, to find-- and not to yield." <---- "Ulysses", by Alfred, Lord Tennyson -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMbTExRguzHDTdpL5AQGo5QP/QqZw0PLK5/jNY42nbJ/VRrAj8g62FK7q zxWMVbindqQZaOYRtNVHy28rzjkBy+ybzhWetmLgny4f2zdUFkTf5OgZ0r27oOGQ 93VmAK8FoMTBhtje3y4OjWc2uqqHWSYkhjZVYWVCxVcFL1GA6FMkIs8pnzqb5Ohy ShWTgpaV6OM= =SLEx -----END PGP SIGNATURE----- From jimbell at pacifier.com Wed Jun 5 02:33:49 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 5 Jun 1996 17:33:49 +0800 Subject: NYT on NTT/RSA Chips Message-ID: <199606050231.TAA00162@mail.pacifier.com> At 08:53 PM 6/4/96 -0400, Ted Garrett wrote: >At 09:12 AM 6/4/96 -0800, someone claiming to be wrote: > >>Maybe it's just me, but the solution to NTT's problem is obvious. Even >>assuming that the export of this software would be against the law, why >>doesn't somebody simply violate that law? RSA would publish that software, >>possibly encrypted with NTT's public key, on a public system protected >>against direct export. "Somebody" would download it, write it to a floppy >(...) >>As far as I know, there is nothing wrong with NTT using this software even >>if it is assumed to have been exported illegally. Obviously, NTT won't >>_ask_ for somebody to do this, because then the government will claim it was >>all a conspiracy, but that doesn't prevent NTT from being the beneficiary of >>somebody else's activities. > >What is wrong with this is that, because RSA did not, in practice deliver >the software to NTT, they can have no expectation of payment. No, the copyright is still valid, and NTT couldn't use the software without appropriate payment. > Thus begins >a trumped up lawsuit in international court, and it will eventually cost >RSA more to collect on the sale than the sale was worth. As many rock-solid >implementations of the RSA algorithms as are out there, all NTT has to do >is go to an FTP site in the netherlands. Done deal. But what about the >copyrights (which are still unclear) and the US patents? NTT would not be >able to market their system in the US without losing face. The purpose of the strategem I described is NOT intended to allow NTT to use software without paying. NTT and RSA are probably on very friendly terms, anyway. The purpose is to compartmentalize the illegality to an unidentifiable person, allowing NTT to use the software without having violated any law. Jim Bell jimbell at pacifier.com From declan at well.com Wed Jun 5 02:38:53 1996 From: declan at well.com (Declan McCullagh) Date: Wed, 5 Jun 1996 17:38:53 +0800 Subject: Richard Stallman on RSA, Zimmermann, crypto Message-ID: Richard's comments below are very much worth reading. Also check out the following URLs for back fight-censorship messages about the RSA/Zimmermann conflict... MIT's Seth Finkelstein on RSA/Zimmermann history: http://fight-censorship.dementia.org/dl?num=639 Background on RSA's involvement with recent crypto legislation: http://fight-censorship.dementia.org/dl?num=1613 http://fight-censorship.dementia.org/dl?num=1614 http://fight-censorship.dementia.org/dl?num=2282 -Declan ---------- Forwarded message ---------- Date: Tue, 4 Jun 1996 20:18:05 -0400 From: Richard Stallman To: declan at well.com Cc: rms at gnu.ai.mit.edu Subject: Re: FW: CWD--Crypto Gets A Nuke (fwd) As an opponent of Clipper--I debated Dorothy Denning on NPR once--I was glad to read about the new Japanese encryption chip. But that chip is not the right solution for most people who want to use encryption. For example, I'm considering using digital signatures. I don't need the high power that requires special expensive hardware, and I would rather not have to buy it. What I would really like is free software, which I can run on an ordinary PC, to do the job. Unfortunately, there isn't any. RSA Inc. made sure of that. Zimmermann initially intended to release PGP as free software. But RSA Inc threatened him with a patent suit, and forced him to change the distribution terms. Now PGP in the US uses RSAREF, which is restricted by a patent license to non-commercial use only. In other words, only hobbyists and academics can use it. There is a commercial version which is proprietary software, and apparently not many people want it badly enough to buy it. The version of PGP used outside the US is free software, but if you use it within the US, RSA Inc. can sue you. This is very bad for people who would like to use PGP. But it is worse than that. It affects the political battle too. PGP had a chance to create a constituency of Americans who demand the right to use encryption. If PGP had been allowed for use in business, not just by hobbyists, we would have far more Americans who care enough to fight against Clipper--and they would include businesses which have the funds to influence legislators. RSA Inc. prevented this from happening, and did so for no reason except money. Bidzos and Rivest would like to present themselves as the defenders of our freedom to use encryption. And it is true, they would like us to be able to use encryption, as long as we are required to pay them for doing so. But when they had the choice of letting us use encryption freely or stamping it out, they chose the latter. I hope you won't portray them as heroes. From loki at infonex.com Wed Jun 5 02:39:36 1996 From: loki at infonex.com (Lance Cottrell) Date: Wed, 5 Jun 1996 17:39:36 +0800 Subject: How can you protect a remailer's keys? Message-ID: The best solution I could come up with (and was willing to write and use) is to specify the passphrase on the command line argument to the compiler make solaris -DPASS="foozooblue" -Lance At 11:55 PM 6/1/96, Bill Stewart wrote: >Encryption is critical for protecting against traffic analysis, >but it's tough to protect a remailer's keys. Unlike regular email, >where you can type the key in as you read it, remailers need to >run automatically once you set them up. Some of the choices are: >- leave it around in plaintext with only Unix file protections > (Ghio2 works this way - does Mixmaster? My ghio2 version has it > compiled into the binary, and I try to delete it from source.) >- type it in to a long-running remailer process > (with human intervention to start) >- SSL-based remailers, where the web server handles crypto on > a per-machine basis instead of per-remailer >- use unauthenticated Diffie-Hellman (either hanging off > a TCP port somewhere instead of mail, or > 3 pieces of email) >- off-line or off-site remailer such as a POP3 winsock remailer > that makes it Somebody Else's Problem, and separates > the remailer's public interface from the working parts >- human intervention on every message (which may not be totally > worthless for moderated news postings, if you want to > take that approach to spam prevention.) > >Anybody have any other approaches? These are mostly weak, >annoying, or both. > > ># Thanks; Bill ># Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com ># http://www.idiom.com/~wcs ># Rescind Authority! ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From WlkngOwl at unix.asb.com Wed Jun 5 02:45:29 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Wed, 5 Jun 1996 17:45:29 +0800 Subject: Electronic Signature Act Of 1996 Message-ID: <199606042344.TAA29411@unix.asb.com> On 4 Jun 96 at 10:33, Ben Holiday wrote: > Florida now recognizes electronic signatures as legal and binding. In > other words - its okay to sign it by modem. > > The electronic Signature Act of 1996 passed the Legislature unanimously > and became law Friday. The law does not specify how an electronic document > must be signed, but it probably will mean coding the text and typed > signature so they cannot be changed by anyone other than the writer. [..] I've seen some legal arguments that an email message that reads "Bob, Sounds good--it's a deal. --Alice" can in some circumstances be as binding as an oral contract or a scribbled note, which is not meaningless though not as strong as a legal signed contract. As long as one can show Alice *did* write that, that it referred to a specific deal, etc. etc., it holds some legal weight. But I'm no lawyer, and one should never trust legal advice form Usenet or the c'punks list. Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From ngps at technet.sg Wed Jun 5 02:49:09 1996 From: ngps at technet.sg (Ng Pheng Siong) Date: Wed, 5 Jun 1996 17:49:09 +0800 Subject: FOR WHOM THE BELL TOLLS In-Reply-To: <2.2.32.19960604193049.0072daf0@popmail.crl.com> Message-ID: On Tue, 4 Jun 1996, Sandy Sandfort wrote: > Any suggestions? Jim Bell has a solution to that problem. Sorry, couldn't resist. ;) - PS -- Ng Pheng Siong * Finger for PGP key. Pacific Internet Pte Ltd * Singapore 'The meek will inherit the earth, after the rest of us have gone to the stars.' - alt.2600 poster From bruce at aracnet.com Wed Jun 5 02:55:52 1996 From: bruce at aracnet.com (Bruce Baugh) Date: Wed, 5 Jun 1996 17:55:52 +0800 Subject: FOR WHOM THE BELL TOLLS Message-ID: <2.2.32.19960605054113.006e2b2c@mail.aracnet.com> At 12:30 PM 6/4/96 -0700, Sandy Sandfort wrote: >My question for member of this list is: When Bell finally >goes too far and they arrest or shoot him, how can we best >capitalize on his martyrdom? Or in a more negative light, >what damage control will we need to do in that case? I think there's a non-trivial chance that this list could be shut down and anyone who's made interested sounds in the idea brought in to assist the police in their inquiries. Damage control will probably be a doomed cause. The media will end up with selected quotes advocating crypto-anarchy and speaking in a disparaging tone of those heroic men and women who keep nuts like us reined in, and the only people who will hear a balanced account will be those who are already wholly or partially immune to the propaganda mills. Did I mention I've been feeling pessimistic about a bunch of this stuff lately? -- Bruce Baugh bruce at aracnet.com http://www.aracnet.com/~bruce From grafolog at netcom.com Wed Jun 5 02:58:44 1996 From: grafolog at netcom.com (jonathon) Date: Wed, 5 Jun 1996 17:58:44 +0800 Subject: FOR WHOM THE BELL TOLLS In-Reply-To: <2.2.32.19960604193049.0072daf0@popmail.crl.com> Message-ID: Sandy: On Tue, 4 Jun 1996, Sandy Sandfort wrote: > goes too far and they arrest or shoot him, how can we best let him be a victim of his own success. xan jonathon grafolog at netcom.com ********************************************************************** * * * Opinions expressed don't necessarily reflect my own views. * * * * There is no way that they can be construed to represent * * any organization's views. * * * ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * * * http://members.tripod.com/~graphology/index.html * * * *********************************************************************** From jimbell at pacifier.com Wed Jun 5 03:01:23 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 5 Jun 1996 18:01:23 +0800 Subject: Markoff in NYT on NTT/RSA chip Message-ID: <199606050644.XAA14496@mail.pacifier.com> At 03:46 AM 6/5/96 +0000, jonathon wrote: > paul: > >On Tue, 4 Jun 1996, Paul Robichaux wrote: >> the NTT chipset for use, say, in a Motorola cell switch (made in IL) would >> seem to be problematic. Buying chips in Japan for shipment to Moto's phone >> factories in Singapore and Malaysia, however, would appear to be OK. Under > > So the companies simply ship their _entire_ production > facility offshore, to whichever country has no crypto > export regulations. > > << Any guesses on just how long ITAR stays around, once > several companies announce they are terminating the employment > of 1000+ people, for work overseas, because of ITAR? >> > > And doing all of their manufacturing offshore means they could > use Triple-DES, or BlowFish, or any other crypto algorithm. I seem to recall an announcement recently that Senator Burns is going to have a hearing "soon" on his crypto bill. If that's true, I think it would make a good publicity scene if somebody (if possible someone giving testimony) were to show up with one of these NTT encryption chips, wave it around a bit, and say "I can bring this chip into the country, why can't I take it out again?" Even if you can't get ahold of the real chip, any multi-pin bug will probably do for the sound/video-bite. Jim Bell jimbell at pacifier.com From grafolog at netcom.com Wed Jun 5 03:09:11 1996 From: grafolog at netcom.com (jonathon) Date: Wed, 5 Jun 1996 18:09:11 +0800 Subject: Markoff in NYT on NTT/RSA chip In-Reply-To: Message-ID: paul: On Tue, 4 Jun 1996, Paul Robichaux wrote: > the NTT chipset for use, say, in a Motorola cell switch (made in IL) would > seem to be problematic. Buying chips in Japan for shipment to Moto's phone > factories in Singapore and Malaysia, however, would appear to be OK. Under So the companies simply ship their _entire_ production facility offshore, to whichever country has no crypto export regulations. << Any guesses on just how long ITAR stays around, once several companies announce they are terminating the employment of 1000+ people, for work overseas, because of ITAR? >> And doing all of their manufacturing offshore means they could use Triple-DES, or BlowFish, or any other crypto algorithm. xan jonathon grafolog at netcom.com ********************************************************************** * * * Opinions expressed don't necessarily reflect my own views. * * * * There is no way that they can be construed to represent * * any organization's views. * * * ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * * * http://members.tripod.com/~graphology/index.html * * * *********************************************************************** From dhaskove at ucsd.edu Wed Jun 5 03:14:10 1996 From: dhaskove at ucsd.edu (Dan Haskovec) Date: Wed, 5 Jun 1996 18:14:10 +0800 Subject: Class III InfoWar: TST Article In-Reply-To: Message-ID: I stand corrected.... I wonder if this will be / has been picked up by any Stateside media? It seems like something that might sell papers.... On Tue, 4 Jun 1996, Steven Levy wrote: > If it's a myth, it's quite an elaborate one. On Saturday night I was > interviewed by the BBC about this. The producer read the entire article > to me, telling me in was on the front page of the Times. (My comments > were not about the specific story, but the underlying security issues.) I > don't think he was making it up. > > Maybe the London Times isn't on Nexus. > > Steven > From jimbell at pacifier.com Wed Jun 5 03:17:54 1996 From: jimbell at pacifier.com (jim bell) Date: Wed, 5 Jun 1996 18:17:54 +0800 Subject: FOR WHOM THE BELL TOLLS Message-ID: <199606050507.WAA09930@mail.pacifier.com> At 12:30 PM 6/4/96 -0700, Sandy Sandfort wrote: > Carl Ellison wrote: >>After the meeting ended it hit me what the problem is and I >>mentioned it to PRZ. We're complaining that the Executive >>has gone rogue -- is disobeying the will of the people. >>PRZ likened it to Nixon's war in Cambodia. > > Jim Bell replied: > >>I have a solution to that problem. > >My question for member of this list is: When Bell finally >goes too far and they arrest or shoot him, how can we best >capitalize on his martyrdom? Or in a more negative light, >what damage control will we need to do in that case? >Now I know that barking dogs rarely bite, but Jim may just >fool us and find his cajones. In any event, the sort of >yapping he is doing could itself be considered a crime that >could attract the sort of negative attention he apparently >craves. If there is any doubt that we _need_ a system to rid us of these sleazy politicians: I just saw tonight's PBS McNeil news hour, and they had two politicians on, one of which was promoting a re-emergence of the "Star Wars" missile defense system, which even under optimistic scenarios would cost hundreds of billions of dollars. My solution is simpler and far less expensive: Target any political or military person at any level who is directly or indirectly in control of any offensive missile system (nuclear or otherwise), killing off as many as it takes until they cry "uncle" and destroy all of that hardware. Probable cost of this persuasian? A few hundred million dollars, at most. Who is committing the crime, here? Maybe, someday, you'll start really LISTENING to what I have to say. ObCrypto? Your motivations are quite opaque. Maybe we can turn them into a cryptosystem? Jim Bell jimbell at pacifier.com From WlkngOwl at unix.asb.com Wed Jun 5 03:20:52 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Wed, 5 Jun 1996 18:20:52 +0800 Subject: Cost of brute force decryption Message-ID: <199606050631.CAA01285@unix.asb.com> On 4 Jun 96 at 10:58, Bruce M. wrote: [..] > "If you can ensure secrecy either until no one cares about the > information or so that cracking the code costs more than the information > is worth, it's 'secure enough.' > > "For example a 40-bit key takes about $10,000 worth of supercomputer > time and two weeks to crack. Although this key may be adequate to > protect my checking account, it's probably not large enough for the > accounts of a major corporation. [..] The figures look familiar. No references around. I'm not sure it would require a whole two weeks for 40-bits, though. Possibly less than a day? (Or was that why you asked baout the figures?) The "$10,000 worth of supercomputer time" is fuzzy. One thing that's left out is that once an organization already owns the equipment and has the money to spare, it may be worthwhile to crack things of less importance like personal checking info, email, etc. Rob. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From tcmay at got.net Wed Jun 5 03:23:30 1996 From: tcmay at got.net (Timothy C. May) Date: Wed, 5 Jun 1996 18:23:30 +0800 Subject: Java Message-ID: I find myself agreeing with nearly all the points about Java that Larry is making, so something may be wrong.... At 8:58 PM 6/4/96, Vladimir Z. Nuri wrote: ... >I suppose if I was over 40 and worked in a conservative wall street firm, >I'd have a totally different view. maybe Java is all about a generation >gap in computing. hey!! the first language that the "older generation" >hates. sounds like a good reason to go after it, sort of like rock-n-roll >and Woodstock suddenly being aged and uncool. This can't be the whole story. I'm 44, and Java looks pretty damn exciting to me, too. Not exciting to stand elbow-to-elbow and be trampled the crowds at Moscone Center for Java One, but exciting enough to get the Metrowerks Java compiler for the Mac and half a dozen or so of the Java books (some of which are even pretty good--I most like "Core Java" and the Gosling book). I don't have the energy or time to write a Detweiler-length article about Java (though I think I did a month or so ago), but will say that I think the security problems are, first of all, no worse vis-a-vis the language itself than problems with any language. For me, the main attraction of Java lies not in the applets, but in the Net-centric model that makes, in theory (and hopefully in practice) a Macintosh roughly the equal of a Sun or SGI or Pentium. Until Java and associated programs and tools appeared, I was seriously thinking about getting a Pentium or Pentium Pro (shudder, even though I admire my former employer and current stock benefactor, Intel) and putting Linux on it. Now I feel more confident that the Mac is a viable competitor in a Net-centric world. Java may be the Great Equalizer (something Sun may come to regret). Perry has some valid points vis-a-vis the most naive uses of applets. Were I the security manager of Morgan Stanley, I would certainly not want traders downloading "kewl" applets and (possibly) causing Big Problems. So what else is new? Java as a language and as a platform-independent implementation is an achievement. As for Scheme and Smalltalk, both mentioned by Perry, I have both of these and of course neither has caught on a big way. I won't even speculate about the many reasons. And in some ways a more important comparison is to Perl and TCL, along with more obscure languages like Python and REXX. The welter of Net-oriented languages shows signs of being much-simplified by the wide adoption of Java. It will be interesting to watch the next several years of developments. -- Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From ichudov at algebra.com Wed Jun 5 03:40:08 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Wed, 5 Jun 1996 18:40:08 +0800 Subject: Electronic Signature Act Of 1996 In-Reply-To: <2.2.32.19960604165840.00725e30@popmail.crl.com> Message-ID: <199606050323.WAA09499@manifold.algebra.com> Sandy Sandfort wrote: > C'punks, > > At 11:11 AM 6/4/96 -0400, Perry E. Metzger wrote: > > >...I get the impression that under the common law, an ink > >signature is merely a demonstration that a party assented > >to a contract, and except for certain contracts (which > >usually require witnesses etc.) there is no requirement in > >the law that a contract even be on paper... > > The "Statute of Frauds" lists the exceptions and they cover > most important contracts. I seem to recall that contracts > over a given amount or for interests in real property for > periods of a year or more are covered. I'm sure someone > with current access to legal research resources will post > a better explanation. [I AM NOT A LAWYER] The following contracts are required to be in writing, in most states: 1. A contract of an executor or administrator to answer for a duty of the decedent (the executor-administrator provision). 2. A contract to answer for debt or default of another (the suretyship provision). 3. A contract made upon consideration of marriage (the marriage provision). 4. A contract for sale of goods worth more than $500 (the sales provision). 5. A contract for sale of an interest in land (the land provision). 6. A contract not preformable within a year (the one-year provision). - Igor. From hugh at ecotone.toad.com Wed Jun 5 03:49:49 1996 From: hugh at ecotone.toad.com (Hugh Daniel) Date: Wed, 5 Jun 1996 18:49:49 +0800 Subject: LEGISLATIVE: SHORT NOTICE! of a SF SCTB/NRC crypto policy hearing Message-ID: <199606042329.QAA06008@ecotone.toad.com> ------- Start of forwarded message ------- Date: Fri, 31 May 96 18:12:00 EST From: "CRYPTO" To: crypto at nas.edu Subject: Public briefing on the NRC Crypto Policy report Please post widely. The Computer Science and Telecommunications Board (CSTB) of the National Research Council (NRC) has completed a congressionally mandated study of national cryptography policy. The final report, Cryptography's Role in Securing the Information Society, was released to the public on May 30, 1996. Some members of the committee will conduct a public briefing on the report in Menlo Park, California at SRI International. The briefing will be held in the Auditorium of the International Building from 10 to 11 am on Wednesday, June.5. The address is 333 Ravenswood Avenue, Menlo Park, California, 94025. For more information about the briefing at SRI, contact Alice Galloway at 415-859-2711 (alice_galloway at qm.sri.com). If you have suggestions about other places that the committee should offer a public briefing, please let me know (crypto at nas.edu or 202-334-2605). A summary of the report ("Overview and Recommendations") is available through http://www2.nas.edu/cstbweb; the full publication will be made available when final printed copies of the book are available (probably around the beginning of August). If you wish to be kept informed of various other public activities regarding dissemination of this report, you can sign up for an e-mail list by visiting the web page http://www2.nas.edu/cstbweb/notifyme.html. I apologize to you for the short notice on this invitation, but hope that you will be able to attend. Herb Lin Senior Staff Officer Study Director CSTB/NRC Study of National Cryptography Policy crypto at nas.edu ------- End of forwarded message ------- From cwe at it.kth.se Wed Jun 5 03:51:17 1996 From: cwe at it.kth.se (Christian Wettergren) Date: Wed, 5 Jun 1996 18:51:17 +0800 Subject: Class III InfoWar: TST Article In-Reply-To: Message-ID: <199606050626.IAA05284@piraya.electrum.kth.se> | and the verdict is... NetMYTH! I checked the cite in the article on | cyberterrorism... no such article ran on 6/2/96 in the Times | (London)... nor, in fact, in any newspaper available on Nexis... | just thought I would let you know... I've met Winn Schartau and a number of the people mentioned in the article at a conference in Brussels about Information Warfare two weeks ago. I've also seen the article that is referred in the message from Winn, and here is the URL for it. http://www.sunday-times.co.uk/news/pages/Sunday-Times/stinwenws01016.html?1257332 Alternatively, you can access it through http://www.the-times.co.uk/ going through a brief registration process etc. Also, I've meet the journalist, Peter Warren, at the conference as well. We even went for a beer! :-) So, I'd definitively say there is too much real-world details to it for me to believe it is a NetMYTH. -Christian Wettergren, KTH/Teleinformatics Sweden. PS. I'm not a netMYTH either, and I do exist. :-) From loki at infonex.com Wed Jun 5 04:05:59 1996 From: loki at infonex.com (Lance Cottrell) Date: Wed, 5 Jun 1996 19:05:59 +0800 Subject: Multiple Remailers at a site? Message-ID: At 1:40 PM 6/4/96, Scott Brickner wrote: >Bill Stewart writes: >>>I don't think multiple remailers at the same site help anything. >> >>Assume Alice, Bob, and Carol are on abc.com and Xenu, Yak, and Zut >>are on xyz.com. Remailing between Alice, Bob, and Carol doesn't >>make appear to make much difference, but it does reduce the damage >>if one of the remailer's keys is compromised. On the other hand, >>mail from Alice -> Xenu -> Bob -> Yak -> Carol -> Zut adds traffic >>to the system, and makes traffic analysis more difficult, >>even if the Bad Guys are watching site abc.com and have stolen >>Alice, Bob, and Carol's keys. > >Wait a minute. More traffic should make analysis easier, since traffic >analysis is mostly statistical work on the source and destination (not >necessarily "from" and "to"). A bigger sample makes more reliable >results. > >For traffic analysis, I don't know *who* sent the message (it was, >after all, anonymized), but I do know a site which transmitted it and >one which received it, the time it was transmitted, and maybe its >size. Multiply this times a whole bunch of messages, and I can infer >information about "common interests" between those sources and >destinations. > >The delays and mixing done by remailers make it harder by >disassociating the true sender from the true receiver. If a remailer >were to ignore this step, the analyst can deduce from the two data >points > > "message a, source A, destination RemailerX, time t, size s" > "message b, source RemailerX, destination B, time t+0.001s, size s" > >that there's some connection between A and B. The more such evidence, >the stronger the connection. If the remailer does a good job with >the delays and shuffling, then it becomes difficult for the analyst >to match message a with message b, leaving him with what he already >knew (that A and RemailerX have a common interest, as to B and RemailerX, >but the interests may be wholly unrelated). > >Multiple remailers on the same machine increases the resolution of >the address information, at best, improving the analysts ability to >make connections. The same traffic load going to a single remailer >at the site makes the analyst's job harder. > >>The other threat it helps with is that if XYZ.COM gets complaints >>about that evil user Zut, she can kick her off (Bad Zut!) >>and still leave Xenu and Yak alone; if the remailer service >>were provided by the machine owner herself she might be directly liable. > >Hmm. Nothing really stops the machine owner from creating a personal >anonymous account to run the remailer. When someone complains, shut it >down and create a new one. There isn't yet a law which requires that >the owner be able to identify the user. This affords the same >protection that multiple users does. The time correlation attack can be defeated by sending mail into the remailer network with a period roughly equal to the propagation time of a message through a chain. That way your messages correlate with absolutely all receipts of all messages. That contains no information. -Lance ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From frantz at netcom.com Wed Jun 5 04:12:34 1996 From: frantz at netcom.com (Bill Frantz) Date: Wed, 5 Jun 1996 19:12:34 +0800 Subject: On the Hill: Child Porn "Morphing" Message-ID: <199606050531.WAA27734@netcom7.netcom.com> At 4:45 PM 6/4/96 -0400, Black Unicorn wrote: >"Morphing" seems to be the latest buzzword for putting childrens faces on >the bodies of adult models in sexually explicit poses and seems to have >attracted enough attention to warrant congressional attention. The ability to use the faces of famous political people (e.g. Bill&Hillery or Bob&Libby) in XXXX rated political satire probably has a wider market. ------------------------------------------------------------------------ Bill Frantz | The CDA means | Periwinkle -- Computer Consulting (408)356-8506 | lost jobs and | 16345 Englewood Ave. frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA From declan at well.com Wed Jun 5 05:25:51 1996 From: declan at well.com (Declan McCullagh) Date: Wed, 5 Jun 1996 20:25:51 +0800 Subject: Fight-Censorship Dispatch #12: CDA deathwatch, copyright update Message-ID: ------------------------------------------------------------------------ Fight-Censorship Dispatch #12 ----------------------------------------------------------------------------- The CDA deathwatch begins ----------------------------------------------------------------------------- By Declan McCullagh / declan at well.com / Redistribute freely ----------------------------------------------------------------------------- In this dispatch: CDA deathwatch begins, vultures start to circle Copyright update: sucks to continue, sucks to delay Fred Cherry, back in action! MIT's Seth Finkelstein weighs in on copyright Internet Caucus prepares pro-Net resolution June 4, 1996 WASHINGTON, DC -- The CDA deathwatch has begun and hungry scavengers are starting to close in on the ill-begotten law's moldering carcass. The Philly court yesterday attracted still more hovering media vultures by saying they'll announce when they're ready to release their decision. What a tease. This evening I called Chris Hansen, who's leading the ACLU's legal team challenging the CDA in Philadelphia's Federal court. He told me: The court will try to give as much advance notice as possible. This is unusual but not unheard of -- all along the court has treated this as a very important case. They had the court historian come in and take pictures the first day. And the clerk himself has been present, not his deputies. (In case anyone's interested, I'm still offering 3:1 odds in our favor in Philly, though all bets are off when we get to the Supreme Court.) In the last week, the ALA/CIEC and ACLU media operations shifted into overdrive, pumping out a flurry of press advisories telling mediaperns to be on the lookout -- that a decision is expected "any day now." That was the idea, at least. Conventional wisdom said that our three-judge panel in Philly would want to rule before the court in New York City that's currently hearing a weaker, parallel challenge to the CDA. After all, Federal judges are political beasts and it's a cinch that any of 'em would want to write an opinion in this landmark case. Final arguments in the NYC case were scheduled for yesterday. But at the hearing, the Manhattan court decided it had more questions for both sides and gave the government until June 7 to file responses and the plaintiff, Joe Shea, until June 13. That means that our court has until the end of next week to issue its decision -- and still come out first. And so the deathwatch groans onward... +-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+ COPYRIGHT UPDATE: SUCKS TO CONTINUE, SUCKS TO DELAY +-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+ I wrote in my May 30 dispatch that there's "a fighting chance that this braindead copyright bill will pass this year." Now I'm not as sure. The House subcommittee markup session that tentatively was scheduled for June 5 has been cancelled, and it won't take place before June 12 or 13. That's good and bad. The upside is that this ill-fated bill likely won't pass in any form this session -- but the mucky underside is that the courts will continue to rely on a Clinton administration white paper released last fall by copyright czar Bruce Lehman. Lehman, who heads the Patents and Trademark Office, hatched this boondoggle that slams online fair-use rights and slaps service providers with hefty fines if one of their users violates someone's copyright. A well-connected lawyer in DC sent me email on this earlier tonight: No copyright legislation is going to be passed this year. This comes from [Important Name deleted --DBM]. That means the White Paper will guide courts for at least the next very critical six months. The Scientology v. Lerma court has been looking [for] legislative direction, but they can't stall much longer. They will have to base their decision on the only thing they have, the White Paper. Somehow, I suspect the Church of Scientology won't mind that one bit. +-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+ FRED CHERRY, BACK IN ACTION! +-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+ Fred Cherry, everyone's favorite net.loon and a truly redoubtable USENET flamer, took center stage briefly at yesterday's Shea v. Reno CDA hearing in New York City. The amateur lawyer succeeded in joining his lawsuit with Joe Shea's and has been merrily introducing excerpts from soc.motss "homonazi" flamewars into evidence. He maintains that to reply to flames, he must use "indecent" or "patently offensive" language, which could violate the CDA. Mark Mangan writes on the June 3 hearing: In his deep, raspy voice [Judge] Cabranes then called Fred Cherry, who had attended every day of the hearings in hopes of consolidating his case. The chief judge looked at a paper and pronounced Cherry's name again. Someone leaned over the seats and tapped Cherry. He awoke, arose, gathered his plastic bags and umbrella and, wearing his overcoat, approached the bench. He walked straight to the microphone and rested his belongings at his feet. Cherry started his hurried talk about how he "despised the ACLU" and what he was there to discuss "goes all the way back 30 years." I interviewed Cherry earlier today. Here's what he told me: ------------------------------------------------------------------- Q: HOW DID YOU FEEL AFTER THE HEARING? A: The judges were nice to me. I can't believe how nice they were. That's not what I'm used to when I see judges. Q: WHAT ABOUT YOUR REQUEST THAT THE CASES BE CONSOLIDATED? A: [Shea's attorney, Randall Boe] said he's worried that if I join, I'm so far behind that it'll slow him down. That they won't be able to get to the Supreme Court... I'm just going to tag along like a caboose hitched onto a train. [Shea and his attorney] don't want me. They filed a brief, about two pages, saying they didn't want me. Q: WHAT DID YOU TELL THE JUDGES YESTERDAY? A: I came up with something [posted] by Rod Swift that Jesus had a large penis. Everybody [in the courtroom] was going crazy. Everyone was laughing. Q: WILL YOU INTRODUCE THOSE POSTS INTO EVIDENCE? A: They're going to give me more time. There's going to be an order -- it hasn't come down yet. They'll issue an order allowing me to present more exhibits. ------------------------------------------------------------------- I asked Cherry for the penis-posts he read aloud, but he still hasn't sent 'em to me. I was able to track down some seemingly representative ones that I archived at EFF's web site in April: Your ass is so blocked up that you do need some therapeutic relief for your constipation -- a condition which has backlogged all the shit right back up into your head, Fred. nobody has suggested that fred cherry should be thrown in jail, sued for libel, or even so much as fined. i have suggested the wisdom of packing his asshole with shards of broken glass, but i wasn't serious. i wasnt _that_ serious anyway. Whatever you think of Cherry's antics, you gotta grant him one thing: not many people have the balls to demand that a Federal court uphold their right to flame. +-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+ MIT'S SETH FINKELSTEIN WEIGHS IN ON COPYRIGHT +-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+ By Seth Finkelstein (sethf at mit.edu) The fight over the future of copyright law is raging over two competing concepts: information should be for the public good vs. info is "private property." Previously, information has been tightly linked to a physical object -- a book, a record, a tape. Now, with electronic communication, the full implications of "copyright" -- where using your printscreen key may be illegal if not explicitly allowed by license -- are becoming clear. Since this "property" is so abstract, it's frightening to contemplate the regulation needed to control the network to ensure no unauthorized information gets distributed. In the censorship battles, there's at least *some* material which is safe. Not so in the copyright wars, where every message may be required to carry "identification papers," to establish that it's not fugitive property that has escaped from its rightful "owner." (And what does this do to anonymity online?) Unlike many, I don't believe any particular outcome is inevitable. It's a question of what sort of future world emerges from the *political* process. It can be either an electronic commons, shared by all, or a series of tollbooths on every public online street. +-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+ INTERNET CAUCUS PREPARES PRO-INTERNET RESOLUTION +-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+ The congressional Internet Caucus is about to introduce a non-binding resolution promising to do good by the Net: --------------------------------------------------------------------- Resolved by the House of Representatives (the Senate concurring), That it is the sense of Congress that -- (1) Congress should educate itself about the Internet and use the technology in personal, committee, and leadership offices; (2) Congress should work in a bipartisan and bicameral fashion to facilitate the growth and advancement of the Internet; (3) Congress should maximize the openness of and participation in government by the people via the Internet so that our constituents can have more information from and more access to their elected representatives; (4) Congress should promote commerce and free flow of information on the Internet; (5) Congress should advance the United States' world leadership in the digital world by avoiding the passage of laws that stifle innovation and increase regulation of the Internet; and (6) Congress should work with the Internet community to receive its input on the issues affecting the Internet that come before Congress. --------------------------------------------------------------------- In today's Campaign Dispatch column on HotWired, Brock Meeks writes: The caucus is now 47 members strong, double its original membership. But the fight for Net survival -- hell, for simple respect -- is far from over. Neither a second-term Clinton nor a Dole presidency gives us much reason for hope. We'll be in the trenches for several years to come; it's time to get our hands dirty. More hot air from Congress? Sure. But it's a sea change compared to where the Net community was a year ago, around the time that TIME magazine's infamous Cyberporn cover appeared, Marty Rimm published his fraudulent smut-study, and Sen. Chuck Grassley held the "first-ever" cybersmut hearing in July... Stay tuned for more reports. ----------------------------------------------------------------------------- Today's unsubstantiated rumor: Y'all remember Jason "The Weasel" Baron, the DoJ's lumbering, cyberchallenged lawyer? Word from an attorney friend of mine says that Baron is predicting the DoJ will *lose* on the CDA, three-zip. Want to subscribe to the announcement-only fight-censorship mailing list for future Fight-Censorship Dispatches and related updates? Just send "subscribe fight-censorship-announce" in the body of a message addressed to: majordomo at vorlon.mit.edu Mentioned in this CDA update: Mark Mangan's Shea v. Reno June 3 update: http://fight-censorship.dementia.org/dl?num=2691 EFF's archive on the Fred Cherry v. Reno case: http://www.eff.org/pub/Legal/Cases/Fred_Cherry_v_DoJ/ EFF's archive on the Joe Shea v. Reno case: http://www.eff.org/pub/Legal/Cases/Am_Reporter_v_DoJ/ ACLU predicts decision soon: http://fight-censorship.dementia.org/dl?num=2673 U.S. Congressional Internet Caucus: http://www.house.gov/white/internet_caucus/netcauc.html Creative Incentive Coalition on copyright: http://www.cic.org/ Digital Future Coalition on copyright: http://www.ari.net/dfc/ Brock Meeks on online copyright: http://www.hotwired.com/muckraker/96/20/index3a.html Brock Meeks on Internet Caucus, non-binding resolution: http://www.hotwired.com/netizen/96/23/index1a.html Ron Newman's web page on the Church of Scientology: http://www.cybercom.net/~rnewman/scientology/ Fight-Censorship list Rimm ethics critique Int'l Net-Censorship This and previous Fight-Censorship Dispatches are archived at: Other relevant web sites: ----------------------------------------------------------------------------- From junger at pdj2-ra.F-REMOTE.CWRU.Edu Wed Jun 5 05:32:29 1996 From: junger at pdj2-ra.F-REMOTE.CWRU.Edu (Peter D. Junger) Date: Wed, 5 Jun 1996 20:32:29 +0800 Subject: NYT on NTT/RSA Chips In-Reply-To: <199606041616.JAA24515@mail.pacifier.com> Message-ID: jim bell writes: : At 10:54 AM 6/4/96 GMT, John Young wrote: : > An executive at NTT America said that although there were : > no restrictions on the export of cryptographic hardware or : > software from Japan, his company was still anxious to : > obtain software from RSA Data to use in its chips. That : > software is still controlled by United States export law, : > he said. : : : Maybe it's just me, but the solution to NTT's problem is obvious. Even : assuming that the export of this software would be against the law, why : doesn't somebody simply violate that law? RSA would publish that software, : possibly encrypted with NTT's public key, on a public system protected : against direct export. "Somebody" would download it, write it to a floppy : (taking care not to leave any fingerprints, and wetting both the stamp and : the envelope with tap water, rather than licking them) and mail that floppy : off to NTT in Japan. (Naturally, you don't put a return address on that : envelope. The truly paranoid would first take that floppy to some store's : PC section, and cross-load the data onto a floppy written by some other : floppy drive.) : : NTT finds that envelope in their mail, opens it, reads the floppy, decrypts : the data, and say, "Wow! It's the data we wanted to get!" It verifies that : the data is valid by emailing a copy back to RSA in America, who say, : "Amazing! Somebody has illegally exported our software!" : : As far as I know, there is nothing wrong with NTT using this software even : if it is assumed to have been exported illegally. Obviously, NTT won't : _ask_ for somebody to do this, because then the government will claim it was : all a conspiracy, but that doesn't prevent NTT from being the beneficiary of : somebody else's activities. I am afraid that that is the solution to the wrong problem. NTT's problem is that they cannot sell the RSA chip in the United States without a license from RSA Data under the RSA patent. So the deal is for RSA Data to be NTT's agent in the U.S. But Bidzos was complaining bitterly at the EPIC conference that the export regulations on crypto had cost RSA Data the international market. The software for both DES and RSA are publically available so it would not have solved any previously unsolved problem for someone to have mailed the code--or the algorithms--to NTT. -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH Internet: junger at pdj2-ra.f-remote.cwru.edu junger at samsara.law.cwru.edu From gbroiles at netbox.com Wed Jun 5 05:56:48 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Wed, 5 Jun 1996 20:56:48 +0800 Subject: Electronic Signature Act Of 1996 Message-ID: <2.2.16.19960605091100.1cd70da2@mail.io.com> I think more apropos to the discussion of electronic signatures is UCC 1-201(39), "'Signed' includes any symbol executed or adopted by a party with present intention to authenticate a writing." Comment 39 to 1-201 indicates "[a]uthentication may be printed, stamped or written; it may be by initials or by thumbprint. It may be on any part of the document and in appropriate cases may be found in a billhead or letterhead. No catalog of possible authentications can be complete and the court must use common sense and commercial experience in passing upon these matters. The question always is whether the symbol was executed or adopted by the party with present intention to authenticate the writing." And comment 2 to 3-401 (re negotiable instruments) indicates that a signature may be "handwritten, typed, printed or made in any other manner." So I don't see why that wouldn't include a PGP signature, a traditional ".signature" block, or the typed "/s/ Greg Broiles" used in some circumstances. (Of course, the UCC doesn't apply to every transaction, nor is it adopted in identical form in every state, blah blah blah.) But it's always nice if the legislature is willing to say "This is the right way to create an electronic signature" because then we don't have to wonder. (However, a signature and a contract are not the same thing - and you don't need to have a contract to have an enforceable obligation. A nonrepudiable document still isn't a self-executing one.) -- Greg Broiles |"Post-rotational nystagmus was the subject of gbroiles at netbox.com |an in-court demonstration by the People http://www.io.com/~gbroiles |wherein Sgt Page was spun around by Sgt |Studdard." People v. Quinn 580 NYS2d 818,825. From gary at systemics.com Wed Jun 5 06:45:10 1996 From: gary at systemics.com (Gary Howland) Date: Wed, 5 Jun 1996 21:45:10 +0800 Subject: Java Message-ID: <199606051004.MAA14816@internal-mail.systemics.com> Clay Olbon II wrote: > > Has anyone written a Java app to implement the Chinese Lottery? Seems like > a natural way to do it. A small cash prize might entice lots of folks to > let it run in the background... We have plenty of Java code that does crypto. If anyone can think of a suitable target (and perhaps a suitable prize for the winner), we'll help knock up some code. Click this if you're interested http://systemics.com:79/ (alternatively finger @systemics.com) The only targets I can think of are the Sun/Microsoft crypto API keys (but I would guess that these keys are too large for an attack to be feasible), and the unix password of David Sternlight (which was posted to sci.crypt last summer). Gary -- pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From WlkngOwl at unix.asb.com Wed Jun 5 07:09:16 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Wed, 5 Jun 1996 22:09:16 +0800 Subject: Richard Stallman on RSA, Zimmermann, crypto Message-ID: <199606051058.GAA03569@unix.asb.com> Not to defend or condemn RSA folx or patents, etc., but sometime ago (recently) I read or was told or perhaps hallucinated that PGP3 was going to include non-RSA algorithms that didn't suffer the patent stickiness (El Gammel based on DSA?) Derek? On 4 Jun 96 at 18:00, Declan McCullagh wrote: [..] > Richard's comments below are very much worth reading. Also check out the [..] > The version of PGP used outside the US is free software, but if you > use it within the US, RSA Inc. can sue you. > > This is very bad for people who would like to use PGP. But it is > worse than that. It affects the political battle too. > > PGP had a chance to create a constituency of Americans who demand the > right to use encryption. If PGP had been allowed for use in business, > not just by hobbyists, we would have far more Americans who care > enough to fight against Clipper--and they would include businesses > which have the funds to influence legislators. RSA Inc. prevented > this from happening, and did so for no reason except money. [..] --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From gary at systemics.com Wed Jun 5 07:20:25 1996 From: gary at systemics.com (Gary Howland) Date: Wed, 5 Jun 1996 22:20:25 +0800 Subject: Security of PGP if Secret Key Available? Message-ID: <199606051033.MAA14983@internal-mail.systemics.com> On Jun 3, 2:36, "Robert A. Hayden" wrote: > However, I got to wondering about the security of PGP assuming somebody > trying to read my PGPed stuff has my 1024-bit secret key. ie, if I have > it on my personal computer, and somebody gets my secret key, how much > less robust has PGP just become, and what are appropriate and reasonable > steps to take to protect this weakness? If the secret key is available then an attacker knows the length of p & q. Admittedly this will not usually help matters much, but I still feel that the lengths of p and q should be encrypted with the passphrase - perhaps in PGP3.0? (Derek?) Gary -- pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From jya at pipeline.com Wed Jun 5 07:28:15 1996 From: jya at pipeline.com (John Young) Date: Wed, 5 Jun 1996 22:28:15 +0800 Subject: URL for NRC Report Message-ID: <199606051047.KAA20751@pipe1.t1.usa.pipeline.com> Instructions for Web access to the NRC report, "Cryptography's Role in Securing the Information Society," May 30, 1996, Prepublication Copy, are at: http://pwp.usa.pipeline.com/~jya/nrc.txt Appendices A to N are now in individual files. A few typos have been corrected in nrc00.txt and nrc06.txt. For the coder, mathematician and avid proofreader, we'll JPEG and forward any page that contains equations -- such as those in Appendix C. From nelson at crynwr.com Wed Jun 5 09:43:49 1996 From: nelson at crynwr.com (nelson at crynwr.com) Date: Thu, 6 Jun 1996 00:43:49 +0800 Subject: Markoff in NYT on NTT/RSA chip In-Reply-To: Message-ID: <19960605120618.2319.qmail@ns.crynwr.com> jonathon writes: > << Any guesses on just how long ITAR stays around, once > several companies announce they are terminating the employment > of 1000+ people, for work overseas, because of ITAR? >> You're assuming that the "jobs" card beats the "crypto-terrorist" card. I wouldn't count on it. -russ http://www.crynwr.com/~nelson Crynwr Software | Crynwr Software sells packet driver support | PGP ok 11 Grant St. | +1 315 268 1925 voice | It's no mistake to err on Potsdam, NY 13676 | +1 315 268 9201 FAX | the side of freedom. From janimmo at ionet.net Wed Jun 5 09:44:55 1996 From: janimmo at ionet.net (Jeffrey A Nimmo) Date: Thu, 6 Jun 1996 00:44:55 +0800 Subject: On the Hill: Child Porn "Morphing" In-Reply-To: Message-ID: On Tue, 4 Jun 1996, Black Unicorn wrote: > > Hearings on the hill over the child pornographer horseman: > > "Morphing" seems to be the latest buzzword for putting childrens faces on > the bodies of adult models in sexually explicit poses and seems to have > attracted enough attention to warrant congressional attention. > > Interesting that the media is playing this up as a "net" deal. (As if > somehow it were impossible to do without the all powerful and evil internet. I've heard of this kind of thing before. Individuals have already been sent to jail for doing this, as well as doing and distributing kiddie porn drawings. I suspect that since it's already illegal on the state level, that Congress is looking into making it a federal crime to distribute them over state lines via the Internet. > I'd like to see exactly how they word the proposed prohibitons. What > constitutes "child" when the face painted on is pure artistry? Will we > see a simple and strict prohibition over modifiying sexually explicit > pictures to make them appear to be of younger models (whatever their > apparent age may be)? Will we see a subjective test as to what is "child > looking" enough? It only has to give the impression of being under the age of consent in order to be illegal. No real models have to be involved. > Silliness. All silliness. That's debatable. However, in this politically correct environment, I wouldn't even give the impression of siding with the pedophiles if I were you. > Prediction: Some manner of law will be on the books (Or perhaps passed, but > unsigned) before the election attempting to prohibit some form of this > activity. Certainly Clinton is not going to veto such a bill before the > election, which is doubtlessly when the right is going to try to push it > through. (Can they streamline it enough to get a vote in time?) I wouldn't doubt it. > --- > My preferred and soon to be permanent e-mail address:unicorn at schloss.li > "In fact, had Bancroft not existed, potestas scientiae in usu est > Franklin might have had to invent him." in nihilum nil posse reverti > 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information > Opp. Counsel: For all your expert testimony needs: jimbell at pacifier.com > > From perry at piermont.com Wed Jun 5 09:50:54 1996 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 6 Jun 1996 00:50:54 +0800 Subject: Senator Exon & me In-Reply-To: Message-ID: <199606051212.IAA11953@jekyll.piermont.com> Blake Wehlage writes: > I am not one to lash out at anyone but now I feel it is appropite to tell > the group what our very own Senator Exon has said to myself. Are you sure that you weren't just getting mail from the Senator Exon remailer? The real Senator Exon doesn't use email. .pm From perry at piermont.com Wed Jun 5 10:00:55 1996 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 6 Jun 1996 01:00:55 +0800 Subject: How to explain crypto? In-Reply-To: Message-ID: <199606051224.IAA11983@jekyll.piermont.com> Ben Holiday writes: > Im quoting directly from the PGP manual from pgp2.6.2: > > "People who work in factoring research say that the workload to > exhaust all the possible 128-bit keys in the IDEA cipher would > roughly equal the factoring workload to crack a 3100-bit RSA key, > which is quite a bit bigger than the 1024-bit RSA key size that most > people use for high security applications..." > > If we take phil at his word, I would say that comparing 90bit symetric to > 1024bit RSA would be a bit generous to RSA. It is very far from clear that Phil was right. As I said, these comparisons are all based on insufficient data. I don't think they are a great idea. Perry From jya at pipeline.com Wed Jun 5 10:14:53 1996 From: jya at pipeline.com (John Young) Date: Thu, 6 Jun 1996 01:14:53 +0800 Subject: Terrorism Hysteria on the Net Message-ID: <199606051227.MAA00334@pipe2.t2.usa.pipeline.com> Today's USA has a pair of front page stories: "Feds ready anti-terror cyberteam" and "Terrorism on the Net -- Post-Cold War hysteria or a national threat?" They lay out the nightmares and the valiant TLA-daydreams to out-fund the hackers and out-flummox the public. "You bring me a select group of hackers and within 90 days I'll bring this country to its knees, " says Jim Settle, retired director of the FBI's computer crime squad. "The threat is there, it's very real," says CIA General Counsel Jeffrey Smith. "If we have a Unabomber who decides to launch an attack with a PC instead of a bomb, (there could be) real damage." From exalt at miworld.net Wed Jun 5 13:05:55 1996 From: exalt at miworld.net (Intense) Date: Thu, 6 Jun 1996 04:05:55 +0800 Subject: On the Hill: Child Porn "Morphing" In-Reply-To: <199606050531.WAA27734@netcom7.netcom.com> Message-ID: On Tue, 4 Jun 1996, Bill Frantz wrote: > At 4:45 PM 6/4/96 -0400, Black Unicorn wrote: > >"Morphing" seems to be the latest buzzword for putting childrens faces on > >the bodies of adult models in sexually explicit poses and seems to have > >attracted enough attention to warrant congressional attention. > > The ability to use the faces of famous political people (e.g. Bill&Hillery > or Bob&Libby) in XXXX rated political satire probably has a wider market. I am just wondering, when the USA can get a little bit more ridiculus. They seem to have on there "good shoes" when if you look in the past, most of the goverment officals have been notihing but people that are involved with allot more ilegal activies than the average resident... i'ts sad what they will do, to get elected.. :( * * From raph at cs.berkeley.edu Wed Jun 5 13:12:01 1996 From: raph at cs.berkeley.edu (Raph Levien) Date: Thu, 6 Jun 1996 04:12:01 +0800 Subject: Java In-Reply-To: <199606041306.JAA08943@jekyll.piermont.com> Message-ID: <31B58982.1F54@cs.berkeley.edu> Vladimir Z. Nuri wrote: [...] > you don't get it, as others have pointed out repeatedly. you conveniently > ignore Frantz' points about the well-known difficulties of porting C. there > is a big difference in what is conneted by the word "portable". > if it take a zillion different makefile rules to create the "same" > program on different machines, is that "portable"? isn't that > defeating the purpose somewhat? c is "sort of" portable. it is > "in theory" portable. Java is portable "in theory and practice". This point is simply not true, at least for Java as it exists in Spring 1996. Almost every Java applet I've seen has little UI glitches that prevent it from displaying and operating correctly on all platforms. Further, there are little glitches in the language implementation and library design that often cause portability problems. For example, the first cut of Hal's PGP applet had the standard UI problems, plus the fact that a "spinner" thread caused the entire browser to lock up -- on Unix, but not on Windows. And this was a 5000 line of code applet. Hal was able to fix the problems, but it's easy to see how the effort involved in this "portability engineering" could become comparable to your thousand-line makefile as applications scale up. The promise is there, but Java has not yet delivered. Another concern with Java is that it acheives portability at the cost of enforcing a lowest common denominator. For example, all real Windows applications support OLE, and all real Mac applications support Apple Events. Java applets, and even applications, can't do either. To me, that makes the accomplishment of portability a bit less impressive, even if it were so. Raph From ponder at wane-leon-mail.scri.fsu.edu Wed Jun 5 13:30:36 1996 From: ponder at wane-leon-mail.scri.fsu.edu (P.J. Ponder) Date: Thu, 6 Jun 1996 04:30:36 +0800 Subject: Electronic Signature Act of 1996 Message-ID: The Florida act is available at http://www.scri.fsu.edu/fla-leg/bills/senate-1996/sb0942.html as was repeatedly brought up during hearings on this bill, the existing law does not preclude digital signatures from being used or from being offered in evidence in support of an argument that so-and-so 'signed' or agreed to something. What the sponsors of this bill wanted was to provide additional credence and an air of legitimacy to digital signatures, even tho the existing law already permits their use. In practice, if one asserted a digital signature as evidence of another's agreement to a contract for example, the party making the assertion could offer other evidence to attest to the validity of the signature, just as one would do in the case of a hand-written or holographic signature. (by bringing in handwriting experts, e.g.) The interesting thing to watch in Florida will be the rules and procedures to be developed by the (Florida) Secretary of State's office relating to certificate authorities, licensing requirements, CRLs, etc. I think the Florida Bar wants me to add to that if you feel you have a legal problem of any kind, you should seek the advice of a competent attorney. I am not representing you and you rely on cypherpunks mailing list legal advice at your peril. -- pj From jya at pipeline.com Wed Jun 5 13:37:54 1996 From: jya at pipeline.com (John Young) Date: Thu, 6 Jun 1996 04:37:54 +0800 Subject: USA on Feds Cyberteam Message-ID: <199606051318.NAA03600@pipe2.t2.usa.pipeline.com> USA Today, June 5, 1996, p. 1. Feds ready anti-terror cyberteam By M.J. Zuckerman The Clinton administration, citing the threat of electronic terrorist attacks, is taking steps to secure cyberspace. The administration is expected to announce later this month formation of: + An emergency response task force, directed by the FBI and based in the Justice Department, to manage any terrorist incident involving an attack in cyberspace. The Cyber Security Assurance Group would funcaon as both an emergency response team and investigative body. It will respond to any collapse of the National Information Infrastructure -- the nation's vital computer systems such as banking, transportation and telecommunications. "The threat is there, it's very real," says CIA General Counsel Jeffrey Smith. "If we have a Unabomber who decides to launch an attack with a PC instead of a bomb, (there could be) a great deal of damage." + A commission, dominated by national security representatives and chaired by a private sector person, to deliver within 12 months a national policy on cyberspace security. The commission faces difficulty in balancing government inter-agency turf battles as well as dealing with industry and the private sector, which oppose Internet regulation. "This is one of the toughest issues government faces today," says Smith. The initiatives have emerged from an unprecedented, closely guarded series of meeangs held in recent months between leading administration officials from law enforcement, national security and defense. Attorney General Janet Reno, acting under a classified presidential directive issued late last year in response to the Oklahoma City bombing, chairs the panel. It includes the directors of the CIA and FBI along with Cabinet secretaries from Treasury, Commerce, Transportation and Energy. Today, the Senate Permanent Subcommittee on Investigations holds the second in a series of hearings examining cyberspace security and threats to information systems. The panel's minority staff is expected to endorse administration proposals to clearly draw national policy on information security but calls for a more ambitious emergency response effort by government. [End] ---------- To see adjoining UT article (9 kb), "Post-Cold War hysteria or a national threat?" http://pwp.usa.pipeline.com/~jya/hysteria.txt From bryce at digicash.com Wed Jun 5 13:44:50 1996 From: bryce at digicash.com (bryce at digicash.com) Date: Thu, 6 Jun 1996 04:44:50 +0800 Subject: [META-NOISE] I'm sick of hearing about policy Message-ID: <199606051341.PAA12666@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- I wish there were some keyword or set of filter-rules so that I could eliminate all discussion of government, politics (including the assassinine kind), policy, export, GAK, TLA's and cetera from my cpunks inbox. I really could care less at this point about any of the opinions that any of the cpunks contributors have on any of those subjects. It all amounts to some combination of a) whining and b) preaching to the choir. I should just hurry up and implement my "c2punks" NoCeM-style ratings. In my spare time. Hahaha! "My spare time"! That was a good one... Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMbWOmUjbHy8sKZitAQH/eAL+IqOxP6wbrrARWQI/vZEutcx62oRjF2Vf iznMuOX+xcLrkN1cZWExHffpHGRBBBKmnZqguod0pERkLkFqDe0NtOn/80L2Du/v sPMkrvGad4pcV3BDy93iCxHB3oxWCORF =tPVn -----END PGP SIGNATURE----- From nelson at crynwr.com Wed Jun 5 13:46:49 1996 From: nelson at crynwr.com (nelson at crynwr.com) Date: Thu, 6 Jun 1996 04:46:49 +0800 Subject: Java In-Reply-To: <199606041306.JAA08943@jekyll.piermont.com> Message-ID: <19960605135204.2792.qmail@ns.crynwr.com> Raph Levien writes: > Another concern with Java is that it acheives portability at the cost > of enforcing a lowest common denominator. For example, all real Windows > applications support OLE, and all real Mac applications support Apple > Events. Java applets, and even applications, can't do either. To me, > that makes the accomplishment of portability a bit less impressive, even > if it were so. On the other hand, you have the potential for running a second Java applet inside a first Java applet, achieving OLE in a portable fashion, across all operating systems. Encryption everywhere. -russ http://www.crynwr.com/~nelson Crynwr Software | Crynwr Software sells packet driver support | PGP ok 11 Grant St. | +1 315 268 1925 voice | It's no mistake to err on Potsdam, NY 13676 | +1 315 268 9201 FAX | the side of freedom. From bryce at digicash.com Wed Jun 5 16:49:32 1996 From: bryce at digicash.com (bryce at digicash.com) Date: Thu, 6 Jun 1996 07:49:32 +0800 Subject: FOR WHOM THE BELL TOLLS In-Reply-To: <2.2.32.19960604193049.0072daf0@popmail.crl.com> Message-ID: <199606051413.QAA14317@digicash.com> -----BEGIN PGP SIGNED MESSAGE----- "Sandy" wrote: > > My question for member of this list is: When Bell finally > goes too far and they arrest or shoot him, how can we best > capitalize on his martyrdom? Or in a more negative light, > what damage control will we need to do in that case? Hm. I think the best we could hope for is along the lines of "The suspect subscribed to the 'Cypherpunks' discussion group on the Internet, but his violent views were rejected by the members of the group." It is important that the reporter manages to _not_ use the word "member" to indicate that Bell is a "member" of Cypherpunks. I think that conversing with Bell, or publically replying to him at all, even to insult him, makes him more of a "member" and makes his pet topic more a part of cypherpunks, both in appearance and in substance. So don't do it. That means you, too, Black Unicorn. At _least_ you can take it to private e-mail in order to prevent the reporters from getting the wrong idea, and in order to spare the rest of us the tedium of deleting the messages. This is assuming that the statement "his violent views were rejected by the members of the group" is actually true! If there _is_ anyone else here who shares Bell's evil enthusiasms, I strongly encourage you to begin a new list dedicated to that topic. Regards, Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMbWV+kjbHy8sKZitAQG9+QMAmOD17gObNoIYWwstKVwqqzaIE/D3m0YE E3vkrMSqtXYOqg3va2+FWhaawWvvVJTLPKWdYn/kQN+jaaJo3tmPXmyAFKlLVXs5 qZUWxw+nu4vct8TIw+gAxLsWP5ZZvuGe =QzOk -----END PGP SIGNATURE----- From brucem at wichita.fn.net Wed Jun 5 17:21:53 1996 From: brucem at wichita.fn.net (Bruce M.) Date: Thu, 6 Jun 1996 08:21:53 +0800 Subject: Cost of brute force decryption In-Reply-To: <199606050631.CAA01285@unix.asb.com> Message-ID: On Wed, 5 Jun 1996, Deranged Mutant wrote: > The figures look familiar. No references around. I'm not sure it would > require a whole two weeks for 40-bits, though. Possibly less than a > day? (Or was that why you asked baout the figures?) > > The "$10,000 worth of supercomputer time" is fuzzy. One thing that's > left out is that once an organization already owns the equipment and > has the money to spare, it may be worthwhile to crack things of less > importance like personal checking info, email, etc. Obviously this will depend on what type of computer(s) you are using among other things. That was what I'm curious about. Is there some type of rough formula where you could just plug in the different variables (computer speed, speed of each attempt, key length, etc.) and come up with some type of answer. I was also curious to find out if anyone knew where he had come up with these figures. Bruce M. * brucem at feist.com ~---------------------------------------------------~ "Knowledge enormous makes a god of me." -- John Keats From m5 at vail.tivoli.com Wed Jun 5 18:01:44 1996 From: m5 at vail.tivoli.com (Mike McNally) Date: Thu, 6 Jun 1996 09:01:44 +0800 Subject: On the Hill: Child Porn "Morphing" In-Reply-To: Message-ID: <31B597DC.6D03@vail.tivoli.com> Jeffrey A Nimmo wrote: > ... > It only has to give the impression of being under the age of consent in > order to be illegal. No real models have to be involved. > > > Silliness. All silliness. > > That's debatable. Anything's debatable, but silliness it remains. The entire (also silly, but tediously common) "but there's a real victim involved" argument goes out the window. And where's the line drawn? Like take for example this filthy little number: o+< Pretty wild, huh? I mean, so young, and so willing! Boy, I'm gettin' all sweaty here just thinking about it; I'd better send off this note quick and go take a cold shower. ______c_____________________________________________________________________ Mike M Nally * Tiv^H^H^H IBM * Austin TX * pain is inevitable m5 at tivoli.com * m101 at io.com * * suffering is optional From massagj at spock.et.byu.edu Wed Jun 5 18:18:05 1996 From: massagj at spock.et.byu.edu (John Massaglia) Date: Thu, 6 Jun 1996 09:18:05 +0800 Subject: Electronic Signature Act Of 1996 Message-ID: <2.2.32.19960605154749.009c6ac4@spock.et.byu.edu> Hi everybody. This is my first de-lurking. For those interested in how Utah's Signature policy works, check out this web page: http://www.state.ut.us/ccjj/digsig/default.htm This web page includes the text and commentary of the digital signature act, illustrations, guidelines of the American Bar Association regarding digital signatures, and a bunch of other stuff. >From what I understood, in Utah, you need to get a digital signature from a company that verifies your signature. Once this has been done, it can be used for commerce on the internet. Provision have also been included to revoke certificates, and explanations are given on who is liable in different situations. ------ John Massaglia mrklaw at itsnet.com "The next generation of interesting software will be done on the Macintosh, not the IBM PC." -- Bill Gates, Microsoft Chairman, BusinessWeek, November 26, 1984 From rpowell at algorithmics.com Wed Jun 5 19:08:30 1996 From: rpowell at algorithmics.com (Robin Powell) Date: Thu, 6 Jun 1996 10:08:30 +0800 Subject: Why PGP isn't so ubiquitous (was NRC Session Hiss) In-Reply-To: <9606041912.AA01215@bill-the-cat.MIT.EDU> Message-ID: <96Jun5.120831edt.20482@janus.algorithmics.com> >>>>> Derek Atkins writes: > So, would you rather see a document right away, or code released > sooner? Take your pick and let me know. :) Code sooner. -Robin From liberty at gate.net Wed Jun 5 19:09:49 1996 From: liberty at gate.net (Jim Ray) Date: Thu, 6 Jun 1996 10:09:49 +0800 Subject: whitehouse web incident, viva la web revolution Message-ID: <199606051551.LAA26104@osceola.gate.net> -----BEGIN PGP SIGNED MESSAGE----- "Vladimir Z. Nuri" wrote: >- ------- Forwarded Message >From: "Steve Wingate" <...> >The frustrating thing about Clinton's scandals is that the press >focuses on two-bit scandals of little importance, such as Whitewater >and this ridiculous travel office "scandal", while ignoring much more >significant dirt, such as the Mena, Arkansas contra supply and drug >operation... As many of you can imagine, I am a fan of this site. Naturally, I think the Whitehouse aide particularly wanted to squelch the Mena information. It strikes me as a sort of strange deja-vu that this bigger-than- Watergate issue is so well covered-_UP_ by pretty-much every U.S. media outlet except (oddly) the W$J, Penthouse, and "High Times," (a pot-oriented magazine). I guess that since Clinton is the most Nixonian president since Nixon himself this should not surprise me, and I should just expect Clinton's re-election, followed by his resignation, as yet-another repeat-of-history. Expecting any {partisan D.= Fiske, and then R.= Starr} "Independent" counsel to open this can of hypocritical worms without constant prodding is unrealistic, IMNSHO. I just convinced their Webmaster, Mark Saltveit, to go get PGP. I'm talking him through the wonders of using it now. <...> >Real People For Real Change is registered with the Federal Election >Commission as a non-affiliated, independent political action >committee. I have even convinced him to look for any dirt on the Libertarian candidates (not terribly a difficult job in Mr. Schiff's case ). JMR Regards, Jim Ray -- DNRC Minister of Encryption Advocacy "Most of the presidential candidates' economic packages involve 'tax breaks,' which is when the government, amid great fanfare, generously decides not to take quite so much of your income. In other words, these candidates are trying to buy your votes with your own money." -- Dave Barry ___________________________________________________________________ PGP id.E9BD6D35 51 5D A2 C3 92 2C 56 BE 53 2D 9C A1 B3 50 C9 C8 http://www.shopmiami.com/prs/jimray ___________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Freedom isn't Freeh. iQCVAwUBMbWh+m1lp8bpvW01AQH0MAQApIggCeEKeMAzDNxcs3A9AWi0gfLEDDug RDietyaaHEBViEcf6EPDjQbsNo0JIJnp6tV9xOkitNbKLt0Z98qBid9VAS6Prv5F njndwzAirFuOhjnuBkDyKPkwaz8oipS2ulifJzLTj7weHLKUSfDp8aUBBoeoY4JO merLKkkqvmo= =l06T -----END PGP SIGNATURE----- From nelson at crynwr.com Wed Jun 5 19:21:11 1996 From: nelson at crynwr.com (nelson at crynwr.com) Date: Thu, 6 Jun 1996 10:21:11 +0800 Subject: On the Hill: Child Porn "Morphing" In-Reply-To: Message-ID: <19960605155715.3302.qmail@ns.crynwr.com> Bruce M. writes: > On Wed, 5 Jun 1996, Jeffrey A Nimmo wrote: > > > That's debatable. However, in this politically correct environment, I > > wouldn't even give the impression of siding with the pedophiles if I were > > you. > > Sometimes you have to decide whether to be politically correct or right. Encryption is about free speech. It's NEVER politically correct to defend free speech. Free speech is about offensive speech because that's the only kind that people try to ban. If you can't stand the heat, get out of the enkripchen. -russ http://www.crynwr.com/~nelson Crynwr Software | Crynwr Software sells packet driver support | PGP ok 11 Grant St. | +1 315 268 1925 voice | It's no mistake to err on Potsdam, NY 13676 | +1 315 268 9201 FAX | the side of freedom. From mix at anon.lcs.mit.edu Wed Jun 5 19:21:23 1996 From: mix at anon.lcs.mit.edu (lcs Mixmaster Remailer) Date: Thu, 6 Jun 1996 10:21:23 +0800 Subject: How can you protect a remailer's keys? In-Reply-To: Message-ID: <199606051600.MAA02582@anon.lcs.mit.edu> -----BEGIN PGP SIGNED MESSAGE----- > From: loki at infonex.com (Lance Cottrell) > Date: Tue, 4 Jun 1996 22:02:11 -0700 > > The best solution I could come up with (and was willing to write and use) > is to specify the passphrase on the command line argument to the compiler > > make solaris -DPASS="foozooblue" > > -Lance A far better solution would be to have a long-running daemon hold the secret key. The mixmaster client could talk to the key daemon through a unix-domain socket with the permission bits set such that only the mixmaster user can connect. Each time the machine is rebooted, the operator must start the daemon and give it a passphrase. This has two advantages. First, it's a lot harder to back up the key by accident. If the key ever starts making it only your daily backups, you are completely hosed because erasing a bunch of mag tapes would take a lot of time--and maybe you also want to keep your backups. Second, if your machine is seized or someone gains unauthorized physical access to it, the easiest way to get a root shell is by rebooting single-user. However, if the only cleartext copy of a key is in memory rather than in the filesystem, once the machine is rebooted the secret key is lost. - - mix-admin at anon.lcs.mit.edu -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBMbWrj0TBtHVi58fRAQEkdQP/e7mouEmphgDmn0NKbaCM4lYnT2WbCFsk irM2GjttiBdpQxr2QDJKBgmHnuGc09xdiexnGnn4bDFie70YDH2Zma3xF/0OvZeQ DcgAz/0XwkAGPeLCSg8gfeykWwC0HUJlvGtmOwTQKFn5XtlqFM7pKIYF7lnFtoGY AX/GoGauum4= =rhyW -----END PGP SIGNATURE----- From jimbell at pacifier.com Wed Jun 5 19:39:25 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 6 Jun 1996 10:39:25 +0800 Subject: NYT on NTT/RSA Chips Message-ID: <199606051641.JAA06608@mail.pacifier.com> At 04:45 AM 6/5/96 -0400, Peter D. Junger wrote: >The software for both DES and RSA are publically available so it would >not have solved any previously unsolved problem for someone to have >mailed the code--or the algorithms--to NTT. Here's something to think about: At this point, the USG apparently doesn't attempt to restrict the IMPORTATION of crypto software and hardware. Yet, it calls it "munitions" and the government certainly claims the authority under certain circumstances to restrict munitions imports: For example, automatic rifles and Chinese "assault weapons" (sic). Until this new NTT/RSA chip, there has not been much that the USG wanted to keep out that it could keep out. Software is easily copied, so that is futile. Hardware is more practical to restrict, but until substantial quantities are imported it doesn't constitute much of a threat. Wouldn't it be reasonable to suspect that the advent of this NTT chip set might induce the government to start restricting crypto hardware import, under some odd new interpretation of ITAR rules? If so, I think NTT should immediately import into the US the database for the design and testing of this chip, on the offchance that the USG gets uppity and decides to ban its import. At that point, they merely start manufacture domestically, supplying the domestic market. Jim Bell jimbell at pacifier.com From brucem at wichita.fn.net Wed Jun 5 19:49:42 1996 From: brucem at wichita.fn.net (Bruce M.) Date: Thu, 6 Jun 1996 10:49:42 +0800 Subject: On the Hill: Child Porn "Morphing" In-Reply-To: Message-ID: On Tue, 4 Jun 1996, Black Unicorn wrote: > Hearings on the hill over the child pornographer horseman: > > "Morphing" seems to be the latest buzzword for putting childrens faces on > the bodies of adult models in sexually explicit poses and seems to have > attracted enough attention to warrant congressional attention. > > I'd like to see exactly how they word the proposed prohibitons. What > constitutes "child" when the face painted on is pure artistry? Will we > see a simple and strict prohibition over modifiying sexually explicit > pictures to make them appear to be of younger models (whatever their > apparent age may be)? Will we see a subjective test as to what is "child > looking" enough? As far as I was aware, the manner of currently judging the age of people in nude photographs consisted of a usually doctor administered examination (of the picture) where the genitals and other age characteristics of the BODY were taken into account. I don't think a person's face ever was, or ever should be, a factor. > Silliness. All silliness. Very true. Next there will be laws banning provocative pictures of adults dressed in child-like garb or acting out child-like sexual fantasies (the infamous "spank me Daddy!). Bruce M. * brucem at feist.com ~---------------------------------------------------~ "Knowledge enormous makes a god of me." -- John Keats From perry at piermont.com Wed Jun 5 19:55:13 1996 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 6 Jun 1996 10:55:13 +0800 Subject: Cost of brute force decryption In-Reply-To: Message-ID: <199606051632.MAA12216@jekyll.piermont.com> Everyone seems to be arguing about whether brute force decryption of RC-40 costs "tens of thousands" or not. The answer is it costs pennies. Literally. See the "Big Seven" paper on why key lengths of over 80 bits are required to read the details. ftp://ftp.research.att.com/dist/mab/keylength.txt Perry From sandfort at crl.com Wed Jun 5 20:07:12 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Thu, 6 Jun 1996 11:07:12 +0800 Subject: MELP: 2400 baud speech coding Message-ID: <2.2.32.19960605171401.00729e58@popmail.crl.com> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ C'punks, At 08:28 PM 6/4/96 -0800, jim bell wrote: >Which raises another question: When are Internet ISP's >going to start acting as Internet-phone gateways?...Any >guesses as to when this will be real? After Jim Bell has shot a few recalcitrant ISP operators? S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From hallam at ai.mit.edu Wed Jun 5 20:09:15 1996 From: hallam at ai.mit.edu (Hallam-Baker) Date: Thu, 6 Jun 1996 11:09:15 +0800 Subject: Richard Stallman on RSA, Zimmermann, crypto In-Reply-To: <4p44o9$aan@life.ai.mit.edu> Message-ID: <31B5BD2D.41C6@ai.mit.edu> Deranged Mutant wrote: > > Not to defend or condemn RSA folx or patents, etc., but sometime ago > (recently) I read or was told or perhaps hallucinated that PGP3 was > going to include non-RSA algorithms that didn't suffer the patent > stickiness (El Gammel based on DSA?) DSA is based on El-Gamal, not the other way round. Although it is likely that a future version of PGP will include these algorithms the problem arises from the Diffie-Helleman patent and not the RSA patent. When this expires in 1997 it is certain that many products using public key cryptosystems will be avaliable in an unrestricted fashion. Phill From jya at pipeline.com Wed Jun 5 20:52:20 1996 From: jya at pipeline.com (John Young) Date: Thu, 6 Jun 1996 11:52:20 +0800 Subject: URL for NRC Report, html Message-ID: <199606051735.RAA15372@pipe1.t2.usa.pipeline.com> Thanks to Replay Web Development, the URL for NRC Report on "Cryptography's Role in Securing the Information Society" has been html-ed: http://pwp.usa.pipeline.com/~jya/nrcindex.htm From reagle at MIT.EDU Wed Jun 5 20:55:37 1996 From: reagle at MIT.EDU (Joseph M. Reagle Jr.) Date: Thu, 6 Jun 1996 11:55:37 +0800 Subject: A.Word.A.Day--seigniorage Message-ID: <9606051737.AA24555@rpcp.mit.edu> >From: Wordsmith >To: linguaphile at wordsmith.org >Reply-To: anu at wordsmith.org >Subject: A.Word.A.Day--seigniorage >Date: Wed, 5 Jun 1996 00:51:14 -0400 > >sei.gnior.age or sei.gnor.age \'sa-n-y*-rij\ n [ME seigneurage, fr. MF, > right of the lord (esp. to coin money), fr. s]eigneur : a government > revenue from the manufacture of coins calculated as the difference between > the monetary and the bullion value of the silver contained in silver coins > > > 1996 MARK BERNKOPF, Electronic Cash and Monetary Policy, > "The widespread adoption of electronic cash would deprive Federal > authorities of a substantial amount of seignorage, the margin > between the face value of currency issued, and the costs of issuing > that currency. In 1994, the Federal Reserve turned about $20 billion > in seignorage over to the Treasury." > > >........................................................................... >When you starve with a tiger, the tiger starves last. -Griffin's Thought > >To subscribe or unsubscribe, please send a message to wsmith at wordsmith.org >with "Subject:" line as "subscribe " or "unsubscribe". >Email anu at wordsmith.org if you have any questions, comments or suggestions. >Archives, FAQ, words and more at the WWW site: http://www.wordsmith.org/awad/ > > _______________________ Regards, Real generosity toward the future lies in giving all to the present. - Albert Camus Joseph Reagle http://farnsworth.mit.edu/~reagle/home.html reagle at mit.edu E0 D5 B2 05 B6 12 DA 65 BE 4D E3 C1 6A 66 25 4E From hallam at ai.mit.edu Wed Jun 5 20:56:21 1996 From: hallam at ai.mit.edu (Hallam-Baker) Date: Thu, 6 Jun 1996 11:56:21 +0800 Subject: whitehouse web incident, viva la web revolution In-Reply-To: <4p370g$r77@life.ai.mit.edu> Message-ID: <31B5C131.167E@ai.mit.edu> Vladimir Z. Nuri wrote: Its worth pointing out that a complaint to an editor is not necessarily pressure. Did the Whitehouse threaten to sue HotWired? What _pressure_ was applied? I find Meeks' style somewhat tiresome. It is tabloid jornalism rather than reasoned argument. His dislike for the Clinton is well known - he recently accused the administration of being fascist. I know of no evidence that the Clinton administration has a genocide policy, it is an insult to the 10 million civilians murdered by Hitler to use the term facist simply as a term of abuse, especialy if it is being used as a substitute for an argument. Point of fact: the skeleton closet does not know how traded options work. If one sells a traded option one is liable to pay the broker if the market moves the opposite way to that hoped for. Normally the broker asks a client to put up a deposit or "margin" to ensure that the broker can recoup the money. In this case the broker knew that Hilary had good credit and so accepted only a token deposit as "margin". Had the market moved in the opposite direction Hillary would have been liable for very much more than $1000, she was liable for hundreds of thousands. In most cases it is profitable to sell options, it is only if the market moves in the "wrong" direction that one can lose out. In such cases the losses are unlimited - the potential profit being fixed. This is why most punters buy options - the potential loss is limited. You can see a similar effect in the market each time there is a "short squeeze". A lot of people bet on Netscape going down in price because it was overvalued. The number of short positions turned out to be higher than the number of shares on offer which meant that many people were having to buy shares at high prices to cover their positions. This is how lack of confidence in a stock can send it through the roof. The free market - don't you just love it? Phill From mpd at netcom.com Wed Jun 5 21:21:21 1996 From: mpd at netcom.com (Mike Duvos) Date: Thu, 6 Jun 1996 12:21:21 +0800 Subject: On the Hill: Child Porn "Morphing" In-Reply-To: Message-ID: <199606051740.KAA25482@netcom9.netcom.com> Black Unicorn writes: > I'd like to see exactly how they word the proposed > prohibitons. What constitutes "child" when the face painted > on is pure artistry? Will we see a simple and strict > prohibition over modifiying sexually explicit pictures to > make them appear to be of younger models (whatever their > apparent age may be)? Will we see a subjective test as to > what is "child looking" enough? > Silliness. All silliness. Indeed. One should note that some states already have legislation which contains the magic phrase "appears to be" in the specification of legal ages. The testimony of a willing pediatrician is all that is necessary to convert some random fuzzy GIF into a lengthy prison term. Morphing technology is a new approach to creating what appear to be sexual depictions of children, but there have also been prosecutions based on more traditional technology, like sissors and paste. Personally, I don't think it should be possible to commit a crime in the privacy of ones home using only sissors, Scotch Tape, an old Playboy, and a JC Penny Catalog. Those familiar with "The Varieties of Religious Experience" will recall something called "The Pious Imagination", which results in every vaguely anthropomorphic smudge being seen as the face of Christ. I suspect the Child Sex Hysterics are afflicted with a similar trait, which similarly transforms image ambiguity into pre-teen orgies. > Prediction: Some manner of law will be on the books (Or > perhaps passed, but unsigned) before the election > attempting to prohibit some form of this activity. Certainly > Clinton is not going to veto such a bill before the > election, which is doubtlessly when the right is going to > try to push it through. (Can they streamline it enough to > get a vote in time?) Wasn't Orin Hatch the big proponent of "synthetic child porn" legislation? I remember him harping on the subject a while back. Is he behind this new push? From brucem at wichita.fn.net Wed Jun 5 21:30:38 1996 From: brucem at wichita.fn.net (Bruce M.) Date: Thu, 6 Jun 1996 12:30:38 +0800 Subject: On the Hill: Child Porn "Morphing" In-Reply-To: Message-ID: On Wed, 5 Jun 1996, Jeffrey A Nimmo wrote: > That's debatable. However, in this politically correct environment, I > wouldn't even give the impression of siding with the pedophiles if I were > you. Sometimes you have to decide whether to be politically correct or right. Bruce M. * brucem at feist.com ~---------------------------------------------------~ "Knowledge enormous makes a god of me." -- John Keats From mixmaster at remail.obscura.com Wed Jun 5 21:44:56 1996 From: mixmaster at remail.obscura.com (Mixmaster) Date: Thu, 6 Jun 1996 12:44:56 +0800 Subject: OECD on Crypto Message-ID: <199606051722.KAA06376@sirius.infonex.com> [haven't seen this on cypherpunks yet] OECD NEWS RELEASE - Paris, 10 May 1996 OECD EXPERTS BEGIN DRAFTING CRYPTOGRAPHY GUIDELINES Cryptography experts from OECD countries have begun drafting a proposal for OECD Cryptography Policy Guidelines that governments can use as a guide to formulate their national policies on encryption. Many governments are under pressure within their own countries to develop a national position on cryptography, which is used in computer technology to protect everything from product designs to health and tax records and global correspondence. But the needs of global technologies and applications require an international --rather than a strictly national -- approach to policymaking. The fast-paced development of the Global Information Infrastructure adds an element of urgency. The business community, individuals and national security and law enforcement agencies are all pressing for encryption guidelines and the OECD will strive to reflect the legitimate interests of all these groups as it drafts Guidelines. The private sector is closely involved in drafting the Guidelines, with business representatives from the Business and Industry Advisory Committee (BIAC) participating at the meeting. The OECD meeting, which took place on 8 May, was hosted by the US Department of State in Washington DC. It was held immediately after a Second Business Government Forum on Global Cryptography Policy in Washington DC on 7 May, which was cosponsored by the OECD, the International Chamber of Commerce (ICC) and the Business and Industry Advisory Committee (BIAC) to the OECD. Two similar conferences took place in Paris in December, when OECD countries and business representatives met for the first time to discuss international cryptography policy. The process of drafting the OECD Cryptography Policy Guidelines will continue at an experts meeting in June and is due for completion in early 1997. For further information, please contact Ms. Hiroko Kamata, OECD Directorate for Science, Technology and Industry (tel. 331 45 24 80 04 - fax. 331 45 24 93 32 - e-mail. hiroko.kamata at oecd.org). From minow at apple.com Wed Jun 5 21:49:33 1996 From: minow at apple.com (Martin Minow) Date: Thu, 6 Jun 1996 12:49:33 +0800 Subject: Java Message-ID: > From Tim May's citation of Vladimir Z. Nuri: > >> maybe Java is all about a generation >>gap in computing. hey!! the first language that the "older generation" >>hates. Better try another language, I'm quite a bit older than Tim, and like Java very much. It's one of the best languages I've seen since Algol 60. To learn the language, I'd recommend Java in 21 Days and, as a quick desk reference, Java in a Nutshell. Tim May writes > I think >the security problems are, first of all, no worse vis-a-vis the language >itself than problems with any language. They're better than most, as programmers can't "escape" from memory and variable typing bounds. > >Until Java and >associated programs and tools appeared, I was seriously thinking about >getting a Pentium or Pentium Pro (shudder, even though I admire my former >employer and current stock benefactor, Intel) and putting Linux on it. If you're interested in Linux, you can get Linux for Power PC. Check out http://www.mklinux.apple.com for details. Currently, it runs on the first-generation Power PC's (6100, 7100, 8100). > >Perry has some valid points vis-a-vis the most naive uses of applets. Were >I the security manager of Morgan Stanley, I would certainly not want >traders downloading "kewl" applets and (possibly) causing Big Problems. So >what else is new? The use of signed classes makes this practical as "kewl," but unsigned, applets should be safe unless the user makes a stupid decision regarding default applet permissions (and ignoring the Trojan Horse problem). The attraction to (for example) Morgan Stanley, is that it minimizes their risk when employees must work outside the corporate firewall. For example, an employee making an external sales call can dial into Morgan Stanley and use an appropriately privileged signed applet to access private data on the corporate server as well as files on the employee's portable computer). > >Java as a language and as a platform-independent implementation is an >achievement. It's also not owned by the evil Redmond empire and does not appear to be owned by a hardware vendor (as, when compared with Intel, Motorola, and the Intel clones, Sun is a minor player in the hardware arena). It will be very interesting to see what happens when ANSI/ISO/IEEE decide that they must "standardize" the language. I'm currently reading "The Hubble Wars" and don't hold out mush hope that the official standard dies will actually improve the language. > >And in some ways a more important comparison is to Perl and TCL, along with >more obscure languages like Python and REXX. The welter of Net-oriented >languages shows signs of being much-simplified by the wide adoption of >Java. It will be interesting to watch the next several years of >developments. > Rather than compare Java to Perl/TCL, try comparing it to Visual Basic, C, C++, Fortran, and COBOL. Martin Minow minow at apple.com From nelson at crynwr.com Wed Jun 5 23:56:30 1996 From: nelson at crynwr.com (nelson at crynwr.com) Date: Thu, 6 Jun 1996 14:56:30 +0800 Subject: Markoff in NYT on NTT/RSA chip In-Reply-To: Message-ID: <19960605213317.4796.qmail@ns.crynwr.com> David Lesher writes: > So Motorboatarola puts chips in the domestic MTSO's. > For the international ones, they leave the chips out. Crypto hooks, or more properly, crypto pads. Lends new meaning to the term "one time pads". -russ http://www.crynwr.com/~nelson Crynwr Software | Crynwr Software sells packet driver support | PGP ok 11 Grant St. | +1 315 268 1925 voice | It's no mistake to err on Potsdam, NY 13676 | +1 315 268 9201 FAX | the side of freedom. From minow at apple.com Thu Jun 6 00:17:36 1996 From: minow at apple.com (Martin Minow) Date: Thu, 6 Jun 1996 15:17:36 +0800 Subject: Fight-Censorship Dispatch #12: CDA deathwatch, copyright update Message-ID: In "Fight-Censorship Dispatch #12", Declan McCullagh writes about "everybody's favorite net.loon," Fred Cherry: >Whatever you think of Cherry's antics, you gotta grant him one thing > not many people have the balls to demand that a Federal court uphold > their right to flame. I suspect that Tom Payne would -- Cherry seems from your description to be a prize example of "the lonely pamphleteer." It would be interesting to know what Nat Hentoff thinks of Fred. Martin Minow minow at apple.com From unicorn at schloss.li Thu Jun 6 00:25:30 1996 From: unicorn at schloss.li (Black Unicorn) Date: Thu, 6 Jun 1996 15:25:30 +0800 Subject: Electronic Signature Act Of 1996 In-Reply-To: <2.2.16.19960605091100.1cd70da2@mail.io.com> Message-ID: On Wed, 5 Jun 1996, Greg Broiles wrote: > > I think more apropos to the discussion of electronic signatures is UCC > 1-201(39), "'Signed' includes any symbol executed or adopted by a party with > present intention to authenticate a writing." Comment 39 to 1-201 indicates > "[a]uthentication may be printed, stamped or written; it may be by initials > or by thumbprint. It may be on any part of the document and in appropriate > cases may be found in a billhead or letterhead. No catalog of possible > authentications can be complete and the court must use common sense and > commercial experience in passing upon these matters. The question always is > whether the symbol was executed or adopted by the party with present > intention to authenticate the writing." And comment 2 to 3-401 (re > negotiable instruments) indicates that a signature may be "handwritten, > typed, printed or made in any other manner." Please remember that the UCC's application is generally restricted to the sales of goods or acts between merchants. > > So I don't see why that wouldn't include a PGP signature, a traditional > ".signature" block, or the typed "/s/ Greg Broiles" used in some > circumstances. (Of course, the UCC doesn't apply to every transaction, nor > is it adopted in identical form in every state, blah blah blah.) But it's > always nice if the legislature is willing to say "This is the right way to > create an electronic signature" because then we don't have to wonder. > (However, a signature and a contract are not the same thing - and you don't > need to have a contract to have an enforceable obligation. A nonrepudiable > document still isn't a self-executing one.) See above. > -- > Greg Broiles |"Post-rotational nystagmus was the subject of > gbroiles at netbox.com |an in-court demonstration by the People > http://www.io.com/~gbroiles |wherein Sgt Page was spun around by Sgt > |Studdard." People v. Quinn 580 NYS2d 818,825. > --- My preferred and soon to be permanent e-mail address:unicorn at schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information Opp. Counsel: For all your expert testimony needs: jimbell at pacifier.com From vznuri at netcom.com Thu Jun 6 00:38:04 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Thu, 6 Jun 1996 15:38:04 +0800 Subject: Java In-Reply-To: <31B58982.1F54@cs.berkeley.edu> Message-ID: <199606051901.MAA14910@netcom18.netcom.com> > >> c is "sort of" portable. it is >> "in theory" portable. Java is portable "in theory and practice". > > This point is simply not true, at least for Java as it exists in >Spring 1996. Almost every Java applet I've seen has little UI glitches >that prevent it from displaying and operating correctly on all >platforms. you caveat, as you write it, is very significant. what I wrote about was that the burden of portability is placed on the PROGRAMMER for C. the burden of portability is placed on the Java language implementers for Java. a BIG difference. Java may be *riddled* with bugs at the moment. but who is responsible for fixing them? every single programmer in existence who wants to port code? (that is what effectively happens with C makefiles) or the language designers? i.e. Java Inc.? you can see the tremendous difference here. the level of portability *demanded* by the language specification of Java is far higher than C. whether this works out in practice will take years of fine tuning. but look how old C is-- 20 years-- and has its portability gotten better with time, or worse? give Java another few years and its going to be so good that no one will be arguing with supporters. Further, there are little glitches in the language >implementation and library design that often cause portability problems. >For example, the first cut of Hal's PGP applet had the standard UI >problems, plus the fact that a "spinner" thread caused the entire >browser to lock up -- on Unix, but not on Windows. whose problem is this? his or Java implementors? not his. granted, in practice he may have to design around it. but Java is in its infancy and you can't demand mature characteristics. as I emphasized, it is evolving. it is a step in the right direction. you can't ask Excel to be written before the PC has been invented. similarly, Java will not crystallize for some time yet. (however UI problems do seem to me to be the source of the greatest amount of intrinsic compatibility problems. I was not wholly impressed with the labor that seemed to go into the Java UI at first-- it seemed like a little of an afterthought) And this was a 5000 >line of code applet. Hal was able to fix the problems, but it's easy to >see how the effort involved in this "portability engineering" could >become comparable to your thousand-line makefile as applications scale >up. > The promise is there, but Java has not yet delivered. I agree that in practice Java is pretty weak at the moment. but consider how much money Sun has made from it. do you realize they poured 5M initial development costs into it? can you be sure they will recoup that? they probably have, but they've been incredibly generous. I am never ceased to be amazed at how much people rant at stuff that is given away for free or amazingly low cost. > Another concern with Java is that it acheives portability at the cost >of enforcing a lowest common denominator. For example, all real Windows >applications support OLE, and all real Mac applications support Apple >Events. Java applets, and even applications, can't do either. To me, >that makes the accomplishment of portability a bit less impressive, even >if it were so. Java cannot solve every programming problem on the planet. it cannot be a secure OS. it cannot give you a worldwide object standard. Java has an event mechanism just as Apple does, and it supports object oriented programming just as OLE is a standard associated with OO. IMHO it did what it did well. if you want OLE go to microsoft, if you want Apple Events program on the apple!!! if you want one language in which you don't have to worry about every standard in the world, try Java. From perry at piermont.com Thu Jun 6 00:56:09 1996 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 6 Jun 1996 15:56:09 +0800 Subject: whitehouse web incident, viva la web revolution In-Reply-To: <31B5C131.167E@ai.mit.edu> Message-ID: <199606051821.OAA12450@jekyll.piermont.com> Phill, quit while you are ahead. It is my opinion, as a person highly familiar with the markets in question, that Hillary Clinton's profits were impossible to achieve by any means other than fraud, and that no honest broker would have allowed her to hold positions in which she was so far out of mandatory margin requirements and a trivial move would have wiped out her entire net worth and more. I do not know of a single professional in the industry who disagrees with me. I know of at least one extremely well written study, by Victor Neiderhoffer (a very successful futures trader) and Caroline Baum (a reporter for Telerate) that more or less demonstrates that there is no way that any of what happened could have been legitimate. The most astounding part of the trading pattern was that Hillary Clinton did not "let it ride" and earn the money off of repeated increases in the value of a single investment -- instead, she took all profits out of her account after each trade and never invested more than a tiny sum in any transaction. That is to say, she didn't earn modest profits repeatedly over many trades -- she earned nearly impossible profits in trade after trade. In spite of withdrawing her profits after each trade, she racked up an impossible profit of 100 times her initial investment in a tiny period of time. At no time did she meet margin requirments, and she repeatedly risked more than the Clinton's entire net worth on what would have been gambles had her profits not been guaranteed. In spite of her astounding "performance" she immediately stopped trading after $100,000 in profits had been accumulated. There is an obvious trick by which this can be achieved. The broker writes two tickets -- one to buy, one to sell. One ticket always loses exactly what the other gains. The winning ticket is assigned to the bribee, the loser to the person doing the bribing. The mechanism self-launders the funds. Hallam-Baker writes: > Point of fact: the skeleton closet does not know how traded options > work. Mr. Baker, she traded FUTURES. > If one sells a traded option one is liable to pay the broker if the > market moves the opposite way to that hoped for. Normally the broker > asks a client to put up a deposit or "margin" to ensure that the > broker can recoup the money. Margin requirements are set by the exchanges and the CFTC, not by the broker in most cases. They are required by law -- not under broker discretion. > In this case the broker knew that Hilary > had good credit and so accepted only a token deposit as "margin". He's not allowed to. Furthermore, no sane broker would have allowed a customer to hold a position in which a small move would have more than wiped out the customer's entire net worth. > In most cases it is profitable to sell options, Futures, Mr. Baker. > it is only if the market moves in the "wrong" direction that one can > lose out. In such cases the losses are unlimited - the potential > profit being fixed. This is why most punters buy options - the > potential loss is limited. Hillary Clinton was trading FUTURES. Perry From Bodo_Moeller at public.uni-hamburg.de Thu Jun 6 01:04:25 1996 From: Bodo_Moeller at public.uni-hamburg.de (Bodo Moeller) Date: Thu, 6 Jun 1996 16:04:25 +0800 Subject: Fate of Ecash if RSA is cracked? Message-ID: "Perry E. Metzger" : >Igor Chudov @ home: >> Actually factoring is not exponential even now. [... est.:] >> N ~= exp(((1.923+O(1)) * (ln n)^(1/3) * ln ln n)^(2/3)) > The distinction between that and exponential is rather difficult for > most ordinary people to see, and in any case subexponential and > exponential are "practically the same" for purposes of this > discussion. When discussing the estimated time needed for factoring integers, it is usually assumed that an "algorithm" is something that is deterministic or probabilistic. Quantum computing should also be mentioned. Efficient algorithms for logarithms (the Diffie-Hellmann- problem) and factoring (the RSA-problem) on a quantum computer were found by Peter Shor [1]. Of course, no quantum computing device that you could run those "programs" on does exist. But as Gilles Brassard puts it, "In my opinion, the theoretical notion of feasible computation should be modelled on our understanding of the physical world, not on our technological abilities. After all, the classical Turing machine itself is an idealization that cannot be built in practice even not taking account of the unbounded tape: any real implmentation of a Turing machine would have nonzero probability of making a mistake. Does this discredit the model? I think not." [2] An other article by Brassard might still be availabe at . There, he writes quite optimistically: "I like to think that I shall see a special-purpose quantum factorization device in my lifetime." [1] Peter W. Shor, Algorithms for Quantum Computation: Discrete Logarithms and Factoring (in: Proceedings of the 35th Annual IEEE Symposium on Foundations of Computer Science, 1994, pp. 116-134) [2] Gilles Brassard, A Quantum Jump in Computer Science (in: Computer Science Today (Springer-Verlag LNCS 1000), 1995, pp. 1-14) From unicorn at schloss.li Thu Jun 6 01:05:11 1996 From: unicorn at schloss.li (Black Unicorn) Date: Thu, 6 Jun 1996 16:05:11 +0800 Subject: On the Hill: Child Porn "Morphing" In-Reply-To: Message-ID: On Wed, 5 Jun 1996, Jeffrey A Nimmo wrote: > > > On Tue, 4 Jun 1996, Black Unicorn wrote: > > > > > Hearings on the hill over the child pornographer horseman: > > > > "Morphing" seems to be the latest buzzword for putting childrens faces on > > the bodies of adult models in sexually explicit poses and seems to have > > attracted enough attention to warrant congressional attention. > > > > Interesting that the media is playing this up as a "net" deal. (As if > > somehow it were impossible to do without the all powerful and evil internet. > > I've heard of this kind of thing before. Individuals have already been > sent to jail for doing this, as well as doing and > distributing kiddie porn drawings. I know indirectly of two state supreme courts that have overturned such convictions. > I suspect that since it's already illegal on the state level, that > Congress is looking into making it a federal crime to distribute them > over state lines via the Internet. See above. As to federal crime, I believe so. > > I'd like to see exactly how they word the proposed prohibitons. What > > constitutes "child" when the face painted on is pure artistry? Will we > > see a simple and strict prohibition over modifiying sexually explicit > > pictures to make them appear to be of younger models (whatever their > > apparent age may be)? Will we see a subjective test as to what is "child > > looking" enough? > > It only has to give the impression of being under the age of consent in > order to be illegal. No real models have to be involved. Ok, what is "the impression of being under the age of consent" ? > > Silliness. All silliness. > > That's debatable. However, in this politically correct environment, I > wouldn't even give the impression of siding with the pedophiles if I were > you. That's what nyms are for. --- My preferred and soon to be permanent e-mail address:unicorn at schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information Opp. Counsel: For all your expert testimony needs: jimbell at pacifier.com From unicorn at schloss.li Thu Jun 6 01:06:25 1996 From: unicorn at schloss.li (Black Unicorn) Date: Thu, 6 Jun 1996 16:06:25 +0800 Subject: Electronic Signature Act Of 1996 In-Reply-To: <199606050323.WAA09499@manifold.algebra.com> Message-ID: On Tue, 4 Jun 1996 ichudov at algebra.com wrote: > Sandy Sandfort wrote: > > C'punks, > > > > At 11:11 AM 6/4/96 -0400, Perry E. Metzger wrote: > > > > >...I get the impression that under the common law, an ink > > >signature is merely a demonstration that a party assented > > >to a contract, and except for certain contracts (which > > >usually require witnesses etc.) there is no requirement in > > >the law that a contract even be on paper... > > > > The "Statute of Frauds" lists the exceptions and they cover > > most important contracts. I seem to recall that contracts > > over a given amount or for interests in real property for > > periods of a year or more are covered. I'm sure someone > > with current access to legal research resources will post > > a better explanation. > > [I AM NOT A LAWYER] > > The following contracts are required to be in writing, in most states: > > > 1. A contract of an executor or administrator to answer > for a duty of the decedent (the executor-administrator > provision). > > 2. A contract to answer for debt or default of another (the suretyship > provision). > > 3. A contract made upon consideration of marriage (the marriage provision). > > 4. A contract for sale of goods worth more than $500 (the sales provision). > > 5. A contract for sale of an interest in land (the land provision). > > 6. A contract not preformable within a year (the one-year provision). Exceptions and loopholes are SO numerous so as to make this list less than worthless. The only straightforward rules are with respect to UCC sale of goods contracts. > - Igor. --- My preferred and soon to be permanent e-mail address:unicorn at schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information Opp. Counsel: For all your expert testimony needs: jimbell at pacifier.com From reagle at mit.edu Thu Jun 6 01:06:41 1996 From: reagle at mit.edu (Joseph M. Reagle Jr.) Date: Thu, 6 Jun 1996 16:06:41 +0800 Subject: ICE - International Cryptography Experiment Message-ID: <9606051848.AA25257@rpcp.mit.edu> I've seen some mention of international cryptographic CAPI issues, and I think it is of great importance. However, I don't think many people have had a chance to look at the actual work. Check out ICE. Those familiar with cyberpunk fiction will no doubt find the ancronym as humorous/ironic as I do : The International Cryptography Experiment (ICE) calls for a series of experiments to promote the international use of cryptography in common computer software applications (i.e., word processors, spreadsheets, electronic mail systems) in a manner that honors individual national controls on the import, export, and use of cryptography. The general approach being advocated by numerous organizations in several countries is the use of a Cryptographic Application Programming Interface (CAPI) to separate the actual performance of the cryptographic functions from the software applications that call for encryption of specific messages or files. ICE is an informally structured program to coordinate the many efforts underway in the U.S and several other countries to advance the general understanding of CAPIs and their use to promote international cryptography. It is intended that practical standards derived from actual use will evolve from these experiments in the spirit by which Internet standards evolve. http://www.tis.com/crypto/ice.html . _______________________ Regards, Real generosity toward the future lies in giving all to the present. - Albert Camus Joseph Reagle http://farnsworth.mit.edu/~reagle/home.html reagle at mit.edu E0 D5 B2 05 B6 12 DA 65 BE 4D E3 C1 6A 66 25 4E From markm at voicenet.com Thu Jun 6 01:10:42 1996 From: markm at voicenet.com (Mark M.) Date: Thu, 6 Jun 1996 16:10:42 +0800 Subject: Senator Exon & me In-Reply-To: <199606051212.IAA11953@jekyll.piermont.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 5 Jun 1996, Perry E. Metzger wrote: > > Are you sure that you weren't just getting mail from the Senator Exon > remailer? The real Senator Exon doesn't use email. Blake Wehlage wrote: | #1 If you really wanted to show just had balls (I hate to use the phrase but | I can't think of anything better) you wouldn't hide behide remailers. ^^^^^^^^^^^^^^^^^^^^^ I am sure he realizes Sen. Exon is a remailer given the above quote. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "In Christianity neither morality nor religion come into contact with reality at any point." -- Friedrich Nietzsche -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMbXij7Zc+sv5siulAQFZ2gP+OkakYJcDjzK/G2bWEUdIYJAedHh0dbAZ lwXCjGTLlJmC5lspgZ0qJLRK+PXbp2pcy5Hs1uZQ+N9QMwsbqXPuUXrm0G6QVt6H 8pYB8j7WJwYoJz62rY+eRmiPZR1pth4W8ukeKnRHRYLF2oECHaS8HRNYu8amulBY BiM3WPmyibs= =fIxB -----END PGP SIGNATURE----- From hallam at Etna.ai.mit.edu Thu Jun 6 01:10:46 1996 From: hallam at Etna.ai.mit.edu (hallam at Etna.ai.mit.edu) Date: Thu, 6 Jun 1996 16:10:46 +0800 Subject: whitehouse web incident, viva la web revolution In-Reply-To: <199606051821.OAA12450@jekyll.piermont.com> Message-ID: <9606052018.AA03374@Etna.ai.mit.edu> >Phill, quit while you are ahead. It is my opinion, as a person highly >familiar with the markets in question, that Hillary Clinton's profits >were impossible to achieve by any means other than fraud, and that no >honest broker would have allowed her to hold positions in which she >was so far out of mandatory margin requirements and a trivial move >would have wiped out her entire net worth and more. I do not know of >a single professional in the industry who disagrees with me. Crap Perry, I discussed the affair with a top investment manager at Barclays Bank Suisse. He saw no problem whatsoever in the deals. Neither did my friend who trades oil futures for Rappaport. If you want to play the "who knows who in banking" game remember that the Oxford Union and the Swiss National Croquet team are probably better places to meet banking types than the Palo Alto Au Bon Pain. >Futures, Mr. Baker. Its Dr., Mr Metzger Before you get all steamed up and bothered consider that you are behaving in typical USEnet flamefest fashion. Are you going to claim that the underlying mechanism for options is any different than for futures? The point was that she was _selling_ and not _buying_. Thats a fixed profit bet with an unlimited downside. >The most astounding part of the trading pattern was that Hillary >Clinton did not "let it ride" and earn the money off of repeated >increases in the value of a single investment Of course, a person _selling_ futures is going to take the profits out each time. The profits are made against the net worth of the person concerned. Its an _underwriting_ business Mr Metzger. $100,000 is not a substantial increase in Hillary's net worth so she _can't_ underwrite more business. >There is an obvious trick by which this can be achieved. The broker >writes two tickets -- one to buy, one to sell. One ticket always loses >exactly what the other gains. The winning ticket is assigned to the >bribee, the loser to the person doing the bribing. The mechanism >self-launders the funds. Oh yes, and how does one cover up the matching ticket? They would show up on the brokers account. If one wishes to bribe a politician a much better way is to give them a huge advance on their book, or buy some tangible asset at above market value. I can't see an intelligent broker risking his business when there are easier mechanisms available. >Margin requirements are set by the exchanges and the CFTC, not by the >broker in most cases. They are required by law -- not under broker >discretion. Forgive me if I am wrong but are CFTC margin requirements not requirements placed on brokers as opposed to requirements brokers must impose on customers? That at any rate is my understanding of the situation from Galbraith. Given the four years of dirt digging over Whitewater its a safe bet that none of the actions were illegal as Mr Metzger claims. If they were it would demonstrate more than incompetence on the part of D'Amato et al. After four years they have a convicted fraudster and self confesed pejurer as their only link to the Whitehouse. If there was such obvious criminality in those dealings D'Amato would have been all over them. ObCrypto: Perry is only able to make allegations because the financial markets are to a degree open. If anoymous cash takes off and anonymous derivatives follow won't it make it easier to conceal the type of dealings Perry alledges? Phill From wb8foz at nrk.com Thu Jun 6 01:27:20 1996 From: wb8foz at nrk.com (David Lesher) Date: Thu, 6 Jun 1996 16:27:20 +0800 Subject: Markoff in NYT on NTT/RSA chip In-Reply-To: Message-ID: <199606052013.QAA04983@nrk.com> > > > 3. Once you import an ITAR item, its export becomes controlled. Importing > the NTT chipset for use, say, in a Motorola cell switch (made in IL) would > seem to be problematic. Buying chips in Japan for shipment to Moto's phone > factories in Singapore and Malaysia, however, would appear to be OK. So Motorboatarola puts chips in the domestic MTSO's. For the international ones, they leave the chips out. If the local service agency in Freedonia wants to buy the chips from Japan & install them themselves, what can IL say? -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From janimmo at ionet.net Thu Jun 6 01:28:41 1996 From: janimmo at ionet.net (Jeffrey A Nimmo) Date: Thu, 6 Jun 1996 16:28:41 +0800 Subject: On the Hill: Child Porn "Morphing" In-Reply-To: Message-ID: On Wed, 5 Jun 1996, Black Unicorn wrote: [snip] > > I've heard of this kind of thing before. Individuals have already been > > sent to jail for doing this, as well as doing and > > distributing kiddie porn drawings. > > I know indirectly of two state supreme courts that have overturned such > convictions. I would put it to you that being branded a pedophile and kiddie-porn operator can have worse implications than jail. For instance, I believe that even without a conviction, restraining orders can be placed which would prevent you from coming within a certain number of feet of children. If it were publically known you would almost certainly lose your job. I also imagine it would be hell on your marriage. All this can result from an arrest, not necessarily a conviction. Besides, I wouldn't count on the courts to uphold our rights. The Supreme Court just upheld civil forfeiture, allowing the cops to sieze your property without due (or any as far as I'm concerned) process of law. > > I suspect that since it's already illegal on the state level, that > > Congress is looking into making it a federal crime to distribute them > > over state lines via the Internet. > > See above. > As to federal crime, I believe so. > > > > I'd like to see exactly how they word the proposed prohibitons. What > > > constitutes "child" when the face painted on is pure artistry? Will we > > > see a simple and strict prohibition over modifiying sexually explicit > > > pictures to make them appear to be of younger models (whatever their > > > apparent age may be)? Will we see a subjective test as to what is "child > > > looking" enough? > > > > It only has to give the impression of being under the age of consent in > > order to be illegal. No real models have to be involved. > > Ok, what is "the impression of being under the age of consent" ? I believe that like all porn, it's a reasonability issue. If a "reasonable" person would believe that the person depicted in the drawing or morph to be underage, that it's illegal. I'm not sure, but I'll bet Sternlight would have an opinion. Anyone care (dare) to ask? > > > > Silliness. All silliness. > > > > That's debatable. However, in this politically correct environment, I > > wouldn't even give the impression of siding with the pedophiles if I were > > you. > > That's what nyms are for. That's a good point. Anonymity makes it possible to ask questions that would be too embarressing or damaging to ask otherwise. It makes me wonder what would have happened if the Cypherpunks had been around in the McCarthy era. From MINITERS at citadel.edu Thu Jun 6 01:33:49 1996 From: MINITERS at citadel.edu (Syl Miniter) Date: Thu, 6 Jun 1996 16:33:49 +0800 Subject: is the list active?? Message-ID: <01I5KBX5OHII00030A@CITCS.Citadel.edu> I recently re-subscribed --several days ago and have not received any traffic??? I am wondering if the list is still active as I checked and I am subscribednso I am sending this note to this list to test if anyone is out there From frissell at panix.com Thu Jun 6 01:34:00 1996 From: frissell at panix.com (Duncan Frissell) Date: Thu, 6 Jun 1996 16:34:00 +0800 Subject: FOR WHOM THE BELL TOLLS Message-ID: <2.2.32.19960606024345.00a07918@panix.com> At 10:41 PM 6/4/96 -0700, Bruce Baugh wrote: >I think there's a non-trivial chance that this list could be shut down and >anyone who's made interested sounds in the idea brought in to assist the >police in their inquiries. Yeah and they busted Jack London for publishing "The Assassination Bureau, Ltd". (http://www.amazon.com/exec/obidos/ISBN=0140186778/1663-9102790-622063) Advocating the general practice of killing one's opponents is as legal as church on a Sunday. The War College (or is it the NDU these days) does it all the time. DCF From mccoy at communities.com Thu Jun 6 01:36:23 1996 From: mccoy at communities.com (Jim McCoy) Date: Thu, 6 Jun 1996 16:36:23 +0800 Subject: How can you protect a remailer's keys? Message-ID: Lance Cottrell writes: > At 11:55 PM 6/1/96, Bill Stewart wrote: > >Encryption is critical for protecting against traffic analysis, > >but it's tough to protect a remailer's keys. Unlike regular email, > >where you can type the key in as you read it, remailers need to > >run automatically once you set them up. Some of the choices are: > >- leave it around in plaintext with only Unix file protections > >- type it in to a long-running remailer process > >- SSL-based remailers, where the web server handles crypto on > > a per-machine basis instead of per-remailer > >- use unauthenticated Diffie-Hellman > >- off-line or off-site remailer such as a POP3 winsock remailer > >- human intervention on every message > > > >Anybody have any other approaches? These are mostly weak, > >annoying, or both. > > The best solution I could come up with (and was willing to write and use) > is to specify the passphrase on the command line argument to the compiler This is little better than leaving it around in a plaintext file, a pass or two with gdb on your binary and I have your private key. The "difficult, expensive, and pain in the ass code to write" solution that I favor is to use secure multiparty computation to create the remailer. It does not exist on a single host, but is rather the sum of a collection of hosts running on widely seperated machines. It has the same type of drawback as a per-execution password entered into a long-lived process (anyone with root access to the host can yank it out of memory with little difficulty,) but this is spread out across a larger collection of hosts, making the task of actually getting the complete password somewhat difficult. Getting a subset of the individual host passwords does not provide any partial information about the collective password (similar to secret sharing.) The other drawback is that certain operations can be very slow, you end up emulating a circuit with a _very_ slow clock (8-10 Hz. Not MHz, not KHz, but 8-10 ticks/second); as compensation you get a word-size that if effectively infinite. I have to continue work on a subset of these methods for a secure digital poker/card-playing system over the next couple of months and if I have some spare time I might see just how difficult creating a toolkit for building such virtual circuits really is... OTOH, a secure PCMCIA or smart-card will probably end up being a better practical solution. jim From perry at piermont.com Thu Jun 6 01:41:53 1996 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 6 Jun 1996 16:41:53 +0800 Subject: whitehouse web incident, viva la web revolution In-Reply-To: <199606052043.QAA12656@jekyll.piermont.com> Message-ID: <199606052110.RAA12739@jekyll.piermont.com> I realized that there was an ambiguity in my last missive. I'd like to close that ambiguity. "Perry E. Metzger" writes: > > Forgive me if I am wrong but are CFTC margin requirements not > > requirements placed on brokers as opposed to requirements brokers > > must impose on customers? > > I must confess that I don't know, largely because its irrelevant, even > in this case. If you meant "brokers have to put up the margin, not customers, and they don't have to charge customers the margin" you were simply flat out wrong. Margin is a customer responsibility, not a broker responsibility. I will point out, though, that brokers face liability if their customers cannot meet their obligations -- which naturally would make any honest broker suspicious of a customer trading a highly leveraged position in which a tiny move in the market would wipe out the customer's entire net worth, thus likely exposing the broker to substantial risk. Stop loss orders, incidently, aren't any use if the damage would be done before any such order could be executed. Perry From WlkngOwl at unix.asb.com Thu Jun 6 01:45:39 1996 From: WlkngOwl at unix.asb.com (Deranged Mutant) Date: Thu, 6 Jun 1996 16:45:39 +0800 Subject: USA on Feds Cyberteam Message-ID: <199606060340.XAA24064@unix.asb.com> On 5 Jun 96 at 13:18, John Young wrote: > USA Today, June 5, 1996, p. 1. [..] > To see adjoining UT article (9 kb), > > "Post-Cold War hysteria or a national threat?" > > http://pwp.usa.pipeline.com/~jya/hysteria.txt There's so many fnords my eyes hurt to read it. --- No-frills sig. Befriend my mail filter by sending a message with the subject "send help" Key-ID: 5D3F2E99 1996/04/22 wlkngowl at unix.asb.com (root at magneto) AB1F4831 1993/05/10 Deranged Mutant Send a message with the subject "send pgp-key" for a copy of my key. From root at edmweb.com Thu Jun 6 01:56:14 1996 From: root at edmweb.com (Steve Reid) Date: Thu, 6 Jun 1996 16:56:14 +0800 Subject: Cost of brute force decryption In-Reply-To: <199606050631.CAA01285@unix.asb.com> Message-ID: > > "For example a 40-bit key takes about $10,000 worth of supercomputer > > time and two weeks to crack. Although this key may be adequate to > > protect my checking account, it's probably not large enough for the > > accounts of a major corporation. > > The figures look familiar. No references around. I'm not sure it would > require a whole two weeks for 40-bits, though. Possibly less than a > day? (Or was that why you asked baout the figures?) Um, These 'NT Magizine' people are rather clueless. A $400 FPGA can crack a 40 bit key in an average of 5 hours. See the report by seven well-known experts at http://www.bsa.org/bsa/cryptologists.html ===================================================================== | Steve Reid - SysAdmin & Pres, EDM Web (http://www.edmweb.com/) | | Email: steve at edmweb.com Home Page: http://www.edmweb.com/steve/ | | PGP (2048/9F317269) Fingerprint: 11C89D1CD67287E68C09EC52443F8830 | | -- Disclaimer: JMHO, YMMV, TANSTAAFL, IANAL. -- | ===================================================================:) From somogyi at digmedia.com Thu Jun 6 02:07:27 1996 From: somogyi at digmedia.com (Stephan Somogyi) Date: Thu, 6 Jun 1996 17:07:27 +0800 Subject: Java In-Reply-To: Message-ID: At 11:05 -0700 5.6.96, Martin Minow wrote: > Tim May writes > >> Java as a language and as a platform-independent implementation is an >> achievement. > >It's also not owned by the evil Redmond empire I'm not so sure. It seems to me that Sun's abrogation of responsibility for the x86 reference implementation to Microsoft also handed over the de facto ownership of Java until ANSI/ISO get their hands on it, by which time it may be too late. (It also raises the question whether a browser with a built-in Java VM, such as Netscape's, will use its own VM or the Java VM present in the OS when a choice is available.) There are an awful lot of x86 boxes out there and they carry a lot of common-denominational weight. There's also little to stop Microsoft from extending their Java implementation while remaining compliant with the basic Java spec. The HTML wars seem to have quieted down considerably in recent months, but I still recall the vigorous extension-tag oneupmanship that went on between Microsoft and Netscape; I see no reason that this couldn't also happen with Java. ObCrypto: If Microsoft does wind up setting the de facto standard for Java by virtue of owning the x86/Win32 VM, can it successfully force the use of its particular APIs in Java applets by sheer weight of installed base? ________________________________________________________________________ Stephan Somogyi Mr Gyroscope Digital Media From rodger at interramp.com Thu Jun 6 02:08:49 1996 From: rodger at interramp.com (Will Rodger) Date: Thu, 6 Jun 1996 17:08:49 +0800 Subject: Markoff in NYT on NTT/RSA chip Message-ID: >David Lesher writes: > > > So Motorboatarola puts chips in the domestic MTSO's. > > For the international ones, they leave the chips out. > and Russ Nelson responded: >Crypto hooks, or more properly, crypto pads. Lends new meaning to the >term "one time pads". > For what it's worth, Motorola can do neither. US companies can't produce anything prohibited for export unless its in the US, for the US market. And "crypto with a hole," or hooks for crypto generally, can't be exported, either, unless for 40-bit stuff only. Thus, Microsoft's proposals to produce "crypto with a hole" depend on "holes" tailored to the requirements of specific countries. Will Rodger Washington Bureau Chief Interactive Week From perry at piermont.com Thu Jun 6 02:10:56 1996 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 6 Jun 1996 17:10:56 +0800 Subject: whitehouse web incident, viva la web revolution In-Reply-To: <9606052018.AA03374@Etna.ai.mit.edu> Message-ID: <199606052043.QAA12656@jekyll.piermont.com> hallam at Etna.ai.mit.edu writes: > If you want to play the "who knows who in banking" game remember > that the Oxford Union and the Swiss National Croquet team are > probably better places to meet banking types than the Palo Alto Au > Bon Pain. Working for Wall Street investment banks is probably better than both. I live in New York, not Palo Alto. Guess who I work for. Hint: if I want to speak to a futures trader, most days I can walk down the hall. > >The most astounding part of the trading pattern was that Hillary > >Clinton did not "let it ride" and earn the money off of repeated > >increases in the value of a single investment > > Of course, a person _selling_ futures is going to take the profits out > each time. I don't think you get it. Its one thing to put up $1000, make $4000, then put up the $5000 and make $10,000 with it, etc. Thats a situation where you are compounding your profits -- reinvesting them. Its another thing to put up $1000, make $4000, withdraw the $4000, put up $1000, make $4500, withdraw the $4500, etc. This is not a case of someone making a profit and reinvesting it so that she got compound returns. This is a case of someone miraculously turning one in a million trades over and over and over again on the same tiny stake until she got $100,000. Its almost impossible to turn $1000 into $100,000 by reinvesting. Its dead impossible the way that Hillary did it. Neiderhoffer and Baum list about a dozen criteria for detecting fraud in securities transactions like this. Hillary Clinton hits every single one. She was a first time trader. She took gigantic risk. Her account was full of large scale irregularities like failure to meet margin requirments. She earned astounding profits. She was in a position to be bribed. She made her money off leverage in tiny movements that would be hard to impossible for people to exploit. She stopped trading just as suddenly as she started in spite of her miraculous success. You can read Neiderhoffer and Baum's article yourself if you like. I will state this for the record: Having examined the evidence, I would say that even a non-expert who was reasonably informed about how the futures markets work would have no choice but to conclude that Hillary Clinton's trading pattern was impossible without some sort of fraud being committed. > The profits are made against the net worth of the person > concerned. Its an _underwriting_ business Mr Metzger. $100,000 is not a > substantial increase in Hillary's net worth so she _can't_ underwrite > more business. Huh? What are you talking about? Futures contracts aren't an "underwriting" in any case. They are very simple contracts. When you buy a futures contract in, say, feeder cattle, you are buying delivery of a fixed size number of feeder cattle on a particular date in the future. When you sell a contract, you are agreeing to deliver that many cattle. Thanks to margin, of course, by putting up a fairly small sum of money you can buy control over a large number of cattle, and not have to actually put up most of the money. One major problem with Hillary Clinton's fraudulent trades, however, was that she was buying enough contracts that a tiny shift in the price of the cattle downward -- shifts of a size that would be common in a given day -- would have more than wiped out her families entire net worth and more. Somehow, though, her broker allowed her to take such large positions -- without putting up the *legally*required* margin -- and somehow in lots of trades a statistically ordinary blip never hit her. One wonders why someone who's husband had just been elected Governor, and who had no history of gambling, and had no sudden financial crisis, would be willing to gamble her family's entire future over and over again -- unless, of course, it wasn't gambling. > >There is an obvious trick by which this can be achieved. The broker > >writes two tickets -- one to buy, one to sell. One ticket always loses > >exactly what the other gains. The winning ticket is assigned to the > >bribee, the loser to the person doing the bribing. The mechanism > >self-launders the funds. > > Oh yes, and how does one cover up the matching ticket? They would > show up on the brokers account. Of course they would. Sadly, however, the broker in question conveniently lost ALL RECORDS OF TRANSACTIONS THAT TOOK PLACE AT THAT TIME. Sad, isn't it? This same broker was censured repeatedly for violating securities laws, by the way. Does the word "coverup" mean anything to you? > If one wishes to bribe a politician a much better way is to give them > a huge advance on their book, or buy some tangible asset at above > market value. Both of those are visible. This is invisible. > I can't see an intelligent broker risking his business when there > are easier mechanisms available. The trick was very common at the time, a fact that all your brilliant friends you consulted didn't seem to know. Many brokers got snagged, along with their clients, in pulling this game for all sorts of reasons -- shifting assets from a taxable account held by a client into their tax free pension account, for example. The SEC, CFTC and IRS caught on, and the practice has been largely wiped out. Matched trades were common, however, in the period we are talking about, and many brokers did in fact perform them for clients. > >Margin requirements are set by the exchanges and the CFTC, not by the > >broker in most cases. They are required by law -- not under broker > >discretion. > > Forgive me if I am wrong but are CFTC margin requirements not > requirements placed on brokers as opposed to requirements brokers > must impose on customers? I must confess that I don't know, largely because its irrelevant, even in this case. > Given the four years of dirt digging over Whitewater its a safe bet > that none of the actions were illegal as Mr Metzger claims. Of course they were. They just can't be proven. We are not dealing with some idiot like Spiro T. Agnew here. We are talking about a pair of well educated, very smart and totally unscrupulous crooks -- Bill and Hillary Clinton. There is no evidence that you can pin on them in court. However, I'm not a court, and I'm allowed to judge something to have been impossible to achieve without hanky panky regardless of whether or not you can prove who the counterparty is and why the bribe was made. Perry From alanh at infi.net Thu Jun 6 02:11:46 1996 From: alanh at infi.net (Alan Horowitz) Date: Thu, 6 Jun 1996 17:11:46 +0800 Subject: USA on Feds Cyberteam In-Reply-To: <199606051318.NAA03600@pipe2.t2.usa.pipeline.com> Message-ID: Guess this puts that Carnagie Mellon-based outfit ("Computer Emergency Response Team"?) off the govt contract teat. Or maybe they will continue to doa all the trenchwork under contract, but people high up enough in the DC feeding chain to have their own PR appendage, will take the credit? From szabo at netcom.com Thu Jun 6 02:12:13 1996 From: szabo at netcom.com (Nick Szabo) Date: Thu, 6 Jun 1996 17:12:13 +0800 Subject: Micropayments: myth? Message-ID: <199606060257.TAA16018@netcom.netcom.com> Some electronic commerce projects promise dramatically lower transaction costs, so that we can achieve "micropayments", "microintermediation", and so forth. Is this achievable? Consider a feature fairly independent of the particular payment system: the statement of charges. Here lies a tradeoff here between completeness and complexity. On the one hand, merely summarizing charges creates the opportunity for salami frauds, allowing widely distributed false or exaggerated microcharges to go undetected. Furthermore, parties reading only the summaries get no feedback by which they can adjust their behavior to minimize costs. On the other hand, a statement too complex to be easily read also allows fraud, error, and inefficient usage to go unrecognized, because one or both parties cannot understand the rationale for the charges in relation to the presumed agreement on terms of service and payment. There seems to lie here a fundamental cognitive bottleneck, creating a limit to the granularity of billable transaction size whether electronic or physical. One proposed solution to this has been "intelligent agents". But since these agents are programmed remotely, not by the consumer, it is difficult for the consumer to determine whether the agent is acting the consumers' best interests, or in the best interests of the counterparty -- perhaps, necessarily, at least as difficult as reading the corresponding full statement of charges. By sleight of hand we may have merely transformed the language of the transaction as it needs to be understood by the party, without reducing the complexity to be understood. Furthermore, the user interface to enable consumers to simply express their sophisticated preferences to an agent is lacking, and may represent another fundamental cognitive bottleneck. Telephone companies have found billing to be a major bottleneck. By some estimates, up to 50% of the costs of a long distance call are for billing, and this is on the order of a $100 billion per year market worldwide. Internet providers have been moving to a flat fee in order to minimize these costs, even though this creates the incentive for network resource overusage. A micropayments system assumes a solution to the billing problem. If somebody could actually solve the this problem, rather than merely claiming to have solved it via some mysterious means ("intelligent agents", et. al.), the savings would be enormous even in existing businesses such as long distance and Internet service -- never mind all the new opportunities made possible by micropayments. Nick Szabo szabo at netcom.com http://www.best.com/~szabo/ From reagle at mit.edu Thu Jun 6 02:35:18 1996 From: reagle at mit.edu (Joseph M. Reagle Jr.) Date: Thu, 6 Jun 1996 17:35:18 +0800 Subject: National Bank Brings Internet CyberCash To Canada 06/05/96 Message-ID: <9606052238.AA27259@rpcp.mit.edu> >Date: Wed, 5 Jun 1996 17:18:39 -0400 >From: reagle at rpcp.mit.edu (Joseph M. Reagle Jr.) >To: reagle at rpcp.mit.edu >Subject: National Bank Brings Internet CyberCash To Canada 06/05/96 > > > >MONTREAL, QUEBEC, CANADA, 1996 JUN 5 (NB) -- The National Bank of >Canada, one of Canada's smaller chartered banks, has signed an >agreement with CyberCash Inc. (NASDAQ:CYCH) to bring the Reston, >Virginia-based company's Internet payment service to Canada. > >CyberCash touts its payment service -- also called CyberCash -- as a >secure method of making payments over the Internet using a credit >card. > >To use the system, a consumer first downloads software called the >CyberCash wallet from CyberCash's site on the World Wide Web >(http://www.cybercash.com ) or from a participating merchant's >site, said Melissa Walia, a spokeswoman for CyberCash. The free >software, installed on the user's PC, allows the customer to make >purchases via the Internet and have them charged to a credit card. > >CyberCash supports major credit cards such as Visa, MasterCard, >American Express, and Discover, company officials said. Walia told >Newsbytes that Canadians who wish to use the service will not have >to be customers of the National Bank. The bank will work with >participating Canadian merchants to provide the CyberCash service. > >The CyberCash Cash Register is the merchant piece of the >CyberCash system. It works on a merchant's server and receives >information necessary to process a credit card transaction. The >system is designed to work with an existing financial institution >infrastructure, officials said. > >CyberCash said it is committed to supporting the Secure Electronic >Transaction (SET) standard for Internet credit-card transactions, >announced recently by Visa and MasterCard. The company claimed it >plans to be one of the first SET-compliant Internet payment services >available. > >Neither Walia nor Bridget Limoges, a spokeswoman for the National >Bank, would say how many Canadian merchants have signed up to >use CyberCash at this point. However, Limoges told Newsbytes that >interest in the technology has been strong. > >The CyberCash credit-card payment service, launched in the United >States in April, 1995, is expected to be available to Canadians >this summer, Limoges said. CyberCash also said it is working on >electronic check and coin services, expected to be released in >the second half of this year. > >(Grant Buckler/19960605/Press Contact: Melissa Walia, Niehaus >Ryan Group for CyberCash, tel 415-615-7911, fax 415-615-7901, >Internet e-mail melissa at nrgpr.com; Bridget Limoges, National Bank >of Canada, 514-394-6494; Public Contact: CyberCash, Internet >e-mail info at cybercash.com) > > > _______________________ Regards, Real generosity toward the future lies in giving all to the present. - Albert Camus Joseph Reagle http://farnsworth.mit.edu/~reagle/home.html reagle at mit.edu E0 D5 B2 05 B6 12 DA 65 BE 4D E3 C1 6A 66 25 4E From perry at piermont.com Thu Jun 6 02:39:36 1996 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 6 Jun 1996 17:39:36 +0800 Subject: whitehouse web incident, viva la web revolution In-Reply-To: <9606052321.AA03525@Etna.ai.mit.edu> Message-ID: <199606052352.TAA12965@jekyll.piermont.com> hallam at Etna.ai.mit.edu writes: > As you know very well it's Dr. My apologies. From now on I will refer to you solely as Dr. Phill Hallam-Baker, PhD. > and as you also know, signing a futures, options or any other type > of contract is an open ended risk. One doesn't "sign a futures" contract. The risk is also not always open ended by any means. If I purchase 50 unleaded gasoline contracts, my risk is strictly limited -- I cannot lose more than the value of the gasoline, and that would only be if it became totally worthless (an unlikely event). If I sell an uncovered contract, things are different, of course. With options, if I buy puts or calls, again, my risk is totally limited -- I cannot lose more than the cost of the contracts. > That is how the person purchasing the contract has the theoretcial > possibility of unlimited reward. Er, no. You have potentially unlimited reward in ANY purchase, and limited risk. If I buy a box of cornflakes and next week cornflakes suddenly become worth $1,000,000 a box, well, I've experienced reward, but my risk was at most the cost of the cornflakes. > >Of course they know. There just isn't anything that can be done. There > >is no proof. Its more or less as though one finds a man with gunpowder > >stains on his hands, and a bullet embedded in the wall of his office > >and human blood soaking the carpet. You can't prove that he killed > >anyone. You can never get a conviction. But you can know. > > Its called circumstantial evidence and it leads to a conviction provided the > name of the defendant isn't O.J. Simpson. No, it isn't. If there is no body and no one knows who you have shot, the rules of Corpus Delecti pretty much dictate that you aren't going to jail. You cannot be charged with the murder of unknown persons when there isn't even any evidence of what happened (it could very well have been someone being accidently injured while you were showing off your gun collection and they might have done just fine). You don't even have to say what happened -- you are under no obligation to testify, you know. Now, your neighbors will probably talk badly of you forever, but you won't be convicted of anything. > It would certainly be enough to arrange congressional hearings, subpoena half > the Whitehouse staff and demand every document in sight. What documents can they subpoena? All of Hillary Clintons documents are available. It is known what she traded and when. Without a witness who will say who did the bribing, or broker records showing the counterparty who was doing the bribing, nothing can be done. You seem to assume that every crime in existance can be prosecuted. They can't. Hillary Clinton can claim to be the victim of a very odd set of circumstances, which is effectively what she has done, and we have no way to put her in jail. That doesn't mean, however, that we have to believe her. > Speculating in derivatives is not something I am particularly > interested in, having seen the losses of some people in this > building who got caught in the Netscape short squeeze I'm not > particularly inclined to rush into that market. Netscape options were not available at the time that the shorts got hurt. Selling short is not a derivatives investment. You don't seem to have much of a deep knowledge of these markets -- at the very least you speak of them in a manner guaranteed to produce derision from professionals. > >Switching the tickets was the fraud. Taking bribes was also a crime. > > Perry, Perry, you are off at it again. You are making allegations you cannot > back up. You are right. The human blood might have been from the blood bank, and the bullet might have been an accident. Its fucking unlikely, though. > You have hypothesised that there were multiple tickets but have no > proof, Correct. That is why Hillary Clinton and Bill Clinton aren't in jail. However, court proof and proof good enough for me aren't the same thing. > All you can point to > is that a person with a net worth of several million They had a considerably smaller net worth at the time. Most of the Clinton's net worth appears to have come from dirty political dealings over the years -- things like the Cattle Futures bribe laundry, Rose Law Firm overbillings or dealings with the Arkansas state government, etc. Not a shred of it can be proven in court, of course. > made a tidy profit speculating in cattle futures with the aid of > some astute financial advice. No one out there that I know of who does this for a living has ever seen anyone make that much money in short term speculation that way. George Soros, Paul Jones and all the rest would be envious of the performance she had in the markets. I don't know anyone who can articulate a theory of why the trades were made when they were that comes from "astute thinking". They are seemingly random. Thats probably because they WERE random. > If you are to make such serious allegations against anyone you should be > prepared to back them up with something more than heresay and name > calling. As I've said, the evidence is compelling. It just isn't proof. Its just like the bullet, the blood, and the powder burns on your hands. No body and no missing person means no jail, but it doesn't mean that one has to go about thinking what one is looking at is perfectly innocent. > Just because it might have been possible to conceal a bribe does not > mean that you have evidence that a bribe was given. If this was Richard Nixon no one would be questioning what the money was. I see no other explanation for what the money would have been. The fact that her supposed advisor on these trades was the attorney for Arkansas's most important company, Tyson Chicken, is a bit on the suggestive side. Again, it is not proof, but proof isn't needed. > It is not unusual for lawyers to dabble in speculation. It is also > not unusual for clever lawyers to have friends who can give good > advice. If you can find anyone on earth who can give that good a bunch of advice, please let me know. Several hedge fund managers I work with would probably pay me for their name. I don't know anyone who has EVER performed that well in the markets. Its nearly impossible. > Consider that anyone on cypherpunks might have made a tidy profit by > realising that certain network ventures were likely to realize > substantial profits for those dealing in the market. It dosen't take > a genius to look at the rise Sun's stock price Could you have made 100 to one on that in a couple of months, though? Sure, its easy to make 20% or 30% on your money a year. Its hard, but many people do it. Making 10,000% in a few weeks is impossible. > Oh come off it Perry, the Washington media do not need proof or even > evidence to have a feeding fest. They did for a while, but when it became obvious that the evidence was not going to lead to the court room, it ended. Besides, most of the media in Washington are registered Democrats. 89% of the Washington press corps voted for Clinton from what I've read. Your attitude seems to be "you can't prove anything so you must assume that they are innocent." My attitude is "I can't prove anything so they can't go to jail, but that doesn't mean I have to believe that they are innocent -- in fact, I'm an idiot if I believe that." > I think that given Perry's ad-hominem attacks and the fact that this > has nothing to do with cryptography that its about time someone sent > Perry a Perry-gram. Cypherpunks no longer is a cryptography mailing list. Its a sewer. Perry From jimbell at pacifier.com Thu Jun 6 03:00:01 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 6 Jun 1996 18:00:01 +0800 Subject: Markoff in NYT on NTT/RSA chip Message-ID: <199606060356.UAA15845@mail.pacifier.com> At 09:33 PM 6/5/96 -0000, nelson at crynwr.com wrote: >David Lesher writes: > > > So Motorboatarola puts chips in the domestic MTSO's. > > For the international ones, they leave the chips out. > >Crypto hooks, or more properly, crypto pads. This raises a question: If you provide a place for a crypto chip but don't install it, shouldn't you be able to export it? But the software analogy, crypto hooks, the government is trying to restrict them. This is why I think the latter interpretation is flawed: Historically, the mere fact that a system can interface to another one that can do crypto can't be used to restrict it. Jim Bell jimbell at pacifier.com From perry at piermont.com Thu Jun 6 03:10:14 1996 From: perry at piermont.com (Perry E. Metzger) Date: Thu, 6 Jun 1996 18:10:14 +0800 Subject: whitehouse web incident, viva la web revolution In-Reply-To: <9606052133.AA03411@Etna.ai.mit.edu> Message-ID: <199606052149.RAA12809@jekyll.piermont.com> hallam at Etna.ai.mit.edu writes: > Well why don't you do that and come back with the results eh? You have to > actually _talk_ to them for the knowledge to transfer Perry y' know. I know the results. 99% of them laughed about the whole thing for weeks. The poster caricature of Hillary Clinton with a crystal ball and a thought ballon filled with cattle that I saw on one floor was particularly amusing. The thing was a universal joke. I never heard anyone who would be nicer than to say the whole thing was extremely suspicious. > You still don't understand, the $1000 is not the stake, it is merely > the deposit. The stake is Hillary's entire net worth, that is what > she is betting with. Gee, Mr. Hallam-Baker, it seems your ignorance about what she was trading (I believe you thought it was "options" before) also extends to an ignorance about how the futures markets work or how securities accounts work. > Rubbish, thats only 25 contracts sold without a loss. Depending on > the market one usually takes a profit when selling a contract. Making that kind of return in day trades in the cattle markets? You out of your ever living mind? Its not like there was even any basis for her trades that she could articulate. Thats because the trades were made without any basis, in matched pairs. (By the way, learn what a contract is. A contract is not the same as a trade. You are sounding thoroughly ridiculous.) > These are not "one in a million trades" Perry, they are the sort of > trade that one would expect to make in an underwritting capacity for > a commodity market. You ARE out of your ever living mind. The average individual account holder at Refco "blows out" (that is, loses their entire stake) within six months of opening their account. Refco is one of the more reputable places to trade futures. You are simply an ignoramous, talking totally outside your league. Have you ever so much as bought a futures contract or an options contract? Have you even ever opened a securities account? > >I will state this for the record: Having examined the evidence, I > >would say that even a non-expert who was reasonably informed about how > >the futures markets work would have no choice but to conclude that > >Hillary Clinton's trading pattern was impossible without some sort of > >fraud being committed. > > So you think that the Republican's in Washington haven't figured out > what Perry Metzger has? Of course they know. There just isn't anything that can be done. There is no proof. Its more or less as though one finds a man with gunpowder stains on his hands, and a bullet embedded in the wall of his office and human blood soaking the carpet. You can't prove that he killed anyone. You can never get a conviction. But you can know. Well, it was announced, and the media discussed it, and Hillary gave her teary eyed press conference cynically wearing a matronly outfit, and she gave her usual raft of "I cannot recalls" and "I don't remembers" and given no additional evidence, the whole thing ended. > Perry, its the crux of your case, you are claiming that Hilary > committed fraud but you do not know whether the responsibility for > covering the trades is on the broker or on the client. The fraud was in the ticket switching, so it makes no difference that the margin requirements were not made. The other crime was, of course, bribery. However, without records or information, there is no way to prove any of it. The mere fact that all the records from the brokerage were mysteriously destroyed should make you wonder. > You are mouthing off that Hillary was illegally trading without > putting up margin when you don't know whether or not that is a > crime. Switching the tickets was the fraud. Taking bribes was also a crime. I have no concern as to whether the margin requirements issue was criminal -- it was probably only a civil violation. In any case it makes no difference -- there is more than enough crime here to go around. Perry From dlv at bwalk.dm.com Thu Jun 6 03:15:40 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 6 Jun 1996 18:15:40 +0800 Subject: On the Hill: Child Porn "Morphing" In-Reply-To: <199606050531.WAA27734@netcom7.netcom.com> Message-ID: frantz at netcom.com (Bill Frantz) writes: > At 4:45 PM 6/4/96 -0400, Black Unicorn wrote: > >"Morphing" seems to be the latest buzzword for putting childrens faces on > >the bodies of adult models in sexually explicit poses and seems to have > >attracted enough attention to warrant congressional attention. > > The ability to use the faces of famous political people (e.g. Bill&Hillery > or Bob&Libby) in XXXX rated political satire probably has a wider market. This is a cool idea - I wonder if there's an FTP site with X-rated doctored pictures of the KKKlintons. Would a morphed image of Chelsea performing fellatio on Slick Billy be protected as political satire? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Thu Jun 6 03:28:10 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 6 Jun 1996 18:28:10 +0800 Subject: Fate of Ecash if RSA is cracked? In-Reply-To: Message-ID: <6a33oD26w165w@bwalk.dm.com> Bodo_Moeller at public.uni-hamburg.de (Bodo Moeller) writes: > Of course, no quantum computing device that you could run those > "programs" on does exist. But as Gilles Brassard puts it, "In my > opinion, the theoretical notion of feasible computation should be > modelled on our understanding of the physical world, not on our > technological abilities. After all, the classical Turing machine > itself is an idealization that cannot be built in practice even not > taking account of the unbounded tape: any real implmentation of a > Turing machine would have nonzero probability of making a mistake. > Does this discredit the model? I think not." [2] ... > [2] Gilles Brassard, A Quantum Jump in Computer Science (in: Computer > Science Today (Springer-Verlag LNCS 1000), 1995, pp. 1-14) Note that Turing et al did their analysis of what's computable and what's not computable on Turing machines and their equivalents before computers were physically built. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From jfricker at vertexgroup.com Thu Jun 6 04:02:28 1996 From: jfricker at vertexgroup.com (John F. Fricker) Date: Thu, 6 Jun 1996 19:02:28 +0800 Subject: FOR WHOM THE BELL TOLLS Message-ID: <2.2.32.19960606004355.007038a0@vertexgroup.com> Whois this Bell anyway? Hasn't he been communally kill filed yet?? From llurch at networking.stanford.edu Thu Jun 6 04:05:34 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Thu, 6 Jun 1996 19:05:34 +0800 Subject: Terrorism Hysteria on the Net In-Reply-To: <199606051227.MAA00334@pipe2.t2.usa.pipeline.com> Message-ID: On Wed, 5 Jun 1996, John Young wrote: > Today's USA has a pair of front page stories: > > They lay out the nightmares and the valiant TLA-daydreams to out-fund the > hackers and out-flummox the public. > > > "You bring me a select group of hackers and within 90 days I'll bring this > country to its knees, " says Jim Settle, retired director of the FBI's > computer crime squad. He says that as if it were a bad thing... > "The threat is there, it's very real," says CIA General Counsel Jeffrey > Smith. "If we have a Unabomber who decides to launch an attack with a PC > instead of a bomb, (there could be) real damage." Actually, he's probably right. If all the cypherpunks, say, turned "bad," there'd be no government and no economy, because so many big systems are so insecure. Pooh-poohing the potential risk is not a winning proposition. Pointing out that the government's policies against properly secure systems have created this house of cards in which we live is. The NRC crypto report helps legitimize this spin. -rich From markm at voicenet.com Thu Jun 6 04:08:40 1996 From: markm at voicenet.com (Mark M.) Date: Thu, 6 Jun 1996 19:08:40 +0800 Subject: Security of PGP if Secret Key Available? In-Reply-To: <199606051033.MAA14983@internal-mail.systemics.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 5 Jun 1996, Gary Howland wrote: > On Jun 3, 2:36, "Robert A. Hayden" wrote: > > However, I got to wondering about the security of PGP assuming somebody > > trying to read my PGPed stuff has my 1024-bit secret key. ie, if I have > > it on my personal computer, and somebody gets my secret key, how much > > less robust has PGP just become, and what are appropriate and reasonable > > steps to take to protect this weakness? > > If the secret key is available then an attacker knows the length > of p & q. Admittedly this will not usually help matters much, > but I still feel that the lengths of p and q should be encrypted > with the passphrase - perhaps in PGP3.0? (Derek?) I don't see how knowing the exact lengths of p and q will help matters much. I don't think it will speed up the factoring time, and it won't make brute- forcing the passphrase any easier. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "In Christianity neither morality nor religion come into contact with reality at any point." -- Friedrich Nietzsche -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMbXp97Zc+sv5siulAQFTBAQAjcfF5jh29RhTPokzfHbTEU+5aspywOPZ C3V1Lvucf6rYPH3J8oo8o8qo8iUjWIHR3B6Xh/DllslfDmO+WnOceaz888gErnGz X30prZ3Q6pue0WbrCk5S6++OMXux0+zzEcB5z5jcZb3wNLie8Qr2nnwyvM3ha1Gj bx96KawqVEI= =VSDw -----END PGP SIGNATURE----- From exalt at miworld.net Thu Jun 6 04:37:05 1996 From: exalt at miworld.net (Intense) Date: Thu, 6 Jun 1996 19:37:05 +0800 Subject: On the Hill: Child Porn "Morphing" In-Reply-To: Message-ID: On Wed, 5 Jun 1996, Bruce M. wrote: > On Tue, 4 Jun 1996, Black Unicorn wrote: > > people in nude photographs consisted of a usually doctor administered > examination (of the picture) where the genitals and other age > characteristics of the BODY were taken into account. I don't think a > person's face ever was, or ever should be, a factor. > > > Silliness. All silliness. > > Very true. Next there will be laws banning provocative pictures of > adults dressed in child-like garb or acting out child-like sexual > fantasies (the infamous "spank me Daddy!). > Urk anything that looks child-like, can be considered child porno.. again, it's a scarry thought that they govt. can prohibit someting that they deem to be "alike" in whatever way they feal.... :( * * From bruce at aracnet.com Thu Jun 6 04:40:18 1996 From: bruce at aracnet.com (Bruce Baugh) Date: Thu, 6 Jun 1996 19:40:18 +0800 Subject: FOR WHOM THE BELL TOLLS Message-ID: <2.2.32.19960606045507.006d9b24@mail.aracnet.com> At 10:43 PM 6/5/96 -0400, Duncan Frissell wrote: >Yeah and they busted Jack London for publishing "The Assassination Bureau, Ltd". Do I really have to point out that London was writing the better part of a century ago, in a substantially different legal and cultural environment? (Heck, his socialism made more trouble for him than anything else.) >Advocating the general practice of killing one's opponents is as legal as >church on a Sunday. The War College (or is it the NDU these days) does it >all the time. And they, of course, are The Government, who Protect Us from the Evil Terrorists. Ditto for the heroic BATF agents who only burn bad nasty terrorists, honest. And all the rest. The rest of us (in the US) live in a country where the government can now pretty much declare anyone they like terrorists, and suspend habeus corpus on the flimsiest of grounds, and use evidence against foreigners that doesn't have to be presented to the accused, and all sorts of fun stuff. Hence my concern. I don't think that my direst claims _will_ come true. But I don't think I'm speculating anything that _can't_ happen, and I see much of it as increasingly likely in the light of the ongoing furor over crypto and related matters. -- Bruce Baugh bruce at aracnet.com http://www.aracnet.com/~bruce From bruce at aracnet.com Thu Jun 6 04:41:32 1996 From: bruce at aracnet.com (Bruce Baugh) Date: Thu, 6 Jun 1996 19:41:32 +0800 Subject: Zimmerman/ViaCrypt? Message-ID: <2.2.32.19960606052017.006e7d90@mail.aracnet.com> Has there been any news recently about what's going on with commercial versions of PGP? I've been toying with the idea of buying the Windows version from ViaCrypt just to have a PGP that doesn't need to shell out to DOS each time it runs, but I'm curious as to where, if anywhere, things seem to be going. -- Bruce Baugh bruce at aracnet.com http://www.aracnet.com/~bruce From mccoy at communities.com Thu Jun 6 04:45:43 1996 From: mccoy at communities.com (Jim McCoy) Date: Thu, 6 Jun 1996 19:45:43 +0800 Subject: FOR WHOM THE BELL TOLLS Message-ID: Duncan wrote: > At 10:41 PM 6/4/96 -0700, Bruce Baugh wrote: > >I think there's a non-trivial chance that this list could be shut down and > >anyone who's made interested sounds in the idea brought in to assist the > >police in their inquiries. > > Yeah and they busted Jack London for publishing >"The Assassination Bureau, Ltd".[...] > > Advocating the general practice of killing one's opponents is as legal as > church on a Sunday. The War College (or is it the NDU these days) does it > all the time. As long as that person is not the President of the United States (at least for U.S. citizens.) This was the issue which initiated this thread, the implied threat made by our favorite nutcase. jim From exalt at miworld.net Thu Jun 6 04:57:15 1996 From: exalt at miworld.net (Intense) Date: Thu, 6 Jun 1996 19:57:15 +0800 Subject: On the Hill: Child Porn "Morphing" In-Reply-To: Message-ID: On Wed, 5 Jun 1996, Bruce M. wrote: > On Tue, 4 Jun 1996, Black Unicorn wrote: > > > Hearings on the hill over the child pornographer horseman: > > > > "Morphing" seems to be the latest buzzword for putting childrens faces on > > the bodies of adult models in sexually explicit poses and seems to have > > attracted enough attention to warrant congressional attention. > > > > I'd like to see exactly how they word the proposed prohibitons. What > > constitutes "child" when the face painted on is pure artistry? Will we > > see a simple and strict prohibition over modifiying sexually explicit > > pictures to make them appear to be of younger models (whatever their > > apparent age may be)? Will we see a subjective test as to what is "child > > looking" enough? > > As far as I was aware, the manner of currently judging the age of > people in nude photographs consisted of a usually doctor administered > examination (of the picture) where the genitals and other age > characteristics of the BODY were taken into account. I don't think a > person's face ever was, or ever should be, a factor. > > > Silliness. All silliness. > > Very true. Next there will be laws banning provocative pictures of > adults dressed in child-like garb or acting out child-like sexual > fantasies (the infamous "spank me Daddy!). > > > Bruce M. * brucem at feist.com > ~---------------------------------------------------~ > "Knowledge enormous makes a god of me." -- John Keats > > > From hallam at Etna.ai.mit.edu Thu Jun 6 05:55:42 1996 From: hallam at Etna.ai.mit.edu (hallam at Etna.ai.mit.edu) Date: Thu, 6 Jun 1996 20:55:42 +0800 Subject: whitehouse web incident, viva la web revolution In-Reply-To: <199606052043.QAA12656@jekyll.piermont.com> Message-ID: <9606052133.AA03412@Etna.ai.mit.edu> >I live in New York, not Palo Alto. Guess who I work for. Hint: if I >want to speak to a futures trader, most days I can walk down the hall. Well why don't you do that and come back with the results eh? You have to actually _talk_ to them for the knowledge to transfer Perry y' know. It dosen't osmose into you just because you are frobbing the ethernet on some secretaries Mac while some merchant banker is making trades in the next office. >I don't think you get it. >Its one thing to put up $1000, make $4000, then put up the $5000 and >make $10,000 with it, etc. Thats a situation where you are compounding >your profits -- reinvesting them. >Its another thing to put up $1000, make $4000, withdraw the $4000, put >up $1000, make $4500, withdraw the $4500, etc. You still don't understand, the $1000 is not the stake, it is merely the deposit. The stake is Hillary's entire net worth, that is what she is betting with. Its not compound interest on a $1000 stake so $1000+ $4000 profit = $5000 stake, the stake is the $500,000 plus her house would fetch so each time she takes a $4000 profit her stake barely increases. $500K + 4K is $504K, next time she can write a contract for $4040. >This is not a case of someone making a profit and reinvesting it so >that she got compound returns. This is a case of someone miraculously >turning one in a million trades over and over and over again on the >same tiny stake until she got $100,000. Rubbish, thats only 25 contracts sold without a loss. Depending on the market one usually takes a profit when selling a contract. These are not "one in a million trades" Perry, they are the sort of trade that one would expect to make in an underwritting capacity for a commodity market. Steady profits on contracts which generally pay off. >I will state this for the record: Having examined the evidence, I >would say that even a non-expert who was reasonably informed about how >the futures markets work would have no choice but to conclude that >Hillary Clinton's trading pattern was impossible without some sort of >fraud being committed. So you think that the Republican's in Washington haven't figured out what Perry Metzger has? >> Forgive me if I am wrong but are CFTC margin requirements not >> requirements placed on brokers as opposed to requirements brokers >> must impose on customers? >I must confess that I don't know, largely because its irrelevant, even >in this case. Perry, its the crux of your case, you are claiming that Hilary committed fraud but you do not know whether the responsibility for covering the trades is on the broker or on the client. You are mouthing off that Hillary was illegally trading without putting up margin when you don't know whether or not that is a crime. >We are not dealing with some idiot like Spiro T. Agnew here. We are >talking about a pair of well educated, very smart and totally >unscrupulous crooks -- Bill and Hillary Clinton. There is no evidence >that you can pin on them in court. Perry, before you go off into what you would like to believe consider your last sentence. You admit that there is no evidence, you also fail to understand what is understand in selling contracts. As a media meme this one had legs in the same manner as the Borda medals affair. There is no reason to believe that Borda was wearing the valour pins in bad faith, the rules on the matter were vague. Depending on which version of the manual you believe you could say it was right or you could say it was wrong. No indication of an act of bad faith. But take a decorated combat vet who is wazzed off about being jacked out of the army and the Washington press we know what the result would be. Regardless of whether it was or was not an act of bad faith the press prefer the bad faith story. I don't know any other country which treats it politicians in the same way as the US does. I have friends in both parties who have left the Washington political scene because they don't think the game is worth the candle. Phill From yusuf921 at uidaho.edu Thu Jun 6 06:01:47 1996 From: yusuf921 at uidaho.edu (Syed Yusuf) Date: Thu, 6 Jun 1996 21:01:47 +0800 Subject: Phill in Zychik Chronicle In-Reply-To: Message-ID: Zychik Chronicle is a free electonic publication, it's recommended by my Libritarian/Chryto-Anarchal Capiltalist friends. ---fowarded message ---------------World Trade & Liberty: (CyberWire Dispatch June 3rd, brock at well.com for a free subscription) Brook Meeks the author of CyberWire calls it a "virtual nuke hurled into the arcane subculture of encryption technology." So let's go back to the days before the virtual nuke. The father of encryption technology for most of us layman is Phil Zimmerman, the author of PGP. Essentially, Phil's PGP (Pretty Good Privacy) allows you to use encryption technology that the government would have to spend too much time and too much money to bust every message you sent. Phil's profit on PGP was zero. He offered it for free. The government, always willing to let no good deed go unpunished, spent the last 4 years threatening to put Phil in jail for exporting sensitive technology. Phil didn't export a thing. Someone - not Phil - loaded PGP on the net, and lo and behold, the net being a global village, PGP toured the village. After harassing Phil for four years, the gov't dropped its case - in large part due to the financial and legal support Phil got from those evil perverts called Netizens, Net Surfers, Hackers, Cypherpunks, Electronic Freedom Foundation, Libertarians and other various forms of traitorous electronic scum. I know his defense fund got a check from me and my wife. Anyway, the government started feeling threatened by hordes of Pagans who don't worship at the alter called Congress. So it offered us peanut-brains the Clipper chip. Oops, make that KKKlipper chip. The idea behind the KKKlipp-your-liberties-chip was that you could have all the privacy you wanted by using the gov't chip, as long as the gov't had the "key" to unlock your code. Duh, I don't know why all of us peanut brains didn't line up to get that chip? What's the matter with Americans? Don't they know a good deal when they see one. So, just to get even with us peanut-brains, Bill-if-I-can't-look-up-your-skirt- then-I'm-going-to-spy-on-your-motherboard-Clinton set up rules which basically made it impossible for the US to compete in the "robust encryption technologies [field], at a possible loss of $60 billion for US companies." Well, for some strange reason one of us peanut-brained Pagans, one of us low life Hackers, one of us Netizen pond scum smelled buckies. His name is Jim Bizdos. He's president of RSA. What RSA did was to hook up with some of those funny speaking, slant-eyed, yellow people called Japanese scuzzballs. Yup, Jim & the Japs came out with a "monster chipset capable of scrambling voice and data real time with a 'key length' of up to 1024 bits." The operative term here is key length. The longer the key, the better the encryption. US law says US companies can't export a key length greater than 40 bits. Now here's the catch: Jim-unAmerican-greedy-guy and them Thieving-low-down-Japs ain't exporting nutin'. They made the stuff in Yellow- Peril Country. You know, Japan! Gosh, my fingers shook as wrote that Jap word. Besides being attacked by the Japs, look out for the Limeys (Brits) and the Frogs (The French). Dem folx is also developing encryption technology that will put a child molester in every American home, a Republican in every American trash can and a Democrat in every US toilet. Phil Zimmerman was the pioneer, but as Brock Meeks says, PGP is "tough to use." The RSA chip set works in real time! It scrambles voice *and* data. 15 low-down-degenerate-self-indulgent-uncaring-countries "have already placed orders for these chips." Japanese law forbids building chips that have what's called "an escrow function." An escrow function means the gov't gets a key to your code. In other words those damned Japs are attacking us again by making it a legal requirement that your privacy and mine be protected. Damn, we should have bombed on the whole country when we had the chance. Hey, tell you what, after the FBI blows Justus to hell and back, let's send the Federal Bloodletters and Incinerator-crew after the Yellow People. Yup, we don't no world trade. It's a threat to our pure KKKulture. World trade is also a threat to jobs. If the Gestapo can't listen in on your phone calls and decode your e-mail what are all those poor little FBI, BATF, sheriffs, and local cops going to do? Comment: We're entering a period of world trade in which any government that limits the liberties of its citizens will be punished in the market place by competing governments. The fun has just begun. Joe Zychik Editor, The Zychik Chronicle ------- Posted daily Mon-Fri after 3 pm PST at http://www.pacificnet.net/~jzychik To receive the ZC, free, contact: jzychik at pacificnet.net From bruce at aracnet.com Thu Jun 6 06:42:49 1996 From: bruce at aracnet.com (Bruce Baugh) Date: Thu, 6 Jun 1996 21:42:49 +0800 Subject: whitehouse web incident, viva la web revolution Message-ID: <2.2.32.19960606051847.006e9b18@mail.aracnet.com> At 01:17 PM 6/5/96 -0400, Hallam-Baker wrote: >rather than reasoned argument. His dislike for the Clinton is >well known - he recently accused the administration of being >fascist. I know of no evidence that the Clinton administration >has a genocide policy, it is an insult to the 10 million civilians >murdered by Hitler to use the term facist simply as a term of abuse, >especialy if it is being used as a substitute for an argument. Fascism has no intrinsic link to genocide. It is a theory of economics, basically, in which the state has ultimate authority over production and distribution without (as in socialism) actually _owning_ the means of production or distribution. This is generally accomplished through cartelization, the creatin of industry-wide councils in which the representatives of the most powerful firms set policy in conjunction with the representatives of the government. The US has been at least moderately fascist since the 1920s (Hoover was a big fan of cartelization, and pushed it actively). While the mechanisms of the modern regulatory state aren't those of classic fascist theory, in practice most strongly regulated industries in this country operate _exactly_ the way fascist theory says they should. And various of Clinton's policies have, in fact, been fascist in this sense. The man has no doctrinal commitment to fascism (under that name or any other), but in practical terms virtually all modern Western politics are either fascist or socialist. None of this is secret lore, by the way. -- Bruce Baugh bruce at aracnet.com http://www.aracnet.com/~bruce From gnu at toad.com Thu Jun 6 06:43:05 1996 From: gnu at toad.com (John Gilmore) Date: Thu, 6 Jun 1996 21:43:05 +0800 Subject: Triple-DES chip idea: built-in 1DES-cracker Message-ID: <199606060750.AAA06399@toad.com> It just occurred to me that companies which are designing Triple-DES chips should spend a small chunk of their chip area and design time on building in features for fast single-DES key search. As in Matt Wiener's design, this would include logic to generate a sequence of trial keys, and a circuit to evaluate the likelihood that the trial key was "interesting" after examining the trial plaintext. All of this logic would be on-chip and isolated from the pins of the chip, so it could run at high speed without any impact on the rest of the system. Then, as these chips are deployed into consumer boards or motherboards, a small amount of software plus the Internet will make distributed DES cracking feasible. Whenever the chip wasn't busy doing some "real work" encoding data for the user, it would be spinning its wheels cracking a DES key for fun or profit. There are lots of interesting ways to build the comparison circuitry to examine the trial plaintext. The cheapest is to provide a single 64-bit register with the desired plaintext; that's what Matt's design did. Another cheap way would be to provide two 64-bit registers: a mask and a value. AND with the mask and compare to the value; it's interesting if equal. A second and/or third set of mask and value registers (and another ciphertext register) would permit the test to be across 16 or 24 bytes of ciphertext/plaintext rather than just 8. This would be useful if e.g. your mask is only looking to see that the high order bit of each byte is off in the ciphertext (indicating a probability of ASCII text). 8-byte comparison would give you a false-hit every 256 keys; 16-byte comparison would reduce that to one every 65,536 keys. Matt's chips froze when they got a match. A FIFO on the comparison output would let the chip continue to spin, looking for more matches, before software got around to reading the results of a previous hit. This would permit the chip to do DES-cracking in polled mode, without using interrupts. If the DES-cracking control registers were all disjoint from the ordinary DES operational registers, the DES-cracking could be initiated at any time, independent of the chip's encryption functions, and could then be checked-up on periodically, again without impacting the chip's normal functioning. As an extreme example, it could be started at system boot time, and checked only at system shutdown for hits. If you wanted to get truly fancy, the comparison should have eight 256-bit vectors, one per byte of plaintext. Each vector is indexed by the byte of plaintext, producing a single bit. If it's 1, that byte has an interesting value. So if you set only the bits corresponding to ASCII uppercase letters, then only a plaintext ASCII uppercase letter is interesting. So, the eight trial-plaintext bytes produce eight bits, one from each vector. Mash those together, and use this 8-bit value as an index to a ninth bit vector, which would let you specify which combinations of "interesting" plaintext bytes are truly interesting enough to stop the chip for. E.g. if you insist that all of the ciphertext bytes are ASCII uppercase letters, then all the eight bit-vectors will be set up the same, and this ninth bit vector will have a single 1-bit at index 11111111 (all bytes match). If on the other hand, any six out of the eight being uppercase is good enough for you, you'd put a bunch of 1-bits into the ninth vector (one for each possible way that six of the eight would match, such as 11010111 and 00111111 and 01111110). In nine 256-bit vectors (less than 300 bytes of on-chip storage), you could specify truly complex and useful conditions like "First two bytes of plaintext equals 0x2C07, next three bytes are uppercase ASCII, next byte is a don't-care, following byte is an ASCII digit". This would be great for matching up packet headers or partial plaintext, when looking for the key to encrypted network traffic. However, even these days, adding 300 bytes of static storage to a 3DES chip for this kind of ancillary function doesn't seem likely, until the market for DES-cracker boxes matures. (Each such box tends to consume large numbers of DES chips, making them an attractive target market for a chip vendor.) But some of the simpler des-cracker assists I mentioned should be easy to implement with only a few dozen bytes of static storage, some small circuits and maybe one more address pin, making them suitable for mass-market chips for PC's and such. John Gilmore, gnu at toad.com PS: Note that this feature would not affect the exportability of your chip, which was already nil. Design and build it overseas. From frantz at netcom.com Thu Jun 6 06:49:59 1996 From: frantz at netcom.com (Bill Frantz) Date: Thu, 6 Jun 1996 21:49:59 +0800 Subject: Micropayments: myth? Message-ID: <199606060708.AAA12312@netcom7.netcom.com> At 7:57 PM 6/5/96 -0700, Nick Szabo wrote: >Some electronic commerce projects promise dramatically lower transaction >costs, so that we can achieve "micropayments", "microintermediation", >and so forth. Is this achievable? > >Consider a feature fairly independent of the particular payment system: >the statement of charges. Here lies a tradeoff here between completeness >and complexity. On the one hand, merely summarizing charges creates >the opportunity for salami frauds, allowing widely distributed false or >exaggerated microcharges to go undetected. Furthermore, parties reading >only the summaries get no feedback by which they can adjust their behavior >to minimize costs. On the other hand, a statement too complex to >be easily read also allows fraud, error, and inefficient usage to >go unrecognized, because one or both parties cannot understand the >rationale for the charges in relation to the presumed agreement on >terms of service and payment. This is, of course, an opportunity for agents (programmed, or two legged) to use their superior knowledge of the service/technology/business to optimize service for ordinary people. > >There seems to lie here a fundamental cognitive bottleneck, creating a >limit to the granularity of billable transaction size whether electronic >or physical. One proposed solution to this has been "intelligent >agents". But since these agents are programmed remotely, not by the >consumer, it is difficult for the consumer to determine whether the agent >is acting the consumers' best interests, or in the best interests >of the counterparty -- perhaps, necessarily, at least as difficult >as reading the corresponding full statement of charges. By >sleight of hand we may have merely transformed the language of >the transaction as it needs to be understood by the party, without >reducing the complexity to be understood. Furthermore, the user >interface to enable consumers to simply express their sophisticated >preferences to an agent is lacking, and may represent another fundamental >cognitive bottleneck. I think that agent providers would gain reputations. Many consumers might trust an agent from Consumer's Union for example. If there end up being only a few types of agent, then I would expect to see an "arms race" between charging systems and agents. The providers would try to devise charges which maximize their profit, while the agents would try to get the best combination of service and cost for their users. This race would be similar to the situation we see in the telephone industry, with its continuously changing "special long distance deals". I assume any user interface will be in terms of the user's interests. Since these interests will change over time as the environment and user's knowledge change, the UI will be a hard problem. However, the UI will be another factor in the user's agent selection process. > >Telephone companies have found billing to be a major bottleneck. >By some estimates, up to 50% of the costs of a long distance call >are for billing, and this is on the order of a $100 billion per year >market worldwide. Internet providers have been moving to a flat fee in >order to minimize these costs, even though this creates the incentive for >network resource overusage. With the current low speed dialup connections, the savings on billing costs are probably greater than the costs of bandwidth "over use". > >A micropayments system assumes a solution to the billing problem. >If somebody could actually solve the this problem, rather >than merely claiming to have solved it via some mysterious >means ("intelligent agents", et. al.), the savings would be >enormous even in existing businesses such as long distance and >Internet service -- never mind all the new opportunities made >possible by micropayments. Even a cash based payment system will have costs. The lowest cost IP payment system I know of, Norm Hardy's Digital Silk Road, has the cost of increasing the complexity of the IP routers. There is no free lunch here. Whether you call it accounting, billing, or micropayment; it is an additional function which must be performed by a piece of code with stringent performance requirements. Regards - Bill ------------------------------------------------------------------------ Bill Frantz | The CDA means | Periwinkle -- Computer Consulting (408)356-8506 | lost jobs and | 16345 Englewood Ave. frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA From jimbell at pacifier.com Thu Jun 6 23:33:51 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 6 Jun 1996 23:33:51 -0700 (PDT) Subject: FOR WHOM THE BELL TOLLS Message-ID: <199606070633.XAA01053@mail.pacifier.com> At 07:54 PM 6/6/96 -0700, Timothy C. May wrote: >However, recall that Senator Jesse Helms elliptically threatened President >Clinton by saying that Clinton had probably better be wearing a >bullet-proof vest if he ever visited Helms' part of the country. (Even the >Republicans were shocked by this, and, I surmise, cast Helms into the outer >darkness, as Helms has been keeping a low profile for the past 18 months.) However, Helms is a politician and he's supposed to be on his best behavior. (What Helms' "best behavior" is, is certainly debateable.) >* Third, while I am bored with Bell's "single note" point of view ("I have >a solution for this") Bored? You're bored? Maybe I'm going to have to figure out something to spice it up, huh? By the time everybody is as bored as you are today, then I will have won. >and while I feel his "assassination politics" is both naive "naive"? In what way? > and derivative, Technically, it wasn't derived from anything directly, or for that matter even indirectly. However, since there's nothing new under the sun, similarities exist...with your material as well. Consider this a bow to you, I suppose. > I don't think his advocacy of AP constitutes a direct threat to anyone. Even so, given how much noise we've been hearing out of DC on the subject of the Internet, digital cash, and good encryption, I'd say SOMEBODY is getting a bit worried. I haven't exactly been keeping this stuff a secret: What do you think their reaction has been, so far? When those government-types start considering various scary scenarios, what do you think they are imagining? >He is not actually setting up the betting markets which >would make AP more of a reality, Not quite yet, anyway. I'm very disappointed to have waited over a year for some slick lawyer to show me how I'd be violating some law or another to do so. >nor is he calling for the killing of any particilar persons. I generally don't feel the need to name specific people. I'm sure each reader has his own pet list to fall back on. >* Fourth, merely discussing alternative political systems is not enough to >trigger legal action, at least not today. Wait a year or two. Jim Bell jimbell at pacifier.com From jimbell at pacifier.com Thu Jun 6 08:37:54 1996 From: jimbell at pacifier.com (jim bell) Date: Thu, 6 Jun 1996 23:37:54 +0800 Subject: is the list active?? Message-ID: <199606061023.DAA01890@mail.pacifier.com> At 09:36 PM 6/5/96 -0500, Syl Miniter wrote: >I recently re-subscribed --several days ago and have not received any >traffic??? >I am wondering if the list is still active as I checked and I am subscribednso >I am sending this note to this list to test if anyone is out there There are many dozen messages per day on CP. Jim Bell jimbell at pacifier.com From unicorn at schloss.li Thu Jun 6 09:21:16 1996 From: unicorn at schloss.li (Black Unicorn) Date: Fri, 7 Jun 1996 00:21:16 +0800 Subject: Terrorism Hysteria on the Net In-Reply-To: Message-ID: On Wed, 5 Jun 1996, Rich Graves wrote: > On Wed, 5 Jun 1996, John Young wrote: > > > Today's USA has a pair of front page stories: > > > > They lay out the nightmares and the valiant TLA-daydreams to out-fund the > > hackers and out-flummox the public. > > > > > > "You bring me a select group of hackers and within 90 days I'll bring this > > country to its knees, " says Jim Settle, retired director of the FBI's > > computer crime squad. > > He says that as if it were a bad thing... > > > "The threat is there, it's very real," says CIA General Counsel Jeffrey > > Smith. "If we have a Unabomber who decides to launch an attack with a PC > > instead of a bomb, (there could be) real damage." > > Actually, he's probably right. If all the cypherpunks, say, turned "bad," > there'd be no government and no economy, because so many big systems are so > insecure. One could make the case that this would actually make the United States (if c'punks concentrated their attentions there) the most data secure country on the planet over time. --- My preferred and soon to be permanent e-mail address:unicorn at schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information Opp. Counsel: For all your expert testimony needs: jimbell at pacifier.com From frissell at panix.com Thu Jun 6 12:52:25 1996 From: frissell at panix.com (Duncan Frissell) Date: Fri, 7 Jun 1996 03:52:25 +0800 Subject: FOR WHOM THE BELL TOLLS Message-ID: <2.2.32.19960606105442.00a0ef34@panix.com> At 09:55 PM 6/5/96 -0700, Bruce Baugh wrote: >Do I really have to point out that London was writing the better part of a >century ago, in a substantially different legal and cultural environment? >(Heck, his socialism made more trouble for him than anything else.) It was more restrictive in censorship terms than our current environment. >>Advocating the general practice of killing one's opponents is as legal as >>church on a Sunday. The War College (or is it the NDU these days) does it >>all the time. > >And they, of course, are The Government, who Protect Us from the Evil >Terrorists. Ditto for the heroic BATF agents who only burn bad nasty >terrorists, honest. And all the rest. But I can advocate killing commies too. It's like when this dumb California (State) Senator advocated outlawing groups that advocate violence back in 1980 or so, I pointed out that the Public Schools and the Army were then doomed since both of these groups "advocate violence." Obviously the California State Senate "advocates violence" as well in the enforcement of laws. Military types even plan war against friends. The War Department developed Plan Red in the '20s for a war with the British Empire. Called for an amphibious assault on Halifax and a tank assault via Buffalo to secure Toronto as part of a conquest of Canada. Note too that under the Nurenberg principles, I may be legally compelled (or legally permitted) to kill my superior officers or government leaders if they are committing war crimes. And even the Sainted Ronald Reagan and his government was convicted of war crimes by the International Court of Justice for mining the harbor that serves Managua, Nicaragua. (Air-sown mines.) 'War Crimes' are vague, meaningless, and ex post facto and thus justify quite a lot of enforcement actions in theory (which is why Senator Robert A. Taft opposed US participation in the Nurenberg trials. "Yes, your honor, I'd like to pay taxes and everything but I'm afraid that I might risk conviction at future war crimes trials of aiding and abetting the criminal acts of my government." -- From 101 Flaky Anti Tax Arguments (which may become a web site if I can teach myself forms. >The rest of us (in the US) live in a country where the government can now >pretty much declare anyone they like terrorists, Just foreigners and such designation just affects fundraising. (I've often wondered why Hamas uses/used couriers for getting funds to Israel when Israel has a great ATM network with international links.) >and suspend habeus corpus on the flimsiest of grounds, The Anti Terrorism bill doesn't suspend Habeas Corpus it restricts mandatory federal court review of state convictions to one try. One can still submit an unlimited number of Petitions for Writ of Habeas Corpus and any state or federal court that wants to can grant one of them just as before. >and use evidence against foreigners that doesn't have to be presented to the accused, In deportation proceedings. And then they'll have to go to all the trouble of turning around and coming back like the other million illegal entrants a year. DCF From A5113643667 at attpls.net Thu Jun 6 13:50:30 1996 From: A5113643667 at attpls.net (Tom Jones) Date: Fri, 7 Jun 1996 04:50:30 +0800 Subject: Norton Eyes only Message-ID: <8BBE097C> Dear Cypherpunks, Has anyone been able to analyse the 'patent pending', 'on-the-fly' encryption in Norton's 'For your eyes only'? Peace.. Tom From gary at systemics.com Thu Jun 6 15:22:16 1996 From: gary at systemics.com (Gary Howland) Date: Fri, 7 Jun 1996 06:22:16 +0800 Subject: Security of PGP if Secret Key Available? In-Reply-To: Message-ID: <31B6C91D.28D95ABC@systemics.com> Mark M. wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > On Wed, 5 Jun 1996, Gary Howland wrote: > > > On Jun 3, 2:36, "Robert A. Hayden" wrote: > > > However, I got to wondering about the security of PGP assuming somebody > > > trying to read my PGPed stuff has my 1024-bit secret key. ie, if I have > > > it on my personal computer, and somebody gets my secret key, how much > > > less robust has PGP just become, and what are appropriate and reasonable > > > steps to take to protect this weakness? > > > > If the secret key is available then an attacker knows the length > > of p & q. Admittedly this will not usually help matters much, > > but I still feel that the lengths of p and q should be encrypted > > with the passphrase - perhaps in PGP3.0? (Derek?) > > I don't see how knowing the exact lengths of p and q will help matters much. That's what I said. There are however a few cases where it may help. Two that spring to mind are the brute force factoring of the BlackNet key - this may have been faster if half of the potential factors could have been ignored due to wrong key lengths (although I suspect this depends upon the factoring algorithm), and the other is that of identifying low quality keys with a small factor (perhaps generated by low quality software). > I don't think it will speed up the factoring time Again, I would say this depends upon the factoring algorithm. Gary -- pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From jya at pipeline.com Thu Jun 6 17:50:00 1996 From: jya at pipeline.com (John Young) Date: Fri, 7 Jun 1996 08:50:00 +0800 Subject: FTC_spy Message-ID: <199606061230.MAA16373@pipe2.t1.usa.pipeline.com> 6-5-96. WaPo and NYP: "Curbs on Cyberspace Ads Proposed." (WaPo) Should spam be jammed and cookies be crumbled on the Internet? Technologies with these gustatory short-hand names are at the heart of industry, consumer and government debate over privacy in cyberspace. The Federal Trade Commission brought together major Internet players for a two-day workshop examining the handling of personal consumer information on the Internet, including the practice of using "cookies." "Privacy is somewhat of a snake ... but a snake can be an opportunity," said Peter Harter, public policy counsel for Netscape. "Voluntary Rules Are Proposed For the Privacy of Internet Users." (NYP) But the proposal, made at a Federal Trade Commission hearing on personal privacy in the information age, drew fire from civil liberties groups and others concerned over privacy issues. They argued that self-policing by the industry would not restrain on-line abuses that they said already range from surreptitious monitoring of activities on the Internet to the illegal sale of personal credit histories over the Internet. FTC_pry From declan at well.com Thu Jun 6 19:34:13 1996 From: declan at well.com (Declan McCullagh) Date: Fri, 7 Jun 1996 10:34:13 +0800 Subject: NDcrypt available for Newtons Message-ID: ---------- Forwarded message ---------- Date: Wed, 5 Jun 1996 22:49:26 -0700 From: Tom Collins To: declan at well.com Subject: Revisiting an old subject... ** ENCRYPTION TOOL NOW NEWTON 2.0 SAVVY ** Geert Jadoul <76271.2121 at CompuServe.COM> reports that he has finally finished a Newton 2.0 savvy version of NDcrypt. NDcrypt 2.0 Light is an improved version of NDcrypt v1.6. It has become a US$15 shareware utility with a trial period of 4 weeks. After 4 weeks the "Encrypt" and "UnReadable" buttons will disappear until you fill in the registration code in the preferences window. You will still be able after 4 weeks to "Decrypt" notes or make them "Readable" again, so you will not lose any data. The name "NDcrypt 2.0 Light" also infers that Geert is working on a NDcrypt 2.0 Pro version. This version will have better incorporation of NDcrypt in the system; overview and search functions; and viewing Notes (decrypt a Note to view it but keep it encrypted in the Notes app). NDcrypt 2.0 Light is available at with the name "NDcry2Li.sit" and on Compuserve under "NOS 2.0 ONLY". Tom Collins|Innovative Computer Solutions| tom at newts.com| 1075 North Miller Rd., #142 | pagetom at newts.com| Scottsdale, Arizona 85257 | From adam at homeport.org Thu Jun 6 20:12:20 1996 From: adam at homeport.org (Adam Shostack) Date: Fri, 7 Jun 1996 11:12:20 +0800 Subject: Norton Eyes only In-Reply-To: <8BBE097C> Message-ID: <199606061700.MAA04547@homeport.org> Tom Jones wrote: | Has anyone been able to analyse the 'patent pending', 'on-the-fly' | encryption in Norton's 'For your eyes only'? Look for the export control warnings. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From adam at homeport.org Thu Jun 6 20:14:33 1996 From: adam at homeport.org (Adam Shostack) Date: Fri, 7 Jun 1996 11:14:33 +0800 Subject: USA on Feds Cyberteam In-Reply-To: Message-ID: <199606061707.MAA04567@homeport.org> Don't be silly. The government will just have two groups doing the same job. If we're lucky, we'll get a third set of identical advisories, one from CERT, one from KAYAK, and one from this new group. "Your tax dollars at work." Adam Alan Horowitz wrote: | | | Guess this puts that Carnagie Mellon-based outfit ("Computer Emergency | Response Team"?) off the govt contract teat. | | Or maybe they will continue to doa all the trenchwork under contract, but | people high up enough in the DC feeding chain to have their own PR | appendage, will take the credit? | -- "It is seldom that liberty of any kind is lost all at once." -Hume From bruce at aracnet.com Thu Jun 6 20:37:02 1996 From: bruce at aracnet.com (Bruce Baugh) Date: Fri, 7 Jun 1996 11:37:02 +0800 Subject: Kook of the Month Message-ID: <2.2.32.19960606160108.006c4794@mail.aracnet.com> Cypherpunks don't just write code, they engage in petty vote fraud! =-=-=-=-= From: mlegare at wetware.com (M. Legare, etc.) Newsgroups: alt.usenet.kooks,news.admin.net-abuse.misc Subject: KotM Winners for May 1996 - SOMEONE'S miffed! Date: 3 Jun 1996 16:05:12 GMT Organization: Castle Wetware's Western Keep Lines: 112 Message-ID: <4ov2fo$1mm at numbers.wetware.com> NNTP-Posting-Host: news.wetware.com Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Well... it's June and here we go with the Winners for May - at least I'm more on-schedule than I was for April... KOOK OF THE MONTH MAY 1996 - DMITRI VULIS (dlv at bwalk.dm.com) In one of the most HOTLY contested KotM races in the history of the award under my watch, Dmitri Vilus NARROWLY edged out vote taker Dave C (tale) Lawrence in a race that was right down to the wire. Let's recap: Dmitri Vulis nominated tale for KotM because tale was involved in a "conspiracy of thousands" to send out "forged rmgroup" messages for a newsgroup that Dmitri wanted to create. Dmitri then posted evidence of somewhat dunious validity, and someone nominated Dmitri. And the votes started pouring in. Some from congress.gov, some from algebra.com, some from bwalk.dm.com... hundreds of votes. Well, after an initial surge ahead by the tale backers, a DELUGE of email backing Vulis for KotM poured in, and, since I had to assume that ALL votes were valid (as Dmitri kept forging posts to misc.test in my name to show his displeasure at my INSINUATING that he might have forged any votes), Dmitri won by a narrow 30 vote margin! Vote Count: Dmitri Vulis - 428 votes David C Lawrence (tale) - 398 votes Ed McClosky - 18 votes Yehuda Silver - 9 votes Bill Palmer - 4 votes ellisd at netcom.com - 4 votes Mr SAM - 2 votes None of the Above - 3 votes George Conklin - 1 vote Rachel Ewing-Pace - 0 votes smokindude at aol.com - 0 votes Clueless Newbie of the Month for May 1996 - MARGE KRICK Marge won in a less vopulumnous but just as hotly contested race. As you may know, Marge is offering a list of ALL USNET NEWSGROUPS for a very reasonable price - JUST the thing we need, unless you know how to look at your ..newsrc file. Oops. Vote Count: Marge Krick - 12 votes Bill Byers - 11 votes Brian Dear - 7 votes John Turco - 7 votes None of the Above - 5 votes Hook Line & Sinker for May 1996 - NONE OF THE ABOVE Apparently, Charles "Chuckie Monster" Newman didn't impress enough people. Sorry, Charlie. Vote Count: None of the Above - 19 votes Charles "Chuckie Monster" Newman - 9 votes The Victor Von Frankenstein Memorial "Wierd Science" Award - THE USA PARLIAMENT Brainchild of politial mover and reformer James Ogle (joogle at netcom.com), the USA PAR is the ONLY "fair" and truly representative governing body in the US. Plan? Scheme? Deluded ravings? Well, several members of the USA PAR (who also post to alt.politics.greens) have voted to disband the USA PAR, to replace James Ogle as secretary, and a few dozen other self- destructive things, yet the ballots just keep rolling out... Vote Count: USA PAR - 19 votes Joly*s 4-Dimensional Speakers - 6 votes the Music Theory of Alber Silverman - 4 votes Church of Scientology (write-in) - 4 votes None of the Above - 15 Votes THE GOLDEN KILLFILE - DR. JAI MAHRAJ I'm not gonna explain, because if you don't know, you're better off. Check soc.culture.hawaiian and a few thousan related newsgroups. Vote Count: Jai Mahraj - 30 votes None of the Above - 13 votes the alt.religion.scientology spammer (write-in): 1 LAW DOCTOR JOHN GRUBOR (write-in): 1 Ted Holden (write-in): 1 OK. That's it for May. Nominees go to alt.usenet.kooks, and I'll have the new nominees post out soon. Oh, and by the way, if anyone sees ANYTHING that is nominally from me BUT is also cross-posted to misc.test, you have my express written permission to CANCEL that article. You know who you are. And no more naughty forgeries ok guys? Matthew Legare KotM Vote Wrangler From hallam at Etna.ai.mit.edu Thu Jun 6 20:38:41 1996 From: hallam at Etna.ai.mit.edu (hallam at Etna.ai.mit.edu) Date: Fri, 7 Jun 1996 11:38:41 +0800 Subject: [NOISE] Re: whitehouse web incident, viva la web revolution In-Reply-To: <2.2.32.19960606004349.006d8404@vertexgroup.com> Message-ID: <9606061632.AA03941@Etna.ai.mit.edu> >>it is an insult to the 10 million civilians >>murdered by Hitler to use the term facist simply as a term of abuse, >You insult everyone's intelligence by equating fascism to genocide. >Suggested reading on the origins, meanings and definition of fascism include >Friere, Foucault and even the damn Utne Reader among many others. Meeks was intending to link Clinton's crypto policy to Hitler's. I see no evidence from Meeks' style that he has read Foucault. If Meeks wanted to be effective he could have accused Clinton and Freeh of seeking to build a Stalininst secret police, or make such an organisation possible. It would probably be more accurate to link Freeh to Hoover and point out how such power has been abused in the US political system before. The point was that Meeks' article is not the type to advance our cause. It basically says "if you are a democrat you believe in cypto-control". Err yes, well done, you have just told half the country that they support the opposite policy to the one we are trying to get them to believe in. Plus Bush and Reagan advocated the same policy so he is also saying Republicans are against our cause. If you want you could reduce the ranks of those fighting for crypto regulations to be removed to members of the Libertarian party, but it would be more effective to widen the base. Phill From hallam at Etna.ai.mit.edu Thu Jun 6 20:43:55 1996 From: hallam at Etna.ai.mit.edu (hallam at Etna.ai.mit.edu) Date: Fri, 7 Jun 1996 11:43:55 +0800 Subject: whitehouse web incident, viva la web revolution In-Reply-To: Message-ID: <9606061643.AA03971@Etna.ai.mit.edu> > Call it what you will, the odds of 25 consecutive contracts > all showing a profit are miniscle, except under one set of > circumstances. << It is something like 1 chance in > 15 511 210 000 000 000 000 000 000. >> Rubbish, 2^25 is 33,554,432. How do you calculate your figures? Or do you just make 'em up as you go along? These are contracts which are expected to pay off more times that they are not, they are made on the advice of someone who is an expert in the area. The contracts are probably hedging each other in such a way that one contract or the other is likely to pay off. If you hit a favourable market for your strategy you can win big. Problem is that after a while others are likley to cotton on to your strategy. > Futures trading on contracts generally show a profit? > I guess you are talking about the person who sets up > the trades, and takes a commission on the trades, > regardless of who makes, or ( usually ) loses money. Yes, selling rather than buying. If you buy a contract to sell gold at price X the chances are that you will lose money most of the time. Many of the industries buying those contracts are doing so to protect their exposure to price fluctuations in raw materials. Selling contracts is in effect underwritting risk of market fluctuations, most times you expect to realise a profit, but if you lose you can loose very big indeed. BTW, I'm told that margin requirements for that market are 5%. So to sell $20,000 of contracts you only need to put down $1000. Phill From sclawson at bottles.cs.utah.edu Thu Jun 6 20:47:35 1996 From: sclawson at bottles.cs.utah.edu (steve clawson) Date: Fri, 7 Jun 1996 11:47:35 +0800 Subject: whitehouse web incident, viva la web revolution In-Reply-To: <31B5C131.167E@ai.mit.edu> Message-ID: <199606061652.KAA01488@bottles.cs.utah.edu> Hallam-Baker uttered: > I find Meeks' style somewhat tiresome. It is tabloid jornalism > rather than reasoned argument. His dislike for the Clinton is > well known - he recently accused the administration of being > fascist. Ok, I'm with you to here... > I know of no evidence that the Clinton administration > has a genocide policy, it is an insult to the 10 million civilians > murdered by Hitler to use the term facist simply as a term of abuse, > especialy if it is being used as a substitute for an argument. While I agree that merely branding Clinton a facist without backing it up is childish, I really don't see how it's `an insult to the 10 million civilians murdered by Hitler.' Come on now! Facist does not necessarily imply Hitler, or even Nazi. The term facist has roots that go at least as far back as the Romans, and I don't recall a `genocide policy' as a prerequisite to being facist at any point in history. Even if he had called Clinton a Nazi, how does that equate to insulting those killed by Hitler and his flunkies? Perhaps calling someone a Communist also is insulting everyone that Stalin killed? steve -- // stephen clawson sclawson at cs.utah.edu // university of utah From nCognito at rigel.cyberpass.net Thu Jun 6 20:49:17 1996 From: nCognito at rigel.cyberpass.net (Anonymous) Date: Fri, 7 Jun 1996 11:49:17 +0800 Subject: Electronic Signatures Message-ID: <199606061726.KAA05826@rigel.infonex.com> Some of the other info in the AP article seems to be coinciding with discussions on the list, so heres a less condensed version of the article. Are we still within the limits of the copyrights? God i hope so. :) ---------- Forwarded message ---------- TAMPA - Flroida now recognizes electronic signatures as legal and binding, however, working out the logistics to implement the new law may take some doing. Andrew Greenberg, an associate at a large Tampa law firm...says, the process saves time by using a computer to handle notary duties that used to be done by hand. he expects the mechanics of electronic certifaction to become simple enough for everybody to use. "It will be like the telephone - anybody can use it without thinking or knowing how it works," he said. Ted Barassi, chairman of the United States Council for International Business, is among a pool of experts Florida Secretary of State Sandra Mortham is expected to call on to set up the state's emerging electronic signature certifacation process. The law does not specify how an electronic document must be signed, but Barassi and others say it probably will mean coding the text and typed signature so they cannot be changed by anyone other than the writer. No on knows yet just how this will be done, but Mortham's own expert on the subject, Gene McGee, envisions a central database that tracks coded computer signatures for individuals and businesses. With Florida already a hub of Latin American trade, cybernotary lawyers could make the state a mecca for international trade, McGee predicts. _______________________________________________________________________ Its kind of scary when the best minds the state could find are so obviously without a clue. One of you politically involved folx could dig up addresses for some of our mis-representatives and forward them discussion from this list, maybe. :) Adios.. From jya at pipeline.com Thu Jun 6 20:51:44 1996 From: jya at pipeline.com (John Young) Date: Fri, 7 Jun 1996 11:51:44 +0800 Subject: InfoSec Spin Message-ID: <199606061713.RAA23573@pipe1.t2.usa.pipeline.com> 6-6-96. UST: "Businesses bypass law to fend off hackers." In cyberspace, where hackers are finding commercial computer systems easy prey, businesses are choosing to hire free-lance security teams rather than involve the law. A Senate subcommittee heard Wednesday from experts who described how businesses, concerned over negative publicity, avoid reporting hacker assaults on their networked computer system. "You stop the bad guy and send him to your competitor," said Dan Gelber, the committee's chief counsel. Senator Nunn asked the subcommittee staff to comment on an article in this week's Sunday Times of London that reported, "Cyberterrorists have amassed up to L400 million worldwide by threatening to wipe out computer systems" belonging to banks and brokerage houses if they refuse to pay a ransom. "While we can't confirm the entire story," said Gelber, "it is extremely consistent with what industry insiders tell us." http://pwp.usa.pipeline.com/~jya/fendof.txt ---------- UST had two editorials June 5 on encryption: one criticizing the administration's position, and another defending GAK by Sally Katzen with OMB. http://pwp.usa.pipeline.com/~jya/yeanay.txt From warlord at MIT.EDU Thu Jun 6 20:55:21 1996 From: warlord at MIT.EDU (Derek Atkins) Date: Fri, 7 Jun 1996 11:55:21 +0800 Subject: Security of PGP if Secret Key Available? In-Reply-To: Message-ID: <199606061756.NAA16447@toxicwaste.media.mit.edu> > If the secret key is available then an attacker knows the length > of p & q. Admittedly this will not usually help matters much, > but I still feel that the lengths of p and q should be encrypted > with the passphrase - perhaps in PGP3.0? (Derek?) PGPlib has an interface to encrypt the whole keyring, however that probably isn't going to be fully implemented unless time permits. This interface allows you to encrypt the WHOLE keyring in a passphrase, which includes not only the secret components, but the public components as well. However I don't know if I'll have the time to get to it. Enjoy! -derek From grafolog at netcom.com Thu Jun 6 21:05:45 1996 From: grafolog at netcom.com (jonathon) Date: Fri, 7 Jun 1996 12:05:45 +0800 Subject: whitehouse web incident, viva la web revolution In-Reply-To: <9606052133.AA03412@Etna.ai.mit.edu> Message-ID: Phill: On Wed, 5 Jun 1996 hallam at Etna.ai.mit.edu wrote: > You still don't understand, the $1000 is not the stake, it is merely the > deposit. The stake is Hillary's entire net worth, that is what she is betting Call it what you will, the odds of 25 consecutive contracts all showing a profit are miniscle, except under one set of circumstances. << It is something like 1 chance in 15 511 210 000 000 000 000 000 000. >> You expect us to seriously believe that somebody with virtually no knowledge of futures trading would not end up having to meet at least one margin call, in 25 trades? > trade that one would expect to make in an underwritting capacity > for a commodity market. > Steady profits on contracts which generally pay off. Futures trading on contracts generally show a profit? I guess you are talking about the person who sets up the trades, and takes a commission on the trades, regardless of who makes, or ( usually ) loses money. > So you think that the Republican's in Washington haven't figured out > what Perry Metzger has? Statistical proof is only accepted in academia. Depending upon your POV, this may or may not be a good thing, when one is facing civil, or criminal charges. Finding proof for either civil or criminal charges is a slightly different matter. > the US does. I have friends in both parties who have left the Washington > political scene because they don't think the game is worth the candle. The US Media is slightly less freindly towards politicians, than other countries. US Politicians are freindlier to each other, than politicians in other countries are. xan jonathon grafolog at netcom.com ********************************************************************** * * * Opinions expressed don't necessarily reflect my own views. * * * * There is no way that they can be construed to represent * * any organization's views. * * * ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * * * http://members.tripod.com/~graphology/index.html * * * *********************************************************************** From attila at primenet.com Thu Jun 6 21:07:38 1996 From: attila at primenet.com (attila) Date: Fri, 7 Jun 1996 12:07:38 +0800 Subject: Tell it like it is, Perry Message-ID: <199606061828.LAA23429@primenet.com> Addressed to: Cypherpunks Perry Metzger now, why would anyone want to send Perry a PerryGram? --Perry's prose is far too elegant to warrant criticism, particularly the closing remark! = Your attitude seems to be "you can't prove anything so you must assume = that they are innocent." My attitude is "I can't prove anything so = they can't go to jail, but that doesn't mean I have to believe that = they are innocent -- in fact, I'm an idiot if I believe that." = = > I think that given Perry's ad-hominem attacks and the fact that this = > has nothing to do with cryptography that its about time someone sent = > Perry a Perry-gram. = = Cypherpunks no longer is a cryptography mailing list. Its a sewer. = = Perry = -- When you can't say 'fuck,' you can't say 'FUCK THE CDA!' --Lenny Bruce rephrased From rah at shipwright.com Thu Jun 6 21:11:25 1996 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 7 Jun 1996 12:11:25 +0800 Subject: whitehouse web incident, viva la web revolution In-Reply-To: <199606051821.OAA12450@jekyll.piermont.com> Message-ID: At 4:18 PM -0400 6/5/96, hallam at Etna.ai.mit.edu wrote: > ObCrypto: Perry is only able to make allegations because the > financial markets are to a degree open. If anoymous cash takes > off and anonymous derivatives follow won't it make it easier to > conceal the type of dealings Perry alledges? Ah. Another bugbear emerges from the monster closet... Don't worry, Phill! I've put Jell-O all over the kitchen floor, and set the sofa on fire, too! That should hold it off until you can get under the magic covers! lub-DUB. lub-DUB. lub-DUB. lub-DUB. lub-DUB. ... I suppose it depends on what you call "open", eh, Phill? If by "open", you mean financial markets where, as Milton Freedman says, each new regulation raises the cost of entry and protects the surviving firms by killing their smaller competion with red tape, then we have "open" markets. If by "open", you mean that people can't purchase the attention of their favorite politician fair and square, without having to play zero-sum games with barnyard animals, then we have "open" markets. ;-). If by "open", you mean capital markets where we have industrial economies of scale because they're based on industrial communications technology, and thus no competition at all, then we have "open" markets. If by "open", you mean we have an ever-decreasing noose of surveillance, both by nation-states and by large government-created (see Fredman, above) oligopolies, then we have "open" markets. Nothing personal, Phill, but it does seem like it's more a question of what you're afraid of, than what *is*, right? Cheers, Bob Hettinga Now, where exactly *did* I put that chicken heart, anyway... lub-DUB. lub-DUB. lub-DUB. lub-DUB. lub-DUB. ... ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "If they could 'just pass a few more laws', we would all be criminals." --Vinnie Moscaritolo The e$ Home Page: http://www.vmeng.com/rah/ From rah at shipwright.com Thu Jun 6 21:28:24 1996 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 7 Jun 1996 12:28:24 +0800 Subject: DCSB Cocktails Over Back Bay Message-ID: --- begin forwarded text Date: 6 Jun 96 10:13:48 EDT From: "Julie Rackliffe" Subject: DCSB Cocktails Over Back Bay To: "dcsb" Sender: bounce-dcsb at ai.mit.edu Precedence: bulk Reply-To: "Julie Rackliffe" Greetings! As those who attended yesterday's lunch already know, We Have A Date! I am simply delighted to announce that Open Software Foundation has generously agreed to sponsor our first ever cocktail party for the Digital Commerce Society of Boston. I promises to be a memorable evening and I hope that you will plan to come, and please feel free to introduce a friend to this unique group. Our intention is that this event should be used as a networking opportunity in addition to getting some more people interested in DCSB (and, of course, expanding our mailing list!) So, here's the specifics: When: Thursday, June 20, 1996 5-8 pm Where: The Harvard Club, One Federal Street, 38th floor in The Lounge (sunset over the Back Bay will be featured!) Hot and Cold Hors D'oeuvres ala The Harvard Club and cool libations compliments of OSF and DCSB. What's the Catch?- No Catch! Just RSVP to me before June 17 Do Come! Julie Rackliffe The Computer Museum Annual Fund/Membership Manager 300 Congress St, Boston 02210 rackliffe at tcm.org 617.426.2800 X432 ******************************************************************************** The Walk-Through Computer 2000 is open! This is a "must see"! Museum Membership:SR/STU $25...IND $35...FAM $50...NON-PROFIT $250...LIB $500 Web Site: http://www.tcm.org ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To unsubscribe from this list, send a letter to: Majordomo at ai.mit.edu In the body of the message, write: unsubscribe dcsb Or, to subscribe, write: subscribe dcsb If you have questions, write to me at Owner-DCSB at ai.mit.edu --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "If they could 'just pass a few more laws', we would all be criminals." --Vinnie Moscaritolo The e$ Home Page: http://www.vmeng.com/rah/ From rah at shipwright.com Thu Jun 6 21:28:28 1996 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 7 Jun 1996 12:28:28 +0800 Subject: ALERT: Court decision expected soon in free speech case; spreadthe word! (fwd) Message-ID: Date: Wed, 5 Jun 1996 11:44:10 -0400 From: shabbir at vtw.org (Shabbir J. Safdar) To: Multiple recipients of list Subject: ALERT: Court decision expected soon in free speech case; spread the word! - ------ [Dear Friend-of-VTW, During our "Turn the Web Black campaign", you wrote us regarding that protest. Because of the success of that campaign, we are asking you to participate again in another net-campaign to draw attention to the upcoming decision in the lawsuit to challenge the net censorship legislation. This information is not widely available yet, and I would appreciate it if you did not redistribute this. Because you helped us out during the highly successful "Turn the Web Black" campaign, we are giving you advanced notice of this effort before we tell anyone else. -Shabbir J. Safdar, Voters Telecommunication Watch (www.vtw.org)] ======================================================================== __ _________ __ __ ____ ____ _____ \ \ / /_ _\ \ / / / / / ___| _ \_ _| Raise the roof \ \ / / | | \ \ /\ / / / / | | | | | || | for the Court's \ V / | | \ V V / / / | |___| |_| || | decision on net \_/ |_| \_/\_/ /_/ \____|____/ |_| free speech! Voters Telecommunications Watch / Center for Democracy and Technology JOIN TENS OF THOUSANDS OF NET USERS IN SPREADING THE WORD ABOUT THE FIRST RESULT OF THE FREE SPEECH LAWSUIT June 5, 1996 Redistribute (intact, please) only until June 28, 1996 - ------------------------------------------------------------------------ Table of contents News - A decision in the court case is near How to participate How will this campaign work? Press information on this event Background: what is the CDA? - ------------------------------------------------------------------------ NEWS - A DECISION IN THE COURT CASE IS NEAR The fate of the Internet and the future of the First Amendment in the information age hang in the balance. As early as this week, three federal judges in Philadelphia are poised to issue a ruling in the law suit challenging the Communications Decency Act (CDA), which restricts constitutionally protected speech on the Internet. Will the court rule that the CDA is unconstitutional? That the Internet is a unique communications technology that deserves the same First Amendment protections enjoyed by the print media? Or will the court side with Senator Exon, conservative "pro-family" groups, and the Justice Department who have argued that the government is the best judge of what material is appropriate online. Regardless of the outcome, the decision will have a profound impact on the future of the Internet as a medium for free expression, education, and commerce. JOIN TENS OF THOUSANDS OF YOUR FELLOW NETIZENS IN ANNOUNCING THE DECISION When the Communications Decency Act was signed into law by President Clinton on February 8, 1996, the World Wide Web went black in protest. When the decision in the historic legal challenge to the CDA is announced, join tens of thousands of your fellow netizens in spreading the word on the decision and its impact. This campaign follows in the steps of the Turn the Web Black campaign, which was a tremendous success. Believe it or not, many Internet users had only superficial knowledge about the proposed law and the enormous press coverage and online awareness afterwards mobilized large numbers of people. In addition to the online campaign, there are currently rallies planned for New York, press conferences from the CIEC and the ACLU, and a net campaign to raise awareness to the decision and the effects it will have on free speech. The result of the first CDA decision is an extremely important milestone in the fight for free speech online. Will the net look more like print, or more like Saturday morning television? - ------------------------------------------------------------------------ INSTRUCTIONS ON HOW TO PARTICIPATE: In anticipation of the decision, you can help keep your fellow Netizens informed on the latest news and participate in a dramatic demonstration when the decision is announced. 1. Add the following link *TODAY* in a prominent location on your web site:

A decision is near in the fight to overturn the Communications Decency Act.
Watch this image and follow the link for more information. 2. To let us know you have joined us, fill out the form at http://www.vtw.org/speech/ with your URL. A list of participating will be displayed. 3. Attend the online press conference with lead CIEC (Citizens Internet Empowerment Coalition) attorney Bruce Ennis on HotWired. More details are available on the WWW page. - ------------------------------------------------------------------------ HOW WILL THIS CAMPAIGN WORK? After you have added the link (above) to your page, an animated image signifying that a decision in the case is expected soon will be displayed on your site. By clicking on that image, visitors to your page can jump to a site containing the latest news and information on the case. As soon as a decision is announced, the image will be changed automatically (the update will happen at our server - you will not have to do anything), and Netizens throughout the entire global Internet will immediately be aware of the result (win or lose). By clicking on the updated image, visitors to your page will be able to obtain the text of the decision, analysis, and other relevant information. Until the decision is announced, there will be information about upcoming events and rallies on the VTW Free Speech page, http://www.vtw.org/speech/ - ------------------------------------------------------------------------ PRESS INFORMATION ON THIS EVENT For more information on this event, including press inquiries, please contact: Jonah Seiger, Policy Analyst, Center For Democracy and Technology (CDT) +1.202.637.9800 Shabbir Safdar, Online Representative, Voters Telecommunications Watch (VTW) +1.718.596.2851 - ------------------------------------------------------------------------ BACKGROUND: WHAT IS THE CDA? The Communications Decency Act was passed as part of the Telecommunications Reform bill in February 1996. The law seeks to protect minors from objectionable or sexually explicit material on the Internet by imposing stiff criminal penalties on the "display" of "indecent" or "patently offensive" material online. Opponents to the new law argue that while well intentioned, the CDA fails to account for the unique nature of the Internet, and that it will have a far-reaching chilling effect on constitutionally protected speech online. On a global, decentralized communications medium like the Internet, the only effective and constitutional means of controlling access to objectionable material is to rely on users and parents, not the government, to decide what material is or is not appropriate. Two lawsuits have been filed to challenge the constitutionality of the CDA in a Philadelphia federal court. The cases have been consolidated and an decision is expected in early June 1996. The cases have been brought, respectively, by The Citizens Internet Empowerment Coalition (CIEC), comprised of civil Liberties groups, libraries, Internet Service Providers, Commercial Online Service Providers, Newspaper, Magazine and Book Publishers, and over 45,000 individual internet users, and a coalition of civil liberties groups, authors, and others organized by the ACLU. Detailed information on the legal challenges, as well as information about the CDA, is available at the following web sites: Legal Challenges To The CDA - ---------------------------- * The ACLU - http://www.aclu.org/ * The Citizens Internet Empowerment Coalition (CIEC) - http://www.cdt.org/ciec Background Information On The CDA/Internet Censorship Issues - ------------------------------------------------------------ * The ACLU - http://www.aclu.org * Center for Democracy and Technology (CDT) - http://www.cdt.org * Electronic Frontier Foundation (EFF) - http://www.eff.org * Electronic Privacy Information Center (EPIC) - http://www.epic.org * Voters Telecommunications Watch (VTW) - http://www.vtw.org ======================================================================== ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "If they could 'just pass a few more laws', we would all be criminals." --Vinnie Moscaritolo The e$ Home Page: http://www.vmeng.com/rah/ From sjb at universe.digex.net Thu Jun 6 21:34:11 1996 From: sjb at universe.digex.net (Scott Brickner) Date: Fri, 7 Jun 1996 12:34:11 +0800 Subject: Multiple Remailers at a site? In-Reply-To: <19960604232157.2053.qmail@ns.crynwr.com> Message-ID: <199606061916.PAA07088@universe.digex.net> nelson at crynwr.com writes: >Scott Brickner writes: > > If the remailer does a good job with the delays and shuffling, then > > it becomes difficult for the analyst to match message a with > > message b, leaving him with what he already knew (that A and > > RemailerX have a common interest, as to B and RemailerX, but the > > interests may be wholly unrelated). > >Nope. Not if each of them runs a remailer. That's why mixmaster is >SO WONDERFUL. Aside from the fact that your point doesn't address mine, it doesn't address the issue. The "to" and "from" values that the traffic analyst will be using are the IP addresses in the packets. It doesn't matter whether mixmaster, cypherpunks, or penet remailers are used, they still use IP addresses. Retransmission delays slightly reduce the analyst's ability to correlate inbound and outbound messages. Mixmaster significantly reduces it, since all messages are the same size. Chaining (and mixmaster's inter-host mixing) means that the analyst needs to target more machines to get meaningful correlations. The discussion was about multiple remailers from multiple accounts on the same machine. The very existence of the remailer, independent of issues like shuffling and chaining, is supposed to eliminate identifying the originator by the content of the message. Message shuffling, delays, and chaining are entirely for the purpose of reducing the information available to the traffic analyst. If several remailers are running on the same machine, they may be treated as if there were only one remailer, for the purpose of traffic analysis. Getting more traffic going through them just makes the analysts job easier, because his statistical conclusions are stronger. From sandfort at crl.com Thu Jun 6 22:36:28 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Fri, 7 Jun 1996 13:36:28 +0800 Subject: Terrorism Hysteria on the Net Message-ID: <2.2.32.19960606164902.0072e3f0@popmail.crl.com> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ C'punks, At 05:35 PM 6/5/96 -0700, Rich Graves wrote: >Pooh-poohing the potential risk is not a winning proposition. Pointing out >that the government's policies against properly secure systems have created >this house of cards in which we live is. A classic case of government being a disease posing as its own cure. S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From unicorn at schloss.li Fri Jun 7 00:27:28 1996 From: unicorn at schloss.li (S. Logan vonBernhardi) Date: Fri, 7 Jun 1996 15:27:28 +0800 Subject: WWW servers. In-Reply-To: <199606062121.OAA07502@niobe.c2.net> Message-ID: On Thu, 6 Jun 1996 sameer at c2.org wrote: > > > > Does there currently exist a system which permits webservers to restrict > > access to clients who have a given certification? > > Yup. I was hoping you'd chime in. How about for macs? > > > > > What is the current certification practice? > > Use either VeriSign, or build your own CA. "Build your own CA" ? > > > > How easy is it to certify a given client? > > Rather easy, using XCert Sentry. Hmmm, how's it done? Included with the Apache package? > > > > Are webserver certifications sufficently secure today? > > "sufficiently" by whose definition? Yours. > > > > What are the best servers to use for secure web pages and certification > > currently in the United States? > > =) Stronghold: The Apache-SSL-US, coupled with XCert > Sentry. What else? Got a marketing package around? > -- > Sameer Parekh Voice: 510-601-9777x3 > Community ConneXion, Inc. FAX: 510-601-9734 > The Internet Privacy Provider Dialin: 510-658-6376 > http://www.c2.net/ (or login as "guest") sameer at c2.net --- My preferred and soon to be permanent e-mail address:unicorn at schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information Opp. Counsel: For all your expert testimony needs: jimbell at pacifier.com From hua at xenon.chromatic.com Fri Jun 7 01:12:51 1996 From: hua at xenon.chromatic.com (Ernest Hua) Date: Fri, 7 Jun 1996 16:12:51 +0800 Subject: NSA/CIA to snoop INSIDE the U.S.??? Message-ID: <199606061729.KAA18108@ohio.chromatic.com> What?! What the *@#!! is wrong with the people who supposedly smart people representing us?! Ern -------- From SJ Mercury: NET FEVER ON THE HILL Published: June 6, 1996 BY RORY J. O'CONNOR Mercury News Washington Bureau WASHINGTON -- The White House wants a coordinated task force to fight terrorism on the Internet. Some senators think the CIA should be allowed to work hand in hand with the FBI to fight computer crime on U.S. soil. Meanwhile, the federal courts are deciding a major First Amendment case that might ban certain information from the Net. The nation's capital is in the throes of Internet fever. For the past several months, the condition has become acute, and by the end of the year the Internet itself may look far different as a result: more tightly regulated, more carefully monitored and more expensive. The latest symptom: a suggestion Wednesday for the elimination of laws that prohibit U.S. intelligence agencies -- notably the National >>> Security Agency and the Central Intelligence Agency -- from snooping <<< >>> on home soil. The reason: The potential for computer crime and <<< terrorism is so great, and the Internet so decentralized and international, that police and the FBI must combine forces with spy agencies in order to successfully analyze the threat and investigate criminal activity. ''If we're going to live in this kind of world, we're going to have to link the intelligence world with law enforcement,'' said Sen. Sam Nunn, D-Ga. For many people in government who work on computer and law-enforcement issues, the course of the disease seems painfully slow. They often describe the Internet as the Wild West that's sorely in need of a good marshal. But for many people who use the Internet, the government's efforts are moving far ahead of any real knowledge of a technology that, two years ago, almost nobody had heard of. ''There are not dead bodies in the street,'' said Donna L. Hoffman, a professor at Vanderbilt University who studies the Internet. ''It just doesn't make sense to rush into legislation.'' [ SNIP ] From jf_avon at citenet.net Fri Jun 7 01:24:06 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Fri, 7 Jun 1996 16:24:06 +0800 Subject: [Off-Topic] "Curfews" Message-ID: <9606061850.AA10939@cti02.citenet.net> On 6 Jun 96 at 11:19, jim bell wrote: > >>I _do_ believe, however, that the number of people unjustifiably > >>targeted will be rather low. Retaliation is possible, in > >> that case. Sorry Jim, I did not get that at all in the past. I assumed a context where the inner workings of AP would not be well understood by the population while here, you seems to indicate that everybody would operate under the threat / deterrance of mutual anihilation principle. A argued that an impulsive guy might target somebody unjustifiably while I overlooked that he could think twice before doing so. But by his nature, being a violent or thug at heart, he will understand this "peace based on threat" maybe even better than a pacifist at heart. So, my arguments might not stand. Have any constructive comments? (hey, just play devil's advocate from time to time :) Ciao JFA DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal JFA Technologies, R&D consultants: physicists, technologists and engineers. PGP keys at: http://w3.citenet.net/users/jf_avon ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 From jeffb at sware.com Fri Jun 7 01:36:52 1996 From: jeffb at sware.com (Jeff Barber) Date: Fri, 7 Jun 1996 16:36:52 +0800 Subject: Micropayments: myth? In-Reply-To: <199606061924.MAA10732@netcom10.netcom.com> Message-ID: <199606070205.WAA20230@jafar.sware.com> Vlad the Imposter writes: > >Telephone companies have found billing to be a major bottleneck. > >By some estimates, up to 50% of the costs of a long distance call > >are for billing, and this is on the order of a $100 billion per year > >market worldwide. Internet providers have been moving to a flat fee in > >order to minimize these costs, even though this creates the incentive for > >network resource overusage. > > imagine a user who controls his own wallet. he knows when he is paying > from that wallet. you seem to have this idea that outsiders could > make queries to that wallet that would be hard for the consumer to > keep track of. this makes no sense to me. the wallet action will always > be tied with some other action. the user picks up the phone to dial > somewhere, and it says, "that will be .3c-- will you pay"? he says > yes. I'm sort of a neophyte when it comes to digital cash, micropayments and so forth but it seems to me that your example provides a fine platform for discussing the problem. How will you know the cost is .3c a priori? What's to stop me from saying yes to the .3c and staying on the line forever? If you disallow that, how? Will it cost the same amount if I'm not sending anything as it will if I'm sending a live video + audio feed? If so, what's to stop me from bundling my whole neighborhood's Internet traffic into this call? If not, how will you tell the difference without monitoring my usage and requiring me to pay for the additional bandwidth I use? Or are you saying that each IP packet will have an appropriately sized digital cash payment attached? That seems like too much overhead. And besides, that contradicts your idea that the user would explicitly approve each wallet access. It gets even worse if you're an ISP, you obviously can't sit there and approve each session that goes by (even if you could distinguish higher level session boundaries which you won't be able to do). Are you just to assume at the end of the day that everything worked perfectly and you received enough revenue to cover your costs without knowing anything about the payment/usage profiles of any of your customers? And how is the ISP's network provider to know how much to charge the ISP? -- Jeff From sameer at c2.org Fri Jun 7 01:36:57 1996 From: sameer at c2.org (sameer at c2.org) Date: Fri, 7 Jun 1996 16:36:57 +0800 Subject: WWW servers. In-Reply-To: Message-ID: <199606070241.TAA16588@niobe.c2.net> > > I was hoping you'd chime in. > How about for macs? I think WebStar/SSL does SSL, but I don't know if it does client auth. I doubt it though. Netscape Navigator 3.0b4 does client auth, if you need a client that runs on a mac. > > "Build your own CA" ? Yeah, my package (and XCert Sentry) has stuff to let your build your own CA, for your own company, or whatever. > Hmmm, how's it done? Included with the Apache package? > Xcert Sentry is a seperate product, sold by a seperate company. http://www.xcert.com/ > > Got a marketing package around? Not yet. http;//www.us.apache-ssl.com/ for now. -- Sameer Parekh Voice: 510-601-9777x3 Community ConneXion, Inc. FAX: 510-601-9734 The Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.net/ (or login as "guest") sameer at c2.net From nelson at crynwr.com Fri Jun 7 01:37:22 1996 From: nelson at crynwr.com (nelson at crynwr.com) Date: Fri, 7 Jun 1996 16:37:22 +0800 Subject: Electronic Signatures In-Reply-To: <199606061726.KAA05826@rigel.infonex.com> Message-ID: <19960606185840.9230.qmail@ns.crynwr.com> > > The law does not specify how an electronic document must be > signed, but Barassi and others say it probably will mean coding the text > and typed signature so they cannot be changed by anyone other than the > writer. Doh! So set up a business which certifies PGP signatures. What you do is take money from people in exchange for a sheet of paper which contains the PGP fingerprint, and a notarized copy of the person's driver's license, credit card, or whatever. Once you get that piece of paper, you sign the person's PGP key with your business's key. You certify that you have the piece of paper on file, and will provide it upon payment of some small fee. There. A signature registry. And you can even do it through a service like First Virtual, or Digicash or Cybercash. The only reason I haven't done it is because I have other business with a higher margin, and there's only so much Russell to go around. -russ http://www.crynwr.com/~nelson Crynwr Software | Crynwr Software sells packet driver support | PGP ok 11 Grant St. | +1 315 268 1925 voice | It's no mistake to err on Potsdam, NY 13676 | +1 315 268 9201 FAX | the side of freedom. From jimbell at pacifier.com Fri Jun 7 01:44:11 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 7 Jun 1996 16:44:11 +0800 Subject: FOR WHOM THE BELL TOLLS Message-ID: <199606070328.UAA19061@mail.pacifier.com> At 09:55 PM 6/5/96 -0700, Bruce Baugh wrote: >The rest of us (in the US) live in a country where the government can now >pretty much declare anyone they like terrorists, and suspend habeus corpus >on the flimsiest of grounds, and use evidence against foreigners that >doesn't have to be presented to the accused, and all sorts of fun stuff. But if that's true... >I don't think that my direst claims _will_ come true. But I don't think I'm >speculating anything that _can't_ happen, and I see much of it as >increasingly likely in the light of the ongoing furor over crypto and >related matters. If that's true (and I don't doubt that it is) doesn't that suggest to you that something serious needs to be done to fix the problem? >From a tagline: "If you always do what you have always done, you will always get what you've always got." If you say we shouldn't rock the boat because the bad guys might come, isn't it just possible that the REASON the "bad guys might come" is because we have not, in the past, adequately rocked the boat? My impression is that it is frequently the pacifist-types who get us into war, because they start the process out by tolerating actions by others that turn into more serious actions, etc. You know, the appeasers. Are you an appeaser? All I'm advocating is to set up a system which gives government-types a very stark choice: War or peace. Then let them make that choice. I predict they will choose peace. Jim Bell jimbell at pacifier.com From adam at homeport.org Fri Jun 7 01:49:28 1996 From: adam at homeport.org (Adam Shostack) Date: Fri, 7 Jun 1996 16:49:28 +0800 Subject: How can you protect a remailer's keys? In-Reply-To: Message-ID: <199606061724.MAA04605@homeport.org> I'm not sure that, even in theory spreading your key over multiple machines isa good idea. The issue to me is reliability. If you (the remailer op) have a single machine thats well secured, you can get a decent idea of its state at a given time. It is dependant on those things that the net depends on, DNS and IP being close to working. If the remailer is distributed, you've raised the work to maintain by a factor of N, and increased the probability of the machine being insecure by the same amount. You've also reduced reliability to that of the least reliable machine. The better model (imho) is to have 'co-processing' strong remailers in safe places. (I think Alex described these here a few months back; you have a firewall host that talks to the net, and a second machine attached to it which does the mixing, and passes messages back to the firewall for distribution. Adam Jim McCoy wrote: | Lance Cottrell writes: | > The best solution I could come up with (and was willing to write and use) | > is to specify the passphrase on the command line argument to the compiler | | This is little better than leaving it around in a plaintext file, a pass | or two with gdb on your binary and I have your private key. | | The "difficult, expensive, and pain in the ass code to write" solution that | I favor is to use secure multiparty computation to create the remailer. It | does not exist on a single host, but is rather the sum of a collection of | hosts running on widely seperated machines. It has the same type of drawback | as a per-execution password entered into a long-lived process (anyone with | root access to the host can yank it out of memory with little difficulty,) | but this is spread out across a larger collection of hosts, making the task | of actually getting the complete password somewhat difficult. Getting a | subset of the individual host passwords does not provide any partial | information about the collective password (similar to secret sharing.) | The other drawback is that certain operations can be very slow, you end | up emulating a circuit with a _very_ slow clock (8-10 Hz. Not MHz, not KHz, | but 8-10 ticks/second); as compensation you get a word-size that if | effectively infinite. I have to continue work on a subset of these methods | for a secure digital poker/card-playing system over the next couple of months | and if I have some spare time I might see just how difficult creating a | toolkit for building such virtual circuits really is... | OTOH, a secure PCMCIA or smart-card will probably end up being a better | practical solution. Yeah. -- "It is seldom that liberty of any kind is lost all at once." -Hume From tcmay at got.net Fri Jun 7 01:59:11 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 7 Jun 1996 16:59:11 +0800 Subject: FOR WHOM THE BELL TOLLS Message-ID: At 10:18 PM 6/6/96, Igor Chudov @ home wrote: >Jim McCoy wrote: .... >> As long as that person is not the President of the United States (at least >> for U.S. citizens.) This was the issue which initiated this thread, the >> implied threat made by our favorite nutcase. > >Are you sure? Can you cite references? From my readings on the 1st >amendments, any general kind of speech is legal, even if it advocates >killing certain officials, including us presidents. *If* instead of >general advocacy a person gave specific orders or concrete requests to >kill the prez, then it would not be speech. Please correct me if I am >wrong. * First, I disagree with Bruce Baugh's earlier comment that there is a nonzero chance this list could be "shut down." (Well, "nonzero" covers a _lot_ of numbers, but as it usually understood in hackerspeak, "nonzero" means "finite," and "finite" means "a credible chance." It is this with which I disagree.) There is virtually no chance that even fairly egregious threats would allow the government to "shut down" a public forum. Prior restraint and all that. I suppose there is some slight chance that John Gilmore could be held liable in some way for messages flowing through his "toad" machine, and that hence the instantiation of the Cypherpunks list _on toad_ could be affected. But I am skeptical even of this. In past cases where the government felt a newspaper or magazine had published or planned to publish material they felt was illegal ("The Progressive" and "The New York Times," for example), the ongoing operations of these newspapers were not stopped. (There may be cases people can dig up where some newspaper or newsletter was "shut down," but I think such cases would be hard to find in the last several decades. Am I wrong on this?) * Second, there are indeed various laws about threatening the President. And there are laws about directly threatening others as well. ("Directly threatening" is a fuzzy idea, which I don't plan to debate here.) However, recall that Senator Jesse Helms elliptically threatened President Clinton by saying that Clinton had probably better be wearing a bullet-proof vest if he ever visited Helms' part of the country. (Even the Republicans were shocked by this, and, I surmise, cast Helms into the outer darkness, as Helms has been keeping a low profile for the past 18 months.) * Third, while I am bored with Bell's "single note" point of view ("I have a solution for this") and while I feel his "assassination politics" is both naive and derivative, I don't think his advocacy of AP constitutes a direct threat to anyone. He is not actually setting up the betting markets which would make AP more of a reality, nor is he calling for the killing of any particilar persons. * Fourth, merely discussing alternative political systems is not enough to trigger legal action, at least not today. * Finally, there may be provisions in the Terrorism Act (don't know precise name, but Clinton signed it into law a few months ago) which could conceivably trigger having certain groups classified as "terrorist groups." The law is too new and too untested, I think, to have any implications for a mailing list such as ours. Frankly, the list is much likelier to die off from debates about fascism and Hillary's investments than it is to be "shut down" by government action. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From nelson at crynwr.com Fri Jun 7 02:19:17 1996 From: nelson at crynwr.com (nelson at crynwr.com) Date: Fri, 7 Jun 1996 17:19:17 +0800 Subject: FOR WHOM THE BELL TOLLS In-Reply-To: <199606070328.UAA19061@mail.pacifier.com> Message-ID: <19960607040506.11096.qmail@ns.crynwr.com> jim bell writes: > My impression is that it is frequently the pacifist-types who get us into > war, because they start the process out by tolerating actions by others that > turn into more serious actions, etc. You know, the appeasers. Are you an > appeaser? A quote from Donald Wetzel's book Pacifist: The pacifist is often asked what he would do in the event the United States were to be conquered by a hostile power. The assumption on the part of the questioner is almost always that we would simply assume the proper position in which best to have our asses kicked. I suggest that anyone who believes that such would be the pacifist response to the imposition in America of an oppressive, authoritarian rule--foreign or domestic--should consult the prison authorities that were in power when America's prisons were host to some six thousand pacifists. I am sure it will be found that we have not been forgotten. -russ http://www.crynwr.com/~nelson Crynwr Software | Crynwr Software sells packet driver support | PGP ok 11 Grant St. | +1 315 268 1925 voice | It's no mistake to err on Potsdam, NY 13676 | +1 315 268 9201 FAX | the side of freedom. From jimbell at pacifier.com Fri Jun 7 02:52:05 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 7 Jun 1996 17:52:05 +0800 Subject: OECD on Crypto Message-ID: <199606070342.UAA20358@mail.pacifier.com> At 10:22 AM 6/5/96 -0700, Mixmaster wrote: >OECD NEWS RELEASE - Paris, 10 May 1996 > >OECD EXPERTS BEGIN DRAFTING CRYPTOGRAPHY GUIDELINES > >Cryptography experts from OECD countries have begun drafting a >proposal for OECD Cryptography Policy Guidelines that governments can >use as a guide to formulate their national policies on encryption. > >Many governments are under pressure within their own countries to >develop a national position on cryptography, This is bullshit. If anything, it's exactly the opposite: It is the GOVERNMENTS and those who hold government jobs who are doing the "pressuring." I haven't seen more than a trickle of desire for a "national position on cryptography." What Internet-people want is the ELIMINATION of a "national position on cryptography," I think. >which is used in computer >technology to protect everything from product designs to health and >tax records and global correspondence. But the needs of global >technologies and applications require an international --rather than a >strictly national -- approach to policymaking. In other words, various Constitutions are getting in the way! Tough! > The fast-paced >development of the Global Information Infrastructure adds an element >of urgency. In other words, the governments are feeling that the situation is getting out of their control! Excellent, that's progress. > >The business community, individuals and national security and law enforcement >agencies are all pressing for encryption guidelines BULL! The businesses are saying, "Don't restrict crypto." The individuals are saying, "Don't restrict crypto!" So-called "law enforcement" agencies are saying, "We're losing control of the public! Where's '1984' when we need it!" > and the OECD will strive to >reflect the legitimate interests of all these groups as it drafts Guidelines. I don't think so. >The private sector is closely involved in drafting the Guidelines, >with business representatives from the Business and Industry Advisory >Committee (BIAC) participating at the meeting. Gee, what about THE INDIVIDUALS? You know, the ones you steal your tax money from? That's right, the peons. >The OECD meeting, which took place on 8 May, was hosted by the US >Department of State in Washington DC. That's because the USG is the most unhappy, because its Constitution is making it very difficult to ban crypto. It was held immediately after a >Second Business Government Forum on Global Cryptography Policy in >Washington DC on 7 May, which was cosponsored by the OECD, the >International Chamber of Commerce (ICC) and the Business and Industry Advisory >Committee (BIAC) to the OECD. It probably had a similar lack of participation by ordinary citizens and netizens. Do I detect a pattern here? > Two similar conferences took place in Paris in >December, when OECD countries and business representatives met for the >first time to discuss international cryptography policy. Probably because they had gotten wind a few months before of a serious potential danger to the continued hegemony of governments over the people. > >The process of drafting the OECD Cryptography Policy Guidelines will >continue at an experts meeting in June and is due for completion in >early 1997. It's already too late! >For further information, please contact Ms. Hiroko Kamata, OECD >Directorate for Science, >Technology and Industry (tel. 331 45 24 80 04 - fax. 331 45 24 93 32 - >e-mail. hiroko.kamata at oecd.org). Jim Bell jimbell at pacifier.com From rah at shipwright.com Fri Jun 7 03:02:37 1996 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 7 Jun 1996 18:02:37 +0800 Subject: Anonymous stock trades. In-Reply-To: <9606062327.AA04162@Etna.ai.mit.edu> Message-ID: *Damn*, I'm having *fun* today... At 7:27 PM -0400 6/6/96, hallam at Etna.ai.mit.edu got all "hermeneutic" on us: > Well, Milton Friedman's method for saving the whale is to leave it to the >free > market, if people want whales in the oceans they won't buy whale meat. >The point > that even if no US person eats whale, a few thousand "gourmets" in Japan >can eat > their way through the remaining stocks of many species in a few years >escapes > him. So forgive me if if find you authority somewhat less than compelling. Yes. And they're tasty, too. I try to eat animal at least once a day, whether I need it or not. According to your logic above, it seems that all species are *much* more important than man. But, with most "liberal" logic, there's a paradox here. Let's explore it bit, shall we, by looking at the other side of the balance sheet you just created? Tell me, Phill, what's *your* pricetag on a single *human* life? The entire gross global product is not enough? It's this kind of, well, muzzy-headed innumerate (yes, *Dr.* Hallam-Baker, *innumerate*) silliness that has our intellectuals believing the hoax, put convincingly enough to get published in "respected" academic places like "Social Text", that reality (physics, in this case) is optional. Can you say "Sophistry", boys and girls? I knew you could. No offense to the, er, numerate computer science people out there, but it seems that *Dr.* Hallam-Baker is living proof that you can get an entire *doctorate* in the field, and not learn to count. I hate to tell you *Dr.* Hallam-Baker, but Lamarck was wrong, too. Not to mention Lysenko. ;-). Reality, real, honest-to-god quantitative reality, is, in fact, not optional. > Adam Smith makes the point rather better in his analysis of monopolies >and how > they affect the market. But remember that although regulations may be >instituted > as protectionist mechanisms that is not the only purpose that regulations >are > introduced. You get what you pay for, Phill. The reason, and look it up, that we had monopolies in *this* country was the same reason that you had monopolies (and I count labor unions in this) in yours. They were bought and paid for out of the government trough. So much for the integrity of government. Frankly, I'd put myself in the hands of those eevill, greeedy, businessmen any day. Contrary to what they taught you in the Young Pioneers, or whatever passes for that on your side of the channel, governments not only screw things up, they kill. Hundreds of millions of people in this century alone. > > >If by "open", you mean that people can't purchase the attention of their > >favorite politician fair and square, without having to play zero-sum games > >with barnyard animals, then we have "open" markets. ;-). > > There are so many negatives in that sentence I can't figure out which way >you > are arguing. Certainly there are many senators, congressman etc who can be > bought for a contribution to their election fund or a huge advance on their > memoirs. Feh. You're just afraid of a little predicate calculus. That looks like perfect English to me. Even if it's pronounciation isn't quite "received". Personally, I agree with the Bard. Twain, of course. "A politician is someone who can take money from the rich and votes from the poor and keep his job." I suppose if The Earl of Oxford had said it, he'd change "job" for "head" in the last sentence, but, we live in America, where this decade's poor is last decade's rich, and vice versa. Or it least it used to be that way, before these innumerate Keynesians took over our economic "policy". ;-). "Poor me another Veuve Clicot, Corruthers. I think I have discovered another way to traitor my class." > >Nothing personal, Phill, but it does seem like it's more a question of what > >you're afraid of, than what *is*, right? > > No, it is a case of whether you are applying ideological judgements or >prepared > to analyse the system itself. Now, that's the pot calling the kettle black! Phill, we all know you're the biggest apologist the nation-state has ever had on this list. That's okay, 'cuz you're building the right technology, and someday you'll see the light. Say AMEN, Somebody!. Sorry. Got carried away in my techno-evangelism, there... The point is, Phill, you don't have to pollute the minds of all these avant-garde young cypherpunks with yesterday's news. I mean, you developed a double-jointed neck so you could look backwards and walk forwards (*how* does he keep from *tripping*, brothers and sisters! It'sa*miracle*sayhalelujia!), but it doesn't mean it's evolutionary advantageous, a future dictatorship of the proletariat notwithstanding. :-). > I do not believe in the idol of the free market. Ah. Hmm. Still doesn't get it, does he, folks. A market's not an "idol" to "believe in", Phill, it's this amazing stuff called "reality". It's really quite fun. You should try it sometime... > I > do not consider ecconomists to have justified the level of inane >self-satisfied > certainty about their field that they exude. Ah. *Your* economists, Phill. Top-down, *Keynesian*, er, crypto-Marxist, "control" the political-economy featherheads... The people who do *financial* economics, just like the people who do financial cryptography, *experiment* in markets, but they aren't fool enough to think that they can actually *control* them. Wake up and smell the coffee, Phill. There's a reason these boys have won all the Nobels, lately. Reality is not optional. Planned economies aren't, actually. > I was talking to a professor at the > Sloane school yesterday who made precisely this point. Ah. The Sloan school. That paragon of free market thinking. Probably *Dr.* Thurow, I bet, maybe even <*big* intake of breath> *Dr.* Samuelson? . Feh. By, the way, Phill, your appeals to authority are nothing short of amazing. *Dr.* Hallam-Baker. "*Sloane*" school economist. Feh, and double-Feh. Credentialism, like any appeal to authority, is the last refuge of the incompetant. We know *you're* not incompetant, Phill. Stop acting like somebody who is. > Deciding what is right implies an ethical judgement. Yup. Electrons, like prices, are actually ethical creatures, don't you know. Feh. Next thing he's going to tell us that there's a conciousness particle... By the way, don't start talkin' that "touch your inner child" stuff, Phill, or I'm gonna get a two-by-four to keep you off of *mine*... > Are you basing your > argument on Kantian or consequentialist assumptions? Ooooo... Deontological vs. teleological? Wow. A philosopher. Congrats, Phill. It *does* appear you're educated. At least through first year ethics... > I can argue either but > since most of my thesis is based on a logical positivist approach I'm far >more > sympathetic to the utilitarian point of view. The ganglia twitch. You're making my point for me! Just because you can do all the mental gymnastics of Gorgias (who maintained, by the way, that nothing exists) doesn't mean that reality's, er, optional. Remember, Phill, Gorgias is dead. Not very optional, eh? > The free market is not in itself an ethical basis - that would be >creating an > ought from an is. Ethical schmethical, Phill. The market, like the rest of physical reality, is *real*. It is not something to be "believed" in. If you have something I want, and I have something you want, we trade for it. There has been trade nearly as long has there has been human artifacts or commodities to trade with. Hell, trade happens at the *cellular* level, for christsakes, with stochastic process, markets, if you will. How do you think oxygen transport works? Market-driven chaos. It's an economy. Feh! Like Phillip K. Dick said, "Reality is that which, when you change your mind, doesn't go away." Markets are as real as next month's rent, Phill. > The problem which libertarian idelogues are affraid to face up > to is that markets have required regulation to keep them open and free. "Tha's all right, darlin'. I'll only put the head in." Or, as they say (ooo, this is great!) on the gates of Auschwitz, "Arbiet Macht Frei". Work makes you free. Freedom is Slavery, right Phill? Read any Hayek lately? I thought not... > Its all > very well for people to jump up and down, stampt their feet and claim the > opposite but this is what every government in the free world believes. Yup. You're right, there. Every government, especially the most unfree, believe that markets can be, *must* be controlled, to make us "free". Notice the harder they try to "control" markets to make us "free", the more they control *us*? Eventually they control us so much there's no more market, Phill. Make sense now? I'll give you a hint. It's called "reality", and it's not "optional", much less "ethical". > The > effects of deregulation in the savings and loans area make it unlikely any > further experiments in that area will be tried for a while. This is marvellous. You're making a mobius of yourself! Don't try so hard, Phill, and you might figure this out. Look, Phill, you've taken logic, right? Remember the informal fallacy called "false cause"? An increase in bananna consumption causes suicide? (If you don't believe me, look at the statistics! I swear! ;-)) Actually, the above line looks more like "Post hoc, ergo propter hoc". Yup, all that first-year logic was good for something. Plain old circular reasoning. Just like the mobius strip you made of yourself, Phill. Put that double-jointed neck to better use. You could hurt yourself with these mental contortions... The reason that deregulation caused so much of a problem in the savings and loan "industry", was because the "industry" was a creature of government, which couldn't survive, you guessed it, Phill, "reality". If you ignore markets, like any other natural force (like, say gas laws, or thermodynamics, or gravity) you get slapped. Hard. Reality is not optional. The entire financial system of this country has had to be unwound from all the regulations that people "controlling markets to make us free" bound them up in. Starting in the early 70's with the deregulation of brokerage commissions, through the breaking down of the two equivalents of the Bamboo (the creation of the savings and loan "industry") and the Iron (the Glass-Steagal Act) curtains, and, now, the abolition of interstate banking regulation, (with the internet, you're halfway to anywhere, much to the relief of our friends in Kentucky) we are starting to have free financial markets in this country for the first time since we started "consolidating" it to make it more "efficient" by both the trusts and the trust-busters, who were really two sides of the same coin: oligopoly and state control. You just keep it up, Phill. I'm having a great time, here. As we used to say in Missouri, I haven't had this much fun since the hogs ate my little brother. Next? Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "If they could 'just pass a few more laws', we would all be criminals." --Vinnie Moscaritolo The e$ Home Page: http://www.vmeng.com/rah/ From nelson at crynwr.com Fri Jun 7 03:29:57 1996 From: nelson at crynwr.com (nelson at crynwr.com) Date: Fri, 7 Jun 1996 18:29:57 +0800 Subject: Multiple Remailers at a site? In-Reply-To: <19960604232157.2053.qmail@ns.crynwr.com> Message-ID: <19960607042143.11138.qmail@ns.crynwr.com> nelson at crynwr.com writes: > Scott Brickner writes: > > The "to" and "from" values that the traffic analyst will be using > > are the IP addresses in the packets. It doesn't matter whether > > mixmaster, cypherpunks, or penet remailers are used, they still use > > IP addresses. > > Sure *does* matter. There's no computationally feasible way to > associate one mixmaster message with another. The only way you can > get a clue is by analyzing who sends mail into and out of the > mixmaster system. If both of your endpoints are within the mixmaster > system, you have no entering or exiting mail to analyze. It doesn't > matter if the mixmaster remailers are on the same or different systems. Scott indicates, in private mail, that he needs another, clearer, explanation. Okay, here goes: A is sender, B is recipient, M is mixmaster remailer network, W is watcher. A Mixmaster system (there can be more than one, although there is currently only one published Mixmaster system of remailers) acts as a single node for the purposes of traffic analysis. Imagine, if you will, a remailer that everyone trusts implicitly. Why would you need any other remailers?? All W can see is incoming mixmaster messages (lets you identify A), and outgoing ASCII messages (lets you identify B). If W can correlate traffic between A and B, he does it by watching what happens between A and B, not being privy to the internals of M. Now obviously there is no single trustable M. So, you create many Ms, who move traffic between themselves. Let's assume that only one of them is trustable (M') and happens to be used by A to send a message to B. W STILL doesn't know what happens inside M' and has no more information about the correlation between the message sent by A and the message received by B than in the first case. Do you see now, Scott? Adding mixmasters doesn't need to make traffic analysis harder (it does, but it doesn't need to). It makes finding an M that you trust easier. And to that end, it doesn't matter if those mixmasters are all running on the same host or not. Now, my point about increased security by sender and/or receiver running a Mixmaster remailer is that W has an easy time identifying A and B because he can see that A sends a mixmaster message, and B receives an ASCII message from a mixmaster remailer. If either A or B is running a mixmaster, W is denied knowledge that A or B even exists. He MUST assume that anyone running a remailer is receiving or sending some or all of the messages. Message counting (looking for a delta implying an internally received or transmitted message) is no help. Since mixmaster happily ignores bogus messages, I could receive a message, fill its packets with junk, send them one or more hops, and let someone *else* be under suspicion of having received a message. As an aside, the TLAs *are* looking for A's and B's. They spend millions of dollars a year on telephone traffic analysis. We MUST assume that they would spend tens of thousands of dollars a year on email traffic analysis. -russ http://www.crynwr.com/~nelson Crynwr Software | Crynwr Software sells packet driver support | PGP ok 11 Grant St. | +1 315 268 1925 voice | It's no mistake to err on Potsdam, NY 13676 | +1 315 268 9201 FAX | the side of freedom. From rah at shipwright.com Fri Jun 7 03:33:07 1996 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 7 Jun 1996 18:33:07 +0800 Subject: <> (June 6, 1996) Reality Check Message-ID: Speak of the devil... Cheers, Bob Hettinga --- begin forwarded text To: DAILY DOSE From: VitaminB Date: 6 Jun 96 20:31:04 Subject: <> (June 6, 1996) Reality Check Mime-Version: 1.0 Vitamin B: Your Daily Dose of Bionomics June 6, 1996 Reality Check Everyone knows that you can't predict the future. The question is: Can traditional economics understand the present? Not too many years ago, on the eve of the collapse of the Soviet Union, the leading economics textbook had this to say: "The Soviet economy is proof that, contrary to what many skeptics had earlier believed, a socialist command economy can function and even thrive." -- Paul A. Samuelson, Professor emeritus, MIT (in Samuelson & Nordhaus, Economics, 1989) We wonder what "conventional wisdom" of 1996 will prove to be as, ummm, quotable in the not too distant future. --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "If they could 'just pass a few more laws', we would all be criminals." --Vinnie Moscaritolo The e$ Home Page: http://www.vmeng.com/rah/ From jimbell at pacifier.com Fri Jun 7 03:52:18 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 7 Jun 1996 18:52:18 +0800 Subject: SF Bay Area Physical Cpunks Meeting, June 8th, Stanford Turing Aud Message-ID: <199606070520.WAA26866@mail.pacifier.com> At 07:15 PM 6/6/96 -0700, Just Rich wrote: >This Saturday, Turing Auditorium, Noon-5. Unrestricted Ethernet >connectivity (both thinnet and 10BaseT) will be available; email me for an >IP address. Turing Aud has a Mac and a PC on the Net connected to an >EXCELLENT presentation system. If you have something you'd like to show >off, this is the place, and we're still short on topics. > If you have a GPS receiver, head for 37.4296875N 122.1783752E. That's specified to a resolution of about 2/5 of an inch. If everyone heads to this exact spot, it's going to be a VERY friendly meeting! Jim Bell jimbell at pacifier.com From nelson at crynwr.com Fri Jun 7 04:06:22 1996 From: nelson at crynwr.com (nelson at crynwr.com) Date: Fri, 7 Jun 1996 19:06:22 +0800 Subject: Multiple Remailers at a site? In-Reply-To: <19960604232157.2053.qmail@ns.crynwr.com> Message-ID: <19960607045419.11244.qmail@ns.crynwr.com> Sorry to be following up to my own message Yet Again, but I see a hole in my analysis that needs patching. If you have a mixmaster host M, with certain characteristics (latency, reordering, and traffic volume), that is NOT identical in security to a mixmaster network M with identical characteristics, but in which some hosts are not trustable. The non-trustable host(s) keep track of their latency, reordering, and traffic volume, so it's removed from the characteristics of the network above. Therefore, to keep the characteristics of the trusted host constant when converting into a partially trusted network, each of the individual hosts needs to increase their parameters by some amount (which amount someone else will have to contribute, cuz I have no clue and need sleep). -russ http://www.crynwr.com/~nelson Crynwr Software | Crynwr Software sells packet driver support | PGP ok 11 Grant St. | +1 315 268 1925 voice | It's no mistake to err on Potsdam, NY 13676 | +1 315 268 9201 FAX | the side of freedom. From adamsc at io-online.com Fri Jun 7 04:17:50 1996 From: adamsc at io-online.com (Chris Adams) Date: Fri, 7 Jun 1996 19:17:50 +0800 Subject: Clipper III analysis Message-ID: <199606070506.WAA20841@toad.com> On 29 May 1996 14:53:30 pdt, tcmay at got.net wrote: >> A good Questioned Document Examiner will be able to demonstrate >> that the signed document in question was not authored by Joe >> Blow, even if it contains his digital signature. > >I was of course talking about digital signatures, not handwritten signatures. > >I would be very interested to hear how a "Questioned Document Examiner" can >possibly determine that a digital signature was not applied by a particular >person. I believe he was referring to document analysis. By closely comparing a questionable work with those of known authorship, a skilled analyst can hopefully find enough [dis]similarities to say whether a document was authored by a given person. This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. From adamsc at io-online.com Fri Jun 7 04:25:32 1996 From: adamsc at io-online.com (Chris Adams) Date: Fri, 7 Jun 1996 19:25:32 +0800 Subject: Fwd: subscribe cyberwire dispatch Message-ID: <199606070508.WAA20911@toad.com> ==================BEGIN FORWARDED MESSAGE================== >From: "Chris Adams" >To: "brock at well.com" >Date: Thu, 06 Jun 96 15:37:46 >Reply-To: "Chris Adams" >Priority: Normal >X-Mailer: PMMail 1.5 UNREGISTERED SHAREWARE >MIME-Version: 1.0 >Content-Type: text/plain; charset="us-ascii" >Content-Transfer-Encoding: 7bit >Subject: subscribe cyberwire dispatch > subscribe cyberwire dispatch If this account belongs to an actual human, my apologies for treating you like a mailerbot. This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. ===================END FORWARDED MESSAGE=================== /* From Chris Adams on a Warped PC running a proudly unregistered (for now) PMMAIL 1.5! The Enigman Group - We do Web Pages! */ This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. From adamsc at io-online.com Fri Jun 7 04:29:12 1996 From: adamsc at io-online.com (Chris Adams) Date: Fri, 7 Jun 1996 19:29:12 +0800 Subject: Fwd: Re: [crypto] crypto-protocols for trading card gam Message-ID: <199606070508.WAA20910@toad.com> ==================BEGIN FORWARDED MESSAGE================== >From: "Chris Adams" >To: "cypherpunks" >Date: Thu, 30 May 96 01:22:36 >Reply-To: "Chris Adams" >Priority: Normal >X-Mailer: PMMail 1.5 UNREGISTERED SHAREWARE >MIME-Version: 1.0 >Content-Type: text/plain; charset="us-ascii" >Content-Transfer-Encoding: 7bit >Subject: Re: [crypto] crypto-protocols for trading card gam > On 29 May 1996 18:57:58 pdt, alanh at infi.net wrote: >What _did_ Solitaire do for Windows 3.1? Distract the attention of >the unwashed masses away from the actual merits of the beast? Actually, I believe it covered a direct lack thereof. (Of course, you could have been intending this in a heavily sarcastic form. In that case, I agree entirely) This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. ===================END FORWARDED MESSAGE=================== /* From Chris Adams on a Warped PC running a proudly unregistered (for now) PMMAIL 1.5! The Enigman Group - We do Web Pages! */ This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. From jamesd at echeque.com Fri Jun 7 04:34:44 1996 From: jamesd at echeque.com (jamesd at echeque.com) Date: Fri, 7 Jun 1996 19:34:44 +0800 Subject: whitehouse web incident, viva la web revolution Message-ID: <199606070652.XAA25256@dns1.noc.best.net> I wrote: > As usual you display profound ignorance of history and politics. Oops! This entire "fascism is a form of socialism" thread started in a troll by Detwieler --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From frantz at netcom.com Fri Jun 7 04:48:29 1996 From: frantz at netcom.com (Bill Frantz) Date: Fri, 7 Jun 1996 19:48:29 +0800 Subject: Micropayments: myth? Message-ID: <199606070553.WAA28796@netcom7.netcom.com> At 10:05 PM 6/6/96 -0400, Jeff Barber wrote: >Or are you saying that each IP packet will have an appropriately sized >digital cash payment attached? That seems like too much overhead. >And besides, that contradicts your idea that the user would explicitly >approve each wallet access. > >It gets even worse if you're an ISP, you obviously can't sit there >and approve each session that goes by (even if you could distinguish >higher level session boundaries which you won't be able to do). Are >you just to assume at the end of the day that everything worked >perfectly and you received enough revenue to cover your costs without >knowing anything about the payment/usage profiles of any of your >customers? And how is the ISP's network provider to know how much to >charge the ISP? I think I'm starting to sound like a broken record, so I'll stop with this post. Some of the issues you are discussing are addressed by the Digital Silk Road proposal from Norm Hardy and Dean Tribble. See: http://www.agorics.com/agorics/dsr.html Bill ------------------------------------------------------------------------ Bill Frantz | The CDA means | Periwinkle -- Computer Consulting (408)356-8506 | lost jobs and | 16345 Englewood Ave. frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA From grafolog at netcom.com Fri Jun 7 04:49:06 1996 From: grafolog at netcom.com (jonathon) Date: Fri, 7 Jun 1996 19:49:06 +0800 Subject: whitehouse web incident, viva la web revolution In-Reply-To: <9606061643.AA03971@Etna.ai.mit.edu> Message-ID: Phill: On Thu, 6 Jun 1996 hallam at Etna.ai.mit.edu wrote: > > circumstances. << It is something like 1 chance in > > 15 511 210 000 000 000 000 000 000. >> > Rubbish, 2^25 is 33,554,432. How do you calculate your figures? You have one chance in three, of showing a profit, in one trade. For 25 consecutive trades to show a profit it is 1 chance in 3^25. << Slightly lower than my original 25!, which is what the odds are, if the trades have to occur in a specific sequence. >> > If you hit a favourable market for your strategy you can win big. _If_ is the operative word there. > Problem is > that after a while others are likley to cotton on to your strategy. Or in Hillary's case, no strategy at all, just pure, dumb luck that she caught all those successfull trades, and then quit. Can anybody replicate her trades, on any futures market, and gain anything close to the success she had? xan jonathon grafolog at netcom.com ********************************************************************** * * * Opinions expressed don't necessarily reflect my own views. * * * * There is no way that they can be construed to represent * * any organization's views. * * * ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ * * * http://members.tripod.com/~graphology/index.html * * * *********************************************************************** From rich at c2.org Fri Jun 7 04:53:46 1996 From: rich at c2.org (Just Rich) Date: Fri, 7 Jun 1996 19:53:46 +0800 Subject: SF Bay Area Physical Cpunks Meeting, June 8th, Stanford Turing Aud Message-ID: This Saturday, Turing Auditorium, Noon-5. Unrestricted Ethernet connectivity (both thinnet and 10BaseT) will be available; email me for an IP address. Turing Aud has a Mac and a PC on the Net connected to an EXCELLENT presentation system. If you have something you'd like to show off, this is the place, and we're still short on topics. Graphical actualizations of ideas raised at the last meeting regarding crypto GUIs would be one way to use the space. The agenda is rather slim... Hugh was working on it, but nobody seems to have anything to say. If we get really desperate for ideas, I might end up talking about what I've REALLY been doing for the last five months. Dave Harman will probably miss this one, but he's still invited. Long, anal form of the directions follows. -rich When: June 8th, Noon-5. Where: Turing Auditorium, Stanford University. Directions and maps below. Your Hosts: Hugh Daniels , speaker wrangler/emcee Rich Graves , venue/den mother/fucking * Amenities: * Seating for 100 (should be enough) * Plenty of white boards * Air conditioning * High-end Mac and Windoze PC on the Internet, both hard-wired into an EXCELLENT projection system, 800x600x16-bit or so * Open 10Base2 and 10BaseT Ethernet drops for your laptop, no firewall to Net; email rich at c2.org for IP address * One analog phone * NO munchies within 5 minutes' walk, but Rich will bring bagels * NO plugging your own laptops into the projection system; however, the Mac will have an X server and, of course, web clients Dinner: Fanny & Alexander's? Or Jing Jing again? Directions: If you have a GPS receiver, head for 37.4296875N 122.1783752E. If you have excellent hearing, call 415-853-9080 and follow the ringing. Or, get to Stanford's Campus Drive via 280-Sand Hill or 101-El Camino Real-Embarcadero. From 280, take Campus Drive left (clockwise). From 101, take Campus Drive right (counterclockwise). Turn South (centripetal) at Panama Street and take an immediate left into the Jordan Quad parking lot (empty on weekends). Walk between Pine and Redwood Halls to Polya. Turing is between Polya and Cypress. It doesn't appear on most campus maps, but it's there, honest. Entrance to Turing Auditorium is by the Pac Bell payphone sign. Maps: http://www-leland.stanford.edu/group/Transportation/PGrid4.html (parking) http://www.stanford.edu/gifs/campus.1620-63-4.gif (800K campus map) http://www.stanford.edu/home/visitors/vicinity.html (note: upside down!) Socialized transportation: CalTrain to the Palo Alto station; 20-minute walk or arrange to be picked up by a local. 7F bus. See http://www.stanford.edu/group/Transportation/ -rich quidquid latine dictum sit, altum viditur From adamsc at io-online.com Fri Jun 7 04:54:55 1996 From: adamsc at io-online.com (Chris Adams) Date: Fri, 7 Jun 1996 19:54:55 +0800 Subject: Where does your data want to go today? Message-ID: <199606070509.WAA20975@toad.com> On 30 May 1996 07:56:26 pdt, EALLENSMITH at ocelot.Rutgers.EDU wrote: >From: IN%"mclow at owl.csusm.edu" "Marshall Clow" 29-MAY-1996 19:18:31.60 > >>* Why encrypt before compression? If the encryption is any good, then the >>encrypted data won't compress much at all. However, compression before >>encryption has its own problems. > > What problems does compression before encryption have? It at least >seems to work for PGP. The most significant would be the presence of a compression header (what has the data telling how to decompress a datastream). If you leave this in (for instance, assuming you were to use PKZIP (STUPID!) you would have PK as the first two bytes EVERY TIME!) you give your codebreaker a HUGE advantage. You can bypass this by removing ANY information which isn't message specific and standardizing on one compression method. Alternately, you could use your session key to encrypt a length word and then pad the start (and end) with a string of random characters. This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. /* From Chris Adams on a Warped PC running a proudly unregistered (for now) PMMAIL 1.5! The Enigman Group - We do Web Pages! */ This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. From jf_avon at citenet.net Fri Jun 7 04:56:05 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Fri, 7 Jun 1996 19:56:05 +0800 Subject: [Off-Topic] "Curfews" Message-ID: <9606070544.AB18682@cti02.citenet.net> On 6 Jun 96 at 17:55, jim bell wrote: > At 02:47 PM 6/6/96 +0000, Jean-Francois Avon wrote: > >On 6 Jun 96 at 11:19, jim bell wrote: > > > > > >> >>I _do_ believe, however, that the number of people > >> >>unjustifiably targeted will be rather low. Retaliation > >> >>is possible, in > >> >> that case. > > > >Sorry Jim, I did not get that at all in the past. I assumed a > >context where the inner workings of AP would not be well understood > > by the population while here, you seems to indicate that everybody > > would operate under the threat / deterrance of mutual anihilation > >principle. > > Hmmm... sorry, I thought that was obvious. Well, perhaps not > "obvious," but it's one of those facts that will become second > nature to people once AP starts up. Well, yes and no. What made me change my mind is when I tried to see the situation from the standpoint of a guy from a thuggish mentality. Actually, it might not deter somebody else acting on the spur of the moment. Take a typical harsh divorce situation where peoples act in the most surprisingly irrationnal way. I think that ex-husbands or wifes would get targeted more than their fair share, and quite often, without any reasonable cause. JF DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal JFA Technologies, R&D consultants: physicists, technologists and engineers. PGP keys at: http://w3.citenet.net/users/jf_avon ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 From jimbell at pacifier.com Fri Jun 7 04:59:58 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 7 Jun 1996 19:59:58 +0800 Subject: [Off-Topic] "Curfews" Message-ID: <199606070059.RAA09341@mail.pacifier.com> At 02:47 PM 6/6/96 +0000, Jean-Francois Avon wrote: >On 6 Jun 96 at 11:19, jim bell wrote: > > >> >>I _do_ believe, however, that the number of people unjustifiably >> >>targeted will be rather low. Retaliation is possible, in >> >> that case. > >Sorry Jim, I did not get that at all in the past. I assumed a >context where the inner workings of AP would not be well understood >by the population while here, you seems to indicate that everybody >would operate under the threat / deterrance of mutual anihilation >principle. Hmmm... sorry, I thought that was obvious. Well, perhaps not "obvious," but it's one of those facts that will become second nature to people once AP starts up. >A argued that an impulsive guy might target somebody unjustifiably >while I overlooked that he could think twice before doing so. But by >his nature, being a violent or thug at heart, he will understand this >"peace based on threat" maybe even better than a pacifist at heart. >So, my arguments might not stand. As can be expected, people will be looking out for themselves in an AP-dominated system, just as today. I think most people will have a fairly good idea who's targeting them if the hit's not justified. Almost every justified hit can be fairly anonymous. Jim Bell jimbell at pacifier.com From llurch at networking.stanford.edu Fri Jun 7 05:01:30 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Fri, 7 Jun 1996 20:01:30 +0800 Subject: whitehouse web incident, viva la web revolution In-Reply-To: <2.2.32.19960606051847.006e9b18@mail.aracnet.com> Message-ID: On Wed, 5 Jun 1996, Bruce Baugh, who usually knows better, wrote: > Fascism has no intrinsic link to genocide. It is a theory of economics, > basically, in which the state has ultimate authority over production and > distribution without (as in socialism) actually _owning_ the means of > production or distribution. This is generally accomplished through > cartelization, the creatin of industry-wide councils in which the > representatives of the most powerful firms set policy in conjunction with > the representatives of the government. > > The US has been at least moderately fascist since the 1920s (Hoover was a > big fan of cartelization, and pushed it actively). While the mechanisms of > the modern regulatory state aren't those of classic fascist theory, in > practice most strongly regulated industries in this country operate > _exactly_ the way fascist theory says they should. > > None of this is secret lore, by the way. Yes, I'm afraid these ahistorical myths are widespread. What _do_ they teach in these schools? Pick up anything by Renzo De Felice to gain a basic historical understanding of what fascism was about, from someone who was sympathetic to them. I'd also recommend a biography of the very influential and gifted American modernist poet Ezra Pound, who led the Italian fascist propaganda effort from 1941 to 1943 and spent six months in an American POW camp, followed by some time in mental hospitals as his rants against jewish conspiracies under every bed became increasingly incoherent, for his trouble. Like Orwell's very complicated views towards socialism and Stalinism (see Homage to Catalonia), e. e. cummings' anti-government pacifism, Whitman's queerness, and Byron's essential kookiness, this is something your high school english teacher probably failed to mention. -rich From adamsc at io-online.com Fri Jun 7 05:10:10 1996 From: adamsc at io-online.com (Chris Adams) Date: Fri, 7 Jun 1996 20:10:10 +0800 Subject: Fwd: Re: Clipper III analysis Message-ID: <199606070507.WAA20874@toad.com> ==================BEGIN FORWARDED MESSAGE================== >From: "Chris Adams" >To: "cypherpunks" >Date: Thu, 30 May 96 01:16:32 >Reply-To: "Chris Adams" >Priority: Normal >X-Mailer: PMMail 1.5 UNREGISTERED SHAREWARE >MIME-Version: 1.0 >Content-Type: text/plain; charset="us-ascii" >Content-Transfer-Encoding: 7bit >Subject: Re: Clipper III analysis > On 29 May 1996 14:53:30 pdt, tcmay at got.net wrote: >> A good Questioned Document Examiner will be able to demonstrate >> that the signed document in question was not authored by Joe >> Blow, even if it contains his digital signature. > >I was of course talking about digital signatures, not handwritten signatures. > >I would be very interested to hear how a "Questioned Document Examiner" can >possibly determine that a digital signature was not applied by a particular >person. I believe he was referring to document analysis. By closely comparing a questionable work with those of known authorship, a skilled analyst can hopefully find enough [dis]similarities to say whether a document was authored by a given person. This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. ===================END FORWARDED MESSAGE=================== This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. From adamsc at io-online.com Fri Jun 7 05:11:32 1996 From: adamsc at io-online.com (Chris Adams) Date: Fri, 7 Jun 1996 20:11:32 +0800 Subject: Possible out-of-US remailer sites, 2nd edition Message-ID: <199606070510.WAA20995@toad.com> From: stewarts at ix.netcom.com To: Adamsc Date: 31 May 1996 05:28:24 pdt Subject: Re: Possible out-of-US remailer sites, 2nd edition >_Country/Area_ _Name_ _Email_ >Anguilla Cable & Wireless webmaster at candw.com.ai >Anguilla Offshore Information Services*** info at offshore.com.ai There are a number of small countries that aren't part of the US/European/Chinese/Singaporean Hegemonies, where telecom is expensive and Fidonets and uucp are the way to get email there. If you're willing to pay some money to support one, you might get some real anonymity for financially critical data. Also, there are periodic articles in magazines like Wired about how George Soros is wiring the Balkans; perhaps someone there would like to make some money running remailers. If you are willing to go that route, you can setup a Fidonet mailer VERY easily, and send mail that looks like it is from any of the 36000 bulletin boards in the nodelist. Generally it will be refused by a board that has a session password. However, it is exceedingly unlikely that a bbs in Singapore would have a passworded session with a bbs in Texas. You could send it randomly to a BBS using the name of another random board. However, this would probably be very very very UNPOPULAR, particularly if someone got nailed because of it. It would be better to work it out with some sysop in a small 3rd world country... Alternately, if you were to run a board, it is VERY simple to fake the addressing on a Fidonet mail packet... This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. /* From Chris Adams on a Warped PC running a proudly unregistered (for now) PMMAIL 1.5! The Enigman Group - We do Web Pages! */ This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. From adamsc at io-online.com Fri Jun 7 05:15:59 1996 From: adamsc at io-online.com (Chris Adams) Date: Fri, 7 Jun 1996 20:15:59 +0800 Subject: Fwd: Re: Possible out-of-US remailer sites, 2nd edition Message-ID: <199606070510.WAA21002@toad.com> ==================BEGIN FORWARDED MESSAGE================== >From: "Chris Adams" >To: "cypherpunks" >Date: Fri, 31 May 96 23:06:02 >Reply-To: "Chris Adams" >Priority: Normal >X-Mailer: PMMail 1.5 UNREGISTERED SHAREWARE >MIME-Version: 1.0 >Content-Type: text/plain; charset="us-ascii" >Content-Transfer-Encoding: 7bit >Subject: Re: Possible out-of-US remailer sites, 2nd edition > From: stewarts at ix.netcom.com To: Adamsc Date: 31 May 1996 05:28:24 pdt Subject: Re: Possible out-of-US remailer sites, 2nd edition >_Country/Area_ _Name_ _Email_ >Anguilla Cable & Wireless webmaster at candw.com.ai >Anguilla Offshore Information Services*** info at offshore.com.ai There are a number of small countries that aren't part of the US/European/Chinese/Singaporean Hegemonies, where telecom is expensive and Fidonets and uucp are the way to get email there. If you're willing to pay some money to support one, you might get some real anonymity for financially critical data. Also, there are periodic articles in magazines like Wired about how George Soros is wiring the Balkans; perhaps someone there would like to make some money running remailers. If you are willing to go that route, you can setup a Fidonet mailer VERY easily, and send mail that looks like it is from any of the 36000 bulletin boards in the nodelist. Generally it will be refused by a board that has a session password. However, it is exceedingly unlikely that a bbs in Singapore would have a passworded session with a bbs in Texas. You could send it randomly to a BBS using the name of another random board. However, this would probably be very very very UNPOPULAR, particularly if someone got nailed because of it. It would be better to work it out with some sysop in a small 3rd world country... Alternately, if you were to run a board, it is VERY simple to fake the addressing on a Fidonet mail packet... From jamesd at echeque.com Fri Jun 7 05:18:35 1996 From: jamesd at echeque.com (jamesd at echeque.com) Date: Fri, 7 Jun 1996 20:18:35 +0800 Subject: whitehouse web incident, viva la web revolution Message-ID: <199606070603.XAA21706@dns1.noc.best.net> On Wed, 5 Jun 1996, Bruce Baugh, wrote: > > Fascism [...] is a theory of economics, > > basically, in which the state has ultimate authority over production and > > distribution without (as in socialism) actually _owning_ the means of > > production or distribution. . At 11:18 AM 6/6/96 -0700, Rich Graves wrote: >Yes, I'm afraid these ahistorical myths are widespread. What _do_ they teach >in these schools? As usual you display profound ignorance of history and politics. Far from being an ahistorical myth, this is an entirely accurate description of fascist ideology: Or do you claim that Mussolini, Peron, etc, were not fascists? Mussolini was the one who coined the name fascism. The theory and ideology of fascism was developed by the philosopher Giovanni Gentile, and there is nothing particularly racist or right wing about either Gentile or Mussolini. Fascism is not Republicanism on steriods, nor is it racism. Fascism is basically romanticism plus socialism plus nationalism. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From adamsc at io-online.com Fri Jun 7 05:19:54 1996 From: adamsc at io-online.com (Chris Adams) Date: Fri, 7 Jun 1996 20:19:54 +0800 Subject: [crypto] crypto-protocols for trading card gam Message-ID: <199606070506.WAA20842@toad.com> On 29 May 1996 18:57:58 pdt, alanh at infi.net wrote: >What _did_ Solitaire do for Windows 3.1? Distract the attention of >the unwashed masses away from the actual merits of the beast? Actually, I believe it covered a direct lack thereof. (Of course, you could have been intending this in a heavily sarcastic form. In that case, I agree entirely) This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. From hallam at Etna.ai.mit.edu Fri Jun 7 05:21:56 1996 From: hallam at Etna.ai.mit.edu (hallam at Etna.ai.mit.edu) Date: Fri, 7 Jun 1996 20:21:56 +0800 Subject: Anonymous stock trades. Message-ID: <9606062327.AA04162@Etna.ai.mit.edu> >I suppose it depends on what you call "open", eh, Phill? >If by "open", you mean financial markets where, as Milton Freedman says, >each new regulation raises the cost of entry and protects the surviving >firms by killing their smaller competion with red tape, then we have "open" >markets. Well, Milton Friedman's method for saving the whale is to leave it to the free market, if people want whales in the oceans they won't buy whale meat. The point that even if no US person eats whale, a few thousand "gourmets" in Japan can eat their way through the remaining stocks of many species in a few years escapes him. So forgive me if if find you authority somewhat less than compelling. Adam Smith makes the point rather better in his analysis of monopolies and how they affect the market. But remember that although regulations may be instituted as protectionist mechanisms that is not the only purpose that regulations are introduced. >If by "open", you mean that people can't purchase the attention of their >favorite politician fair and square, without having to play zero-sum games >with barnyard animals, then we have "open" markets. ;-). There are so many negatives in that sentence I can't figure out which way you are arguing. Certainly there are many senators, congressman etc who can be bought for a contribution to their election fund or a huge advance on their memoirs. >Nothing personal, Phill, but it does seem like it's more a question of what >you're afraid of, than what *is*, right? No, it is a case of whether you are applying ideological judgements or prepared to analyse the system itself. I do not believe in the idol of the free market. I do not consider ecconomists to have justified the level of inane self-satisfied certainty about their field that they exude. I was talking to a professor at the Sloane school yesterday who made precisely this point. Deciding what is right implies an ethical judgement. Are you basing your argument on Kantian or consequentialist assumptions? I can argue either but since most of my thesis is based on a logical positivist approach I'm far more sympathetic to the utilitarian point of view. The free market is not in itself an ethical basis - that would be creating an ought from an is. The problem which libertarian idelogues are affraid to face up to is that markets have required regulation to keep them open and free. Its all very well for people to jump up and down, stampt their feet and claim the opposite but this is what every government in the free world believes. The effects of deregulation in the savings and loans area make it unlikely any further experiments in that area will be tried for a while. Phill From minow at apple.com Fri Jun 7 05:25:27 1996 From: minow at apple.com (Martin Minow) Date: Fri, 7 Jun 1996 20:25:27 +0800 Subject: Norton Eyes only Message-ID: > >Has anyone been able to analyse the 'patent pending', 'on-the-fly' >encryption in Norton's 'For your eyes only'? > Why bother? If it's freely exportable, we have a good estimate of it's cryptographic strength :-) Martin. From stewarts at ix.netcom.com Fri Jun 7 05:32:40 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 7 Jun 1996 20:32:40 +0800 Subject: ID this 31173 NCR keyboard Message-ID: <199606070859.BAA24803@toad.com> Does it have any identifying numbers? NCR OEMed a line of ADDS Viewpoint terminals for a while, and while the numbers no longer come to mind (unless they're like 2920), they might look familiar if I saw them. This keyboard sample doesn't look quite like them, though. Most of their keyboards like that were for terminals, not for PCs. Are the connectors even PC-like? Also, if there are function keys through F20, it might very well be a 3270-emulator of some sort. At 01:52 PM 6/6/96 -0700, you wrote: >Oops. I wrote that just looking at the keyboard. >Picked it up at Seattle's Ex-Pc for $3. >It's so old, I think it requires a non-PC BIOS. >No manual, labels etc. > >Anyone have a clue as to what this is: > >NCR > >F1 F2 [...] F18 F19 F20/RESET| >ESC [...] TAB |[five direction keys] >CONTROL Q [...] }/] CONTROL |CLR 7 8 9 / >CAPS_LOCK A [...] ~/` |NEW | - 4 5 6 * >[up] |/\ Z [...] [upup] |LINE | + 1 2 3 |NEW > [space] | 0_ 00 . |LINE > >It was designed for easily customizing your keytable, >being an actual flat terminal with square keys easily >pulled out and interchanged. > >The back of the keyboard has three switches for >the boolean selection of languages: US English, >UK/Int. English, French, German, Swedish/Finnish, >Danish/Norwegian, Spanish, Italian. > >So, where to get a NEW keyboard like this: > >FLAT, with a full set of SQUARE, EASILY pulled out keys. > > > # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Rescind Authority! From stewarts at ix.netcom.com Fri Jun 7 05:32:53 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 7 Jun 1996 20:32:53 +0800 Subject: Cost of brute force decryption Message-ID: <199606070859.BAA24817@toad.com> At 02:44 PM 6/5/96 -0700, you wrote: >> > "For example a 40-bit key takes about $10,000 worth of supercomputer >> > time and two weeks to crack. Although this key may be adequate to >> > protect my checking account, it's probably not large enough for the >> > accounts of a major corporation. >> The figures look familiar. No references around. I'm not sure it would >> require a whole two weeks for 40-bits, though. Possibly less than a >> day? (Or was that why you asked baout the figures?) It was from The Newspapers, of course :-) The "$10,000 of supercomputer time" was in an initial press release description by somebody in Netscape or RSA after the RC4/40 Netscape crack, and was way high. (Check Altavista...) However, it's not too far off for the cost of a DES crack, where "supercomputer" is defined as "a special-purpose cracking machine" rather than "a Cray".. (Maybe an order of magnitude high for that.) And the description of $10,000 as "maybe enough to protect my checking account, but not large enough for the accounts of a major corporation" is about right. # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Rescind Authority! From declan+ at CMU.EDU Fri Jun 7 05:34:54 1996 From: declan+ at CMU.EDU (Declan B. McCullagh) Date: Fri, 7 Jun 1996 20:34:54 +0800 Subject: On the Hill: Child Porn "Morphing" In-Reply-To: Message-ID: Excerpts from internet.cypherpunks: 5-Jun-96 Re: On the Hill: Child Porn.. by Jeffrey A Nimmo at ionet.ne > I've heard of this kind of thing before. Individuals have already been > sent to jail for doing this, as well as doing and > distributing kiddie porn drawings. > > I suspect that since it's already illegal on the state level, that > Congress is looking into making it a federal crime to distribute them > over state lines via the Internet. FYI -- I have a link to Bob Chatelle's Toni Marie Angeli "child porn" case (photos of her kid for a Harvard class) at http://joc.mit.edu/ -Declan From adamsc at io-online.com Fri Jun 7 05:39:46 1996 From: adamsc at io-online.com (Chris Adams) Date: Fri, 7 Jun 1996 20:39:46 +0800 Subject: Class III InfoWar Message-ID: <199606070507.WAA20868@toad.com> On 2 Jun 1996 03:06:14 pdt, hal9001 at panix.com wrote: >At 21:33 -0400 6/1/96, winn at Infowar.Com wrote: > > >>The article discussed the advanced information warfare techniques used by the >>perpetrators. "According to the American National Security Agency (NSA), they >>have penetrated computer systems using 'logic bombs' (coded devices that >>can be >>remotely detonated) > >Unless the definition has changed recently, a "logic bomb" is normally a >piece of code in a program that is triggered when a specific event occurs >(such as the programmer's name not appearing in a payroll file for a >designated period of time [which might trigger a salami round off routine >to start cutting checks 2 months after s/he is no longer working for the >company]). I believe that is what they were referring to. However, the press garbled it as usual. It seems like the original was something like 'logic bombs' (bits of code that can be triggered remotely). Probably sounded more impressive the reporter's way... This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. From declan+ at CMU.EDU Fri Jun 7 05:40:07 1996 From: declan+ at CMU.EDU (Declan B. McCullagh) Date: Fri, 7 Jun 1996 20:40:07 +0800 Subject: On the Hill: Child Porn "Morphing" In-Reply-To: Message-ID: I should have said that (A) (B) and (C) are linked by OR, not by AND. -Declan Excerpts from outbox: 7-Jun-96 Re: On the Hill: Child Porn.. by => cypherpunks at toad.com > (A) the production of such visual depiction involves the use of a minor > engaging in sexually explicit conduct; > > (B) such visual depiction is, or appears to be, of a minor engaging in > sexually explicit conduct; > > (C) such visual depiction is advertised, promoted, presented, or > distributed in such a manner that conveys the impression that the > material is or contains a visual depiction of a minor engaging in > sexually explicit conduct. From adamsc at io-online.com Fri Jun 7 05:47:35 1996 From: adamsc at io-online.com (Chris Adams) Date: Fri, 7 Jun 1996 20:47:35 +0800 Subject: Fwd: Second email address Message-ID: <199606070508.WAA20917@toad.com> ==================BEGIN FORWARDED MESSAGE================== >From: "Chris Adams" >To: "sysop at io-online.com" >Date: Mon, 03 Jun 96 19:50:50 >Reply-To: "Chris Adams" >Priority: Normal >X-Mailer: PMMail 1.5 UNREGISTERED SHAREWARE >MIME-Version: 1.0 >Content-Type: text/plain; charset="us-ascii" >Content-Transfer-Encoding: 7bit >Subject: Second email address > How much would it be to get a second email address? (Just POP access. Doesn't even need to be able to send mail) That way I could have an address to send stuff like mailing lists to. Also: Web pages - I believe I saw something that mentioned that some space was included w/the subscription. How much, and how do I access it? This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. ===================END FORWARDED MESSAGE=================== /* From Chris Adams on a Warped PC running a proudly unregistered (for now) PMMAIL 1.5! The Enigman Group - We do Web Pages! */ This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. From nelson at crynwr.com Fri Jun 7 05:51:46 1996 From: nelson at crynwr.com (nelson at crynwr.com) Date: Fri, 7 Jun 1996 20:51:46 +0800 Subject: Multiple Remailers at a site? In-Reply-To: <19960604232157.2053.qmail@ns.crynwr.com> Message-ID: <19960606195025.9398.qmail@ns.crynwr.com> Scott Brickner writes: > nelson at crynwr.com writes: > >Scott Brickner writes: > > > If the remailer does a good job with the delays and shuffling, then > > > it becomes difficult for the analyst to match message a with > > > message b, leaving him with what he already knew (that A and > > > RemailerX have a common interest, as to B and RemailerX, but the > > > interests may be wholly unrelated). > > > >Nope. Not if each of them runs a remailer. That's why mixmaster is > >SO WONDERFUL. > > The "to" and "from" values that the traffic analyst will be using > are the IP addresses in the packets. It doesn't matter whether > mixmaster, cypherpunks, or penet remailers are used, they still use > IP addresses. Sure *does* matter. There's no computationally feasible way to associate one mixmaster message with another. The only way you can get a clue is by analyzing who sends mail into and out of the mixmaster system. If both of your endpoints are within the mixmaster system, you have no entering or exiting mail to analyze. It doesn't matter if the mixmaster remailers are on the same or different systems. -russ http://www.crynwr.com/~nelson Crynwr Software | Crynwr Software sells packet driver support | PGP ok 11 Grant St. | +1 315 268 1925 voice | It's no mistake to err on Potsdam, NY 13676 | +1 315 268 9201 FAX | the side of freedom. From hugh at ecotone.toad.com Fri Jun 7 05:55:55 1996 From: hugh at ecotone.toad.com (Hugh Daniel) Date: Fri, 7 Jun 1996 20:55:55 +0800 Subject: MEETING: SF Bay area Cypherpunks meeting for June 8th Message-ID: <199606070640.XAA14607@ecotone.toad.com> What: Monthly meeting of San Francisco area Cypherpunks & Stanford PGP Club When: Saturday June 8th 12:00 noon Where: Turing Auditorium, Stanford University (Directions below) Dinner: Fanny & Alexander's 412 Emerson, Palo Alto, +1 415 326 7183 Topics: Random, PGP Keys siging, More on Crypto GUI's, Random. Directions: If you have a GPS receiver, head for 37.4296875N 122.1783752E. If you have excellent hearing, call 415-853-9080 and follow the ringing. Or, get to Stanford's Campus Drive via 280-Sand Hill or 101-El Camino Real-Embarcadero. From 280, take Campus Drive left (clockwise). From 101, take Campus Drive right (counterclockwise). Turn South (centripetal) at Panama Street and take an immediate left into the Jordan Quad parking lot (empty on weekends). Walk between Pine and Redwood Halls to Polya. Turing is between Polya and Cypress. It doesn't appear on most campus maps, but it's there, honest. Entrance to Turing Auditorium is by the Pac Bell payphone sign. Maps: http://www-leland.stanford.edu/group/Transportation/PGrid4.html (parking) http://www.stanford.edu/gifs/campus.1620-63-4.gif (800K campus map) http://www.stanford.edu/home/visitors/vicinity.html (note: upside down!) Socialized transportation: CalTrain to the Palo Alto station; 20-minute walk or arrange to be picked up by a local. 7F bus. See http://www.stanford.edu/group/Transportation/ Notes: The short notice is my fault, I was hoping to get some folks to talk at the meeting and waited far too long to give up on them. Thanks: Much thanks to Rich Graves and the Stanford PGP Club for the wonderful meeting space. From declan+ at CMU.EDU Fri Jun 7 05:57:45 1996 From: declan+ at CMU.EDU (Declan B. McCullagh) Date: Fri, 7 Jun 1996 20:57:45 +0800 Subject: whitehouse web incident, viva la web revolution In-Reply-To: <4p370g$r77@life.ai.mit.edu> Message-ID: Excerpts from internet.cypherpunks: 5-Jun-96 Re: whitehouse web incident.. by Hallam-Baker at ai.mit.edu > I find Meeks' style somewhat tiresome. It is tabloid jornalism > rather than reasoned argument. His dislike for the Clinton is > well known - he recently accused the administration of being > fascist. I know of no evidence that the Clinton administration Phillip: I'll let Brock defend himself. I will, however, say that my conversations with him indicate that he probably dislikes Dole and Clinton equally -- or, if you prefer, likes one as much as the other. -Declan From stewarts at ix.netcom.com Fri Jun 7 05:59:43 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 7 Jun 1996 20:59:43 +0800 Subject: WWW servers. Message-ID: <199606070859.BAA24808@toad.com> Black Unicorn: >> Does there currently exist a system which permits webservers to restrict >> access to clients who have a given certification? Sameer: > Yup. .... > =) Stronghold: The Apache-SSL-US, coupled with XCert >Sentry. What else? Of course, there's a simpler approach; restrict access to people who have logins and passwords, and only give those to people who have the certification... # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Rescind Authority! From adam at homeport.org Fri Jun 7 06:03:37 1996 From: adam at homeport.org (Adam Shostack) Date: Fri, 7 Jun 1996 21:03:37 +0800 Subject: Security of PGP if Secret Key Available? In-Reply-To: <199606061756.NAA16447@toxicwaste.media.mit.edu> Message-ID: <199606070010.TAA05952@homeport.org> Leave it for 3.1. There are worse programs being advanced because people feel we're waiting too long for PGP3. Derek Atkins wrote: | PGPlib has an interface to encrypt the whole keyring, however that | probably isn't going to be fully implemented unless time permits. | This interface allows you to encrypt the WHOLE keyring in a | passphrase, which includes not only the secret components, but the | public components as well. However I don't know if I'll have the time | to get to it. -- "It is seldom that liberty of any kind is lost all at once." -Hume From adamsc at io-online.com Fri Jun 7 06:05:11 1996 From: adamsc at io-online.com (Chris Adams) Date: Fri, 7 Jun 1996 21:05:11 +0800 Subject: Fwd: Re: INteresting tidbit Message-ID: <199606070507.WAA20878@toad.com> ==================BEGIN FORWARDED MESSAGE================== >From: "Chris Adams" >To: "cypherpunks" >Date: Wed, 29 May 96 22:36:17 >Reply-To: "Chris Adams" >Priority: Normal >X-Mailer: PMMail 1.5 UNREGISTERED SHAREWARE >MIME-Version: 1.0 >Content-Type: text/plain; charset="us-ascii" >Content-Transfer-Encoding: 7bit >Subject: Re: INteresting tidbit > >On the Encryption note, and I swear not along the lines of the 'DOJ' >and 'FBI Snooping' Big-Brother events, I heard another story recently. > ># begin story > >A person working on the MBONE project did an unannounced experiment >across the internet using Triple-DES for MBONE, and the very next day, >'ATF' agents knocked on his door and warned him against exporting >munitions. The experimentor was shaken by the fact that agents >approached him so quickly after the experiment. > ># end story > >Extrapolations of fact: > 1. Internet traffic is monitored. > 2. The ability to snoop for encrypted traffic is present > 3. The ability to identify encryption levels is present > (How else can they differentiate DES-1 from DES-3?) > 4. The ability to crack DES-1 in near real-time mode is present. > (See above). First, this has been loosely confirmed for ages. Someone was mentioning that FBI offices supposedly have software that (on a 486) can crack a DES-1 key in under an hour. Multiply * modern high capacity computers = problem. However, this does not nessesarily follow from #3. First off, you could probably tell the encryption used from a file format; the software on the other end has to know what it's getting. Secondly, you could probably tell quite a lot about what was used by some intense analysis. Finally, if their software cannot read it and analysis suggested it was more than DES-1 then they might go after someone w/o being able to read the document in question. > 5. If above=true, then Feds dropping the Zimmerman PGP case probably > also points to it also being crackable in a similar manner. Not necessarily. This freemen issue shows that the FBI is getting gunshy about bad publicity, which they were getting. > 6. Using encryption only flags traffic for capture and decryption, > using strong encryption makes you all that more interesting. Sounds like the old argument for encrypting everything... >Sorry, couldn't resist. I'll try not to start a threads about >electro-plasma propulsion craft at Area 51, metallic-ceramic skin >and pulse-jets on the Aurora spy plane, heat-imaging video cameras >on satellites and planes that can watch you through your houses' roof, >etc. :) What??? Now you're going to tell us X-Files is just a TV show? This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. ===================END FORWARDED MESSAGE=================== /* From Chris Adams on a Warped PC running a proudly unregistered (for now) PMMAIL 1.5! The Enigman Group - We do Web Pages! */ This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. From perry at piermont.com Fri Jun 7 06:06:02 1996 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 7 Jun 1996 21:06:02 +0800 Subject: InfoSec Spin In-Reply-To: <199606061713.RAA23573@pipe1.t2.usa.pipeline.com> Message-ID: <199606061933.PAA15452@jekyll.piermont.com> John Young writes: > In cyberspace, where hackers are finding commercial > computer systems easy prey, businesses are choosing to > hire free-lance security teams rather than involve the > law. A Senate subcommittee heard Wednesday from experts > who described how businesses, concerned over negative > publicity, avoid reporting hacker assaults on their > networked computer system. Shocking, that. Of course this happens. I mean, its part of my bread and butter. However, this shouldn't be surprising -- businesses have ALWAYS operated this way, whether on shoplifting or catching employees with their hands in the kitty or hacking. It is not only a question of avoiding embarassment, but also a question of having different interests from law enforcement. The company wants safety, not convictions. They don't have to worry about warrants or absolute proof -- they only have to worry about their actions being defensible in a civil suit. This makes their operations in such cases very different indeed. Perry From adamsc at io-online.com Fri Jun 7 06:08:01 1996 From: adamsc at io-online.com (Chris Adams) Date: Fri, 7 Jun 1996 21:08:01 +0800 Subject: Fwd: Re: forged addresses Message-ID: <199606070507.WAA20872@toad.com> ==================BEGIN FORWARDED MESSAGE================== >From: "Chris Adams" >To: "cypherpunks" >Date: Thu, 30 May 96 01:32:54 >Reply-To: "Chris Adams" >Priority: Normal >X-Mailer: PMMail 1.5 UNREGISTERED SHAREWARE >MIME-Version: 1.0 >Content-Type: text/plain; charset="us-ascii" >Content-Transfer-Encoding: 7bit >Subject: Re: forged addresses > On 29 May 1996 19:38:16 pdt, nobody at nowher.com wrote: >Hi, I'm not sure if there was ever a thread on this, but I was wondering if >anyone can determine your real email address, if you were to fake it to your >email client. > >I hope that this doesn't offend anyone, since this is a high traffic list, but >I was wondering if this would work. To try it out, I setup my client to think >I was someone else, and sent myself an email. I could only figure out what >ISP it came from. > >What I would like to know is, can any of the experts on this list determine my >address from the header of this post?? I didn't receive anything except your nobody at ... address. >again, if this is something that I shouldn't have done, just let me know, and >it won't happen again. > Hmmm... I'm going to have to play around with this. I can get outbound email access through my school district's mailserver simply by filling in the appropriate fields in netscape (we have a WAN hooked up to a T1). It would seem to me that this would be rather secure for several reasons, if for no other than that NO logging is made... In a large district, like mine (probably 10-15 thousand potential users), I doubt they would have the resources to track any of the 100 or so Internet machines on my campus alone, even if they could tell it came from here. This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. ===================END FORWARDED MESSAGE=================== /* From Chris Adams on a Warped PC running a proudly unregistered (for now) PMMAIL 1.5! The Enigman Group - We do Web Pages! */ This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. From bogus@does.not.exist.com Fri Jun 7 06:08:45 1996 From: bogus@does.not.exist.com () Date: Fri, 7 Jun 1996 21:08:45 +0800 Subject: ID this 31173 NCR keyboard Message-ID: <199606062052.NAA08300@netcom19.netcom.com> ! At 05:46 PM 6/3/96 -0700, you wrote: ! >ncr terminals are the most 31173 D0Dz ! ! I'm guessing that "D0Dz" is a variant on "dudes"; ! is "31173" supposed to be an upside-down "ElliE"? ! Having worked at NCR, I like their cash-machines and cash-registers, ! dislike the Microchannels in some of their PCs, ! dislike the terminals they used to make (I think SunRiver ! is the current manufacturer for that product line) ! and like their Teradata descendants. ! # Thanks; Bill ! # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com ! # http://www.idiom.com/~wcs ! # Rescind Authority! Oops. I wrote that just looking at the keyboard. Picked it up at Seattle's Ex-Pc for $3. It's so old, I think it requires a non-PC BIOS. No manual, labels etc. Anyone have a clue as to what this is: NCR F1 F2 [...] F18 F19 F20/RESET| ESC [...] TAB |[five direction keys] CONTROL Q [...] }/] CONTROL |CLR 7 8 9 / CAPS_LOCK A [...] ~/` |NEW | - 4 5 6 * [up] |/\ Z [...] [upup] |LINE | + 1 2 3 |NEW [space] | 0_ 00 . |LINE It was designed for easily customizing your keytable, being an actual flat terminal with square keys easily pulled out and interchanged. The back of the keyboard has three switches for the boolean selection of languages: US English, UK/Int. English, French, German, Swedish/Finnish, Danish/Norwegian, Spanish, Italian. So, where to get a NEW keyboard like this: FLAT, with a full set of SQUARE, EASILY pulled out keys. From elam at art.net Fri Jun 7 06:11:59 1996 From: elam at art.net (Lile Elam) Date: Fri, 7 Jun 1996 21:11:59 +0800 Subject: Senate Staff Report... Message-ID: <199606062147.OAA10230@art.net> Hi all, Does anyone know the location on the web of the Senate staff report that was presented on some Wednesday? I read an article about it on the sjmercury that says people with computers do not consider security a high priority... I am curous what else the report says... thanks, -lile From tcmay at got.net Fri Jun 7 06:12:26 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 7 Jun 1996 21:12:26 +0800 Subject: "Fascism is corporatism" Message-ID: At 6:18 PM 6/6/96, Rich Graves wrote: >On Wed, 5 Jun 1996, Bruce Baugh, who usually knows better, wrote: > >> Fascism has no intrinsic link to genocide. It is a theory of economics, >> basically, in which the state has ultimate authority over production and >> distribution without (as in socialism) actually _owning_ the means of >> production or distribution. This is generally accomplished through >> cartelization, the creatin of industry-wide councils in which the >> representatives of the most powerful firms set policy in conjunction with >> the representatives of the government. ... >Yes, I'm afraid these ahistorical myths are widespread. What _do_ they teach >in these schools? > >Pick up anything by Renzo De Felice to gain a basic historical understanding >of what fascism was about, from someone who was sympathetic to them. Rich, I don't think it nearly so clear as you are claiming. The definition of fascism, that is. Without resorting to the usual ploy of quoting Webster's (a ploy I usually am not impressed by), let me cite an "anti-fascist" radio personality, Dave Emory, who I have been listening to nearly every week for several years. Dave is undeniably anti-fascist, an unusual mixture of left-leaning views and National Rifle Association sympathies, and he often quotes Mussolini's famous "Fascism is corporatism" line. That is, a view more similar to Bruce Baugh's point that fascism is primarily an economic theory, about the organization and ownership of production systems, than about hatred of any particular ethnic group. It is certainly true that Italian and German fascism (and the important variant of "national socialism") become intertwined with certain forms of racism, with which we are all familiar, but I don't think Bruce is at all wrong in his definition of fascism. That Hitler and his group combined fascist economic theories with occultist views of racial superiority does not mean the two viewpoints are identical. ("Fascism is corporatism" is of course not an overall indictment of all corporations. "Corporatism" is basically a view that government should identify key industries and corporations and then pick the winners and support them while suppressing their competitors. This oversimplifies what Mussolini, Emory, myself, etc. mean by "corporatism," but I hope this gives at least a glimpse. And we could get off into discussions of "state capitalism" and how the Soviet and Chinese forms of government were essentially examples of "state capitalism," but this would be a long and involved debate.) >I'd also recommend a biography of the very influential and gifted American >modernist poet Ezra Pound, who led the Italian fascist propaganda effort >from 1941 to 1943 and spent six months in an American POW camp, followed by >some time in mental hospitals as his rants against jewish conspiracies under >every bed became increasingly incoherent, for his trouble. Like Orwell's >very complicated views towards socialism and Stalinism (see Homage to >Catalonia), e. e. cummings' anti-government pacifism, Whitman's queerness, >and Byron's essential kookiness, this is something your high school english >teacher probably failed to mention. My high school teachers failed to mention much of anything, but this was hardly surprising to me--I never expected them to. Fortunately, I knew how to read, and so I learned all of these things. (Except for Pound, whom I didn't encounter until my first year in college.) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From attila at primenet.com Fri Jun 7 06:17:13 1996 From: attila at primenet.com (attila) Date: Fri, 7 Jun 1996 21:17:13 +0800 Subject: Hackers prevent Crackers! Message-ID: <199606070435.VAA21846@primenet.com> Addressed to: Cypherpunks Black Unicorn ** Reply to note from Black Unicorn 06/06/96 03:05am -0400 = > Actually, he's probably right. If all the cypherpunks, say, turned = > "bad," there'd be no government and no economy, because so many big = > systems are so insecure. = = One could make the case that this would actually make the United = States(if c'punks concentrated their attentions there) the most data = secure country on the planet over time. = regardless of their opinion on hackers, that is what secuirty is all about. the same is not true for crackers --maybe we need to run a campaign with the slogan of: Hackers (help) prevent Crackers! -- the last free election in the United States was in 1860. From unicorn at schloss.li Fri Jun 7 06:21:35 1996 From: unicorn at schloss.li (Black Unicorn) Date: Fri, 7 Jun 1996 21:21:35 +0800 Subject: WWW servers. Message-ID: Does there currently exist a system which permits webservers to restrict access to clients who have a given certification? What is the current certification practice? How easy is it to certify a given client? Are webserver certifications sufficently secure today? What are the best servers to use for secure web pages and certification currently in the United States? --- My preferred and soon to be permanent e-mail address:unicorn at schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information Opp. Counsel: For all your expert testimony needs: jimbell at pacifier.com From qut at netcom.com Fri Jun 7 06:22:27 1996 From: qut at netcom.com (harman.david) Date: Fri, 7 Jun 1996 21:22:27 +0800 Subject: You're a Twit! [ ] [And, a jackass] In-Reply-To: <199606062134.OAA20430@Networking.Stanford.EDU> Message-ID: <199606062147.OAA13396@netcom2.netcom.com> > The message with headers below has been received and set aside for careful > handling by carbon-based units. Thank you so much for your contribution to > global understanding. > > Love, > Rich's Twit Acknowledger > > >From qut at netcom.com Thu Jun 6 14:34:48 1996 > Received: from boron.Stanford.EDU (boron.Stanford.EDU [36.56.0.10]) by Networking.Stanford.EDU (8.7.5/8.6.6) with ESMTP id OAA20426 for ; Thu, 6 Jun 1996 14:34:48 -0700 > Received: from netcom2.netcom.com (qut at netcom2.netcom.com [192.100.81.108]) by boron.Stanford.EDU (8.7.5/8.7.3) with SMTP id OAA16925 for ; Thu, 6 Jun 1996 14:34:45 -0700 (PDT) > Received: (from qut at localhost) by netcom2.netcom.com (8.6.13/Netcom) > id OAA12280; Thu, 6 Jun 1996 14:34:46 -0700 > Date: Thu, 6 Jun 1996 14:34:46 -0700 > From: qut at netcom.com (harman.david) > Message-Id: <199606062134.OAA12280 at netcom2.netcom.com> > To: llurch at stanford.edu Oh, did I miss the Cypherpunk announcment or something? Do I care? Isn't cypherpunking rather elitist? Isn't elitism a signatory of worthless knowledge? Hey, look at me, I'm elite! -- Love, Qut at netcom.com From vznuri at netcom.com Fri Jun 7 06:25:29 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Fri, 7 Jun 1996 21:25:29 +0800 Subject: Micropayments: myth? In-Reply-To: <199606060257.TAA16018@netcom.netcom.com> Message-ID: <199606061924.MAA10732@netcom10.netcom.com> I believe that micropayments will revolutionize business transactions, and that they are entirely feasible, and have written on the subject on cpunks intermittently. NS starts out with some opposite assumptions, which I don't really think are entirely plausible. >Consider a feature fairly independent of the particular payment system: >the statement of charges. Here lies a tradeoff here between completeness >and complexity. On the one hand, merely summarizing charges creates >the opportunity for salami frauds, allowing widely distributed false or >exaggerated microcharges to go undetected. Furthermore, parties reading >only the summaries get no feedback by which they can adjust their behavior >to minimize costs. dunno what you are talking about here. with micropayments, why would you necessarily have statements? you're using an old billing model on a new paradigm. please establish a *context*. it would be ridiculous if people submitted "microbills" to companies that responded with "micropayments". that's the wrong model. here's how people are talking about micropayments. imagine that you see a link with a little 5c sign next to it. that means when you click on it, you are automatically debited 5c. your own browser can handle keeping your own records. the transaction occurs when you hit the button. the idea of a bill being submitted, that you seem to be suggesting with your idea, doesn't make sense. another example: downloading an FTP file. the whole idea of billing is thrown away in favor of immediate processing. On the other hand, a statement too complex to >be easily read also allows fraud, error, and inefficient usage to >go unrecognized, because one or both parties cannot understand the >rationale for the charges in relation to the presumed agreement on >terms of service and payment. again, this doesn't make sense at all to me. "statements, bills, summaries"-- these are all things you require for larger size transactions. if after a day of net surfing I have spent $3.16, and my browser kept a record of every case where I paid it out, what's the problem? the browser does not pay unless I click somewhere. nobody submits bills to my browser. all actions are initiated by me. >There seems to lie here a fundamental cognitive bottleneck, creating a >limit to the granularity of billable transaction size whether electronic >or physical. "fundamental cognnitive bottleneck"?? not in my brain. perhaps you should check your own equipment One proposed solution to this has been "intelligent >agents". But since these agents are programmed remotely, not by the >consumer, it is difficult for the consumer to determine whether the agent >is acting the consumers' best interests, or in the best interests >of the counterparty -- perhaps, necessarily, at least as difficult >as reading the corresponding full statement of charges. it doesn't make sense at all for one to give autonomous capability to agents to spend money, at least until they have been refined. I don't see where agents fit into this all in the beginning. you're putting the cart before the horse. I've never seen micropayments discussed in the context you are putting them in. (no wonder it is causing you "cognitive dissonance"). the uses you cite may not appear until long into the future. in the meantime the model I wrote about above has no problems you cite that I can tell. By >sleight of hand we may have merely transformed the language of >the transaction as it needs to be understood by the party, without >reducing the complexity to be understood. Furthermore, the user >interface to enable consumers to simply express their sophisticated >preferences to an agent is lacking, and may represent another fundamental >cognitive bottleneck. you are tackling a different problem. "how can we get reliable agents that can be trusted with buying decisions". this has nothing or little to do with "the feasibility of micropayments". micropayments are not necessarily tied to agents. >Telephone companies have found billing to be a major bottleneck. >By some estimates, up to 50% of the costs of a long distance call >are for billing, and this is on the order of a $100 billion per year >market worldwide. Internet providers have been moving to a flat fee in >order to minimize these costs, even though this creates the incentive for >network resource overusage. imagine a user who controls his own wallet. he knows when he is paying from that wallet. you seem to have this idea that outsiders could make queries to that wallet that would be hard for the consumer to keep track of. this makes no sense to me. the wallet action will always be tied with some other action. the user picks up the phone to dial somewhere, and it says, "that will be .3c-- will you pay"? he says yes. >A micropayments system assumes a solution to the billing problem. as I wrote, I don't imagine a billing system at all in terms of micropayments. its the wrong model. in a billing system, the bill and the action are not tied tightly together. person does [x] and receives bill 3 days later or whatever. with micropayments, you will have instantaneous transactions. >If somebody could actually solve the this problem, rather >than merely claiming to have solved it via some mysterious >means ("intelligent agents", et. al.), the savings would be >enormous even in existing businesses such as long distance and >Internet service -- never mind all the new opportunities made >possible by micropayments. wow, I think I've solved it. you can nominate me for some award now From adamsc at io-online.com Fri Jun 7 06:40:05 1996 From: adamsc at io-online.com (Chris Adams) Date: Fri, 7 Jun 1996 21:40:05 +0800 Subject: Fwd: Re: Clipper III analysis Message-ID: <199606070509.WAA20971@toad.com> ==================BEGIN FORWARDED MESSAGE================== >From: "Chris Adams" >To: "cypherpunks" >Date: Thu, 06 Jun 96 16:51:18 >Reply-To: "Chris Adams" >Priority: Normal >X-Mailer: PMMail 1.5 UNREGISTERED SHAREWARE >MIME-Version: 1.0 >Content-Type: text/plain; charset="us-ascii" >Content-Transfer-Encoding: 7bit >Subject: Fwd: Re: Clipper III analysis > ==================BEGIN FORWARDED MESSAGE================== >From: "Chris Adams" >To: "cypherpunks" >Date: Thu, 30 May 96 01:16:32 >Reply-To: "Chris Adams" >Priority: Normal >X-Mailer: PMMail 1.5 UNREGISTERED SHAREWARE >MIME-Version: 1.0 >Content-Type: text/plain; charset="us-ascii" >Content-Transfer-Encoding: 7bit >Subject: Re: Clipper III analysis > On 29 May 1996 14:53:30 pdt, tcmay at got.net wrote: >> A good Questioned Document Examiner will be able to demonstrate >> that the signed document in question was not authored by Joe >> Blow, even if it contains his digital signature. > >I was of course talking about digital signatures, not handwritten signatures. > >I would be very interested to hear how a "Questioned Document Examiner" can >possibly determine that a digital signature was not applied by a particular >person. I believe he was referring to document analysis. By closely comparing a questionable work with those of known authorship, a skilled analyst can hopefully find enough [dis]similarities to say whether a document was authored by a given person. This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. ===================END FORWARDED MESSAGE=================== This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. ===================END FORWARDED MESSAGE=================== /* From Chris Adams on a Warped PC running a proudly unregistered (for now) PMMAIL 1.5! The Enigman Group - We do Web Pages! */ This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. From bogus@does.not.exist.com Fri Jun 7 06:44:48 1996 From: bogus@does.not.exist.com () Date: Fri, 7 Jun 1996 21:44:48 +0800 Subject: ID this 31173 NCR keyboard Message-ID: <199606062051.NAA08276@netcom19.netcom.com> ! At 05:46 PM 6/3/96 -0700, you wrote: ! >ncr terminals are the most 31173 D0Dz ! ! I'm guessing that "D0Dz" is a variant on "dudes"; ! is "31173" supposed to be an upside-down "ElliE"? ! Having worked at NCR, I like their cash-machines and cash-registers, ! dislike the Microchannels in some of their PCs, ! dislike the terminals they used to make (I think SunRiver ! is the current manufacturer for that product line) ! and like their Teradata descendants. ! # Thanks; Bill ! # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com ! # http://www.idiom.com/~wcs ! # Rescind Authority! Oops. I wrote that just looking at the keyboard. Picked it up at Seattle's Ex-Pc for $3. It's so old, I think it requires a non-PC BIOS. No manual, labels etc. Anyone have a clue as to what this is: NCR F1 F2 [...] F18 F19 F20/RESET| ESC [...] TAB |[five direction keys] CONTROL Q [...] }/] CONTROL |CLR 7 8 9 / CAPS_LOCK A [...] ~/` |NEW | - 4 5 6 * [up] |/\ Z [...] [upup] |LINE | + 1 2 3 |NEW [space] | 0_ 00 . |LINE It was designed for easily customizing your keytable, being an actual flat terminal with square keys easily pulled out and interchanged. The back of the keyboard has three switches for the boolean selection of languages: US English, UK/Int. English, French, German, Swedish/Finnish, Danish/Norwegian, Spanish, Italian. So, where to get a NEW keyboard like this: FLAT, with a full set of SQUARE, EASILY pulled out keys. From adamsc at io-online.com Fri Jun 7 06:47:30 1996 From: adamsc at io-online.com (Chris Adams) Date: Fri, 7 Jun 1996 21:47:30 +0800 Subject: How can you protect a remailer's keys? Message-ID: <199606070700.AAA22916@toad.com> >> The best solution I could come up with (and was willing to write and use) >> is to specify the passphrase on the command line argument to the compiler >A far better solution would be to have a long-running daemon hold the >secret key. The mixmaster client could talk to the key daemon through >a unix-domain socket with the permission bits set such that only the >mixmaster user can connect. Each time the machine is rebooted, the >operator must start the daemon and give it a passphrase. >Second, if your machine is seized or someone gains unauthorized >physical access to it, the easiest way to get a root shell is by >rebooting single-user. However, if the only cleartext copy of a key >is in memory rather than in the filesystem, once the machine is >rebooted the secret key is lost. How about adding an "Oh s___" feature that would dump the key? You could even tie it to a login attempt (i.e. be sneaky and rename the actual root account to something else. Possibly hack the login client to return "root" as the username, etc, etc to complete the illusion if they are using TEMPEST. Then set it so that a root login makes the daemon dump the password) This would have possibilities, too, if you made it react to a) certain files in certain directories, b) certain signals or c) certain network messages. This would allow you to put in an innocous clear signal. Set it to a temp file created when editing your remailer's configuration (or userlist). Make it so that you have to conciously DISABLE security or it dumps the password. Have an innocent program terminate it. Be able to cancel it by sending an email (or using telnet) - this would be great if you had a trusted friend. Also, with some modification, you could set it to react to an external stimulus - say a panic button? or a card lock? You could even have fun putting all your sensitive stuff on an external hard drive and rigging your panic button to a) stop the remailer and b) activate the thermite charge on the external drive. // This was typed on a Warped PC by an equally warped Chris Adams // The Enigman Group - We do Web Pages! // Opinions expressed are not necessarily my own, much less another's. This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. From llurch at networking.stanford.edu Fri Jun 7 06:47:39 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Fri, 7 Jun 1996 21:47:39 +0800 Subject: ALERT: Court decision expected soon in free speech case; spread the word! (fwd) In-Reply-To: Message-ID: Well, it worked. The web server on www.vtw.org is *totally* overloaded now. When are these people going to learn about the Internet? :-) -rich From adamsc at io-online.com Fri Jun 7 06:50:05 1996 From: adamsc at io-online.com (Chris Adams) Date: Fri, 7 Jun 1996 21:50:05 +0800 Subject: Fwd: Re: Class III InfoWar Message-ID: <199606070508.WAA20926@toad.com> ==================BEGIN FORWARDED MESSAGE================== >From: "Chris Adams" >To: "cypherpunks" >Date: Sun, 02 Jun 96 18:04:15 >Reply-To: "Chris Adams" >Priority: Normal >X-Mailer: PMMail 1.5 UNREGISTERED SHAREWARE >MIME-Version: 1.0 >Content-Type: text/plain; charset="us-ascii" >Content-Transfer-Encoding: 7bit >Subject: Re: Class III InfoWar > On 2 Jun 1996 03:06:14 pdt, hal9001 at panix.com wrote: >At 21:33 -0400 6/1/96, winn at Infowar.Com wrote: > > >>The article discussed the advanced information warfare techniques used by the >>perpetrators. "According to the American National Security Agency (NSA), they >>have penetrated computer systems using 'logic bombs' (coded devices that >>can be >>remotely detonated) > >Unless the definition has changed recently, a "logic bomb" is normally a >piece of code in a program that is triggered when a specific event occurs >(such as the programmer's name not appearing in a payroll file for a >designated period of time [which might trigger a salami round off routine >to start cutting checks 2 months after s/he is no longer working for the >company]). I believe that is what they were referring to. However, the press garbled it as usual. It seems like the original was something like 'logic bombs' (bits of code that can be triggered remotely). Probably sounded more impressive the reporter's way... This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. ===================END FORWARDED MESSAGE=================== /* From Chris Adams on a Warped PC running a proudly unregistered (for now) PMMAIL 1.5! The Enigman Group - We do Web Pages! */ This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. From adamsc at io-online.com Fri Jun 7 06:55:09 1996 From: adamsc at io-online.com (Chris Adams) Date: Fri, 7 Jun 1996 21:55:09 +0800 Subject: forged addresses Message-ID: <199606070506.WAA20846@toad.com> On 29 May 1996 19:38:16 pdt, nobody at nowher.com wrote: >Hi, I'm not sure if there was ever a thread on this, but I was wondering if >anyone can determine your real email address, if you were to fake it to your >email client. > >I hope that this doesn't offend anyone, since this is a high traffic list, but >I was wondering if this would work. To try it out, I setup my client to think >I was someone else, and sent myself an email. I could only figure out what >ISP it came from. > >What I would like to know is, can any of the experts on this list determine my >address from the header of this post?? I didn't receive anything except your nobody at ... address. >again, if this is something that I shouldn't have done, just let me know, and >it won't happen again. > Hmmm... I'm going to have to play around with this. I can get outbound email access through my school district's mailserver simply by filling in the appropriate fields in netscape (we have a WAN hooked up to a T1). It would seem to me that this would be rather secure for several reasons, if for no other than that NO logging is made... In a large district, like mine (probably 10-15 thousand potential users), I doubt they would have the resources to track any of the 100 or so Internet machines on my campus alone, even if they could tell it came from here. This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. From adamsc at io-online.com Fri Jun 7 07:02:05 1996 From: adamsc at io-online.com (Chris Adams) Date: Fri, 7 Jun 1996 22:02:05 +0800 Subject: INteresting tidbit Message-ID: <199606070506.WAA20840@toad.com> >On the Encryption note, and I swear not along the lines of the 'DOJ' >and 'FBI Snooping' Big-Brother events, I heard another story recently. > ># begin story > >A person working on the MBONE project did an unannounced experiment >across the internet using Triple-DES for MBONE, and the very next day, >'ATF' agents knocked on his door and warned him against exporting >munitions. The experimentor was shaken by the fact that agents >approached him so quickly after the experiment. > ># end story > >Extrapolations of fact: > 1. Internet traffic is monitored. > 2. The ability to snoop for encrypted traffic is present > 3. The ability to identify encryption levels is present > (How else can they differentiate DES-1 from DES-3?) > 4. The ability to crack DES-1 in near real-time mode is present. > (See above). First, this has been loosely confirmed for ages. Someone was mentioning that FBI offices supposedly have software that (on a 486) can crack a DES-1 key in under an hour. Multiply * modern high capacity computers = problem. However, this does not nessesarily follow from #3. First off, you could probably tell the encryption used from a file format; the software on the other end has to know what it's getting. Secondly, you could probably tell quite a lot about what was used by some intense analysis. Finally, if their software cannot read it and analysis suggested it was more than DES-1 then they might go after someone w/o being able to read the document in question. > 5. If above=true, then Feds dropping the Zimmerman PGP case probably > also points to it also being crackable in a similar manner. Not necessarily. This freemen issue shows that the FBI is getting gunshy about bad publicity, which they were getting. > 6. Using encryption only flags traffic for capture and decryption, > using strong encryption makes you all that more interesting. Sounds like the old argument for encrypting everything... >Sorry, couldn't resist. I'll try not to start a threads about >electro-plasma propulsion craft at Area 51, metallic-ceramic skin >and pulse-jets on the Aurora spy plane, heat-imaging video cameras >on satellites and planes that can watch you through your houses' roof, >etc. :) What??? Now you're going to tell us X-Files is just a TV show? This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. From frissell at panix.com Fri Jun 7 07:07:41 1996 From: frissell at panix.com (Duncan Frissell) Date: Fri, 7 Jun 1996 22:07:41 +0800 Subject: FOR WHOM THE BELL TOLLS Message-ID: <2.2.32.19960607102709.00cba438@panix.com> At 07:54 PM 6/6/96 -0700, Timothy C. May wrote: >(There may be cases people can dig up where some newspaper or newsletter >was "shut down," but I think such cases would be hard to find in the last >several decades. Am I wrong on this?) Not newspapers but a number of radio stations of course. Licensure. Even under CDA, we are not subject to license, however. Though I wonder how the FCC will behave as TV stations join the radio and "radio" stations that are already netcasting beyond its control. DCF From ichudov at algebra.com Fri Jun 7 07:13:15 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Fri, 7 Jun 1996 22:13:15 +0800 Subject: FOR WHOM THE BELL TOLLS In-Reply-To: Message-ID: <199606062218.RAA22385@manifold.algebra.com> Jim McCoy wrote: > Duncan wrote: > > At 10:41 PM 6/4/96 -0700, Bruce Baugh wrote: > > >I think there's a non-trivial chance that this list could be shut down and > > >anyone who's made interested sounds in the idea brought in to assist the > > >police in their inquiries. > > > > Yeah and they busted Jack London for publishing > >"The Assassination Bureau, Ltd".[...] > > > > Advocating the general practice of killing one's opponents is as legal as > > church on a Sunday. The War College (or is it the NDU these days) does it > > all the time. > > As long as that person is not the President of the United States (at least > for U.S. citizens.) This was the issue which initiated this thread, the > implied threat made by our favorite nutcase. Are you sure? Can you cite references? From my readings on the 1st amendments, any general kind of speech is legal, even if it advocates killing certain officials, including us presidents. *If* instead of general advocacy a person gave specific orders or concrete requests to kill the prez, then it would not be speech. Please correct me if I am wrong. >From my scarce reading of jimbell, his messages were fairly abstract and were likely just a protected speech. - Igor. From adamsc at io-online.com Fri Jun 7 07:14:23 1996 From: adamsc at io-online.com (Chris Adams) Date: Fri, 7 Jun 1996 22:14:23 +0800 Subject: Fwd: Re: [crypto] crypto-protocols for trading card gam Message-ID: <199606070508.WAA20921@toad.com> ==================BEGIN FORWARDED MESSAGE================== >From: "Chris Adams" >To: "ogren at concentric.net" >Date: Thu, 30 May 96 02:30:30 >Reply-To: "Chris Adams" >Priority: Normal >X-Mailer: PMMail 1.5 UNREGISTERED SHAREWARE >MIME-Version: 1.0 >Content-Type: text/plain; charset="us-ascii" >Content-Transfer-Encoding: 7bit >Subject: Re: [crypto] crypto-protocols for trading card gam > >Disadvantages: > >The entire integrity of the system relies on the security of the >game company's key pair. If the secret key is comprimised, either by >Cards are not transferrable. In order to make cards transferrable the >game company must be able to invalidate cards which have been traded >to others. In other words if Alice wants to give a cards to Bob she >must: I would just have multiple validators w/separate keys. sign w/each. This would not eliminate the problem but could reduce it... >1. Contact the game company and tell them she wants to give the card >to Bob. 2. The game company must issue a new card to Bob with a new >serial number and with Bob's public key rather than Alice's. 3. The >game company must invalidate Alice's old card. Since there is no way >that the game company can make sure all copies of the card have been >destroyed it must create a "invalid serial number list" and have the >players dial into that list everytime the game is played. > >Since step 3 is so costly to implement, I think it is unlikely that a >cryptography-based trading card game will have tradable cards. Much easier - with each card, store its ownership history. EACH time it is transfered, have it be signed by the previous owner. Originally, the game company signs it as a valid card. On selling it, they record the purchaser's identity (email address, etc)and seal the card with the company key (or set of keys - see above). Repeat as needed. This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. ===================END FORWARDED MESSAGE=================== /* From Chris Adams on a Warped PC running a proudly unregistered (for now) PMMAIL 1.5! The Enigman Group - We do Web Pages! */ This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. From adamsc at io-online.com Fri Jun 7 07:23:55 1996 From: adamsc at io-online.com (Chris Adams) Date: Fri, 7 Jun 1996 22:23:55 +0800 Subject: Fwd: Re: Idea 'bout banning the internet Message-ID: <199606070508.WAA20922@toad.com> ==================BEGIN FORWARDED MESSAGE================== >From: "Chris Adams" >To: "jwilk at iglou.com" >Date: Mon, 03 Jun 96 20:36:49 >Reply-To: "Chris Adams" >Priority: Normal >X-Mailer: PMMail 1.5 UNREGISTERED SHAREWARE >MIME-Version: 1.0 >Content-Type: text/plain; charset="us-ascii" >Content-Transfer-Encoding: 7bit >Subject: Re: Idea 'bout banning the internet > On 3 Jun 1996 19:48:48 pdt, jwilk at iglou.com wrote: >What if in the future a country banned the internet and all things that had >to deal with it (ie- telnet, irc). It would be the "underground" thing. >Just a thought, it would really suck! As I think about it it is impossible >or is it???? Hell the usa cant even ban porn let alone the whole thing. They >could ban it like they did fizzies. Hey there making a comeback did you here >now they have nutrasweet in them. If you know what fizzies are than your >pretty kewl. I'm only 13 and love then they are the drink of the future!!!! > >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >Blake "Pokey" Wehlage Gaa- 3.69 > Record- 2-4-4 >Age- 13 Final Standings- 2nd Place (Beat in Championship) > >President & Founder: > >Revolution Software "I have the fastest glove in the east!" >Profanity Software "Hackers never stop hacking they just get caught" >VSoft > >My life- Rarely eat or sleep, Hack til' 7:00a, goto school, play goalie >til' 8:00p, hack til' 7:00a >Hank Aaron- d:-)!-< Pope- +<:-) Santa Claus- *<:-) The Unabrower |:-) > >Current Girlfriend(s)- Lindsey Wilcox, Laura Schubring > >Personal Quote- Mr Plow, thats my name, that name aguin is Mr. Plow >-Homer Simpson >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > You know, even counting the header, your signature is longer than the message... BTW, I doubt most of us care about your current love life or soccer standings. We won't even mention Homer Simpson... This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. ===================END FORWARDED MESSAGE=================== /* From Chris Adams on a Warped PC running a proudly unregistered (for now) PMMAIL 1.5! The Enigman Group - We do Web Pages! */ This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. From sameer at c2.org Fri Jun 7 07:30:28 1996 From: sameer at c2.org (sameer at c2.org) Date: Fri, 7 Jun 1996 22:30:28 +0800 Subject: WWW servers. In-Reply-To: Message-ID: <199606062121.OAA07502@niobe.c2.net> > > Does there currently exist a system which permits webservers to restrict > access to clients who have a given certification? Yup. > > What is the current certification practice? Use either VeriSign, or build your own CA. > > How easy is it to certify a given client? Rather easy, using XCert Sentry. > > Are webserver certifications sufficently secure today? "sufficiently" by whose definition? > > What are the best servers to use for secure web pages and certification > currently in the United States? =) Stronghold: The Apache-SSL-US, coupled with XCert Sentry. What else? -- Sameer Parekh Voice: 510-601-9777x3 Community ConneXion, Inc. FAX: 510-601-9734 The Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.net/ (or login as "guest") sameer at c2.net From declan at well.com Fri Jun 7 07:53:26 1996 From: declan at well.com (Declan McCullagh) Date: Fri, 7 Jun 1996 22:53:26 +0800 Subject: Fight-Censorship Dispatch #12: CDA deathwatch, copyright update In-Reply-To: Message-ID: Fred Cherry is a prize example of your lonely pamphleteer, though he's one who's just plain wacky. Note that calling someone wacky or a loon does not equate to saying they should be silenced. I've said many times that Cherry should not be muzzled on Usenet. -Declan For more info on Fred Cherry and his lawsuit, check out my #5 fight-censorship dispatch at: http://fight-censorship.dementia.org/dl?num=2115 On Wed, 5 Jun 1996, Martin Minow wrote: > Date: Wed, 5 Jun 1996 11:16:49 -0700 > From: Martin Minow > To: declan at well.com > Cc: minow at apple.com, cypherpunks at toad.com > Subject: re: Fight-Censorship Dispatch #12: CDA deathwatch, copyright update > > In "Fight-Censorship Dispatch #12", Declan McCullagh writes about > "everybody's favorite net.loon," Fred Cherry: > > >Whatever you think of Cherry's antics, you gotta grant him one thing > > not many people have the balls to demand that a Federal court uphold > > their right to flame. > > I suspect that Tom Payne would -- Cherry seems from your description > to be a prize example of "the lonely pamphleteer." > > It would be interesting to know what Nat Hentoff thinks of Fred. > > Martin Minow > minow at apple.com > > > > From declan+ at CMU.EDU Fri Jun 7 08:05:59 1996 From: declan+ at CMU.EDU (Declan B. McCullagh) Date: Fri, 7 Jun 1996 23:05:59 +0800 Subject: On the Hill: Child Porn "Morphing" In-Reply-To: Message-ID: Excerpts from internet.cypherpunks: 5-Jun-96 Re: On the Hill: Child Porn.. by Jeffrey A Nimmo at ionet.ne > I believe that like all porn, it's a reasonability issue. If a > "reasonable" person would believe that the person depicted in the drawing > or morph to be underage, that it's illegal. I'm not sure, but I'll bet > Sternlight would have an opinion. Anyone care (dare) to ask? Read the legislation. I have the text of S.1237 in front of me now. Child pornography is any depiction, including electronic, where: (A) the production of such visual depiction involves the use of a minor engaging in sexually explicit conduct; (B) such visual depiction is, or appears to be, of a minor engaging in sexually explicit conduct; (C) such visual depiction is advertised, promoted, presented, or distributed in such a manner that conveys the impression that the material is or contains a visual depiction of a minor engaging in sexually explicit conduct. Anyone who "knowingly receives or distributes" it in any way over state lines "including by computer" will be fined and given a 5 to 15 year vacation at Club Fed. -Declan From stevenw at best.com Fri Jun 7 08:16:06 1996 From: stevenw at best.com (Steven Weller) Date: Fri, 7 Jun 1996 23:16:06 +0800 Subject: RISKS: YAJSH Message-ID: Reposted from RISKS: Yet Another Java Security Hole: ------------------------------ Date: Sun, 2 Jun 1996 07:46:20 +0000 (BST) From: David Hopwood Subject: Another Java attack There is another serious security bug in the class loading code for all currently available Java browsers: Netscape up to versions 2.02 and 3.0beta4 (except Windows 3.x) Oracle PowerBrowser for Win32 HotJava 1.0beta 'appletviewer' from the Java Development Kit up to version 1.0.2 Sun, Netscape, and Oracle have been sent details of the problem (which is partly related to the ClassLoader attack found by Drew Dean, et al. in March). The attack works by exploiting a design flaw in the mechanism that separates JVM classes into different namespaces. Using this bug, an attacker can bypass all of Java's security restrictions. This includes reading and writing files, and executing native code on the client with the same permissions as the user of the browser. The only way to avoid this problem at the moment is to disable Java. For more details see http://ferret.lmh.ox.ac.uk/~david/java/bugs/ Technical details will be posted when Sun, Netscape, and Oracle release patches. David Hopwood david.hopwood at lmh.ox.ac.uk http://ferret.lmh.ox.ac.uk/~david/ ------------------------------ Date: Thu, 6 Jun 1996 14:15:46 -0700 From: mrm at doppio.Eng.Sun.COM (Marianne Mueller) Subject: Another Java attack David Hopwood, a Java researcher in the UK, has uncovered a new security bug in Java [RISKS-18.18]. In simple terms, he has been able to manipulate the way objects are assigned and the way they collaborate, in order to undermine the applet security manager. Hopwood contacted JavaSoft directly re: the bug, and we have had a team working on a fix for the past 72 hours. In addition, we are applying Hopwood's model to conduct a security review, to determine if there are other bugs that may apply. We are currently thoroughly testing the fix, and plan to release a patch as soon as possible. As we complete more testing of the fix, a more detailed description of the bug and the fix will be added to the JavaSoft security FAQ at http://java.sun.com/sfaq/. JavaSoft is grateful for the internet security community's active interest in reviewing our code and we welcome feedback that makes Java better technology. ------------------------------ ------------------------------------------------------------------------- Steven Weller | Technology (n): | | A substitute for adulthood. stevenw at best.com | Popular with middle-aged men. From adamsc at io-online.com Fri Jun 7 08:42:00 1996 From: adamsc at io-online.com (Chris Adams) Date: Fri, 7 Jun 1996 23:42:00 +0800 Subject: Fwd: [Fwd: Welcome!] Message-ID: <199606070507.WAA20877@toad.com> ==================BEGIN FORWARDED MESSAGE================== >From: "Chris Adams" >To: "Jerry Kuhn" , > "Gary Orthuber" >Date: Tue, 28 May 96 00:01:11 >Reply-To: "Chris Adams" >Priority: Normal >X-Mailer: PMMail 1.5 UNREGISTERED SHAREWARE >MIME-Version: 1.0 >Content-Type: multipart/mixed; boundary="_=_=_=IMA.BOUNDARY.DS3KHZ138764=_=_=_" >Subject: Fwd: [Fwd: Welcome!] > ==================BEGIN FORWARDED MESSAGE================== >Message-ID: <1082295506 at bbs.io-online.com> >From: adamsc at io-online.com >MIME-Version: 1.0 >Content-Type: multipart/mixed; boundary="zzzz408284d220bc8563io-online.cozzzz" >To: Adamsc >Date: 28 May 1996 12:31:14 pdt >Subject: [Fwd: Welcome!] > This message has been generated solely to deliver this file attachment. This file attachment was originally included in another message, which had multiple file attachments. This message was automatically generated. ===================END FORWARDED MESSAGE=================== This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. ===================END FORWARDED MESSAGE=================== /* From Chris Adams on a Warped PC running a proudly unregistered (for now) PMMAIL 1.5! The Enigman Group - We do Web Pages! */ This Message Was Sent With An UNREGISTERED Version Of PMMail. Please Encourage Its Author To Register Their Copy Of PMMail. For More Information About PMMail And SouthSide Software's Other Products, Contact http://www.southsoft.com. -------------- next part -------------- A non-text attachment was scrubbed... Name: bin00000.bin Type: application/octet-stream Size: 4696 bytes Desc: "FILE.EXT" URL: From nelson at crynwr.com Fri Jun 7 09:36:37 1996 From: nelson at crynwr.com (nelson at crynwr.com) Date: Sat, 8 Jun 1996 00:36:37 +0800 Subject: Multiple Remailers at a site? In-Reply-To: <19960604232157.2053.qmail@ns.crynwr.com> Message-ID: <19960607121455.12742.qmail@ns.crynwr.com> nelson at crynwr.com writes: > Therefore, to keep the characteristics of the trusted host constant > when converting into a partially trusted network, each of the > individual hosts needs to increase their parameters by some amount > (which amount someone else will have to contribute, cuz I have no clue > and need sleep). Ahhhh, sleep is a wonderful thing. It clears the brain so well. The increase is proportional to the level of distrust of the individual hosts by other hosts. If you think half the hosts are TLS moles, you'd double your characteristics (reordering and traffic). -russ http://www.crynwr.com/~nelson Crynwr Software | Crynwr Software sells packet driver support | PGP ok 11 Grant St. | +1 315 268 1925 voice | It's no mistake to err on Potsdam, NY 13676 | +1 315 268 9201 FAX | the side of freedom. From shabbir at vtw.org Fri Jun 7 11:47:04 1996 From: shabbir at vtw.org (Voters Telecommunications Watch) Date: Sat, 8 Jun 1996 02:47:04 +0800 Subject: INFO: Discuss crypto with Sen. Burns online the night before hearings! Message-ID: <199606071312.JAA08699@panix3.panix.com> ============================================================================= ____ _ _ _ / ___|_ __ _ _ _ __ | |_ ___ | \ | | _____ _____ | | | '__| | | | '_ \| __/ _ \ _____| \| |/ _ \ \ /\ / / __| | |___| | | |_| | |_) | || (_) |_____| |\ | __/\ V V /\__ \ \____|_| \__, | .__/ \__\___/ |_| \_|\___| \_/\_/ |___/ |___/|_| CRYPTO HEARINGS (S.1726) SET FOR 6/12/96 IN WASHINGTON D.C. MEET AND SPEAK TO SENATOR BURNS ON HOTWIRED THE NIGHT BEFORE! SEN. CONRAD BURNS (R-MT) SCHEDULED FOR HOTWIRED CHAT 6/11/96 10-11PM EST Date: June 7, 1996 URL:http://www.crypto.com/ crypto-news at panix.com If you redistribute this, please do so in its entirety, with the banner intact. ----------------------------------------------------------------------------- Table of Contents News Press Release on Hearings How to receive crypto-news Press contacts ----------------------------------------------------------------------------- NEWS In what is becoming the newest way for Congress to read the net.community's opinion on issues, Senator Conrad Burns will be on HotWired on June 11th @ 10pm EST to discuss the encryption issue with all attendees. The next day, Senator Burns will be coordinating a day of hearings on the encryption issues with industry luminaries. Never before has the public had this much access to legislators without geographical proximity. Cheaper than teleconferencing, and more direct and unfiltered than the traditional press, online chats allow the public to directly question and hear the answers of Congress. Have a question about encryption policy that you've never been able to find out from the government? Come to the HotWired chat and ask Senator Burns to be your advocate, to press the witnesses and the White House on these issues. The online chat is on June 11 at 10pm EST, the night before the hearings HotWired's WiredSide chat is at (http://www.hotwired.com/wiredside). Information on Senator Burns' legislation is available at http://www.crypto.com ----------------------------------------------------------------------------- PRESS RELEASE ON HEARINGS Senator Conrad Burns (R-Mont.) WEB SITE http://www.senate.gov/~burns/ For immediate release: Contact: Matt Raymond Thursday, June 6, 1996 (202) 224-8150 Randall Popelka (202) 224-6137 First Pro-CODE Hearing Slated Burns' Subcommittee to Hear High-Profile Executives, Witnesses WASHINGTON, D.C. _ Montana Senator Conrad Burns today announced the first of two Senate hearings on S. 1726, the Promotion of Commerce Online in the Digital Era Act of 1996, or "Pro-CODE." The hearing will take place in the Commerce Subcommittee on Science, Technology and Space, of which Burns is chairman. The hearing is scheduled Wednesday, June 12, at 9:30 a.m. in room 253 of the Russell Senate Office Building. Scheduled to testify are: Michael Zisman, president and CEO of Lotus; Jim Barksdale, president and CEO of Netscape Communications; Jim Bidzos, president and CEO of RSA Data Security; Tim Krauskopf, V.P. and co-founder of Spyglass Inc.; Kenneth Dam, chairman of the National Research Council; Douglas J. McGowan, director of the SmartCard Alliance for Hewlett-Packard; Computer Systems Policy Project representative (invited); Joe Holmes, chief technology officer for EDS; Joel S. Lisker, senior V.P. for security and risk management at MasterCard; Danne Buchanan, president of Zion's Data Services Company; Jack Valenti, executive director of the Motion Picture Association of America; Aharon Friedman, chairman, founder and chief technical officer of Digital Secured Networks Technology Inc.; Steve Case, president and CEO of America Online (invited); and Robert Bigomy, senior V.P. and director of strategic marketing, government and space technology group, for Motorola. Burns said the focus of the hearing is on commerce and business issues. He said a second hearing, which will focus on privacy, law enforcement and national security issues, is scheduled in his subcommittee on June 26. The bipartisan Pro-CODE bill would ease export restrictions on computer security, or "encryption," for software and hardware. It would also prohibit mandatory systems in which users or companies would have to place a code-breaking "key" in the hands of a third party. # # # ----------------------------------------------------------------------------- HOW TO RECEIVE CRYPTO-NEWS To subscribe to crypto-news, sign up from our WWW page (http://www.crypto.com) or send mail to majordomo at panix.com with "subscribe crypto-news" in the body of the message. ----------------------------------------------------------------------------- PRESS CONTACT INFORMATION Press inquiries on Crypto-News should be directed to Shabbir J. Safdar (VTW) at +1.718.596.2851 or shabbir at vtw.org Jonah Seiger (CDT) at +1.202.637.9800 or jseiger at cdt.org ----------------------------------------------------------------------------- End crypto-news ============================================================================= From qut4.qut at netcom.com Fri Jun 7 12:11:56 1996 From: qut4.qut at netcom.com (qut4.qut at netcom.com) Date: Sat, 8 Jun 1996 03:11:56 +0800 Subject: Thank you for the Archives 100 messages Message-ID: <199606071402.HAA10943@netcom4.netcom.com> Apologies, but rich has deleted me from his mailboxes, and for a few days now, somebody has placed a global cancel bot on me. I'm gonna have plenty of fun figuring this out. Kwow any good sniffers? I agree the list should be public usenet: A mail gate-way to a usenet group that ALSO permits unmoderated posts. This would be a nice way to combine a strict moderated mail-list, with a standard netnews group. From froomkin at law.miami.edu Fri Jun 7 12:23:45 1996 From: froomkin at law.miami.edu (Michael Froomkin) Date: Sat, 8 Jun 1996 03:23:45 +0800 Subject: Electronic Signatures In-Reply-To: <19960606185840.9230.qmail@ns.crynwr.com> Message-ID: On 6 Jun 1996 nelson at crynwr.com wrote: > > > > The law does not specify how an electronic document must be > > signed, but Barassi and others say it probably will mean coding the text > > and typed signature so they cannot be changed by anyone other than the > > writer. > Before you get all hot under the collar, may I note that I've known Barassi for more than a year, and he is very technically sophisticated. Allow for some reporter-garble. Barassi understands digital signatures as well as you do. A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin at law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's warm here, and humid. From Clay.Olbon at dynetics.com Fri Jun 7 12:26:52 1996 From: Clay.Olbon at dynetics.com (Clay Olbon II) Date: Sat, 8 Jun 1996 03:26:52 +0800 Subject: whitehouse web incident, viva la web revolution Message-ID: Jonathon, > Statistical proof is only accepted in academia. Depending > upon your POV, this may or may not be a good thing, when > one is facing civil, or criminal charges. > > Finding proof for either civil or criminal charges is a > slightly different matter. IANAL, but your statements are misleading. Statistics are often used in both criminal and civil cases. Look at the DNA evidence in the OJ trial (OK, maybe a bad example), or the evidence that breast implants don't cause various ailments (probably another bad example :-). Both of these examples are based on statistics. IMO, part of the problem with juries (and public discourse in general) today is that anecdotal evidence is often accepted, when that evidence is clearly not statistically significant. The examples I cited previously illustrate this - the four horsemen are a similar example for public policymaking. Clay --------------------------------------------------------------------------- Clay Olbon II | Clay.Olbon at dynetics.com Systems Engineer | ph: (810) 589-9930 fax 9934 Dynetics, Inc., Ste 302 | http://www.msen.com/~olbon/olbon.html 550 Stephenson Hwy | PGP262 public key: on web page Troy, MI 48083-1109 | pgp print: B97397AD50233C77523FD058BD1BB7C0 TANSTAAFL --------------------------------------------------------------------------- From nelson at crynwr.com Fri Jun 7 12:52:37 1996 From: nelson at crynwr.com (nelson at crynwr.com) Date: Sat, 8 Jun 1996 03:52:37 +0800 Subject: Electronic Signatures In-Reply-To: <19960606185840.9230.qmail@ns.crynwr.com> Message-ID: <19960607141610.13186.qmail@ns.crynwr.com> Michael Froomkin writes: > > > The law does not specify how an electronic document must be > > > signed, but Barassi and others say it probably will mean coding the text > > > and typed signature so they cannot be changed by anyone other than the > > > writer. > > Before you get all hot under the collar, may I note that I've known > Barassi for more than a year, and he is very technically sophisticated. > Allow for some reporter-garble. Barassi understands digital signatures > as well as you do. I never said or even (should you be a telepath) thought that he didn't. Heck, I've PGP-signed documents which I've then had to FAX to people. :) OCR is your friend, eh? No, I was responding to the person who was distrustful of the law's requirement for certified signatures. DON'T WAIT FOR THE GUVMINT TO CREATE A CERTIFYING AGENCY -- start your own and get some momentum. Makes it much harder for them to claim that PGP won't work because there's no central signature registry. PGP doesn't require a central registry, but then again it doesn't disallow it either. -russ http://www.crynwr.com/~nelson Crynwr Software | Crynwr Software sells packet driver support | PGP ok 11 Grant St. | +1 315 268 1925 voice | It's no mistake to err on Potsdam, NY 13676 | +1 315 268 9201 FAX | the side of freedom. From wilcoxb at nagtje.cs.colorado.edu Fri Jun 7 13:28:35 1996 From: wilcoxb at nagtje.cs.colorado.edu (Bryce) Date: Sat, 8 Jun 1996 04:28:35 +0800 Subject: Micropayments: myth? In-Reply-To: <199606070205.WAA20230@jafar.sware.com> Message-ID: <199606071441.KAA13062@nagtje.cs.colorado.edu> -----BEGIN PGP SIGNED MESSAGE----- Hello Jeff B, vznuri, szabo & alia. Jeff wrote: > > Or are you saying that each IP packet will have an appropriately sized > digital cash payment attached? That seems like too much overhead. So people who work on micropayments are trying to reduce that overhead. It is clear to me that it is feasible to do so. (Someone have a list of references to published micropayment schemes that I can insert here?) IPng headers have plenty of room for this kind of thing, don't they? Also on this thread someone mentioned seeing an icon that says "5 cents" and clicking on it to pay 5 cents from their wallet. Well, please start your Ecash(tm) wallet and visit "http://www.c2.net/~bryce/BuyBAP.html". Click on the dime. Better yet click on the pair of quarters. As a bonus you actually get a copy of 'Bryce's Easy PGP', too! (Sameer's the one to blame for this new threat to our national security/children's innocence/community standards/etc. His "Ecash(tm) integrated with c2.net" system underlies my cybershop.) Regards, Bryce #include /* I'm not speaking for anyone else at this time. */ - ----- BEGIN GOODTIMES VIRUS INNOCULATION ----- Once you have read and understood this .sig, you are immune to the Good Times virus. Please help spread this innoculation! - ----- END GOODTIMES VIRUS INNOCULATION ----- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: www.c2.net/~bryce -- 'BAP' Easy-PGP v1.1b2 iQCVAwUBMbg/mvWZSllhfG25AQGOGwP/SwDNHECjGy5a7dNVIVZEjLofN+Dgsoq0 ri7LrIE/m5hyj9Xu2HelM8o8p8e2bTylQ7GFcTZVFYBYMbb2INldFacf4X/hGfrG snhDWuV2ZQts4/CO92hQ44OhPSCTFPHH+nKnocTQRwNOySqPWGTxSxnvFO+Grguv NMv7U9k/do0= =uvhj -----END PGP SIGNATURE----- From declan+ at CMU.EDU Fri Jun 7 13:42:12 1996 From: declan+ at CMU.EDU (Declan B. McCullagh) Date: Sat, 8 Jun 1996 04:42:12 +0800 Subject: FOR WHOM THE BELL TOLLS In-Reply-To: <199606070633.XAA01053@mail.pacifier.com> Message-ID: <8li234S00YUzE1usAp@andrew.cmu.edu> Excerpts from internet.cypherpunks: 6-Jun-96 Re: FOR WHOM THE BELL TOLLS by jim bell at pacifier.com > Not quite yet, anyway. I'm very disappointed to have waited over a year for > some slick lawyer to show me how I'd be violating some law or another to do so > . A few observations: 1. Not many readers of cypherpunks are lawyers 2. Of the laywers who do read cypherpunks, many may not choose to spend their time researching what laws AP may violate. Or they're not "slick" lawyers; take your pick. 3. Congress would have no problems passing a law outlawing AP, if one does not exist already. -Declan From crisper at ascensionet.com Fri Jun 7 13:53:40 1996 From: crisper at ascensionet.com (Sean T Carnes) Date: Sat, 8 Jun 1996 04:53:40 +0800 Subject: Banking's Physical Security Message-ID: <01BB545E.2DDAE5C0@ppp3> We all know that banks are very highly protected as far as their money goes but how safe are there computers? I live very close to a computer database collecting company that collects the data related to many banks in the area. It is all done through land lines and is not very well protected. They aren't very careful about who or what they let into the building also. If someone were to cut the lines the banks in the area would be out for days and they wouldn't have a means to do interbank transactions outside of the immediate area. Has anyone else seen this in there area or heard of it. Wouldn't it be a better idea to do the transactions by satellite. From brock at well.com Fri Jun 7 14:23:17 1996 From: brock at well.com (Brock N. Meeks) Date: Sat, 8 Jun 1996 05:23:17 +0800 Subject: whitehouse web incident, viva la web revolution In-Reply-To: Message-ID: Hey, you misinformed Dolt Hallam-Baker, for the record I voted for Clinton. I won't for Dole. Now, back in your cave. --Brock From crisper at ascensionet.com Fri Jun 7 14:24:48 1996 From: crisper at ascensionet.com (Sean T Carnes) Date: Sat, 8 Jun 1996 05:24:48 +0800 Subject: Jobs Message-ID: <01BB5460.9B743B20@ppp3> I am looking for a job in the computer business doing basically anything computer related, except something like typing all day, where i could get some experience around different computer enviroments. I have good knowledge of PC's and of some basic network situations. If anyone is in the NY metro area or on Long Island and is looking for some summer help could you please e-mail me back. Thanks From perry at piermont.com Fri Jun 7 14:24:49 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sat, 8 Jun 1996 05:24:49 +0800 Subject: Anonymous stock trades. In-Reply-To: <9606062327.AA04162@Etna.ai.mit.edu> Message-ID: <199606071452.KAA18055@jekyll.piermont.com> hallam at Etna.ai.mit.edu writes: > > >I suppose it depends on what you call "open", eh, Phill? > > >If by "open", you mean financial markets where, as Milton Freedman says, > >each new regulation raises the cost of entry and protects the surviving > >firms by killing their smaller competion with red tape, then we have "open" > >markets. > > Well, Milton Friedman's method for saving the whale is to leave it > to the free market, if people want whales in the oceans they won't > buy whale meat. Dr. Phill Hallam-Baker, PhD, seems to know even less about free market environmentalism than he knows about futures and options. Of course, what Dr. Phill Hallam-Baker, PhD, suggests is idiotic. As any free market economist would tell you, the way to stop a resource from being destroyed is not to pray that people won't buy it but to assure that someone has an ownership stake in the resource, thus assuring that their investment would be destroyed if the resource vanished. Thats why, for instance, timber companies happily clear cut government land that they have leased (after all, not clear cutting would mean that they wouldn't extract maximum value for their lease under the idiotic terms that the leases are made under) but will almost never clear cut their own lands, because that would reduce their long term value. Dr. Phill Hallam-Baker, PhD, however, does not understand economics in spite of his PhD and thus attributes views to free market economists that they do not hold, as in his whole cloth synthesis of a viewpoint which he ascribed to Milton Friedman which Milton Friedman would never in a million years espouse. Perry From jim at ACM.ORG Fri Jun 7 14:33:27 1996 From: jim at ACM.ORG (Jim Gillogly) Date: Sat, 8 Jun 1996 05:33:27 +0800 Subject: FOR WHOM THE BELL TOLLS In-Reply-To: <199606070633.XAA01053@mail.pacifier.com> Message-ID: <199606071523.IAA12176@mycroft.rand.org> Regarding TCM's en passant comment that Bell's ideas are derivative: jim bell writes: >Technically, it wasn't derived from anything directly, or for that matter >even indirectly. However, since there's nothing new under the sun, Try Gilbert & Sullivan's operetta "Utopia, Ltd." Assassinating the ruler was fine and/or encouraged, but the assassin had to take his place. Not as close as the Dirty Harry movie, though... >I generally don't feel the need to name specific people. I'm sure each >reader has his own pet list to fall back on. Aha. Gilbert & Sullivan again, this time from the Mikado: "I've got a little list of society offenders who might well be under ground, and who never would be missed." That's Koko, the Lord High Executioner, casting about for the next victim. However, in Mikado assassinating an Heir Apparent was a punishable offense. Something involving boiling oil, as I recall. I noted recently a news article listing about 4 "dead pools" around the Web, not even counting the Idea Futures death claims. I don't recall that any of them used real money. Jim Gillogly Sterday, 18 Forelithe S.R. 1996, 15:17 From jamesd at echeque.com Fri Jun 7 14:41:33 1996 From: jamesd at echeque.com (jamesd at echeque.com) Date: Sat, 8 Jun 1996 05:41:33 +0800 Subject: FOR WHOM THE BELL TOLLS Message-ID: <199606071535.IAA27849@dns1.noc.best.net> At 06:54 AM 6/6/96 -0400, Duncan Frissell wrote: > (I've often > wondered why Hamas uses/used couriers for getting funds to Israel when > Israel has a great ATM network with international links.) Sounds like you are suffering caffeine withdrawal. Try wondering again after you have had some coffee. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From trei at process.com Fri Jun 7 16:08:18 1996 From: trei at process.com (Peter Trei) Date: Sat, 8 Jun 1996 07:08:18 +0800 Subject: Cost of brute force decryption. Message-ID: <199606071645.JAA04692@toad.com> > From: "Deranged Mutant" > > On 4 Jun 96 at 10:58, Bruce M. wrote: > > [..] > > "If you can ensure secrecy either until no one cares about the > > information or so that cracking the code costs more than the information > > is worth, it's 'secure enough.' > > > > "For example a 40-bit key takes about $10,000 worth of supercomputer > > time and two weeks to crack. Although this key may be adequate to > > protect my checking account, it's probably not large enough for the > > accounts of a major corporation. > [..] > > The figures look familiar. No references around. I'm not sure it would > require a whole two weeks for 40-bits, though. Possibly less than a > day? (Or was that why you asked baout the figures?) A week? No. The second round of the cypherpunk's distributed key cracking (which bruted 40 bit RC4) completed in 38 hours. That was a year ago. With the growth in the number of interested people on the net, and the upgrades in cpu power since then, I expect that a similarly motivated effort could burn the same number of cycles in well under 24 hours. (The bottleneck a year ago was in coordination - not raw processing power). Prediction: By the millenium, we'll have made single DES look about as silly as 40 bit RC4 is today. Peter Trei From frissell at panix.com Fri Jun 7 16:12:04 1996 From: frissell at panix.com (Duncan Frissell) Date: Sat, 8 Jun 1996 07:12:04 +0800 Subject: FOR WHOM THE BELL TOLLS Message-ID: <2.2.32.19960607170941.0075b778@popserver.panix.com> At 08:29 AM 6/7/96 -0700, jamesd at echeque.com wrote: >At 06:54 AM 6/6/96 -0400, Duncan Frissell wrote: >> (I've often >> wondered why Hamas uses/used couriers for getting funds to Israel when >> Israel has a great ATM network with international links.) > >Sounds like you are suffering caffeine withdrawal. Try wondering again >after you have had some coffee. > --------------------------------------------------------------------- James. What am I missing? It is trivial to keep both ends of an international ATM transaction anonymous. And if Hamas suicide bombers can make it into Israel proper, I'm sure bagmen can hit ATMs there. There may even be ATMs in East Jerusalem or on the West Bank. DCF From unicorn at schloss.li Fri Jun 7 16:16:13 1996 From: unicorn at schloss.li (Black Unicorn) Date: Sat, 8 Jun 1996 07:16:13 +0800 Subject: Banking's Physical Security In-Reply-To: <01BB545E.2DDAE5C0@ppp3> Message-ID: On Wed, 5 Jun 1996, Sean T Carnes wrote: > We all know that banks are very highly protected as far as their money goes but how safe are there computers? I live very close to a computer database collecting company that collects the data related to many banks in the area. It is all done through land lines and is not very well protected. They aren't very careful about who or what they let into the building also. If someone were to cut the lines the banks in the area would be out for days and they wouldn't have a means to do interbank transactions outside of the immediate area. Has anyone else seen this in there area or heard of it. Wouldn't it be a better idea to do the transactions by satellite. ^^ Very vulnerable to jamming. --- My preferred and soon to be permanent e-mail address:unicorn at schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information Opp. Counsel: For all your expert testimony needs: jimbell at pacifier.com From tcmay at got.net Fri Jun 7 16:41:01 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 8 Jun 1996 07:41:01 +0800 Subject: It tolls for thee Message-ID: At 7:29 AM 6/7/96, jim bell wrote: >Even so, given how much noise we've been hearing out of DC on the subject >of the Internet, digital cash, and good encryption, I'd say SOMEBODY is >getting a bit worried. I haven't exactly been keeping this stuff a secret: >What do you think their reaction has been, so far? When those >government-types start considering various scary scenarios, what do you >think they are imagining? I don't think any significant amount of the current stuff coming out of Washington has anything to do with my words, your words, or the words of anyone on this or any other forum I know about. Importantly, I'm including my own words, explicitly. Sorry to burst _our_ bubbles, but I just don't think the lawmakers and burrowcrats are being driven by loose talk by us. Rather, the reasons for their actions and hyperbole about the Net, the Web, online porn, money laundering, the "information highway," and all that trendy stuff is because they can see many of the same trends we see. While I have a certain amount of pride that my single-page "Crypto Anarchist Manifesto" essentially nailed a bunch of trends which have become obvious to all in the 8 years after I issued it, I don't for a picosecond think anything I wrote then or since has had any significant effect on proposed leglislation. While some of our writings and talk may have inspired "sound bites" in their own reports, the concerns governments have about strong cryptography, transparent borders, alternative forms of money, data havens, etc., are easy to understand. >Not quite yet, anyway. I'm very disappointed to have waited over a year for >some slick lawyer to show me how I'd be violating some law or another to do so. This is factually incorrect. I recall at least one law professor and at least one assistant DA publically commenting on the legal implications of your actual deployment of AP (as opposed to merely speculating about such things, which all agree is protected speech). And this was soon after your initial flurry of posts describing your "wonderful idea." --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jimbell at pacifier.com Fri Jun 7 16:56:48 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 8 Jun 1996 07:56:48 +0800 Subject: FOR WHOM THE BELL TOLLS Message-ID: <199606071725.KAA26027@mail.pacifier.com> At 04:05 AM 6/7/96 -0000, nelson at crynwr.com wrote: >jim bell writes: > > > My impression is that it is frequently the pacifist-types who get us into > > war, because they start the process out by tolerating actions by others that > > turn into more serious actions, etc. You know, the appeasers. Are you an > > appeaser? > >A quote from Donald Wetzel's book Pacifist: > >The pacifist is often asked what he would do in the event the United >States were to be conquered by a hostile power. The assumption on the >part of the questioner is almost always that we would simply assume >the proper position in which best to have our asses kicked. I suggest >that anyone who believes that such would be the pacifist response to >the imposition in America of an oppressive, authoritarian >rule--foreign or domestic--should consult the prison authorities that >were in power when America's prisons were host to some six thousand >pacifists. I am sure it will be found that we have not been >forgotten. I propose that there has ALREADY been "the imposition in America of an oppressive, authoritarian rule." What are the pacifists doing now? Jim Bell jimbell at pacifier.com From attila at primenet.com Fri Jun 7 17:07:55 1996 From: attila at primenet.com (attila) Date: Sat, 8 Jun 1996 08:07:55 +0800 Subject: FOR WHOM THE BELL TOLLS Message-ID: <199606071658.JAA27327@primenet.com> jim bell writes: > My impression is that it is frequently the pacifist-types who get us into > war, because they start the process out by tolerating actions by others that > turn into more serious actions, etc. You know, the appeasers. > true, too true. unfortunately, the point is corrrect: the pacifist do tolerate actions that others would not thereby encouraging further aggression. after the pacifists have been attacked, they can be particularly violent --and incarcertated, they are defiant. Or, as I prefer to put it: there is nothing worse than a liberal whose ass has been bit. -- Hackers never stop hacking, they just get caught From hallam at Etna.ai.mit.edu Fri Jun 7 17:26:17 1996 From: hallam at Etna.ai.mit.edu (hallam at Etna.ai.mit.edu) Date: Sat, 8 Jun 1996 08:26:17 +0800 Subject: Anonymous stock trades. In-Reply-To: <199606071452.KAA18055@jekyll.piermont.com> Message-ID: <9606071731.AA04519@Etna.ai.mit.edu> Perry writes.. >Dr. Phill Hallam-Baker, PhD, seems to know even less about free market> >environmentalism than he knows about futures and options. This is the Perry argument! Call someone a fool, invite ridicule... ohhh perry does that make you feel big? does that make you feel like you can argue? Of course you can't argue or you would not have begun your arguement with a gratuitous insult. You are clearly uncertain of your case and feel that you have to puff yourself up a bit and try a bit of intimidation. I asked my stock broker about the trades Hilary did. Sorry Perry, you were wrong 5% margin is sufficient in most markets. That means $1000 can cover $20,000. Your whole case was based on a false premise. Since the last time you began a Perrygram by insulting me you turned out to be wrong it should be no suprise for this to be a repeat. The argument from Friedman was as published in a letter to the London Times by the man himself. You can even go and look it up if you like, it was published in '89 or '90. He did not make a reference to "stakeholders". That was not his argument. His argument was based entirely on the mechanism of the market, supply and demand. -Phill From unicorn at schloss.li Fri Jun 7 17:29:03 1996 From: unicorn at schloss.li (Black Unicorn) Date: Sat, 8 Jun 1996 08:29:03 +0800 Subject: whitehouse web incident, viva la web revolution In-Reply-To: Message-ID: On 7 Jun 1996, Clay Olbon II wrote: > Jonathon, > > > Statistical proof is only accepted in academia. Depending > > upon your POV, this may or may not be a good thing, when > > one is facing civil, or criminal charges. > > > > Finding proof for either civil or criminal charges is a > > slightly different matter. > > IANAL, And so you thought you would engage in legal commentary, of course. :) > but your statements are misleading. Statistics are often used in > both criminal and civil cases. Look at the DNA evidence in the OJ trial > (OK, maybe a bad example), or the evidence that breast implants don't cause > various ailments (probably another bad example :-). Both of these examples > are based on statistics. IMO, part of the problem with juries (and public > discourse in general) today is that anecdotal evidence is often accepted, > when that evidence is clearly not statistically significant. The examples > I cited previously illustrate this - the four horsemen are a similar > example for public policymaking. Statistical evidence is fairly strictly regulated actually in a judicial context. e.g., People v. Collins, 438 P.2d 33 (1968) (prohibiting mathamatical odds and statistical evidence from use in identification and requireing strict foundation to be laid before any probability evidence will be admitted); Cole v. Cole, 328 S.E.2.d 446 (1985) (discussing the nature of probability in relation to the scope of the evidence presented); Frye v. U.S., 293 F. 1013 (D.C.Cir 1923) (estlablishing the rule that scientific evidence must be treated with a different standard even when presented by certified experts. specifically that it must be 'generally accepted in the scientific community); See Generally, L.J. Cohen, The Probably and the Provable (1977). > Clay > > --------------------------------------------------------------------------- > Clay Olbon II | Clay.Olbon at dynetics.com > Systems Engineer | ph: (810) 589-9930 fax 9934 > Dynetics, Inc., Ste 302 | http://www.msen.com/~olbon/olbon.html > 550 Stephenson Hwy | PGP262 public key: on web page > Troy, MI 48083-1109 | pgp print: B97397AD50233C77523FD058BD1BB7C0 > TANSTAAFL > --------------------------------------------------------------------------- > --- My preferred and soon to be permanent e-mail address:unicorn at schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information Opp. Counsel: For all your expert testimony needs: jimbell at pacifier.com From perry at piermont.com Fri Jun 7 18:30:20 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sat, 8 Jun 1996 09:30:20 +0800 Subject: Anonymous stock trades. In-Reply-To: <9606071852.AA04637@Etna.ai.mit.edu> Message-ID: <199606071900.PAA18399@jekyll.piermont.com> hallam at Etna.ai.mit.edu writes: > PS, I don't recommend that people read the works of the late Cato > Institute staffer mentioned. There are better authorities than the > speechwriter of Barry Goldwater. Karl Hess Jr (PhD). wasn't Barry Goldwater's speechwriter. His father was. His father didn't have a PhD -- indeed, he never attended a state run school past his early teenage years. Karl Hess senior also was never a Cato instutute staffer -- to my knowledge, his son is not on the staff of the Cato institute either. Its astounding how many inaccurate comments you can pack into a brief space. Dr. Phill Hallam-Baker, D.Phil (one wonders how a doctor of philosophy differs from a PhD since that is also a doctor of philosophy) seems to spew random inaccuracies left and right. Perry From nelson at crynwr.com Fri Jun 7 18:31:54 1996 From: nelson at crynwr.com (nelson at crynwr.com) Date: Sat, 8 Jun 1996 09:31:54 +0800 Subject: Internet solution for law enforcement In-Reply-To: <199606071900.MAA12968@hopf.dnai.com> Message-ID: <19960607194629.14482.qmail@ns.crynwr.com> caal at hopf.dnai.com writes: > Has anyone seen this yet? Looks like it's two weeks old. Internet Police! Hey, I went into the local New York State Police station and asked if they had email. The answer is basically "No." They've got something like a telex system. I doubt that they're any encryption on their data services. You'd think that police department RADIOS would at least be encrypted! Thanks, TLAs, for your crime encouraging efforts. [ TLA lurkers should have the grace to wince at that. ] -russ http://www.crynwr.com/~nelson Crynwr Software | Crynwr Software sells packet driver support | PGP ok 11 Grant St. | +1 315 268 1925 voice | It's no mistake to err on Potsdam, NY 13676 | +1 315 268 9201 FAX | the side of freedom. From frantz at netcom.com Fri Jun 7 18:48:53 1996 From: frantz at netcom.com (Bill Frantz) Date: Sat, 8 Jun 1996 09:48:53 +0800 Subject: WWW servers. Message-ID: <199606071858.LAA28919@netcom7.netcom.com> Black Unicorn: >> Does there currently exist a system which permits webservers to restrict >> access to clients who have a given certification? Sameer: > Yup. .... > =) Stronghold: The Apache-SSL-US, coupled with XCert >Sentry. What else? Bill Stewart: >Of course, there's a simpler approach; restrict access to people >who have logins and passwords, and only give those to people >who have the certification... But of course, cleartext passwords have their own problems. You really need to make use of the fact that there is a computer at both ends so you are protected from replay attacks. With that caveat, passwords work fine (except for the difficulty of remembering a bunch of them vs. the insecurity of using the same one multiple places or writing them down). ------------------------------------------------------------------------ Bill Frantz | The CDA means | Periwinkle -- Computer Consulting (408)356-8506 | lost jobs and | 16345 Englewood Ave. frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA From SBinkley at atitech.ca Fri Jun 7 19:26:56 1996 From: SBinkley at atitech.ca (Scott Binkley) Date: Sat, 8 Jun 1996 10:26:56 +0800 Subject: mailing-list through a remailer In-Reply-To: Message-ID: Does anyone know if the following would work: Having a mailing-list run through a remailer?? Someone would post (through an anon remailer) about a majordomo type list through an anonymous remailer (anon-penet.fi for example). You would send a message to 123456 at anon-penet.fi, with a subscribe SECRET-LIST. Your message would be anonymous to the list, as the server would be to you. The server would then treat your return address through the remailer as your address, and you would post to the anonymous account for the server. It would be double blind, and difficult to find out who ran the list. If you chained the remailers, it would be even more difficult. Can this be done?? Has this been tried?? From vznuri at netcom.com Fri Jun 7 19:38:08 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Sat, 8 Jun 1996 10:38:08 +0800 Subject: Micropayments: myth? In-Reply-To: <199606070205.WAA20230@jafar.sware.com> Message-ID: <199606072058.NAA05291@netcom3.netcom.com> > >> the wallet action will always >> be tied with some other action. the user picks up the phone to dial >> somewhere, and it says, "that will be .3c-- will you pay"? he says >> yes. > > How will you know the cost is .3c a priori? >What's to stop me from saying yes to the .3c and staying on the line >forever? I don't understand why this micropayment thing is being thought so complicated. I am making some simple assumptions that seem to not be obviously apparent, apparently. I don't think micropayments make sense in transactions in which the buyer requires the ability to back out of a purchase. in other words, if I download an FTP file, pay 2c, and then say, "this isn't what I wanted", I don't think a refund is typically going to be supported. it would be up to individual vendors, but I doubt very many would allow it. a service [x] knows how much they are going to charge for a file or a http transfer. they tell the user, "you can have this for [x] cost". the user *sends* them the money to get the data. there is no concept of the company going into their wallet and pulling out the cash. the buyer sends the token and initiates the entire transaction. I am not saying this micropayment thing is going to be the only way future transactions will work. of course not. it's just one way that makes some assumptions. what about services that don't deliver? I would imagine a cyberspatial equivalent of the BBB will be just fine for that. an agency that registers complaints. a company doing a micropayment bilk scheme could only get away with a small amount of cash before they got a bad reputation. the reputation could be checked by the browser prior to paying, that kind of thing. the example I gave of a phone service billing people for phone calls was not a great example for micropayments, but it could be pulled off. imagine that your phone has a little readout that tells you how much you are being charged. you can cancel the call. you can watch your little readout as it bills you money. you could set limits, "do not pay more than 10c/minute". these limits are built into your *local* wallet (browser, phone) etc.-- they are not handled by the company that is charging you. hence you retain full control. If you disallow that, how? Will it cost the same amount if >I'm not sending anything as it will if I'm sending a live video + audio >feed? If so, what's to stop me from bundling my whole neighborhood's >Internet traffic into this call? If not, how will you tell the >difference without monitoring my usage and requiring me to pay for the >additional bandwidth I use? MICROPAYMENTS. they are for small transactions. the standard billing model will be used in other situations as it is today, although it will be moved into a cyberspatial equivalent. micropayments are NOT going to be the only way the future economy will work. I think some people seem to have some misconceptions about this. it won't make sense to use microcurrency everywhere. I don't know if micropayments will ever be tied to each pack like you are proposing. at least in the beginning, I would assume a structure like the internet is today with a micropayment charges built on top of it like I suggested with browsers or that kind of thing. companies will probably charge for bandwidth if they are charging for network services. you can't send a lot of data without using more bandwidth. From sandfort at crl.com Fri Jun 7 20:24:04 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Sat, 8 Jun 1996 11:24:04 +0800 Subject: No Subject Message-ID: <2.2.32.19960607185634.00749a80@popmail.crl.com> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ C'punks, At 08:29 AM 6/7/96 -0700, you wrote, re: using ATM machines instead of couriers: >Sounds like you are suffering caffeine withdrawal. Try >wondering again after you have had some coffee. Gosh, I don't even drink coffee and I think Duncan is absolutely right on point. Snide remarks notwithstanding, what substantive critique do you have of Duncan's remarks? S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From nelson at crynwr.com Fri Jun 7 20:28:19 1996 From: nelson at crynwr.com (nelson at crynwr.com) Date: Sat, 8 Jun 1996 11:28:19 +0800 Subject: FOR WHOM THE BELL TOLLS In-Reply-To: <199606071725.KAA26027@mail.pacifier.com> Message-ID: <19960607182852.14074.qmail@ns.crynwr.com> jim bell writes: > At 04:05 AM 6/7/96 -0000, nelson at crynwr.com wrote: > >jim bell writes: > > > > > My impression is that it is frequently the pacifist-types who get us into > > > war, because they start the process out by tolerating actions by others that > > > turn into more serious actions, etc. You know, the appeasers. Are you an > > > appeaser? > > > >A quote from Donald Wetzel's book Pacifist: > > > >The pacifist is often asked what he would do in the event the United > >States were to be conquered by a hostile power. The assumption on the > >part of the questioner is almost always that we would simply assume > >the proper position in which best to have our asses kicked. I suggest > >that anyone who believes that such would be the pacifist response to > >the imposition in America of an oppressive, authoritarian > >rule--foreign or domestic--should consult the prison authorities that > >were in power when America's prisons were host to some six thousand > >pacifists. I am sure it will be found that we have not been > >forgotten. > > I propose that there has ALREADY been "the imposition in America of an > oppressive, authoritarian rule." > > What are the pacifists doing now? Nothing -- alas, they don't see the oppression or authority. For better or worse, America really *is* the most free country. We sit here and say how much better it could be, and how awful it is compared to that. Others look around and say "Well, you aren't being carried off in the middle of the night by death squads, so I'm not going to waste my time on you when I could help other people in danger of death." I'm not prepared to argue against that judgement. -russ http://www.crynwr.com/~nelson Crynwr Software | Crynwr Software sells packet driver support | PGP ok 11 Grant St. | +1 315 268 1925 voice | It's no mistake to err on Potsdam, NY 13676 | +1 315 268 9201 FAX | the side of freedom. From hallam at Etna.ai.mit.edu Fri Jun 7 20:28:29 1996 From: hallam at Etna.ai.mit.edu (hallam at Etna.ai.mit.edu) Date: Sat, 8 Jun 1996 11:28:29 +0800 Subject: Anonymous stock trades. In-Reply-To: <199606071900.PAA18399@jekyll.piermont.com> Message-ID: <9606072143.AA04720@Etna.ai.mit.edu> Perry, for a person who is picking nits you are getting rather too many wrong: Fortunately you are now arguing in a region where I can give authoratative sources online. >Karl Hess Jr (PhD). wasn't Barry Goldwater's speechwriter. His father >was. His father didn't have a PhD -- indeed, he never attended a state >run school past his early teenage years. I had missed the Jr bit, but Hess Sr is somewhat better known. > Karl Hess senior also was >never a Cato instutute staffer -- to my knowledge, his son is not on >the staff of the Cato institute either. Wrong, try visitng the Cato Institute's site: http://www.cato.org/people.html You can find his papers at: http://www.cato.org/pa-234es.html Of course the Cato Institute may have simply added him to their "staff" list to make them look more important but I doubt it. The piece is not particularly original, Cadilac Desert made the same points in the early 80s. On the other hand it is a briefing paper intended to influence legislation so thats not suprising. Federal subsidies of water and farmland have turned into corporate handouts. This is hardly suprising given the mechanism. The farmers want to get a freebie handout while pretending that they are not on welfare. This leads to a mechanism which is attempting socialist policies without admitting that they are socialist, the handouts have to be disguised resulting in far more waste than if an intellectually honest policy were followed. In the EU there is a similar system of corrupt price support for agriculture, mainly supported by the French. I don't know of any serious political movement which supports such policies except for farmers advocates which does not recognise them as pork barrel. Phill From caal at hopf.dnai.com Fri Jun 7 20:37:08 1996 From: caal at hopf.dnai.com (caal at hopf.dnai.com) Date: Sat, 8 Jun 1996 11:37:08 +0800 Subject: "EASYSAFE(R) VERSION 3.0 Message-ID: <199606072136.OAA24986@hopf.dnai.com> I thought this may be of interest to the list. >[PRNewswire:Computers-0605.14] 6/5/96 > > EASYSAFE(R) VERSION 3.0 FOR DOS, WINDOWS & WINDOWS 95 'FIRST > NOTEBOOK SECURITY PRODUCT' > > CHICAGO, June 5 /PRNewswire/ - EliaShim Safe Software, a leading > provider of network security products and anti-virus protection > systems, announced at Spring Comdex 96 the release of EasySafe, > version 3.0, the first security and encryption product designed > specifically for notebook computers. > > .. EasySafe provides bullet-proof protection that is easy to install. > .. EasySafe prevents unauthorized use or access through boot password > protection. > .. EasySafe prevents removal or transfer of information via full hard > disk encryption. > .. EasySafe provides keyboard locking after three incorrect password > attempts. > .. EasySafe provides screen blanking after a predetermined period of > inactivity. > .. EasySafe denies system level access to hard disk information. > .. EasySafe can be configured to disable LPT, COM, and Floppy ports. > > Upon boot-up, EasySafe asks the user for a password. A > correctly entered password grants the user access to the computer. > Encryption/decryption of data on the hard disk is dynamic and > completely transparent to the user. The system allows for three > password attempts before locking the computer, and only a cold-boot > reset is possible. After entering the correct password, the disk is > unencrypted dynamically, normal boot up takes place, and the user is > granted access to the system without disk access restrictions or > delay. > > EasySafe includes a DOS/Windows screen saving utility which > blanks the screen after a period of inactivity. The only way to re- > activate the computer is to enter the correct password. > > EasySafe offers two encryption methods. The first encrypts all > data on local hard drives. The second method encrypts boot sectors > and partitions. This prevents unauthorized users from booting from > the "A": drive and accessing the data on the hard disk. This > encryption scheme also protects against the use of disk editing > programs (such as Norton Utilities). Thus, valuable company secrets > remain hidden and secure. EasySafe can be configured to disable LPT, > COM, and Floppy ports to ensure that the information contained on > the hard drive cannot be transferred to another system for later > viewing. > > While annual purchases of notebook computers have increased > steadily, the number of notebooks reported stolen each year is much > more alarming. In 1995, 208,000 notebooks with a value of almost > $640 million were reported stolen by a Columbus, Ohio insurance > company that offers coverage for portable computers (Information > Week - May 6, 1996 issue). EasySafe is the perfect product for > those field professionals whose notebooks contain valuable, > confidential, company information and other sensitive data that is > hundreds of times more valuable than the cost of a notebook. > > Founded in 1983, EliaShim Safe Software has been providing PC > security solutions and anti-virus protection for corporate, > government, educational institutions, and program developers in both > domestic and international markets. Over four million computers are > protected worldwide. Product line includes: EasySafe, MasterSafe, > ViruSafe Gold, and ViruSafe LAN. > > -0- 6/5/96 > /CONTACT: Carl Frederick, Jr., Director of Marketing, EliaShim > Microcomputers, 800-477-5177, or at Spring Comdex 96, Booth . C5431, > 312- > 791-6708/ > > CO: EliaShim Microcomputers, Inc. > ST: Florida > IN: CPR > SU: PDT > > From hallam at Etna.ai.mit.edu Fri Jun 7 20:58:43 1996 From: hallam at Etna.ai.mit.edu (hallam at Etna.ai.mit.edu) Date: Sat, 8 Jun 1996 11:58:43 +0800 Subject: Anonymous stock trades. In-Reply-To: <199606072309.TAA18743@jekyll.piermont.com> Message-ID: <9606072345.AA04810@Etna.ai.mit.edu> Perry, BTW, its not normally polite to post comments on personal mail to a list. I thought the list had probably got bored with this nonsense long ago. > The fact that neither of them lives within striking distance of >Cato headquarters (O'Rourke lives in New Hampshire) makes your claim >ever more interesting. Being listed as staff in my view makes one a staff member. There have been interesting developments in telecommunications which make it no longer necessary to physically reside where one works. When I was a CERN fellow I was certainly on the payroll of CERN - generally that is what "Fellow" means. If Perry wishes to call me a fool for calling a person listed by the Cato Institute as a member of their "staff" a member of the Cato institute staff then I guess Perry has a different deffinition of "fool";. Phill From perry at piermont.com Fri Jun 7 20:59:51 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sat, 8 Jun 1996 11:59:51 +0800 Subject: Anonymous stock trades. In-Reply-To: <9606071731.AA04519@Etna.ai.mit.edu> Message-ID: <199606071820.OAA18322@jekyll.piermont.com> hallam at Etna.ai.mit.edu writes: > Call someone a fool, invite ridicule... ohhh perry does that make > you feel big? Not nearly as big as insisting that all around acknowledge your doctorate must make you feel, Dr. Phill Hallam-Baker, PhD. I like the fact, by the way, that you essentially ignored the substance of my comments, and instead chose to discuss peripheral matters. If anyone wants to see real discussion of environmental issues with an emphasis on market based solutions, rather than arguments pulled out of the buttocks of Dr. Phill Hallam-Baker, PhD, I suggest the writings of, among others, Karl Hess Jr. (oh, and Dr. Phill Hallam-Baker, PhD might wnat to know that its Dr. Karl Hess) > I asked my stock broker about the trades Hilary did. Sorry Perry, > you were wrong 5% margin is sufficient in most markets. Only in some markets, but that doesn't matter. She had even less than that on all of her trades, or didn't you pay any attention, Dr. Phill Hallam-Baker, PhD. You should have been able to figure that out from my remarks, incidently -- had she merely been controlling $20,000 worth of cattle with a $1000 investment she couldn't possibly have wiped out her net worth on a single transaction. Control hundreds of thousands or millions of dollars worth of cattle, however, and a sneeze in the marketplace will cost a pretty penny. Frankly, I think this latest flub demonstrates you don't know any of the facts of the case, You can't name the size of her trades. You didn't even know whether she was trading options or futures. I suspect you are just plain ignorant of the entire situation and are pulling facts out of your buttocks, largely for reasons of your partisan support of the Clintons. Perry From hallam at Etna.ai.mit.edu Fri Jun 7 21:02:48 1996 From: hallam at Etna.ai.mit.edu (hallam at Etna.ai.mit.edu) Date: Sat, 8 Jun 1996 12:02:48 +0800 Subject: Anonymous stock trades. In-Reply-To: <199606071820.OAA18322@jekyll.piermont.com> Message-ID: <9606071852.AA04637@Etna.ai.mit.edu> >Not nearly as big as insisting that all around acknowledge your >doctorate must make you feel, Dr. Phill Hallam-Baker, PhD. It was you who insited on calling me "Mr Baker" despite the fact that we have been introduced. If you insist on being formal you can get it right. Its a D.Phil by the way, not a PhD. >I like the fact, by the way, that you essentially ignored the >substance of my comments, and instead chose to discuss peripheral matters. Good. Phill PS, I don't recommend that people read the works of the late Cato Institute staffer mentioned. There are better authorities than the speechwriter of Barry Goldwater. If people are interested in Philosophy then I suggest they read "A History of Western Philosophy" by Bertrand Russel. From asgaard at sos.sll.se Fri Jun 7 21:09:39 1996 From: asgaard at sos.sll.se (Asgaard) Date: Sat, 8 Jun 1996 12:09:39 +0800 Subject: Electronic Signatures In-Reply-To: <19960607141610.13186.qmail@ns.crynwr.com> Message-ID: On 7 Jun 1996 nelson at crynwr.com wrote: > No, I was responding to the person who was distrustful of the law's > requirement for certified signatures. DON'T WAIT FOR THE GUVMINT TO > CREATE A CERTIFYING AGENCY -- start your own and get some momentum. > Makes it much harder for them to claim that PGP won't work because Good advice. And if we are all waiting for our respective Post Offices to come aboard we'll have to wait for a long time. I don't remember how many years ago our Post Office was announcing 'real soon now' for the first time, because so much time has elapsed since then. I guess such institutions (bye economic capabilities) are mainly hiring cheap incompetents who will never catch up with the latest developments. Asgaard From caal at hopf.dnai.com Fri Jun 7 21:29:39 1996 From: caal at hopf.dnai.com (caal at hopf.dnai.com) Date: Sat, 8 Jun 1996 12:29:39 +0800 Subject: Internet solution for law enforcement Message-ID: <199606071900.MAA12968@hopf.dnai.com> Has anyone seen this yet? Looks like it's two weeks old. Internet Police! >[BizWire] 5/20/96 > > (SUN/PSI-INTL)(SUNW) PSI International, Sun partner, unveils Java- > based Internet solution for law enforcement agencies; "Internet in > Blue" Police Internet/Intranet Application Suite Available in July > 1996 > > Business Editors/Computer Writers > > Highlights: > -- Internet in Blue, one of the first Java-based solutions aimed > at fighting crime, is being introduced by PSI International, a > strategic partner of Sun Microsystems Federal, and includes other > Sun products. > > -- Internet in Blue combines the power of Java and Netra servers > to enable law enforcement agencies and police departments to quickly > leverage the capabilities of the Internet and intranets. > > -- This solution is the latest evidence of Sun taking advantage > of the significant market opportunity for crime prevention > technology. Last year, Sun Federal announced a dedicated Criminal > Justice Operation, which is working with police departments and law > enforcement agencies around the world to help them use technology in > fighting crime. > > MOUNTAIN VIEW, Calif.--(BUSINESS WIRE)-- May 20, 1996--One of > the first Sun(TM) Java(TM)-based solutions aimed at fighting crime > was introduced today by PSI International, a strategic partner of > Sun Microsystems Federal, a subsidiary of Sun Microsystems, Inc. > > Called Internet in Blue(TM), the solution combines the power of > Sun's Java technology, its Netra(TM) Internet servers, its Java > WorkShop(TM) development tools, and PSI's relational database > software. This solution fully leverages the capabilities of the > Internet for the benefit of law enforcement agencies because of the > inclusion of Java, the revolutionary Internet platform from Sun that > makes possible fast, easy, operating-system-independent use of the > Internet. > > To be offered by PSI, Internet in Blue will enable police > departments and other law enforcement agencies to leverage the > latest Internet technology to fight crime and promote citizen > involvement and community-based policing. From a citizen's > perspective, having a local police force with an Internet presence > gives people the opportunity to report problems online and play a > more active role in fighting crime in their neighborhoods. > > Besides utilizing the Internet, the PSI solution also allows > local police to build an "intranet," which is a greatly enhanced > internal information network to handle departmental processes as > well as to speedily access any internal database of interest. > Examples of these databases include local crime data such as > patterns of crimes, gang affiliations, data on previous suspects and > arrests. Currently, many police departments must locate such data > via a paper trail, which is very inefficient. > > "Law enforcement agencies are quickly realizing the power of the > Internet and intranets as strategic tools in fighting crime," said > John Marselle, president of Sun Microsystems Federal. "The Internet > in Blue solution from PSI -- based on Sun technology -- takes > advantage of Java's security features, platform independence and > database access capabilities. It should make it much easier for > police departments and other criminal justice organizations to get > online and to leverage the capabilities of the network." > > With Java WorkShop, a visual development environment for Java > that can be included as part of the Internet in Blue solution, > police departments can design, test, deploy and maintain Internet > and intranet applications based on Java with speed and simplicity. > Java WorkShop runs on the Sun Solaris(TM) environment and Windows > 95/NT. Using Java, the PSIBase relational database management > system can access Web browsers across any hardware platform. > > "The Internet is the next frontier in the development of law > enforcement information systems," said Paul Wormeli, program > director for law enforcement at PSI. "Our Internet in Blue solution > will enable law enforcement agencies to quickly exploit the latest > technologies like Java." > > Internet in Blue includes the following: > > A starter kit with a Sun Netra Internet server and PSI software > and services needed to set up a site on the World Wide Web, as well > as technical assistance from PSI for developing content and training > for a Webmaster. > > A full set of applications to create a police intranet providing > secure internal access to selected crime information, standard > operating police procedures and other infrastructure services. > > An interactive, community-based communications medium to > facilitate crime reporting over the Internet and community-based > policing. > > Suggestions for services that law enforcement agencies can > develop in order to offset the cost of the Internet project, such as > providing online crime reports and accident report information to > authorized outside organizations including legal firms and insurance > companies. -0- > > The Internet in Blue product will be available in July, 1996. > Pricing will vary depending on customer needs. > > PSI International, Inc. has provided systems integration and > services for over 14 years to federal, state and local governments. > The company specializes in law enforcement and public safety > solutions, consulting services, and integration of software and > hardware. With a staff of over 250 professionals in the information > system and services industry, PSI has a team of people that have > both technical and industry knowledge of public safety and justice > applications, including computer aided dispatch, records and > investigative management, imaging, telecommunications, and mobile > computing. > > Sun Microsystems Federal, Inc., headquartered in Vienna, > Virginia, is a subsidiary of Sun Microsystems, Inc. Sun Federal's > charter is to develop, deliver and sustain markets for Sun products > in governments worldwide. > > With annual revenues of $6 billion, Sun Microsystems, Inc., > provides solutions that enable customers to build and maintain open > network computing environments. Widely recognized as a proponent of > open standards, the company is involved in the design, manufacture > and sale of products, technologies and services for commercial and > technical computing. Sun's SPARC(TM) workstations, multiprocessing > servers, SPARC microprocessors, Solaris(Tm) operating software and > ISO-certified service organization each rank No. 1 in the UNIX(TM) > industry. Founded in 1982, Sun is headquartered in Mountain View, > Calif., and employs more than 16,000 people worldwide. -0- > > Note to Editors: Sun, the Sun logo, Sun Microsystems, Java, Java > Workshop, Netra and Solaris are trademarks or registered trademarks > of Sun Microsystems, Inc. in the United States and in other > countries. All SPARC trademarks are used under license and are > trademarks or registered trademarks of SPARC International, Inc. in > the United States and other countries. Products bearing SPARC > trademarks are based upon an architecture developed by Sun > Microsystems, Inc. UNIX is a registered trademark in the United > States and other countries exclusively licensed through X/Open > Company, Ltd. > > Internet in Blue is a trademark of PSI, International and is > properly written in boldface italics, all lower case. > > Press announcements and other information about Sun Microsystems > are available on the Internet via the World Wide Web using a tool > such as Netscape or NCSA Mosaic. Type http://www.sun.com at the URL > prompt. > > --30--css/sf* > > CONTACT: Burson-Marsteller (for Sun) > Jane Rauckhorst, 212/614-4880 > or > PSI International > Martha Hill, 703/352-8700 > > KEYWORD: CALIFORNIA > INDUSTRY KEYWORD: COMPUTERS/ELECTRONICS COMED > INTERACTIVE/MULTIMEDIA/INTERNET PRODUCT GOVERNMENT > > REPEATS: New York 212-752-9600 or 800-221-2462; Boston 617-236-4266 > or 800-225-2030; SF 415-986-4422 or 800-227-0845; LA 310-820-9473 BW > URL: http://www.businesswire.com > From ponder at wane-leon-mail.scri.fsu.edu Fri Jun 7 21:40:38 1996 From: ponder at wane-leon-mail.scri.fsu.edu (P.J. Ponder) Date: Sat, 8 Jun 1996 12:40:38 +0800 Subject: Wasting time and bandwidth on Bell Message-ID: On Fri, 7 Jun 1996 08:29:56 -0400 (EDT), Declan McCullagh wrote: >Excerpts from internet.cypherpunks: 6-Jun-96 Re: FOR WHOM THE BELL TOLLS >by jim bell at pacifier.com >> Not quite yet, anyway. I'm very disappointed to have waited over a >>year for >> some slick lawyer to show me how I'd be violating some law or another >>to do so ... >A few observations: >1. Not many readers of cypherpunks are lawyers I've noticed quite a few, actually. I don't know how many are regular readers but there seems to be enough to maintain a steady undercurrent of legal thinking on the issues associated with digital commerce, some anonymity and First Amendment issues, a sprinkling of criminal law topics, and of course, banking, intellectual property, SEC, antitrust, general contract, and related commercial law. >2. Of the laywers who do read cypherpunks, many may not choose to spend >their time researching what laws AP may violate. Or they're not "slick" >lawyers; take your pick. Or they automatically delete any posts that come from or relate to the puerile bullshit Bell is infamous for, and choose not to get dragged into this type of time- and bandwidth- wasting garbage. Of which this post is just another, of course, but i get so damn sick and tired of the constant imposition of 'AP' and related nonsense on this list. Of late, the trolls seems to be particularly effective among people who should know better, and an aura of credence or relevance has developed around some of this crap. Can't we just ignore it, and move on? Maybe if we ignore him he'll go away. >3. Congress would have no problems passing a law outlawing AP, if one >does not exist already. > >-Declan I would be satisfied if they just outlawed e-mail about it. From perry at piermont.com Fri Jun 7 21:53:34 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sat, 8 Jun 1996 12:53:34 +0800 Subject: Anonymous stock trades. In-Reply-To: <9606071739.AA04525@Etna.ai.mit.edu> Message-ID: <199606071832.OAA18353@jekyll.piermont.com> hallam at Etna.ai.mit.edu writes: > No, you miss the point. Friedman has become a slave to his theory, he is > attempting to push his idea even to solve a situation it clearly > cannot. I don't believe you when you claim that Friedman said what you claim at all. I suspect it is, as most of your other comments have been, either a complete misunderstanding of some actual comments or something pulled essentially out of the air. The claim you have made is so at odds with the Milton Friedman who's writings I have been reading for years (and indeed so out of character for any member of his economic school) that I find it nearly impossible to believe that the article exists as stated. No modern economist would claim that the market solution to preventing a species from going extinct is for people not to buy it. Its one of the msot idiotic statements I've heard in years. As a nobel prize winning economist, Friedman understands things like commons issues and the public goods problem and I cannot believe he would ever make such an inane statment, no matter what you claim. Given your poor record with facts here recently (nearly every assertion you have made about the Hillary Clinton case, from claiming she was trading options when she traded futures to obviously having no knowledge of the size of her trades), I will want to see a reprint of the article you claim exists before I will accept that there is any validity to your claims whatsoever. Perry From asgaard at sos.sll.se Fri Jun 7 22:01:10 1996 From: asgaard at sos.sll.se (Asgaard) Date: Sat, 8 Jun 1996 13:01:10 +0800 Subject: Anonymous stock trades. In-Reply-To: <199606071452.KAA18055@jekyll.piermont.com> Message-ID: On Fri, 7 Jun 1996, Perry E. Metzger wrote: > Of course, what Dr. Phill Hallam-Baker, PhD, suggests is idiotic. As > any free market economist would tell you, the way to stop a resource > from being destroyed is not to pray that people won't buy it but to > assure that someone has an ownership stake in the resource, thus > assuring that their investment would be destroyed if the resource > vanished. Who is going to assure that someone has an ownership stake in the Humpback Whales? The World Government? Is that entity supposed to give the whales to some private whale-watcher's tourism enterprise? I don't get it. Who cares about a bunch of Norwegian (or Japaneese) fishermen? Asgaard From perry at piermont.com Fri Jun 7 22:20:41 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sat, 8 Jun 1996 13:20:41 +0800 Subject: Anonymous stock trades. In-Reply-To: <9606072143.AA04720@Etna.ai.mit.edu> Message-ID: <199606072223.SAA18645@jekyll.piermont.com> hallam at Etna.ai.mit.edu writes: > > Karl Hess senior also was > >never a Cato instutute staffer -- to my knowledge, his son is not on > >the staff of the Cato institute either. > > Wrong, try visitng the Cato Institute's site: > > http://www.cato.org/people.html He's a Cato fellow. I don't think that implies anything more than he he gets some money from them. Or are you on the staff of the U.S. government? .pm From perry at piermont.com Fri Jun 7 22:26:51 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sat, 8 Jun 1996 13:26:51 +0800 Subject: Anonymous stock trades. In-Reply-To: <9606072307.AA04756@Etna.ai.mit.edu> Message-ID: <199606072309.TAA18743@jekyll.piermont.com> hallam at Etna.ai.mit.edu writes: > >He's a Cato fellow. I don't think that implies anything more than > >he he gets some money from them. > > Nope, he is listed in "senior staff". He's listed in the staff section, but he's clearly labeled as a fellow. P.J. O'Rourke is also listed in the same column as a fellow. I suppose he's working at Cato full time and only moonlights at Rolling Stone. The fact that neither of them lives within striking distance of Cato headquarters (O'Rourke lives in New Hampshire) makes your claim ever more interesting. > I'm working on digital signature systems under a DARPA contract. We shall therefore have to declare you to be a U.S. Government employee. .pm From blancw at MICROSOFT.com Fri Jun 7 22:27:35 1996 From: blancw at MICROSOFT.com (Blanc Weber) Date: Sat, 8 Jun 1996 13:27:35 +0800 Subject: Anonymous stock trades. Message-ID: >From: hallam at Etna.ai.mit.edu >The farmers want to get a freebie handout while pretending that they >are not on >welfare. This leads to a mechanism which is attempting socialist >policies ... [etc.] ............................................................. Okay, but what does this have to do with anonymous stock trades? > .. >Blanc From rah at shipwright.com Fri Jun 7 22:31:52 1996 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 8 Jun 1996 13:31:52 +0800 Subject: Anonymous stock trades. In-Reply-To: <199606071820.OAA18322@jekyll.piermont.com> Message-ID: At 2:52 PM -0400 6/7/96, hallam at Etna.ai.mit.edu wrote: > If people are interested in Philosophy then I suggest they read "A >History of > Western Philosophy" by Bertrand Russel. About the only useful thing he's said here in weeks... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "If they could 'just pass a few more laws', we would all be criminals." --Vinnie Moscaritolo The e$ Home Page: http://www.vmeng.com/rah/ From trei at process.com Fri Jun 7 22:35:27 1996 From: trei at process.com (Peter Trei) Date: Sat, 8 Jun 1996 13:35:27 +0800 Subject: [NOISE] Banking's Physical Security Message-ID: <199606071803.LAA05945@toad.com> From: Sean T Carnes > We all know that banks are very highly protected as far as their money = > goes but how safe are there computers? I live very close to a computer = > database collecting company that collects the data related to many banks = > in the area. It is all done through land lines and is not very well = > protected. They aren't very careful about who or what they let into the = > building also. If someone were to cut the lines the banks in the area = > would be out for days and they wouldn't have a means to do interbank = > transactions outside of the immediate area. Has anyone else seen this = > in there area or heard of it. Wouldn't it be a better idea to do the = > transactions by satellite. There's a big difference between a real bank and a data collection outfit. I used to work at a major money center bank in the Wall Street area. To get to the data center I had to: 1. Walk into the building, past an armed security guard. 2. Within sight of him, use my badge stripe to get through a turnstile - most employees had badges which were limited in the times they would work. 3. Take an elevator to the (unadvertised) correct floor. 4. Use my badge in a reader to get out of the elevator lobby - most badges were restricted in the floors they would open. 5. Use my badge to get through an unmarked door, into the 'airlock'. In the airlock, I'd hold my photo ID up to a reader, so the guard downstairs could. a. Compare my face against that on the photo ID. b. Check that I was authorized to enter the data center. c. Check that there was no one else in the airlock with me. If he was satisfied, he'd open the inside door remotely. 6. The data center was manned by at least two operators (usually more), 24 hours a day, seven days a week. Only they were permitted to touch terminals connected to operational systems. (There were other security features I won't go into.) Sure, our fiber optic lines to CHIPS and the Fed occasionally went out - that's what backup dialout phone lines are for. If we had phone problems, the lines were fixed in a couple hours, not days. At a pinch, I imagine you could use now a cellphone and modem to keep things moving. Peter Trei From ravage at ssz.com Fri Jun 7 22:39:19 1996 From: ravage at ssz.com (Jim Choate) Date: Sat, 8 Jun 1996 13:39:19 +0800 Subject: Remailer thoughts Message-ID: <199606080031.TAA04969@einstein.ssz.com> Hi Adam, Forwarded message: > From: Adam Shostack > Subject: Re: Remailer chain length? > Date: Tue, 4 Jun 1996 22:57:10 -0500 (EST) > > Jim Choate wrote: > > | > I don't think multiple remailers at the same site help anything. > | > > | > | I agree completely. If traffic analysis is going to be done on a single box > | it isn't going to matter how many remailers are there. The monitor will > | simply grab them all. At this point it simply maps them thusly: > > | incoming message > remailer #1 > .... > remailer #n > outgoing > | > | > | That this really maps to is obvious: > | > | > | incoming message > remailer #1-#n > outgoing > > Analyzing the traffic through three remailers is more > difficult than analyzing the traffic through one. One remailer with > three N messages per day is more secure than an equivilant remailer > with N mesasges. Not if they are on the same box, simply treat the box itself as the remailer. The internal mechanics are for the most part irrelevant to this issue. N messages go in, N messages with (number of remailers)(# of cover traffic/real message) messages of cover. My contention is that it does not matter how many remailers are on a single box. It is the number of connections in and out of the box available. The above equation is clearly linear and therefore not what I would consider computationaly challenging. If I may introduce some terminology (unless their is an existing stnd.), x number of messages y message multiplier N#() remailer number # R#() number of remailers on machine # C() number of cover messages/original messages E# number of connections on machine # T() total traffic through remailer system $i() cost per message, incoming $o() cost per message, outgoing C fixed cost items of operation (eg rent) Note: each of these represent a family of functions. My contention: T(R#(n)) is equivalent to T(R#(N1(x), N2(x)..., Nn(x))) Where, T() = R#(n)(2N#(x) + C(yN#(x))) The term 2N#(x) represents the number of valid messages the remailer handles. x incoming & x outgoing, hence 2x. The total income of such a remailer: $(T(x))=$i(x)-$o(T(x)-x)-C It is important to recognize the profit dependancy on the input/output message ratio. If it gets too high, you got nothing to spend on yourself. Your contention (if I may translate): N1(3x) is more secure than N1(x), assuming identical remailer configuration. Do you consider N#(ax) equivalent to aN#(x)? May I inquire into your reasoning? > [much good thought deleted.] > > | 5. Automaticaly limits spamming unless a remailer allows cloning > | AND all recipients share a commen private key. > > Or unless the remailer mails to a mail to news gateway. This is a limitation of the mail-news gateway and not of the remailer technology. What it points to is a serious shortcoming in mail-news gateway software. The technology required for truely efficient newsgroup handling is something sorely in need of work. > | 6. It maps 1:1 onto the physical remailer model with the same limits > | on information at each stage. This allows one to directly apply > | the current history of precedence involving anonymity and > | physical remailers. > > With physical remailers, you can open the inner envelopes and > read the message, leaving the end user to wonder where the post office > lost the message. With 'real' remailers, the lost message can't be > read, only not delivered. If the encryption technology is secure. The point I am making here is that the encryption envelope is 'secure' only so long as nobody is trying to crack it. Sooner or later somebody is going to decrypt your message, if not the entire encryption system. This is synonymous with the physical model. The paper envelope is secure as long as somebody isn't breaking the law by tampering with the mail. > | This is the basic model that the Austin Cypherpunks are working on at the > | currrent time. The big problem we have right now is determining if the body > | is actualy encrypted. We have done some basic tests of encryption-spoofing > | using pgp and it is looks to be a thorny problem. It simply is not trivial > | to look at a block of characters and determine if they are actualy > | encrypted. You can't rely on the wrapper around the data put there by the > > I'm not sure I see why this matters? If you check that the > message is not obviously readable, why not assume that its well > encrypted? You're rarely required to contort yourself to ensure your > customers are obeying the law (weaponsmiths, cryptographers, and banks > excepted.) Ok. Let's for a moment assume that to send a message to 'president at whitehouse.gov' with 'Die Bill!' is a crime. Would it not be a crime to foil a packet of encryption by inserting 'Die Bill!' messages in clear text in the encryption block? To date, provided no attempt at actual decryption is attempted, there is nothing in the standards that prevent this other than digital signatures. And again, a specific program has to be executed. A person might very well look at it as plaintext w/o ever running digital signatures (or they just assume its always right). Would this also be a crime? Jim Choate "Reality is observer dependant" \ \ \\///// | | (.) (.) ===========================oOO==(_)==OOo========================== Tivoli an IBM company CyberTects: SSZ Customer Support Engineer SOHO Consulting/VR/Robotics 9442 Capitol of Texas Highway North 1647 Rutland Suite 500 #244 Austin, TX 78759 Austin, TX 78758 Email: jchoate at tivoli.com Email: ravage at ssz.com Phone: (512) 436-8893 Phone: (512) 259-2994 Fax: (512) 345-2784 Fax: n/a WWW: www.tivoli.com WWW: www.ssz.com Modem: n/a Modem: (512) 836-7374 Pager: n/a Pager: n/a Cellular: n/a Cellular: n/a =================================================================== From rah at shipwright.com Fri Jun 7 22:41:25 1996 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 8 Jun 1996 13:41:25 +0800 Subject: E-Data Systems ~ patent #4,528,643 Message-ID: I think this has made the rounds here, already. If it hasn't, any comments? Cheers, Bob Hettinga --- begin forwarded text Date: Fri, 7 Jun 1996 15:53:52 GMT X-Sender: jnferree at postoffice.worldnet.att.net Mime-Version: 1.0 To: Robert Hettinga From: "J. Neil Ferree" Subject: E-Data Systems ~ patent #4,528,643 Has anyone else received the *Amnesty* documentation from E-data Systems of Secaucus, NJ regarding their patent on: ... system for reproducing information in material objects at a point of sale location ... "The patent generally describes the system and methodology whereby products composed of digital data are purchased and embedded electronically at a point of sale location from a host computer. The products are typically delivered in usable form only after payment is made. The purchaser requests delivery after the money requirements are satisfied and authorized for the delivery is granted. In today's vernacular, the patent covers on-demand electronic distribution". [taken from the accompanying brochure] Their licensing agreement (with fee schedules) addresses; 1) Content providers; Owners and sellers of products which are sold and delivered electronically by the provider or through a distribution network owned by another within the scope of at least one of the E-data Systems patent claims. 2) Resellers; Distributors who provide a distribution network for content providers to sell products within the scope of at least one of the E-data Systems patent claims. 3) Service providers for Electronic Distribution Applications; Providers of various services, (ie) encryption, locking, unlocking metering, etc. who provide applications for content providers and/or resellers within the scope of at least on of the E-data Systems patent claims. Contact information for E-data Systems regarding how to obtain a license .... Tele 800-406-1668 Web www.3wnet.com/corp/edata e-mail gift at planet.net --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "If they could 'just pass a few more laws', we would all be criminals." --Vinnie Moscaritolo The e$ Home Page: http://www.vmeng.com/rah/ From hallam at Etna.ai.mit.edu Fri Jun 7 22:49:43 1996 From: hallam at Etna.ai.mit.edu (hallam at Etna.ai.mit.edu) Date: Sat, 8 Jun 1996 13:49:43 +0800 Subject: Anonymous stock trades. In-Reply-To: Message-ID: <9606071739.AA04525@Etna.ai.mit.edu> >According to your logic above, it seems that all species are *much* more >important than man. But, with most "liberal" logic, there's a paradox here. >Let's explore it bit, shall we, by looking at the other side of the balance >sheet you just created? No, you miss the point. Friedman has become a slave to his theory, he is attempting to push his idea even to solve a situation it clearly cannot. There are good reasons to conserve whale stocks irrespective of your eccological position. Without sufficient stocks the whaling industry will go the way of the carrier pidgeon canning industry. >Tell me, Phill, what's *your* pricetag on a single *human* life? The entire >gross global product is not enough? It's this kind of, well, muzzy-headed >innumerate (yes, *Dr.* Hallam-Baker, *innumerate*) silliness that has our >intellectuals believing the hoax, put convincingly enough to get published >in "respected" academic places like "Social Text", that reality (physics, >in this case) is optional. Bob, you are way off base here. You are putting up a straw man. I have not endorsed the views of Social text, I've not even mentioned them. As I stated I am much more inclined to the logical positivist view than to the continental school of philosophy of which social text is an exemplar. My views on Derrida and his school are pretty negative, he has perhaps three good ideas and has been eeking them out with showmanship. I don't think that the deconstructionists are able to enter into a rational debate because they continually consider themselves obliged to challenge the terms of the debate. I'm fairly familiar with the debate that Social Text engages in and I consider it to be pretty bogus. They are arguing that language is insufficient for the purposes of their discussion so they create a new vocabulary without preconceptions. This project is doomed to failure since there is no means of defining the new language except in terms of the one in common usage they have rejected. So one might as well use plain language for arguement. This is why the Web is heavilly influenced by Hermenuetics, the point Sokal was making was actually one which is central to the work of Hiedegger and Gadamer. The establishment of a shared vocabulary is necessary for communication, communication defines being. It is entierely illogical for someone claiming to be establishing a theory of communication to do so by attempting to establish a private ontology. The Social Text people are refuted by their own work. >Can you say "Sophistry", boys and girls? I knew you could. No offense to >the, er, numerate computer science people out there, but it seems that >*Dr.* Hallam-Baker is living proof that you can get an entire *doctorate* >in the field, and not learn to count. Bob, you would be able to make your point better if you had an understanding of the principles you are discussing. I have some understanding of philosophical method and how to apply it. Your point on sophistry is a straw man. Solopcism is a paradox, it is an argument which demonstrates the inadequacy of our system of thought. Descartes and Hume argued the point at great length, whether mind or sensation is primary. I fail to see how you make the bridge from comments on Friedman to Social Text. I was merely pointing out that I consider Friedman to be overly ideological and that the certainty he claims for his results are not backed by empirical proof. He has described a theory which is impossible to prove or disprove because it is impossible to perform controlled experiments. Would the US ecconomy be stronger if Carter had won in 1980 instead of Reagan? Its impossible to say. If the libertarian fringe does not wish to remain so I suggest you try the following:- 1) Never ever start a post by directly stating that someone is an ignoramous. 2) Accept the fact that some people do not accept the axioms you are arguing from. 3) Differentiate between advancing your arguement and advancing your ego. The first is the most important. If you have no respect for the people you are arguing against you will utterly fail to convince them of anything. From frantz at netcom.com Fri Jun 7 22:51:31 1996 From: frantz at netcom.com (Bill Frantz) Date: Sat, 8 Jun 1996 13:51:31 +0800 Subject: Anonymous stock trades. Message-ID: <199606071858.LAA28924@netcom7.netcom.com> At 10:52 AM 6/7/96 -0400, Perry E. Metzger wrote: >... As >any free market economist would tell you, the way to stop a resource >from being destroyed is not to pray that people won't buy it but to >assure that someone has an ownership stake in the resource, thus >assuring that their investment would be destroyed if the resource >vanished. Thats why, for instance, timber companies happily clear cut >government land that they have leased (after all, not clear cutting >would mean that they wouldn't extract maximum value for their lease >under the idiotic terms that the leases are made under) but will >almost never clear cut their own lands, because that would reduce >their long term value. I find this analysis a bit superficial because it does not consider the difference between short-term and long-term value. To use Perry's example of the timber industry. Before the late 1980s, the lands owned by Pacific Lumber were managed for long-term production. When the company was taken over as part of the "maximize present value" movement in the late 1980s, the management goals changed to increase timber production without regard to long-term production. (I seem to remember that the takeover was one of Michael Milken's deals.) My conclusion from this example is that if your interest is in the long-term preservation of ecosystems, you need institutions that are structured so they take a long-term view, and can not be subverted by short-term trends in markets. As far as I can tell, the US National Park Service, for all its faults, does as good a job of preserving ecosystems as any other institution, and better than most. (If you disagree, please provide examples of institutions that do as well.) ------------------------------------------------------------------------ Bill Frantz | The CDA means | Periwinkle -- Computer Consulting (408)356-8506 | lost jobs and | 16345 Englewood Ave. frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA From declan at well.com Fri Jun 7 23:21:14 1996 From: declan at well.com (Declan McCullagh) Date: Sat, 8 Jun 1996 14:21:14 +0800 Subject: NSA/CIA to snoop INSIDE the U.S.??? Message-ID: This is a fucking big story. Allowing the CIA and NSA to snoop domestically, and using only a handful of suspicions and anecdotes about cybernastiness and evil cryptohackers to justify this major policy shift -- well, it's fucking amazing. Nunn's proposal, unfortunately, was more than a "suggestion." But Rory's right. DC *is* in the throes of Internet fever, and it'll just get worse as the summer gets hotter and hotter. It's almost 80 degress right now. -Declan >What?! What the *@#!! is wrong with the people who supposedly smart >people representing us?! > >Ern > >-------- From SJ Mercury: > > NET FEVER ON THE HILL > > Published: June 6, 1996 > > BY RORY J. O'CONNOR > Mercury News Washington Bureau > > WASHINGTON -- The White House wants a coordinated task force to fight > terrorism on the Internet. Some senators think the CIA should be > allowed to work hand in hand with the FBI to fight computer crime on > U.S. soil. Meanwhile, the federal courts are deciding a major First > Amendment case that might ban certain information from the Net. > > The nation's capital is in the throes of Internet fever. > > For the past several months, the condition has become acute, and by > the end of the year the Internet itself may look far different as a > result: more tightly regulated, more carefully monitored and more > expensive. > > The latest symptom: a suggestion Wednesday for the elimination of laws > that prohibit U.S. intelligence agencies -- notably the National >>>> Security Agency and the Central Intelligence Agency -- from snooping <<< >>>> on home soil. The reason: The potential for computer crime and <<< > terrorism is so great, and the Internet so decentralized and > international, that police and the FBI must combine forces with spy > agencies in order to successfully analyze the threat and investigate > criminal activity. > > ''If we're going to live in this kind of world, we're going to have to > link the intelligence world with law enforcement,'' said Sen. Sam > Nunn, D-Ga. > > For many people in government who work on computer and law-enforcement > issues, the course of the disease seems painfully slow. They often > describe the Internet as the Wild West that's sorely in need of a good > marshal. But for many people who use the Internet, the government's > efforts are moving far ahead of any real knowledge of a technology > that, two years ago, almost nobody had heard of. > > ''There are not dead bodies in the street,'' said Donna L. Hoffman, a > professor at Vanderbilt University who studies the Internet. ''It just > doesn't make sense to rush into legislation.'' > > [ SNIP ] From declan+ at CMU.EDU Fri Jun 7 23:23:28 1996 From: declan+ at CMU.EDU (Declan B. McCullagh) Date: Sat, 8 Jun 1996 14:23:28 +0800 Subject: OECD http://www.oecd.org/news_and_events/release/nw96-46a.htm In-Reply-To: <199606071824.LAA06312@toad.com> Message-ID: Excerpts from internet.cypherpunks: 7-Jun-96 Re: OECD http://www.oecd... by Bill Stewart at ix.netcom.c > >>The private sector is closely involved in drafting the Guidelines, > >>with business representatives from the Business and Industry Advisory > >>Committee (BIAC) participating at the meeting. > >>The OECD meeting, which took place on 8 May, was hosted by the US > >>Department of State in Washington DC. > > Was the meeting announced to at least the public in advance? > The schedule on the web page mentioned the 8 May meeting, > at least after the fact, but does not list any of the following > meetings, and there's no identification of your BIAC committee's > members or even the member governments participating. I believe the OECD meetings are closed to the public and journalists. I was thinking of going to one, but was told that I couldn't. (Even though I'm fully accredited with U.S. Congress-issued press identification.) Isn't there an OECD meeting soon in Paris? Marc Rotenberg from EPIC has been following this closely and would be a good person to ask. -Declan (somewhat tipsy, always a bad idea when posting to cypherpunks) From jon at aggroup.com Fri Jun 7 23:24:37 1996 From: jon at aggroup.com (Yanni) Date: Sat, 8 Jun 1996 14:24:37 +0800 Subject: E-Data Systems ~ patent #4,528,643 Message-ID: <9606071941.AA57813@jon> > I think this has made the rounds here, already. > > If it hasn't, any comments? > > Cheers, > Bob Hettinga yea, we got a couple of them from those guys... whatever... how can you claim a patent on that stuff? geeezzz... -jon Jon (no h) S. Stevens yanni at clearink.com ClearInk WebMagus http://www.clearink.com/ finger pgp at sparc.clearink.com for pgp pub key What I just wrote is beta. Please report all bugs directly to me. From ezundel at alpha.c2.org Fri Jun 7 23:26:02 1996 From: ezundel at alpha.c2.org (E. Zundel Repost) Date: Sat, 8 Jun 1996 14:26:02 +0800 Subject: I swear I am not making this up. (rec.music.white-power) Message-ID: <199606080130.SAA18545@infinity.c2.org> From: bb748 at FreeNet.Carleton.CA (Milton Kleim) Newsgroups: news.groups,alt.skinheads,alt.politics.nationalism.white, alt.politics.white-power Subject: Statement Regarding rec.music.white-power Date: 6 Jun 1996 23:10:41 GMT Organization: The National Capital FreeNet Lines: 48 Sender: bb748 at freenet3.carleton.ca (Milton Kleim) Message-ID: <4p7ohh$mq2 at freenet-news.carleton.ca> NNTP-Posting-Host: freenet3.carleton.ca Now that the results for our newsgroup proposal have been issued, we wish to make a statement concerning our objectives. Three objectives were sought in the rec.music.white-power project: #1: Generate mainstream media publicity for the Aryan Resistance Movement and disseminate the Holy Cause of the 14 Words -- "We must secure the existence of our People and a future for White children." #2: Encourage revelation of Enemy activists' identities to facilitate counter-espionage and prevent many instances of "anti-racist" activism against the 14 Words. #3: Create a newsgroup for discussion and promotion of Aryan music. On objective one, we succeeded beyond all expectations. No informed North American is not now unaware of our existence on the Internet. National Public Radio, _USA Today_, the _St. Paul Pioneer Press_, and Minnesota Public Radio, to name a few media organs, gave us priceless free publicity for our ideas and our Holy Cause. On objective two, we also succeeded well. We now have a comprehensive list of Enemy agents who are active on the Net. Aryan Corps Counter- intelligence is now undertaking a classification and cataloguing project which will make our counter-espionage efforts much more effective. On objective three, we obviously failed, but this was expected. Nonethe- less, benefit has been gained from this defeat. The Aryan Corps succeeded in organizing hundreds of Aryan Resistance Movement activists toward a constructive goal, increasing the "esprit de corps" of our ranks. We would like to thank all individuals who, for whatever reason, voted in the affirmative for our group. A special thanks is extended to Mr. Michael Handler, our vote-taker, for his herculean efforts to process the massive results for our proposal. We wish him well. -- Milton John Kleim, Jr., Proponent, rec.music.white-power; Chief Organi- zer, Aryan Corps -- White Wolf (RH), Deputy Organizer, Aryan Corps And on behalf of the entire Aryan Corps Network. From perry at alpha.jpunix.com Fri Jun 7 23:36:52 1996 From: perry at alpha.jpunix.com (John Perry) Date: Sat, 8 Jun 1996 14:36:52 +0800 Subject: New type2.list/pubring.mix Message-ID: <199606072340.SAA01105@alpha.jpunix.com> A non-text attachment was scrubbed... Name: not available Type: application/pgp Size: 14 bytes Desc: not available URL: From asgaard at sos.sll.se Fri Jun 7 23:38:16 1996 From: asgaard at sos.sll.se (Asgaard) Date: Sat, 8 Jun 1996 14:38:16 +0800 Subject: It tolls for thee In-Reply-To: Message-ID: On Fri, 7 Jun 1996, Timothy C. May wrote: > Importantly, I'm including my own words, explicitly. Sorry to burst _our_ > bubbles, but I just don't think the lawmakers and burrowcrats are being > driven by loose talk by us. Perhaps not the lawmakers, but... There was this moment last summer, on a Friday, when loose talk on the cp-list (and, explicitly, some comments from TC May) made me 99% sure that selling Netscape stock (short) would be a great idea. Still next Monday it sold for something like $145. Next Wednesday it fell to around $120. I know for sure that if I had been in a position then to conveniently (and immediately) act on the NY Stock Exchange (which I was not) I would have risked something like $5,000 on such a deal - I'm not rich but so strong was the cypherpunkish momentum towards this development. Asgaard From caal at hopf.dnai.com Fri Jun 7 23:50:24 1996 From: caal at hopf.dnai.com (caal at hopf.dnai.com) Date: Sat, 8 Jun 1996 14:50:24 +0800 Subject: Internet Police Message-ID: <199606072143.OAA25552@hopf.dnai.com> Has anyone seen this yet? Looks like it's two weeks old. Internet Police! >[BizWire] 5/20/96 > > (SUN/PSI-INTL)(SUNW) PSI International, Sun partner, unveils Java- > based Internet solution for law enforcement agencies; "Internet in > Blue" Police Internet/Intranet Application Suite Available in July > 1996 > > Business Editors/Computer Writers > > Highlights: > -- Internet in Blue, one of the first Java-based solutions aimed > at fighting crime, is being introduced by PSI International, a > strategic partner of Sun Microsystems Federal, and includes other > Sun products. > > -- Internet in Blue combines the power of Java and Netra servers > to enable law enforcement agencies and police departments to quickly > leverage the capabilities of the Internet and intranets. > > -- This solution is the latest evidence of Sun taking advantage > of the significant market opportunity for crime prevention > technology. Last year, Sun Federal announced a dedicated Criminal > Justice Operation, which is working with police departments and law > enforcement agencies around the world to help them use technology in > fighting crime. > > MOUNTAIN VIEW, Calif.--(BUSINESS WIRE)-- May 20, 1996--One of > the first Sun(TM) Java(TM)-based solutions aimed at fighting crime > was introduced today by PSI International, a strategic partner of > Sun Microsystems Federal, a subsidiary of Sun Microsystems, Inc. > > Called Internet in Blue(TM), the solution combines the power of > Sun's Java technology, its Netra(TM) Internet servers, its Java > WorkShop(TM) development tools, and PSI's relational database > software. This solution fully leverages the capabilities of the > Internet for the benefit of law enforcement agencies because of the > inclusion of Java, the revolutionary Internet platform from Sun that > makes possible fast, easy, operating-system-independent use of the > Internet. > > To be offered by PSI, Internet in Blue will enable police > departments and other law enforcement agencies to leverage the > latest Internet technology to fight crime and promote citizen > involvement and community-based policing. From a citizen's > perspective, having a local police force with an Internet presence > gives people the opportunity to report problems online and play a > more active role in fighting crime in their neighborhoods. > > Besides utilizing the Internet, the PSI solution also allows > local police to build an "intranet," which is a greatly enhanced > internal information network to handle departmental processes as > well as to speedily access any internal database of interest. > Examples of these databases include local crime data such as > patterns of crimes, gang affiliations, data on previous suspects and > arrests. Currently, many police departments must locate such data > via a paper trail, which is very inefficient. > > "Law enforcement agencies are quickly realizing the power of the > Internet and intranets as strategic tools in fighting crime," said > John Marselle, president of Sun Microsystems Federal. "The Internet > in Blue solution from PSI -- based on Sun technology -- takes > advantage of Java's security features, platform independence and > database access capabilities. It should make it much easier for > police departments and other criminal justice organizations to get > online and to leverage the capabilities of the network." > > With Java WorkShop, a visual development environment for Java > that can be included as part of the Internet in Blue solution, > police departments can design, test, deploy and maintain Internet > and intranet applications based on Java with speed and simplicity. > Java WorkShop runs on the Sun Solaris(TM) environment and Windows > 95/NT. Using Java, the PSIBase relational database management > system can access Web browsers across any hardware platform. > > "The Internet is the next frontier in the development of law > enforcement information systems," said Paul Wormeli, program > director for law enforcement at PSI. "Our Internet in Blue solution > will enable law enforcement agencies to quickly exploit the latest > technologies like Java." > > Internet in Blue includes the following: > > A starter kit with a Sun Netra Internet server and PSI software > and services needed to set up a site on the World Wide Web, as well > as technical assistance from PSI for developing content and training > for a Webmaster. > > A full set of applications to create a police intranet providing > secure internal access to selected crime information, standard > operating police procedures and other infrastructure services. > > An interactive, community-based communications medium to > facilitate crime reporting over the Internet and community-based > policing. > > Suggestions for services that law enforcement agencies can > develop in order to offset the cost of the Internet project, such as > providing online crime reports and accident report information to > authorized outside organizations including legal firms and insurance > companies. -0- > > The Internet in Blue product will be available in July, 1996. > Pricing will vary depending on customer needs. > > PSI International, Inc. has provided systems integration and > services for over 14 years to federal, state and local governments. > The company specializes in law enforcement and public safety > solutions, consulting services, and integration of software and > hardware. With a staff of over 250 professionals in the information > system and services industry, PSI has a team of people that have > both technical and industry knowledge of public safety and justice > applications, including computer aided dispatch, records and > investigative management, imaging, telecommunications, and mobile > computing. > > Sun Microsystems Federal, Inc., headquartered in Vienna, > Virginia, is a subsidiary of Sun Microsystems, Inc. Sun Federal's > charter is to develop, deliver and sustain markets for Sun products > in governments worldwide. > > With annual revenues of $6 billion, Sun Microsystems, Inc., > provides solutions that enable customers to build and maintain open > network computing environments. Widely recognized as a proponent of > open standards, the company is involved in the design, manufacture > and sale of products, technologies and services for commercial and > technical computing. Sun's SPARC(TM) workstations, multiprocessing > servers, SPARC microprocessors, Solaris(Tm) operating software and > ISO-certified service organization each rank No. 1 in the UNIX(TM) > industry. Founded in 1982, Sun is headquartered in Mountain View, > Calif., and employs more than 16,000 people worldwide. -0- > > Note to Editors: Sun, the Sun logo, Sun Microsystems, Java, Java > Workshop, Netra and Solaris are trademarks or registered trademarks > of Sun Microsystems, Inc. in the United States and in other > countries. All SPARC trademarks are used under license and are > trademarks or registered trademarks of SPARC International, Inc. in > the United States and other countries. Products bearing SPARC > trademarks are based upon an architecture developed by Sun > Microsystems, Inc. UNIX is a registered trademark in the United > States and other countries exclusively licensed through X/Open > Company, Ltd. > > Internet in Blue is a trademark of PSI, International and is > properly written in boldface italics, all lower case. > > Press announcements and other information about Sun Microsystems > are available on the Internet via the World Wide Web using a tool > such as Netscape or NCSA Mosaic. Type http://www.sun.com at the URL > prompt. > > --30--css/sf* > > CONTACT: Burson-Marsteller (for Sun) > Jane Rauckhorst, 212/614-4880 > or > PSI International > Martha Hill, 703/352-8700 > > KEYWORD: CALIFORNIA > INDUSTRY KEYWORD: COMPUTERS/ELECTRONICS COMED > INTERACTIVE/MULTIMEDIA/INTERNET PRODUCT GOVERNMENT > > REPEATS: New York 212-752-9600 or 800-221-2462; Boston 617-236-4266 > or 800-225-2030; SF 415-986-4422 or 800-227-0845; LA 310-820-9473 BW > URL: http://www.businesswire.com > From jya at pipeline.com Fri Jun 7 23:53:33 1996 From: jya at pipeline.com (John Young) Date: Sat, 8 Jun 1996 14:53:33 +0800 Subject: NTT Chips Beat Cops Message-ID: <199606080230.CAA26365@pipe5.t2.usa.pipeline.com> The Economist, June 8, 1996, p. 65. Encryption Silence of the bugs Spare a thought for America's professional snoops. For decades the FBI and others have counted the telephone wiretap among their favourite weapons against crime, as countless mafiosi can (and did) testify. Now, software in a computer or digital telephone can scramble a message so effectively that no law-enforcement agency can read it. For years, the government has fought back by restricting the use of encryption, to the fury of privacy advocates on the Internet, where rampant eavesdropping makes encryption essential. Now a bit of silicon and a stack of paper have apparently ended the battle: the cops lost. The bit of silicon is actually two chips that can encrypt data transmissions so that they are in effect uncrackable. Had the chips been developed in the United States, the government would have classified them as "munitions" and banned their export. But they were developed in Japan, by NTT, the telephone giant, and the Japanese subsidiary of RSA, an American encryption company, which revealed their existence early this week. They can therefore be used around the world, and even imported into the United States. There seems nothing the American government can do about it. As if that were not bad enough, America's restrictive encryption policy took another hit last week when a report, commissioned by Congress and compiled by the prestigious National Research Council (NRC), concluded that the policy had hurt Americans far more than it had helped them. For the past few years, the White House has been offering a purported compromise: give the government (or a mutually trusted third party) a key to read your encrypted e-mail, and you can scramble it all you like. The problem with this so-called "key escrow" proposal was that it smacked to many of Big Brotherism. The computer industry rejected it out of hand, and fell back instead on weaker encryption that was not regulated, even though this can be cracked over a weekend with a home PC. Up to now, the government's response to cries for better encryption for all has been to fall back on its responsibility to protect the citizenry. The NRC panel rejected this, together with the "if only you knew what we know" argument the government has usually trotted out. Composed of former security officials and encryption experts, this panel did know what the government knows, and was still not convinced. Now the NTT chips seem to sweep away the whole debate. NTT has already sold the chips in 15 countries, and they should soon be incorporated in products. Stewart Baker, the former general counsel of America's National Security Agency, concedes that the chips have probably killed encryption controls in America, but argues that the battle will continue to run in Europe, where countries such as France limit their use. For the rest of the world, these bits of silicon may indeed make it harder for police to protect citizens. But they will also make it easier for citizens to protect themselves. -- From jimbell at pacifier.com Fri Jun 7 23:57:20 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 8 Jun 1996 14:57:20 +0800 Subject: It tolls for thee Message-ID: <199606072243.PAA13632@mail.pacifier.com> At 09:42 AM 6/7/96 -0700, Timothy C. May wrote: >At 7:29 AM 6/7/96, jim bell wrote: > >>Even so, given how much noise we've been hearing out of DC on the subject >>of the Internet, digital cash, and good encryption, I'd say SOMEBODY is >>getting a bit worried. I haven't exactly been keeping this stuff a secret: >>What do you think their reaction has been, so far? When those >>government-types start considering various scary scenarios, what do you >>think they are imagining? > >I don't think any significant amount of the current stuff coming out of >Washington has anything to do with my words, your words, or the words of >anyone on this or any other forum I know about. Okay, I was not trying to suggest that any particular source is followed. What I'm noticing is the almost uniformly "pessimistic" (as to the fate of the government) views I've read on the various computer networks, and the uniformly hostile reactions to government proposals. This can't be reassuring to the people in power today. >Rather, the reasons for their actions and hyperbole about the Net, the Web, >online porn, money laundering, the "information highway," and all that >trendy stuff is because they can see many of the same trends we see. > >While I have a certain amount of pride that my single-page "Crypto >Anarchist Manifesto" essentially nailed a bunch of trends which have become >obvious to all in the 8 years after I issued it, I don't for a picosecond >think anything I wrote then or since has had any significant effect on >proposed leglislation. Don't be so sure. Legislators, alone, don't have the smarts to figure out why they "needed" a Clipper-chip proposal, or the capacity to tap 1% of the phone calls, or other recent government proposals. Government is usually very good at ignoring problems long after they become problems. The fact that they're so hot to control the Internet suggests to me that somebody has been talking to them about what is going to happen. Jim Bell jimbell at pacifier.com From wendigo at gti.net Sat Jun 8 00:21:55 1996 From: wendigo at gti.net (Herr Wendigo) Date: Sat, 8 Jun 1996 15:21:55 +0800 Subject: Clinton To Cipher Whitewater Video (fwd) Message-ID: <199606071922.PAA04435@apollo.gti.net> An entity claiming to be Matthew Gaylor wrote: >From freematt at coil.com Fri Jun 7 12:31:25 1996 Date: Fri, 7 Jun 1996 12:02:40 -0400 X-Sender: freematt at bronze.coil.com Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: freematt at coil.com (Matthew Gaylor) From: freematt at coil.com (Matthew Gaylor) Subject: Clinton To Cipher Whitewater Video From: softwa19 at us.net (Charles R. Smith) Subject: Clinton To Cipher Whitewater Video President Clinton is scheduled to video-tape his testimony in the second Whitewater trial. He will do so from the oval office in July. The first video taped testimony he sent to an Arkansas court room was scrambled in order to protect his personal and political privacy. One can only assume that the President will also encrypt his second testimony for the same reasons. I have no problem with the President exercising his rights to use encryption. That is what the defensive technology is for. However, President Clinton is also engaged in an effort to deny that very same right from ordinary citizens. The Clinton administration has tried for several years to ban or remove all defensive encryption security from computers, stressing that crime had a higher priority over privacy. His latest Clipper III proposal would require all U.S. citizens to turn over their keys (escrow) so that the FBI can ensure that no one is using their computer for criminal activities. In effect, the proposal would invalidate the First, Fourth and Fifth amendments. Escrow is the modern equal to the FBI demanding your house key. This is so the FBI can check in every now and then. Yet, instead of making life safer, the proposal will leave us wide open for hacker attack. It is a fact that the Clinton record of computer security is so poor that the GAO reported over 160,000 successful penetrations against just the Defense Department in 1995. In fact, during one incident, a 16 year old hacker could have started a war between North Korea and America (Rome NY USAF Base/Korean Atomic Research Facility 1995). Please note - DOD has the best computer security record of all government agencies! That means the situation at the FBI, BATF, FAA, HUD and IRS is worse. Much worse. The computers that control the military, financial, industrial, medical and political heart of America are waiting for a Digital Pearl Harbor, left undefended by Presidental order. His proposal also assumes that a huge bureaucracy erected to monitor escrowed keys would be more secure than our nuclear arsenal. Ridiculous. President Clinton has risked global nuclear war to push intrusive and obsolete ideas which protect nothing. Instead, President Clinton should heed the GAO report which concluded that securing million dollar military computers with no encryption software, no firewalls and untrained, part-timers, is the wrong thing to do. President Clinton demands his personal and legal privacy but refuses to support the same for you and me. President Clinton has risked our personal safety and our common democracy in order to create a large bureaucracy of lawyers who will do nothing but count bits. The President should take a lesson from his own actions, cipher thyself, and protect America. He should join Senator Bob Dole and a whole crowd of Bi-partisan elected officals in supporting the PROCODE bill (S. 1726). This bill gives every American the right to encrypt. The right to personal privacy. The same right Bill Clinton enjoyed during the last video session at the Whitehouse. 1 if by land, 2 if by sea. Paul Revere - Encryption 1775 Charles R. Smith SOFTWAR Richmond, VA http://ally.ios.com/~softwa19 PCYPHER signature: 4279C640DB607D4D13B808082D7CC6F23938320C1956E31A50781D192D627672 601D141C6516051C061976462B382C294542435F19665B2B316E174955445C56 5A506675180400041F030A001472657A6A1201191C0E0003784FCCE47ACB9531 E1EE5997D5E34A97A351C22B2F1871573A85BB02E3CB5C046FB24E80478AEB74 4063578E1E8019425A08091923FE6D4CA375669185FD8935B361CA6B65949FE3 57E8629F5981F5030E0AAD2BECA669808B2A038E1D89E810398F0A4DDCD2F5A7 B1E6417290D1290346BE790894F6AD1E790C57A0B457C1BE85A5D3CFB42E38E8 D5C6BDAECA57F968898F345920D5804CF5832D70534F5C66230AF099F68CAECD **************************************************************************** Subscribe to Freematt's Alerts: Pro-Individual Rights Issues Send a blank message to: freematt at coil.com with the words subscribe FA on the subject line. List is private and moderated (7-30 messages per week) Matthew Gaylor,1933 E. Dublin-Granville Rd.,#176, Columbus, OH 43229 **************************************************************************** -- Mark Rogaski | Why read when you can just sit and | Member GTI System Admin | stare at things? | Programmers Local wendigo at gti.net | Any expressed opinions are my own | # 0xfffe wendigo at pobox.com | unless they can get me in trouble. | APL-CPIO From editor at cdt.org Sat Jun 8 00:26:02 1996 From: editor at cdt.org (Bob Palacios) Date: Sat, 8 Jun 1996 15:26:02 +0800 Subject: CDT Policy Post 2.23 - Congress/FTC Focus on Online Privacy Issues Message-ID: ----------------------------------------------------------------------------- _____ _____ _______ / ____| __ \__ __| ____ ___ ____ __ | | | | | | | | / __ \____ / (_)______ __ / __ \____ _____/ /_ | | | | | | | | / /_/ / __ \/ / / ___/ / / / / /_/ / __ \/ ___/ __/ | |____| |__| | | | / ____/ /_/ / / / /__/ /_/ / / ____/ /_/ (__ ) /_ \_____|_____/ |_| /_/ \____/_/_/\___/\__, / /_/ \____/____/\__/ The Center for Democracy and Technology /____/ Volume 2, Number 23 ---------------------------------------------------------------------------- A briefing on public policy issues affecting civil liberties online ---------------------------------------------------------------------------- CDT POLICY POST Volume 2, Number 23 June 7, 1996 CONTENTS: (1) Congress/FTC Focus on Online Privacy Issues - Solutions Differ (2) Text of EFF, CDT, PFAW, VTW Letter to Rep. Franks (R-NJ) on impact of "Children's Privacy" Bill (3) Join Senator Burns Live Online June 11, 10pm ET (4) How to Subscribe/Unsubscribe (5) About CDT, contacting us ** This document may be redistributed freely with this banner in tact ** Excerpts may be re-posted with permission of ----------------------------------------------------------------------------- ** UPDATE: DECISION IS NEAR IN FIGHT TO SAVE FREE SPEECH ONLINE ** An announcement from the Court is expected any time. Be sure to visit http://www.cdt.org/ciec/ for the latest news and information! ----------------------------------------------------------------------------- (1) CONGRESS/FTC FOCUS ON ONLINE PRIVACY - OFFER DIVERGENT SOLUTIONS The increasing use of the Internet by children, combined with the ease of collecting personal information online, raise serious privacy issues. However, while there is broad consensus on the goal of giving people more control over the collection and use of personal information online, some of the solutions being offered may have far-reaching, though perhaps inadvertent, impact on the free flow of information in interactive media. Over the past several months, concerns about the availability and use of personal information in the online world, particularly with respect to the collection and use of information about children, have prompted the Congress and the Federal Trade Commission (FTC) to seriously consider this important issue. The approaches to this issue fall broadly into two distinct categories: * Create Criminal Penalties For The Collection And Use Of Personal Information About Kids Without Parental Consent. * Encourage The Development And Use Of Technologies That Enable Users and Parents To Limit The Amount Of Personal Information They and Their Children Reveal Online. Legislation designed to restrict the collection and use of personal information about children without parental consent was recently introduced by Rep Bob Franks (R-NJ). The bill has sparked concerns from cyber-rights advocates that it may end up increasing the collection of personal information online and result in restrictions on the free flow of information (see the attached letter from EFF, People for the American Way Action Fund, VTW, and CDT below). Recent hearings before the FTC emphasized the broad consensus about the need to give individuals more control over the collection and use of personal information. The FTC hearings highlighted the availability of technologies which empower users and parents to exercise more control over the collection and use of such information, and the possibility that existing methods, including the PICS standards, can be enhanced to enable users to express preferences about how and to what extent they are willing to have personal information reused (although much work needs to be done before this is fully implemented). In addition, Rep. Ed Markey (D-MA), a long time champion of privacy issues, told the FTC panel that he would like to encourage the development of technologies that enable users to control the amount of personal information they reveal online. Markey also emphasized that Congress should consider legislation in this area if such technologies are not developed or are not effective. Markey told the FTC: "We should see if there are technological tools that can empower consumers. Where they don't exist, or where a particular industry refuses to embrace this code of electronic ethics in a way that solves this problem, then the government is obliged to step in and do something." Markey also announced that he intends to introduce legislation soon to give consumers the right to know that information is being collected about them, notice that personal information may be reused or sold, and the right to say "no" to the reuse or sale of their personal information. Markey's legislation would also commission a study of existing online privacy practices (The full text of Rep. Markey's statement is available at CDT's privacy issues web page URL below.) The FTC hearings illustrated that there is broad concern about the collection and use of personal information online. There was also great substantial support expressed for technological solutions to address this issue. As a result, the FTC has requested that the industry report back to the Commission in 6 months on progress towards developing technologies that enhance user control over the collection and use of personal information online. CDT is encouraged that Congress and the FTC have taken such strong interest in the issue of online privacy, and we look forward to working with all interested parties to ensure that solutions give users control over the collection and use of personal information and do not adversely affect the free flow of information online. More information, including CDT's testimony before the FTC panel and Rep. Markey's statement, and a demonstration illustrating the amount of personal information collected during the normal course of surfing the Web, can be found at CDT's Privacy Issues page: http://www.cdt.org/privacy/ ----------------------------------------------------------------------- (2) Letter from EFF, PFAW Action Fund, VTW & CDT to Rep. Bob Franks Regarding "Children's Privacy" (HR 3508) Bill The following letter was sent last week to Representative Bob Franks (R-NJ) regarding the "Children's Privacy Protection and Parental Empowerment Act" (HR 3508) from the Electronic Frontier Foundation, People for the American Way Action Fund, the Voters Telecommunications Watch, and the Center for Democracy and Technology. Among other things, the groups expressed concern that, as currently drafted, the bill raises some of the same privacy and free flow of information issues raised by the Exon/Coats "Communications Decency Act" to the extent that it is extremely difficult to know whether or not a person visiting a web site is or is not a child without requiring all visitors to identify themselves. While commending Rep. Franks for his efforts and expressing support for the goal of his legislation, the letter outlines several concerns about the impact of the bill on the Internet. The groups pledged to work with Rep. Franks and other interested members of Congress to explore technological solutions which empower users and parents to control the use of personal information and preserve the free flow of information. The Franks bill enjoys broad support from a number of conservative "pro-family" groups such as the Christian Coalition, Enough Is Enough!, and the National Law Center for Children and Families, as well as privacy groups such as EPIC, Privacy Times Publisher Evan Hendricks and Privacy Journal Publisher Robert Ellis Smith. The text of HR 3508 is available at: http://www.cdt.org/privacy/children/ The full text of the letter from EFF, PFAW Action Fund, VTW and CDT follows: ---------- June 4, 1996 Representative Bob Franks 429 Cannon House Office Building Washington, DC 20515 Dear Representative Franks: We are writing to commend your efforts to protect children's privacy. We are pleased that you have begun a process to put these important issues at the center of the political debate. We believe, however, that the solutions recommended in your bill, -- the "Children's Privacy Protection and Parental Empowerment Act" (HR 3508) -- particularly as they relate to the exchange of information on the Internet, will not only increase the collection of information about children in certain circumstances but will also criminalize behavior in a vast array of unintended situations, thereby compromising the free flow of information online. With the rising popularity of the Internet and commercial online services, concerns regarding the vulnerabilities of unsupervised children's activities online must be addressed. Indeed, although the Internet offers children unprecedented and important new educational and recreational opportunities, the medium also may offer access to inappropriate material, or exposure to unfair marketing or information collection practices. Solutions to these problems must be carefully analyzed and should take into account both the unique nature of the Internet, as well as the multitude of First Amendment and privacy rights at stake for all who seek to read, communicate, and associate with others in the online environment. In fact, the Federal Trade Commission (FTC), whose responsibility it is to police the existence and proliferation of unfair or deceptive advertising and information practices has scheduled hearings for June 4 and 5 to look at these very issues as they apply to the Internet. Because your bill was drafted to apply to all media we are concerned that its application in the Internet context may lead to unintended consequences. We ask that you examine, together with the FTC, the unique qualities of the Internet and the problems that result from regulating activity at the information publisher or Web site operator end. In its application to the Internet, the Children's Privacy Protection and Parental Empowerment Act is both over-inclusive, covering virtually all who participate in the Internet, and ineffective, in that it leaves substantial loopholes for those who engage in the behavior at which the bill is targeted. The term "personal information," the basic regulatory target of the bill, is defined in such as way that it may include nothing more than an electronic mail address which by its nature, gives no indication of the age or physical location of a user. Furthermore, the term "list broker," is drafted to cover any entity which exchanges personal information in the course of its operation. The vast majority of World Wide Web site operators, as well as anyone who operates a listserv, mailing list or other information distribution mechanism, all collect, store, and may well exchange, email addresses. Then, unless Web site operators obtain parental consent before collecting information, they risk criminal penalties for violation of section (a)(4). The difficulty in compliance is two-fold. First, information providers on the Internet have no way of distinguishing children from adults. In fact, compliance with the bill could well lead to an increase in the collection of information about children and adults, only compounding privacy risks. Even with the imposition of an unacceptably intrusive national ID system (a system that none of us support), it would still be essentially impossible for an information publisher or Web site operator to establish the age of the user visiting the providers site. Second, the requirement to disclose the source of personal information about children to parents creates unclear new obligations on Internet information providers. In fact, many of the information providers who would be covered by your bill do not keep track of the source of their information and thus may not have the ability to comply with the statute. Compliance with this section could well lead to an increase in the overall collection of personal information about Internet users, thereby compounding privacy risks. Imposed identification procedures applied to the World Wide Web under the threat of criminal penalties would limit all Internet users' ability to read, speak, receive information and interact online under constitutionally-protected conditions of anonymity. Further, requiring parental consent in all instances or requiring providers to disclose information to parents collected from children fails to acknowledge the distinction between young children and teenagers and their rights under the Constitution. Finally, section (a)(6) which criminalizes any distribution or receipt of personal information where the receiver has knowledge or "reason to believe that the information will be used to abuse the child or physically harm the child" is well-intentioned, but potentially so broad as to cover anyone who receives and discloses personal information about a child. The bill establishes no clear standard of care or level of knowledge necessary to meet this requirement, leaving everyone on the Internet in doubt about whether or not they may be violating this new crime. Schools and organizations who publish directories as well as newspapers who publish the identity of a child in a news story could be subject to prosecution because they had "reason to know" that the information may end up in the possession of bad actors. Given all of these difficulties in applying your bill to the Internet, and given the importance of addressing children's privacy issues, we suggest that examination of alternatives is in order. Empowering parents to protect their children's privacy with existing technological tools and fair information practices by the industry will help ensure that the Internet continues to grow and thrive for both commercial and noncommercial endeavors. For example, software already on the market such as Cyberpatrol, as well as industry-standard technologies such as the Platform for Internet Content Selection (PICS) enable people -- including parents and their children -- to restrict access to sites which practice objectionable marketing and information collection techniques. At present, PICS technology, along with other innovative products, allows parents to filter and block-out materials that contain objectionable content or block access to sites with inappropriate or abusive marketing practices. Current technology can enable parents to: * prevent their children from accessing Web sites with inappropriate information practices -- as defined by the parent or a consumer or privacy organization of the parent's choice; * prevent their children from revealing personal information such as name, address, and e-mail address to others; * install security measures such as passwords that prevent their child from changing rules about Web site access or information disclosure, collection and use that the parent has established. The Internet community is already considering extensions to the PICS specifications which will enable individual users and parents to block the transmission of their personal information to Web sites they visit and to express a preference about how and to what extent they are willing to have personal information reused. PICS, Cyberpatrol and other technologies can help eradicate the deceptive and inappropriate practices your bill seeks to address without compromising the rights of users or content providers. Several of us have had the opportunity to talk with you and your staff about this legislation. We appreciate your willingness to discuss these issues and look forward to working with you in this important area in the hopes that technological alternatives combined with better industry practices and much more narrowly crafted legislation will help protect this nation's children in the online world, consistent with First Amendment and privacy principles. Sincerely, The Center for Democracy and Technology The Electronic Frontier Foundation People For the American Way Action Fund Voters Telecommunications Watch ---------- ---------------------------------------------------------------------------- (3) Join Senator Conrad Burns Live Online to Discuss Encryption Policy The Night Before His Subcommittee Holds a Hearing On the Issue! --> Visit http://www.hotwired.com/wiredside/ for details <-- In what is becoming the newest way for Congress to read the net.community's opinion on issues, Senator Conrad Burns (R-MT) will be on HotWired on June 11th @ 10pm EST to discuss the encryption issue with all attendees. The next day, Senator Burns will chair the first of two scheduled hearings on the encryption issue with industry luminaries. Never before has the public had this much access to legislators without geographical proximity. Cheaper than teleconferencing, and more direct and unfiltered than the traditional press, online chats allow the public to directly question and hear the answers of Congress. Have a question about encryption policy that you've never been able to find out from the government? Come to the HotWired chat and ask Senator Burns to be your advocate to press the witnesses and the White House on these issues. The online chat is at 10pm EDT (7pm PDT) on Tuesday June 11, the night before the first hearing. HotWired's WiredSide chat is at: http://www.hotwired.com/wiredside/ Next Tuesday's forum is another in a series of planned events, and is part of a broader project coordinated by CDT and the Voters Telecommunications Watch (VTW) designed to bring the Internet Community into the debate and encourage members of Congress to work with the Net.community on vital Internet policy issues. The transcript from last week's discussion with Congressman Rick White is now available -- for information about the transcript, previous events with other members of Congress, and upcoming events, please check CDT's newest Issues Page, "Congress and the Net": http://www.cdt.org/net_congress/ ------------------------------------------------------------------------ (4) SUBSCRIPTION INFORMATION Be sure you are up to date on the latest public policy issues affecting civil liberties online and how they will affect you! Subscribe to the CDT Policy Post news distribution list. CDT Policy Posts, the regular news publication of the Center For Democracy and Technology, are received by more than 9,000 Internet users, industry leaders, policy makers and activists, and have become the leading source for information about critical free speech and privacy issues affecting the Internet and other interactive communications media. To subscribe to CDT's Policy Post list, send mail to policy-posts-request at cdt.org with a subject: subscribe policy-posts If you ever wish to remove yourself from the list, send mail to the above address with a subject of: unsubscribe policy-posts ----------------------------------------------------------------------- (5) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US The Center for Democracy and Technology is a non-profit public interest organization based in Washington, DC. The Center's mission is to develop and advocate public policies that advance democratic values and constitutional civil liberties in new computer and communications technologies. Contacting us: General information: info at cdt.org World Wide Web: URL:http://www.cdt.org/ FTP URL:ftp://ftp.cdt.org/pub/cdt/ Snail Mail: The Center for Democracy and Technology 1634 Eye Street NW * Suite 1100 * Washington, DC 20006 (v) +1.202.637.9800 * (f) +1.202.637.0968 ----------------------------------------------------------------------- End Policy Post 2.23 6/7/96 ----------------------------------------------------------------------- From nobody at replay.com Sat Jun 8 00:26:39 1996 From: nobody at replay.com (Name Withheld by Request) Date: Sat, 8 Jun 1996 15:26:39 +0800 Subject: middle-man may be moving... Message-ID: <199606080215.EAA10166@basement.replay.com> It looks like I'm going to have to move the middle-man remailer. The nym server at alpha.c2.org has been down for several days. This directly affects the middle-man remailer. Since nymrod at nym.jpunix.com has made it to Raph's list, I'm going to contact the admin at jpunix.com and see if it's ok for me to point the middle-man remailer nym at his server. Maybe it will be a little more reliable and allow the middle-man remailer to work properly. Stay tuned for further details as they occur! middle-man-admin at alpha.c2.org (don't bother to reply, it doesn't work) From smorri59 at raptor.icubed.net Sat Jun 8 00:27:55 1996 From: smorri59 at raptor.icubed.net (ScottMorris) Date: Sat, 8 Jun 1996 15:27:55 +0800 Subject: Class III InfoWar: TST Article Message-ID: <9606080332.AA29486@raptor.icubed.net> [snip] > >On the substance of Schwartau's claims about "HERF guns," I'm a bit >skeptical that this is a real threat _at this time_. I'll say more on this >later. > >So, why am I so skeptical? For a couple of reasons: > >1. Conventional explosives work perfectly fine for a lot of sabotage >efforts. It is unlikely that a mysterrious van is likely to be parked next >to a London brokerage or computer firm in the City of London, given their >history of terrorism. Why bother with explosives when you can pull a manhole cover and climb down with a . All that copper/fiber has to run somewhere in the area to get into the buildings. When the conductor is gone say goodnight. Or the alternative, pour gas into the access covers and light it. Simple is better. >2. To be a credible threat, there usually needs to be some form of >"demonstration." I have heard of no such thing. Absent such a public >demonstration, I find it hard to believe that beancounters would OK the >giving away of hundreds of millions of dollars for a threat which is >abstract and hard to understand for laymen. Short of a tac nuke there won't be one any time soon. The herf/emp/sci-fi weapon of choice is not feasible *at this time*. Remember the square law. If it isn't in the machine room, or damn close it won't work. One has to wonder why the assorted experts on this haven't built a working model and given a controlled demonstration. >3. This recent story smacks of hype. I'm not saying Schwartau is hyping his >conferences and his book, and his consulting business, just saying it >strikes me as a hyped threat without direct confirmation. While the consultants are hypeing all this I have REAL threats to deal with. > >--Tim May > P.S. I guess I'm going to have to get Eudora Pro so I can filter out the psychos 'R' us persona. ----- My opinions are my own, not those of my employer. Scott L. Morris smorri59 at mailhost.icubed.net ** They can have my PGP key when they ** ** pry it from my cold dead keyboard! ** From sandfort at crl.com Sat Jun 8 00:30:56 1996 From: sandfort at crl.com (Sandy Sandfort) Date: Sat, 8 Jun 1996 15:30:56 +0800 Subject: Anonymous stock trades. In-Reply-To: Message-ID: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C'punks, On Sat, 8 Jun 1996, Asgaard wrote: > Who is going to assure that someone has an ownership stake in the > Humpback Whales? The World Government? Is that entity supposed to > give the whales to some private whale-watcher's tourism enterprise? > I don't get it. When I first was introduced to free market economics, I had the same sorts of questions (e.g., "who will own the roads?"). If you keep at it, though, these questions are easily answered. Rather than give away the answer to Asgaard's question, I'll propose the following Socratic response: Who assures that someone has an ownership stake in the ships that sail the sea? S a n d y ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From nelson at crynwr.com Sat Jun 8 00:33:09 1996 From: nelson at crynwr.com (nelson at crynwr.com) Date: Sat, 8 Jun 1996 15:33:09 +0800 Subject: mailing-list through a remailer In-Reply-To: Message-ID: <19960608040239.16261.qmail@ns.crynwr.com> Scott Binkley writes: > Having a mailing-list run through a remailer?? Only through a penet-type remailer. It couldn't work at all with a mixmaster-type, and would work but poorly with a ghio-type with reply block. > It would be double blind, and difficult to find out who ran the list. Only if your name isn't Julf. > If you chained the remailers, it would be even more difficult. If you chained the remailers for your subscription, then every message would travel the same path. -russ http://www.crynwr.com/~nelson Crynwr Software | Crynwr Software sells packet driver support | PGP ok 11 Grant St. | +1 315 268 1925 voice | It's no mistake to err on Potsdam, NY 13676 | +1 315 268 9201 FAX | the side of freedom. From llurch at networking.stanford.edu Sat Jun 8 00:39:59 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Sat, 8 Jun 1996 15:39:59 +0800 Subject: "Fascism is corporatism" In-Reply-To: Message-ID: On Thu, 6 Jun 1996, Timothy C. May wrote: > At 6:18 PM 6/6/96, Rich Graves wrote: > >On Wed, 5 Jun 1996, Bruce Baugh, who usually knows better, wrote: > > > >> Fascism has no intrinsic link to genocide. It is a theory of economics, > >> basically, in which the state has ultimate authority over production and > >> distribution without (as in socialism) actually _owning_ the means of > ... > >Yes, I'm afraid these ahistorical myths are widespread. What _do_ they teach > >in these schools? > > > >Pick up anything by Renzo De Felice to gain a basic historical understanding > >of what fascism was about, from someone who was sympathetic to them. > > Rich, I don't think it nearly so clear as you are claiming. The definition > of fascism, that is. Without resorting to the usual ploy of quoting > Webster's (a ploy I usually am not impressed by), let me cite an Actually, perhaps you *should* check Webster's... you forget that I'm a Certified Political Scientist. The etymology of fascism is particularly on point. Historically, it refers to the building of a military vanguard as an outgrowth of risorgimento, Italy's process of becoming a independent, unified [fucking] state rather than a bunch of weak city-states, which were often dominated by French, Prussian, or Austria-Hungarian interests. In an interesting turn from the theme of this list, Italians from the 1870's through Mussolini saw a strong, centralized state as the best way to be free from tyranny and government theft. I'm not much of an historian of Italy, though, so I won't pursue this point. Besides, it came from a peculiar set of historical circumstances that CLEARLY do not apply to the US today. > "anti-fascist" radio personality, Dave Emory, who I have been listening to > nearly every week for several years. > > Dave is undeniably anti-fascist, an unusual mixture of left-leaning views > and National Rifle Association sympathies, and he often quotes Mussolini's > famous "Fascism is corporatism" line. That is, a view more similar to Bruce Sounds like my kind of guy. I tend not to be much impressed by radio personalities, but I may look him up. "What is fascism" could be batted about forever; I don't think it's much worth talking about, especially out of historical context. Mussolini started as a Machiavellian who had not read Machiavelli. Early fascism, and the etymology of fascism, was a nationalistic, militaristic struggle for power. Once they got in power, then they started developing an economic ideology. That's how it works with just about every "political theory"... with the exceptions of Marxism, libertarianism, and religious fundamentalism, perhaps. > Baugh's point that fascism is primarily an economic theory, about the > organization and ownership of production systems, than about hatred of any > particular ethnic group. Of "particular" ethnic groups, probably no. Ezra Pound's antisemitism was actually pretty unusual. But fascism's essence is rabid, disciplined nationalism of the militaristic kind. Not really xenophobic and explicitly genocidal like "National Socialism," which isn't descriptive but was just a name/party that Hitler was able to hijack to put his extended rant Mein Kampf into practice, but definitely conscious of the "national character" to the exclusion of any other. > ("Fascism is corporatism" is of course not an overall indictment of all > corporations. "Corporatism" is basically a view that government should > identify key industries and corporations and then pick the winners and > support them while suppressing their competitors. This oversimplifies what > Mussolini, Emory, myself, etc. mean by "corporatism," but I hope this gives > at least a glimpse. That's one glimpse, but I think it's worthwile clarifying that corporatism isn't about corporations. It's organizing societal groups into officially recognized corps. Corporatism defines people by their profession, to the exclusion of any other ties that bind (religion, family, hobbies, political views, race -- cuz they're all assumed to be of the same "national character" anyway) and all transactions among the various corps is mediated by the government. An excellent example of corporatism is Mexico's PRI (Institutional Revolutionary Party), which is essentially to say the Mexican government, which is functionally divided into units such as the CTM (Confederation of Mexican Workers, an umbrella for legally sanctioned trade unions). -rich From ses at tipper.oit.unc.edu Sat Jun 8 00:49:13 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Sat, 8 Jun 1996 15:49:13 +0800 Subject: eTimeouts Message-ID: Are about to be imposed on Perry and Phil. You don't both have to play with the same tentacle - there are plenty to go around. Now behave, or I won't let you watch todays episode of (smith) Barney. Simon --- Cause maybe (maybe) | In my mind I'm going to Carolina you're gonna be the one that saves me | - back in Chapel Hill May 16th. And after all | Email address remains unchanged You're my firewall - | ........First in Usenet......... From die at pig.die.com Sat Jun 8 00:54:30 1996 From: die at pig.die.com (Dave Emery) Date: Sat, 8 Jun 1996 15:54:30 +0800 Subject: Internet solution for law enforcement In-Reply-To: <19960607194629.14482.qmail@ns.crynwr.com> Message-ID: <9606080052.AA12694@pig.die.com> Russ Crynwr writes: > Hey, I went into the local New York State Police station and asked if > they had email. The answer is basically "No." They've got something > like a telex system. I doubt that they're any encryption on their > data services. You'd think that police department RADIOS would at > least be encrypted! Thanks, TLAs, for your crime encouraging efforts. > [ TLA lurkers should have the grace to wince at that. ] Actually there is quite a strong school of thought that holds that police should be discouraged from using hard encryption on their radios because that makes it impossible for the media and public to keep an eye on them to make sure that they are on the up and up. Remember that policeman carry guns and have wide discression in what they can do in many situations, especially in short term immediate situations. And quite a few are not well educated or terribly bright. And most members of the general public are inclined to believe the word of police rather than some random citizen. A hard encrypted police radio system restricts public information about police activities largely to what the police chooses to voluntarily reveal to the media - and given the self promoting political games, corruption, fabrication of evidence, brutality, racism and plain stupidity that characterize all too many police departments that often is not enough and very very self serving. Leaving police radio communications at least mostly open allows the media and curious citizens to follow and observe police actions and have enough knowlage of what went on to ask the hard questions and be witnesses to the actual events. Many police radio systems have been deliberately left open in recent years even as digital DES based technology has become practical and somewhat affordable and widely installed. Lots of police departments have agreed or been forced to not encrypt anything but sensitive undercover surveillance related coms, and certain tactical coms in crisis situations such as hostage takings. (It still remains also true, however, that digital voice radios systems have less range, penetrating power and more unpredictable outages and dead spots than good old analog fm systems do so there is an added benefit to not using encryption). And most police officers seem to believe that allowing the public to listen to their communications is a net plus - there are apparently few known instances of criminals making particularly effective use of scanners to thwart the police and lots of instances of citizens spotting suspects and other suspicious activities and informing the police because they knew they were interested from what they overheard listening to a scanner. As for police digital communications (the so called MDT terminals installed in many police cruisers) - the older and larger city systems installed mostly by big companies such as Motorola use feeble or non existant encryption and can be readily intercepted by a slightly modified scanner (using radio shack parts) and a PC with suitable software (though the baud rates are odd, the data format synchronous rather than start-stop async, the messages mostly sent in the form of packed codewords in some BCH or Reed Soloman error correcting code with the data bits strangely distributed in the codeword for best error immunity, and the actual data a hodgepodge mixture of ASCII text and binary screen formating and control characters). The MDT systems installed in smaller towns and more recently by a small company founded by a former colleague of mine (K1EA) that use standard laptops instead of proprietary terminals do use single DES encryption (my pro-crypto rantings on slow afternoons many years ago may have had some effect). I don't know how good the key management is - I keep meaning to ask Ken the next time I see him at a hamfest - but at least the data is not sitting there for the taking by anyone with a PC, a scanner, and some reasonably straightforward DOS software. I have been told that interconnecting non secure digital terminal systems with the various federal and state criminal data base systems such as NCIC and its successors that contain sensitive non public information such as criminal histories and arrest records is supposed to be illegal. It is not clear how completely this rule is observed. Crypto in the real world raises some interesting issues - the nazis or fascists in the evil sense in the future will certainly make very effective use of it to do evil. Dave Emery die at die.com From stewarts at ix.netcom.com Sat Jun 8 01:13:27 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sat, 8 Jun 1996 16:13:27 +0800 Subject: OECD http://www.oecd.org/news_and_events/release/nw96-46a.htm Message-ID: <199606071824.LAA06312@toad.com> Ms. Kamata wrote: >>The process of drafting the OECD Cryptography Policy Guidelines will >>continue at an experts meeting in June and is due for completion in >>early 1997. Cryptography policy is a matter of vital public interest; while I assume that actual participation will be limited by the need for a small enough group to actually get work done, the World-Wide Web makes it easy to publish working papers, meeting agendas, drafts, and participant contact information so that the public can keep track of what's being done. There's a lot of broad-level material on your web site (I enjoyed the perspective of http://www.oecd.org/dsti/iccp/legal/top-page.html), but it would be a substantial benefit to the community to provide the in-depth material as well. At 08:39 PM 6/6/96 -0800, Jim Bell wrote, replying to Ms. Kamata's press release: >>OECD EXPERTS BEGIN DRAFTING CRYPTOGRAPHY GUIDELINES >>Many governments are under pressure within their own countries to >>develop a national position on cryptography, > >If anything, it's exactly the opposite: It is the GOVERNMENTS and >those who hold government jobs who are doing the "pressuring." >I haven't seen more than a trickle of desire for a >"national position on cryptography." What Internet-people want is the >ELIMINATION of a "national position on cryptography," I think. Most governments already have a "national position", restricting cryptography in ways that violate free speech by their citizenry and interfere with commerce to varying degrees. The US has been one of the more egregious violators in this case, since US companies and products dominate the software industry, and national police organs have been strongly opposing the industry's attempts to provide decent security for communications. Industry, on the other hand, has been pressuring government to allow at least enough security to prevent massive fraud and theft and protect proprietary business communications; some parts of industry are willing to compromise if they get this much (perhaps with the added bribe of government contracts to make up for lost opportunities in the free market), while other parts (especially smaller companies, where the costs of bureaucratic compliance have more effect, and where proprietors can speak for the company) take a far stronger view, that freedom of speech cannot be compromised. >>But the needs of global technologies and applications require an >>international --rather than a strictly national -- approach to >>policymaking. The fast-paced development of the Global Information >>Infrastructure adds an element of urgency. The global characteristics of technology render strictly national policymaking increasingly obsolete, because any individual in a free or semi-free computerized country can develop software like PGP which can at most be blocked by vigorous local government action. There are two added forms of urgency - the critical need for security for electronic commerce, which is growing rapidly and increasingly in conflict with nationalist military policies, and the increasing deployment of technology which reduces government control. >>The private sector is closely involved in drafting the Guidelines, >>with business representatives from the Business and Industry Advisory >>Committee (BIAC) participating at the meeting. >>The OECD meeting, which took place on 8 May, was hosted by the US >>Department of State in Washington DC. Was the meeting announced to at least the public in advance? The schedule on the web page mentioned the 8 May meeting, at least after the fact, but does not list any of the following meetings, and there's no identification of your BIAC committee's members or even the member governments participating. Thanks! # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Rescind Authority! From anonymous-remailer at shell.portal.com Sat Jun 8 01:17:00 1996 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Sat, 8 Jun 1996 16:17:00 +0800 Subject: Is the alpha.c2.org 'Nymserver Down? Message-ID: <199606080439.VAA09011@jobe.shell.portal.com> My 'nym seems to be broken again, and I've heard other reports that the alpha.c2.org 'nymserver is down. Yet, Raph's ping list seem to indicate it's healthy: remailer email address history latency uptime ----------------------------------------------------------------------- alpha alias at alpha.c2.org +-++**++-++* 49:22 99.66% What's the story? From caal at hopf.dnai.com Sat Jun 8 01:17:48 1996 From: caal at hopf.dnai.com (caal at hopf.dnai.com) Date: Sat, 8 Jun 1996 16:17:48 +0800 Subject: "EASYSAFE(R) VERSION 3.0 Message-ID: <199606072143.OAA25549@hopf.dnai.com> I thought this may be of interest to the list. >[PRNewswire:Computers-0605.14] 6/5/96 > > EASYSAFE(R) VERSION 3.0 FOR DOS, WINDOWS & WINDOWS 95 'FIRST > NOTEBOOK SECURITY PRODUCT' > > CHICAGO, June 5 /PRNewswire/ - EliaShim Safe Software, a leading > provider of network security products and anti-virus protection > systems, announced at Spring Comdex 96 the release of EasySafe, > version 3.0, the first security and encryption product designed > specifically for notebook computers. > > .. EasySafe provides bullet-proof protection that is easy to install. > .. EasySafe prevents unauthorized use or access through boot password > protection. > .. EasySafe prevents removal or transfer of information via full hard > disk encryption. > .. EasySafe provides keyboard locking after three incorrect password > attempts. > .. EasySafe provides screen blanking after a predetermined period of > inactivity. > .. EasySafe denies system level access to hard disk information. > .. EasySafe can be configured to disable LPT, COM, and Floppy ports. > > Upon boot-up, EasySafe asks the user for a password. A > correctly entered password grants the user access to the computer. > Encryption/decryption of data on the hard disk is dynamic and > completely transparent to the user. The system allows for three > password attempts before locking the computer, and only a cold-boot > reset is possible. After entering the correct password, the disk is > unencrypted dynamically, normal boot up takes place, and the user is > granted access to the system without disk access restrictions or > delay. > > EasySafe includes a DOS/Windows screen saving utility which > blanks the screen after a period of inactivity. The only way to re- > activate the computer is to enter the correct password. > > EasySafe offers two encryption methods. The first encrypts all > data on local hard drives. The second method encrypts boot sectors > and partitions. This prevents unauthorized users from booting from > the "A": drive and accessing the data on the hard disk. This > encryption scheme also protects against the use of disk editing > programs (such as Norton Utilities). Thus, valuable company secrets > remain hidden and secure. EasySafe can be configured to disable LPT, > COM, and Floppy ports to ensure that the information contained on > the hard drive cannot be transferred to another system for later > viewing. > > While annual purchases of notebook computers have increased > steadily, the number of notebooks reported stolen each year is much > more alarming. In 1995, 208,000 notebooks with a value of almost > $640 million were reported stolen by a Columbus, Ohio insurance > company that offers coverage for portable computers (Information > Week - May 6, 1996 issue). EasySafe is the perfect product for > those field professionals whose notebooks contain valuable, > confidential, company information and other sensitive data that is > hundreds of times more valuable than the cost of a notebook. > > Founded in 1983, EliaShim Safe Software has been providing PC > security solutions and anti-virus protection for corporate, > government, educational institutions, and program developers in both > domestic and international markets. Over four million computers are > protected worldwide. Product line includes: EasySafe, MasterSafe, > ViruSafe Gold, and ViruSafe LAN. > > -0- 6/5/96 > /CONTACT: Carl Frederick, Jr., Director of Marketing, EliaShim > Microcomputers, 800-477-5177, or at Spring Comdex 96, Booth . C5431, > 312- > 791-6708/ > > CO: EliaShim Microcomputers, Inc. > ST: Florida > IN: CPR > SU: PDT > > From llurch at networking.stanford.edu Sat Jun 8 01:30:22 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Sat, 8 Jun 1996 16:30:22 +0800 Subject: Internet solution for law enforcement In-Reply-To: <199606071900.MAA12968@hopf.dnai.com> Message-ID: On Fri, 7 Jun 1996 caal at hopf.dnai.com wrote: > Has anyone seen this yet? Looks like it's two weeks old. Internet Police! > > >[BizWire] 5/20/96 > > > > (SUN/PSI-INTL)(SUNW) PSI International, Sun partner, unveils Java- > > based Internet solution for law enforcement agencies; "Internet in > > Blue" Police Internet/Intranet Application Suite Available in July > > 1996 Is this a joke, or has the world gone completely batty? -rich From declan+ at CMU.EDU Sat Jun 8 01:37:13 1996 From: declan+ at CMU.EDU (Declan B. McCullagh) Date: Sat, 8 Jun 1996 16:37:13 +0800 Subject: Wasting time and bandwidth on Bell In-Reply-To: Message-ID: <4liCDhS00YUzEPhpdP@andrew.cmu.edu> Excerpts from internet.cypherpunks: 7-Jun-96 Wasting time and bandwidth .. by "P.J. Ponder"@wane-leon- > Or they automatically delete any posts that come from or relate to the > puerile bullshit Bell is infamous for, and choose not to get dragged into > this type of time- and bandwidth- wasting garbage. Of which this post is One of 'em just emailed me saying just that. -Declan From jimbell at pacifier.com Sat Jun 8 01:41:12 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 8 Jun 1996 16:41:12 +0800 Subject: Wasting time and bandwidth on Bell Message-ID: <199606080514.WAA02576@mail.pacifier.com> At 02:08 PM 6/7/96 +0100, P.J. Ponder wrote: >Or they automatically delete any posts that come from or relate to the >puerile bullshit Bell is infamous for, and choose not to get dragged into >this type of time- and bandwidth- wasting garbage. Of which this post is >just another, of course, but i get so damn sick and tired of the constant >imposition of 'AP' and related nonsense on this list. It is to be expected that among the citizens of this world, there would be those who have so much moral or economic stock in the current order that they would strongly resist any serious change. (maybe they're already on top, or they hope to be in a few years, etc.) Until a few years ago, almost everybody probably figured that the main effect of computer networking (and the Internet) on politics would be to allow people to send letters to their Congressmen faster while destroying fewer trees, or letting people send in their votes by email rather than travelling to a voting booth. Simple changes. Non-threatening. Don't rock the boat. Don't upset the apple cart. Don't make a wave. It will be a great shock to most of you to hear that the real changes will not only be figuratively "revolutionary" but also LITERALLY revolutionary. >>3. Congress would have no problems passing a law outlawing AP, if one >>does not exist already. >I would be satisfied if they just outlawed e-mail about it. I guess this guy never heard about the 1st Amendment. Or maybe he did, but he concluded that it must have been a mistake, because it's not the kind of thing that the people in charge today would vote for if they had a choice in the matter.. Jim Bell jimbell at pacifier.com From adamsc at io-online.com Sat Jun 8 01:46:33 1996 From: adamsc at io-online.com (Chris Adams) Date: Sat, 8 Jun 1996 16:46:33 +0800 Subject: INteresting tidbit Message-ID: <199606080142.SAA15961@toad.com> ** Reply to note from stewarts at ix.netcom.com 06/07/96 11:15am pdt > >> 4. The ability to crack DES-1 in near real-time mode is present. > >> (See above). > >First, this has been loosely confirmed for ages. Someone was mentioning >> that FBI offices supposedly have software that (on a 486) can crack a DES-1 key >> in under an hour. Multiply * modern high capacity computers = problem. >> However, this does not nessesarily follow from > > Sigh. This is of course hopelessly bogus. You can't even crack RC4/40 in > under an hour on a 486 machine, thoguh you can do it very fast on custom > hardware. I figured it had been sensationalized. I received an email from someone who had actually played with such a beast (or claimed to have) and I believe he mentioned it had an addin card. > > >This Message Was Sent With An UNREGISTERED Version Of PMMail. > >Please Encourage Its Author To Register Their Copy Of PMMail. > >For More Information About PMMail And SouthSide Software's Other > >Products, Contact http://www.southsoft.com. > > I won't encourage you to register it, but at least please find a way to > quiet the sucker down. Mailers that do one line of advertising on unregistered > shareware are semi-tolerable. Mailers that do 4 lines are highly rude. > Fortunately, a good binary editor makes it easy to go in and turn the message > to something quieter, like -'s or :-)'s... I just did that. Took awhile to find a decent OS/2 email program... I'm not sure the new one is better, but it sure is less intrusive. That and a little bug that resulted in some messages getting dumped here (still wondering how it managed that) cost them a sale. From qut at netcom.com Sat Jun 8 02:05:46 1996 From: qut at netcom.com (Be Good) Date: Sat, 8 Jun 1996 17:05:46 +0800 Subject: ID this 31173 NCR keyboard In-Reply-To: <199606070859.BAA16976@mail5> Message-ID: <199606080415.VAA24937@netcom22.netcom.com> > Does it have any identifying numbers? There's a bunch of labels and printings inside the board, the pc board says ELE 2001; the chip says NCR '82 and 31960; and a couple labels on the inside of the case that don't make any sense. Do I have any chance of getting term support for this, or getting a new keyboard like this? It seems ideal. > NCR OEMed a line of ADDS Viewpoint terminals for a while, > and while the numbers no longer come to mind > (unless they're like 2920), they might look familiar > if I saw them. This keyboard sample doesn't look > quite like them, though. Most of their keyboards > like that were for terminals, not for PCs. > Are the connectors even PC-like? The connector and cable is standard XT-like. > Also, if there are function keys through F20, it might very > well be a 3270-emulator of some sort. > > At 01:52 PM 6/6/96 -0700, you wrote: > >Oops. I wrote that just looking at the keyboard. > >Picked it up at Seattle's Ex-Pc for $3. > >It's so old, I think it requires a non-PC BIOS. > >No manual, labels etc. > > > >Anyone have a clue as to what this is: > > > >NCR > > > >F1 F2 [...] F18 F19 F20/RESET| > >ESC [...] TAB |[five direction keys] > >CONTROL Q [...] }/] CONTROL |CLR 7 8 9 / > >CAPS_LOCK A [...] ~/` |NEW | - 4 5 6 * > >[up] |/\ Z [...] [upup] |LINE | + 1 2 3 |NEW > > [space] | 0_ 00 . |LINE > > > >It was designed for easily customizing your keytable, > >being an actual flat terminal with square keys easily > >pulled out and interchanged. > > > >The back of the keyboard has three switches for > >the boolean selection of languages: US English, > >UK/Int. English, French, German, Swedish/Finnish, > >Danish/Norwegian, Spanish, Italian. > > > >So, where to get a NEW keyboard like this: > > > >FLAT, with a full set of SQUARE, EASILY pulled out keys. > > > > > > > # Thanks; Bill > # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com > # http://www.idiom.com/~wcs > # Rescind Authority! > > -- Kill Your Television From qut at netcom.com Sat Jun 8 03:14:09 1996 From: qut at netcom.com (Be Good) Date: Sat, 8 Jun 1996 18:14:09 +0800 Subject: Thank you for the Archives 100 messages In-Reply-To: <31B91EA0.16F@netcom.com> Message-ID: <199606080730.AAA24004@netcom13.netcom.com> > qut4.qut at netcom.com wrote: > > > > Apologies, but rich has deleted me from > > his mailboxes, and for a few days now, > > As I have, too, now. > > > somebody has placed a global cancel bot on > > me. I'm gonna have plenty of fun figuring > > this out. Kwow any good sniffers? > > I'm glad! If my processor/filtering software doesn't > have to deal with your garbage, that's more time I have > to spend with folks who have something to say. The only thing your type of "cypherpunk" has to say, is blather about liability, copyrights, and other capitali$t bs. REAL crypto-anarchists, of course, want the destruction of copyrights, trademarks, and other weapons of capitali$m, and will implement crypto-anonymonity to proceed forthwith. > No, I don't know of any better "sniffers" (I assume you > mean, "software that can detect a cancelbot"), as such > software is impossible to detect. Of course, unless Rich > (or whomever cares so much about a moron) has either root > on toad.com, or at least as many resources as the NSA, he > can't cancel your mail to Cypherpunks (or anywhere else). I was talking about netnews, mormon. > > I agree the list should be public usenet: > > A mail gate-way to a usenet group that > > ALSO permits unmoderated posts. This > > would be a nice way to combine a strict > > moderated mail-list, with a standard > > netnews group. > > Er, what? > > That paragraph makes absolutely no sense whatsoever. There's already hundreds of groups like that, stupid. It will be implemented, whether you like it or not. -- Kill Your Television From stewarts at ix.netcom.com Sat Jun 8 04:00:20 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sat, 8 Jun 1996 19:00:20 +0800 Subject: How to explain crypto? Message-ID: <199606080749.AAA26078@toad.com> At 01:50 PM 6/4/96 -0500, Declan wrote: >For example, someone sent me this explanation: > "The 1024 bit key is likely an RSA key, and is not comperable to a 40 bit > symetric key. From memory, 1024 bit RSA is about as hard to crack as 90 > bit symetric." >Is this a reasonable comparison? It's probably close enough for anti-government work; the relative strength depends a lot on whether you're using general-purpose computers or custom crackerboxes, and on the state of the art in factoring technologies. I'd be tempted to be verbose and say that public-key systems like RSA use prime numbers for keys, so they need to be a lot longer than secret-key algorithms like DES or RC4 which can use any number as a key but need to keep it secret. You can double the cracking effort by adding one bit to a secret key or about 10 to a public key. 500-bit public keys and 56-bit secret keys are about the limit of cracking technology for organizations with a couple of million dollars spare for supercomputers, which is your desktop in 5-10 years. The NSA's Clipper Chip used 80-bit keys, which is about 20 years' protection against people who can't use the built-in wiretap or bribe a cop to get a warrant. One problem with these secret hardware designs is that you usually can't tell if there's a back-door unless they tell you - or goof up like they did with the Clipper's short checksum. # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Dispel Authority! From stewarts at ix.netcom.com Sat Jun 8 04:13:45 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sat, 8 Jun 1996 19:13:45 +0800 Subject: [NOISE] Buying whales with digicash Re: Anonymous stock trades. Message-ID: <199606080829.BAA26495@toad.com> At 10:52 AM 6/7/96 -0400, Perry wrote: >hallam at Etna.ai.mit.edu writes: [...] >> Well, Milton Friedman's method for saving the whale is to leave it >> to the free market, if people want whales in the oceans they won't >> buy whale meat. [...] >Dr. Phill Hallam-Baker, PhD, however, does not understand economics in >spite of his PhD and thus attributes views to free market economists >that they do not hold, as in his whole cloth synthesis of a viewpoint >which he ascribed to Milton Friedman which Milton Friedman would never >in a million years espouse. Oh, come on now, Perry - while Friedman has more sense than that, you've been around the Libertarian party long enough to know people who call themselves free-market environmentalists who contend that whales will be best protected if they're owned property, that do-gooder environmentalists will be free to outbid Sushi Inc.* for them, and that initial ownership of the whales ought to be decided by the traditional initial land-ownership method of homesteading. Personally, I view this as rent-seeking by folks who ought to let the whales own themselves, and think they've got as little understanding of free-market environmentalism as the government bureaucrats who massively subsidize the logging of US National Forests, but they _are_ there. [*A wholly owned subsidiary of Taco Bell, but with digicash** and anonymous stock ownership, On the Internet, nobody knows that all restaurants are Taco Bell.] [**Ineffective attempt to pretend some relevance to cypherpunks...] # Thanks; Bill # Bill Stewart +1-415-442-2215 stewarts at ix.netcom.com # http://www.idiom.com/~wcs # Dispel Authority! From loki at obscura.com Sat Jun 8 04:27:47 1996 From: loki at obscura.com (Lance Cottrell) Date: Sat, 8 Jun 1996 19:27:47 +0800 Subject: Multiple Remailers at a site? Message-ID: At 12:16 PM 6/6/96, Scott Brickner wrote: >The discussion was about multiple remailers from multiple accounts on >the same machine. The very existence of the remailer, independent of >issues like shuffling and chaining, is supposed to eliminate >identifying the originator by the content of the message. Message >shuffling, delays, and chaining are entirely for the purpose of >reducing the information available to the traffic analyst. If several >remailers are running on the same machine, they may be treated as if >there were only one remailer, for the purpose of traffic analysis. >Getting more traffic going through them just makes the analysts job >easier, because his statistical conclusions are stronger. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ I don't think I am following you. My messages are a constant size signal (I send N messages through the remailer). More traffic increases the background signal and background noise. While the signal to noise of the background gets better, the actual amount of noise went up so the ratio of MY signal to the background noise went down. Perhaps I don't understand what you are saying. I think multiple remailers on a machine are less effective than a single remailer with the combined traffic of all the individual remailers, because the combined remailer does better reordering from a larger pool. If the remailer chain contains just two or more uncompromised hops (not necessarily consecutive) I suspect an attacker will be forced to treat the remailer bramble as a single object. This attack is based on time correlations of messages sent and received. In this case background traffic is good because of the large number of false correlations it generates. However, it is stunning how few messages it takes to make the correlation stand out. The defense against this attack is to ensure that you send and receive enough remailer mail to correlate with all other users for all messages. Producing cover traffic, some of which returns to you, and some of which is bit bucketed also ensures that it will not be known when you receive a real message (as opposed to one of your own). Obviously this is best done when you are a remailer operator yourself. -Lance (who will now dismount the soap box) ---------------------------------------------------------- Lance Cottrell loki at obscura.com PGP 2.6 key available by finger or server. Mixmaster, the next generation remailer, is now available! http://www.obscura.com/~loki/Welcome.html or FTP to obscura.com "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ---------------------------------------------------------- From rah at shipwright.com Sat Jun 8 06:33:11 1996 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 8 Jun 1996 21:33:11 +0800 Subject: Neologism: "crackerbox" In-Reply-To: <199606080749.AAA26078@toad.com> Message-ID: I think we have another winner, folks! At 3:47 AM -0400 6/8/96, Bill Stewart wrote: > It's probably close enough for anti-government work; the relative strength > depends a lot on whether you're using general-purpose computers or > custom crackerboxes, and on the state of the art in factoring technologies. ^^^^^^^^^^^^ I *like* it! Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "If they could 'just pass a few more laws', we would all be criminals." --Vinnie Moscaritolo The e$ Home Page: http://www.vmeng.com/rah/ From Stef=buyinfo at nma.com Sat Jun 8 08:58:03 1996 From: Stef=buyinfo at nma.com (Einar Stefferud) Date: Sat, 8 Jun 1996 23:58:03 +0800 Subject: Micropayments: myth? In-Reply-To: <199606072058.NAA05291@netcom3.netcom.com> Message-ID: <27817.834218804@odin.nma.com> Yo are assuming away facts that some of us cannot assume away. >From your message Fri, 07 Jun 96 13:58:53 -0700: } }> }>> the wallet action will always }>> be tied with some other action. the user picks up the phone to dial }>> somewhere, and it says, "that will be .3c-- will you pay"? he says }>> yes. }> }> How will you know the cost is .3c a priori? }>What's to stop me from saying yes to the .3c and staying on the line }>forever? } }I don't understand why this micropayment thing is being thought }so complicated. } }I am making some simple assumptions that seem to not be obviously }apparent, apparently. } Specifically, you assume that no one will want to audit and check up on micro-charges that accumulate nto bills. Like my phone bill with 5 pages of 2-5 cent toll calls. I really don't want to analyze all that, but I also don't trust the phone company to always present me with an accurate bill. So, I would rather deal with the accumulation schem by paying a fixed fee for a service that does not send me all that deatil that I cannot use or analyze. To use it I would have to keep a log, with the times of all calls to compare. Now, you want to move this kind of charging to some service I do not trust as much as I trust the phone company, and send me a bill for an accumulation of charges without supporting detail. Thsi might be OK for small amounts, but what about a large company where these undocumented microcharges add up to say, $200,000/year? How do we know that someone is not simply padding the bill? All we need is for the billing system to slip in an occasional bogus charge the looks for all the world like any other microcharge. You know, like the bank employee case where someone accumulates the round-up transaction adjustments to an account and ships the money to Switzerland. This is what you are omitting in your assumptions... I just don't believe the world is going to be so trusting....\Stef From jya at pipeline.com Sat Jun 8 09:45:37 1996 From: jya at pipeline.com (John Young) Date: Sun, 9 Jun 1996 00:45:37 +0800 Subject: BIO_nfo Message-ID: <199606081353.NAA20540@pipe3.t2.usa.pipeline.com> A biocryptoanarchy link to Adleman's DNA work? 6-8-96. FiTi: "Bioinformatics: the jobs of the future." One of the biggest manpower shortages today is in bioinformatics, the area in which biology meets computer science. Biology is becoming a data-intensive science, in the same way that physics did almost 50 years ago when it became clear that computers would be needed not only to store information but also to process it. There's a great shortage of people, partly because a lot of organisations are simultaneously seeing the need for bioinformatics and partly because the skills required are changing so fast: + Search and analysis, including new mathematical techniques for finding patterns in data; + Knowledge management, including ways to integrate information from different databases; + Mapping and genomics, including approaches to identifying the genetic components of complex traits; + Sequence/structure/function including rapid methods to predict the biological function of a gene from its DNA. The mainstream computer and information technology companies are only just beginning to take an interest in bioinformatics. "There's a huge vacuum there." For an undergraduate scientist searching for a field in which to specialise, there are no better job prospects than bioinformatics or - cheminformatics. BIO_nfo From dlv at bwalk.dm.com Sat Jun 8 11:03:35 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 9 Jun 1996 02:03:35 +0800 Subject: RFD: Time to kick some anti-scientologist ass? Message-ID: I haven't been paying a lot of attention to the Church of $cientology wars until recently. Here's an executive summary for those who don't give a damn. 1. There's a gang of flamers (David Gerard, Jon Noring, Ron Newman, Rob J. Nauta, and the like) who try to stop $cientologists from discussing their religion on the Usenet newsgroup alt.religion.scientology. Most of them are disgruntled former cult members and/or members of other similar cults. 2. The anti-scientologists have caused many cypherpunks anonymous remailers to shut down via their egotistical misuse of them, viz. criminally posting copyrighted Co$ writings to Usenet. They did it knowing that the Co$ is likely to harrass the remailer operators, causing them to shut down and depriving everyone of their services. 3. These harrassers are Usenet Cabal supporters, and they are sometimes joined by initerant cabal enforcers such as Peter Vorobieff, who visit a.r.s to lend a helping hand and to flame Co$. 4. Recently the anti-scientologists have asked me for a copy of my cancelbot, and have been using it to forge cancels for scientologist posts on a.r.s. Here's a typical anti-scientologist Usenet article lauding content-based forged cancels: ]Path: ...!newsfeed.internetmci.com!howland.reston.ans.net!nntp.coast.net!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!news.unimelb.EDU.AU!munnari.OZ.AU!news.mel.connect.com.au!news.mel.aone.net.au!fun ]From: fun%/etc/HOSTNAME (David Gerard) ]Newsgroups: alt.religion.scientology,alt.religion.scientology.xenu ]Subject: Re: Cancel Summary ]Followup-To: alt.religion.scientology,alt.religion.scientology.xenu ]Date: 5 Jun 1996 20:51:37 GMT ]Organization: Expert Marcabian Spam-Dodgers of the Universe ]Lines: 28 ]Message-ID: <4p4s0p$h06 at news.mel.aone.net.au> ]References: <31b194aa.599605 at news.clark.net> ]Reply-To: fun at suburbia.net ]NNTP-Posting-Host: athene.glasswings.com.au ]X-Newsreader: TIN [version 1.2 PL2] ] ]StarOwl (starowl at triskele.com) wrote: ]: On 1 Jun 1996 22:43:05 -0400, Lazarus wrote: ] ]: >Thu May 30 00:48:49 EDT 1996 Lazarus V2.3 ]: >lightlink.com/var/spool/news/control/1456170 ]: >Article: 170077 ]: >From: info at triskele.com (ARSE INFO SERVICEl) ]: >Date: Sun, 26 May 1996 13:22:08 GMT ]: >Subject: Bryan Wilson - In Conclusion. ]: > Message-ID: <31a857ae.664540 at news.clark.net> ]: >Control: cancel <31a857ae.664540 at news.clark.net> ] ]: Great. Even the parodies of spam get canceled. :-/ ] ] ]Well. This is actually GOOD NEWS. Because what it means is that there is at ]least one spam cancelbot on the case, as is eminently a wonderful idea for ]getting the hell RID of this shit ... in an entirely accepted and acceptable ]Usenet manner. ] ]If you can find the cancel, you can ask whoever zapped it to ]repost it I suppose, in such a way as to evade the cancelbot. ] ]Now what we need is MORE spam cancelbots on this material. ] ] ]-- ]http://suburbia.net/~fun/scn/ -- if it doesn't work for you, email me. From lharrison at mhv.net Sat Jun 8 11:37:37 1996 From: lharrison at mhv.net (Lynne L. Harrison) Date: Sun, 9 Jun 1996 02:37:37 +0800 Subject: Is the alpha.c2.org 'Nymserver Down? Message-ID: <9606081544.AA07498@mhv.net> At 09:39 PM 6/7/96 -0700, anonymous wrote: >My 'nym seems to be broken again, and I've heard other reports that >the alpha.c2.org 'nymserver is down. Yet, Raph's ping list seem to >indicate it's healthy: > >remailer email address history latency uptime >----------------------------------------------------------------------- >alpha alias at alpha.c2.org +-++**++-++* 49:22 99.66% > >What's the story? FWIW, I just pinged Host: alpha.c2.org - 64 bytes received, icmp _seq 1, time=384 ms --- Round-trip (ms) min/avg/max = 384/384/384 --- I, however, have also heard that the remailer alias at alpha.c2.org has down for a few days. Regards - Lynne ************************************************************* Lynne L. Harrison, Esq. | "The key to life: Poughkeepsie, New York | - Get up; lharrison at mhv.net | - Survive; http://www.dueprocess.com | - Go to bed." ************************************************************* DISCLAIMER: The above discussion is **NOT** to be construed as legal advice. Proper protection of your legal rights may require consultation with an attorney in a traditional setting. From nobody at REPLAY.COM Sat Jun 8 11:52:37 1996 From: nobody at REPLAY.COM (Anonymous) Date: Sun, 9 Jun 1996 02:52:37 +0800 Subject: No Subject Message-ID: <199606081538.RAA19160@basement.replay.com> Russ of nelson at crynwr.com apparently writes: :"Well, you aren't being :carried off in the middle of the night by death squads, so I'm :not going to waste my time on you when I could help other people :in danger of death." I'm not prepared to argue against that :judgement. I am. Russ, this rant is not directed at you. I'm just weary of the Bell-bashing. Perhaps the reason that our society has evolved to the point of not having to fear deathsquads is because of assholes like Bell who keep prodding us to expand the limits of personal liberty and free speech by their rantings. He makes me think; sometimes the unthinkable, and gives me the opportunity to _reject_ his ideas. Each time I suggest that someone goes *a little too far,* I draw in the circle of my own protected speech a bit more. *My God, he can't say that!" He _may_ be an adult who knows and accepts the possible consequences of his speech. Notice the chilling effect on virtually any discussion when the threat of legal action is suggested. There's the danger. Read the entire quote by Donne. *...any man's death diminishes me, because I am involved in mankind;...* By protecting Bell's right to speak what he thinks, we serve as an example to the rest of the world of what personal freedom really means. *Those crazy Americans* Bell gives me the opportunity to say that his pronouncements are antithetical to the best interests of the _inhabitants_ of this nation, not simply the government itself. Thank you, Jim. From declan+ at CMU.EDU Sat Jun 8 12:29:46 1996 From: declan+ at CMU.EDU (Declan B. McCullagh) Date: Sun, 9 Jun 1996 03:29:46 +0800 Subject: RFD: Time to kick some anti-scientologist ass? In-Reply-To: Message-ID: <4liOMeG00YUyA52Gh9@andrew.cmu.edu> The attached summary is substantially incorrect. I know some of the "flamers" you mentioned, and their intentions are *not* to stop the Scientologists from discussing their religion. On the contrary, the Scientologists are trying to make it very difficult for anyone to *criticize* the Church of Scientology or reveal some of its more wacky teachings. For more info -- Ron Newman's web page on the Church of Scientology: http://www.cybercom.net/~rnewman/scientology/ Dave Touretzky's web page: http://www.cs.cmu.edu/~dst/Fishman/ -Declan Excerpts from internet.cypherpunks: 8-Jun-96 RFD: Time to kick some anti.. by Dr.Dimitri V. KOTM at bwalk > 1. There's a gang of flamers (David Gerard, Jon Noring, Ron Newman, Rob J. > Nauta, and the like) who try to stop $cientologists from discussing their > religion on the Usenet newsgroup alt.religion.scientology. Most of them are > disgruntled former cult members and/or members of other similar cults. > > 2. The anti-scientologists have caused many cypherpunks anonymous remailers > to shut down via their egotistical misuse of them, viz. criminally posting > copyrighted Co$ writings to Usenet. They did it knowing that the Co$ is > likely to harrass the remailer operators, causing them to shut down and > depriving everyone of their services. > > 3. These harrassers are Usenet Cabal supporters, and they are sometimes > joined by initerant cabal enforcers such as Peter Vorobieff, who visit a.r.s > to lend a helping hand and to flame Co$. > > 4. Recently the anti-scientologists have asked me for a copy of my cancelbot, > and have been using it to forge cancels for scientologist posts on a.r.s. From hal at alfred.sims.berkeley.edu Sat Jun 8 12:37:58 1996 From: hal at alfred.sims.berkeley.edu (Hal Varian) Date: Sun, 9 Jun 1996 03:37:58 +0800 Subject: Micropayments: myth? In-Reply-To: <199606060257.TAA16018@netcom.netcom.com> Message-ID: On Wed, 5 Jun 1996, Nick Szabo wrote: > > Some electronic commerce projects promise dramatically lower transaction > costs, so that we can achieve "micropayments", "microintermediation", > and so forth. Is this achievable? > Well let me chip in on this. First, my Web site at http://www.sims.berkeley.edu/resources/infoecon/Commerce.html has links to lots of the relevant resources. I think that there are really two accounting models that are being discussed. One is centralized accounting, a la the phone company. The other is what I call "distributed accounting". Models for distributed accounting are postage stamps/meters, and cash. In the distributed accounting model, individuals get tokens (stamps, coins, dollars, BART cards, phone cards, etc.) and keep track of their own usage. This form of accounting is ideally suited to micropayments. You may lose your BART card, or your dollars, but that risk is borne by the user. As Stefan pointed out, micropayments can add up in a big organization. But in the distributed accounting case, it is the organization's responsibilty for managing these payments. Indeed, most organizations have strict policies about petty cash, postage stamps, etc for just this reason. Centralized accounting is much more open-ended. Here the risk of non-payment is often partially borne by the provider and partially by the user. This form of payment is typically used for repeated purchases where reputation/credit-worthiness plays a big role. Hal Varian, Dean voice: 510-642-9980 SIMS, 102 South Hall fax: 510-642-5814 University of California hal at sims.berkeley.edu Berkeley, CA 94720-4600 http://www.sims.berkeley.edu/~hal From dlv at bwalk.dm.com Sat Jun 8 13:53:54 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 9 Jun 1996 04:53:54 +0800 Subject: RFD: Time to kick some anti-scientologist ass? In-Reply-To: <4liOMeG00YUyA52Gh9@andrew.cmu.edu> Message-ID: "Declan B. McCullagh" writes: > The attached summary is substantially incorrect. You mean, the anti-scientologists aren't massively forging cancels for scientologits' posts on alt.religion.scientology using my cancelbot? Or the anti-scientologists haven't caused most of the problems cypherpunks remailers face through posting CO$ copyrighted material through them? > I know some of the > "flamers" you mentioned, My condolences. > and their intentions are *not* to stop the > Scientologists from discussing their religion. Then how come anyone who posts to a.r.s in support of the cult gets harrassed by your acquaintances (flamed, mailbombed, etc)? (Note: I'm not a Co$ affiliate and have exactly as much disdain for it as for any other cult.) --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From alano at teleport.com Sat Jun 8 14:20:31 1996 From: alano at teleport.com (Alan Olsen) Date: Sun, 9 Jun 1996 05:20:31 +0800 Subject: Neologism: "crackerbox" Message-ID: <2.2.32.19960608174620.00cb4094@mail.teleport.com> At 06:43 AM 6/8/96 -0400, Robert Hettinga wrote: >I think we have another winner, folks! > >At 3:47 AM -0400 6/8/96, Bill Stewart wrote: >> It's probably close enough for anti-government work; the relative strength >> depends a lot on whether you're using general-purpose computers or >> custom crackerboxes, and on the state of the art in factoring technologies. > ^^^^^^^^^^^^ > >I *like* it! I am sorry, but the term "crackerbox" has been deemed derogatory to Southern Americans by the Society for the Protection of American Minorities (SPAM). You will have to apply for another neologism from the Bureau of Neologisms. This time I suggest that you remember to fill out the proper paperwork so that these problems will not occur in the future. (To speed your application, please include doubling the filing fee, the first half as a check made out to the Bureau and the other half in cash.) --- |Coors - For people who don't want to think about what they are drinking.| |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.teleport.com/~alano/ | alano at teleport.com | From perry at piermont.com Sat Jun 8 14:21:32 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 9 Jun 1996 05:21:32 +0800 Subject: "qut" In-Reply-To: <199606080730.AAA24004@netcom13.netcom.com> Message-ID: <199606081750.NAA21341@jekyll.piermont.com> "qut" the imbecile writes: > REAL crypto-anarchists, of course, want the > destruction of copyrights, trademarks, and > other weapons of capitali$m, and will > implement crypto-anonymonity to proceed > forthwith. No one speaks for all anarchists, or even anyone other than themselves. I realize that you are trolling, but, speaking for me, you're a fruitcake. .pm From perry at piermont.com Sat Jun 8 14:25:19 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 9 Jun 1996 05:25:19 +0800 Subject: [NOISE] Buying whales with digicash Re: Anonymous stock trades. In-Reply-To: <199606080829.EAA22187@linet02.li.net> Message-ID: <199606081754.NAA21353@jekyll.piermont.com> Bill Stewart writes: > Oh, come on now, Perry - while Friedman has more sense than that, > you've been around the Libertarian party long enough to know people > who call themselves free-market environmentalists who contend that whales > will be best protected if they're owned property, Sure, but Dr. Phill Hallam-Baker, D.Phil., was contending that Friedman said the free market solution was for people to voluntarily stop buying whale meat -- he wasn't even contending that Friedman said the whales should be owned. Dr. Phill Hallam-Baker, D.Phil., presented a portrait of Friedman that is so totally out of line with even the most fuzzy headed free market types that it is almost impossible to believe that he said anything of the sort. Perry From alanh at infi.net Sat Jun 8 14:55:59 1996 From: alanh at infi.net (Alan Horowitz) Date: Sun, 9 Jun 1996 05:55:59 +0800 Subject: Thank you for the Archives 100 messages In-Reply-To: <199606080730.AAA24004@netcom13.netcom.com> Message-ID: > REAL crypto-anarchists, Like the folks who brought us Tiannemen Square? > of course, want the > destruction of copyrights, trademarks, and > other weapons of capitali$m, and will > Kill your Television Threw mine out in 1987. There's more people who don't have indoor bathrooms, than don't have a TV. (source: 1990 Bureau of the Census). I'm in a pretty elite group. From alanh at infi.net Sat Jun 8 14:57:57 1996 From: alanh at infi.net (Alan Horowitz) Date: Sun, 9 Jun 1996 05:57:57 +0800 Subject: Internet solution for law enforcement In-Reply-To: Message-ID: It appears that someone has figured out that medium-sized jurisdictions don't want to be left out of the trendiness. And has put together a product that can be peddled at the trade shows where Police Chiefs go. I recall reading that there's something like 25,000 different police departments in America. It's a sizeable market. And a very politically correct one, right now. Do these managers _need_ this stuff? Well, did they _need_ all those black-ninja hollywood flavored SWAT uniforms? Now, if they could just get a few more PC-of-the-month phraseologies into the title of their product, they'd sell twice as many. Start with "anti-deadbeat-dad software", maybe. "Pro Diversity". "Environmentally Friendly Software". Is America great, or what? From hallam at Etna.ai.mit.edu Sat Jun 8 14:57:57 1996 From: hallam at Etna.ai.mit.edu (hallam at Etna.ai.mit.edu) Date: Sun, 9 Jun 1996 05:57:57 +0800 Subject: [NOISE] Buying whales with digicash Re: Anonymous stock trades. In-Reply-To: <199606081754.NAA21353@jekyll.piermont.com> Message-ID: <9606081830.AA05221@Etna.ai.mit.edu> >Sure, but Dr. Phill Hallam-Baker, D.Phil., was contending that >Friedman said the free market solution was for people to voluntarily >stop buying whale meat -- he wasn't even contending that Friedman said >the whales should be owned. Dr. Phill Hallam-Baker, D.Phil., presented >a portrait of Friedman that is so totally out of line with even the >most fuzzy headed free market types that it is almost impossible to >believe that he said anything of the sort. Perry, Apart from hero worship why do you believe that Friedman is not able to say anything ridiculous? I found the letter to be ridiculous which is why I remember it. Since you were so certain that Hess was not a staff member of the Cato institute despite being listed as such on their home page is it not just a little possible that you might be wrong in this case? Plus, to say that such an analysis would be out of line with "even the most fuzzy headed free market types" is somewhat rich. I have heard plans to eliminate all government apart from the army, privatising roads and the police. I have heard numerous claims that monopolies cannot ever exist under any circumstances unless they are created by government. I have even heard it stated that had gun ownership been more widespread in the UK the Dunblane massacre would not have occurred. Whether the teacher was expected to gun down Hamilton with the Kalashnikov she carried to school each day or whether the tots were expected to come to her aid with Smith and Westons I'm not sure. In short I don't think that there is any type of piffle that the "most fuzzy headed free market types" cannot offer. How to save the whales is a logical outcome of Friedman's thesis that markets are everything. It is unfortunately very common for great men to get megalomania and believe they have the solution to the worlds problems in one theory. The flaw in Perry's "stakeholder" theory is the same one in many academic theories. It assumes that most people are smart enough to realise their true interests. It assumes that people take a longer term look than they do. Phill From jimbell at pacifier.com Sat Jun 8 15:16:11 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 9 Jun 1996 06:16:11 +0800 Subject: Message-ID: <199606081816.LAA24268@mail.pacifier.com> At 05:38 PM 6/8/96 +0200, Anonymous wrote: >Read the entire quote by Donne. *...any man's death diminishes me, because I am involved in mankind;...* By protecting Bell's right to speak what he thinks, we serve as an example to the rest of the world of what personal freedom really means. *Those crazy Americans* > >Bell gives me the opportunity to say that his pronouncements are antithetical to the best interests of the _inhabitants_ of this nation, not simply the government itself. >Thank you, Jim. While I appreciate your...uh...appreciation, let me remind you that part of my "pronouncements" are that the current political and social system is sick. Many people around here seem to agree with this assessment. What I advocate is a comparatively simple change in the rules that could have the effect of vastly changing the way things are done. Whether these changes are in "the best interests of the inhabitants of this nation" is still an open question, and many people have agreed with me on this matter. Jim Bell jimbell at pacifier.com From strick at jihad.yak.net Sat Jun 8 15:38:31 1996 From: strick at jihad.yak.net (strick at Jihad) Date: Sun, 9 Jun 1996 06:38:31 +0800 Subject: need meeting location Message-ID: <199606081835.SAA00155@jihad.yak.net> hey, could a few of you forward me the location of the bay area meeting today .... sorry to bother you, but the ftp server seems to be down ... thanks,,,, strick at yak.net From jamesd at echeque.com Sat Jun 8 16:06:45 1996 From: jamesd at echeque.com (jamesd at echeque.com) Date: Sun, 9 Jun 1996 07:06:45 +0800 Subject: RFD: Time to kick some anti-scientologist ass? Message-ID: <199606081945.MAA04681@dns2.noc.best.net> "Declan B. McCullagh" writes: >> The attached summary is substantially incorrect. At 12:29 PM 6/8/96 EDT, Dr.Dimitri Vulis KOTM wrote: >You mean, the anti-scientologists aren't massively forging cancels >for scientologits' posts on alt.religion.scientology using my cancelbot? No: He means that the anti-scientologists are massively forging cancels of robotically generated spam produced by the scientologists in an effort to close down the alt.religion.scientology newsgroup. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From jamesd at echeque.com Sat Jun 8 16:17:48 1996 From: jamesd at echeque.com (jamesd at echeque.com) Date: Sun, 9 Jun 1996 07:17:48 +0800 Subject: NOISE: "Fascism is corporatism" Message-ID: <199606081932.MAA03833@dns2.noc.best.net> Like someone who cannot resist looking at a dreadful traffic accident, I continue to participate in this Detweiler inspired troll: At 07:09 PM 6/7/96 -0700, Rich Graves wrote: > you forget that I'm a > Certified Political Scientist. > [...] > Once they got in power, then they started developing an economic ideology. Untrue: Fascism is of course a reasonably complete, coherent, and philosophically consistent logical system, almost as coherent as marxism, and far more logical than Mill's utilitarianism. It was published and thoroughly debated well before they pursued or took power. Rich Graves's lie is a lie I frequently hear from those who well know the truth, Many of my readers will think I am excessively harsh, calling Rich Graves a liar rather than a fool, but I hear the above story (that fascism is not a coherent ideology or philosophy) primarily from those whose interests this story serves, and if they genuinely thought this story was true, they would not know that it is in their interests to push it. Therefore one may reasonably conclude that most who push this story are knowingly lying, that it is a widespread lie, not a widespread fallacy or an alternate interpretation of the truth. I mostly hear it from those whose economic ideology strongly resembles fascism, or those whose philosophy is directly descended from fascism, is in fact fascist philosophy. Rich's economic ideology does not seem to resemble fascism, so I would guess he is in the second category but not the first. Most PC folk are postmodernists, poststructuralists, deconstructionists, etc, which philosophies directly descend from fascist philosophy, and he seems to be PC, so this would explain his peculiar assertion above. Not only do such concepts as feminist science, phallocentric science, etc, strongly resemble such concepts as aryan science, jewish science, etc, but they are justified using the same arguments from the same philosophers. Indeed Heidegger was not only a philosopher of fascism, but he personally participated in Hitler's terror, terrorizing his academic colleagues, and Paul De Man of Yale University worked directly for the Nazis as a propagandist in occupied Belgium. Hence the frequent lie by those who share this monstrous philosophy, that the fascists had no philosophy. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From test921148 at alpha.c2.org Sat Jun 8 16:19:30 1996 From: test921148 at alpha.c2.org (test921148 at alpha.c2.org) Date: Sun, 9 Jun 1996 07:19:30 +0800 Subject: alpha.c2.org IS UP AND RUNNING Message-ID: <199606081930.MAA19819@infinity.c2.org> alpha.c2.org is working well. From Doug.Hughes at Eng.Auburn.EDU Sat Jun 8 16:40:48 1996 From: Doug.Hughes at Eng.Auburn.EDU (Doug Hughes) Date: Sun, 9 Jun 1996 07:40:48 +0800 Subject: In-Reply-To: <199606081816.LAA24268@mail.pacifier.com> Message-ID: >While I appreciate your...uh...appreciation, let me remind you that part of >my "pronouncements" are that the current political and social system is >sick. Many people around here seem to agree with this assessment. What I >advocate is a comparatively simple change in the rules that could have the >effect of vastly changing the way things are done. Whether these changes >are in "the best interests of the inhabitants of this nation" is still an >open question, and many people have agreed with me on this matter. > >Jim Bell >jimbell at pacifier.com > > > Hmm.... Assissination Politics: "Curing the sickness by killing the patient" ;) From nCognito at rigel.cyberpass.net Sat Jun 8 17:04:15 1996 From: nCognito at rigel.cyberpass.net (Anonymous) Date: Sun, 9 Jun 1996 08:04:15 +0800 Subject: Electronic Signatures In-Reply-To: <19960607141610.13186.qmail@ns.crynwr.com> Message-ID: <199606082036.NAA25594@rigel.infonex.com> > Michael Froomkin writes: > > > > > The law does not specify how an electronic document must be > > > > signed, but Barassi and others say it probably will mean coding the text > > > > and typed signature so they cannot be changed by anyone other than the > > > > writer. > > > > Before you get all hot under the collar, may I note that I've known > > Barassi for more than a year, and he is very technically sophisticated. > > Allow for some reporter-garble. Barassi understands digital signatures > > as well as you do. > I suppose that I'll have to trust you on this score, and hope that you're correct. Unfortunately, however, even if you are correct, it doesn't mean that the law that eventually makes it through commitee will provide any useful guidelines. But this thread has decended to noizes, so I'm out. Adios.. From drose at AZStarNet.com Sat Jun 8 17:05:02 1996 From: drose at AZStarNet.com (drose at AZStarNet.com) Date: Sun, 9 Jun 1996 08:05:02 +0800 Subject: [NOISE] Buying whales with digicash Re: Anonymous stock trades. Message-ID: <199606082022.NAA20567@web.azstarnet.com> hallam at Etna.ai.mit.edu wrote: >Whether the teacher was >expected to gun down Hamilton with the Kalashnikov she carried to school each day or >whether the tots were expected to come to her aid with Smith and Westons I'm not sure. Are Smith and Westons like Bolt .45s? -Master D.M. Rose, M.B.A (Harvard) Looks pretty foolish, doesn't it? But usually, people just call me Davve. From tcmay at got.net Sat Jun 8 17:17:25 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 9 Jun 1996 08:17:25 +0800 Subject: Whalepunks, Marginpunks, Gunpunks, Clintonpunks, and Politics Message-ID: To all the Whalepunks, Marginpunks, and Gunpunks, I've been deleting after only a brief glance the dozens of posts on these subjects (funny how some people who issue "pissograms" telling people things are "off-topic" apparently think their own long rants on off-topic subjects are just fine). However, this misstatement caught my eye: At 6:30 PM 6/8/96, hallam at Etna.ai.mit.edu wrote: >by government. I have even heard it stated that had gun ownership been >more widespread >in the UK the Dunblane massacre would not have occurred. Whether the >teacher was >expected to gun down Hamilton with the Kalashnikov she carried to school >each day or >whether the tots were expected to come to her aid with Smith and Westons >I'm not sure. >In short I don't think that there is any type of piffle that the "most >fuzzy headed free >market types" cannot offer. Some of the folks I know would point out the logical flaws in this model. First, a Smith and Wesson is not what the tots should be carrying. An MP-5K would fit nicely in their bookpacks (especially now that all yuppie kids carry de rigeur designer backpacks, though mostly for designer water). More firepower. Second, the preferred "trans-humanist" solution is much cleaner: blow up the classroom and then restore the innocents from backups. (High-tech variant: "Kill them all and let the nanotech truth machines sort them out.") My point of view is that while schools should be free of guns, adult citizens should probably have access to guns. There are, sadly, nutty people who will use nearly any available weapon to commit mayhem and mass murder. Rifles, shotguns, axes, knives... The "Luby's" cafeteria massacre in Texas several years back is a better example than the Dunblane school shooting (or the one in Tasmania, or the one in California....). There, had some of the restaurant patrons been armed, it is likely that at least one of them could have gotten off a shot. Further, many of these nutcase killers are basically cowards, according to profiles I've read, and might be fearful of sitiuations where there victims can shoot back. When they know their victims are unarmed, are sheep for the slaughterhouse, I think this causes more such "mukkings" (to use Brunner's prescient term from "Stand on Zanzibar...Christ, what an imagination he had). Remember, "Guns don't kill people, postal workers do." In general, I think Phill raises some good points about the efficiency of free markets. However, I doubt that Cypherpunks is the proper forum for debating economic theory, for various reasons. I lean strongly toward the free market side, inasmuch as I think most non-free market economies are actually just cases where the government controls the _single_ corporation they let run an industry, and thus one gets a worse situation that with the grossest excesses of capitalism. More pollution, more strip-mining, more denudation of forests, more destruction of lakes, etc. Look at the former U.S.S.R. and Eastern Europe for a glimpse of what "state capitalism" can do. However, the reason many of us don't jump in and write defenses of free markets here (and I would not have except to make my transhumanist joke--so sue me) is that this list is not "Libernet" nor any of the similar political discussion lists. Secondly, there is almost zero chance that any of us will have our views changed by such political arguments, so why bother? (I do discuss what I think are the _logical implications_ of strong cryptography and cryptoprivacy, and even the implications of crypto anarchy, and I think these issues are "on-topic" for this list. Even if one is a socialist, a fascist, a royalist, or a Wobbly, the implications remain important.) But arguing the merits of capitalism vs. socialism, for example, has rarely been fruitful in the past 10 years of the Usenet, or on mailing lists, and I doubt the debate will be more fruitful here. The same goes for debate about Clinton, Hillary, Vince Foster, Whitewater, etc. The fact that someone forwarded a Brock Meeks story in which he (apparently, as I skimmed-then-deleted the story) make negative comments about the Clintons, and then someone chimed in with points about her allegedly illegal stock trades....well, these are clearly not list topics, in my view of course. (I claim no right to set the list agenda. Nor do I accept Perry's oft-repeated claim that I am "causing" the list's decline by stating my views on this point.) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From cibir at netcom.com Sat Jun 8 17:32:58 1996 From: cibir at netcom.com (Joseph Seanor) Date: Sun, 9 Jun 1996 08:32:58 +0800 Subject: Visual Basic, C++ Programmer In-Reply-To: <01BB5460.9B743B20@ppp3> Message-ID: I am interested in talking with any people that are fluent in Visual Basic or C++, and are independtly minded. The needed programs are small programs that need to be written for a growing company. Interested people, please contact me via email at: cibir at netcom.com Thanks! Joseph Seanor CIBIR Corporation From drose at AZStarNet.com Sat Jun 8 17:33:43 1996 From: drose at AZStarNet.com (drose at AZStarNet.com) Date: Sun, 9 Jun 1996 08:33:43 +0800 Subject: Internet solution for law enforcement Message-ID: <199606082052.NAA28043@web.azstarnet.com> "Alan Horowitz" alanh at infi.net wrote: >It appears that someone has figured out that medium-sized jurisdictions >don't want to be left out of the trendiness. And has put together a >product that can be peddled at the trade shows where Police Chiefs go. > >I recall reading that there's something like 25,000 different police >departments in America. It's a sizeable market. And a very politically >correct one, right now. > >Do these managers _need_ this stuff? Well, did they _need_ all those >black-ninja hollywood flavored SWAT uniforms? > >Now, if they could just get a few more PC-of-the-month phraseologies into >the title of their product, they'd sell twice as many. Start with >"anti-deadbeat-dad software", maybe. "Pro Diversity". "Environmentally >Friendly Software". > >Is America great, or what? You bet. PC stuff is essential. Here in Tucson, the cops came up with a novel, simple, cheap, and efficacious method to determine cocaine HCl usage: Put a strip of Scotch (TM) tape across the nostrils of a suspectee/apprehendee and see if there's any toot on it. Local judges disallowed this procedure because, in the absence of a substantial presence of African-Americans in the "community" (they comprise <2% of local population), almost all of those arrested were Hispanic-surnamed Latinos. From Christian.K at t-online.de Sat Jun 8 18:05:19 1996 From: Christian.K at t-online.de (Dr. Atomic) Date: Sun, 9 Jun 1996 09:05:19 +0800 Subject: lets hack German Telekom Message-ID: Hello guys, i am from Germany and i want to ask you, if you know something about the password-encryption of the T-Online Decoder from German Telekom! I tried to crack it, but it is not easy! The password is hidden in a file called DBSERVER.INI. If someone know how to crack it or has any programms please let me know! -------------------------------------------------------------------- written by Atomic (christian.k at t-online.de) ;-) But remember! A Homepage will soon be variable, too. :-o -------------------------------------------------------------------- From hallam at Etna.ai.mit.edu Sat Jun 8 18:05:50 1996 From: hallam at Etna.ai.mit.edu (hallam at Etna.ai.mit.edu) Date: Sun, 9 Jun 1996 09:05:50 +0800 Subject: [NOISE] Buying whales with digicash Re: Anonymous stock trades. In-Reply-To: <199606082022.NAA20567@web.azstarnet.com> Message-ID: <9606082133.AA05913@Etna.ai.mit.edu> >usually, people just call me Davve. Unusual to spell Dave with two v's, were your parents also dyslexic? How about everyone holding off on the spelling flames for a while? Having discovered from Hal Finnley that you US types do not lump together derivatives based on futures when you refer to futures I think I now understand the point Perry was originaly trying to make. Yes speculating in ordinary futures, one would normally expect a return of about the same as the margin put up. Does anyone have a first hand report of the precise contracts being traded? There appear to be no details on the Web that Alta Vista has access to. Of course if Perry and his cohorts were not so keen to call people drivelling idiots we would have got to this point rather earlier. I have a habit of not valuing very highly claims from people who feel they have to resort to insults to get an argument across. Perry's mode of argument appears to be the automatic gainsaying of whatever the other person says - not too helpfull. I'm still at a loss to see why Bob thinks I have anything whatsoever to do with the Social Text people. I've never accepted any of the Derrida type stuff and have metaphysical and linguistic objections to that approach based in the theory they are alledgedly advancing. Phill From ichudov at algebra.com Sat Jun 8 18:20:02 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sun, 9 Jun 1996 09:20:02 +0800 Subject: In-Reply-To: <199606081816.LAA24268@mail.pacifier.com> Message-ID: <199606082209.RAA19856@manifold.algebra.com> jim bell wrote: > > While I appreciate your...uh...appreciation, let me remind you that part of > my "pronouncements" are that the current political and social system is > sick. Many people around here seem to agree with this assessment. What I > advocate is a comparatively simple change in the rules that could have the > effect of vastly changing the way things are done. Whether these changes > are in "the best interests of the inhabitants of this nation" is still an > open question, and many people have agreed with me on this matter. > Since corrupt officials are likely to have more anonymous cash that phreedom phighters, guess who will win. Also, think about this: lots of people have someone they'd like to assassinate but do not actually do it because of lack of anonymity and associated hassles (like dealing with assassins non-anonymously, abundance of traces, possible confession of the assassin and so on). With your assassination clearinghouse these hassles go away. I think it would present an excellent prospect for reducing the population. Maybe *that* will help the whales and trees, because of the effect on demand. - Igor. From perry at piermont.com Sat Jun 8 18:51:33 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 9 Jun 1996 09:51:33 +0800 Subject: [NOISE] Buying whales with digicash Re: Anonymous stock trades. In-Reply-To: <9606081830.AA05221@Etna.ai.mit.edu> Message-ID: <199606082240.SAA21523@jekyll.piermont.com> hallam at Etna.ai.mit.edu writes: >Apart from hero worship why do you believe that Friedman is not able to say >anything ridiculous? Because I've read vast chunks of the corpus of his writings and the comment you attribute to him sounds about as much in character as, say, Jesse Helms announcing that he's in favor of gay marriages. Its POSSIBLE that it could happen, but its not bloody likely. He's said many things that I disagree with -- his contentions about fixed rule central banking seem specious, for instance -- but I've never heard him say or write anything out of character. >Since you were so certain that Hess was not a staff member of the >Cato institute despite being listed as such on their home page He isn't. My whole point about P.J. O'Rourke should have made that point, but you just spewed inanities about telecommuting. You obviously had no idea where he worked even though I dropped the major sarcastic hint that it was Rolling Stone, and not Cato. Never mind. I suppose your sense of sarcasm is also impaired. You have contended that Hillary Clinton traded options when she traded futures. You have contended that Hillary Clinton was trading in margin when the facts were that she was trading out of margin. You have contended that Hillary Clinton was trading lots of under $20,000 when she was trading vastly larger sizes. You obviously didn't examine the situation yourself at all. However, having a doctorate in an unrelated field, you apparently believe that you are able to make pronouncements in the absense of facts. Later in your message, you accused the free market faction of being "academic". >Plus, to say that such an analysis would be out of line with "even >the most fuzzy headed free market types" is somewhat rich. I have >heard plans to eliminate all government apart from the army, >privatising roads and the police. Yes, but since you don't understand how free markets work or how free market types think you can't reason about them. Put it this way -- communists say really outrageous things, right? Well, would it be in character for a communist to go out and endorse joint stock companies as a primary mechanism for distributing factory profits? Just because someone says something you consider weird doesn't mean they aren't thinking in a systematic fashion, and doesn't mean that certain things are and are not out of character. Over and over again, however, you have betrayed a fundamental ignorance of the arguments free marketeers use. It is one thing to disagree with someone, but it is another thing to mischaracterize them. I've read lots of Marx and Lenin, but it doesn't seem like you've bothered to read the writings of even fairly mainstream economists. >I have heard numerous claims that monopolies cannot ever exist under >any circumstances unless they are created by government. I've never heard that, but I myself have made the argument that they are very rare without government intervention. Its a simple fact of the world -- if you disagree with me you are disagreeing with the historical record. I can name the real cases of monopoly that have sprung up over the decades -- Alcoa being about the best example. You probably can't name any to speak of, other than tired and fake examples like U.S. Steel. >I have even heard it stated that had gun ownership been more widespread >in the UK the Dunblane massacre would not have occurred. >Whether the teacher was expected to gun down Hamilton with the >Kalashnikov she carried to school each day Of course, thank goodness the U.K. has some of the strictest gun control in the world, since it stops these sorts of incidents. (I'll point out for Dr. Hallam-Baker's benefit that this sentence was "sarcasm".) And yes, if she'd been carrying not a Kalashnikov rifle but just a simple pistol in her pocket she might indeed have been able to shoot the guy. I realize this may come as a shock to you, but in a fire fight the winner is the guy who fires accurately first, not the guy with the longer gun. Of course, you prefer to use distortionary language (like refering to carrying a rifle) to make things look ridiculous when in fact non-silly alternatives are possible. >How to save the whales is a logical outcome of Friedman's thesis that markets >are everything. Since you are either misreporting or inventing the comments you attribute to Friedman and can neither cite the actual article nor produce quotes from it, I don't think its entirely fair for you to make claims about his position. >The flaw in Perry's "stakeholder" theory is the same one in many >academic theories. It assumes that most people are smart enough to >realise their true interests. Since in practice it always works, and since the alternatives never do, I would say that the collectivists of the world, such as yourself, are the academics here. Amazing how time after time even weak Adam Smithian analysis works just fine. Impose price controls on gasoline, and watch shortages form when supplies change, as in 1973. Remove price controls, and watch shortages disappear. Substantially lower the income tax, growth goes up. Substantially raise it, growth goes down. Make alchohol illegal, watch criminals take over the market. Make it legal again, watch the problems go away. No, Dr. Phill Hallam-Baker, D.Phil., who can't name whether Hillary Clinton traded options or futures and never examined a single trade she made but who can give us details about how those of us who looked at the thing in detail are wrong when we say her trades were impossible, it is you who is the academic high in your ivory tower with no sense of reality whatsoever. Ask all the people defecting from Cuba if they think your way is better some time. Be prepared to wipe the spit off your face. Perry From perry at piermont.com Sat Jun 8 19:32:10 1996 From: perry at piermont.com (Perry E. Metzger) Date: Sun, 9 Jun 1996 10:32:10 +0800 Subject: Whalepunks, Marginpunks, Gunpunks, Clintonpunks, and Politics In-Reply-To: Message-ID: <199606082322.TAA21596@jekyll.piermont.com> Timothy C. May writes: > In general, I think Phill raises some good points about the efficiency of > free markets. However, I doubt that Cypherpunks is the proper forum for > debating economic theory, for various reasons. [...] > However, the reason many of us don't jump in and write defenses of free > markets here (and I would not have except to make my transhumanist joke--so > sue me) is that this list is not "Libernet" nor any of the similar > political discussion lists. Am I the only person who finds this comment, in context, howlingly funny? > Secondly, there is almost zero chance that any of us will have our > views changed by such political arguments, so why bother? Mine were many years ago -- > But arguing the merits of capitalism vs. socialism, for example, has rarely > been fruitful in the past 10 years of the Usenet, And I know of other people who's ideas were changed by such discussions. A couple of them subscribe to this list. In any case, Tim, this *is* now the sewer list, the place where anything at all may be flushed by the inhabitants, partially as a result of your own lobbying against "Perrygrams" and such. I understand that many do not like the taste of their own drek, but hey, its what you asked for. Repeatedly, you stood your ground and staked your claim and said "no one will tell ME what to do", and well, you got what you wanted. Perry From mpd at netcom.com Sat Jun 8 20:06:12 1996 From: mpd at netcom.com (Mike Duvos) Date: Sun, 9 Jun 1996 11:06:12 +0800 Subject: Clam Wars In-Reply-To: Message-ID: <199606082344.QAA04566@netcom11.netcom.com> LD editorializes: > I haven't been paying a lot of attention to the Church of > $cientology wars until recently. Here's an executive > summary for those who don't give a damn. Uh huh. > 1. There's a gang of flamers (David Gerard, Jon Noring, Ron > Newman, Rob J. Nauta, and the like) who try to stop > $cientologists from discussing their religion on the Usenet > newsgroup alt.religion.scientology. Most of them are > disgruntled former cult members and/or members of other > similar cults. Actually, from my infrequent and cursory reading of a.r.s, it is my impression that the antis are discussing their own views of Scientology, not trying to prevent anyone else from discussing theirs. I would think all opinions related to Scientology would be on-topic for a.r.s., both positive and negative. > 2. The anti-scientologists have caused many cypherpunks > anonymous remailers to shut down via their egotistical > misuse of them, viz. criminally posting copyrighted Co$ > writings to Usenet. They did it knowing that the Co$ is > likely to harrass the remailer operators, causing them to > shut down and depriving everyone of their services. Well, perhaps. It certainly isn't very nice to post copyrighted works via anon remailers. At least not more than constitutes "fair use" for the purpose of critical review (or hilarious laughter, as the case may be). > 3. These harrassers are Usenet Cabal supporters, and they > are sometimes joined by initerant cabal enforcers such as > Peter Vorobieff, who visit a.r.s to lend a helping hand and > to flame Co$. Nothing wrong here. Flames are the thread from which the fabric of Usenet is woven. > 4. Recently the anti-scientologists have asked me for a > copy of my cancelbot, and have been using it to forge > cancels for scientologist posts on a.r.s. It should be noted that said Scientologist posts consist of thousands of distinct little snippets from the Scientologist Handbook and other similar tracts, posted as separate articles from multiple accounts simultaneously. This is clearly an attempt to flood everything else off servers while staying clear of the current definitions of Spam and Velveeta. While Usenet tends to frown on content-based cancels, I find it difficult to understand why the cancellation of thousands of gratuitous posts duplicated amongst a large number of accounts should be considered "content-based." Does participation in a.r.s. ever legitimately require this level of posting? It shouldn't be too difficult to find non-content-based criteria for cancelling this crap. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd at netcom.com $ via Finger. $ From hfinney at shell.portal.com Sat Jun 8 20:14:24 1996 From: hfinney at shell.portal.com (Hal) Date: Sun, 9 Jun 1996 11:14:24 +0800 Subject: Anonymous return addresses Message-ID: <199606082329.QAA14538@jobe.shell.portal.com> Browsing through the 1995 IEEE Symposium on Security and Privacy proceedings at the library, I found two articles of interest here. The first, "Preserving Privacy in a Network of Mobile Computers", is really a method for anonymously receiving mail via reading it from a large database such that no one knows which part you are reading. This is a topic which we discussed here at some length a year or two ago, but I think this article has a new idea about it which I will discuss below. The other one was "Holding Intruders Accountable on the Internet" and it had one strange comment. Basically it was about a way of trying to track down cracker types who break into systems. One strategy these people use is to log into a whole series of insecure hosts, one after the other, before attacking their target. Then tracing back where they came from is very difficult. Cliff Stoll's "The Cuckoo's Egg" is the classic account of how hard it is to trace these people. Probably the new books about Mitnick talk about the same thing. The idea in this article is that you monitor the whole net and track all the rlogin and telnet traffic between pairs of hosts. Then they describe a statistical technique for determining that two different telnet sessions are chained together by recognizing the same patterns of traffic on them. Basically they count the frequency of spaces and punctuation marks on minute-long time slices and try to correlate them. This way you can tell that the intruder attacking here is also using these other hosts over there, and try to track him down that way. I don't think this is very practical, and I have mixed feelings about the technology - I don't favor breakins, but the kinds of surveillance that would be necessary to implement their technique seem very threatening. Also they do mention the obvious countermeasure of using encryption at each stage, which would be easy with such things as the secure remote shell programs around now. The interesting comment came when they were discussing an alternative scheme, which would be to have all hosts keep track of their incoming and outgoing connections: "The difficulty with all such host-based tracing systems is that, when an extended connection crosses a host which is not running the system, accountability is altogether lost at that point.... Even if most hosts could be secured, the intruder community could easily maintain a set of machines to launder connections, just as they maintain anonymous remailers." So apparently in the view of these authors anonymous remailers are maintained by "the intruder community." It is unfortunate that we have this image among some member of the larger community. BTW, there are periodic suggestions here to run general-purpose connection redirectors, but people should be aware of the problem that cracker types would seize on these as another shield for their crimes. These would have to be limited to specific uses, such as port 80 which is the http port and which hopefully can't easily be used for attacks. In any case, let me describe the message-receipt idea from the other paper I mentioned above, which is by David A. Cooper and Kenneth P. Birman of Cornell. They have a few ideas, among them exchanging message labels for the next message in an ongoing conversation, so that later messages don't have any identifying information on them, but just opaque message labels which can be scanned for matches to those of interest. This is a concept we have discussed before. However you still have the problem at least for the first message to an anonymous recipient of getting it to him anonymously even though the message says what pseudonym it is for. A simple idea is to put all such messages into a database and to let everyone scan the message headers to see whom they are for. Then when they see one for them they download, decrypt, and read it. For more security, let the database machine be trusted, and let the download request and response be sent encrypted. Now only the database machine knows which person asked for which message. This provides a level of security analogous to sending through a single remailer. (Another idea is to download all messages, but that is generally infeasable if there are a lot of people using the system.) The new idea is to use multiple databases to get security similar to using multiple remailers. I'll describe it using two machines. Each holds a database of messages, and the two databases are exactly alike. Some mechanism keeps the two synchronized. Furthermore, all the messages need to be the same size. There will need to be some padding and fragmentation/assembly mechanism to arrange for this. Someone who wants to receive some mail anonymously first downloads all the message headers as before, and determines which messages are for them. Suppose just one is, and it is message number 20 out of a database of, say, 50 messages. Now what the reader does is to choose a random 50 bit number (where 50 is the total number of messages in the database). He makes a copy of this number, and toggles bit 20 in one of them (20 is the message he wants to receive). Then he sends one number to one of the database servers, and the other to the other server. Each one receives a random-looking 50 bit number. What each server does is to take the messages from the database which correspondo to 1 bits in the 50 bit number, and XOR all those messages together, byte for byte. The resulting output will be the same size as a quantized message. It is sent, encrypted, back to the requestor. Now all he does is to XOR the two messages he got back from the servers. All of them will cancel out except for message 20, which is the one he wants. This can be generalized to more than two servers, by creating multiple bit strings and arranging so that the XOR of all of them will just leave the bit set for the message he wants. If he wants more than one message the protocol has to be repeated separately for each message. There is no large amount of traffic needed, as each server only sends an amount of data equal to one message. The individual servers do not get any information about which message the requestor wants (other than that it is one of the 50). Only by colluding and XOR'ing their bit strings can they figure that out. The same kind of collusion is needed to trace a sent message using two remailers, so the security is similar to what we get sending messages. Messages would have a finite lifetime and would expire and be removed from the database after a while. The authors propose breaking the database up into batches with a fixed number of messages, but I don't fully follow the reasoning behind this. I guess it reduces the load on the server when it does its XOR's. I'm not sure whether this particular scheme was proposed when we discussed this concept in the past, but it does seem like an interesting alternative way to receive messages. Hal From nobody at c2.org Sat Jun 8 20:20:00 1996 From: nobody at c2.org (Anonymous User) Date: Sun, 9 Jun 1996 11:20:00 +0800 Subject: NSA/CIA to snoop INSIDE the U.S.??? Message-ID: <199606090005.RAA17235@infinity.c2.org> : This is a fucking big story. : Allowing the CIA and NSA to snoop domestically, and using only a handful of : suspicions and anecdotes about cybernastiness and evil cryptohackers to : justify this major policy shift -- well, it's fucking amazing. : Nunn's proposal, unfortunately, was more than a "suggestion." This is very serious. Why has there not been more discussion about this on the list? How close/far is this from becoming law? If they are now trying to make it legal for the CIA and NSA to snoop inside the US I would guess that it's happening already. Remember wiretaps? Do it now and they will make it legal later. From jimbell at pacifier.com Sat Jun 8 21:00:44 1996 From: jimbell at pacifier.com (jim bell) Date: Sun, 9 Jun 1996 12:00:44 +0800 Subject: Message-ID: <199606090006.RAA05123@mail.pacifier.com> At 05:09 PM 6/8/96 -0500, Igor Chudov @ home wrote: >jim bell wrote: >> >> While I appreciate your...uh...appreciation, let me remind you that part of >> my "pronouncements" are that the current political and social system is >> sick. Many people around here seem to agree with this assessment. What I >> advocate is a comparatively simple change in the rules that could have the >> effect of vastly changing the way things are done. Whether these changes >> are in "the best interests of the inhabitants of this nation" is still an >> open question, and many people have agreed with me on this matter. >> > >Since corrupt officials are likely to have more anonymous cash that >phreedom phighters, guess who will win. The people, that's who. The reason is that while "corrupt officials" may have more money, per person, that ordinary citizens, there are FAR more ordinary citizens than officials. Further, these corrupt officials only have more money because they rob it from ordinary citizens, which means that they start out the game hated by the public. Finally, officials are, by definition, identified or identifiable, while disaffected citizens are not. Jim Bell jimbell at pacifier.com From rah at shipwright.com Sat Jun 8 21:01:45 1996 From: rah at shipwright.com (Robert Hettinga) Date: Sun, 9 Jun 1996 12:01:45 +0800 Subject: Elementrix Snake Oil Spam... Message-ID: Was it just me, or did others on this list get three whopping MS Word docs sent to them from the POTP snake-oil folks? Came from one Charles W. Morgan, , of "Outcomes 2000, Inc.", whoever *that* is... Probably somebody trying to give the Albuquerque Spam King a run for his money, I bet. Feh! Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "If they could 'just pass a few more laws', we would all be criminals." --Vinnie Moscaritolo The e$ Home Page: http://www.vmeng.com/rah/ From ichudov at algebra.com Sat Jun 8 21:16:41 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sun, 9 Jun 1996 12:16:41 +0800 Subject: In-Reply-To: <199606090006.RAA05123@mail.pacifier.com> Message-ID: <199606090034.TAA20636@manifold.algebra.com> jim bell wrote: > At 05:09 PM 6/8/96 -0500, Igor Chudov @ home wrote: > > > >Since corrupt officials are likely to have more anonymous cash that > >phreedom phighters, guess who will win. > > The people, that's who. The reason is that while "corrupt officials" may > have more money, per person, that ordinary citizens, there are FAR more > ordinary citizens than officials. Further, these corrupt officials only > have more money because they rob it from ordinary citizens, which means that > they start out the game hated by the public. You haven't seen _real_ corrupt officials. :) - Igor. From nobody at REPLAY.COM Sat Jun 8 22:43:19 1996 From: nobody at REPLAY.COM (Anonymous) Date: Sun, 9 Jun 1996 13:43:19 +0800 Subject: Anti-Scientologists Message-ID: <199606090245.EAA05922@basement.replay.com> >1. There's a gang of flamers (David Gerard, Jon Noring, Ron Newman, Rob J. >Nauta, and the like) who try to stop $cientologists from discussing their >religion on the Usenet newsgroup alt.religion.scientology. Most of them are >disgruntled former cult members and/or members of other similar cults. Untruth #1. Aside from the "religion" red herring you tossed in (it's a cult), the critics expose the lies, doubletalk and inconsistencies posted by cult apologists. (It should be noted that these people aren't generally "just another satisfied Scientologist," but are cult employees who are carefully vetted to distribute propaaganda without ever answering critics' questions.) [snip] >3. These harrassers are Usenet Cabal supporters, and they are sometimes >joined by initerant cabal enforcers such as Peter Vorobieff, who visit a.r.s >to lend a helping hand and to flame Co$. So what's your point? Besides, there is no Cabal fnord. :-) >4. Recently the anti-scientologists have asked me for a copy of my cancelbot, >and have been using it to forge cancels for scientologist posts on a.r.s. Untruth #2. Articles canceled from a.r.s. have been multiple postings of standard Scientology tracts (over 10,000 in all, so my newsreader says), spread out over various alleged users. These aren't intended to promote discussion -- they're intended to bury the newsgroup in noise. Apparently being selected Kook of the Month causes disturbances in one's ability to distinguish the correct from the incorrect. (Or is that how one gets the award in the first place?) From markm at voicenet.com Sat Jun 8 22:44:34 1996 From: markm at voicenet.com (Mark M.) Date: Sun, 9 Jun 1996 13:44:34 +0800 Subject: Rabin patented? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Is Rabin encryption patented? I have never heard of any patent covering Rabin encryption, but I have also heard that Diffie-Hellman will be the first PK algorithm that is patent-free when the patent expires in '97. I know that until recently, ElGamal was considered to be covered under the DH patent. I wonder if the same is also true for Rabin. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm at voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "In Christianity neither morality nor religion come into contact with reality at any point." -- Friedrich Nietzsche -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMbozMrZc+sv5siulAQH2ugP8C0ymdTJJLUa9NQxj7ahkcGD/u0tFZWfN DtMDRm08b0aupADNgDntn7ZHAZKXo5RRAClLfvB3Z/gIGMbqAQKFMItSN7CbJ4k1 osY2enhnrDN840LH0jQmC/dS0MjVWh5CaC3R9SqHqhiu5S5oZUP4fAJhIyDMcQuo VLGUQzLZVxs= =P3wZ -----END PGP SIGNATURE----- From hallam at Etna.ai.mit.edu Sat Jun 8 23:29:23 1996 From: hallam at Etna.ai.mit.edu (hallam at Etna.ai.mit.edu) Date: Sun, 9 Jun 1996 14:29:23 +0800 Subject: [NOISE] Buying whales with digicash Re: Anonymous stock trades. In-Reply-To: <199606082240.SAA21523@jekyll.piermont.com> Message-ID: <9606090229.AA06296@Etna.ai.mit.edu> >>Since you were so certain that Hess was not a staff member of the >>Cato institute despite being listed as such on their home page >He isn't. My whole point about P.J. O'Rourke should have made that >point, Perry, one last time: The POINT is that you CORRECTED me in saying Hess was a Cato Institute staff member when the Cato Institute THEMSELVES list him as a staff member. Your correction was ILL INFORMED and WRONG to continue to present this as an example of my being in error is somewhat stupid. It wouldn't be so bad Perry but you can't resist calling someone an imbecile when they say something you disagree with. I may occasionaly post without checking my facts but I don't call someone a fool without checking my facts. When Perry mentioned Hess I did a search on Alta-Vista, found his work at the Cato Institute and read it. Unfortunately that search produced hits for the father as well as the son but the papers were all by the son. P.J. O' Rourke is also listed as a Cato staff member. So to describe him as such would NOT be inaccurate. It might not be the best way to describe O'Rourke but it would not be an incorrect way. If you happen to know that the Cato institute is lying then thats another matter. Its not unknown for lobby groups to fill out their staff lists with bogus placemen but if O'Rourke isn't happy about being called a Staff member of Cato presumably his lawyers would be issuing letters. Certainly I would not call someone a fool for believing the Insititute of Historical Review when they falsely claim that A.J.P.Taylor was a supporter of their position. I might correct them and point out that the IHR was lying but I would not >>I have heard numerous claims that monopolies cannot ever exist under >>any circumstances unless they are created by government. > >I've never heard that, but I myself have made the argument that they >are very rare without government intervention. Its not a debate that I think its worth having with you and its a pointless debate in any case. There is no large company in the world which does not interact with government agencies and is not affected by government regulations. It is impossible to attribute cause and effect and say what would have been the case had government not been involved. The deBeers Diamond cartel was formed by Rhodes because he had the only steam pump in South Africa, not because of any governmental favours. It has continued because it is in the interests of all suppliers to maintain the false price. Granted that the current state of the diamond market may not last another twenty years it has already survived a century. Of course monopolies will be rare, by their nature there can only be one in any particular industrial sector. >Of course, thank goodness the U.K. has some of the strictest gun >control in the world, since it stops these sorts of >incidents. (I'll point out for Dr. Hallam-Baker's benefit that this >sentence was "sarcasm".) Actually it turns out that they are not all that tight after all. But don't worry, this is being fixed. >And yes, if she'd been carrying not a Kalashnikov rifle but just a >simple pistol in her pocket she might indeed have been able to shoot >the guy. I realize this may come as a shock to you, but in a fire >fight the winner is the guy who fires accurately first, not the guy >with the longer gun. Is it just me or is the idea that teachers should be armed with lethal weapons somewhat a silly one. For a start the number of teachers who crack and plug a youngster being a pain would probably be higher than the current number of schools masacres. Secondly it may be just me but I suspect that Hamilton would have been the person to shoot first in the Dunblane trajedy. >Since you are either misreporting or inventing the comments you >attribute to Friedman and can neither cite the actual article nor >produce quotes from it, I don't think its entirely fair for you to >make claims about his position. Perry, I do not carry a full archive of press clippings arround with me! I gave you the reference, you have the opportunity to look it up if you have access to an online service with archives from English papers. >Amazing how time after time even weak Adam Smithian analysis works >just fine. Impose price controls on gasoline, and watch shortages form >when supplies change, as in 1973. Perry, you are entirely neglecting the effect of a little cartel in the middle east that got together to deliberately force up the price of oil called OPEC. While nobody in the west is likely to support their action its a bit rich for you to claim that shortages resulted from domestic policy when the oil producing countries enacted a deliberate policy to force the price of oil up. From the supplier country point of view its hard to argue that the OPEC move was a bad one, it allowed them to drastically increase the value of their oil stocks. Its a pity that little of that reached the people in those countries but that is capitalism for you. >Ask all the people defecting from Cuba if they think your way is >better some time. Be prepared to wipe the spit off your face. Perry you are worse than a fool. I have never been an appologist for Castro or his self serving ideology. It is ideologues like Castro and yourself who do the real damage. By idealogue I mean someone who tries to pretend that society can be organised according to a single overarching principle which is believed in as an article of faith. Phill From cmcurtin at fahlgren.com Sun Jun 9 00:00:37 1996 From: cmcurtin at fahlgren.com (C Matthew Curtin) Date: Sun, 9 Jun 1996 15:00:37 +0800 Subject: US: Domestic Encryption Protected by US Constitution? Message-ID: <199606090326.XAA06963@goffer.ee.net> Something that has come up in my recent random thoughts... Given that the US State Department classifies strong crypto as munitions, is it possible that any laws passed outlawing the use of strong crypto among US citizens could be declared unconsitutional, in violation of the second amendment? Are there any legal precedents that apply here? Is the question purely academic (i.e., no such laws exist, no such bills are in the works, or none have been tried)? Does anyone know of any laws on the books that might be relevant to my question? -- C Matthew Curtin Chief Hacker Fahlgren, Inc. 655 Metro Pl S, Ste 700, Box 7159 Dublin OH 43017-7159 http://www.local.com/~cmcurtin/ cmcurtin at fahlgren.com PGP Mail Preferred From drose at azstarnet.com Sun Jun 9 00:15:13 1996 From: drose at azstarnet.com (drose at azstarnet.com) Date: Sun, 9 Jun 1996 15:15:13 +0800 Subject: [NOISE] Buying whales with digicash Re: Anonymous stock trades. Message-ID: <199606090200.TAA26296@web.azstarnet.com> hallam at Etna.ai.mit.edu wrote: >>usually, people just call me Davve. > >Unusual to spell Dave with two v's, were your parents also dyslexic? Er, Phill (if I may make so bold, sir--arggh, treasure ahead laddies), I'm being a tad sarcastic, Phillll. Get it? Frankly, my wanker/tosspot amigo, I am more than a bit sick of your self-professed ignorance. And your ad hominem attacks don't amount to a hill of beans. I am more than through with you. Perhaps Perry has more patience. From dlv at bwalk.dm.com Sun Jun 9 00:29:13 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 9 Jun 1996 15:29:13 +0800 Subject: In-Reply-To: <199606090034.TAA20636@manifold.algebra.com> Message-ID: ichudov at algebra.com (Igor Chudov @ home) writes: > You haven't seen _real_ corrupt officials. :) Jim - could corrupt gov't official hide behind anonymity too? E.g., a particularly obnoxious gov't regulation being issued from behind anon remailer? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sun Jun 9 00:31:16 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sun, 9 Jun 1996 15:31:16 +0800 Subject: In-Reply-To: <199606082209.RAA19856@manifold.algebra.com> Message-ID: ichudov at algebra.com (Igor Chudov @ home) writes: > > While I appreciate your...uh...appreciation, let me remind you that part of > > my "pronouncements" are that the current political and social system is > > sick. Many people around here seem to agree with this assessment. What I > > advocate is a comparatively simple change in the rules that could have the > > effect of vastly changing the way things are done. Whether these changes > > are in "the best interests of the inhabitants of this nation" is still an > > open question, and many people have agreed with me on this matter. > > > > Since corrupt officials are likely to have more anonymous cash that > phreedom phighters, guess who will win. > > Also, think about this: lots of people have someone they'd like > to assassinate but do not actually do it because of lack of anonymity > and associated hassles (like dealing with assassins non-anonymously, > abundance of traces, possible confession of the assassin and so on). > With your assassination clearinghouse these hassles go away. I think it > would present an excellent prospect for reducing the population. Igor, have you ever read novels about British life in 18th century? (I'm using this as an example because every good Russian reads them. :-) Have you noticed how exaggeratedly polite they were to each other, in comparison to Americans today? Do you know why? Because back then, every gentle person was armed and might use violence in sufficiently provoked. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From foodie at netcom.com Sun Jun 9 00:31:25 1996 From: foodie at netcom.com (Jamie Lawrence) Date: Sun, 9 Jun 1996 15:31:25 +0800 Subject: Reference Correction Re: Thank you for the Archives 100 messages Message-ID: Careful Alan; I didn't write that. That was qut at netcom.com, the latest addition to my killfile, who replied to my private email on Cypherpunks, and, rather oddly, called me a Mormon. Message in question appended. -j >> REAL crypto-anarchists, > > Like the folks who brought us Tiannemen Square? > >> of course, want the >> destruction of copyrights, trademarks, and >> other weapons of capitali$m, and will > > > > > >> Kill your Television > > Threw mine out in 1987. There's more people who don't have indoor >bathrooms, than don't have a TV. (source: 1990 Bureau of the Census). I'm >in a pretty elite group. ------------------ Return-Path: Received: (from qut at localhost) by netcom13.netcom.com (8.6.13/Netcom) id AAA24004; Sat, 8 Jun 1996 00:30:50 -0700 From: qut (Be Good) Message-Id: <199606080730.AAA24004 at netcom13.netcom.com> Subject: Re: Thank you for the Archives 100 messages To: foodie at netcom.com Date: Sat, 8 Jun 1996 00:30:50 -0700 (PDT) Cc: cypherpunks at toad.com Reply-To: foodie at netcom.com In-Reply-To: <31B91EA0.16F at netcom.com> from "Jamie Lawrence" at Jun 7, 96 10:33:09 pm X-Mailer: ELM [version 2.4 PL23] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 1582 > qut4.qut at netcom.com wrote: > > > > Apologies, but rich has deleted me from > > his mailboxes, and for a few days now, > > As I have, too, now. > > > somebody has placed a global cancel bot on > > me. I'm gonna have plenty of fun figuring > > this out. Kwow any good sniffers? > > I'm glad! If my processor/filtering software doesn't > have to deal with your garbage, that's more time I have > to spend with folks who have something to say. The only thing your type of "cypherpunk" has to say, is blather about liability, copyrights, and other capitali$t bs. REAL crypto-anarchists, of course, want the destruction of copyrights, trademarks, and other weapons of capitali$m, and will implement crypto-anonymonity to proceed forthwith. > No, I don't know of any better "sniffers" (I assume you > mean, "software that can detect a cancelbot"), as such > software is impossible to detect. Of course, unless Rich > (or whomever cares so much about a moron) has either root > on toad.com, or at least as many resources as the NSA, he > can't cancel your mail to Cypherpunks (or anywhere else). I was talking about netnews, mormon. > > I agree the list should be public usenet: > > A mail gate-way to a usenet group that > > ALSO permits unmoderated posts. This > > would be a nice way to combine a strict > > moderated mail-list, with a standard > > netnews group. > > Er, what? > > That paragraph makes absolutely no sense whatsoever. There's already hundreds of groups like that, stupid. It will be implemented, whether you like it or not. -- Kill Your Television -- The signal is the noise. ____________________________________________________________________ Jamie Lawrence mailto:jal at cyborganic.net mailto:foodie at netcom.com From jf_avon at citenet.net Sun Jun 9 00:35:27 1996 From: jf_avon at citenet.net (Jean-Francois Avon) Date: Sun, 9 Jun 1996 15:35:27 +0800 Subject: [Off-Topic] "Curfews" Message-ID: <9606090406.AA19866@cti02.citenet.net> On 8 Jun 96 at 12:40, jim bell wrote: > JFA wrote: > >I did something I always bitch at when done by others: looking at a > >situation outside of it's appropriate and complete context. > > As you can see, this is one of the big difficulties that people can > have understanding AP: Since it changes just about everything about > how a society works, you can't analyze it "easily" using your > built-up knowledge of societies. Actually, it makes one realize that society and the "collective" is nothing, that the basic building block is the individual. If you analyse the motivation of the individual, AP is not difficult to understand. > As I've said so many times before, AP is like a political Rorschach > test: Your reaction to it is strongly related to your political > philosophy. That's part of the magic. Please stay out of magic. The actual politician are enough into it. JFA DePompadour, Societe d'Importation Ltee; Limoges porcelain, silverware and crystal JFA Technologies, R&D consultants: physicists, technologists and engineers. PGP keys at: http://w3.citenet.net/users/jf_avon ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 From roy at sendai.scytale.com Sun Jun 9 00:54:26 1996 From: roy at sendai.scytale.com (Roy M. Silvernail) Date: Sun, 9 Jun 1996 15:54:26 +0800 Subject: [NOISE] Re: RFD: Time to kick some anti-scientologist ass? In-Reply-To: Message-ID: <960608.225259.7F4.rnr.w165w@sendai.scytale.com> -----BEGIN PGP SIGNED MESSAGE----- In list.cypherpunks, dlv at bwalk.dm.com writes: > Or the anti-scientologists haven't caused most of the problems cypherpunks > remailers face through posting CO$ copyrighted material through them? > (Note: I'm not a Co$ affiliate and have exactly as much disdain for it as > for any other cult.) Am I the only one whose ironometer just pegged? - -- Roy M. Silvernail [ ] roy at scytale.com PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6 Key available from pubkey at scytale.com -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMbpK3xvikii9febJAQGAgAP+PSHGQarfMIeZiwXZrlsSoaY3rduI2gFe HIH2ml2gLUlAUwEXd/Jd4uxIBqeCXJOdcjgA8zz0B5ddCpGshhrD3/XIzIWIteOz 2NdyK6dIZx64wo7gYGOzTDFhx8i2GXn3nhaxyMwEHpOqZ+Uk3wflmKWbCq5cJivx H2B1gSMQlpo= =pzuj -----END PGP SIGNATURE----- From anonymous-remailer at shell.portal.com Sun Jun 9 01:31:17 1996 From: anonymous-remailer at shell.portal.com (anonymous-remailer at shell.portal.com) Date: Sun, 9 Jun 1996 16:31:17 +0800 Subject: Clam Wars Message-ID: <199606090513.WAA08328@jobe.shell.portal.com> > 2. The anti-scientologists have caused many cypherpunks > anonymous remailers to shut down via their egotistical > misuse of them, viz. criminally posting copyrighted Co$ > writings to Usenet. They did it knowing that the Co$ is > likely to harrass the remailer operators, causing them to > shut down and depriving everyone of their services. This scenario is beginning to sound suspiciously similar each time it happens: an anonymous individual or individuals utilize a remailer in a way that's deemed abusive, certain individuals complain loudly, and the remailer (or mail2news gateway) either shuts down or blocks the affected newsgroup. Thus far I've seen it happen with the alt.religion.scientology, alt.smokers, and alt.syntax.tactical newsgroups. This is setting a bad precedent. It sends the message that you merely have to fabricate a little "abuse" through one or more remailers to get what you want -- the elimination of your opponents' platform to dissent without fear of retribution. Whether the abuse in any of the aforementioned instances was actually fabricated or not is immaterial. If it wasn't, it very could have been, with identical results in either case. The problem being, with an anonymous attack through a remailer and/or mail2news gateway, how do you identify the intended victim? Was it the NG or the remailer/gateway itself? The first two NGs have one striking similarity: both involve a product or service where those who stand to profit from it have recently been plagued with "whistle blowers" and "defectors" from among their ranks -- the CO$ and the tobacco industry. In both cases, those who've come forward and divulged secrets have reported harassment. I'm at a loss to understand the blocking of the third NG, alt.syntax.tactical, however, unless the intent was strictly punitive. I can't imagine anyone from a.s.t. coming forward to complain about "abuse"! That would be like complaining about foul language on alt.blasphemy. From jamesd at echeque.com Sun Jun 9 01:50:25 1996 From: jamesd at echeque.com (jamesd at echeque.com) Date: Sun, 9 Jun 1996 16:50:25 +0800 Subject: Anonymous stock trades. Message-ID: <199606090521.WAA14979@dns2.noc.best.net> At 02:25 AM 6/8/96 +0200, Asgaard wrote: > Who is going to assure that someone has an ownership stake in the > Humpback Whales? The World Government? Brand them and herd them like open range cattle: The west did not need a government to do that, though they did need to hang a few folk who favored a different method of open ranging. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From tcmay at got.net Sun Jun 9 02:07:54 1996 From: tcmay at got.net (Timothy C. May) Date: Sun, 9 Jun 1996 17:07:54 +0800 Subject: US: Domestic Encryption Protected by US Constitution? Message-ID: At 3:26 AM 6/9/96, C Matthew Curtin wrote: >Given that the US State Department classifies strong crypto as >munitions, is it possible that any laws passed outlawing the use of >strong crypto among US citizens could be declared unconsitutional, in >violation of the second amendment? > >Are there any legal precedents that apply here? Is the question purely >academic (i.e., no such laws exist, no such bills are in the works, or >none have been tried)? Does anyone know of any laws on the books that >might be relevant to my question? I recall that this general issue was discussed several times on the "Cyberia-l" mailing list, a list consisting mostly of law professors, lawyers, law students, and a bunch of Cypherpunks. (I left that list several months back.) Some points: 1. There are currently no laws restricting crypto use in the U.S., save for some special circumstances (e.g., sending code over the ham radio band). There being no laws, no courts have been asked to rule on such laws. (I don't mean to sound confusing and circular here. The point is that the boundaries of a law get shaped when the law is tested. Inasmuch as there have been no laws about domestic use of crypto, we have little guidance as to how the courts will frame arguments should such a law ever be passed.) 2. Most advocates for a continued right to use strong crypto have used the First Amendment centrally. That is, "encrypted speech is still speech." Any demand that speech conform to government standards would run into the basic point that Congress is not to make such laws. I believe this approach is the strongest one. Even if there are some limits on speech (a la the infamous "falsely shouting 'Fire!' in a crowded theater" example), this sort of limit does not limit the _form_ of speech. (Quibblers may point out other such limits, even some on _form_. For example, speech at 95 dB is OK, but "speech" at a jet-engine level of 135 dB is not. I won't get into such quibbles here.) Casting a pro-crypto argument in terms of the Second Amendment ("encrypted speech is a weapon") opens the door to all kinds of potential arguments for restricting access to crypto. Think of all the various limits on firearms ownership and use: certain calibers and types are restricted, the shapes of firearms are controlled, special taxes are often required, waiting periods for purchase, no ownership by convicted felons, no possession on or near schoolgrounds, bullet types are controlled, limits on magazine capacity, no possession of biological weapons, etc. etc. etc. I don't think we want crypto controlled by the Bureau of Alcohol, Tobacco, and Firearms, do we? --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From kinney at bogart.Colorado.EDU Sun Jun 9 02:51:41 1996 From: kinney at bogart.Colorado.EDU (W. Kinney) Date: Sun, 9 Jun 1996 17:51:41 +0800 Subject: Anonymous stock trades. In-Reply-To: <199606090521.WAA14979@dns2.noc.best.net> Message-ID: <199606090637.AAA01593@bogart.Colorado.EDU> Normally I wouldn't comment, but: James A. Donald writes: > At 02:25 AM 6/8/96 +0200, Asgaard wrote: > > Who is going to assure that someone has an ownership stake in the > > Humpback Whales? The World Government? > > Brand them and herd them like open range cattle. Branding whales? Um, what? -- Will (Maybe digitally signing whales might be more appropriate for this forum...) From richieb at teleport.com Sun Jun 9 03:07:11 1996 From: richieb at teleport.com (Rich Burroughs) Date: Sun, 9 Jun 1996 18:07:11 +0800 Subject: [NOISE] Re: RFD: Time to kick some anti-scientologist ass? Message-ID: <2.2.32.19960609071830.009e7374@mail.teleport.com> -----BEGIN PGP SIGNED MESSAGE----- At 10:52 PM 6/8/96 CST, roy at sendai.scytale.com wrote: [snip] >Am I the only one whose ironometer just pegged? Actually, now that you mention it, mine is pegged. I hadn't noticed, because I was busy trying to recalibrate my bullshit detector which was off the fucking dial. LD's post is full of shit. David Gerard, Jon Noring, and Ron Newman are not "flamers." People who have even lurked there for a short while should know this. I've seen Ron urge people towards compassionate behavior on a.r.s. more than just about anyone on a.r.s. It's a bit hard to be compassionate when you're dealing with a group that uses every means at its disposal to silence its critics. I don't even think Nauta is on a.r.s., except for perhaps an occasional crosspost or two. Perhaps he lurks, but he doesn't post there to any significant extent. I don't know of any "Anti-Scientologists" who are forging cancels. I really doubt anyone would have checked with Dimitri first, though :) JEM did issue a bunch of cancels, as have some of the ISPs whose services have been abused. We have been inundated with over 12,000 "vertical spam" posts since May 19th, and it's still coming in. Many of these posts are repetitions of the same materials, and must be well over the BI by now. "Anti-Scientologists" have discussed various technological methods of dealing with the spam (cross-posted to news.admin.net-abuse), but no plan has been seized upon due to lack of consensus. I've written an article in the latest issue of my zine about the spam, if people would like more info. URL in my sig. Rich -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMbp6fYT0GKfZRA/9AQFGVgQAvvH4Fa8nwF6qbqHGVuKfO2uv0Ynw388Z 0QxO42wIzt9VrNckRvn+geYFRRYu9DoasGCw8imQqBN85OY3OasjpOIycyQnrjEW C3MqyP44esuyThI6Ds30bwFYc4rP+ZWFWp1rmgv3LmYAaPdh1dAwtzPsKzy4N4NF 0pLAsusDr9k= =PSIh -----END PGP SIGNATURE----- ______________________________________________________________________ Rich Burroughs richieb at teleport.com http://www.teleport.com/~richieb See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause From ichudov at algebra.com Sun Jun 9 03:23:49 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Sun, 9 Jun 1996 18:23:49 +0800 Subject: In-Reply-To: Message-ID: <199606090728.CAA21978@manifold.algebra.com> Dr.Dimitri Vulis KOTM wrote: > ichudov at algebra.com (Igor Chudov @ home) writes: > > Also, think about this: lots of people have someone they'd like > > to assassinate but do not actually do it because of lack of anonymity > > and associated hassles (like dealing with assassins non-anonymously, > > abundance of traces, possible confession of the assassin and so on). > > With your assassination clearinghouse these hassles go away. I think it > > would present an excellent prospect for reducing the population. > > Igor, have you ever read novels about British life in 18th century? > (I'm using this as an example because every good Russian reads them. :-) > Have you noticed how exaggeratedly polite they were to each other, > in comparison to Americans today? Do you know why? > Because back then, every gentle person was armed and might use violence > in sufficiently provoked. Actually, here in Oklahoma almost everyone has a gun (not that they use them though, but many carry). Incidentally, everyone including most down to earth truckers is exceedingly polite. When I went to NYC first time, I was shocked how less polite people were in comparison with Oklahomans. Are the folks in Flushing, NY or around Avenue of the Americas allowed to possess firearms? :) Russians in Russia are even less polite, and guns are outlawed. Maybe your hint really makes sense and after initial depopulation the citizens will use different, more considerate, ways of dealing with each other. Or, alternatively, maybe people will hide behind anonymity most of the time to avoid becoming vistims of jimbell's clearinghouse. Really, it is very hard to assasssinate username at alpha.c2.org, although it is possible to hire nyms to write programs and pay them hard earned digicash. If we think about anonymous computer contractors and anonymous employers, the interesting question is how to maintain reputations and how to check references. - Igor. From attila at primenet.com Sun Jun 9 03:28:49 1996 From: attila at primenet.com (attila) Date: Sun, 9 Jun 1996 18:28:49 +0800 Subject: Asendmail Status & Politikal Rant Message-ID: <199606090736.AAA29492@primenet.com> Addressed to: Ben Holiday Cypherpunks ** Reply to note from Ben Holiday 05/29/96 10:30pm -0400 as to the politiks --if we do not standup now, we will not even be able to speak up later. there is no question that every means of confronting a totalitarian driven government apparati must be developed, and the means of impletation well known. the only safety is in numbers; and, yes, some of the "brethern" will fall. anymore than the aging Chinese despots were able to contain the news of Tinnamin square, and I stood at the corner by the Forbidden City as it was starting to form, despots everywhere are faced with the same problem. in China, the free speach and democracy protestors faced enormous technological and communication deficiencies --so far, we do not. -- The result of today's 'government' is new world disorder, unfolding at warp velocity. From attila at primenet.com Sun Jun 9 03:29:18 1996 From: attila at primenet.com (attila) Date: Sun, 9 Jun 1996 18:29:18 +0800 Subject: You bet they have/are: NSA/CIA to snoop INSIDE the U.S.??? Message-ID: <199606090736.AAA29479@primenet.com> ** Reply by attila to note from Anonymous User 06/08/96 5:05pm -0700 anyone who believes the FBI and a host of other U.S. agencies even less scrupulous does not wiretap without permits, has been standing behind the door. generally, it does not matter if the information learned is admissable in court --they never admit wiretapping in the first place as the agency themselves, in many cases, *did*not*wiretap* --but the agency does buy info from usually unsavory "contractors" who do wiretap. as for the NSA/CIA spying on US citizens --they dont, they spy on British citizens with facilities provided by M5 and M6. in return, British M5/6 agents spy on U.S. citizens from Langely or Gaithersberg, or wherever. The fact they just happen to share information is an "accident." so, why legalize it? --if it aint broke, don't fix it. when the great sleeping, well-fed dog awakes in slavery, they will look for the "false"-prophets who have long since been purged by the adversary government --and fools like Baker-Halle will be in power (temporarily). --- original post by anon-remailer --- = : This is a fucking big story. = : Allowing the CIA and NSA to snoop domestically, and using only a handful of = : suspicions and anecdotes about cybernastiness and evil cryptohackers to = : justify this major policy shift -- well, it's fucking amazing. = : Nunn's proposal, unfortunately, was more than a "suggestion." = = This is very serious. Why has there not been more discussion about = this on the list? = = How close/far is this from becoming law? = = If they are now trying to make it legal for the CIA and NSA to snoop = inside the US I would guess that it's happening already. Remember = wiretaps? Do it now and they will make it legal later. -- The result of today's 'government' is new world disorder, unfolding at warp velocity. From blancw at accessone.com Sun Jun 9 03:48:49 1996 From: blancw at accessone.com (blanc) Date: Sun, 9 Jun 1996 18:48:49 +0800 Subject: [NOISE] Buying whales with digicash Re: Anonymous stock trades. Message-ID: <01BB559F.9D9D18A0@blancw.accessone.com> From: hallam at Etna.ai.mit.edu How to save the whales is a logical outcome of Friedman's thesis that markets are everything. It is unfortunately very common for great men to get megalomania and believe they have the solution to the worlds problems in one theory. The flaw in Perry's "stakeholder" theory is the same one in many academic theories. It assumes that most people are smart enough to realise their true interests. It assumes that people take a longer term look than they do. ................................................................................................ A point about the free market: Those "great men" who advocate it realize that one theory may not solve the world's problems, that individuals themselves can come up with the answers to their own problems. Instead of other people's theories and solutions being imposed upon them, individuals are seen as capable of interacting with each other and making decisions and trades in the market of choices made available through commercial enterprise, thus involving themselves in the discovery, pursuit, and satisfaction of their true interests. It doesn't assume that because people's judgements can be flawed and that they can make mistakes, that therefore others (governments & other authoritative types) have the right to step in and determine for them how their dreams should be realized. .. Blanc From llurch at networking.stanford.edu Sun Jun 9 03:49:21 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Sun, 9 Jun 1996 18:49:21 +0800 Subject: Thank you for the Archives 100 messages In-Reply-To: <199606071402.HAA10943@netcom4.netcom.com> Message-ID: On Fri, 7 Jun 1996, Skippy shared with the group: > Apologies, but rich has deleted me from > his mailboxes, and for a few days now, This isn't true. I don't believe in killfiles. Being on my twit list simply means that you're entitled to a brief acknowledgement of every message you send me. Skippy was added after he sent me the 3MB results from the rec.music.white-power vote as a rather limp mailbombing attempt (free clue: it takes a lot more than that to make a dent in our bandwidth or disk space); see http://www.stanford.edu/~llurch/potw2/rec.music.white-powder for that email. > somebody has placed a global cancel bot on > me. I'm gonna have plenty of fun figuring > this out. Kwow any good sniffers? The one that used to be running on darth.stanford.edu was pretty good. Since February 22nd, I've working on the assumption that everything I do unencrypted is public. I would revoke my PGP key, but I never used it much for receiving mail anyway, and I'm not sure that it was found. > I agree the list should be public usenet: > A mail gate-way to a usenet group that > ALSO permits unmoderated posts. This > would be a nice way to combine a strict > moderated mail-list, with a standard > netnews group. Gee, what a great idea! Why hasn't anyone thought of that? hks.net, for example. Unfortunately, there are too many copyright terrorists here. There's a tradeoff between freedom and visibility. As astute readers are aware, hks.net had to take down the archives after WSJ made a threat that was a little too credible. -rich From llurch at networking.stanford.edu Sun Jun 9 03:49:29 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Sun, 9 Jun 1996 18:49:29 +0800 Subject: NOISE: "Fascism is corporatism" In-Reply-To: <199606081932.MAA03833@dns2.noc.best.net> Message-ID: On Sat, 8 Jun 1996 jamesd at echeque.com wrote: > At 07:09 PM 6/7/96 -0700, Rich Graves wrote: > > you forget that I'm a > > Certified Political Scientist. > > [...] > > Once they got in power, then they started developing an economic ideology. > > Untrue: > > Fascism is of course a reasonably complete, coherent, and > philosophically consistent logical system, almost as coherent as > marxism, and far more logical than Mill's utilitarianism. It was > published and thoroughly debated well before they pursued or took power. Besides being unture, this is rather skew to the discussion of whether fascism = corporatism = Clinton. Whether it is possible to construct a coherent ideology is rarely relevant to historical processes; was Castro's Moncada attack motivated by Marxist ideology, for example? But anyway... > Rich Graves's lie is a lie I frequently hear from those who well > know the truth, I know you & Tim aren't impressed by Webster's, which Tim claimed as an authority without bothering to check whether it agreed with him at all (it doesn't; in fact, it directly contradicts him), but how about The Encyclopedia Brittanica on "The Philosophical Bases of Fascism": In its beginnings fascism was not a doctrine and had no clearly elaborated program. It was a technique for gaining and retaining power by violence, and with astonishing flexibility it subordinated all questions of program to this one aim. From the beginning it was dominated by a definite attitude of mind that exalted the fighting spirit, military discipline, ruthlessness, and action and rejected all ethical motives as weakening the resoluteness of will. It pleases me greatly that you do not presume to call me a fool. I've cited Machiavelli, the historical progression of risorgimento, and Paul Morrison, "The poetics of fascism : Ezra Pound, T.S. Eliot, Paul de Man," ISBN 0-19-508085-8. All you're doing is blathering on with some anti-intellectual lumpenlibertarian claptrap that tries to smear anything you disagree with as tantamount to fascism. You do libertarianism, with whose precepts I wholeheartedly agree, a serious disservice. Go back to Bastiat and leave history alone. The Encyclopedia Brittanica says of Mussolini: He read widely and voraciously, if not deeply, plunging into the philosophers and theorists Immanuel Kant and Benedict de Spinoza, Peter Kropotkin and Friedrich Nietzsche, G.W.F. Hegel, Karl Kautsky, and Georges Sorel, picking out what appealed to him and discarding the rest, forming no coherent political philosophy of his own yet impressing his companions as a potential revolutionary of uncommon personality and striking presence. For a more nuanced view, try A. James Gregor's "Young Mussolini and the Intellectual Origins of Fascism," ISBN 0-520-03799-5. I could mail you photocopies of the relevant sections if you like. > Many of my readers will think I am excessively harsh, calling Rich > Graves a liar rather than a fool, but I hear the above story > (that fascism is not a coherent ideology or philosophy) primarily from > those whose interests this story serves, and if they genuinely > thought this story was true, they would not know that it is in their > interests to push it. [Boggle] Huh? In English, please. [much more content-free blather deleted] Anyway, I never suggested that there was no such thing as fascist philosophy; just that fascism was not rooted in a well-developed ECONOMIC ideology, and that Tim's definition of corporatism is incorrect both in the abstract and in the cases of Italian fascism and Nazism. > Not only do such concepts as feminist science, phallocentric science, > etc, strongly resemble such concepts as aryan science, jewish science, > etc, but they are justified using the same arguments from the same > philosophers. Indeed Heidegger was not only a philosopher of fascism, > but he personally participated in Hitler's terror, terrorizing his academic > colleagues, and Paul De Man of Yale University worked directly for the > Nazis as a propagandist in occupied Belgium. How did we get from economics to philosophy? Here James demonstrates his absolute mastery of the subject. Heidegger only really supported Nazism from 1933-34; in the 40's and thereafter, he referred to Nazism as a disease. He is remembered as an existentialist, not a Nazi, though he did join the party when he became the rector of Freiburg. I don't believe that either Hitler or Goebbels were familiar with Heidegger's philosophical work. The fact that Paul de Man, in his early years in Nazi-occupied Belgium, wrote antisemitic propaganda for a number of local collaborationist journals was not discovered until four years after his death (by Ortwin de Graef). The statement "Paul de Man of Yale University worked directly for the Nazis" is not true in the sense that most readers might think. He collaborated, left, and started a new life. He contributed absolutely nothing to Nazi philosophy, because he did not become a philosopher until years after the war -- probably as a way to cope with the horrors he saw, and the shame of his cowardly collaboration. I don't think anyone has suggested that de Man was a serious Nazi -- just a fucking wimp. Where are you getting this nonsense about Heidegger and de Man? I have no sympathy for their views, but any attempt to smear them as a bunch of Nazis is ludicrous. Give me a reference. This is sure to be amusing. By the way, I voted for Bush, and no matter how many times you contradict me, I know I don't support the government's actions at Ruby Ridge. Your foaming-mouth projections on people who disagree with you are laughable. James, I have a lot of respect for Tim and Bruce (anyone who thought I was calling Bruce a Nazi for holding a common libertarian fallacy must be oxygen-deprived), but you're really losing me here. -rich From llurch at networking.stanford.edu Sun Jun 9 03:57:36 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Sun, 9 Jun 1996 18:57:36 +0800 Subject: [WAY, WAY NOISE] Re: Reference Correction Re: Thank you for the, Archives 100 messages In-Reply-To: Message-ID: On Sat, 8 Jun 1996, Jamie Lawrence wrote: > Careful Alan; I didn't write that. > > That was qut at netcom.com, the latest addition to my killfile, > who replied to my private email on Cypherpunks, and, rather oddly, > called me a Mormon. For enlightenment on that point, see Skippy's message "Christ was NOT a Mormon" in alt.zen and 35 other newsgroups, , http://ww2.altavista.digital.com/cgi-bin/news?plain at msg@33480 at rec%2emusic%2echristian -rich From middle-man at nym.jpunix.com Sun Jun 9 06:39:13 1996 From: middle-man at nym.jpunix.com (Middle Man) Date: Sun, 9 Jun 1996 21:39:13 +0800 Subject: middleman status Message-ID: <199606091052.FAA20619@alpha.jpunix.com> Damn!! A corrupted reply block! Anyway, the middleman remailer seems to be functional again. Give it a try and see if it works for you. The middleman remailer will respond to both middle-man at alpha.c2.org and middle-man at nym.jpunix.com. I will eventually drop one of the nyms in favor of the more robust nym server. I've tested it and it works for me. Please let me know if you have problems. middle-man-admin at alpha.c2.org middle-man-admin at nym.jpunix.com From rah at shipwright.com Sun Jun 9 09:38:06 1996 From: rah at shipwright.com (Robert Hettinga) Date: Mon, 10 Jun 1996 00:38:06 +0800 Subject: Anonymous stock trades. In-Reply-To: <199606090521.WAA14979@dns2.noc.best.net> Message-ID: At 1:15 AM -0400 6/9/96, jamesd at echeque.com wrote: > At 02:25 AM 6/8/96 +0200, Asgaard wrote: > > Who is going to assure that someone has an ownership stake in the > > Humpback Whales? The World Government? > > Brand them and herd them like open range cattle: The west did not > need a government to do that, though they did need to hang a few > folk who favored a different method of open ranging. ObPrettyCrypto: Ah. Transponders. Could blind-sign 'em. Maritime specific-identity accounting. Trade 'em on the open market. Actual anonymous er, stock, ownership? Whale-meat futures on the hoof, er, fin?... Woah! Idea! Whale-watch tags? Anyone who comes within a 100-yards of them on the surface pays a nickle? This is brilliant! What a way to make Algore and all the treehuggers eat their own dog-food. (Ewwww! That was *really* crass, considering what "meat and meat byproducts" used to mean...) *That's* what all those marine biologists are doing out there in their Zodiacs! And *I* thought that they were doing research. Your tax dollars at work... ;-). All of which gives me a very Friedmanesque idea: a money-fence. With these "charging", heh, transponders, you could tag something you want to "protect", and charge micromoney based on your proximity-time with the object/plant/animal. The rarer the animal is, the more you charge. New meaning to the phrase, "you break it, you bought it." You touch it, you buy it? Sort of like financial defense-in-depth ala "The Mesh and the Net", or "Diamond Age". You could even build the transponders to "offload" micromoney to "rangers" (their owners, of course!) whenever they passed by... Okay, Okay. Enough already. I'll go take my Ritalin now... Oh. And, Phill? I'm still trying to deciding whether to refute your recent tractologicophilosphicus, but, in the meantime, how 'bout this for a terse version: I think you're ugly, and your mother dresses you funny. ;-). There. All that undergraduate philosophy (and beer!) at Missouri wasn't wasted. See, Ma? I invect, therefore I am. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "If they could 'just pass a few more laws', we would all be criminals." --Vinnie Moscaritolo The e$ Home Page: http://www.vmeng.com/rah/ From dlv at bwalk.dm.com Sun Jun 9 10:56:00 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 10 Jun 1996 01:56:00 +0800 Subject: [NOISE] Re: RFD: Time to kick some anti-scientologist ass? In-Reply-To: <2.2.32.19960609071830.009e7374@mail.teleport.com> Message-ID: Rich Burroughs writes: > I don't know of any "Anti-Scientologists" who are forging cancels. Check out the Lasarus reports on alt.religion.scientology -- 5000 lines, 6000 lines, 7000 lines... > I > really doubt anyone would have checked with Dimitri first, though :) The forged cancels started a short time after one prominent anti-scentologist flamer e-mailed me and asked for a copy of my cancelbot. (The first time I've seen him being quasi-polite! :-) The cancels look like they came from my 'bot, and are directed at _anything posted by certain Co$ supporters. I don't care about the bizarre religion views of the present or former cult members, but forging cancels makes you as much of a slime as Co$. I note that you chose to ignore the cypherpunks-relevant portion of my question - that the anti-scientologists have been abusing the cypherpunks remailers. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dlv at bwalk.dm.com Sun Jun 9 11:15:04 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Mon, 10 Jun 1996 02:15:04 +0800 Subject: In-Reply-To: <199606090728.CAA21978@manifold.algebra.com> Message-ID: ichudov at algebra.com (Igor Chudov @ home) writes: > Actually, here in Oklahoma almost everyone has a gun (not that they use > them though, but many carry). Incidentally, everyone including most down > to earth truckers is exceedingly polite. When I went to NYC first time, > I was shocked how less polite people were in comparison with Oklahomans. > > Are the folks in Flushing, NY or around Avenue of the Americas allowed to > possess firearms? :) I'm not quite in Flushing, but: it's possible to keep one at home, but a carry licence is impossible. > Russians in Russia are even less polite, and guns are outlawed. Russians in Russia are very polite to boys wearing leather and riding BMW's. New Yorkers are sometimes polite to black men wearing lots of gold jewelry. Maybe they suspect something. > Maybe your hint really makes sense and after initial depopulation the > citizens will use different, more considerate, ways of dealing with each > other. I think it would take very few 'depopulation' incidents to improve manners. Humans, like rats, are very good at learning from others' mistakes. > Or, alternatively, maybe people will hide behind anonymity most > of the time to avoid becoming vistims of jimbell's clearinghouse. > Really, it is very hard to assasssinate username at alpha.c2.org, although > it is possible to hire nyms to write programs and pay them hard earned > digicash. There are some very interesting discussions in Bruno Solnik's book I mentioned about the worth of anonymity v. reputation in financial markets. I wonder if it would be possible for government officials to hide behind anonymity. Everyone will hate a certain gov't official, but no one will know who s/he is? > If we think about anonymous computer contractors and anonymous > employers, the interesting question is how to maintain reputations and > how to check references. That's an interesting question - want to think about a protocol? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From nobody at REPLAY.COM Sun Jun 9 12:20:47 1996 From: nobody at REPLAY.COM (Anonymous) Date: Mon, 10 Jun 1996 03:20:47 +0800 Subject: FOR WHOM THE BELL TOLLS Message-ID: <199606091601.SAA14792@basement.replay.com> Bryce wrote (whilst on his high horse): > Hm. I think the best we could hope for is along the lines of > "The suspect subscribed to the 'Cypherpunks' discussion group on > the Internet, but his violent views were rejected by the members > of the group." Not every member of this list rejects his views. I for one do not reject them outright, but will not defend his views publically for fear of embarassing the corporation that I work for. I do not reject Jim Bell's violent views for the simple reason that violence is often required to fight violence. In other words, the best you can hope for is "... but his violent views were rejected by some members of the group." > It is important that the reporter manages to _not_ use the word > "member" to indicate that Bell is a "member" of Cypherpunks. He *is* a member. And why shouldn't he be? Are you suggesting that this group become moderated? (hiss). The whole AP concept is very relevent to the Cypherpunks, whether the majority like it or not. > I think that conversing with Bell, or publically replying to him > at all, even to insult him, makes him more of a "member" and > makes his pet topic more a part of cypherpunks, both in appearance > and in substance. So don't do it. That means you, too, > Black Unicorn. At _least_ you can take it to private e-mail in > order to prevent the reporters from getting the wrong idea, and > in order to spare the rest of us the tedium of deleting the > messages. No platform for lunatics??? If there is one thing that a Cypherpunk should have learned during his time in the group, is that the answer to hate speech (or violent speech, or whatever you wish to call it) is more speech. If your fear is that reporters will get hold of the wrong end of the stick, then perhaps you are correct, but the real problem is the *reporters*, not the attitude of the Cypherpunks. blame them. propose a solution. (how about abolition of all libel laws?) > This is assuming that the statement "his violent views were > rejected by the members of the group" is actually true! If > there _is_ anyone else here who shares Bell's evil enthusiasms, > I strongly encourage you to begin a new list dedicated to that > topic. I disagree with the phrase "evil enthusiasms." Bell is not an evil man. A little crazy perhaps, but not evil. If you bothered to listen to him, you would find that his aim is to create a "better" world, where people (especially politicians) are very much more responsible for their own actions. He suggests that the number of deaths due to AP will be less that the number of deaths due to the current corrupt system. think about it. how many on this group would have another man killed for his views? For his noisy stereo? For a competive advantage in business? I am confident the answer will be zero. On the other hand, I would gladly throw in a few dollars to have certain politicians killed. gladly. and I will be able to sleep at night. I will sleep better knowing that, although I was partly responsible for a mans death, I will have saved countless others (a bit like dropping an a-bomb on Japan). Question for Jim - would you resort to AP to have Bryce popped off? Question for Bryce - would you resort to AP to have Jim popped off? From nobody at REPLAY.COM Sun Jun 9 13:34:18 1996 From: nobody at REPLAY.COM (Anonymous) Date: Mon, 10 Jun 1996 04:34:18 +0800 Subject: Anti-Scientologists Message-ID: <199606091713.TAA18786@basement.replay.com> Anonymous wrote: > > >1. There's a gang of flamers (David Gerard, Jon Noring, Ron Newman, Rob J. > >Nauta, and the like) who try to stop $cientologists from discussing their > >religion on the Usenet newsgroup alt.religion.scientology. Most of them are > >disgruntled former cult members and/or members of other similar cults. > > Untruth #1. Aside from the "religion" red herring you tossed in (it's a cult), the critics expose the lies, doubletalk and inconsistencies posted by cult apolo Truth #1: It is a religion Truth #2: It is no longer a cult, since the leader is dead. From bal at martigny.ai.mit.edu Sun Jun 9 14:25:27 1996 From: bal at martigny.ai.mit.edu (Brian A. LaMacchia) Date: Mon, 10 Jun 1996 05:25:27 +0800 Subject: US: Domestic Encryption Protected by US Constitution? In-Reply-To: Message-ID: <199606091721.NAA00327@slip-bal.lcs.mit.edu> Date: Sat, 8 Jun 1996 22:36:53 -0700 X-Sender: tcmay at mail.got.net Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" From: tcmay at got.net (Timothy C. May) Sender: owner-cypherpunks at toad.com Precedence: bulk At 3:26 AM 6/9/96, C Matthew Curtin wrote: >Given that the US State Department classifies strong crypto as >munitions, is it possible that any laws passed outlawing the use of >strong crypto among US citizens could be declared unconsitutional, in >violation of the second amendment? > >Are there any legal precedents that apply here? Is the question purely >academic (i.e., no such laws exist, no such bills are in the works, or >none have been tried)? Does anyone know of any laws on the books that >might be relevant to my question? [...] 2. Most advocates for a continued right to use strong crypto have used the First Amendment centrally. That is, "encrypted speech is still speech." Any demand that speech conform to government standards would run into the basic point that Congress is not to make such laws. I believe this approach is the strongest one. Even if there are some limits on speech (a la the infamous "falsely shouting 'Fire!' in a crowded theater" example), this sort of limit does not limit the _form_ of speech. (Quibblers may point out other such limits, even some on _form_. For example, speech at 95 dB is OK, but "speech" at a jet-engine level of 135 dB is not. I won't get into such quibbles here.) IANACLP (Const. Law Prof.), but there is a fundamental difference in First Amendment analysis between content-related restrictions and "time, place and manner"-related restrictions. Laws that prevent me from shouting over a bullhorn at 3am are an example of the latter; they operate in a manner neutral to the content of the speech and such regulations are not subject to as strict scrutiny as content-related restrictions (such as obscenity laws). The distinction between content and time/place/manner restrictions is important. Whether domestic use of cryptography may be regulated by the Government may very well turn on whether the Court decides that the encrypted version of my protected speech is itself protected content or just a manner of expressing the underlying unencrypted content. [For example, Judge Patel recently found that source code was speech for First Amendment purposes in Bernstein v. US Dept. of State, which allowed Bernstein's constitutional challenge to the ITAR to proceed.] A moot court panel on the constitutionality of possible domestic cryptography restrictions was one of the headline events at CFP '96. I would strongly encourage those interested to check out: http://swissnet.ai.mit.edu/~switz/cfp96/plenary-court.html which has pointers to all the background briefs and analysis as well as RealAudio recordings of the oral argument held at CFP. --bal From jimbell at pacifier.com Sun Jun 9 14:41:40 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 10 Jun 1996 05:41:40 +0800 Subject: [Off-Topic] "Curfews" Message-ID: <199606091739.KAA04024@mail.pacifier.com> At 12:03 AM 6/9/96 +0000, Jean-Francois Avon wrote: >On 8 Jun 96 at 12:40, jim bell wrote: >> As you can see, this is one of the big difficulties that people can >> have understanding AP: Since it changes just about everything about >> how a society works, you can't analyze it "easily" using your >> built-up knowledge of societies. > >Actually, it makes one realize that society and the "collective" is >nothing, that the basic building block is the individual. If you >analyse the motivation of the individual, AP is not difficult to >understand. It is, however, hard to separate out all the familiar assumptions we make about the world based on the current way of doing things. > >> As I've said so many times before, AP is like a political Rorschach >> test: Your reaction to it is strongly related to your political >> philosophy. That's part of the magic. > >Please stay out of magic. The actual politician are enough into it. Well, I was speaking hyperbolically. (hyperbole.) Jim Bell jimbell at pacifier.com From jimbell at pacifier.com Sun Jun 9 14:51:09 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 10 Jun 1996 05:51:09 +0800 Subject: Minority vs. majority Message-ID: <199606091739.KAA04029@mail.pacifier.com> At 10:40 PM 6/8/96 EDT, Dr.Dimitri Vulis KOTM wrote: >ichudov at algebra.com (Igor Chudov @ home) writes: >> You haven't seen _real_ corrupt officials. :) > >Jim - could corrupt gov't official hide behind anonymity too? >E.g., a particularly obnoxious gov't regulation being issued from >behind anon remailer? Regulation issued? Sure. Regulation _enforced_? Far more difficult! Maybe even impossible, when considered over the entire population. I've been considering this for a long time, and I came to the conclusion that you really can't enforce regulations dictated by a small fraction of the population onto the large majority. Enforcing a regulation costs effort. (money? time? people?) People are not going to put in this kind of effort unless they feel strongly about an issue. It would be possible for a large majority to enforce a standard of behavior on a tiny minority ("rules" against theft and other common crime) but this will work only if the average individual is willing to donate money to see those general rules enforced. Over time, few people will donate money to see victimless crimes (drugs, gambling, prostituion) enforced, for instance. Jim Bell jimbell at pacifier.com From llurch at networking.stanford.edu Sun Jun 9 16:39:39 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Mon, 10 Jun 1996 07:39:39 +0800 Subject: [NOISE] Re: RFD: Time to kick some anti-scientologist ass? In-Reply-To: Message-ID: On Sun, 9 Jun 1996, Dr.Dimitri Vulis KOTM wrote: > I note that you chose to ignore the cypherpunks-relevant portion of my > question - that the anti-scientologists have been abusing the cypherpunks > remailers. I have to agree with the KOTM on this one, as did many of the ars posters (after a few days of flames subsided). IMO, with the remailer network weak, and with the posters KNOWING that the remailers were weak (someone posted ATTACKS ON REMAILERS IMMINENT!!! before the NOTS postings), they should have used throwaway accounts or some other method of posting, like throwaway AOL accounts. Fortunately, the damage was localized. For routine criticism of the cult, absolutely yes, please use the remailers, but for blatant "copyright terrorism," be careful. As I believe they will... we're really not in disagreement here. Only the kooks on either side are trying to make this controversial. I certainly don't think anyone should hold any sort of grudge against the arsvolk (i.e., I don't hate myself for posting Scamizdat 11 a few times to ars and my web page, under my own name). I think everyone but CoS and the KOTM have learned something from this experience, and we'll be better equipped to deal with the next challenge. We all know we COULD stress the remailer network, probably to the breaking point, by sending the right messages to the right people. But we don't, because we're responsible (sorry, I don't think that's a dirty word). Use the right tool for the job. -rich From ichudov at algebra.com Sun Jun 9 16:42:16 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Mon, 10 Jun 1996 07:42:16 +0800 Subject: Anonymous computer contractors In-Reply-To: Message-ID: <199606091824.NAA01563@manifold.algebra.com> Dr.Dimitri Vulis KOTM wrote: [we were discussing jimbell's assassination clearinghouse - Igor] > > Maybe your hint really makes sense and after initial depopulation the > > citizens will use different, more considerate, ways of dealing with each > > other. > > I think it would take very few 'depopulation' incidents to improve manners. > Humans, like rats, are very good at learning from others' mistakes. Alright, but since quite a few people have quite a few present enemies, the depopulation may be severe enough. The only hope is that the assassin market will become tight. > > Or, alternatively, maybe people will hide behind anonymity most > > of the time to avoid becoming vistims of jimbell's clearinghouse. > > Really, it is very hard to assasssinate username at alpha.c2.org, although > > it is possible to hire nyms to write programs and pay them hard earned > > digicash. > > There are some very interesting discussions in Bruno Solnik's book I > mentioned about the worth of anonymity v. reputation in financial markets. > I wonder if it would be possible for government officials to hide behind > anonymity. Everyone will hate a certain gov't official, but no one will > know who s/he is? Sorry, how is the book called? I think that it is entirely possible. For example, consider usenet: some groups elect to create a "government" - that is, they elect to become moderated newsgroups. They elect moderators. For all practical purposes these moderators are anonymous - after all, who knows who hides behind an email address? This anonymity does not prevent elections. Another problem, as we know very well, is that cyberspace elections are easy to rig and it is easy to create identities that do not correspond to real-life people. Maybe we should return to the practices of XVII century and give cybervotes only to those who pay cybertaxes. Of course, the weight of the vote must be equal to the amount of cybertax. > > If we think about anonymous computer contractors and anonymous > > employers, the interesting question is how to maintain reputations and > > how to check references. > > That's an interesting question - want to think about a protocol? Well, let's think. What are the requirements? - Igor. From qut at netcom.com Sun Jun 9 17:09:14 1996 From: qut at netcom.com (Be Good) Date: Mon, 10 Jun 1996 08:09:14 +0800 Subject: Thank you for the Archives 100 messages Message-ID: <199606091911.MAA27107@netcom22.netcom.com> > This isn't true. I don't believe in killfiles. Being on my twit list simply > means that you're entitled to a brief acknowledgement of every message you How polite, like a Courtesy_Copy. Thanks! > send me. Skippy was added after he sent me the 3MB results from the > rec.music.white-power vote as a rather limp mailbombing attempt (free clue: > it takes a lot more than that to make a dent in our bandwidth or disk > space); see http://www.stanford.edu/~llurch/potw2/rec.music.white-powder for > that email. Liar. Since they got rid of the old Bell, Stanford is as good as Netcom in their top level functions, I retreived the above page in a few seconds, it's the terminals and stuff which cause the problems. You, for instance, only use Micro$oft, so you lose out on the use of Stanford's T3's, which I use all the time whenever I'm logged in to Netcom. As if there's anybody stupid enough to use Micro$oft for networking, much less Dial-ups! > > somebody has placed a global cancel bot on I was wrong, I was just Dicked a few forge-cancels. He got angry of course, when I added misc.test, which means he can't continue to forge-cancel without quickly alerting me. > > me. I'm gonna have plenty of fun figuring > > this out. Kwow any good sniffers? > > The one that used to be running on darth.stanford.edu was pretty good. > Since February 22nd, I've working on the assumption that everything I do > unencrypted is public. I would revoke my PGP key, but I never used it much > for receiving mail anyway, and I'm not sure that it was found. You could explain to us what you are talking about, but that would threaten your B1!?3 status. > > I agree the list should be public usenet: > > A mail gate-way to a usenet group that > > ALSO permits unmoderated posts. This > > would be a nice way to combine a strict > > moderated mail-list, with a standard > > netnews group. Great idea. For stormfront. BTW, can you forge-request another archives for me? I saw a couple of letters before losing the rest. I'm trying to work novell dos with linux and making a general mess of things. Picked up an unwrapped copy for $40, is that a good deal? > Gee, what a great idea! Why hasn't anyone thought of that? hks.net, for > example. Unfortunately, there are too many copyright terrorists here. Never noticed it. > There's a tradeoff between freedom and visibility. As astute readers are > aware, hks.net had to take down the archives after WSJ made a threat that > was a little too credible. Never noticed it. You folks are just so damned paranoid. The government's not out to get you, just help you. > -rich > > -- Kill Your Television From qut at netcom.com Sun Jun 9 18:03:52 1996 From: qut at netcom.com (Be Good) Date: Mon, 10 Jun 1996 09:03:52 +0800 Subject: your mail Message-ID: <199606091929.MAA29594@netcom22.netcom.com> > On Thu, 6 Jun 1996, harman.david wrote: > > > This sat's no good fo' me. > > Is Jul 13 OK? > > I've got the ResNet conference that week, and I'll probably need to recover. > It might be fun to meet you at some Tuesday night boink. I'll buy you a > beer. I've got gay friends, but I don't boink them. And, I used to be a nice guy, but I quit drugs. BTW, what does it cost to get a dedicated T3? Would it cost more than a vacation? > > Again, I'm only interested in the implementation, > > the ongoing discussion about legal liability, > > is fairly bogus, I, Black Unicorn, and many others, > > have already declared we would go face to face > > with the law. > > To what was this a reference? Crypto-Anonyminity vs. the law and Co$. "In the national socialist paradise, there is no law" -- Kill Your Television From winn at Infowar.Com Sun Jun 9 18:10:27 1996 From: winn at Infowar.Com (winn at Infowar.Com) Date: Mon, 10 Jun 1996 09:10:27 +0800 Subject: No Subject Message-ID: <199606091954.PAA25299@mailhost.IntNet.net> Class III InfoWar Part 2 Report from Europe FEEL FREE TO DISTRIBUTE WIDELY I am ostensibly on vacation with my wife and two children ages 11 & 5 : Here we are in Venice, Italy but I can't ignore what seems to be going on in England. American media does not appear to be following it. So here 's what is happening. Headline of June 9, 1996 Sunday Times in London reads: "Secret Inquiry into Cyber Terror." This is a follow-up of last Sundays story about alleged extortion attacks against British financial institutions using Trojan Horses and /or HERF Guns. According to today's article, the British government is holding secret investigations into the "attacks" for more than two years involving the Dept. of Trade and Industry (DTI), government communications headquarters (GCHQ), the Brits NSA, The Defence Research Agency (DRA), and the Bank of England. On June 8, the DTI issued a public statement which included : "We are very interested in the allegations of extortion directed at City of London institutions which were brought to our attention in 1994. We responded then by involving many government organizations ... so far we have not been presented with any hard evidence from victims. We would urge those threatened to come forward." DTI Director of Technical Affairs, David Hendon wrote a letter in May 1995 saying they took the extortion issue "Extremely seriously." The Times' reporter's say they have seen some of the evidence that was submitted to DTI and GCHQ which includes a chart on 46 of the attacks. According to the article DRA Senior Director, Professor David Parks, his agency is " especially interested in the "weaponry" deployed by the cyber terrorists." The Tmes continued : "The agency (DRA) believes high intensity radio frequency "HIRF" guns may have been used to black out trading positions in City finance houses. The weapon disables a computer by firing elctromagnetic radiation at it and is a "Black Programme" at the Defence Ministry, one of the highest security classification levels." In Dec. Of 1995, the DRA and Parks approached a company who specializes in information warfare and asked them to "arrange a demonstration of a portable HIRF weapon in Germany." The article further states that details on the HIRF systems and their use in the City of London have been compiled by a British computer magazine and are being passed onto government officials. ***** I have spoken to more than fifty media in the last week about this story: The comments range from "suspicious" of the British reports, "sounds psy -fi", "alarming", "scary" and the like. Even though I am on vacation (Ha!) I called a few of my expert friends for a sanity check and here is what we have to say. * The alleged software attacks mentioned in last weeks article are more likely the weapon than HERF/HIRF attacks that todays' article focuses on. * "Given the kind of systems they use and their connectivity, I can figure a hundred ways to do what the article say" one of my experts stated. * As for the HERF/HIRF we have worked out a number of models for a number for the attacks scenarios mentioned, but we have a targeting problem. A free-space (air) based attacked would create a wide dispersion pattern and likely have effected other organizations not just those specifically under attack. * A ground plane attack might cause the alleged results but requires more physical access to the facility. A few thoughts of the potential motivations: * Were the alleged attacks meant as a malicious Denial of Service (DNS) attack or as a profit scheme? * Were trading volumes and the stock prices of the alleged victims effected during the times in question? * Was internal profit taking an ulterior motive ? * I have to keep in mind if we give these stories credence, that over 50% of computer crimes involve insiders. According to my British friends, the Sunday Times is preparing even more on this story which will appear next Sunday - when I will be in London to get it back to you within minutes. So, the kids are fine. "Thanks for asking." My life is almost relaxed, and we are now headed into the Alps for a leisurely 8 hr drive and will spend the night at the Jungfrau. "Damn, it's raining. It will have to be beer and sauerkraut." In the meantime, contact betty at infowar.com at Interpact for comments and interviews. Back at your later! Winn Schwartau Peace Winn Winn Schwartau - Interpact, Inc. Information Warfare and InfoSec V: 813.393.6600 / F: 813.393.6361 Winn at InfoWar.Com From richieb at teleport.com Sun Jun 9 18:13:42 1996 From: richieb at teleport.com (Rich Burroughs) Date: Mon, 10 Jun 1996 09:13:42 +0800 Subject: [NOISE] Re: RFD: Time to kick some anti-scientologist ass? Message-ID: <2.2.32.19960609202516.00a042f8@mail.teleport.com> -----BEGIN PGP SIGNED MESSAGE----- At 09:34 AM 6/9/96 EDT, LD wrote: >Rich Burroughs writes: >> I don't know of any "Anti-Scientologists" who are forging cancels. > >Check out the Lasarus reports on alt.religion.scientology -- 5000 lines, >6000 lines, 7000 lines... Gee, those poor CoS posters you mention must be pretty busy to generate that many messages (which were then canceled). Homer adjusted Lazarus, and the last I knew the reports didn't have enough info for anyone to tell who the sender of the cancel was. Here's an example from back on the 5th: - - ---------------------------------------------------------- Mon Jun 3 19:45:33 EDT 1996 Lazarus V2.3 lightlink.com/var/spool/news/control/1501139 Article: 176082 From: info at ars.com (ARS FAQ) Date: 1 Jun 1996 17:34:29 GMT Subject: Bryan Wilson - Diversity Among Religions: A Modern Example. Message-ID: <4opuv5$6s0 at mordred.cc.jyu.fi> Control: cancel <4opuv5$6s0 at mordred.cc.jyu.fi> - - ---------------------------------------------------------- Homer condensed them to one post, as they were just exacerbating the spam clutter. I wish he'd have left more info in them. To be honest, I haven't paid that much attention to them in the last few days, since it's impossible to tell from them who issued the cancel. If you know who is forging cancels you might want to share with me, but I honestly don't. The only people I am aware of who have been canceling have been JEM and some of the ISPs involved. Vague accusations against "Anti-Scientologists" don't really tell me much. >> really doubt anyone would have checked with Dimitri first, though :) > >The forged cancels started a short time after one prominent anti-scentologist >flamer e-mailed me and asked for a copy of my cancelbot. (The first time I've >seen him being quasi-polite! :-) The cancels look like they came from my 'bot, >and are directed at _anything posted by certain Co$ supporters. I haven't seen any of the actual cancels, and I wouldn't know how to identify them as being from your bot. Those "certain Co$ supporters" are all probably one person who's telnetting to open NNTP ports and forging thousands of messages a day. The posts are all obviously produced by a script (pulling info mainly from the CoS book _What is Scientology_), and they are not anything even in the neighborhood of an honest attempt at communication. It's Net abuse, and I think you must be trolling if you don't see that. Should have known you'd go where the action is :) >I don't care about the bizarre religion views of the present or former cult >members, but forging cancels makes you as much of a slime as Co$. The messages that are being canceled are forgeries. They are a result of an abuse of service. That isn't at all the same as CoS canceling due to content. Those poor "certain Scientologists" you mentioned have produced over 12,000 forged messages, which are actually only a small number of articles that are being continually reposted. Most must be way over the BI. I'm not crying a river for them. >I note that you chose to ignore the cypherpunks-relevant portion of my question >- that the anti-scientologists have been abusing the cypherpunks remailers. Wow. Good thing that there was a relevant portion, huh. :) Sorry I missed it. I have some mixed feelings about the CoS materials that were posted through the remailers. I'm sorry that Hacktic was shut down, but I don't think that was the intent of the people who posted those materials. They were blowing the whistle on a criminal organization. I can't honestly say whether I think their actions were "right" or not. In any case, the actions you've described were committed by a handful of people. There are hundreds of Anti-Scientologists who post to a.r.s., and many more who lurk. Probably less than 5 have done wholesale posting of copyrighted materials, (beyond what would be considered "fair use") and most of them didn't even use remailers. Scamizdat being the big exception. I'm assuming that your anti-"Anti-Scientologist" screed is just an attempt to get people riled up. Having fun? Rich -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMbsypoT0GKfZRA/9AQF62wP/TUdUKXwAgO7irnE08P5mSP1K+MNP0Ukb ZqZPCKmWxrtHql/a3E7dYquQ0fp9fCe4a+d/TyvJQFAc3/LS/6/Qb6nkOB0HqSP5 +9URNIJPgBVRigxbL0m9ZJS6zzw9+ewRi6mu1wxaaHlPE/QDjZZnfKJi8bjcMUCk Ap7kN+sw8GQ= =jIEl -----END PGP SIGNATURE----- ______________________________________________________________________ Rich Burroughs richieb at teleport.com http://www.teleport.com/~richieb See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause From winn at Infowar.Com Sun Jun 9 18:19:43 1996 From: winn at Infowar.Com (winn at Infowar.Com) Date: Mon, 10 Jun 1996 09:19:43 +0800 Subject: No Subject Message-ID: <199606091950.PAA25078@mailhost.IntNet.net> Class III InfoWar Part 2 Report from Europe FEEL FREE TO DISTRIBUTE WIDELY I am ostensibly on vacation with my wife and two children ages 11 & 5 : Here we are in Venice, Italy but I can't ignore what seems to be going on in England. American media does not appear to be following it. So here 's what is happening. Headline of June 9, 1996 Sunday Times in London reads: "Secret Inquiry into Cyber Terror." This is a follow-up of last Sundays story about alleged extortion attacks against British financial institutions using Trojan Horses and /or HERF Guns. According to today's article, the British government is holding secret investigations into the "attacks" for more than two years involving the Dept. of Trade and Industry (DTI), government communications headquarters (GCHQ), the Brits NSA, The Defence Research Agency (DRA), and the Bank of England. On June 8, the DTI issued a public statement which included : "We are very interested in the allegations of extortion directed at City of London institutions which were brought to our attention in 1994. We responded then by involving many government organizations ... so far we have not been presented with any hard evidence from victims. We would urge those threatened to come forward." DTI Director of Technical Affairs, David Hendon wrote a letter in May 1995 saying they took the extortion issue "Extremely seriously." The Times' reporter's say they have seen some of the evidence that was submitted to DTI and GCHQ which includes a chart on 46 of the attacks. According to the article DRA Senior Director, Professor David Parks, his agency is " especially interested in the "weaponry" deployed by the cyber terrorists." The Tmes continued : "The agency (DRA) believes high intensity radio frequency "HIRF" guns may have been used to black out trading positions in City finance houses. The weapon disables a computer by firing elctromagnetic radiation at it and is a "Black Programme" at the Defence Ministry, one of the highest security classification levels." In Dec. Of 1995, the DRA and Parks approached a company who specializes in information warfare and asked them to "arrange a demonstration of a portable HIRF weapon in Germany." The article further states that details on the HIRF systems and their use in the City of London have been compiled by a British computer magazine and are being passed onto government officials. ***** I have spoken to more than fifty media in the last week about this story: The comments range from "suspicious" of the British reports, "sounds psy -fi", "alarming", "scary" and the like. Even though I am on vacation (Ha!) I called a few of my expert friends for a sanity check and here is what we have to say. * The alleged software attacks mentioned in last weeks article are more likely the weapon than HERF/HIRF attacks that todays' article focuses on. * "Given the kind of systems they use and their connectivity, I can figure a hundred ways to do what the article say" one of my experts stated. * As for the HERF/HIRF we have worked out a number of models for a number for the attacks scenarios mentioned, but we have a targeting problem. A free-space (air) based attacked would create a wide dispersion pattern and likely have effected other organizations not just those specifically under attack. * A ground plane attack might cause the alleged results but requires more physical access to the facility. A few thoughts of the potential motivations: * Were the alleged attacks meant as a malicious Denial of Service (DNS) attack or as a profit scheme? * Were trading volumes and the stock prices of the alleged victims effected during the times in question? * Was internal profit taking an ulterior motive ? * I have to keep in mind if we give these stories credence, that over 50% of computer crimes involve insiders. According to my British friends, the Sunday Times is preparing even more on this story which will appear next Sunday - when I will be in London to get it back to you within minutes. So, the kids are fine. "Thanks for asking." My life is almost relaxed, and we are now headed into the Alps for a leisurely 8 hr drive and will spend the night at the Jungfrau. "Damn, it's raining. It will have to be beer and sauerkraut." In the meantime, contact betty at infowar.com at Interpact for comments and interviews. Back at your later! Winn Schwartau Peace Winn Winn Schwartau - Interpact, Inc. Information Warfare and InfoSec V: 813.393.6600 / F: 813.393.6361 Winn at InfoWar.Com From unicorn at schloss.li Sun Jun 9 18:51:14 1996 From: unicorn at schloss.li (Black Unicorn) Date: Mon, 10 Jun 1996 09:51:14 +0800 Subject: Thank you for the Archives 100 messages In-Reply-To: <199606091911.MAA27107@netcom22.netcom.com> Message-ID: On Sun, 9 Jun 1996, Be Good wrote: > > There's a tradeoff between freedom and visibility. As astute readers are > > aware, hks.net had to take down the archives after WSJ made a threat that > > was a little too credible. > > Never noticed it. You folks are just so damned paranoid. > The government's not out to get you, just help you. Bahahahah! - Ok, that's clear, now go away. > -- > > Kill Your Television --- My preferred and soon to be permanent e-mail address:unicorn at schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information Opp. Counsel: For all your expert testimony needs: jimbell at pacifier.com From karri19 at idt.liberty.com Sun Jun 9 19:03:20 1996 From: karri19 at idt.liberty.com (karri19 at idt.liberty.com) Date: Mon, 10 Jun 1996 10:03:20 +0800 Subject: 1000 Shares Message-ID: <199606092004.NAA21765@liberty.ca.idt.net> 1000 SHARES Warren Buffett, the worlds greatest investor said---"buy a business, not a stock" ---and--- "is the business simple and understandable?" Some savvy investors have made their fortune, or at least a lot of money by buying into a company in it's early stages of development, before the general public discovers it! They have found and then invested in a company they believe in and watched it grow over time. Did you hear about Novell stock when it was only $2.25 a share, or Xerox at 50 cents? How about Wal-Mart, Telefono de Mexico or Toys r Us? Not likely, small or micro-cap stocks are almost totally invisible until it's much too late for the average investor. We would like to send you information on a micro-cap company in its early stages of development. Simple business --- we refurbish AT&T telecom equipment and sell it overseas to emerging third world economies such as Belarus, Philippines, South America and Russia. This stock is still trading under $1 with very strong upside potential as the company develops its customer base in the multi-billion dollar overseas telecom business. Contact us today to have a free corporate profile on this exciting company faxed or e-mailed to you. Please e-mail your request to: karri19 at idt.liberty.com This is not a solicitation to buy or sell securities, but for information purposes only. Investing in securities is speculative and carries a high degree of risk. From frissell at panix.com Sun Jun 9 19:22:48 1996 From: frissell at panix.com (Duncan Frissell) Date: Mon, 10 Jun 1996 10:22:48 +0800 Subject: Whalepunks, Marginpunks, Gunpunks, Clintonpunks, and Politics Message-ID: <2.2.32.19960609213222.00b3e650@panix.com> At 01:09 PM 6/8/96 -0700, Timothy C. May wrote: >First, a Smith and Wesson is not what the tots should be carrying. An MP-5K >would fit nicely in their bookpacks (especially now that all yuppie kids >carry de rigeur designer backpacks, though mostly for designer water). More >firepower. >My point of view is that while schools should be free of guns, adult >citizens should probably have access to guns. There are, sadly, nutty >people who will use nearly any available weapon to commit mayhem and mass >murder. Rifles, shotguns, axes, knives... And to bring things back somewhat to cypherpunk (or at least technopunk)issues, weapons control (like other forms of regulation) is defeated by technology. Last week's Economist had an article on the first commercially available 3D "printers" or desktop fabrication stations. A bit hard to control weapons when one can just print off a few. In addition other technical advances are bound to put a host of weapons in everyone's hands. You can't disarm a technically advanced population. Too many tools can be adapted to kill. This being the case, you should allow your society to adapt to this reality by getting people used to the concept of self defense, small group defense, and behaving oneself in public. >Remember, "Guns don't kill people, postal workers do." In fact, in 1995 the term to go "postal" entered the vocabulary. As in the sentence "LD went postal and wiped out the whole ballet class." Another Cypherpunks angle lies in the fact that fans of "going postal" have also noted that 14 is a Schelling point for the number of victims of one of these massacres. I wonder why that is? Magazine size? >In general, I think Phill raises some good points about the efficiency of >free markets. However, I doubt that Cypherpunks is the proper forum for >debating economic theory, for various reasons. I lean strongly toward the >free market side, inasmuch as I think most non-free market economies are >actually just cases where the government controls the _single_ corporation >they let run an industry, and thus one gets a worse situation that with the >grossest excesses of capitalism. I always ask the commies how they can guarantee that political complications won't interfere with the perfect implementations of their no doubt superior five year plans. I can guarantee that the commissar's brother-in-law will go bankrupt (if he deserves to) under capitalism. How can they guarantee that under socialism? >However, the reason many of us don't jump in and write defenses of free >markets here (and I would not have except to make my transhumanist joke--so >sue me) is that this list is not "Libernet" nor any of the similar >political discussion lists. Also it's not necessary since markets can take care of themselves these days. "History is on our side." "We will bury you." "The Multinational unites the human race." "Di-electrical materialism dooms both the ancien regime and state capitalism." etc. DCF "A free market is what you get when people are free." From frissell at panix.com Sun Jun 9 19:58:23 1996 From: frissell at panix.com (Duncan Frissell) Date: Mon, 10 Jun 1996 10:58:23 +0800 Subject: US: Domestic Encryption Protected by US Constitution? Message-ID: <2.2.32.19960609214558.00b44844@panix.com> At 10:36 PM 6/8/96 -0700, Timothy C. May wrote: >I don't think we want crypto controlled by the Bureau of Alcohol, Tobacco, >and Firearms, do we? That'd be the BATFC. To be called "bat fuck" in the popular press (but not on the post-CDA Net). DCF "If you have a job opening in a cool climate for an experienced technical author with a solid understanding of cryptography, write to me." From reagle at MIT.EDU Sun Jun 9 22:06:20 1996 From: reagle at MIT.EDU (Joseph M. Reagle Jr.) Date: Mon, 10 Jun 1996 13:06:20 +0800 Subject: Gore opposes unwarranted'' Internet censorship Message-ID: <9606100105.AA23760@rpcp.mit.edu> Sounds good but I had to laugh when I heard it... is he at odds with other members of the administration, or is this rhetoric? > CAMBRIDGE, Mass (Reuter) - Vice President Al Gore said >Friday society should not resort to ``unwarranted censorship'' >on the Internet as an overreaction to protect children from >objectionable material in cyperspace. > In a commencement address at the Massachusetts Institute of >Technology, Gore said government had to assist parents in >protecting their children from exposure to such material. > ``But let me also state my clear and unequivocal view that a >fear of chaos cannot justify unwarranted censorship of free >speech, whether that speech occurs in newspapers, on the >broadcast airwaves -- or over the Internet.'' > ``Our best reaction to the speech we loathe is to speak out, >to reject, to respond, even with emotion and fervor, but to >censor -- no. That has not been our way for 200 years, and it >must not become our way now,'' he said. > In February, President Clinton signed the Communications >Decency Act, which bans making indecent material available to >minors over computer networks. > The American Civil Liberties Union and the American Library >Association have filed suit in a Philadelphia court challenging >the law as unconstitutional, saying it would stifle a broad >range of speech. > In his address at the MIT, Gore stressed the gulf separating >society and science, a theme students had suggested in e-mail >messages to the vice president. He said new technologies >initially break down stable patterns and ``then new ones emerge >at a higher degree of complexity. > ``Societies are vulnerable to misinterpreting the first >stage as a descent into chaos and then overreacting with the >imposition of a rigid, stagnating order,'' Gore told the 2,000 >graduates in an outdoor ceremony. > > > _______________________ Regards, Real generosity toward the future lies in giving all to the present. - Albert Camus Joseph Reagle http://farnsworth.mit.edu/~reagle/home.html reagle at mit.edu E0 D5 B2 05 B6 12 DA 65 BE 4D E3 C1 6A 66 25 4E From jamesd at echeque.com Sun Jun 9 22:23:48 1996 From: jamesd at echeque.com (jamesd at echeque.com) Date: Mon, 10 Jun 1996 13:23:48 +0800 Subject: Anonymous stock trades. Message-ID: <199606100051.RAA27475@dns2.noc.best.net> At 1:15 AM -0400 6/9/96, jamesd at echeque.com wrote: >> Brand [the whales] and herd them like open range cattle: The west did not >> need a government to do that, though they did need to hang a few >> folk who favored a different method of open ranging. At 09:02 AM 6/9/96 -0400, Robert Hettinga wrote: > Ah. Transponders. Could blind-sign 'em. Maritime specific-identity > accounting. Trade 'em on the open market. Actual anonymous er, stock, > ownership? Whale-meat futures on the hoof, er, fin? Thanks for this clarification: I fear my post had a lot of people thinking of whalers sitting around a sagebrush campfire heating extremely large irons red hot. Really large irons. Really, really, really large irons. And a really big sagebrush campfire. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From um at c2.org Sun Jun 9 22:32:51 1996 From: um at c2.org (Ulf Moeller) Date: Mon, 10 Jun 1996 13:32:51 +0800 Subject: Report from Germany on "backdoor" net-censorship Message-ID: [German institutions' cancelling pornography, violence and Nazi propaganda on Usenet will certainly have large international impact. Thus I strongly suggest that you ask for an official translation. I cannot guarantee for this rough translation to be correct. -- Ulf] From: summa at eco.de ("Harald A. Summa") Press Release, June 5, 1996 Internet Media Counsil presents fist measurements for Voluntary Self-Control [Voluntary Self-Control is the doublespeak term for censorship on pornography, violence, etc. It is, of course, not voluntary. um] The leading Internet Serive Providers, on whose initiave the Internet Medienrat, have deciced to found the Internet Content Task Force (ICTF) for the purposes of Voluntary Self-Control. The ICTF will introduce technical and organizational measurements to put up effective control against contents harmful to minors and national-socialist propaganda material. As a first step, the ICTF occupy itself with the News service, and later with other forms of content transport in the Internet as well. The Internet Content Task Force will supply a news server specificially configured for purposes of self-control at DE-CIX, the national data exchange point of the Internet Service Providers. Proof of origin of critical articles will be processed by the server, archived in a data base observing privacy laws, and stored at a central facility. Furthermore, sample news articles will be suject to detailed legal evaluation. Should this result in suspicion or proof of transportation of illegal contents, the ICTF can launch various steps to work against propagation of these contents. For example, it can arrange for blocking of complete newsgroups or retrospect "Cancel" of articles already transmitted. ICTF can direct possible criminal investigation with help of its data base. Criteria for the ICTF's proceed will be developed, evaluated and continuously updated by the Internet Medienrat. As an independant gremium, the Internet Medienrat tries to achieve a social consensus in the use of online media without government [sic! um] censorship. The formation of the Internet Medienrat, which is currently preparing its working basis, is being pushed ahead by Prof. Goetze, COE of Springer Verlag Heidelberg, and eco Electronic Commerce Forum e.V. It will present its members and organization to the public on September 19, 1996. >From govenment side, the Internet Medienrat is supported by the Federal Ministry of Economy. Min. of Economy Rexroth: "I appreciate the German online industry's initiative to found an Internet Media Counsil as a gremium of Voluntary Self-Control." Background Information on the Internet Content Task Force (ICTF) The problem of protection of minors and of spreading national-socialist ideas in the new media - especially on the Internet - is currently being discussed intensively and controversially. Meanwhile, politics and investigation authorities have begun to proceed against the distribution of illegal contents the the Internet. In the past weeks, the press has been reporting intensively about investigations against large service providers. However, the current legal situation gives few starting points for coordinated proceeding. Lawyers cannot even agree on who can and should be punished for distributing contents relevant to criminal law on the Internet. Depending on standpoint and interests, even noted criminal lawyers hold different views. Some do not consider distribution of pornography and national-socialist writings in electronic form punishable at all, others even want to hold service providers responsible for mere transportation of data. Mediating opionions imply that only the author of the message be punishable. The only strong fact in the complete discussion is that the matter -- as always in difficult dogmatic questions in penal law -- will finally be decided by courts. It is also a fact that the true authors of illegal messages -- especially those with an especially high criminal energy -- can be determined only with great difficulty, so that the threat of punishment insofar is void. The solution to this problem is being complicated by the continuing political discussion and superposed by other question complexes. For example, the states regard new media as an extension of their traditional radio regulation competence. They are trying to ensure future influence by an extensive interpretation of the constitutional regulation of competences and the laws and state treaties based on it. The draft State Treaty on Media Services that applies to the whole field of Internet and online services is one result of these reasonings. To create facts in this field, the state treaty shall be passed soon. Lead by the "Future" Ministry, the federation is also working on legal framework for new information and communication services to comprehensively cover the subject. The Ministry of Interior on its side is concerned with restricting Freedom of Communication with priority. This activity has already resulted in the novel Wiretap Law and the Telecommunication Surveillance Decree. Further laws, especially a ban on crytography, are planned. On the European level, a working group initiated on the last G7 conference, is trying to achive international consesus. Legal clarification, which is strictly needed but with still open result, is faced by fear of censorship and too wide-reaching government interference. Since a long time, the leading German Internet Service Providers have been trying to solve the now openly visible conflict betreen the "Information Police State" and the "Anarchy in the Net" as feared by politics. Thus they have propagated founding a Voluntary Self-Control and initiated the formation of an Internet Medienrat. As a further buiding stone, the Internet Content Task Force (ICTF) is now being put to existence. This shall also work against the impression that the main purpose of the Internet were distributiong extremist and pornographic contents. At least this was the result of numerous -- often badly researched -- reports in the recent weeks. They did neither differenciate between the Internet services (Mail, News, WWW, Chat and others), nor present the relation of doubtlessly useful and the less desired contents. ICTF now turns towards the problem in a much more refined way. There, it first will occupy itself with the currently probably most critcal part of the Internet, the so-called News service. The special problem of the News service is that information can be distributed world-wide, yet anonymously. This is different of at least fundamentally more difficult in other parts of the Internet, so that the volume of critical content in the News is comparably high. The ICTF will register the information availible on the origin of news and store them in a data base as to make it possible to determine who has sent an article or disguised the real author's identity, in retrospect. The data base will be kept observing privavy laws and third parties' protection-deserving interests [the Privacy Law puts limits on databases with "protection-deserving" personal information, um]. To avoid abuse, the data will regularly be exported to hard storage and deposited with an attorney. Furthermore, the existing or newly created newsgroups will be classified, so that groups serving to distribute exclusively or predominantly illegal contents can be excluded from further distribution. Sample investigation of articles and analysis of articles as necessary will also make it possible to limit the transportation of individual articles. Founding the ICTF, the Internet Service Providers accept part of the responsibility in forming a modern information society. It is clear that preventive action on a national level cannot stop illegal action on a global level. Thus, the ICTF is a model for similar initiatives in other countries, and is to be seen as an appeal to politics to make their contribution to solving the problem. Currently, the ICTF is the only perceptible approach to respect the need for "Law and Order" and yet leaves the new medium Internet with the freedom needed for futher prosperation. On the other hand, national legislator's attempts to solve the problem on its own will hardly solve the problem, but put severe damage to the economic site Germany. For one thing is clear in the virtual worlds of communication networks: Borders lose their importance, and location is no longer an issue. There is nothing to prevent an enterprise from moving its online activities to a country with less bureaucrary and legal restrictions. First tendencies for migration are already percepted. The Internet Content Task Force is supported be the following Internet Service Providers: CERFnet GmbH, Heidenrod ECRC GmbH, Muenchen, EUnet Deutschland GmbH, GTN GmbH, Krefeld, ipf.net GmbH, Frankfurt, IS/Thyssen Internet Service GmbH, Hamburg, Point of Presence, Hamburg, nacamar GmbH, Dreieich, NTG-X/link GmbH, Karlsruhe, roka GmbH, Duisburg, seicom GmbH, Pfullingen, spacenet GmbH, Muenchen. Further information can be obtained from: eco Electronic Commerce Forum e. V. c/o Harald A. Summa Schaeferkampstr. 19 44287 Dortmund Tel: +49 (0) 231 44 79 49 Fax: +49 (0) 231 44 81 35 E-Mail: summa at eco.de http://www.eco.de/ or attorney at law RA Michael Schneider Dickstr. 35 53773 Hennef / Sieg, Tel: +49 (0) 2242 9270-0 Fax: +49 (0) 2242 9270-99 E-Mail: Michael.Schneider at Anwalt.DE http://www.anwalt.de/ +++ eco - Electronic Commerce Forum e. V. c/o Harald A. Summa Sch�ferkampstr. 19 44287 Dortmund Tel 0231 / 44 79 49 Fax 0231 / 44 81 35 Email info at eco.de +++ From jamesd at echeque.com Sun Jun 9 22:43:56 1996 From: jamesd at echeque.com (jamesd at echeque.com) Date: Mon, 10 Jun 1996 13:43:56 +0800 Subject: [NOISE] "Fascism is corporatism" Message-ID: <199606100023.RAA25303@dns2.noc.best.net> At 12:44 AM 6/9/96 -0700, Rich Graves wrote: [A whole bunch of totally irrelevant boring distractions, amongst them]: > The Encyclopedia Brittanica says of Mussolini: > > He read widely and voraciously, if not deeply, plunging into the > philosophers and theorists Immanuel Kant and Benedict de Spinoza, Peter > Kropotkin and Friedrich Nietzsche, G.W.F. Hegel, Karl Kautsky, and Georges > Sorel, picking out what appealed to him and discarding the rest, forming no > coherent political philosophy of his own To argue that fascism has no philosophy without mentioning Maurice Barres is nearly as silly as arguing that communism has no philosophy without mentioning Marx. If you delete all reference to Fascist philosophers, you will of course come to the conclusion that fascism has no coherent philosophy. Fascism got its epistemology from Barres, and its economic theory from Sorel. Your argument is analogous to someone who argues that communism had no coherent philosophy by talking about Mao as if he had popped out of nowhere, and failing to mention Marx and Lenin. In my opinion the most coherent fascist philosopher that preceded the fascist rise to power was Maurice Barres. (Of course once fascism was on the rise, you got a bunch more fascist philosophers, most of them way to the left of Barres.) This thread in philosophy has continued to the present day, though it was abruptly renamed after the defeat of Hitler. Barres's arguments are logically and philosophically coherent, and are clearly and unambiguously recognizable as the epistemology, and much of the claptrap and rhetoric of fascism, and as the epistemology, and much of the claptrap and rhetoric of modern PC, and we can trace the philosophical thread connecting modern PC to Barres through known Nazi philosophers who not merely philosophized, but also participated actively in Hitler's regime, and to direct and immediate disciples of those philosophers, such as Derrida. > > Many of my readers will think I am excessively harsh, calling Rich > > Graves a liar rather than a fool, but I hear the above story > > (that fascism is not a coherent ideology or philosophy) primarily from > > those whose interests this story serves, and if they genuinely > > thought this story was true, they would not know that it is in their > > interests to push it. > Huh? In English, please. Perhaps I was elliptical in the above. I will restate: The claim that fascism lacks an economic program and/or a philosophy comes primarily from those whose economic program and/or philosophy bears a marked resemblance to fascism. If they were not aware of this resemblance they would not so vigorously seek to redefine fascism as military dictatorship, racism, etc. This leads me to doubt the basic human honesty of those who push this line, and their concern for human lives. > Anyway, I never suggested that there was no such thing as fascist > philosophy; just that fascism was not rooted in a well-developed ECONOMIC > ideology, Revisionism alert: I just deleted vast chunks of text from your message above where you presented negative evidence that fascism had no philosophy, and I was just thinking that maybe I had overdone it and would get flamed for deleting arguments rather than answering them. > and that Tim's definition of corporatism is incorrect both in the > abstract and in the cases of Italian fascism and Nazism. Revisionism alert: Tim gave a perfectly correct definition of corporatism, and you then proceeded to give a very similar definition, and you then proceeded to smear Tim by falsely implying that he gave a silly ignorant definition, radically different to the one he did in fact give. You also have carefully avoided mentioning Sorel, who of course advocated roughly the economic problem that Mussolini attempted to implement, that Hitler did implement, and that Timothy May condemned, long before Mussolini got of the ground. Sure sounds like an economic ideology to me. > > Not only do such concepts as feminist science, phallocentric science, > > etc, strongly resemble such concepts as aryan science, jewish science, > > etc, but they are justified using the same arguments from the same > > philosophers. Indeed Heidegger was not only a philosopher of fascism, > > but he personally participated in Hitler's terror, terrorizing his academic > > colleagues, and Paul De Man of Yale University worked directly for the > > Nazis as a propagandist in occupied Belgium. > Here James demonstrates his absolute mastery of the subject. > > Heidegger only really supported Nazism from 1933-34; in the 40's and > thereafter, he referred to Nazism as a disease. Yeah, right, And the only fifty thousand jews were murdered. :-) Historical Revisionism alert: The above is wildly implausible: You do not call Nazism a disease in Nazi Germany and live to tell of it, let alone call Nazism a disease and get appointed to the important and well paid job of terrorizing your academic colleagues. The above is also infamously false: As rector, Heidegger denounced those of his colleagues he wished murdered as jews, including his own teacher, and he organized paramilitary camps for his students, spouting martial rhetoric about the "inner truth and greatness of National Socialism," see citation below. > He is remembered as an > existentialist, not a Nazi, Historical Revisionism alert: See http://www.inlink.com/~dhchase/heidig.htm for how he is REALLY remembered. Heidegger himself claimed at the time, his political activities grew out of his philosophy, and this claim seems to me to be very obviously true. Indeed what he claimed then is equivalent to what I have been telling you in public and private email: That your ideas lead to people being murdered by the state, and therefore you should consider them more carefully. > though he did join the party when he became the > rector of Freiburg. Historical revisionism alert: His most infamous work was his laudatory speech on Hitler given when he was appointed rector of Freiburg. In addition he never disowned his works on the "jewish problem". As rector he imposed Nazism on his colleagues by the usual means. > The fact that Paul de Man, in his early years in Nazi-occupied Belgium, > wrote antisemitic propaganda for a number of local collaborationist journals > was not discovered until four years after his death (by Ortwin de Graef). The fact that Paul de Man's philosophy had a very strong resemblance to fascist philosophy was discovered considerably earlier. The fact that he also wrote the kinds of racist propaganda that are no longer politically correct was merely the icing on the cake. > By the way, I voted for Bush, and no matter how many times you contradict > me, I know I don't support the government's actions at Ruby Ridge. Revisionism alert (or perhaps in this case merely a reinterpretation alert): In previous mail you claimed it was not a government action, it was just a few FBI guys running amuck entirely on their own initiative. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From declan+ at CMU.EDU Sun Jun 9 23:05:36 1996 From: declan+ at CMU.EDU (Declan B. McCullagh) Date: Mon, 10 Jun 1996 14:05:36 +0800 Subject: Gore opposes unwarranted'' Internet censorship In-Reply-To: <9606100105.AA23760@rpcp.mit.edu> Message-ID: Excerpts from internet.cypherpunks: 9-Jun-96 Gore opposes unwarranted'' .. by Joseph M. R. Jr. at MIT.EDU > Sounds good but I had to laugh when I heard it... is he at odds with > other members of the administration, or is this rhetoric? Heh. It's rhetoric, but it's also a sign of the shift in political tides in DC. Now it's possible for politicos to claim the CDA went a bit too far -- but they waited for a broad, corporate, mainstream challenge to the CDA and a negative reaction to the DoJ's arguments from the judges before they felt comfy taking this position. Jack Fields, chair of House telecom subcom, made similar mouthings last month in a speech I reported on in this month's (or was it last month's) Internet World. Also check out my f-c dispatch #13 for background on Gore's stand. -Declan From declan+ at CMU.EDU Sun Jun 9 23:07:07 1996 From: declan+ at CMU.EDU (Declan B. McCullagh) Date: Mon, 10 Jun 1996 14:07:07 +0800 Subject: Anti-Scientologists In-Reply-To: <199606091713.TAA18786@basement.replay.com> Message-ID: Excerpts from internet.cypherpunks: 9-Jun-96 Re: Anti-Scientologists by Anonymous at REPLAY.COM > Truth #1: It is a religion > Truth #2: It is no longer a cult, since the leader is dead. Truth #1: It is indeed a religion. First Amendment advocates need to tread carefully when dealing with the Church of Scientology, I believe. Truth #2: Cults can exist in the absence of a charismatic leader. -Declan From furballs at netcom.com Sun Jun 9 23:07:32 1996 From: furballs at netcom.com (Paul S. Penrod) Date: Mon, 10 Jun 1996 14:07:32 +0800 Subject: In-Reply-To: Message-ID: On Sun, 9 Jun 1996, Dr.Dimitri Vulis KOTM wrote: > I think it would take very few 'depopulation' incidents to improve manners. > Humans, like rats, are very good at learning from others' mistakes. > A brief survey of history reveals that humans are more anxious to repeat the mistakes of their peers and forebearers than to learn from them. It's not that they don't learn, but fail to pass the wisdom on to their progeny. Not to mention that the average retention span is quite low. Or you could exhume the old argument that stupid people shouldn't breed. :-) ...Paul From llurch at networking.stanford.edu Sun Jun 9 23:25:18 1996 From: llurch at networking.stanford.edu (Rich Graves) Date: Mon, 10 Jun 1996 14:25:18 +0800 Subject: Netly News on Info War In-Reply-To: <199606091954.PAA25299@mailhost.IntNet.net> Message-ID: Pathfinder's ever-cheesy Netly News, www.netlynews.com, carried a story June 5th called "InfoWar is Hell" reacting to the Sunday Times cyberterror report. http://pathfinder.com/@@V1G2VgUAwN2g0jLY/Netly/daily/960605.html Pretty good story IMO. June 7th story was on the rec.music.white-powder troll. People who actually bothered to look at news.groups will be pleased to see the laurels heaped on the votetaker, but displeased that my attempts to get the reporter to POINT PEOPLE TO NEWS.GROUPS were unsuccessful. URL http://pathfinder.com/@@V1G2VgUAwN2g0jLY/Netly/daily/960607.html If for whatever reason you want the 3MB raw results, I have a copy at http://www.stanford.edu/~llurch/potw2/rec.music.white-powder that's probably easier to get to than ftp.uu.net. -rich From jya at pipeline.com Sun Jun 9 23:33:26 1996 From: jya at pipeline.com (John Young) Date: Mon, 10 Jun 1996 14:33:26 +0800 Subject: TST on Cyber Terror Inquiry Message-ID: <199606100036.AAA24146@pipe3.ny3.usa.pipeline.com> The article Winn Schwartau cited today and a related column: ---------- The Sunday Times (London), June 9, 1996, p. 1/8 Secret DTI inquiry into cyber terror [Insight Column] The government has been holding a secret investigation into attacks by "cyber terrorists" on the City of London for more than two years. The Department of Trade and Industry (DTI), Bank of England, GCHQ, the secret listening station, and the Defence Research Agency (DRA) are involved in the inquiry. The existence of the investigation, which began in April 1994, emerged after The Sunday Times revealed last week that banks, broking firms and investment houses had paid millions of pounds to gangs that threaten to wipe out computer systems. Correspondence from the investigating authorities, seen by Insight, include letters from civil servants saying they are "extremely concerned" at the evidence of extortion demands. Yesterday the DTI issued a statement confirming the inquiry and suggesting its work had been hampered by the lack of co-operation from City institutions. "We are very interested in the allegations of extortion directed at City of London institutions which were brought to our attention in 1994. We responded then by involving many government organisations, including the DTI, the police, the Bank of England and other agencies. So far, we have not been presented with any hard evidence from victims. We would urge those threatened to come forward," a spokesman said. In one letter, dated May 1995, David Hendon, director of DTI technical affairs, wrote to a company specialising in computer security work stating that he was taking the City extortion issue "extremely seriously". Insight has since seen the evidence passed to the DTI and GCHQ which sparked the investigation. In 1994, a consultant working for a company which undertakes computer risk assessments for City institutions compiled a table of 46 attacks on banks and finance houses in New York, London and other centres, starting in January 1993. The list included details of raids on three British banks and one American investment house. The documents suggested that operations in the futures markets had been a focus for some of the attacks. Documents sent by the DRA, from the office of Professor David Parks, a senior director, indicate that the agency is especially interested in the "weaponry" deployed by the cyber terrorists. The agency believes high-intensity radio frequency (HIRF) guns may have been used to black out trading positions in City finance houses. The weapon disables a computer by firing electromagnetic radiation at it and is a "black programme" at the defence ministry, one of the highest security classification levels. Last December, Parks approached a company which specialises in defensive measures against information warfare and carries out work for GCHQ. For a L30,000 fee it was asked to arrange a demonstration of a portable HIRF weapon in Germany. Details of the HIRF weaponry and its use in the City have also been compiled by Computing magazine, which intends to pass them to the DTI and other authorities. [End] ---------- [Related column, p. 2/4] Held to ransom by superhighway-men Private Account [Column] By Jeff Randall Forget Butch Cassidy and the Sundance Kid, the world's financial institutions have a new type of bank robber to deal with -- the cyber terrorist. Before you start thinking it sounds like science fiction, consider this: the Department of Trade and Industry (DTI) this weekend confirmed there is an official investigation into "raids" by gangs of computer experts who threaten to wipe out electronic information and trading systems, unless they are paid off. The DTI spoke out after last weekend's scoop by the Sunday Times' Insight team revealing that some of London's best- known institutions have paid huge ransoms to "electronic highwaymen" to prevent the meltdown of computer networks. These revelations have sent a shiver up the spines of the City's top banks. Financiers are terrified the emergence of a gaping hole in their systems will cause a loss of investor and customer confidence -- and rightly so. Can you imagine calling your stockbroker to buy a few thousand ICI shares, only to be told its entire information bank had been blown away by a Dick Turpin with a PhD in electronic engineering? If, like me, you know nothing about computer technology, and care even less, the temptation is to dismiss the problem as the creation of Arthur C Clarke. But the DTI has acknowledged for the first time that an investigation into these "attacks" has been under way for two years. The Bank of England and GCHQ, the government's secret listening station, are working alongside the DTI in the inquiry. Agencies in Britain and America believe there have been more than 40 raids on investment firms in New York, London and other European financial centres since 1993. Victims are understood to have paid up to L13m a time after blackmailers showed their ability to bring electronic trading in shares, bonds and commodities to a halt. Futures-market systems have been a favoured target of the space-age bandits. In some cases, the blackmailers have used technology developed by military scientists. But here is the paradox: the DTI has been hampered by the reluctance of City firms involved to co-operate. Extortionists have so frightened the investment houses, they fear reprisals if they are discovered helping official agencies track down the gangs. There is also concern that an admission of the threats would diminish confidence in the banking system and create a loss of face for the victims. A banker told Insight: "You will never get a financial institution to admit it has an extortion policy, let alone that it has paid money." That begs the question: who in London has paid up? Insight has been told of at least four blue-chip firms caving in to extortionists. For the time being, we have agreed to keep certain information confidential to preserve the integrity of the institutions while the agencies investigate. But the names will eventually surface, and then there will be some serious explaining to do. [End] From jamesd at echeque.com Sun Jun 9 23:36:18 1996 From: jamesd at echeque.com (jamesd at echeque.com) Date: Mon, 10 Jun 1996 14:36:18 +0800 Subject: Anti-Scientologists Message-ID: <199606100121.SAA29907@dns2.noc.best.net> At 07:13 PM 6/9/96 +0200, Anonymous wrote: >Truth #1: It is a religion >Truth #2: It is no longer a cult, since the leader is dead. Truth number 3: It charges fifty thousand dollars or so for secrets of "religous technology" that are available free of charge on the internet. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd at echeque.com From frissell at panix.com Sun Jun 9 23:48:25 1996 From: frissell at panix.com (Duncan Frissell) Date: Mon, 10 Jun 1996 14:48:25 +0800 Subject: Report from Germany on "backdoor" net-censorship Message-ID: <2.2.32.19960609235723.00b35b20@panix.com> >Criteria for the ICTF's proceed will be developed, evaluated and >continuously updated by the Internet Medienrat. As an independant >gremium, the Internet Medienrat tries to achieve a social consensus >in the use of online media without government [sic! um] censorship. Is that any relation to the Judenrat that ran the inside of the Ghettos and Concentrated Camps during the late unpleasantness in Deutschland? DCF From jimbell at pacifier.com Mon Jun 10 00:11:59 1996 From: jimbell at pacifier.com (jim bell) Date: Mon, 10 Jun 1996 15:11:59 +0800 Subject: Anonymous computer contractors Message-ID: <199606100240.TAA25079@mail.pacifier.com> At 01:24 PM 6/9/96 -0500, Igor Chudov @ home wrote: >Dr.Dimitri Vulis KOTM wrote: >[we were discussing jimbell's assassination clearinghouse - Igor] > >> > Maybe your hint really makes sense and after initial depopulation the >> > citizens will use different, more considerate, ways of dealing with each >> > other. >> >> I think it would take very few 'depopulation' incidents to improve manners. >> Humans, like rats, are very good at learning from others' mistakes. > >Alright, but since quite a few people have quite a few present enemies, >the depopulation may be severe enough. I disagree. While each of us may arguably have a number of enemies, if our lists were compared I think most of those enemies can be located in a relatively tiny group of people, most of whom exercise government authority. Eliminate them, and a relatively small number of criminals, and it'll be a rather safe and pleasant society. > The only hope is that the assassin market will become tight. I think that the _need_ will drop long before the supply of potential assassins will. Resignations will occur, and criminals will straighten up quickly. Jim Bell jimbell at pacifier.com From tcmay at got.net Mon Jun 10 00:28:50 1996 From: tcmay at got.net (Timothy C. May) Date: Mon, 10 Jun 1996 15:28:50 +0800 Subject: Gore's speech writers Message-ID: At 1:02 AM 6/10/96, Joseph M. Reagle Jr. wrote: > Sounds good but I had to laugh when I heard it... is he at odds with >other members of the administration, or is this rhetoric? > [Gore speech elided] You want a serious answer? "Speech writers." Guys at the level of Gore rarely compose their own thoughts. They depend almost wholly on speech writers. William Safire, Patrick Buchanan, etc. (I don't follow Clinton and Gore, so I don't know who their speech writers are.) I read an interesting op-ed piece about how wonderful Bob Dole's resignation-from-the-Senate speech was, about how resonant and thoughtful it was. But the piece went on to point out that the speech was "un-Dole-like." Turns out it was written by Mark Helprin, a former WSJ writer and current novelist. Dole is just a typical politician. Gore is also just a typical politician. To an MIT or CMU crowd he'll give a speech about the importance of free speech. To a San Francisco crowd he'll give a speech about the need to create methods of self-policing of hate speech and limits on speech critical of gays. To a graduating class at "The Farm" he'll give a speech about the reasons the CIA and NSA must wiretap all communications. To his St. Alban's 30th Reunion buddies he'll reminisce about how much fun it was to sit there on Dad's lawn overlooking the Potomac smoking dope. To the Drug Enforcement Administration he'll give a pep talk on how DARE is successfully getting more and more children to narc out their parents. And so it goes. Politicians say what they think their audience wants to hear. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From declan+ at CMU.EDU Mon Jun 10 00:30:48 1996 From: declan+ at CMU.EDU (Declan B. McCullagh) Date: Mon, 10 Jun 1996 15:30:48 +0800 Subject: More on LolitaWatch Message-ID: http://www.internetworld.com/iw-online/July96/news.html CDA Watch: DoJ Proposes Tagging Underage Users According to the press release, Nubility Inc. had released LolitaWatch, a network utility that detects "nubile young teens" online by checking for the federally mandated "age bit" in TCP/IP packets. But like the original novel, which parodied an older man's lust for a lascivious teen, LolitaWatch is a hoax, designed to illustrate the dangers of attaching age information to this workhorse Internet protocol. The proposal for an age bit is a serious one. Advanced during the Philadelphia court challenge to the Communications Decency Act (CDA), it's part of what American Library Association (ALA) attorney Bruce Ennis calls the Department of Justice's (DoJ's) "efforts to redefine the way the CDA is written." [...] If the high court strikes down the CDA, Congress will try again. Jack Fields (R-Texas), chair of the House telecommunications subcommittee, said in May: "We should be ready with a response--[pornography] is a real problem. I have a six-year old and I get concerned about that. I want a real solution that works. The CDA was driven by emotion and not by real policy." Forty years ago, media hype gave Lolita a reputation as an obscene novel and prompted the French, Argentine, and New Zealand governments to censor it. But Vladimir Nabokov's work contained not one explicitly sexual passage. Without reading the book, customs agents never knew that it was a sad parody of an old man's fantasy lust for a young girl. The Net censors seem to have found in the Internet a modern Lolita--which they understand just about as well as the 1950s customs agents understood Nabokov. --Declan McCullagh From bgrosman at healey.com.au Mon Jun 10 00:46:38 1996 From: bgrosman at healey.com.au (Benjamin Grosman) Date: Mon, 10 Jun 1996 15:46:38 +0800 Subject: New Encryption Algorithm and Program Message-ID: <1.5.4.32.19960610011120.006b41cc@healey.com.au> Hello there everyone subscribing to this mailing list... My name is Benjamin Grosman and I am a 17 year old student from Sydney, Australia...but please, don't hold any of that against me :) Anyway, for my major assignment I wrote an encryption program under Turbo Pascal for Dos, version 7.0, and for this program I developed the algorithm myself... Now, what I am wodnering is, is there anyone on this list who might be interested in testing my program, and or analyisng the strength of the encryption and reporting there findings back to me? The more people who are knowledgeable in the field of encryption who want to have a look, the better, so please, don't hesitate, as I would really appreciate all input.... As you all might have guessed, I am definitely pro-encryption. I have some particularly malicious "friends" who go to great pains to find out what you typed in your latest assignments...before they are due...and so I have undertaken this project out of necessity as much as interest, and I find the US governments ban on the exportation of cypher technology and knowledge a great burden on the academic community in their efforts to further their knowledge...but please don't sledge me for my views, just please respond to: bgrosman at healey.com.au if you are interested in obtaining a copy of my program... Many thanks.... Ben From declan+ at CMU.EDU Mon Jun 10 01:05:38 1996 From: declan+ at CMU.EDU (Declan B. McCullagh) Date: Mon, 10 Jun 1996 16:05:38 +0800 Subject: Fight-Censorship Dispatch #13: The Second Great Net Panic Message-ID: ----------------------------------------------------------------------------- Fight-Censorship Dispatch #13 ----------------------------------------------------------------------------- The Second Great Net Panic ----------------------------------------------------------------------------- By Declan McCullagh / declan at well.com / Redistribute freely ----------------------------------------------------------------------------- In this dispatch: The Second Great Net Panic grips Washington, DC Bruce Taylor tries a "finger" gambit DFC online copyright action alert, press conference Deputy Atty General slams Net, calls for central control Al Gore decries "unwarranted censorship?" June 9, 1996 WASHINGTON, DC -- As a wet spring steams into a muggy summer, the Second Great Net Panic has gripped the nation's capital. It could be the humidity. The same waterlogged air that makes my keyboard stick about this time every year forces lobbyists and legislators indoors to catered receptions and air-conditioned hearing rooms where they catalog the dangers of the Net. Or perhaps election year politics lends this scaremongering rhetoric its rough, serrated edge. Whatever the cause, it's clear that last year's cyberporn scare -- centering around online smut and leading to the passage of the Communications Decency Act -- is dwarfed by this year's fevered attempts to control the Net. That is, you ain't seen nothin' yet. In the last two weeks: * The Federal Trade Commission held two days of hearings to decide how to regulate web sites that collect personal information about children. * Sen. Sam Nunn (D-GA) announced at a Senate investigations subcommittee hearing that his suspicions of evil cryptohackers lurking on the Net mean the CIA and NSA must be permitted to snoop domestically, a practice long prohibited by law. * The Clinton administration responded to Congressional attempts to liberalize export controls on strong encryption with a "Clipper III" white paper, and a blue-ribbon NRC report recommended only minor changes in U.S. crypto export policy. * The Senate Judiciary Committee held hearings where witnesses from the Hollywood copyright lobby testified that copyright thieves plague the Net. * A House Judiciary subcommittee is planning a final markup of HR2441, a terribly restrictive online copyright bill similar to one the Senate is considering, this Wednesday. * The Defense Information Systems Agency released a report claiming that hackers tried to break into Pentagon systems 250,000 times in 1995. * The 1997 Defense Authorization Bill will give the White House six months to report on "the national policy on protecting the national information infrastructure from strategic attack." * At the first-ever "CyberCongress" hearing held by a House committee, representatives complained about being flamed through anonymous remailers and said there should be accountability online. * Today's Sunday Washington Post featured an article by Richard Leiby on the first page of the Outlook section bashing "self-indulgent dross" and "crap" on the Net: "I took out the Internet trash and found there wasn't much left." * Sen. Orrin Hatch (R-UT), chair of Senate Judiciary, held a hearing on June 4 where family values activists testified in support of Hatch's bill that gives you 15 years for creating or viewing a GIF that "appears to be" or is said to be kiddie porn -- even if it's actually a morphed photo of an adult. * Journalist Lew Koch unearthed an alarmist speech by Deputy Attorney General Jamie Gorelick slamming not just nonescrowed crypto but the "social problems" of the Net -- and calling for a new "Manhattan Project" and even a new Federal agency to start "devising and implementing solutions." That's the bad news, and the good news is far from reassuring. Some Congressperns are starting to learn about the Net and the Internet Caucus' membership is growing. The computer industry has begun to become more involved in the legislative process, but they're up against well-entrenched opposition. The EFF's Mike Godwin had it right when he wrote to me earlier today: "Every agency wants a bite of jurisdiction over the Internet." I'm not placing any bets on the eventual outcome of the Second Great Net Panic, especially when protect-our-children rhetoric comes laced with protect-our-country slogans. But I know the summer's starting and some of the keys on my workstation are starting to stick. Yesterday I spent a sweaty afternoon performing open-keyboard surgery to try and get my home row working again. So I'm not too optimistic... +-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+ BRUCE TAYLOR TRIES A "FINGER" GAMBIT +-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+ Bruce Taylor, the former Federal smut-buster and chief architect of the CDA, is at it again. This time the Brucester is weighing in on the New York CDA case with an expanded copy of the amicus brief he first filed in the Philly lawsuit in which I'm a plaintiff. When I spoke with him last Thursday, Taylor sketched out his latest argument in favor of the CDA -- that it's constitutional because the "finger" service can be modified to return info about whether someone's an adult or a child. "I just learned about 'finger' a few weeks ago," Taylor said. His brief reads: Though the testimony is disputed between the parties, there is evidence in the record to show that there ways to comply with the CDA that are presently available, other means that are possible and trivial to institute, and there will undoubtedly be more and easier ways to comply in the future. Potential mechanisms of compliance include... agreement on an -L18 or digital or access provider user or some other mechanism or combination of devices which allow content providers to identify adult visitors to their sites, pages, or GIFs and thereby exclude children (such as refinement of the PRESENT METHOD OF FINGERING to identify the name of a visitor so that the visitor's access provider or ISP releases the users age as well as his or her identity -- a fact no less anonymous), [Emphasis mine. --DBM] Of course, Taylor's suggestion of putting an "A" or "C" (adult or child) flag in the info returned by finger creates more problems than it solves. Most online services don't provide information about users via finger daemons. More to the point, such a proposal would let any unscrupulous net.lurker troll for "C" flags -- not exactly the best way to protect children! +-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+ DIGITAL FUTURE COALITION ACTION ALERT, PRESS CONFERENCE +-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+ In response to a planned House subcommittee markup of its ill-bred copyright legislation this Wednesday, the Digital Future Coalition is planning a press conference at 9:30 am this Tuesday, June 11, at the National Press Club in Washington, DC. Presenters at the press conference include the Consumer Federation of America, the National Education Association, the American Committee for Interoperable Systems (including Sun Microsystems and America Online), and the Home Recording Rights Coalition. Other members of the DFC include the American Library Association, the Electronic Frontier Foundation, People for the American Way, and the Electronic Privacy Information Center. ----------------------------------------------------------------------------- DIGITAL FUTURE COALITION ACTION ALERT From dfc at alawash.org Imminent Congressional action on NII copyright bill threatens consumers, students, and other Internet users Your immediate contacts with key House Judiciary Subcommittee Members critical! The House of Representatives Subcommittee on Courts and Intellectual Property will meet in the next few days to vote on H.R. 2441, the NII Copyright Protection Act. Call subcommittee members who represent you or to your institution NOW and tell them that this badly imbalanced bill shouldn't be voted on unless and until all of the following problems are addressed. If passed in its current form, H.R. 2441 would: * Make it a crime to manufacture the next generation of VCRs, personal computers and other digital devices needed for recreational and educational use by adding a sweeping and overbroad new Section 1201 to the Copyright Act; * Make simply browsing the Internet a violation of the law without a license from copyright owners; * Prevent teachers from using computers to their full potential in "distance education" efforts that bring electronic classrooms to kids, especially in rural communities and for the disabled; * Subject computer system operators -- including online services and networks at schools and libraries -- to potentially crippling liability for the copyright violations of their users. Please immediately fax a letter to -- AND CALL -- all members of the House Judiciary Subcommittee on Courts and Intellectual Property who represent you or an institution with which you are affiliated. These contacts must be made NO LATER THAN Tuesday, June 11 and preferably sooner. Address contacts to the Congressperson, but direct your letter or call to the appropriate staffer. [URL at the end. -DBM] +-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+ DEPUTY ATTY GENERAL SLAMS NET, CALLS FOR CENTRAL CONTROL +-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+ It's scaremongering at its finest. That's all I can think after I read the text of a speech Deputy Attorney General Jamie Gorelick gave earlier this year at the Air Force Academy. Gorelick starts with the time-honored horror gambit of terrorists, child pornographers, organized crime groups, and hackers -- but then moves on to rail against the social problems she's found on the Net. "Email flames" and "faceless" chat rooms are threats to family values, she claims. Then she calls for a centralized government agency to deal with the problem of the Internet. Clearly, she says, we need a "Manhattan Project" to fight cybernastiness and net.terrorists: We clearly need one focal point in the government to take the lead in addressing this issue comprehensively -- to develop national policy, coordinate the necessary other agencies, and with industry on developing solutions. We need the equivalent of the "Manhattan Project" to address the technological issues and to help us harden our infrastructures against attack. It might be that we can just designate an existing agency to take the lead. Or we may need a new agency or some interagency body to perform the task... Jeanne Devoto (jdevoto at well.com) writes: [It's an] attempt to conflate the threat of computer intrusion with the "threat" of open access to a mass medium. If such a conflation is widely successful, we could see "We must pass this measure to license Internet users/ban indecent language/impose FCC regulation on ISPs - in order to combat the threat of computer crime!" Computers are the equivalent of nuclear weapons? Maybe treating software as a munition makes sense after all. +-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+ AL GORE DECRIES "UNWARRANTED CENSORSHIP?" +-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+-=-+ Al Gore sure knows how to play to an audience -- even if it's a bunch of computer geeks who don't like how the White House has embraced and defended the Communications Decency Act. During his commencement address at MIT on June 7, Gore said: But let me also state my clear and unequivocal view that a fear of chaos cannot justify unwarranted censorship of free speech, whether that speech occurs in newspapers, on the broadcast airwaves -- or over the Internet. Our best reaction to the speech we loathe is to speak out, to reject, to respond, even with emotion and fervor, but to censor -- no. That has not been our way for 200 years, and it must not become our way now. Talk is cheap. It's now possible for Washington politicians to speak out against the CDA -- but only because so many mainstream industry and academic groups coalesced around the ALA/CIEC lawsuit. When it counted, Gore did nothing to halt the morality crusaders who pushed the "indecency" standard through Congress. In fact, he embraced the bill, saying in an interview with the Wall Street Journal: This is an early Christmas for consumers. It's a terrific bill... Every concern the president expressed about the initial legislation has been dealt with on a bipartisan basis. He also issued a statement on December 20, 1996: Today we had a victory for the American economy and the American consumer with the bipartisan agreement to create a telecommunications industry for the 21st Century in a way that will lower prices, increase and improve services in telecommunications and preserve the diversity of voices and viewpoints in television and radio that are essential to our democracy. Stay tuned for more reports. ----------------------------------------------------------------------------- A clarification to Dispatch #12: Cherry v. Reno has not yet been formally consolidated with Shea v. Reno. Mentioned in this CDA update: Deputy Atty Gen Jamie Gorelick's speech slamming Net, calling for controls: http://fight-censorship.dementia.org/dl?num=2733 Complete DFC copyright Action Alert, with legislator contact info: http://fight-censorship.dementia.org/dl?num=2740 Declan McCullagh on "LolitaWatch" and -L18 -- July '96 Internet World: http://www.internetworld.com/iw-online/July96/news.html Declan McCullagh on CDA hearings -- June '96 Internet World: http://www.internetworld.com/iw-online/June96/news.html Bruce Taylor's amicus "finger" brief in NYC CDA lawsuit: http://fight-censorship.dementia.org/dl?num=2736 NRC crypto report now online, thanks to John Young: http://pwp.usa.pipeline.com/~jya/nrcindex.htm Brock Meeks on Sen. Sam Nunn's plans for domestic snooping: http://www.hotwired.com/netizen/96/23/campaign_dispatch3a.html Al Gore speaks at MIT about dangers of net.censorship: http://fight-censorship.dementia.org/dl?num=2737 Al Gore's 12/95 statement on Telecommunications Act of 1996: http://fight-censorship.dementia.org/dl?num=478 Al Gore calls Telecommunications Act "early Christmas" present: http://fight-censorship.dementia.org/dl?num=469 Al Gore speaks at Penn, greeted by anti-CDA protests: http://fight-censorship.dementia.org/dl?num=1170 Creative Incentive Coalition on copyright, pro-HR2441: http://www.cic.org/ Digital Future Coalition on copyright, anti-HR2441: http://www.ari.net/dfc/ Brock Meeks on online copyright: http://www.hotwired.com/muckraker/96/20/index3a.html U.S. Congressional Internet Caucus: http://www.house.gov/white/internet_caucus/netcauc.html Fight-Censorship list Rimm ethics critique Int'l Net-Censorship Justice on Campus This document and previous Fight-Censorship Dispatches are archived at: To subscribe to future Fight-Censorship Dispatches and related announcements, send "subscribe fight-censorship-announce" in the body of a message addressed to: majordomo at vorlon.mit.edu Other relevant web sites: