Mountain Meadows Summary

the wagon train in question at Mountain Meadows, which is about 10-15 miles south of Enterprise and 40 miles northwest of St. George on the Spanish Trail was beseiged by the Paiute Indians who had tolerated the wagon trains for many years. However, this train was insufficiently provisioned and they plundered both the Indians and the few settlers in the region for provisions. With at least 50 armed and mounted men, they were a significant force in the region at that time. The Paiutes called on the local Mormons to help destroy them, or face attack from the Indians themselves. Perceiving the wagon train as part of the general threat to their community, John D. Lee alledgedly lured them from their wagon train and the Paiute murdered all but a few of the children.

However, given the continued persecution of the Saints for almost thirty years, persecution which even followed them to vast empty lands of the Utah Desert, the belief the wagon train was a group of prior persecutors from Missouri, and the imminent presence of a full United States Army to occupy Utah, there was substantial and justifiable fear among Lee and his fellow settlers.

The true facts of John D. Lee's actual involvement in the Massacre will never be known. There is no positive indication that anyone other than Lee was involved; the community he founded immediately shunned him, even to the point of threats and ostracizing his children. Given John D. Lee's fervor, he may have made the decision himself, therefore assuming the responsibility in the eye of a very biased federal territorial judge sent from Washington to enforce new federal laws which encompassed confiscation of Mormon property and dissolving the church. Despite Lee's denials, and no material witnesses of fact. John D. Lee was tried a second time and executed more than ten years after the incident.

It is recorded that Jon D. Lee walked to his execution at Mountain Meadows after his bitter final declaration, saying to his executioners:

"...aim for the heart, boys. Don't sully the flesh."

Unfortunately, the Mountain Meadows is always one of the first items printed; in this case, even of questionable historical accuracy, after the usual overstated references to polygamy without regard for the economic and social necessity of the extended families in a society with so many more widowed and unmarried women then there were men, to assemble complete family units.

Polygamy, for instance, existed in the Old Testament times, basically for the same reasons, and with basically similar rules.

John D. Lee Biography
John D. Lee - Last Words
NOW, LET'S KEEP THIS OFF THE LIST. join the newsgroup alt.religion.mormon if you wish to argue; it has been "sniper's alley" ever since its founding. **************************************************************************** .> Ryan Russell/SYBASE writes: .> .> > I guess that depends on your definition of liberty. The Mormons > > originally moved there to have a place to practice their religion, > > and have freedom from persecution. I suppose one could extend that > > to wanting a place to have the freedom to have a set of rules consistant > > with their beliefs. Should that include freedom from interferance from > > folks such as yourself who want to change their rules, even though > > you're not presently effected? .On Sun, 29 Sep 1996, Dr.Dimitri Vulis KOTM wrote: .> .> It's worth noting that one of Utah mormons favorite pastimes was to ambush .> the settlers heading for California, kill them all, and take their property .> However the mormons were dealt with much less severely than the .> local Indians who tried the same tricks. Pity. .> on 10/02/96 at 10:28 PM, "Paul S. Penrod" said: .Ah yes, the Mountain Meadows Massacre. I was wondering when you might trot .that little bit of revisionist history out for display. BTW, its your .revison of history, not the way it was recorded by many other sources, .including first hand accounts by people who had witnessed the whole affair .and recorded it in their journals, some of which made it to the National .Archives and was researched almost 8 years ago in order to raise a monument .to those mem and women who were felled there courtesy of a miscommunication, .a late communication and the US Calvary. .You might want to read a *real* historical account of what actually happened .before sounding off and leading the rest of us to believe you are a graduate .of the Leon Panneta Fact Reporting School of Spin Doctoring. ....Paul -- "I don't make jokes. I just watch the government and report the facts." --Will Rogers From dlv at bwalk.dm.com Thu Oct 3 05:25:56 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 3 Oct 1996 20:25:56 +0800 Subject: Utah as a Religious Police State In-Reply-To: <199610030114.SAA07185@adnetsol.adnetsol.com> Message-ID: "Ross Wright" writes: > > > Uh, in Utah, Jews are Gentiles. No lie. > > Yeah, I knew that. I know plenty, and there are many pages for > recovering Mormons. Believe me, I've been there. I could go on about > my personal experiences of being on the "fast track" to church > leadership, but that's the point. I would rather not hear about it > here. Does LDS have an official position on GAK? (We have at least one mormon asshole here, attilla, who's obviously pro-GAK) --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From grafolog at netcom.com Thu Oct 3 05:26:42 1996 From: grafolog at netcom.com (jonathon) Date: Thu, 3 Oct 1996 20:26:42 +0800 Subject: How might new GAK be enforced? In-Reply-To: Message-ID: On Wed, 2 Oct 1996, Steve Schear wrote: > Another possible monkey wrench is to send non-GAK messages containg random > data. Since the entropy of encrypted and RNG data should be identical you Send things like the contents of alt.binary.pictures.something only use every other line of the encoded material in them. Intersperse that with your normal e-mail, and never have headers for anything. And lets not forget that alt.binary.pictures.something is a great place to send/recieve encrypted messages that 99.99% of the viewers won't realize are encrypted messages. From unicorn at schloss.li Thu Oct 3 06:47:16 1996 From: unicorn at schloss.li (Black Unicorn) Date: Thu, 3 Oct 1996 21:47:16 +0800 Subject: Fw: Re: ITAR satellite provision In-Reply-To: <9610030712.AA02002@srzts100.alcatel.ch> Message-ID: On Thu, 3 Oct 1996, Remo Pini wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Mime-Version: 1.0 > Content-Type: text/plain > Content-Transfer-Encoding: 7bit > > To: cypherpunks at toad.com > Date: Thu Oct 03 08:09:13 1996 > > - -----Begin Included Message ----- > > Date: > From: > To: jimbell at pacifier.com > Cc: > > To: jimbell at pacifier.com > Date: Thu Oct 03 08:08:42 1996 > > >* A launch vehicle or payload shall not, by reason of the launching > > >* of such vehicle, be considered an export for purposes of this > > >* subchapter. > > Okay, everybody, call Estes! We've got some crypto to export...er...laun > > ch! > If I get the above wording correctly (unicorn, help me!), it is sufficient > to put the cryptostuff on a disc in a LAUNCHABLE device, it never says that > the payload has to be delivered by air. So, just put that thing in a bag > and get it through customs... (or does "by reason of ..." mean that the > exclusive means of export allowed is launching ?) The launching alone will not cause it to be an export. If it is launched and then ends up outside the U.S., it could be an export. Certainly if it is launched with the purpose of exporting crypto, it will be an export. > > remo pini > > - ------< fate favors the prepared mind >------ > Remo Pini rp at rpini.com > PGP: http://www.rpini.com/crypto/crypto.html > - ----< words are what reality is made of >---- > > - ---- End of forwarded message ---- > - ------< fate favors the prepared mind >------ > Remo Pini rp at rpini.com > PGP: http://www.rpini.com/crypto/crypto.html > - ----< words are what reality is made of >---- > -----BEGIN PGP SIGNATURE----- > Version: 2.6.3i > Charset: noconv > Comment: http://www.rpini.com/crypto/crypto.html > > iQEVAwUBMlNYihFhy5sz+bTpAQFnxwf/dvzBi/4wSb2IRUJfrpWGtIiHeq+BODKO > p+4P1Lqqh5aPPyjI38I8M0d7/KBrpIHAveQ7UNo2W42WrDHgieFJV55c0H8Envj/ > +FOJu9KLR9Z6bQ327jYjmKCTbfdveRiZQX++/4eSud+LMtkByCzLv8IsGPjvKeTw > 6fBxH1Zq0EUJuOGNFUx8hCqe6IssYyrr99DLFisfxdAFBdo5lP0ujNzQ/ov4iqki > qnFBugIViHikldzbq9e7KnASKP4RhkwAYpnJ85dlHCv8yJF3yjgItf6jSPG48/Xp > PkNa4bfp3LhpCRD8AEus/RNxpds28mUIktDluWgHuqP9Gy0ZI9xmpw== > =JOUm > -----END PGP SIGNATURE----- > > -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From rah at shipwright.com Thu Oct 3 07:05:19 1996 From: rah at shipwright.com (Robert Hettinga) Date: Thu, 3 Oct 1996 22:05:19 +0800 Subject: FUCK!!!!!!;-) In-Reply-To: Message-ID: At 4:05 am -0400 10/3/96, Anonymous wrote: > Or maybe this journalist, like most, doesn't know what the fuck he's > talking about? Actually, since this was something off of Business Wire, the "journalist" was actually a PR flack. Worse. A joke about smearing clue musk and standing in a heard of clues comes to mind... Cheers, Bob ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From adam at homeport.org Thu Oct 3 07:39:51 1996 From: adam at homeport.org (Adam Shostack) Date: Thu, 3 Oct 1996 22:39:51 +0800 Subject: NYT on IBM GAK In-Reply-To: <3.0b24.32.19961002181037.0067e434@mail.teleport.com> Message-ID: <199610031251.HAA29882@homeport.org> Rich Burroughs wrote: | The word "boycott" leaped into my mind. I personally do not believe that I | will be buying products from any of these companies, as long as thay | participate in this GAK charade. Folks, Lets be reasonable. Its time to jump on board the GAK bandwagon. After all, where better to disrupt the music? We need to start writing GAK software, and it better be up to the high standards that the NSA sets for itself. Once we've written it, and its being distributed, we can say 'See, another broken bit of GAK software. Not even the NSA could get it right. Our data is too important to be using broken software to protect us.' And we have 56 bit exportability in hand. Adam -- "Every year the Republicans campaign like Libertarians, and then go to Wasthington and spend like Democrats." Vote Harry Browne for President. http://www.harrybrowne96.org From adam at homeport.org Thu Oct 3 07:43:42 1996 From: adam at homeport.org (Adam Shostack) Date: Thu, 3 Oct 1996 22:43:42 +0800 Subject: Clipper III on the table In-Reply-To: <199610021904.MAA06902@server1.chromatic.com> Message-ID: <199610031305.IAA29915@homeport.org> Ernest Hua wrote: | Therefore, it is definitely in IBM's and HP's interest to build | systems that the government likes. It is also important for them to | point out that such systems are very vulnerable given the previous | policies. This new GAK ("GAKR"??) will actually be quite appropriate | in terms of a right "balance" for the financial sector. In fact, I | would expect the financial sector to have to open its transactions to | not just the FBI/CIA/DEA, but the SEC and other non-law-enforcement | agencies. The financial industry doesn't need GAK, the SEC, FINCEN et al already get full access to their networks & data. The financial industry is very cooperative about this. As such, GAK is adding (unquantifiable) risk to their plans, without giving the LEAs anything. I am suggesting to my customers in the financial sector that they continue moving towords 3des, and only look at this as an alternative to foreign software for their overseas branches. Remember, banks already get a partial exemption to the ITARs. Adam -- "Every year the Republicans campaign like Libertarians, and then go to Wasthington and spend like Democrats." Vote Harry Browne for President. http://www.harrybrowne96.org From dlv at bwalk.dm.com Thu Oct 3 07:48:54 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Thu, 3 Oct 1996 22:48:54 +0800 Subject: VENONA Project; KGB files reveal clue that broke British spy In-Reply-To: <2.2.32.19961002203102.006d4274@direct.ca> Message-ID: <9N77uD10w165w@bwalk.dm.com> >From belarus at solar.rtd.utk.edu Wed Oct 2 19:30:59 1996 Received: by bwalk.dm.com (1.65/waf) via UUCP; Wed, 02 Oct 96 20:43:54 EDT for dlv Received: from SOLAR.RTD.UTK.EDU by uu.psi.com (5.65b/4.0.061193-PSI/PSINet) via SMTP; id AA20681 for dlv at bwalk.dm.com; Wed, 2 Oct 96 19:30:59 -0400 Received: from (LOCALHOST.rtd.utk.edu) by solar.rtd.utk.edu; Wed, 2 Oct 96 19:25:40 EDT Date: Wed, 2 Oct 96 19:25:40 EDT Message-Id: <2.2.32.19961002203102.006d4274 at direct.ca> Errors-To: kasaty at seanet.com Reply-To: belarus at solar.rtd.utk.edu Originator: belarus at solar.rtd.utk.edu Sender: belarus at solar.rtd.utk.edu Precedence: bulk From: Stefan Lemieszewski To: Multiple recipients of list Subject: VENONA Project; KGB files reveal clue that broke British spy X-Listprocessor-Version: 6.0b -- ListProcessor by Anastasios Kotsikonas X-Comment: BELARUS issues and communication Fyi for any researchers in this field, accompanied by a related article in The Daily Telegraph. Stefan Lemieszewski ---------------------------------------------------------------------------- ------------------------------------------------ The VENONA Project "In July 1995 the Intelligence Community ended a 50-year silence regarding one of cryptology's most splendid successes - the VENONA Project. VENONA was the codename used for the U.S. Signals Intelligence effort to collect and decrypt the text of Soviet KGB and GRU messages from the 1940's. These messages provided extraordinary insight into Soviet attempts to infiltrate the highest levels of the United States Goverment.=20 Today, we are proud to offer these exceptional documents on the NSA home page and we invite you to study and interpret them in the context of history. NSA will declassify over 2200 messages related to VENONA. We believe they will not only provide a window into Soviet espionage during the 1940's, but will also give you a glimpse of the important contributions signals intelligence and cryptographic expertise make to our nation's security. " The above quote is from from the introduction to the VENONA Project by Mr. William P. Crowell, Deputy Director, National Security Agency You can find Venona at:=20 http://www.nsa.gov:8080/docs/venona/ddir.html ---------------------------------------------------------------------------- --------------------------------------------------------------- The article below is from The Daily Telegraph, October 2, 1996: ---------------------------------------------------------------------------- --------------------------------------------------------------- KGB files reveal clue that broke British spy ring By Michael Smith=20 The name's Bond, Vladimir Bond THE intercepted KGB messages that detail Moscow's dealings with the British spies Kim Philby, Donald Maclean and Guy Burgess were released by GCHQ yesterday. The move was forced on the Cheltenham spy base by the Americans, who released on to the Internet the results of Operation Venona, the top-secret project to decipher Moscow Centre's communications with its foreign stations. The files placed in the Public Record Office at Kew yesterday include the vital clue that led to the collapse of the Cambridge spy ring. They also name another Cambridge-based spy, Dr Theodore Hall, an American who worked inside the Manhattan Project, the secret programme to develop the atom bomb. He was never prosecuted and still lives in England. But it is Maclean, recruited by Philby while he was still a Cambridge student, who emerges as the jewel in the KGB's crown. In April 1944, as a rising star in the Foreign Office, he was posted to the Washington embassy. The deciphered messages show he gave the Russians a wealth of information on Anglo-American relations and their secret post-war agreements, including the exchanges of atomic secrets. Since his wife Melinda was pregnant and living with her mother in New York, Maclean had the perfect excuse to go there every weekend to pass the information on to his KGB control, away from the routine surveillance of diplomats in Washington. MI5 narrowed down those names to a handful of people who would have had access to the top-secret exchanges between London and Washington It was not until 1949 that the Venona team managed to break into the messages from New York to Moscow containing the information provided by Maclean, who was identified by the cover name Homer. Philby, who was posted to Washington as an intelligence liaison officer shortly after the messages were deciphered, described how the FBI concluded that any one of 6,000 people might have been Homer. "It had so far occurred neither to them nor the British that a diplomat was involved, let alone a fairly senior diplomat," he said. "Instead, the investigation had concentrated on non-diplomatic employees of the embassy." But slowly, MI5 narrowed down those names to a handful of people who would have had access to the top-secret exchanges between London and Washington. Then in April 1951, the Venona cryptanalysts found the vital clue in one of the messages. For part of 1944, Homer had had regular contacts with his Soviet control in New York - using his pregnant wife as an excuse. The names had been narrowed down to just one - Donald Maclean. Tipped off by Philby, who had access to the Venona material, he fled to Moscow with Burgess. Dr Hall is the Cambridge scientist named in the files as the KGB's main spy in the Los Alamos complex in New Mexico, where the US atomic bomb was developed. He refused to comment last night. He came to Britain in the 1950s after US intelligence discovered that he was Mlad, the man who along with his British colleague Klaus Fuchs gave the Russians the technical details of the so-called Manhattan Project. Fuchs, a German emigr=E9 who became a naturalised British citizen, became a KGB spy in 1941 Because he never confessed, the authorities could not prosecute him without giving away the extent to which the KGB messages were being read. Dr Hall, who is now 70 and suffering from terminal cancer and Parkinson's disease, still lives with his wife Joan in a semi-detached house in Cambridge. Within the university, where he worked until the mid-1980s, he is renowned for his pioneering work on biological X-ray microanalysis, which allows scientists to work out the presence of various elements within living matter. Hall was a brilliant man who was already a Harvard graduate when, at the age of 19, he was recruited first by the Manhattan Project and then, almost immediately, by the KGB. As well as providing technical explanations of the atomic processes, Dr Hall gave Moscow a complete list of universities doing work on the Manhattan Project so the KGB could seek out other agents within them. The files show that he and Fuchs were far more important than the more famous Julius Rosenberg, cover named Liberal, and his wife Ethel, who were both sent to the electric chair. Fuchs, a German emigr=E9 who became a naturalised British citizen, became a KGB spy in 1941. He confessed and in 1950 was sentenced at the Old Bailey to 14 years' jail. In the mid-1950s he was allowed to go to East Germany, where he died in= 1988. From declan at well.com Thu Oct 3 07:57:47 1996 From: declan at well.com (Declan McCullagh) Date: Thu, 3 Oct 1996 22:57:47 +0800 Subject: Justice Dept completes second phase of CDA appeal, from HotWired Message-ID: ---------- Forwarded message ---------- Date: Thu, 3 Oct 1996 04:47:33 -0700 (PDT) From: Declan McCullagh To: fight-censorship at vorlon.mit.edu Subject: Justice Dept completes second phase of CDA appeal, from HotWired http://www.hotwired.com/netizen/96/40/special3a.html HotWired, The Netizen 3 October 1996 CDA and the Supremes by Declan McCullagh (declan at well.com) Washington, DC, 2 October Racing against a midnight deadline, the Justice Department late Monday evening completed the second phase of its appeal to the Supreme Court after its initial loss in the Communications Decency Act lawsuit. The solicitor general only has to argue in the 28-page jurisdictional statement that there's a substantial constitutional issue at stake in this lawsuit - something transparently obvious to anyone who's been following the CDA court battle. The next move is up to the attorneys from the American Civil Liberties Union and the American Library Association. They plan to file a motion asking the High Court to uphold the Philadelphia court's decision without scheduling a full hearing. Chris Hansen, who heads the ACLU legal team handling the CDA case, says that if the Supreme Court grants their motion, it would effectively be saying "the lower court was so deeply correct" that the justices don't need to learn more about the case. As a legal tactic, it means the more censor-happy justices couldn't water down the Philadelphia judges' unanimous decision upholding free speech online. "Anytime the Supreme Court decides the case with a full briefing, there's no guarantee that we'll win - or win in the same terms," Hansen says. But because this is a precedent-setting and controversial lawsuit, the Supremes almost certainly will want to hear the appeal themselves. When the justices place this case on the court's calendar, they'll likely give both parties a few months to file the next stage of the lawsuit, which will be a strained and torturous collection of arguments from the government trying to explain why the lower court was wrong. Then oral arguments will be held next spring. The solicitor general's jurisdictional statement itself largely summarizes the arguments the government has already made. It does additionally argue, however, that a cable television indecency case the High Court decided after the June CDA decision buttresses the government's defense of the law: "Because the CDA's definition of indecency is almost identical to the decision [the Supreme Court] upheld against a vagueness challenge ... that decision reinforces the conclusion that the CDA's restrictions are not unconstitutionally vague." Not so, says the ACLU's Hansen: "Even if that were true, it wouldn't change the result in our case. All three judges in our case thought the CDA was flawed in other ways besides vagueness." The government also cites the Shea v. Reno lawsuit - a weaker case that challenges half of the CDA - that Joe Shea filed in Manhattan earlier this year on behalf of his online publication, the American Reporter. Shea won only a partial victory on 29 July, which the DOJ is now exploiting: "The three-judge court in Shea v. Reno ... held that the CDA's definition of indecency is not unconstitutionally vague. The district court in this case erred in reaching a contrary conclusion." [...] From trei at process.com Thu Oct 3 08:17:04 1996 From: trei at process.com (Peter Trei) Date: Thu, 3 Oct 1996 23:17:04 +0800 Subject: Can we kill single DES? #2 Message-ID: <199610021852.LAA28445@toad.com> Yesterday I posted 'Can we kill single DES?', and I count about 20 responses, counting both those to the list, and those to me personally. One offer was made of a $1000 reward in return for a crack, if the offerer could make publicity hay of the offer (no, I don't have a problem with that, but I'd like it set up so that others could add to the reward as well). If the reward got big enough ($10k?) I think it would be a major incentive for otherwise uninterested people to run the screen saver. On the other hand, it might get into legal hassles - I don't know. The total cpu power pledged at the moment could sweep the key space in 300-400 years, if my speed estimates are correct. I'm concerned that the key scheduling may be worse than I estimated in my earlier letter - Phil Karn's code to generate the key schedule takes about 150x as long as my code takes to test the key. However, neither he nor I have bothered yet to optimize this part of the code, or reduce it to assembler. It looks like I can get this part down to two instructions per round, at least most of the time. ----------- I'm really concerned about the problem of a search failing, or succeeding only after too long a time. Perry's proposal of about a month of real time is on the right order, though I could see up to 3 months being possible. Here's what I'm thinking of doing: 1. Writing a prose description of the platform independent speedups. 2. Writing a proposal for a client-server protocol for doling out keyspace and returning results. Aside from the direct Internet interface, there will also be a mechanism for i/o via plain text - suitable for cut-and-paste, or simple CLI interfaces. 3. Writing a generic 'C' implementation of the keysearch client and server, which demonstrates the i/o and the various speedups. This should be highly portable (but probably non-exportable). You'd also be able to search randomly, or from a designated starting point. 4. Work on the screen-saver based version of the client. I'm still very interested in hearing about any hardware based approaches actually underway - not a pile of wild-assed guesses and hopes. Those who want to look at a fast DES in assembler should check out Phil's 386 version, which includes both generic C and a variety of assembler implementations for the actual encryption step. See: ftp://idea.sec.dsi.unimi.it/pub/security/crypt/code/des386.zip Phil also has a Pentium version (a little slower than mine) which he mails to US citizens. Peter Trei trei at process.com From hua at chromatic.com Thu Oct 3 08:25:13 1996 From: hua at chromatic.com (Ernest Hua) Date: Thu, 3 Oct 1996 23:25:13 +0800 Subject: Clipper III on the table In-Reply-To: Message-ID: <199610021904.MAA06902@server1.chromatic.com> > > > Even the promise (of no limits) might suffice. > > > > Don't bet on it. > > Allow me to say here that I do not belive that Netscape will be amongst > those fooled so easily. But IBM, HP, TIS, and others have already been > fooled. The USG does not need to get every software company to agree with I don't think it's a matter of being fooled. IBM and HP have very large federal systems divisions. They are also fighting for more (and hold on to current) financial sector customers. The government currently has a huge strangle hold on that market in terms of regulatory agencies/policies that will not be loosened very easily (assuming one believes that it should be loosened, which I do not necessarily agree with). Therefore, it is definitely in IBM's and HP's interest to build systems that the government likes. It is also important for them to point out that such systems are very vulnerable given the previous policies. This new GAK ("GAKR"??) will actually be quite appropriate in terms of a right "balance" for the financial sector. In fact, I would expect the financial sector to have to open its transactions to not just the FBI/CIA/DEA, but the SEC and other non-law-enforcement agencies. The question is: Why is this GAKR appropriate for the rest of us? Why do we want it? It really does harm the "small" companies like Netscape because they don't have as much resources to establish the infrastructure necessary for GAKR, and their target markets are not in bed with the local governments. Instead, their target markets are anyone who wants to buy, and no one, when it comes to their personal privacy would want to buy something to which the U.S. government has a guaranteed backdoor. I predict, therefore, Netscape and RSA would NOT capitulate to this latest bitter carrot. Ern From mirele at xmission.com Thu Oct 3 08:29:20 1996 From: mirele at xmission.com (Deana Holmes) Date: Thu, 3 Oct 1996 23:29:20 +0800 Subject: [FACTS] Mountain Meadows Massacre Message-ID: <199610031213.GAA16253@mail.xmission.com> On 3 Oct 96 at 8:58, attila wrote: > AFTER THIS POST, ALL RELIGION MUST GO OFF THE LIST! see banner below attila, if you wouldn't post propaganda from the Church, then I *might* agree with you. But you can't do that and expect those of us who know better to keep quiet. > Now, concerning the completely ignorant, erroneus, and slanderous > comment of Dimitri, the facts will follow the usual disclaimer: > > *************************************************************** > I am neither an authority of nor a representative of "The Church > of Jesus Christ and the Latter Day Saints" of which our current > living Prophet, President Gordon B. Hinckley, is the sole authority > to this world. Love your CYA statement, dude. It's terribly doubtful that Hinckley knows the details of Mountain Meadows, or that he would want to discuss them, if he did. > I do not speak for the Church, nor am I a recognized > historian and/or spokesman for the Church. Any opinions stated > herein are my viewpoints as discerned from my studies of religion, > in particular the historical aspect of the Church, and I accept all > responsibilty for same. Very good. You know, of course, that if you say the wrong thing in public, that your fate will be that of D. Michael Quinn, the excommunicated Mormon historian, who lost his Church membership because he would not stop telling unpleasant truths about the Church's early history. Just so the other c-punks know that speaking truth has consequences. ******************************************************************* > If some of the list wish to either ask questions RESPONSIBLY or > conduct a shared learning experience of the Mormon religious, > community, and work ethic, please drop me a personal note, and > I will both answer reasonable questions, and serve as moderator > of a list if there is sufficient interest. I think the libertarian faction > in particular might be both surprised and *stunned* by many of > the actual conditions in Utah versus preconceived views. > ******************************************************************* If anyone wants a more jaundiced view of Utah, please drop me a line. I can be a Utah cheerleader if I want (there are many good things about living here) but the fact of the matter is that we live in a Church State. I resent the fact that the dominant religion seems to want to tell *everyone* here how to live their lives. > > now, back to our regularly scheduled programming > > the following is a compilation of information which is as > reasonable a representation of the foul deed as I could assemble. I would suggest two books, both by historian Juanita Brooks: "The Mountain Meadows Massacre" "John D. Lee" Before the days of Boyd K. Packer, historians weren't excommunicated. Mrs. Brooks' punishment for writing these two books was to be shunned in her southern Utah community. But they remain *the* sources on Mountain Meadows and the general attitude of the people at the time. I notice that attila didn't mention these sources. Deana (who doesn't really approve of the pap that passes for history in orthodox LDS circles) Deana M. Holmes April 1996 poster child for clueless $cientology litigiousness alt.religion.scientology archivist since 2/95 mirele at xmission.com From declan at well.com Thu Oct 3 08:30:37 1996 From: declan at well.com (Declan McCullagh) Date: Thu, 3 Oct 1996 23:30:37 +0800 Subject: White House crypto proposal -- too little, too late In-Reply-To: Message-ID: Joe, perhaps you didn't get the point. The fight-censorship-announce list is for announcements (hence the name), not discussions or back-and-forth-arguments. It's like Dave Farber's IP list -- I very rarely include responses to what I send out. Discussions take place on the discussion list. Do get a clue. But the broader point is a useful one to make. I'll say it again: freedom of speech includes the right not to speak. Private controls of private settings are not the same as state controls of public settings, which violate the First Amendment. (Read some of Eugene Volokh's articles about private mailing lists and "censorship.") This is at least the libertarian view, to which I generally subscribe. I confess I sometimes have doubts about AOL and smut-blocking software. Put simply: should the National Coalition Against Censorship be forced to include off-topic rants in their newsletter? Should TIME magazine be forced to publish rubbish? Should the American Reporter be forced to include my rants about universal service? The truth is that the most valuable publications -- Yale Law Review, Wall Street Journal -- are the most selective and, by your definition, the most "censorial." Do you see now why your view is wrong? -Declan On Wed, 2 Oct 1996, Joe Shea wrote: > Date: Wed, 2 Oct 1996 10:27:46 -0700 (PDT) > From: Joe Shea > To: Declan McCullagh > Cc: cypherpunks at toad.com > Subject: Re: White House crypto proposal -- too little, too late > > > You just managed to justify your own censorship of the list, > Declan. Talk about clueless! > > Best, > > Joe Shea > Editor-in-Chief > The American Reporter > joeshea at netcom.com > http://www.newshare.com:9999 > > > On Wed, 2 Oct 1996, Declan McCullagh wrote: > > > Joe, you submitted three pieces in roughly so many days to > > fight-censorship-announce, with is a moderated announcement-only > > mailing list that I send one or two pieces to each day. With some rare > > exceptions (like feedback I got on my anti-Net-univ-service rant) I > > don't pass along comments. > > > > If you want to distribute them to the discussion list, address them to > > fight-censorship at vorlon.mit.edu instead. Perhaps you should join that > > list. It gets about 15 messages a day. > > > > But don't blame me for your own cluelessness. RTFM instead of whining. > > > > -Declan > > > > PS: Freedom of speech includes the right not to speak. If I choose not > > to publish your stuff, my right to do so is protected under the First > > Amendment. Don't like it? Start your own > > Joe-Shea's-wacko-views-on-First-Amendment-jurisprudence mailing list > > instead. I'll even help you set it up. > > > > > > On Wed, 2 Oct 1996, Joe Shea wrote: > > > > > Date: Wed, 2 Oct 1996 09:47:59 -0700 (PDT) > > > From: Joe Shea > > > To: Declan McCullagh > > > Cc: cypherpunks at toad.com > > > Subject: Re: White House crypto proposal -- too little, too late > > > > > > > > > > > > Declan, how does your list work? Do you only publish comments > > > that agree with you? I didn't see my first two, and this one only came > > > with your response. Is this your version of freedom of the press, or what? > > > > > > Joe Shea > > > Editor-in-Chief > > > The American Reporter > > > joeshea at netcom.com > > > http://www.newshare.com:9999 > > > > > > > > > On Wed, 2 Oct 1996, Declan McCullagh wrote: > > > > > > > > > > > > > > > ---------- Forwarded message ---------- > > > > Date: Tue, 1 Oct 1996 20:19:16 -0700 (PDT) > > > > From: Declan McCullagh > > > > To: fight-censorship at vorlon.mit.edu > > > > Cc: joeshea at netcom.com > > > > Subject: Re: White House crypto proposal -- too little, too late > > > > > > > > [Joe, this may be yet another area where we disagree. It represents a > > > > power grab by law enforcement; the infrastructure is prone to failure > > > > and can be compromised; it's more government meddling and coercion and > > > > more restrictions on free speech; the Fed bureaucrats controlling this > > > > are vulnerable to special-interest lobbying; the Constitution gives > > > > the Federal government no right to impose such restrictions; the FBI > > > > has demonstrated that we can't trust the Feds with our most personal > > > > information; it violates an absolute right to privacy; and it's > > > > technically impractical for a good number of applications. --Declan] > > > > > > > > > > > > ---------- Forwarded message ---------- > > > > Date: Tue, 1 Oct 1996 15:57:51 -0700 (PDT) > > > > From: Joe Shea > > > > To: Declan McCullagh > > > > Cc: fight-censorship > > > > Subject: Re: FC: White House crypto proposal -- too little, too late > > > > > > > > > > > > Declan's most recent piece makes much more sense than the earlier > > > > one. He is quite correct in emphasizing the future vulnerability of the > > > > encryption logarithms rather than centering on whether or not terrorists > > > > might use them. By making them impossible to crack without the key, and > > > > permitting the key to be available to appropriate law enforcement > > > > authorities when absolutely necessary, everyone's real needs are > > > > satisfied, I think. I enjoyed this report a lot. > > > > > > > > Best, > > > > > > > > Joe Shea > > > > Editor-in-Chief > > > > The American Reporter > > > > joeshea at netcom.com > > > > http://www.newshare.com:9999 > > > > > > > > > > > > > > > > > > > > > > > > > > > > From dlv at bwalk.dm.com Thu Oct 3 09:21:54 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 4 Oct 1996 00:21:54 +0800 Subject: Fw: Re: ITAR satellite provision In-Reply-To: Message-ID: Black Unicorn writes: > > To: jimbell at pacifier.com > > Date: Thu Oct 03 08:08:42 1996 > > > >* A launch vehicle or payload shall not, by reason of the launching > > > >* of such vehicle, be considered an export for purposes of this > > > >* subchapter. > > > Okay, everybody, call Estes! We've got some crypto to export...er...laun > > > ch! > > If I get the above wording correctly (unicorn, help me!), it is sufficient > > to put the cryptostuff on a disc in a LAUNCHABLE device, it never says that > > the payload has to be delivered by air. So, just put that thing in a bag > > and get it through customs... (or does "by reason of ..." mean that the > > exclusive means of export allowed is launching ?) > > The launching alone will not cause it to be an export. If it is launched > and then ends up outside the U.S., it could be an export. Certainly if it > is launched with the purpose of exporting crypto, it will be an export. This reminds me of something I read about the race in the '50's and the '60's as to whether the US or the USSR would launch the first satellite, the first man in space, etc. The US claimed that a nation's sovereignty ends a few thousand feet into the atmosphere, so they had the right to fly the U2 planes at about 20K ft. The Soviets supposedly kept claiming that everyone's airspace extends many miles beyond the atmosphere, so if any US spy craft flying above Soviet territory will be shot at. Eventually the Soviets launched the first satellite and the first man in space who, for technical reasons, had to fly through the space which the USSR formerly recognized as other country's airspace. Then they suddenly forgot about their claim and didn't even object when US remote sensing satellites flew over the USSR some years later. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From declan at eff.org Thu Oct 3 10:29:18 1996 From: declan at eff.org (Declan McCullagh) Date: Fri, 4 Oct 1996 01:29:18 +0800 Subject: Fighting Clipper III In-Reply-To: Message-ID: You'll have trouble doing a successful boycott of RSA. What, you won't use Netscape Navigator or PGP? -Declan On Wed, 2 Oct 1996, Jim McCoy wrote: > Rich Burroughs wrote: > [...] > >>>On Wed, 2 Oct 1996, John Young wrote: > >>> > >>>> The New York Times, October 2, 1996, pp. D1, D8. > >>>> Executives of the International Business Machines > >>>> Corporation said late yesterday that they were still lining > >>>> up the final list of companies in the alliance. Those > >>>> involved will include Digital Equipment and smaller > >>>> data-security companies including RSA Data Security, Cylink > >>>> and Trusted Information Systems. > >>> > >>>We are in deep trouble. > >> > >>Wouldn't a letter-writing campaign be in order here? > >[snip] > > > >The word "boycott" leaped into my mind. I personally do not believe that I > >will be buying products from any of these companies, as long as thay > >participate in this GAK charade. > > Such an initiative will need publicity and letter-writing early in the > campaign will help us set the tone and points of debate on this issue. > A boycott works best when everyone knows why and there are a few key > phrases which can be used to get the message across. Something like > "company X is helping build big brother, boycott their products" or a > few similar sound bites are needed fast. The big brother inside stickers > from the last campaign were nice, maybe people can come up with variations > of various corporate logos or marketting phrases which help get the message > across? > > jim > > // declan at eff.org // I do not represent the EFF // declan at well.com // From reagle at rpcp.mit.edu Thu Oct 3 11:09:52 1996 From: reagle at rpcp.mit.edu (Joseph M. Reagle Jr.) Date: Fri, 4 Oct 1996 02:09:52 +0800 Subject: White House crypto proposal -- too little, too late Message-ID: <2.2.32.19961003133739.00a2944c@206.33.128.129> "if you become a dangerous criminal," <> "innocent until proven guilty" At 10:39 AM 10/2/96 -0700, Declan McCullagh wrote: >[But how does one undo the dangerous criminals without violating the >privacy rights of everyone else? --Declan] >---------- Forwarded message ---------- >Date: Wed, 2 Oct 1996 10:30:43 -0700 (PDT) >From: Joe Shea >To: Declan McCullagh >Subject: Re: White House crypto proposal -- too little, too late > > > If you become a dangerous criminal, Declan, I think law >enforcement does have the right to use key escrow to undo you. That has >nothing to do with spying. You need to be a little more selective about >your language, and to make distinctions a little more rationally than you >do. > >Best, > >Joe Shea >Editor-in-Chief >The American Reporter >joeshea at netcom.com >http://www.newshare.com:9999 > > >On Wed, 2 Oct 1996, Declan McCullagh wrote: > >> BTW, Joe, I'm still waiting for your response to my comments on why >> your endorsement of key escrow (GAK) is braindead. Or do you still >> think that the Feds should have the right to spy on my conversations, >> just like you thought that "porn isn't speech?" >> >> -Declan >> >> >> On Wed, 2 Oct 1996, Joe Shea wrote: >> >> > Date: Wed, 2 Oct 1996 09:47:59 -0700 (PDT) >> > From: Joe Shea >> > To: Declan McCullagh >> > Cc: cypherpunks at toad.com >> > Subject: Re: White House crypto proposal -- too little, too late >> > >> > >> > >> > Declan, how does your list work? Do you only publish comments >> > that agree with you? I didn't see my first two, and this one only came >> > with your response. Is this your version of freedom of the press, or what? >> > >> > Joe Shea >> > Editor-in-Chief >> > The American Reporter >> > joeshea at netcom.com >> > http://www.newshare.com:9999 >> > >> > >> > On Wed, 2 Oct 1996, Declan McCullagh wrote: >> > >> > > >> > > >> > > ---------- Forwarded message ---------- >> > > Date: Tue, 1 Oct 1996 20:19:16 -0700 (PDT) >> > > From: Declan McCullagh >> > > To: fight-censorship at vorlon.mit.edu >> > > Cc: joeshea at netcom.com >> > > Subject: Re: White House crypto proposal -- too little, too late >> > > >> > > [Joe, this may be yet another area where we disagree. It represents a >> > > power grab by law enforcement; the infrastructure is prone to failure >> > > and can be compromised; it's more government meddling and coercion and >> > > more restrictions on free speech; the Fed bureaucrats controlling this >> > > are vulnerable to special-interest lobbying; the Constitution gives >> > > the Federal government no right to impose such restrictions; the FBI >> > > has demonstrated that we can't trust the Feds with our most personal >> > > information; it violates an absolute right to privacy; and it's >> > > technically impractical for a good number of applications. --Declan] >> > > >> > > >> > > ---------- Forwarded message ---------- >> > > Date: Tue, 1 Oct 1996 15:57:51 -0700 (PDT) >> > > From: Joe Shea >> > > To: Declan McCullagh >> > > Cc: fight-censorship >> > > Subject: Re: FC: White House crypto proposal -- too little, too late >> > > >> > > >> > > Declan's most recent piece makes much more sense than the earlier >> > > one. He is quite correct in emphasizing the future vulnerability of the >> > > encryption logarithms rather than centering on whether or not terrorists >> > > might use them. By making them impossible to crack without the key, and >> > > permitting the key to be available to appropriate law enforcement >> > > authorities when absolutely necessary, everyone's real needs are >> > > satisfied, I think. I enjoyed this report a lot. >> > > >> > > Best, >> > > >> > > Joe Shea >> > > Editor-in-Chief >> > > The American Reporter >> > > joeshea at netcom.com >> > > http://www.newshare.com:9999 >> > > >> > > >> > > >> > > >> > > >> > >> >> > > > _______________________ Regards, You cannot depend on your eyes when your imagination is out of focus. -Mark Twain Joseph Reagle http://rpcp.mit.edu/~reagle/home.html reagle at mit.edu E0 D5 B2 05 B6 12 DA 65 BE 4D E3 C1 6A 66 25 4E From rodger at interramp.com Thu Oct 3 11:32:42 1996 From: rodger at interramp.com (Will Rodger) Date: Fri, 4 Oct 1996 02:32:42 +0800 Subject: FUCK!!!!!!;-) Message-ID: <1.5.4.32.19961003141245.006604ec@pop3.interramp.com> Someone who won't put his name to things he writes wrote: At 04:05 AM 10/3/96 -0400, Anonymous wrote: >+ --- begin forwarded text >+ >+ "Keys" are strings of computer code that lock and unlock data. Key recovery >+ is an approach that permits the recovery of lost or damaged keys without the >+ need to store or "escrow" them with a third party. This approach could also >+ meet the needs of law enforcement to act under the authority of a court order >+ without risking the confidentiality of business data. > >Just wondering how much of a problem "damaged keys" really are in >practice. Is this something specific to Microsoft filesystems or >really cheap tape drives? I've never seen that problem under Unix, >and something like a private RSA key doesn't change very often, so you >would expect to have encrypted copies of it on many backup tapes. > >Or maybe this journalist, like most, doesn't know what the fuck he's >talking about? > To which this card-carrying member of the media replies: Companies cited in the PRESS RELEASE - that means public relations product, not journalism product - were involved in signing off on what went into the release. By definition, no member of the press was involved in producing this document It seems directing questions to the companies would be a good idea. Will Rodger Washington Bureau Chief Interactive Week. From declan at well.com Thu Oct 3 11:37:35 1996 From: declan at well.com (Declan McCullagh) Date: Fri, 4 Oct 1996 02:37:35 +0800 Subject: Net-freedom roundup: Algiers, Malaysia, Burma, Hong Kong... Message-ID: ---------- Forwarded message ---------- Date: Thu, 3 Oct 1996 05:59:08 -0700 (PDT) From: Declan McCullagh To: fight-censorship at vorlon.mit.edu Subject: Net-freedom roundup: Algiers, Malaysia, Burma, Hong Kong... [Update on situations in Algiers, Malaysia, Burma, Singapore, European Union, U.K., Hong Kong, China, and Germany. More at http://www.eff.org/~declan/global/ --Declan] ******** SUSPENDED ALGERIAN DAILY OFFERED INTERNET PAGE Copyright 1996 Reuter Information Service PARIS (Sep 30, 1996 1:24 p.m. EDT) - A press freedom watchdog on Monday offered the suspended Algerian daily La Tribune a page on its Internet site to give it an airing during the six-month ban. "Thanks to this initiative, these journalists, banned from writing by the Algerian authorities, will be able to practice their trade again," the Paris-based Reporters without Borders (RsF) said. An Algiers court suspended La Tribune for six months on September 3 over a cartoon mocking the Algerian flag. [...] Fifty-seven journalists have been murdered by suspected rebels. RsF said authorities had suspended or seized newspapers on 55 occasions and 23 journalists had been held for more than 48 hours since the conflict broke out over the 1992 cancellation of a general election fundamentalists were poised to win. ******** UNITED NATIONS, Sept 27 (Reuter) - Malaysia's prime minister accused the West on Friday of spreading smut and violence, particularly on the Internet. In his speech to the U.N. General Assembly, Mahathir bin Mohamad said that although the information age facilitated worldwide knowledge, it also demeaned moral values. ``Smut and violence gratuitously distributed by criminals in the North is no less polluting than carbon dioxide emissions nor less dangerous than drug trafficking.'' In a reference to the United States he said if one great power could apply its laws to citizens of another country for drug trafficking ``why cannot countries with different moral codes extradite the traffickers of pornography for legal action?'' ``Before the whole world sinks deeper into moral decay, the international community should act. Abuse of the ubiquitous Internet system must be stopped,'' he said. Politically, he said the monopoly of the West's electronic media should be broken on so-called world news networks. ``Not only are distorted pictures of our countries being broadcast but our own capacity to understand what is happening is being undermined,'' he said. [...] ``It is boring almost. And yet nothing much has been done which could bring about amelioration of this sad state of affairs, `` he said. ********* RANGOON, BURMA, 1996 SEP 27 (NB) -- Burma has made owning, using, importing or borrowing a modem or fax machine without government permission a crime, punishable by up to 15 years in jail, according to a report by United Press International. Burma's military government has imposed what's called "The Computer Science Development Law" which empowers the Ministry of Communications, Posts and Telegraphs to specify what exactly can be restricted, UPI reports. UPI quotes the government-run newspaper New Light of Myanmar as saying the same punishment is prescribed for anyone who sets up a link with a computer network without the prior permission of the ministry, or who uses computer network and information technology "for undermining state security, law and order, national unity, national economy and national culture, or who obtains or transmits state secrets." UPI reports that in July a diplomat, Leo Nichols, died in prison after he was sentenced to a lengthy term for illegal possession of fax machines. *********** SINGAPORE, Sept. 28 (UPI) -- Internet users in Singapore are complaining that a new system to police the massive global communications network is slowing down access to websites rather than speeding it up as promised by government officials, news reports said Saturday. Earlier this month, special computers called proxy servers began censoring all requests for websites from Singapore Internet users, blocking access to those deemed ``objectionable'' by the government. The proxy servers, which began regulating cyperspace Sept. 15, delay access to the Internet because they first have to check a list of banned websites before retrieving requested homepages, the Straits Times reported. ``I've found that it can take twice as long to access the sites I commonly access,'' said Teo Mei Chin, a 22-year-old undergraduate. Users pointed out that slower access translated into longer on-line time and higher telephone bills. Although many Internet subscribers in the tightly-controlled city- state anticipated such delays under the new system, the Singapore Broadcasting Authority assured users access to certain websites would actually be quicker since the proxy servers are able to store frequently requested homepages. But Internet users say the filter computers also are dishing up outdated homepages. Walter Wu, who uses the Internet for up-to-date stock market and business data, said some financial websites he requested were at least a day old. [...] *********** LONDON, ENGLAND, 1996 SEP 27 (NB) -- By Steve Gold. The British government has added its support to plans to handle the problem of child pornography on the Internet. The proposals, which have been drawn up by the Home Office with assistance from Peter Dawe, the founder of Pipex, the UK's largest Internet service provider (ISP), are known as Safety Net. According to Dawe, recent discussions in the industry, culminating in a letter from the police to the various ISPs in the UK, has meant there is considerable pressure on the ISP industry to exercise a degree of self-regulation. "Public opinion said that something had to be done. I came to the conclusion that it was going to be impossible to establish industry- wide consensus on how to tackle this issue," he said, adding that the idea of Safety Net is gathering support in the UK ISP community. According to Dawe, Safety Net has the backing of the Internet Service Provider's Association (ISPA), as well as the London Internet Exchange, two groups which claim to represent most of the ISPs currently operating in the UK. [...] Quite how the ISPs will tackle the problem, such as blocking access to those Web pages, remains to be seen, but Dawes claims that the ISPs will have no excuse in law of being unaware of offending Web pages and Usenet newsgroups. [...] ********** BRUSSELS (Reuter) - European Union telecommunications ministers, reacting to a child-sex scandal in Belgium, pledged Friday to consider ways to keep illegal material that could harm children off the Internet. Belgian Telecommunications Minister Elio Di Rupo announced that his government planned to implement new measures requiring Internet access providers to monitor and report material featuring sexual abuse or exploitation of children. He asked his colleagues to join forces with him. ``Today a big legal vacuum exists, for legislation is falling behind technological evolution,'' he said, according to a speaking note that was distributed to reporters. ``There is a big risk that it will create an enormous market of children fed on by criminals.'' The ministers agreed to expand a working party that has already been set up to look at the question of illegal material on the Internet and asked it to come up with concrete proposals before they meet again in November. The group will include representatives of the 15 EU telecoms ministries and of companies that provide access to online services or prepare the content, a statement adopted by the ministers said. The accord follows an agreement by EU justice ministers in Dublin Thursday to extend the scope of the EU police agency Europol so it can fight the sex trade in women and children. The moves come in the wake of the discovery in Belgium of a paedophile network and the murders of four young girls. But some of the telecoms ministers, including those from Britain and Sweden, warned that the EU could not wander into censorship and had to focus on fighting truly illegal material. [...] ******** CENTRAL, HONG KONG, 1996 SEP 26 (NB) -- By Eric Lai. A Hong Kong Internet enthusiast is claiming that his Web site, featuring sexually suggestive photos of himself, was forcibly removed by his Internet service provider (ISP) two days ago in a seeming act of premature censorship. Donald Tu, 32, is a former radio and TV presenter and aspiring bodybuilder and model. In May, he put up his Web site, http://members/hknet.com/~hkstud/ , which featured photos of himself topless, often wearing nothing more than wet, slightly transparent briefs, posing in a studio and outdoors at scenic locations around Hong Kong. Tu, who was interviewed on last night's premiere of the Dataphile On-Air radio show, says his site has received thousands of "hits" coupled with encouraging e-mail, especially after a local Chinese language newspaper on September 17 reviewed his Web site. But a single complaint outweighs those thousands of positive comments, at least according to his Web host, HKNet. After receiving a single complaint from a member of the public, HKNet wrote to Tu on Tuesday that "the government may take action against the site because of its content and 'exposure,' based on the letter of the law governing obscene and indecent materials, and recent experiences in its enforcement. Therefore, we have made the decision to bar access to the questionable materials for the time being." But ISPs which censor and regulate content are not currently being compelled by the government, according to a spokesperson at the Broadcasting, Culture, and Sport Branch. The Branch has been devising Internet content regulations all summer which should be announced soon. [...] ********* BEIJING, Sept 27 (Reuter) - China's Communist Party chief Jiang Zemin moved on Friday to tighten the communists' grip on the state media and to strengthen his position with a blaze of publicity before a party plenum. He used a visit to the Beijing offices of the People's Daily, the party mouthpiece, to deliver a hardline speech on the importance of maintaining communist control of all media, the newspaper reported, splashing the news and three photographs of Jiang across its front page. Diplomats said the speech by Jiang was aimed at bringing back into line Chinese writers and more daring media organisations that have tried to push the limits of propaganda [...] ``Historical experience has proved repeatedly that whether guidance of news is right or wrong has to do with the party growing strong ... the solidarity of the people and the prosperity of the nation,'' Jiang said. [...] ******** HotWired 27-29 Sept 96 The Netizen by Wendy Grossman London, 26 September Last Monday, a unified front of British police, government, and representatives of leading ISPs announced proposals for cracking down on illegal material available on the UK's portion of the Internet. The first target is child pornography, but the protagonists have already said they've set their sights on other types of illegal material such as copyright violations, obscenity, and possibly hate speech. Called R3/Safety-Net, the proposals were presented to the media by Science and Technology Minister Ian Taylor and representatives from the Internet Service Providers' Association (ISPA), the London Internet Exchange (LINX), and the Home Office, which is the government department charged with law enforcement. [...] As it turns out, Demon and the Department of Trade and Industry had been talking without publicity for months about taking action against obscenity on the Net. But the media raised the pressure, as did complaints on uk.censorship about a list of 133 newsgroups that Superintendent Mike Hoskins of the Clubs and Vice unit of the Metropolitan Police had sent ISPs as a guide to the location of illegal material. Hoskins and the ISPs all swear no threat was intended or taken, but the underlying tone was still: You do something about it, or we'll do something about it. R3/Safety-Net is that something. [...] No one is going to oppose these measures. How can they, when the 1994 revision of the Criminal Justice Bill allows the police to arrest, without warrant, people suspected of obscenity and certain child pornography offenses? Child pornography is, of course, illegal to create, distribute, or possess in Britain. For the purposes of the Obscene Publications Act and the Protection of Children Act, if something looks like a child in a sexual act, it is child pornography. [...] So it seemed like with Monday's announcement, everybody wins - almost. The government gets to look like it's doing something big. The ISPs get to stay out of jail. The police get to arrest people. Peter Dawe gets to be a hero. Britain gets to be a world leader. And we get ... well, what do we get? We get the certain knowledge that they will not stop here. They have already said so. Books like the Anarchist's Cookbook are banned here in print, and in a country where last Monday police seized a massive haul of IRA explosives intended to rearrange the landscape, the argument for letting people read alt.engr.explosives is likely to lead to the withdrawal of reference books from the public libraries. Britain has an Official Secrets Act, not a Freedom of Information Act. Government can proceed only with the consent of the governed, and on Monday what that unified panel asked for was our trust. They will not censor free speech; it's just the small percentage of illegal stuff they want cleaned up. So we're left asking before every move, "Daddy, is this illegal?" ********** Subject: Germany Bans Web Pages for Minors - and ALL To: fight-censorship at vorlon.mit.edu Date: Mon, 30 Sep 1996 13:37:52 +0100 (MET) Reply-To: um at c2.net (Ulf Moeller) Organization: private site, Hamburg (Germany) From: um at c2.net (Ulf Moeller) The report is essentially correct. In Hamburg, the prosecutors decided themselves that AOL had done nothing illegal, so as far as I know there was no court decision. Also, it appears that said Federal Office is neither responsible for electronic nor for foreign publications. I think the minister is trying to spead FUD. >From: taxbomber at taxbomber.com >Newsgroups: alt.censorship,alt.privacy,alt.security,news.admin.censorship >Subject: Germany Bans Web Pages for Minors - and ALL >Date: Sat, 28 Sep 1996 06:46:58 GMT >Message-ID: <324cc9c7.7567566 at news.c2.net> >NNTP-Posting-Host: md19-017.compuserve.com According to Germany's leading tabloid paper "Bild" (Saturday edition), Federal Minister for Familiy Affairs, Claudia Nolte (Christian-Democrat), in an unprecedented decision has formally had several Web pages banned for being "X"-rated by the "Federal Office for the Evaluation of Literature Hazardous to Minors". These are pages featured by Ernst Zuendel, a leading political revisionist located in Canada whose purportedly "Neo-Nazi" views have been the subject of much controversy in Germany. Ms Nolte is quoted as saying: "It is not tolerable that the Internet should be an island with special privileges, on which thoughtless or unscrupulous providers may pursue their infamous activities with impunity." This effectively forces Internet providers to restrict minors' access to said pages - a technical impossibility since most minors accessing the net are be using their parents' accounts. No "Netwatch" or other self-censorship software will suffice to conform with this provision, as it is THE PROVIDERS, not the kids' legal guardians who have to comply with this restriction. Following a recent decision by the State of Hamburg's Supreme Constitutional Court to the effect that service providers cannot be held responsible for possibly illegal contents of data transfers via their networks (here, AOL was accused of disseminating child pornography), this move must be regarded as a circumvention tactics to put the thumbscrews on ISPs nevertheless by invoking Minors Protection legislation instead. (Also note that the Hamburg decision ruled that email message were protected by privacy laws as any snail mail letter - hence, providers could not be expected to monitor their contents as this would violate constitutional rights.) This implies that German based ISPs (including AOL's and Compuserve's local services) will actually have to ban ALL GENERAL access to the Zuendel pages from their systems unless they are willing to risk running afault of the law. ******** [Posted to soc.culture.singapore through an anonymous remailer in\ Germany. No wonder the SBA wants to censor the Net! --Declan] Mon, 23 Sep 1996 01:32:06 soc.culture.singapore Thread 228 of 350 Lines 18 SBA is screwed!! No responses mix at squirrel.owl.de Squirrel Remailer __ __ __ __/o \_ __/o \_ __/o \_ \____ \ \____ \ \____ \ / \ / \ / \ __ //\ \ __ //\ \ __ //\ \ __/o \-//--\ \_/__/o \-//--\ \_/__/o \-//--\ \_/ \__SBA ___ \ | \__ISP ___ \ | \__PAP ___ \ | || \ |\ | || \ |\ | || \ |\ | _|| _||_|| _|| _||_|| _|| _||_|| #### # # #### # # ##### # # #### ### ### ## # # # # # # # # # # # # # # # #### # # # ## # #### #### #### ### #### # # # # # # # # # # # # # # # # #### #### # # # # # #### ### ### # # ### From snow at smoke.suba.com Thu Oct 3 11:45:09 1996 From: snow at smoke.suba.com (snow) Date: Fri, 4 Oct 1996 02:45:09 +0800 Subject: Clipper III on the table In-Reply-To: Message-ID: <199610031319.IAA01462@smoke.suba.com> > At 2:53 pm -0400 10/1/96, Lucky Green wrote: > > Note that the second article stated that the administration will allow > > the use of stronger cypto than 56 bit once GAK is in place. If this is > > true, much of the current industry resistance is likely to evaporate. > > Even the promise might suffice. > My brother has gone out and had all these nice bumperstickers made up. They > say, > Wake up, America! > He won't love you in the morning. Where could one aquire this bumpersticker? Petro, Christopher C. petro at suba.com snow at smoke.suba.com From jya at pipeline.com Thu Oct 3 12:49:08 1996 From: jya at pipeline.com (John Young) Date: Fri, 4 Oct 1996 03:49:08 +0800 Subject: Flood Warning Message-ID: <199610031447.OAA03009@pipe2.ny1.usa.pipeline.com> BSDI To Share "SYN-Flooding" Protection Software This code is freely available via BSDI's Web and FTP sites at www.bsdi.com and ftp.bsdi.com. TIS will license its encryption key recovery technology to Atalla The agreement comes on the heels of two other recent developments: a new Administration policy regarding export controls on strong encryption, and TIS and Atalla's participation in a new computer industry alliance to promote adoption of a worldwide standard for encryption key recovery. RecoverKey supports the Administration's new policy by allowing emergency recovery of an encrypted message or file. This technology, patented by TIS and first approved by the U.S. government for export in January 1996, is fundamental to approaches now being considered as the basis for a new global standard. For more on RecoverKey, see: http://www.tis.com/docs/products/cke/index.html High-Tech Leaders Join Forces to Enable International Strong Encryption See: http://www.ibm.com/news/alliance2.htm ----- http://jya.com/floodd.txt ftp://jya.com/pub/incoming/floodd.txt From Mullen.Patrick at mail.ndhm.gtegsc.com Thu Oct 3 12:55:57 1996 From: Mullen.Patrick at mail.ndhm.gtegsc.com (Mullen Patrick) Date: Fri, 4 Oct 1996 03:55:57 +0800 Subject: The Right to Keep and Bear Crypto Message-ID: [Assumptions: Crypto is arms. We have the right to bear arms. Therefore: We have the right to bear crypto.] Following along with the news stories, it would seem the USG doesn't disagree with this logic. What they are attempting to do is limit world distribution, *not* internal distribution. Even with the new key recovery idea, crypto which remains in the US will continue to be unregulated. Another fear is that the administration is using export limits to control domestic use of encryption. While Gore directly stated yesterday that domestic use of encryption will remain unregulated, the double standard for domestic ^^^^^^^^^^^^^^^^^^^^^^^ and international products might discourage U.S. companies from developing two different versions, leaving U.S. and Canadian customers with the same products that the federal government has deemed safe to ship overseas. [_GAK_Rat_Pack_, John Young, 3 Oct 96] This may (will?) limit the products which are produced by large corporations, as their need for a single, globally distributable product is respected. However, smaller companies who have neither the desire nor finances to distribute their product on a global scale will be unaffected. Shareware/ freeware products will also be unaffected (unless someone from another country pulls it off a website, or similar means). However, all of this is irrelevant, because I must say, Tim May has the proper idea -- We may have the right to bear crypto, but the government has the right to limit the types/amounts of crypto we bear. ** Success in this matter is classifying crypto as speech ** I read somewhere (probably here) about a case which was (was destined??) to be a precedent for crypto as speech. All I can remember was something about the code being classified as speech, or something like that. Sorry I can't quite remember what it was. Anyone have any suggestions/references? Patrick From osborne at gateway.grumman.com Thu Oct 3 13:05:28 1996 From: osborne at gateway.grumman.com (Rick Osborne) Date: Fri, 4 Oct 1996 04:05:28 +0800 Subject: crypto cd once more Message-ID: <3.0b19.32.19961003111415.006a72d8@gateway.grumman.com> >Questions are: >1) is there a system that can handle unix, windows and mac filenames > (long ones!)? >2) if not, is zip-support given on mac and unix systems? >3) does anyone have suggestions on how to deal with the problem? I have a CDR sitting right next to me and this is how it handles your questions: 1) This CDR can burn in 4 modes: 1. ISO xxxx compliant (without trailing version numbers on filenames), 2. strict DOS 8.3, 3. Joliet (DOS 8.3 & Win95 up to 63 chars), 4. Romeo (strict Win95 up to 128 chars). According to the help, option 1 is made to be at least Mac readable. It doesn't mention UNIX, though. 2) Yes. 3) No problem: use this CDR. If you want info on the particular CDR, email me personally. Rick Osborne Overall Internet Stud osborne at gateway.grumman.com ====================================================================== 'Zog? What do you mean zog? Zog what? Zog yes, Zog no?' From njhm at ns.njh.com Thu Oct 3 13:12:39 1996 From: njhm at ns.njh.com (Nicolas J. Hammond) Date: Fri, 4 Oct 1996 04:12:39 +0800 Subject: British Labour leader's pager messages intercepted Message-ID: <199610031458.KAA07791@ns.njh.com> The following article appears in the Electronic Telegraph today (Oct 3) TWO sensitive messages detailing Tony Blair's movements are among a list of electronic pager notes about the Labour leader and members of the shadow cabinet intercepted by hackers. The list of messages, which was shown to The Daily Telegraph, had been read by equipment freely available on the Internet for as little as �200. Further investigations by the Telegraph show that the vulnerability of pagers could expose nearly a million users to blackmail over sexual liaisons, for example, as well as robbery, commercial espionage and terrorist attack. The Blair messages were almost certainly sent to Alastair Campbell, his press secretary, and Tim Allan, Campbell's deputy. Many of them give a fascinating insight into how Mr Blair and the spin doctors who surround him make determined efforts to present Labour favourably in the media. The intercepts for Sept 14 show how the Labour leader's office was bombarded with anxious messages about a front page report in the Sunday Times newspaper headlined: "Blair aide tells Labour to forget about socialism". The transcripts also show how Peter Mandelson, one of Mr Blair's closest aides, closely monitors BBC news reports. On Sept 16 he sent a message to the leader's office saying that a report by one of the BBC's political correspondents, Jon Sopel, referred strongly to the strained links between the Labour leadership and the unions which had dominated the previous week's TUC conference. After Mr Blair made a speech to the City of London, a message from Hilary Coffman, one of his press aides, anticipated the reaction of the newspapers, saying that most papers, except the Telegraph and Independent had reported favourably. In fact, the Telegraph's headline on the story was: "Blair's good times pledge" above a story saying that he was committed to rising living standards and prosperity. One of the most intriguing messages Campbell received from Jonathan Powell, Mr Blair's chief of staff, said: "Pls call when you and TB are free. I have a message from Mrs T. - Jonathan." Jonathan Powell is the younger brother of Sir Charles Powell, who was Lady Thatcher's private secretary at 10 Downing Street.

Scotland Yard said this was the first time it had heard that pager messages could be intercepted

Around the time of the call Mr Blair's office was making a determined effort to scotch reports, allegedly attributed to Tory spin doctors, that Lady Thatcher found the Labour leader "creepy". Labour spin doctors were later involved in passing on a message from Lady Thatcher countering the reports and making clear that she still "rather admired" Mr Blair's determination to modernise his party. The police, the Home Office and the Department of Trade and Industry expressed surprise at the latest telecommunications tapping and said that they would investigate if pager-hacking becomes widespread. "It is an offence under the Wireless Telegraphy and Interception of Communications Acts for anyone to receive messages not intended for them," a DTI spokesman said. "However, it is not an offence to own the equipment, so we need to catch perpetrators in the act." Scotland Yard said this was the first time it had heard that pager messages could be intercepted. The Federation of Communications Services has called for the legislation to be changed, making illegal the selling or ownership of radio scanners - a market worth an estimated �200 million a year to the telecommunications industry. An investigation published today in What Cellphone explains how hackers have used a radio scanner coupled to a cheap electronic decoder and a computer running freely available software to receive other people's pager messages from anywhere in the country. It is not an offence to own either a scanner - they are used by yachtsmen to monitor weather forecasts - or the electronic decoder, which is advertised on the Internet as a home automation device. It is the marrying of radio and computer technology that makes pager hacking more of a threat to businesses and individuals than eavesdropping on cellphones. If the scanner is left connected to a computer, a log of every pager message sent by anyone in the country can easily be recorded. This log can then be used in a common word processor program and searched for key words, such as the names of politicians, celebrities or companies. Details of how hackers can send false messages has appeared on the Internet in the past few days.

Other messages seen include arrangements for sexual liaisons and details of fruit machines that are malfunctioning

"Hacking into pagers is very easily done by anyone with some DIY experience and potentially much more damaging than listening in on cellphone calls," said Bob Tomalski, editor of What Cellphone. "With cellphones, hackers have to listen to the messages as they happen. With pagers they can record a day's messages and search through them later." Once a message has been linked to a particular caller, the software can be set up to search specifically for that pager's identification code, which appears at the beginning of each pager message. Retail chains use the pager system to send details of each store's takings to head office. Messages seen by the Telegraph range from "Yesterday takings �659, see you in pub in 10 minutes" to the precise breakdown of the sales of a big supermarket chain. Other messages seen include arrangements for sexual liaisons and details of fruit machines that are malfunctioning and paying out big amounts in pubs. Of particular concern is the revelation that hackers have intercepted passwords used to switch off alarm systems sent to security guards via the pager network. For years, analogue cellphones have been known to be vulnerable, culminating in the publication of conversations between members of the Royal Family. But despite concerns about the vulnerability of mobile phones, little attention has been paid to pagers, which are much easier to tap. Mobile telephones use several thousand radio frequencies and have a limited range, so the eavesdropper must be near the cellphone receiving the call and have technical knowledge to track the call. Pagers by contrast, receive easily decoded analogue signals based on 25-year-old technology and transmitted on only 10 - published - frequencies. Because the networks do not know where each pager is located, each message is beamed across the country, so that a hacker can receive messages destined for any of the 900,000 pager users from Penzance to Aberdeen. -- Nicolas Hammond NJH Security Consulting, Inc. njhm at njh.com 211 East Wesley Road 404 262 1633 Atlanta 404 812 1984 (Fax) GA 30305-3774 From jya at pipeline.com Thu Oct 3 13:38:19 1996 From: jya at pipeline.com (John Young) Date: Fri, 4 Oct 1996 04:38:19 +0800 Subject: FUCK!!!!!!;-) The Book Message-ID: <199610031531.PAA04824@pipe2.ny1.usa.pipeline.com> A new book, "Digital Soldiers," by James F. Dunnigan, emphasizes that information warfare -- deceiving the enemy -- is as old as war, and that the PR-driven media today work closely with the warfighting industry to protect their mutually lucrative markets. The latest GAK PR campaign fits this. Dunnigan also makes hash of the recent opportunistic "infowar" PR, along with adept grinding of the vast, corrupt high-tech defense industry worldwide, led by the US war-prognosticating PR-media-policy lizards. As he says, bad news is always good news for the Hearsts and Rasputins (Responsible Personages), for the liars of brimstone religion, for all the terrifying doomsayers peddling trust-my-god: me, now tithe or be taxed. Dunnigan's sermon: stop the pork, then there will be plenty of resources to deal with the rest of society's ills. Otherwise, peace, real or vitural, is war, sustained barbarity camouflaged by self-interested civility -- the peacefighting, ticket-punching officer, er, journalist, class. Digital Soldiers The Evolution of High-Tech Weaponry and Tomorrow's Brave New Battlefield James F. Dunnigan St. Martin's Press, New York; $25.95 ISBN 0-312-14588-8 From scallon at kiwi.pyrotechnics.com Thu Oct 3 14:06:16 1996 From: scallon at kiwi.pyrotechnics.com (scallon at kiwi.pyrotechnics.com) Date: Fri, 4 Oct 1996 05:06:16 +0800 Subject: Cypherpunk forgery. Message-ID: <19961003164259.20019.qmail@kiwi.pyrotechnics.com> I just got word from one of my buddies that someone has been forging my e-mail to cypherpunks talking about the pederast organization NAMBLA. The guys at Penn State where the forgery came from have started to investigate and will bring the perpetrators to a discip- linary hearing. Thank you for your co-operation. BTW: Below is my real .Sig -- Brendan John Francis Scallon When it comes to the net, I'm scallon at pyrotechnics.com similar to the thrilla in Manila DROP Squad - Pali-town http://www.pyrotechnics.com/~scallon GEORGE CLINTON for PREZ This country needs a BOOTSY COLLINS for VP Parliament, not a Congress From andrew_loewenstern at il.us.swissbank.com Thu Oct 3 14:22:12 1996 From: andrew_loewenstern at il.us.swissbank.com (Andrew Loewenstern) Date: Fri, 4 Oct 1996 05:22:12 +0800 Subject: Fighting Clipper III In-Reply-To: Message-ID: <9610031655.AA00896@ch1d157nwk> Jim McCoy writes: > The big brother inside stickers from the last campaign were > nice, maybe people can come up with variations of various > corporate logos or marketting phrases which help get the > message across? Big Brother Inside stickers are a classic and should be revived. I would like to see a takeoff of the IBM logo since they are the ones who seem to be cozying up to the USG the most (with the exception of TIS whom nobody has ever heard of). How about "GAK" in the familiar IBM blue pinstripe logo? Or "IBBM" International Big Brother Machines? Everyone recognizes the IBM logo. andrew From tcmay at got.net Thu Oct 3 14:36:22 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 4 Oct 1996 05:36:22 +0800 Subject: Fighting Clipper III In-Reply-To: Message-ID: At 6:37 AM -0700 10/3/96, Declan McCullagh wrote: >You'll have trouble doing a successful boycott of RSA. What, you won't >use Netscape Navigator or PGP? We should be happy that both Netscape and Microsoft are conspicuously missing from the list of GAK conspirators. We need to somehow keep it this way. On the list of GAK conspirators itself, this just confirms the "behind the doors key escrow deal" I wrote about more than two years ago (check the archives, for August 1994, under the thread name "Software Key Escrow" or something close to this). A person within Microsoft confirmed to me that a deal was being cut to put key escrow into _software_, rather than the Clipper chip-based hardware option which was then dominant in the discussions. (The plan followed revelations of a TIS-NSA-Berkeley axis that developed in early '94 and that was made semi-public at the Karlsruhe, Germany conference in the spring of '94.) That Bill Gates has since come out strongly against software key escrow, and that Microsoft has not joined this deal, is terribly important. Netscape has also spoken against mandatory key escrow systems, in the person of James Barksdale. (I'm not sure what Jim Clarke's position is these days, after his much-discussed pro-GAK comments of about a year ago; in any case, he's no longer actively supporting GAK from what I can see.) Question: If RSADSI supports GAK, and Netscape/Microsoft license some technologies from RSADSI, could Netscape or Microsoft then be forced to adopt GAK? (Personally, I don't see how. The core crypto routines might be licensed, but these deals were probably negotiated a while back. But who knows?) I think we should support Microsoft and Netscape in their nonparticipation in the Cabal. Sometimes being an 800-pound gorilla has its advantages. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From stewarts at ix.netcom.com Thu Oct 3 14:37:54 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Fri, 4 Oct 1996 05:37:54 +0800 Subject: The Right to Keep and Bear Crypto Message-ID: <199610031709.KAA28569@dfw-ix11.ix.netcom.com> At 08:29 PM 10/2/96 -0700, azur at netcom.com (Steve Schear) wrote: >>T[i]m May wrote: >>I've argued since 1992 on Usenet and here that "crypto as arms" is a >>potentially dangerous tack to follow. (Others, including legal experts, >>have also argued this point.) >> >>Given that it is well-established, whether we agree or not, that the USG >>may restrict private ownership of atom bombs, nerve gases, CBW weapons, >>machine guns, switchblade knives, nunchuk sticks, and various other "arms," >>the association of crypto with armaments is potentially *DISASTROUS*. > >Unless we get the strong support of the gun lobby and NRA. The gun lobby and NRA are generally against handgun registration, but haven't stopped it. We're against crypto key registration. The gun lobby and NRA are generally against machine gun licensing requirements, but haven't stopped it. We're against strong crypto licensing requirements. The gun lobby and NRA are generally against firearms dealers' licensing, but haven't stopped it. We're against crypto dealers' licensing. The gun lobby and NRA are generally against assault weapon import laws, but haven't stopped them. We're against strong crypto import laws. The NRA supports Instant Background Checks (because it thinks they're less bad than N-Day Waiting Periods). We're against central government permitted-users databases, and we're against Key "Escrow" even if some people think it's less bad than an outright ban. The NRA supports the politically incorrect hunting enthusiasts. We (generally) support politically incorrect tax evasion, black markets in recreational pharmaceuticals, and free speech for people we dislike. If your lobbyists lose and you have to register your gun, it still works. If your lobbyists lose and you have to register your crypto keys, you lose; that means the government or anybody who can get your keys can crack your stuff. If your lobbyists lose and you have to get permission to make guns, most of the interesting guns can still be made. If your lobbyists lose and you have to get permission to write crypto, many of the interesting crypto applications won't get written - we not only depend on the free flow of ideas, but on people doing applications as a hobby or a small business that can't afford to become Registered International Arms Dealers, don't want to wait the months that such registration takes for background checks, and don't want to give up all the privacy involved just so they can write a bug report for somebody else's code or suggest an improvement. Face it, as much as the Gun Lobby has slowed down the growth of anti-gun laws, they've still lost step by step, law by law, against a government that's succeeded in scaring the public about threats to public safety and in convincing the public that only the military needs strong weapons and that registering everyday-use weapons is just fine. I support much of what they do, and I'd be happy if they supported us, and it's probably easier to get their support on crypto than drug rights, but we can't _depend_ on it. Also, getting public support for crypto is a hearts-and-minds deal; the press generally dislikes guns, and generally approves of free speech, and press support is important - especially since the press's default behaviour is to believe government press reports about crypto-narco-porno-terrorists using assault remailers. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com America's Open Presidential Debate - Beyond Dole and Clinton! Tuesday, Oct. 8th 8:00 PM EDT From jimbell at pacifier.com Thu Oct 3 14:48:01 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 4 Oct 1996 05:48:01 +0800 Subject: Flood Warning Message-ID: <199610031731.KAA26729@mail.pacifier.com> At 02:47 PM 10/3/96 GMT, John Young wrote: > High-Tech Leaders Join Forces to Enable International > Strong Encryption > > See: http://www.ibm.com/news/alliance2.htm This is apparently no longer valid. Is there a new one? Jim Bell jimbell at pacifier.com From rah at shipwright.com Thu Oct 3 14:54:16 1996 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 4 Oct 1996 05:54:16 +0800 Subject: Clipper III on the table In-Reply-To: Message-ID: At 9:19 am -0400 10/3/96, snow wrote: > > Wake up, America! > > He won't love you in the morning. > > Where could one aquire this bumpersticker? A lot of people have asked me this. :-). Just send me e-mail, and I'll forward it on to my brother, who had them printed up. He gave the first few away, but the postage on the tube he sent mine to me in was $3.00, ('course he sent it to me priority mail...), so he's not going to do that for long if I choke his mailbox... Anyway, pricing the things so he doesn't lose money's his problem, I suppose. :-) Just send me a message saying you want one, and I'll pass it along. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From jimbell at pacifier.com Thu Oct 3 15:00:19 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 4 Oct 1996 06:00:19 +0800 Subject: NYT on IBM GAK Message-ID: <199610031711.KAA25345@mail.pacifier.com> At 07:51 AM 10/3/96 -0500, Adam Shostack wrote: >Rich Burroughs wrote: > >| The word "boycott" leaped into my mind. I personally do not believe that I >| will be buying products from any of these companies, as long as thay >| participate in this GAK charade. > > Folks, > Lets be reasonable. Its time to jump on board the GAK >bandwagon. After all, where better to disrupt the music? We need to >start writing GAK software, and it better be up to the high standards >that the NSA sets for itself. > > Once we've written it, and its being distributed, we can say >'See, another broken bit of GAK software. Not even the NSA could get >it right. Our data is too important to be using broken software to >protect us.' > And we have 56 bit exportability in hand. >Adam The problem is that the appearance of defeat could easily guaranteee the real defeat itself. Jim Bell jimbell at pacifier.com From walt at animal.blarg.net Thu Oct 3 15:04:46 1996 From: walt at animal.blarg.net (Walt Armour) Date: Fri, 4 Oct 1996 06:04:46 +0800 Subject: Key recovery/RSA/Bidzos/WTF?!? Message-ID: <199610031655.JAA18003@animal.blarg.net> What's up with some of these press releases? Can anyone clear up the confusion with RSA/Bidzos/Key recovery? Here are some quotes: ================= >From NYT:CyberTimes (2 Oct) "Clinton Encryption Plan Is Generating Resistance" Executives of the International Business Machines Corp. said late Tuesday that they were still lining up the final list of companies in the alliance. Those involved will include Digital Equipment and smaller data-security companies including RSA Data, Cylink and Trusted Information Systems. ================= >From NYT:CyberTimes (2 Oct) "Clinton Encryption Plan Is Generating Resistance" "The government announcement is disastrous," said Jim Bidzos, chief executive of RSA Data Security, one of the country's leading developers of data-scrambling software. "We warned IBM that the National Security Agency would try to twist their technology." ================= >From BusinessWire (2 Oct) "JOINT PRESS ANNOUNCEMENT/ HIGH-TECH LEADERS JOIN FORCES TO ENABLE INTERNATIONAL STRONG ENCRYPTION" "Export controls are a fact of life," said Jim Bidzos, president of RSA Data Security. "The key recovery alliance's approach will allow companies to use cryptography with differing levels of security in an interoperable way. When the alliance implements this technology it will give the user a new level of flexibility that did not exist before. In an imperfect world this technique will at least allow you to take advantage of what governments around the world will allow." ================= So is RSA part of this or not? Is the middle quote above mis-attributed? walt From tcmay at got.net Thu Oct 3 15:11:54 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 4 Oct 1996 06:11:54 +0800 Subject: The Right to Keep and Bear Crypto In-Reply-To: Message-ID: At 11:39 AM -0400 10/3/96, Mullen Patrick wrote: >However, all of this is irrelevant, because I must say, Tim May has the >proper idea -- We may have the right to bear crypto, but the government >has the right to limit the types/amounts of crypto we bear. Careful! I did not say this. At least not in the form here. >** Success in this matter is classifying crypto as speech ** This was closer to the point I actually made. >I read somewhere (probably here) about a case which was (was destined??) to >be a precedent for crypto as speech. All I can remember was something about >the code being classified as speech, or something like that. Sorry I can't >quite remember what it was. Anyone have any suggestions/references? This was Judge Patel's earlier ruling in the Bernstein matter, much discussed here of late. But until the Supremes get the case, eventually, and rule on it one way or another, I think it's not well-established. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jimbell at pacifier.com Thu Oct 3 15:20:00 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 4 Oct 1996 06:20:00 +0800 Subject: Fw: Re: ITAR satellite provision Message-ID: <199610031711.KAA25355@mail.pacifier.com> At 07:17 AM 10/3/96 -0400, Black Unicorn wrote: >On Thu, 3 Oct 1996, Remo Pini wrote: >> Date: Thu Oct 03 08:08:42 1996 >> > >* A launch vehicle or payload shall not, by reason of the launching >> > >* of such vehicle, be considered an export for purposes of this >> > >* subchapter. >> > Okay, everybody, call Estes! We've got some crypto to export...er...laun >> > ch! >> If I get the above wording correctly (unicorn, help me!), it is sufficient >> to put the cryptostuff on a disc in a LAUNCHABLE device, it never says that >> the payload has to be delivered by air. So, just put that thing in a bag >> and get it through customs... (or does "by reason of ..." mean that the >> exclusive means of export allowed is launching ?) > >The launching alone will not cause it to be an export. If it is launched >and then ends up outside the U.S., it could be an export. Certainly if it >is launched with the purpose of exporting crypto, it will be an export. Too bad you didn't support this with a logical argument. The wording was clearly intended to be an exception to a rule. What the wording doesn't include is the "exception to the exception," most likely because they weren't thinking in too great a detail when they wrote the regulations. But if the regulation is "wrong," the fault of that is those who wrote the regulation. (and we, the public, are entitled to assume that the regulation is "right" in its literal meaning.) It appears that the government left a loophole so large that you could drive a truck...er...shoot a rocket through it. Jim Bell jimbell at pacifier.com From snajdr at pvt.net Thu Oct 3 15:22:05 1996 From: snajdr at pvt.net (Petr Snajdr) Date: Fri, 4 Oct 1996 06:22:05 +0800 Subject: WINDOWS NT ???? In-Reply-To: Message-ID: <32538492.248D9F32@pvt.net> hi, is Windows NT secured system ? -- Petr Snajdr From froomkin at law.miami.edu Thu Oct 3 15:24:28 1996 From: froomkin at law.miami.edu (Michael Froomkin - U.Miami School of Law) Date: Fri, 4 Oct 1996 06:24:28 +0800 Subject: Fw: Re: ITAR satellite provision In-Reply-To: <9610030712.AA02002@srzts100.alcatel.ch> Message-ID: Alas, a common fallacy. You have committed a prohibited export when the stuff lands outside the USA....It's not illegal when it goes up ("by reason of the launching" and, e.g. *stays up* in orbit) but it is illegal when it comes down abroad. On Thu, 3 Oct 1996, Remo Pini wrote: > > >* A launch vehicle or payload shall not, by reason of the launching > > >* of such vehicle, be considered an export for purposes of this > > >* subchapter. > > Okay, everybody, call Estes! We've got some crypto to export...er...laun > > ch! > If I get the above wording correctly (unicorn, help me!), it is sufficient > to put the cryptostuff on a disc in a LAUNCHABLE device, it never says that > the payload has to be delivered by air. So, just put that thing in a bag > and get it through customs... (or does "by reason of ..." mean that the > exclusive means of export allowed is launching ?) > **Benjamin Bradley Froomkin, b. Sept. 13, 1996, 8 lbs 14.5oz 21.5"** **Age two weeks: 9 lbs 12 oz, 23"** A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin at law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's hot here. And humid. From froomkin at law.miami.edu Thu Oct 3 15:25:35 1996 From: froomkin at law.miami.edu (Michael Froomkin - U.Miami School of Law) Date: Fri, 4 Oct 1996 06:25:35 +0800 Subject: The Right to Keep and Bear Crypto In-Reply-To: Message-ID: No. And No. This argument will never fly in any court. If you want to see why, go to my homepage http://www.law.miami.edu/~froomkin and search for the (fictional!) "really pro-Clipper court decision". Then find the section trashing this argument. (sorry I can't give a better pointer but I'm not at work today). On Wed, 2 Oct 1996, Steve Schear wrote: > A well-regulated Militia, being necessary to the security of a free State, > the right of the people > to keep and bear Arms, shall not be infringed. > --Constitution of the United States of America, > Amendment II, 1791 > > I'm not a consitiutional scholar, but it seems to me that since the > government has already classed crypto as arms via ITAR and since the I am > guaranteed the right to bear arms I choose to bear the crypto of my choice > as part of my arsonal. > [etc.] **Benjamin Bradley Froomkin, b. Sept. 13, 1996, 8 lbs 14.5oz 21.5"** **Age two weeks: 9 lbs 12 oz, 23"** A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin at law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's hot here. And humid. From scottb at aca.ca Thu Oct 3 15:30:10 1996 From: scottb at aca.ca (scottb at aca.ca) Date: Fri, 4 Oct 1996 06:30:10 +0800 Subject: chaining remailers Message-ID: <96Oct3.141143edt.15729@gateway.aca.ca> Can someone point me to where I can get software to take advantage of chaining remailers for Windows 95?? Actually, can this be done through a Windows enviroment, or do I need to run Linux? /sb From attila at primenet.com Thu Oct 3 15:37:18 1996 From: attila at primenet.com (attila) Date: Fri, 4 Oct 1996 06:37:18 +0800 Subject: "Mormon Asshole?" re: GAK In-Reply-To: Message-ID: <199610031843.MAA10736@infowest.com> on 03 Oct 1995, Dr. Dimitri Vulis KOTM defecated: .(We have at least one mormon asshole here, attilla, who's obviously pro-GAK) . ------ pro-GAK? either me or the average Utahn? really? no way. other than Salt Lake City area which might be more pro-GAK, which were it not for Temple Square, etc. could be just any other large city with a Mormon MINORITY. the population influx asking to be able to join our safe communities and values has not only changed the balance of power in favour of outsiders, but the outsiders brought their social problems (gangs, drugs, morals, etc.) with them. and maybe willing to trade their freedoms for temporary security. surprised? ask questions before you quote me (or anyone) as to their position on constitutional matters. your innuendos and depravity is unworthy of any educated Western individual, or do you not consider yourself a Western intellectual? maybe you really are only capable of playing the Vodka sotted Russian fool? where is your dancing bear? I think I have more than a few credentials for being anti anything the Feds propose on curbing the Bill of Rights and the Constitution --including more than several visits from the boys in grey trench coats in the early morning, and being arrested and charged by the Feds with both crypto and 'trading with the enemy' --the fear of public disclosure is what stops them from going even to indictment. and, I endured one of their standard forms of pay- back, at a personal price we shall not discuss. a man is considered lucky if he has one true friend when he is down and being kicked by the Feds; I found a virtual army of good people, many outside my immediate ward, who not only did not turn their backs, but actively supported; many not even knowing what the fight was about, let alone understanding it other than not only my rights, but theirs as well, were be trampled upon by the Feds. do you have any friends like that? --to you, that is a loaded question which probably should been framed as '...do you have any friends?' but I shall give you the benefit of the doubt. dimitri (in the diminutive), go sniff a few flowers to counter your rank stench of incivility. go wander the boardwalk as an obscure soul. lighten up; the glass of water we ALL drink from is still at least half-full, not half-empty. sometimes life does give free refills. -- "The only natural criminal class in America, the U.S. Congress" --Mark Twain From omega at bigeasy.com Thu Oct 3 15:40:40 1996 From: omega at bigeasy.com (Omegaman) Date: Fri, 4 Oct 1996 06:40:40 +0800 Subject: support for "crack DES" Message-ID: <199610031820.NAA22583@bigeasy.bigeasy.com> > NetScape might not hawg the glory, but Bully Billy will trumpet > to the world that HE devised the means, HE directed the breakers, > and MicroSlop is the "benevolent" [read greedy, vicious, corrupt, > threatening predator] organization which "pulled freedom loving > Americans clear from the *very* mouth the the beast." Considering the situation -- considering that RSA has even signed on to this scheme -- I'd have to say that I don't give a rat's ass what Bill Gates claims. If Micro$oft bucks the system, I'll gladly applaud their stand. The situation is not good at all. Cracking DES (whether distributed or through a hardware crack, or both!) seems critical at this point. me -------------------------------------------------------------- Omegaman PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2 59 0A 01 E3 AF 81 94 63 Send a message with the text "get key" in the "Subject:" field to get a copy of my public key. -------------------------------------------------------------- From gnu at toad.com Thu Oct 3 15:42:07 1996 From: gnu at toad.com (John Gilmore) Date: Fri, 4 Oct 1996 06:42:07 +0800 Subject: How to Compete under Clipper-3 Message-ID: <199610031836.LAA22062@toad.com> > * Even if some industry participants fall for it, the majority will not. > The "deal" is simply not any good for anyone but the Administration. > Expect the same opposition to Clipper III as we saw with Clipper I and II. The difference is that some weak companies will decide to fall for it. These companies may think that two years of 56-bit un-escrowed products (with promises of key escrow in future releases) will be competitive against 40-bit un-escrowed products. They're right, but that's not the competition they will be facing. The right competitive strategy is to build strong crypto using 168-bit Triple-DES, in a country that has a sane government and a respect for privacy. Such products would sell well against 56-bit products or key-escrowed products produced by the weak companies that tried to lean on the government for a competitive edge. If the US government ends up ever imposing import restrictions on crypto, it will be completely clear to everyone that their goal all along has been to restrict the availability of privacy to AMERICANS. The export laws, their continual announcements that "Americans are free to use any crypto they want", and all their preaching about impacts on foreign intelligence would be known as an obvious sham all along. Import restrictions would not be any more Constitutional than export restrictions. The Constitutional right to receive information (in the form of source code) from outside the US will enable companies to bypass any import restrictions that survive Constitutional scrutiny. They can do their crypto development in a free country, ship binaries to most of the world from there, ship source code to the United States, and compile that source code to binaries for local US distribution. None of these actions will violate any US export or import controls that can be Constitutionally imposed. Such development can be done in dozens of countries. Some countries who aren't afraid of their citizens having privacy will find it economically advantageous to remain free, despite US pressure to suppress privacy. A small industry of good cryptographers will grow into a large industry there, as the US pressures the rest of the world to become less free. John From tcmay at got.net Thu Oct 3 15:49:24 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 4 Oct 1996 06:49:24 +0800 Subject: The New GAK-Clipper Thing will Fail Message-ID: Comparing the latest GAK/Clipper III (or is it Clipper IV?) thing to the original Clipper announcement in April 1993, I sense a lot more confusion, a lot more thorny issues, and a lot more vagueness. They just seem more disorganized and less committed than the last time around. Each iteration of Clipper gets less focussed and seems to last a shorter time before the next version is being talked about. A good thing, of course. Some random points: * Unlike with Clipper, where a specification existed and was available within a few weeks for analysis, and where hardware existed (the Mykotronx chips, the AT&T phone), what has been publically presented so far is just a vague commitment to participate. * There seem to be many ways around the new GAK: --superencryption is essentially impossible to stop (e.g., use PGP on text messages, then use the officially-approved GAK--how could this be outlawed?) --the large pool of _existing_ crypto products means people will be using these products for years to come (possibly within GAK wrappers, as just noted)...unless the New World Order (tm) somehow locates, seizes, or otherwise makes criminals out of those who use a once-legal product, how could this be stopped? --the "degrees of freedom" for messages have sharply increased in the last several years: messages inside Web accesses, messages "sent" by posting to message pools (*), direct phone calls, the Net, etc. (* Will posting encrypted messages to the Usenet or world-readable Web sites become a crime? Or will attempts be made to limit distribution of Usenet and access to Web sites? Neither of these seems feasible, but how else could the stated goals of the Administration ("stopping terrorists, etc. from conspiring") be stopped?) (On this point above, yes, I know that there has been no talk of illegalizing the sending of mere encrypted data, only the export of non-GAKked programs. But I think it likely that the LEAs will realize that "criminals" are still conspiring with crypto. One thing they may try is to require that any communication with a non-U.S. site involve GAK. This then raises the Usenet/message pool directly. Since such sites have world-distribution, currently, posting encrypted messages to alt.anonymous.messages or to a mailing list like this necessarily involves export of the messages. It gets complicated to enforce, naturally.) * The Cabal itself seems confused as to what's involved. They seem to be counting on IBM and/or TIS to deliver the solution, and may be just signed on for what they think are reasons of political expediency. * As the IBM scheme gets attacked (in the way Matt Blaze attacked Tessera), as questions are raised about the Key Authorities and their cooperation, and as the _costs_ are revealed....well, I expect further crumbling. (On the "costs" issue, running these Key Authorities, staffing them, complying with subpoenas (and who will _fight_ the subpoenas?), etc., will not be cheap. For software products like Navigator and Explorer, that are either free or very cheap, just who will pay for this infrastructure? Someone at the EPIC Pro-CODE conference in Palo Alto a few months ago--I forget whom--presented calculations of just how expensive a "key recovery" infrastructure could be. Will it cost $50 to send a message to a foreign site? Better to use message pools! :-}) I apologize for the random nature of my comments here. I just see so many points of attack, so many ways to skirt the intentions of GAK, and so much ambivalent commentary from the companies involved, that I am convinced this whole thing will crumble. Unless a "major terrorist incident" galvanizes the effort, it looks to start falling apart almost immediately under the onslaught of Cypherpunks, hackers, other governments (think France wants the USG having access to their traffic?), and the "crypto anarchy" of nations whose borders are not even speed bumps. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From mccoy at communities.com Thu Oct 3 16:21:55 1996 From: mccoy at communities.com (Jim McCoy) Date: Fri, 4 Oct 1996 07:21:55 +0800 Subject: Clipper spin [was Re:Flood Warning] In-Reply-To: <199610031447.OAA03009@pipe2.ny1.usa.pipeline.com> Message-ID: [...] > > High-Tech Leaders Join Forces to Enable International > Strong Encryption > > See: http://www.ibm.com/news/alliance2.htm The "International Strong Encryption" phrase is something that we need to become active in stopping. Anything which responds to such announcements should put a different spin on this phrase. If the Clipper farce is accepted as "strong" encryption then the battle is lost; maybe something like "it is _international_ strong encryption because it is the strongest encryption people like Saddam Hussein [insert bogeyman du jour] want Americans to have access to" jim From mccoy at communities.com Thu Oct 3 16:23:04 1996 From: mccoy at communities.com (Jim McCoy) Date: Fri, 4 Oct 1996 07:23:04 +0800 Subject: Fighting Clipper III In-Reply-To: Message-ID: Declan McCullagh writes: >You'll have trouble doing a successful boycott of RSA. What, you won't >use Netscape Navigator or PGP? Actually RSA is not a hard target for people like us to threaten. The Diffie-Hellman patent expires in 210 days. Cylink is prevented from taking legal action against anyone for violating this patent while the current lawsuit is being decided. When Diffie-Hellman expires ElGamal is available for use for free. So the best threat one can make against RSA is to directly challenge their revenue stream: start working on making ElGamal an available option in all systems which use RSA. jim From perry at piermont.com Thu Oct 3 16:26:11 1996 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 4 Oct 1996 07:26:11 +0800 Subject: How to Compete under Clipper-3 In-Reply-To: <199610031836.LAA22062@toad.com> Message-ID: <199610031925.PAA11450@jekyll.piermont.com> John Gilmore writes: > The right competitive strategy is to build strong crypto using 168-bit > Triple-DES, in a country that has a sane government and a respect for > privacy. You mean, like SSH's product? For those that don't follow this, people who don't want to have their communications listened in on are free to buy high quality communications security products from SSH Communications Security, Ltd. Their stuff is distributed internationally by Datafellows, and includes 3DES, 128 bit IDEA, and plenty of other high quality crypto products -- you configure it for the cipher of your choice. Key management is handled with arbitrary key length RSA -- you, the user, tune the length of the key, not the NSA. The software is available free for noncommercial use and can be downloaded on the net. Commercial users must pay a license fee. This is only one such company. Most such companies are doing fine, and aren't playing along with stupidity propagaged inside the beltway. Perry From jimbell at pacifier.com Thu Oct 3 16:57:44 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 4 Oct 1996 07:57:44 +0800 Subject: The Right to Keep and Bear Crypto Message-ID: <199610031845.LAA01932@mail.pacifier.com> At 11:39 AM 10/3/96 -0400, Mullen Patrick wrote: >This may (will?) limit the products which are produced by large corporations, >as their need for a single, globally distributable product is respected. >However, smaller companies who have neither the desire nor finances to >distribute their product on a global scale will be unaffected. Shareware/ >freeware products will also be unaffected (unless someone from another >country pulls it off a website, or similar means). > >However, all of this is irrelevant, because I must say, Tim May has the >proper idea -- We may have the right to bear crypto, but the government >has the right to limit the types/amounts of crypto we bear. > >** Success in this matter is classifying crypto as speech ** >Patrick While I agree we shouldn't push the crypto/arms connection, on the other hand I think we can push BACK: If the government tries to equate crypto with arms,take the position that while we disagree with this equation, to the extent the government is using it, it must take the good with the bad and accept the "keep and bear arms" interpretation literally. Jim Bell jimbell at pacifier.com From dlv at bwalk.dm.com Thu Oct 3 17:38:16 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 4 Oct 1996 08:38:16 +0800 Subject: [FACTS] Mountain Meadows Massacre In-Reply-To: <199610031213.GAA16253@mail.xmission.com> Message-ID: "Deana Holmes" writes: > > No wonder the criminal cult doesn't want its foul deeds subjected to public scrutiny by "dead-agenting" its critics. Is Timmy May a paid cult apologist? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From trei at process.com Thu Oct 3 17:45:37 1996 From: trei at process.com (Peter Trei) Date: Fri, 4 Oct 1996 08:45:37 +0800 Subject: RSA's position on espionage-enabled crypto. Message-ID: <199610032013.NAA23928@toad.com> RSA has put up a 'position statement' on clipper 4 at their home page at www.rsa.com. They're not rejecting it, but are clearly not wildly pro-GAK either. It's clearly early days yet. Peter Trei Senior Software Engineer Purveyor Development Team Process Software Corporation http://www.process.com trei at process.com From aba at dcs.ex.ac.uk Thu Oct 3 17:59:05 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Fri, 4 Oct 1996 08:59:05 +0800 Subject: REM_ail In-Reply-To: <199610021627.JAA25110@mail.pacifier.com> Message-ID: <199610031349.OAA00384@server.test.net> Jim Bell writes: > Now that Helsingius has shut down Penet, what's to stop him from simply > LYING about the source of the messages in question, maybe claiming that they > came from the output of a cypherpunks remailer and are thus permanently > untraceable? > > (one feature it might have been useful for him to have included in Penet is > the ability of the user to re-address a return address, which would > presumably erase the original address in the records. Just sending email > and some particular password would do it...) He did have a feature which allowed you to remove your address. (Either by sending mail to "remove" or "delete" (with a password if you had one set)). Adam -- #!/bin/perl -sp0777i Message-ID: On Thu, 3 Oct 1996, Declan McCullagh wrote: > Date: Thu, 3 Oct 1996 06:37:45 -0700 (PDT) > From: Declan McCullagh > To: Jim McCoy > Cc: cypherpunks at toad.com > Subject: Re: Fighting Clipper III > > You'll have trouble doing a successful boycott of RSA. What, you won't > use Netscape Navigator or PGP? > > -Declan > A boycott isn't necisarily non-_USE_. I'll still use DEC machines, I just won't purchase any new ones (as if I could afford to anyway). I have PGP, I've been using PGP, I will use PGP. But I'm not going to buy anything from RSA, even if I previously had been inclined to. --Deviant Try `stty 0' -- it works much better. From aba at dcs.ex.ac.uk Thu Oct 3 18:30:37 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Fri, 4 Oct 1996 09:30:37 +0800 Subject: boycott GAKkers (was Re: NYT on IBM GAK) In-Reply-To: <3.0b24.32.19961002181037.0067e434@mail.teleport.com> Message-ID: <199610031402.PAA00388@server.test.net> Rich writes: > >>> > >>> The New York Times, October 2, 1996, pp. D1, D8. > >>> Executives of the International Business Machines > >>> Corporation said late yesterday that they were still lining > >>> up the final list of companies in the alliance. Those > >>> involved will include Digital Equipment and smaller > >>> data-security companies including RSA Data Security, Cylink > >>> and Trusted Information Systems. > [...] > > The word "boycott" leaped into my mind. I personally do not believe that I > will be buying products from any of these companies, as long as thay > participate in this GAK charade. It might be worth people in the US who have connections with any of the companies who have been reported as signing on to GAK asking their CEOs, etc. for a statement on the company position wrt GAK. (To make sure the boycott is justified, and not the result of bad reporting). If their reports confirm a pro-GAK stance, their company should be added to the list of shunned. Perhaps cypherpunks who currently work for the companies in question could also find out the story. If they have an option, they could perhaps leave in protest, stating GAK governmen sell out as the reason in their resignation letter. (I've seen HP, Sun, RSADSI, TIS, Apple, Atalla, DEC, Groupe Bull, IBM, NCR Corp., and UPS mentioned). Any confirmations? Denials? Adam -- #!/bin/perl -sp0777i Message-ID: <9610032208.AA02808@sabel.idacom.hp.com> -----BEGIN PGP SIGNED MESSAGE----- jim bell writes: > > High-Tech Leaders Join Forces to Enable International > > Strong Encryption > > > > See: http://www.ibm.com/news/alliance2.htm > This is apparently no longer valid. Is there a new one? I found it again, at: http://www.ibm.com/News/ls961002.html MJ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMlQw7G3Fsi8cupgZAQFSvwP/b/Q1G/VGuw0PuvlsMp0/pZ8kJAeWze7X C8GmJ8GPi3fUWcmXD9z01bmbhVNFMq67/w0DhnN3k6agL9NKjmq4lymI+O46aAin lrKjREvp92j0/Trac9G3ZvAXbYWfEDvSowTECB+CykdR1ZICqT2Y9RZ0bXDr73US O78IesGegxM= =qNuH -----END PGP SIGNATURE----- From romana at glamazon.com Thu Oct 3 18:41:10 1996 From: romana at glamazon.com (Romana Machado) Date: Fri, 4 Oct 1996 09:41:10 +0800 Subject: EzStego in Java!: Now Disappearing At A Site Near You Message-ID: EzStego, my tool for "steganography made easy", now has its own web site at http://www.fqa.com/ezstego/ EzStego is currently alpha software. Use it at your own risk. It is a reimplementation in Java, with much improvement, of my notorious shareware product, Stego. EzStego is also shareware. I have made the source code available for peer review and verification. EzStego and EzSteggy are (C) Romana Machado 1996. All rights reserved. Romana Machado romana at fqa.com http://www.fqa.com/romana/ http://www.glamazon.com/ From shamrock at netcom.com Thu Oct 3 18:47:31 1996 From: shamrock at netcom.com (Lucky Green) Date: Fri, 4 Oct 1996 09:47:31 +0800 Subject: Fighting Clipper III In-Reply-To: Message-ID: On Thu, 3 Oct 1996, Timothy C. May wrote: > I think we should support Microsoft and Netscape in their nonparticipation > in the Cabal. Sometimes being an 800-pound gorilla has its advantages. Indeed we do need to support Netscape and Microsoft as long as they oppose GAK. --Lucky, who meant to buy a new PowerBook 5300 for his girlfriend this week and who now will get her a Win95 machine because of Apple's support for GAK. I'm glad I didn't buy it yet. Apple, are you listening? From jimbell at pacifier.com Thu Oct 3 19:30:54 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 4 Oct 1996 10:30:54 +0800 Subject: The Right to Keep and Bear Crypto Message-ID: <199610032012.NAA07518@mail.pacifier.com> At 10:09 AM 10/3/96 -0700, Bill Stewart wrote: >At 08:29 PM 10/2/96 -0700, azur at netcom.com (Steve Schear) wrote: >>Unless we get the strong support of the gun lobby and NRA. > >The gun lobby and NRA are generally against handgun registration, >but haven't stopped it. We're against crypto key registration. >The gun lobby and NRA are generally against machine gun licensing requirements, >but haven't stopped it. We're against strong crypto licensing requirements. >The gun lobby and NRA are generally against firearms dealers' licensing, >but haven't stopped it. We're against crypto dealers' licensing. >The gun lobby and NRA are generally against assault weapon import laws, >but haven't stopped them. We're against strong crypto import laws. If the wimps at the NRA had any guts, they would poll their membership, asking if anybody would be willing to make "the sacrifice" (presumably due to a recent terminal illness diagnosis). Then, they'd get on the phone to the Supreme Court, and point out that they'd just noticed that Supreme Court appoints were ONLY "good for life" and suggest nicely that if all of the above outrages (WRT guns) weren't reversed within the year, they predict about nine open seats shortly thereafter. Okay, maybe it's only wishful thinking, but... If you take the position that all human life is equally valuable, then you must concede that the deaths of nine fools is no worse than the deaths of nine randomly-selected individuals who found themselves the victim of gun laws. Crypto relevancy? Well, the so-called "gun nuts" have already tolerated far more regulation and restriction of guns than we should ever accept. But if we use their tactics, can we expect any better results? Jim Bell jimbell at pacifier.com From ses at tipper.oit.unc.edu Thu Oct 3 19:39:07 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Fri, 4 Oct 1996 10:39:07 +0800 Subject: The New GAK-Clipper Thing will Fail In-Reply-To: Message-ID: side-point: Somebody mentioned that one of the features in the new go-around is that only session keys need to be made available, and warrants will be needed for each message to be decrypted. Doesn't this essentially rule out the use DSS/Diffie Helman based key-exchanges, or at least diffie-helman with ephemeral paramaters? Simon DId you know that the Polish Train company is called PKP? Coincidence - you decide. --- Cause maybe (maybe) | In my mind I'm going to Carolina you're gonna be the one that saves me | - back in Chapel Hill May 16th. And after all | Email address remains unchanged You're my firewall - | ........First in Usenet......... From dustman at athensnet.com Thu Oct 3 19:53:48 1996 From: dustman at athensnet.com (Anonymous) Date: Fri, 4 Oct 1996 10:53:48 +0800 Subject: Clipper III on the table Message-ID: <199610032148.RAA21930@porky.athensnet.com> Ernest Hua wrote: > I predict, therefore, Netscape and RSA would NOT capitulate to this > latest bitter carrot. Huh? RSA has already gone over to the dark side. According to http://www.rsa.com/PRESSBOX/releases/keyrecov.htm: "The recently announced Key Recovery Alliance, of which RSA is a part, ..." From watson at tds.com Thu Oct 3 19:58:32 1996 From: watson at tds.com (watson at tds.com) Date: Fri, 4 Oct 1996 10:58:32 +0800 Subject: White House crypto proposal -- too little, too late Message-ID: <199610032242.PAA15111@mailman.tds.com> Joe Shea, Editor-in-Chief of The American Reporter, said: > Declan, how does your list work? Do you only publish comments that agree with you? I didn't see my first two, and this one only came with your response. Is this your version of freedom of the press, or what? - Maybe Joe would agree to publish everything we send him if we agree to publish everything he sends us. Dave Love to get published From alano at teleport.com Thu Oct 3 20:09:43 1996 From: alano at teleport.com (Alan Olsen) Date: Fri, 4 Oct 1996 11:09:43 +0800 Subject: Clipper III on the table Message-ID: <3.0b16.32.19961003170416.00bafcd8@mail.teleport.com> At 05:50 PM 10/3/96 -0400, Anonymous wrote: > >Ernest Hua wrote: >> I predict, therefore, Netscape and RSA would NOT capitulate to this >> latest bitter carrot. > >Huh? RSA has already gone over to the dark side. According to >http://www.rsa.com/PRESSBOX/releases/keyrecov.htm: > "The recently announced Key Recovery Alliance, of which RSA is a part, ..." I think we should refer to what they are pushing as the "Key Recovery Alliance Program". K.R.A.P. is a good description as to what we are going to get from them. --- | "Remember: You can't have BSDM without BSD." - alan at ctrl-alt-del.com | |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano at teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.teleport.com/~alano/ | alano at teleport.com | From hua at chromatic.com Thu Oct 3 20:16:44 1996 From: hua at chromatic.com (Ernest Hua) Date: Fri, 4 Oct 1996 11:16:44 +0800 Subject: Did Sun get a sweetheart deal? Message-ID: <199610040001.RAA15595@ohio.chromatic.com> So why did Sun cave in? Ern -------- From San Jose Mercury: "Good Morning Silicon Valley" NASA has its day in the Sun Sun Microsystems Inc. said Wednesday it received two contracts from NASA's Goddard Space Flight Center worth a total of $100 million. The Mountain View-based company said the pact calls for software development and the design about 34,000 computer-aided engineering and design workstations. NASA will use the workstations to design integrated circuits. From mirele at xmission.com Thu Oct 3 20:21:25 1996 From: mirele at xmission.com (Deana Holmes) Date: Fri, 4 Oct 1996 11:21:25 +0800 Subject: [FACTS] Mountain Meadows Massacre Message-ID: <199610040022.SAA13554@mail.xmission.com> On 3 Oct 96 at 14:42, Dr.Dimitri Vulis KOTM wrote: > "Deana Holmes" writes: > > > > > > > > No wonder the criminal cult doesn't want its foul deeds subjected to > public scrutiny by "dead-agenting" its critics. Is Timmy May a > paid cult apologist? Sheesh. You know you're doing good when both Dmitri Vulis and Attila both badmouth you. (For the record, Attila's badmouthing consisted of stating via private email that I was "the same air head pseudo-intellectual who has poisoned her own life with hatred and ignorance in so many other venues.") Some people are just terribly threatened, I guess. Deana Deana M. Holmes April 1996 poster child for clueless $cientology litigiousness alt.religion.scientology archivist since 2/95 mirele at xmission.com From jubois at netcom.com Thu Oct 3 20:25:23 1996 From: jubois at netcom.com (Jeff Ubois) Date: Fri, 4 Oct 1996 11:25:23 +0800 Subject: paging nets Message-ID: <2.2.32.19961003223312.0071ba70@netcom.com> Interesting recycled bits from Newsbytes concerning a BBC story drawn from Usenet: BBC Blows Radiopager Security Systems Wide Open LONDON, ENGLAND, 1996 OCT 2 (NB) -- By Steve Gold. The British Broadcasting Corporation (BBC) has revealed that radiopaging messages on the UK's paging networks can be read by anyone with a radio scanner and suitable PC software. In addition, the British TV company claims that it is also possible to insert bogus messages onto the paging networks using instructions on the Internet. ... BBC journalists, meanwhile, said that UK radiopaging transmissions were unencrypted and, as such, were insecure when viewed alongside digital cellular phones, where signals are encrypted. ...the BBC claimed it had been shown messages reporting on the activities of Tony Blair, the head of the British Labor Party, along with a message referring to a residence of a member of Royalty. Newsbytes noted that the same system is used in the US. From deviant at pooh-corner.com Thu Oct 3 20:25:34 1996 From: deviant at pooh-corner.com (The Deviant) Date: Fri, 4 Oct 1996 11:25:34 +0800 Subject: Fighting Clipper III In-Reply-To: Message-ID: On Wed, 2 Oct 1996, Jim McCoy wrote: > Date: Wed, 2 Oct 1996 22:46:58 -0800 > From: Jim McCoy > To: cypherpunks at toad.com > Subject: Fighting Clipper III > > Rich Burroughs wrote: > [...] > >>>On Wed, 2 Oct 1996, John Young wrote: > >>> > >>>> The New York Times, October 2, 1996, pp. D1, D8. > >>>> Executives of the International Business Machines > >>>> Corporation said late yesterday that they were still lining > >>>> up the final list of companies in the alliance. Those > >>>> involved will include Digital Equipment and smaller > >>>> data-security companies including RSA Data Security, Cylink > >>>> and Trusted Information Systems. > >>> > >>>We are in deep trouble. > >> > >>Wouldn't a letter-writing campaign be in order here? > >[snip] > > > >The word "boycott" leaped into my mind. I personally do not believe that I > >will be buying products from any of these companies, as long as thay > >participate in this GAK charade. > > Such an initiative will need publicity and letter-writing early in the > campaign will help us set the tone and points of debate on this issue. > A boycott works best when everyone knows why and there are a few key > phrases which can be used to get the message across. Something like > "company X is helping build big brother, boycott their products" or a > few similar sound bites are needed fast. The big brother inside stickers > from the last campaign were nice, maybe people can come up with variations > of various corporate logos or marketting phrases which help get the message > across? > > jim > I agree wholeheartedly. A boycott will be usefull, as would letter writing campaigns, bumper stickers, etc. The entire idea, though , must be _VERY PUBLIC_ to be useful. --Deviant There is a theory which states that if ever anyone discovers exactly what the Universe is for and why it is here, it will instantly disappear and be replaced by something even more bizarre and inexplicable. There is another theory which states that this has already happened. -- Douglas Adams, "The Hitchhiker's Guide to the Galaxy" From wb8foz at nrk.com Thu Oct 3 20:44:20 1996 From: wb8foz at nrk.com (David Lesher) Date: Fri, 4 Oct 1996 11:44:20 +0800 Subject: [NOISE] ITAR Satellite In-Reply-To: Message-ID: <199610032246.SAA00876@nrk.com> Michael Froomkin - U.Miami School of Law sez: > > Alas, a common fallacy. > > You have committed a prohibited export when the stuff lands outside the > USA....It's not illegal when it goes up ("by reason of the launching" and, > e.g. *stays up* in orbit) but it is illegal when it comes down abroad. > "I just shoots them, who CARES where they come down? It's not my department, said Werner Von Braun...." -- A host is a host from coast to coast.................wb8foz at nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433 From apteryx at super.zippo.com Thu Oct 3 20:50:27 1996 From: apteryx at super.zippo.com (Mark Heaney) Date: Fri, 4 Oct 1996 11:50:27 +0800 Subject: Fighting Clipper III Message-ID: <325b245d.288509144@super.zippo.com> -----BEGIN PGP SIGNED MESSAGE----- erm, a boycott means not _buying_ a product, as opposed to not _using_ a product. In the case of PGP, I never intended to purchase it from RSA. As for Netscape, there are other browsers out there (or so I heard). Realistically, a boycott is likely to be ineffective. Writing letters to companies and congresshmucks and working with non-US crypto companies to create a standard that can be legally imported into the US (for now) would be more effective, IMHO. Boycotts rely on large numbers of participants, and not enough people understand or care about encryption. We'd be better off trying to change that first. Mark On Thu, 3 Oct 1996 06:37:45 -0700 (PDT), Declan McCullagh wrote: >You'll have trouble doing a successful boycott of RSA. What, you won't >use Netscape Navigator or PGP? > >-Declan > > >On Wed, 2 Oct 1996, Jim McCoy wrote: > >> Rich Burroughs wrote: >> [...] >> >>>On Wed, 2 Oct 1996, John Young wrote: >> >>> >> >>>> The New York Times, October 2, 1996, pp. D1, D8. >> >>>> Executives of the International Business Machines >> >>>> Corporation said late yesterday that they were still lining >> >>>> up the final list of companies in the alliance. Those >> >>>> involved will include Digital Equipment and smaller >> >>>> data-security companies including RSA Data Security, Cylink >> >>>> and Trusted Information Systems. >> >>> >> >>>We are in deep trouble. >> >> >> >>Wouldn't a letter-writing campaign be in order here? >> >[snip] >> > >> >The word "boycott" leaped into my mind. I personally do not believe that I >> >will be buying products from any of these companies, as long as thay >> >participate in this GAK charade. >> >> Such an initiative will need publicity and letter-writing early in the >> campaign will help us set the tone and points of debate on this issue. >> A boycott works best when everyone knows why and there are a few key >> phrases which can be used to get the message across. Something like >> "company X is helping build big brother, boycott their products" or a >> few similar sound bites are needed fast. The big brother inside stickers >> from the last campaign were nice, maybe people can come up with variations >> of various corporate logos or marketting phrases which help get the message >> across? >> >> jim >> >> > > >// declan at eff.org // I do not represent the EFF // declan at well.com // > > > -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMlQmC936bir1/qfZAQF9dwL/fN1HZhHWbnOa6gZ71WMwf32nuOGS1CGm H2f9MlNvZhYF6TVAwCmfUG4hgeJQLkC97GrR/0hIfNYzir0Eb+qmF2Mptvl5tUiJ I89H2WRVl+BJBoqThGXJx8BqL6uVDX9H =sBVJ -----END PGP SIGNATURE----- Mark Heaney finger snipe at starburst.cbl.cees.edu for public key PGP Fingerprint= BB D8 9B 07 51 87 05 AC 47 7B F2 4F A6 AB 1A CD ----------------------------------------------------------------- Vote against government *** Vote Libertarian From jimbell at pacifier.com Thu Oct 3 20:51:21 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 4 Oct 1996 11:51:21 +0800 Subject: Clipper spin [was Re:Flood Warning] Message-ID: <199610032304.QAA20608@mail.pacifier.com> At 12:00 PM 10/3/96 -0800, Jim McCoy wrote: >[...] >> >> High-Tech Leaders Join Forces to Enable International >> Strong Encryption >> >> See: http://www.ibm.com/news/alliance2.htm > >The "International Strong Encryption" phrase is something that we >need to become active in stopping. Anything which responds to such >announcements should put a different spin on this phrase. If the >Clipper farce is accepted as "strong" encryption then the battle is >lost; maybe something like "it is _international_ strong encryption >because it is the strongest encryption people like Saddam Hussein [insert >bogeyman du jour] want Americans to have access to" Idea 1: It should be called "International Weakened Encryption." Idea 2: The "alliance" term above in the URL should be replaced with "Axis." Jim Bell jimbell at pacifier.com From vznuri at netcom.com Thu Oct 3 21:04:30 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Fri, 4 Oct 1996 12:04:30 +0800 Subject: gack vs. key escrow vs. key recovery Message-ID: <199610040033.RAA18660@netcom19.netcom.com> cpunks, a note about recent developments in "key recovery" initiative. I think cpunks as a group should reconsider very seriously their own positions on cryptography and come up with something more sophisticated than "any government bill or plan associated with crypto is evil" which is the functional equivalent of the ideology behind many recent posts. what is the precise difference between gack, key escrow, and key recovery? TCM has argued that the administration is muddying the issue by manipulating the terminology. perhaps so, but I feel that cpunks are equally guilty, by branding anything that emanates out of the government as inherently orwellian. do you always have to have an enemy? is the government always going to be your enemy, no matter what they do? I have posted here before that many companies find the concept of "key recovery" highly acceptable and even desirable. the basic question is, what does this mean to wiretapping and search warrants and subpoenas? it is clear we are coming to a fork in the road at this moment. there are going to be two types of cpunk opinions based on recent developments. 1. those who feel that wiretapping was illegitimate from the start and are working to make wiretapping impossible. confronted with a legal search warrant/subpoena etc. for personal data, they would not hand over keys. they would "superencrypt" in systems that do etc. 2. those who feel that there is such a thing as a legal warrant or subpoena for information protected by cryptography keys, and would agree that this logically means that governments will be getting access to "key recovery" infrastructures. personally I am leaning toward 2, because I feel that we already live in such a society, and that it is not orwellian. companies are going to lean toward (2). I do agree that the gov't has the potential to twist this process to evil ends, but that has always been true of everything about democratic government, and the recipe for 200+ years has always been and remains "eternal vigilance". in other words, I am in favor of some kind of mechanism by which the government can obtain keys via subpoenas/warrants. cpunks, I think we should try to clarify our terms and come to some conclusions. those who continue to pursue (1) are going to be perceived as more and more radical and extremist, because arguably it is not even a system we have today or one that was ever devised. remember, the constution guarantees freedom from *unreasonable* search and seizure, but never prohibited search and seizure in the first place!! apparently at least our found fathers believed that "reasonable" search and seizure was a wholly legitimate function of government, based on this wording. regarding (2): the government may actually help bring crypto to the masses via the post office and other routes. are cpunks going to continue to hold the simplistic, reactionary, knee-jerk, black-and-white opinion that "anything with the word 'government' in it is evil"? "if the government is doing something, then we must sabotage it"? I'll be watching the debate closely, as the true extremists incapable of compromise (and thereby living in a fantasy world) show their colors.... From markm at voicenet.com Thu Oct 3 21:07:44 1996 From: markm at voicenet.com (Mark M.) Date: Fri, 4 Oct 1996 12:07:44 +0800 Subject: boycott GAKkers (was Re: NYT on IBM GAK) In-Reply-To: <199610031402.PAA00388@server.test.net> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Thu, 3 Oct 1996, Adam Back wrote: > (I've seen HP, Sun, RSADSI, TIS, Apple, Atalla, DEC, Groupe Bull, IBM, > NCR Corp., and UPS mentioned). Any confirmations? Denials? IBM and TIS are definitely pro-GAK. TIS is selling a firewall that uses GAKked DES. IBM has been working on developing the "key recovery" technology. The article posted here a while ago that told of IBM's plans to support GAK also said that they were planning to license the technology to Sun and Netscape. I don't know about the accuracy of that last statement. Mark - -- PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMlRcsCzIPc7jvyFpAQEiIwf/btvAiIVHF3alGh+Vivr3MoHnSSciFjGX qhqdS+SEsM4cTxE+y8vvfpHFs/faQPmWLgT70lyf1pJ+Avei7brieb/qWoC5q9MJ gBlSa1f2yVMY7ax+KPTwU+Yk63A7oi964d+ebCp51BLOtzKammRlIw/nBFuDMq/5 ss2a4w4PuOEOP35WQIy0i8NBoJxEi5gHx5J/+gGzWK9iw/yZa0xyoT25ci6uh7mJ sPgNmedr/Pq+D5gk5GduGgGni/jrDeADH0K7R0M8Jqlh0Xc82NPkau8xwZAXDMJV 947PF56souwrx3BHmj7fXPXIVBJEjWy/Ymv2N8LBm+BHS09CN0ns5Q== =URZJ -----END PGP SIGNATURE----- From markm at voicenet.com Thu Oct 3 21:19:45 1996 From: markm at voicenet.com (Mark M.) Date: Fri, 4 Oct 1996 12:19:45 +0800 Subject: Fighting Clipper III In-Reply-To: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Thu, 3 Oct 1996, Jim McCoy wrote: > Declan McCullagh writes: > >You'll have trouble doing a successful boycott of RSA. What, you won't > >use Netscape Navigator or PGP? > > Actually RSA is not a hard target for people like us to threaten. The > Diffie-Hellman patent expires in 210 days. Cylink is prevented from taking > legal action against anyone for violating this patent while the current > lawsuit is being decided. When Diffie-Hellman expires ElGamal is available > for use for free. So the best threat one can make against RSA is to directly > challenge their revenue stream: start working on making ElGamal an available > option in all systems which use RSA. Rabin public-key encryption will also be free when the D-H patent expires. This has the big advantage that it can use current RSA keys as long as the keys use blum integers (PGP does, I think). Breaking Rabin is provably as difficult as factoring. Mark - -- PGP encrypted mail prefered. Key fingerprint = d61734f2800486ae6f79bfeb70f95348 http://www.voicenet.com/~markm/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMlQ+NSzIPc7jvyFpAQFnOQf/TasoroPI6ZUfRuH/13jQedY+R49KYjoc pdOnEmRfzuF3CFt5ZJatB97B+kz50VZMcT4nMGhK24q5fZcvJqTcVDbGMEPJgmeZ 1TZAFiGAXcKjnuB+i1PuGpPkM6SjLkXiuxW4ZASiWtmQ2hCnlCKm/EN+lvW5avjT HjK3W6GiU4HvSmsL292S1jgMrPw/0vbEtQ9J65edamtDboDLfrbYd26OAh0QjUxe vlTHrVcU5v5n4kVxjfvhdVabJOGmFAQ+cIKCVSTmhELPmbYkRp+TIgsRTse15NpK ocEKfpsHZu093AMnealZ6+/neCBWtqKSL2Jz7yHTCDbXkMw0Ab/nLQ== =SJUX -----END PGP SIGNATURE----- From rah at shipwright.com Thu Oct 3 21:19:46 1996 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 4 Oct 1996 12:19:46 +0800 Subject: "Macintosh -- the Surveillance System for the Rest of Us In-Reply-To: Message-ID: At 7:13 pm -0400 10/3/96, Timothy C. May wrote: > GAK, or Girlfriend's Access to Keys, is indeed a very scary thing. Ah. Maybe we should cross-post this to alt.tasteless? > "Macintosh, the Surveillance System for the Rest of Us." > > (Why Apple would go along with this, while Microsoft and Netscape are > apparently not playing ball, is incomprehensible to me. Apple risks > alienating its remaining core user base, who often characterize Microsoft > as "the Borg." So, Apple capitulates, while MS does not. I guess the > "Macintosh Crypto Forum" didn't do a lot of good, did it?) Ouch. My first reaction to the above was to say, "Oh, Yeah??? Well, you're ugly, buddy, and your mother dresses you funny, too!" But, I won't upset the decorum of so august a forum with such eggregious classlessness. Not here on cypherpunks. :-). If one were to be completely uncharitable in the interpretation of Tim's most recent outbreak of vitriol here, it would seem that he's offended that he wasn't asked first to be the keynote at MacCrypto, the conference a bunch of us had at Apple a month ago, which, I might add, was a considerable success. Of course, the real irony here is that Tim *was* the first person we asked to keynote. The irony compounds itself slightly more when you consider the *last* person who we asked, Phil Zimmermann, at the *last* possible minute, graciously accepted our invitation and delivered his keynote speech to a very enthusiastic crowd. Unfortunately, it may be a speaking engagement Phil regrets now, in light of Apple's apparent participation in the most recent Washington GAK-fest. :-{. Anyway, let us *be* charitable, and take Tim's apparent vituperation about Apple's complete capitulation to government pressure, not to mention the appalling failure of the MacCrypto conference to lob any clues over the walls of Fortress Apple, entirely at their face value, shall we? Let's assume that he really *wasn't* trying to rattle the bars on the Mac crypto community's collective cage, and that he actually was trying to contribute something constructive to what appears to be a *truly* apalling situation to anyone who wants strong crypto, and thus internet commerce, to be transparent and easy to do on the Macintosh. The Mac crypto community's cage is plenty rattled by the recent news from Washington, as it is. With that in mind, the best thing most of us can figure is that Ellen Hancock, Apple's chief technology officer, freshly hired from IBM, is in the process of pulling the same kind of crypto-boner for Apple that Netscape's CEO did last year about this time. Frankly, people who run industrial organizations like Apple, and, I might add, Microsoft, don't really understand yet that internet commerce *is* financial cryptography, and, of course, that means strong, and un-GAKked, crypto. I'm sure that the people on the mac-crypto list and the rest of the Mac internet community in general will disabuse her of this notion rather quickly. By the way, most of the hard core of 70 or so people who came to the MacCrypto conference, those who sat through the whole thing from start to finish, were from outside Apple. Clearly, as far as crypto on the Mac goes, the word "evangelism" cuts both ways. However, we got some very good stuff from the Apple folks who did come, including a soon to be released entropy manager -- with public source code -- and a public-key "keychain" project -- with public source code -- , and a volunteer of development participation in serious crypto projects from an Apple fellow (who, by definition, can do anything he wants) and his staff. Frankly, I'd rather see actual code being written than press releases, wouldn't you, Tim? Even if the code isn't on an Intel Pentium Pro 200 using the Microsoft CryptoAPI... Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From shamrock at netcom.com Thu Oct 3 21:29:42 1996 From: shamrock at netcom.com (Lucky Green) Date: Fri, 4 Oct 1996 12:29:42 +0800 Subject: Clipper III on the table In-Reply-To: <3.0b16.32.19961003170416.00bafcd8@mail.teleport.com> Message-ID: On Thu, 3 Oct 1996, Alan Olsen wrote: > I think we should refer to what they are pushing as the "Key Recovery > Alliance Program". K.R.A.P. is a good description as to what we are going > to get from them. Ping. We have a winner! --Lucky From rah at shipwright.com Thu Oct 3 21:39:49 1996 From: rah at shipwright.com (Robert Hettinga) Date: Fri, 4 Oct 1996 12:39:49 +0800 Subject: Margaret Milner Richardson loses her breakfast... Message-ID: >From the Wall Street Journal Wednesday October 2, Page 1: Use of the internet to attract tax-dodgers rings alarm bells at the IRS. The rapidly expanding new worlds of the internet and electronic money are stirring deep concern at the IRS. "We know that some foriegn banks are now using the internet to solicit new customers with promises of complete anonymity and a haven from all taxes," IRS commissioner Margaret Milner Richardson said. She said this issue is being "carefully monitored" by tax administrators around the world. Ms. Richardson, in a recent speech, cited a world-wide-web advertisement offering a "one-of-a-kind book" covering topics such as, "Banking in Silence" and offering information on setting up an offshore trust that "could include protection from a large IRS assessment." Ms. Richardson's reaction: "I almost take that personally." Another ad touts "excellent interest rates, offered in a stable, tax-free environment...Clients communicate with the bank any time from anywhere via the internet." Ms. Richardson said: "How would you like to be responsible for administering tax laws and have to read these ads over breakfast?" Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From ericm at lne.com Thu Oct 3 21:39:54 1996 From: ericm at lne.com (Eric Murray) Date: Fri, 4 Oct 1996 12:39:54 +0800 Subject: Did Sun get a sweetheart deal? In-Reply-To: <199610040001.RAA15595@ohio.chromatic.com> Message-ID: <199610040109.SAA23900@slack.lne.com> Ernest Hua writes: > > So why did Sun cave in? I'm not sure they did. I've seen two quotes from Sun- one pro-GAK one from Eric Schmidt, one from someone else I have never heard of who's head of government relation or something like that, which was pretty anti-GAK. Schmidt is regarded as somewhat clueless by a large number of Sun employees. In addition, I had lunch today with the people I used to work with/for at Sun, who're probably the most likely to be asked to implement such a thing. They haven't heard anything about it and were quite dismayed at the whole idea. Oh, and government contracts (especially NASA ones) take a shitload of time to set up. The only coercion that a TLA could do with it would be to threaten to scotch the deal for "national security reasons". The fact that some deal went through doesn't prove anything. I think it much more likely that the Govt would use carrots like possible additional sales or a leg up on competitors. Hey, it worked on IBM didn't it? -- Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF From ericm at lne.com Thu Oct 3 21:44:51 1996 From: ericm at lne.com (Eric Murray) Date: Fri, 4 Oct 1996 12:44:51 +0800 Subject: Clipper III questions Message-ID: <199610040135.SAA24060@slack.lne.com> The recent CDT policy post sez of Clipper III: >* Access to keys internationally "would be provided in accordance with > destination country policies and bilateral understandings." This reminds me of the understanding between CIA/NSA and their counterparts in British Intelligence. Both sides are prohibited from spying within their own countries borders but are encouraged to spy in other countries. Both would very much like to spy on their own citizens (for legitimate law encorcement/national security reasons only, of course). So, they have a simple system in place. The British spy on the American citizens that the Americans want spied on and then turn over the intercepts. The Americans do the same for the British in Britain(*). Sometimes they lie to each other or withhold material, but that's what spy organizations do all the time. If Clipper III passes and the OECD gets their member nations in line with what the American miliary wants, I predict a similar system will evolve. "Destination country policies" will allow decryption of incoming GAKked messages from non-citizens. After all, they have no rights, do they? Cooperating intelligence agencies will then exchange intercepts. Presto Chango, pesky privacy rules vanish right before your eyes! Of course this is in our best intrest, we must fight against terrorisim with all methods possible. The ends justify the means. A question: What happens if a company decided not to go along with Clipper III? Can they still ship the "old" 40-bit-style GAKware unimpeded? Or will there be a slow tightening of the rules to force compliance? The existing way of doing things depends to a large degree on a set of "common practice" which the NSA doesn't have written down. For example you won't find the 40 bit limit written anywhere in ITAR, and if you want to export something that's already been approved elsewhere (i.e. another implementation of SSL) you still have to go through the approval process. (*) this comes from "The War Aginst the Jews" which is worth reading. Sorry I can't find my copy at the moment, maybe someone who's got it handy will provide authors/ISBN. Capsule review: covers government dirty dealing from the early 1900s on, mostly British and American. Concentrates on Jews and Israel of course but they seem to have been the brunt (sometimes the instigator) of a lot of the dirty pool that governments have played. -- Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF From tcmay at got.net Thu Oct 3 21:45:05 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 4 Oct 1996 12:45:05 +0800 Subject: Did Sun get a sweetheart deal? In-Reply-To: <199610040001.RAA15595@ohio.chromatic.com> Message-ID: At 5:01 PM -0700 10/3/96, Ernest Hua wrote: >So why did Sun cave in? > >Ern > >-------- From San Jose Mercury: "Good Morning Silicon Valley" > >NASA has its day in the Sun > > Sun Microsystems Inc. said Wednesday it received two contracts from > NASA's Goddard Space Flight Center worth a total of $100 million. The > Mountain View-based company said the pact calls for software > development and the design about 34,000 computer-aided engineering > and design workstations. NASA will use the workstations to design > integrated circuits. If this theory is true, look for Apple to see some reprieves in government conversions away from Macs towards Windows. (To those who don't follow the Mac market, the weekly trade mag, "MacWeek," reports frequently on various government agencies deciding to replace Macs with Windows machines. Users of Macs are often freaked out by this, of course, and write letters urging the government to reconsider. If Ernest Hua's theory is even slightly on-target, there may be some reversals of this "everybody needs to be using Windows" government edict.) --Tim May (By the way, I've added some new stuff to my .sig. The apparent infighting, with Jim Bidzos trashing NSA and IBM, is delicious. Maybe Jim will withdraw his support. Of course, he's got multiple tens of millions of bucks riding on the balance, and there's that threat I reported on a couple of years ago, where an NSA guy said they could always run him over in the parking lot if he didn't play ball.) "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM that the National Security Agency would try to twist their technology." [NYT, 1996-10-02] We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jimbell at pacifier.com Thu Oct 3 21:45:50 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 4 Oct 1996 12:45:50 +0800 Subject: Fw: Re: ITAR satellite provision Message-ID: <199610032109.OAA11555@mail.pacifier.com> At 02:05 PM 10/3/96 -0400, Michael Froomkin - U.Miami School of Law wrote: >Alas, a common fallacy. > >You have committed a prohibited export when the stuff lands outside the >USA....It's not illegal when it goes up ("by reason of the launching" and, >e.g. *stays up* in orbit) but it is illegal when it comes down abroad. Sure about that? The regulation said something like "launch vehicle" or "launch," apparently indicating that a "launch vehicle" could actually be exported, THEN launched, etc, without violating ITAR. And since the regulation does not go into any detail about the "launch", other than it is a "launch" (and does not explicitly prohibit landing subsequent to launch) the implication is that there is no prohibition. I still think the regulation was just written sloppily. Jim Bell jimbell at pacifier.com From romana at glamazon.com Thu Oct 3 21:52:24 1996 From: romana at glamazon.com (Romana Machado) Date: Fri, 4 Oct 1996 12:52:24 +0800 Subject: EzStego in Java!: Now Disappearing At A Site Near You Message-ID: EzStego, my tool for "steganography made easy", now has its own web site at http://www.fqa.com/ezstego/ EzStego is currently alpha software. Use it at your own risk. It is a reimplementation in Java, with much improvement, of my notorious shareware product, Stego. EzStego is also shareware. I have made the source code available for peer review and verification. EzStego and EzSteggy are (C) Romana Machado 1996. All rights reserved. Romana Machado romana at fqa.com http://www.fqa.com/romana/ http://www.glamazon.com/ From jimbell at pacifier.com Thu Oct 3 21:58:04 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 4 Oct 1996 12:58:04 +0800 Subject: support for "crack DES" Message-ID: <199610032143.OAA13883@mail.pacifier.com> At 01:26 PM 10/3/96 +0000, Omegaman wrote: >Considering the situation -- considering that RSA has even signed on >to this scheme -- I'd have to say that I don't give a rat's ass what >Bill Gates claims. If Micro$oft bucks the system, I'll gladly >applaud their stand. > >The situation is not good at all. > >Cracking DES (whether distributed or through a hardware crack, or >both!) seems critical at this point. Just remember that it would be far better to make the crack look easy, than to make it look hard. quantity 9000+, $1,000 Pentiums for a year (plus maybe $500,000 in electricity) looks "hard." 1000 dedicated chips (whether they be FPGA or custom or...) for 1.5 months or so looks "easy." The latter crack looks far more likely to be repeated. The former is OBVIOUSLY a stunt. Jim Bell jimbell at pacifier.com From perry at piermont.com Thu Oct 3 22:04:10 1996 From: perry at piermont.com (Perry E. Metzger) Date: Fri, 4 Oct 1996 13:04:10 +0800 Subject: Margaret Milner Richardson loses her breakfast... In-Reply-To: Message-ID: <199610040157.VAA12344@jekyll.piermont.com> Robert Hettinga writes: > Ms. Richardson said: "How would you like to be responsible for > administering tax laws and have to read these ads over breakfast?" I'd love it. Imagine the increases in enforcement budgets... .pm From ericm at lne.com Thu Oct 3 22:06:51 1996 From: ericm at lne.com (Eric Murray) Date: Fri, 4 Oct 1996 13:06:51 +0800 Subject: gack vs. key escrow vs. key recovery In-Reply-To: <199610040033.RAA18660@netcom19.netcom.com> Message-ID: <199610040153.SAA24250@slack.lne.com> Vladimir Z. Nuri writes: > > cpunks, a note about recent developments in "key recovery" initiative. [...] > is the government always going to be your > enemy, no matter what they do? It seems to be bent on doing so. > I have posted here before that many companies find the concept > of "key recovery" highly acceptable and even desirable. the > basic question is, what does this mean to wiretapping and > search warrants and subpoenas? They get served, and the keys are produced. Same with personal crypto- if I'm in court and some encryped file that I have the key for is demanded as evidence, I provide the key or get hit with contempt of court, my choice. No one is arguing about that. The objections to Clipper III are: 1. built-in wiretapping. Clipper III requires that subjects of "key recovery" wiretaps are not notified of the government's "recovery" of their keys. While this _is_ analagous to phone wiretaps, it is not of anything else. The cops have to serve you a warrant, not sneak in and read the papers in your desk. Why should encrypted files be different? 2. Coercion. I don't see anything wrong with key escrow (original meaning, not GAK). I think it's useful for business. Required for some. It's being coerced to implement it that is distasteful. If you think that Clipper III isn't coercion, you're wrong- note that the licenses to export GAKware are reviewed every 6 months and expire after 2 years if GAK isn't in place. That's a clear "you're on our side or your not" from the government. Having the possibility of your product suddenly becoming worthless every 6 months will keep companies in line. 3. It's still too weak. 56 bit DES isn't enough- it can very probably be cracked in < 12 seconds by the NSA. If not real time. 4. It's the camel's nose in the tent. First "key recovery" then full GAK then penalties/jail time for for "terrorists" or "gang members" who use unGAKd crypto. -- Eric Murray ericm at lne.com ericm at motorcycle.com http://www.lne.com/ericm PGP keyid:E03F65E5 fingerprint:50 B0 A2 4C 7D 86 FC 03 92 E8 AC E6 7E 27 29 AF From hua at chromatic.com Thu Oct 3 22:09:45 1996 From: hua at chromatic.com (Ernest Hua) Date: Fri, 4 Oct 1996 13:09:45 +0800 Subject: Lack of reporting on CALEA and Encryption issues ... Message-ID: <199610032238.PAA15532@ohio.chromatic.com> I must first say that your program is one of the finest in news reporting, and I tune in every day. However, nothing is perfect, and your program is no exception: I am very concerned by the lack of reporting on CALEA (the US $500 Million Digital Telephony bill) and the continuing maneuvering by the Clinton administration on the encryption issue. Two years ago, FBI Director Louis Freeh managed to slip a $500 Million wire tap bill into the Congressional budget using last-minute sneaks. (He and his predecessors had tried unsuccessfully for several years to do it in the full light of open democracy, so this was the only way they could force it down American's throats.) After seeing this pass, many Congress members refused to fund it because the FBI continued to violate terms of CALEA which required full accounting to Congress of how the wire tap capacities were to be designed and used. When the figures were finally published, the public balked. Not surprisingly, Freeh had to resort to the same last-minute maneuvers to sneak in funding for CALEA this year. If the news media had reported either incident (or both), I would probably not be so upset, but the news media completely ignored this horrible abuse of the democratic process. The same goes for the encryption issue. It is clear that all present and past administrations have sided strongly with law enforcement and national security agencies, and have refused to allow for the proliferation of strong encryption despite the fact that it is probably the single biggest technical obstacle to Internet commerce and personal privacy. Again I would not be so upset if they let the issue be decided in the full light of democracy rather than behind closed doors using the "if you only knew what we knew, you would agree with us" argument. This sentiment is precisely echoed by the Congressional study done by the NRC on national cryptographic policy. The Clinton administration was hoping that the two year study would buy time and would eventually agree with its opinion, and when it did not, the Clinton administration dismissed it as uninformed, despite the fact that most of the NRC panel did get the infamous "secret briefing" by the NSA. Basically, they are not open to reason on this issue; they are open to one and only one idea: that law enforcement and national security agencies having guaranteed access to information when they want it, and they don't care about the technical or the privacy implications. Oh .. and by the way, they want access to all information, not just that which crosses national borders. The significance of these two issues are difficult to summarize in a sound bite. The best I can think of is to watch the Tom Clancy movie "Clear and Present Danger". While watching this movie, note how the CIA finds the telephone conversations of the drug dealer's agent. That sort of capability is called "drift net fishing" (for obvious reasons). "drift net fishing" was not possible in the old days of wire taps because the phone company barely kept enough written logs to find the cables and the wires, let alone figure out exactly where they go. The problem is especially difficult in older/larger cities where phone company technicians often tap a wire (for normal services) wherever it works. By the FBI's estimates, each physical wire tap costs on the order of $50K. Basically, the huge cost barrier (in man power) kept the government's powers in check. Enter the digital and wireless age, and suddenly every signal from every phone, beeper, computer and other neato gadgets are sent all over the place. True, it has become more difficult to figure out where a signal is routed, and that is what the FBI complained about. On the other hand, it has become infinitely easier to intercept communications without detection because every transmission is just a perfect verbatim copy of the original. Suddenly, the cost of monitoring a phone is not so high. If the routing capability is there, the FBI agents can sit in their comfortable offices and press the right buttons, and the contents of the call is duplicated at their desks. Of course, they don't have to have real people monitoring such calls; they can have voice analysis computers do it. They can search for anything that sounds like "bomb" or "kill" or "shoot" or "blow up". In the Clancy movie, such "drift net fishing" capability is clearly being used for good purposes, and I certainly applaud that. I hope that all of the leading edge technologies used by our law enforcement and national security agencies are used for good purposes. But that is not what history tells us. History tells us that such technologies are oblivious to the morals and ethics of their masters. Even in the older days of wire tapping techniques, the FBI was able to illegally intercept communications of civil rights leaders and other "dangerous" elements of society. Therefore, to grant the government capabilities that would enable "drift net fishing" on our own citizens is setting a very dangerous precedence. What if the FBI decides to search for "democratic" or "republican" or "pro-choice" or "pro-life"? What if they search for "muslim" or "jewish" or "christian"? These are the real dangers of CALEA and encryption restrictions. The boogie men that will plan bomb attacks and kidnap children have always found a way to do it, and some have gotten away, without any help from encryption or secure telephones. If the law enforcement and national security agencies truly want to save lives and promote public safety, there are many other issues and problems to deal with, and they are wasting valuable time with these two issues; other the other hand, if they just care about keeping and enhancing their abilities to be omniscient, then their current behavior is quite consistent with that goal: 1. Lies and misrepresentations: a. Louis Freeh now claims that CALEA will cost $2 billion. b. The CALEA slush fund Freeh got passed at the last minute of this Congress is actually unlimited. c. Despite their promises of full reporting, they have actually succeeded in defeating all the reporting clauses in CALEA, again, thanks to this last minute sneak. d. Clinton, Gore and company have consistently denied that they intend to restrict domestic encryption. However, if you listen to Gorelick, Freeh, Reno, Crowell and others, you will find out that they absolutely against domestic encryption. 2. Beaurocratic maneuvering: a. Spent 3 years "investigating" Phil Zimmerman and then dropped without comment. b. Used every trick in the book to keep ITAR encryption rules from ever being directly considered for Constitutionality. (NSA internal counsel believes it will not withstand such a legal challenge.) c. Refused to clearly define what is exportable and what is not. (Keep it confusing so that most will stay away just to be safe.) Also refused to clearly define what is "export", given that encryption is just algorithms and information in the purest form. I appeal to you, as a respected news organization, to investigate this in detail and expose the facts and let the public decide. Thank you. Ern From dlv at bwalk.dm.com Thu Oct 3 22:13:57 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 4 Oct 1996 13:13:57 +0800 Subject: "Macintosh -- the Surveillance System for the Rest of Us In-Reply-To: Message-ID: Robert Hettinga writes: > If one were to be completely uncharitable in the interpretation of Tim's > most recent outbreak of vitriol here, it would seem that he's offended that Tim is an ignorant asshole who knows nothing about cryptography and floods this mailing list with inane rants and personal attacks. I recommend that he be massively killfiled. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From Adamsc at io-online.com Thu Oct 3 22:17:19 1996 From: Adamsc at io-online.com (Adamsc) Date: Fri, 4 Oct 1996 13:17:19 +0800 Subject: WINDOWS NT ???? Message-ID: <19961004024009156.AAA66@GIGANTE> On Thu, 03 Oct 1996 19:47:06 +1030, Petr Snajdr wrote: > is Windows NT secured system ? No. # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From nobody at cypherpunks.ca Thu Oct 3 22:43:26 1996 From: nobody at cypherpunks.ca (John Anonymous MacDonald) Date: Fri, 4 Oct 1996 13:43:26 +0800 Subject: [ANNOUNCEMENT] Cyclic codes Message-ID: <199610040243.TAA23771@abraham.cs.berkeley.edu> Now is the time for all good little boys to cum in Timmy May's big mouth. From scrappo.reverb at juno.com Thu Oct 3 22:59:27 1996 From: scrappo.reverb at juno.com (A L) Date: Fri, 4 Oct 1996 13:59:27 +0800 Subject: How might new GAK be enforced? In-Reply-To: <9610021732.AA17359@notesgw2.sybase.com> Message-ID: <19961003.163900.8239.6.scrappo.reverb@juno.com> On 2 Oct 96 10:34:34 EDT Ryan Russell/SYBASE writes: >One way to handle the problem mentioned below >is this: > >Using your GAK-approved encryption, send a note >that contains a PGP encrypted body (or insert your >crypto of choice here.) What this does is makes it >look like you're sending a proper GAK only note >to folks who are checking headers and such. If >they actually decrypt it (with the proper court order), >they will see that you've got more encryption inside, >and drag your butt off to court and try to make you >give up your key etc... You could also go one step further and leave out all references that it was encrypted, (I think this was discussed in a stego thread.) then when asked (told) to decrypt it, say: "Decrypt what? It looks like gibberish to me." > > Ryan > From jimbell at pacifier.com Thu Oct 3 22:59:53 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 4 Oct 1996 13:59:53 +0800 Subject: gack vs. key escrow vs. key recovery Message-ID: <199610040306.UAA07562@mail.pacifier.com> At 05:33 PM 10/3/96 -0700, Vladimir Z. Nuri wrote: >cpunks, a note about recent developments in "key recovery" initiative. > >I think cpunks as a group should reconsider very seriously their >own positions on cryptography and come up with something more >sophisticated than "any government bill or plan associated with >crypto is evil" which is the functional equivalent of the ideology >behind many recent posts. We don't think they're all NECESSARILY evil...they just turn out that way. Whose fault is this? >what is the precise difference between gack, key escrow, and >key recovery? Phase of moon? Season? Maybe it has something to do with the 11-year sunspot cycle? Bi-millenialism? >TCM has argued that the administration is muddying >the issue by manipulating the terminology. perhaps so, but I feel >that cpunks are equally guilty, by branding anything that emanates >out of the government as inherently orwellian. do you always have >to have an enemy? is the government always going to be your >enemy, no matter what they do? The government seems to be BEHAVING as if it is always going to be our enemy. Whose fault is that? >I have posted here before that many companies find the concept >of "key recovery" highly acceptable and even desirable. the >basic question is, what does this mean to wiretapping and >search warrants and subpoenas? >it is clear we are coming to a fork in the road at this moment. And it is our goal to not "get forked." >there are going to be two types of cpunk opinions based on recent >developments. > >1. those who feel that wiretapping was illegitimate from the >start and are working to make wiretapping impossible. confronted >with a legal search warrant/subpoena etc. for personal data, >they would not hand over keys. they would "superencrypt" in >systems that do etc. That's me... >2. those who feel that there is such a thing as a legal warrant >or subpoena for information protected by cryptography keys, and >would agree that this logically means that governments will be >getting access to "key recovery" infrastructures. On the contrary: The existence of a "legal warrant" doesn't mean that the government ought to (or even can) get access to data via a "key recovery" system. It's been mentioned numerous times that there are plenty of things that could be done (multiple encryption; encryption of GAK'd key; foreign key escrow with no request cooperation, etc) to prevent this. >personally I am leaning toward 2, because I feel that we already >live in such a society, We also live in a violent, oppressive society. Does this mean that we shouldn't try to fix its problems? > and that it is not orwellian. Pollyanna, meet Eric Blair. > companies are going to lean toward (2). No, they're going to lean towards yet another system, (3), whatever suits them. > I do agree >that the gov't has the potential to twist this process to evil >ends, If it had not had the desire to "twist this process to evil ends" government wouldn't have interfered with the natural development of key-keeping systems which serve only the key owner, not anyone else. > but that has always been true of everything about democratic >government, and the recipe for 200+ years has always been >and remains "eternal vigilance". in other words, I am in favor >of some kind of mechanism by which the government can obtain >keys via subpoenas/warrants. And I am in favor of some kind of mechanism by which the government can be destroyed by ordinary citizens. >cpunks, I think we should try to clarify our terms and come to >some conclusions. > >those who continue to pursue (1) are going to be perceived as >more and more radical and extremist, because arguably it is not >even a system we have today or one that was ever devised. I'd disagree with that. I've devised a system... >remember, the constution guarantees >freedom from *unreasonable* search and seizure, but never >prohibited search and seizure in the first place!! apparently >at least our found fathers believed that "reasonable" search >and seizure was a wholly legitimate function of government, >based on this wording. I guess that means that anything they call "reasonable," you'll agree with? Hint: Between about 1932 and 1968, wiretaps in the US were ILLEGAL. Nevertheless, they were done anyway, by the telephone company on request by the cops. (they were not admissible in court, however.) Question: Should we define the standard of 'reasonable' on the opinion of a group of people (cops, officials, politicians) who have a proven habit of using illegal techniques to get information? Apparently, cops are unwilling to let illegality get in their way. I'd say, on the whole, cops must have a rather enormous motivation to get wiretaps, and only a fool would think that this would fail to motivate them to adjust their standard of "reasonableness." >regarding (2): the government may actually help bring crypto >to the masses via the post office and other routes. are >cpunks going to continue to hold the simplistic, reactionary, >knee-jerk, black-and-white opinion that "anything with the >word 'government' in it is evil"? "if the government is doing >something, then we must sabotage it"? So far, such an opinion would fit the facts far better than anything you've said so far. Jim Bell jimbell at pacifier.com From ichudov at algebra.com Thu Oct 3 23:13:15 1996 From: ichudov at algebra.com (Igor Chudov @ home) Date: Fri, 4 Oct 1996 14:13:15 +0800 Subject: Clipper III on the table In-Reply-To: <3.0b16.32.19961003170416.00bafcd8@mail.teleport.com> Message-ID: <199610040321.WAA00736@manifold.algebra.com> Alan Olsen wrote: > I think we should refer to what they are pushing as the "Key Recovery > Alliance Program". K.R.A.P. is a good description as to what we are going > to get from them. Key recovery is a great thing, as long as it is not mandated by the government. - Igor. From jya at pipeline.com Thu Oct 3 23:26:03 1996 From: jya at pipeline.com (John Young) Date: Fri, 4 Oct 1996 14:26:03 +0800 Subject: Flood Warning Message-ID: <199610032303.XAA22678@pipe2.ny1.usa.pipeline.com> On Oct 03, 1996 10:30:37, 'jim bell ' wrote: >> High-Tech Leaders Join Forces to Enable International >> Strong Encryption >> >> See: http://www.ibm.com/news/alliance2.htm > >This is apparently no longer valid. Is there a new one? ----- Sorry. It seems that you need to go through IBM's home page at: www.ibm.com, then follow the links to the full press release where the URL above comes up. This is the release that most of the media parroted. It does include hand-rubbing quotes by industry rats, er, finks. Anybody who can't get through and wants the PR-dirty, send me a blank message with the subject: RAT_ibm From hua at chromatic.com Fri Oct 4 00:25:58 1996 From: hua at chromatic.com (Ernest Hua) Date: Fri, 4 Oct 1996 15:25:58 +0800 Subject: How to fight GAK by obeying the law Message-ID: <199610040457.VAA25485@server1.chromatic.com> It seems that the best method for fighting GAK is to accelerate wide-spread domestic use of freely redistributable non-GAK crypto. The Lynux automatic firewall concept that John Gilmore is pushing is a great idea, but it is still brewing, and he's shooting for developing an exportable ... er ... importable version. That will take much time to develop, and time is what we don't have much of. We need to work on applications, API's, flexible software modules, etc. and the primary reason we cannot do it so easily is because we cannot redistribute the software so easily. First thing we definitely need is a way to determine with fairly good accuracy, whether a host is in the U.S. This MUST be an automagic mechanism ... no person involved so there is little delay in getting the goodies. The best implementation would automatically set the group of an incoming anonymous FTP session daemon to a special group if there is a high degree of certainty that the originating host is within the U.S. Second thing we definitely need is a convenient way and universal way to clearly notify the recipient of the current export restrictions of such software, so that the recipient knows what he/she is in for. Basically, we have to do our best to NOT violate the law, no matter how much we hate it. What the government wants to happen is that everyone will get hooked on GAK, and it will be too inconvenient to use something else. A good counter-strategy is to get everyone hooked on the good stuff. Right now, the FBI/NSA is looking for an excuse to prosecute anyone not jumping on their bandwagon. We have to avoid give them an excuse to prosecute us while still enabling rapid application development. Communication and distribution are key. Ern From tcmay at got.net Fri Oct 4 00:27:55 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 4 Oct 1996 15:27:55 +0800 Subject: "Macintosh -- the Surveillance System for the Rest of Us In-Reply-To: Message-ID: At 1:17 PM -0700 10/3/96, Lucky Green wrote: >On Thu, 3 Oct 1996, Timothy C. May wrote: >> I think we should support Microsoft and Netscape in their nonparticipation >> in the Cabal. Sometimes being an 800-pound gorilla has its advantages. > >Indeed we do need to support Netscape and Microsoft as long as >they oppose GAK. > >--Lucky, who meant to buy a new PowerBook 5300 for his girlfriend this >week and who now will get her a Win95 machine because of Apple's support for >GAK. I'm glad I didn't buy it yet. Apple, are you listening? GAK, or Girlfriend's Access to Keys, is indeed a very scary thing. "Macintosh, the Surveillance System for the Rest of Us." (Why Apple would go along with this, while Microsoft and Netscape are apparently not playing ball, is incomprehensible to me. Apple risks alienating its remaining core user base, who often characterize Microsoft as "the Borg." So, Apple capitulates, while MS does not. I guess the "Macintosh Crypto Forum" didn't do a lot of good, did it?) --Tim "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM that the National Security Agency would try to twist their technology." [NYT, 1996-10-02] We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From rsr at lab.net Fri Oct 4 00:33:39 1996 From: rsr at lab.net (Ryan Smith-Roberts) Date: Fri, 4 Oct 1996 15:33:39 +0800 Subject: How to Compete under Clipper-3 In-Reply-To: <199610031925.PAA11450@jekyll.piermont.com> Message-ID: On Thu, 3 Oct 1996, Perry E. Metzger wrote: > For those that don't follow this, people who don't want to have their > communications listened in on are free to buy high quality > communications security products from SSH Communications Security, Ltd. > Their stuff is distributed internationally by Datafellows, and > includes 3DES, 128 bit IDEA, and plenty of other high quality crypto > products -- you configure it for the cipher of your choice. Key > management is handled with arbitrary key length RSA -- you, the user, > tune the length of the key, not the NSA. > > The software is available free for noncommercial use and can be > downloaded on the net. Commercial users must pay a license fee. And if anyone is so inclined, Alan Cox is/was working on taking the last set of free(*) ssh source (1.2.13) and bugfixing it to keep in step with the commercial distribution (at least). You'll still have to pay for the Windows SSH client, though. * That's GNU free, folkx -- \/\ Lab.NET | Ryan Smith-Roberts - I speak for Lab.NET, so NYAAH! /\/ we do | rsr at lab.net - http://www.lab.net/~rsr \/\ stuff | JAFuckingP/JH - finger/www for PGP key It is by caffeine alone I set my mind in motion, it is by the beans of Java that thoughts acquire speed, the hands acquire shaking, the shaking becomes a warning, it is by caffeine alone I set my mind in motion. From omega at bigeasy.com Fri Oct 4 00:38:31 1996 From: omega at bigeasy.com (Omegaman) Date: Fri, 4 Oct 1996 15:38:31 +0800 Subject: Censorship? Message-ID: <199610032104.QAA23440@bigeasy.bigeasy.com> > What say ye?? > > :From: Zimm2 at gnn.com (Zimm2) > :Newsgroups: alt.security.pgp > :Subject: Cypherpunks engaged in censorship? > :Date: Wed, 02 Oct 1996 08:39:50 > : > :It has come to my attention that Cypherpunks no longer allows users of > :Microsoft browsers to access their archives. The "cypherpunks archives" is not owned by the cypherpunks or maintained by toad.com (which is the host of the actual list). The owner of infinity.nus.sg/cypherpunks webpage maintains the archive. It is his effort and his choice to restrict the browser. Anyone is free to provide an archive the list. And anyone can read the list. > :Is it contradictory for an organization who proclaims an interest in the free > :exchange of ideas through the mechanism of the Internet to limit the exchange > :of ideas using an individual's software decisions as the criteria? Agreed. But the cypherpunks is not an "organization" in the strictest sense. The only "official" aspect of cypherpunks is the list hosted at toad.com. > :Are issues of annonymity and privacy and the encouragement of private use of > :powerful encryption and remailer tools secondary to and less important than a > :crusade against a software manufacturer? Of course not. But the owner of http://infinity.nus.sg/cypherpunks disagrees and since it's his website and he pays for it and compiles it... me -------------------------------------------------------------- Omegaman PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2 59 0A 01 E3 AF 81 94 63 Send a message with the text "get key" in the "Subject:" field to get a copy of my public key. -------------------------------------------------------------- From jimbell at pacifier.com Fri Oct 4 00:41:02 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 4 Oct 1996 15:41:02 +0800 Subject: The New GAK-Clipper Thing will Fail Message-ID: <199610032208.PAA15955@mail.pacifier.com> At 11:11 AM 10/3/96 -0800, Timothy C. May wrote: > >Comparing the latest GAK/Clipper III (or is it Clipper IV?) thing to the >original Clipper announcement in April 1993, I sense a lot more confusion, >a lot more thorny issues, and a lot more vagueness. They just seem more >disorganized and less committed than the last time around. Each iteration >of Clipper gets less focussed and seems to last a shorter time before the >next version is being talked about. A good thing, of course. Sort of like a "political" version of Zeno's paradox? B^) > >Some random points: >--the large pool of _existing_ crypto products means people will be using >these products for years to come (possibly within GAK wrappers, as just >noted)...unless the New World Order (tm) somehow locates, seizes, or >otherwise makes criminals out of those who use a once-legal product, how >could this be stopped? And I suspect that there will be large numbers of people using non-GAK simply as a protest. Trying to convict even one of them will be difficult; the government has to admit that they're not doing anything illegal, etc. Yet, if the gov't FAILS to prosecute them, that'll destroy an law requiring GAK. [snip] >(On the "costs" issue, running these Key Authorities, staffing them, >complying with subpoenas (and who will _fight_ the subpoenas?), I think it would be appropriate to contact each of the companies which have publicly signed on to this most recent propsal (Clipper 3.XX? Clipper IV?) and point out that (if they still won't revoke their approval) they should publicly and irrevocably commit to challenge each and every key subpoena with a full legal challenge (to the SC if necessary), INCLUDING informing and participation of the key owner/user, with all of his attorney fees paid for by an insurance policy issued specifically for the purpose. This process would probably take at least months, if not years. (This is important, because I believe that wiretaps have set a false precedent: AT+T (before breakup) and local telcos afterwards, being monopolies, had no motivation to challenge wiretap orders, and the practice was to not inform those tapped, perhaps not even after the tap was removed. There is no reason to assume, however, that key-escrow systems should follow that precedent, because the relationship between AT+T and government was not an "arm's length" one. Presumably, key-escrow companies should be entitled, no REQUIRED to verify the legitimacy of any key-release. "It's only fair!" ) The resulting legal atmosphere would become so distasteful to the Dept. of Injustice that it would make key escrow useless as a practical tool, even though it would exist as a technicality. If the DOI objected, companies need merely say the magic words "Richard Jewell" and all ordinary citizens would recognize the problem. The point, of course, is NOT to encourage these companies to support Clipper IV. Rather, goal is to suggest to them a "poison pill" which would make their cooperation meaningless in the end, while at the same time giving them a 2-year free 56-bit export. Think of it as a monkey-wrench they can throw into the works. We can use such a proposal as a sort-of "loyalty to freedom and their fellow citizens oath" because any company which refused such a REASONABLE protection to ordinary citizens would be, in effect, giving their middle finger to the public. Jim Bell jimbell at pacifier.com From unicorn at schloss.li Fri Oct 4 01:13:15 1996 From: unicorn at schloss.li (Black Unicorn) Date: Fri, 4 Oct 1996 16:13:15 +0800 Subject: Fw: Re: ITAR satellite provision In-Reply-To: <199610031711.KAA25355@mail.pacifier.com> Message-ID: On Thu, 3 Oct 1996, jim bell wrote: > At 07:17 AM 10/3/96 -0400, Black Unicorn wrote: > >On Thu, 3 Oct 1996, Remo Pini wrote: > > >> Date: Thu Oct 03 08:08:42 1996 > >> > >* A launch vehicle or payload shall not, by reason of the launching > >> > >* of such vehicle, be considered an export for purposes of this > >> > >* subchapter. > >> > Okay, everybody, call Estes! We've got some crypto to export...er...laun > >> > ch! > >> If I get the above wording correctly (unicorn, help me!), it is sufficient > >> to put the cryptostuff on a disc in a LAUNCHABLE device, it never says that > >> the payload has to be delivered by air. So, just put that thing in a bag > >> and get it through customs... (or does "by reason of ..." mean that the > >> exclusive means of export allowed is launching ?) > > > >The launching alone will not cause it to be an export. If it is launched > >and then ends up outside the U.S., it could be an export. Certainly if it > >is launched with the purpose of exporting crypto, it will be an export. > > Too bad you didn't support this with a logical argument. I invite you to study law and with it the doctrine of "plain meaning." > The wording was > clearly intended to be an exception to a rule. What the wording doesn't > include is the "exception to the exception," most likely because they > weren't thinking in too great a detail when they wrote the regulations. They were thinking in enough detail here. Thankfully, along with the title political scientist, Mr. Bell also never had a calling as an attorney. "A launch vehicle or payload shall not, by reason of the launching of such vehicle, be considered an export for purposes of this subchapter." Focus on "by reason of launching of such vehicle," Launching a vehicle alone is not export. It takes more than launch to make it an export. More than the launching is not much. If they wanted to be as inclusive as you would suggest, they would have left out "by reason of launching of such vehicle." leaving "A launch vehicle or payload shall not be considered an export for purposes of this subchapter." I do get tired of Mr. Bell's half baked attempts to derail any point I might make. I wouldn't find them annoying if they were based in anything like fact rather than some innane and childish attempt to recover the credibility he so sorely lost in trying to argue with me months ago. My only regret is that I was so tolerant and patent that I bothered to respond to most of his lunacy. > But > if the regulation is "wrong," the fault of that is those who wrote the > regulation. (and we, the public, are entitled to assume that the regulation > is "right" in its literal meaning.) It is "right" in its literal meaning. You, being anything but a representative of the public, are wrong in intrepreting it. > It appears that the government left a loophole so large that you could > drive a truck...er...shoot a rocket through it. One might say the same about the size of the hole in your logic and good sense. One would have the advantage of being more accurate in this instance as well. > > Jim Bell > jimbell at pacifier.com > -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From aba at dcs.ex.ac.uk Fri Oct 4 01:23:50 1996 From: aba at dcs.ex.ac.uk (Adam Back) Date: Fri, 4 Oct 1996 16:23:50 +0800 Subject: Can we kill single DES? #2 In-Reply-To: <199610021852.LAA28445@toad.com> Message-ID: <199610031536.QAA00481@server.test.net> Peter Trei writes: > One offer was made of a $1000 reward in return for a crack, if the > offerer could make publicity hay of the offer (no, I don't have a problem > with that, but I'd like it set up so that others could add to the reward as > well). If the reward got big enough ($10k?) I think it would be a > major incentive for otherwise uninterested people to run the screen > saver. On the other hand, it might get into legal hassles - I don't know. Perhaps the companies which have maintained anti-GAK stances could be persuaded to have a whip-around? I've seen mentioned as crypto friendlies in list discussion recently: Netscape, PGP Inc (obviously:-), Silicon Graphics, others? (The internet casino people?) The SSL challenge had a digicash prize fund, and Pete Wenzel won c$ 442.30. With the advent of a real money backed digicash bank, Mark Twain bank, perhaps someone with an account could set up a page for donors to give donations via MT digicash. This would allow anonymous donations. Perhaps First Virtual payments too. Someone who can accept credit card payments for donations would be real handy too. Anyone still with contacts at MT (Lucky?) would they be interested in promoting the idea, perhaps donating prize cash. Also FV could gain some positive publicity by supporting. (For fun, you could take the prize money, in the form payable to anyone, as MT ecash, and encrypt it with DES. Publish it as the challenge. The winner gets the cash:-) > [...] You're probably aware of most of the below, as you were involved with the Netscape SSL break, so this is really just a suggestion that you might be able to cut some corners on time to implement by borrowing some stuff. > I'm really concerned about the problem of a search failing, or > succeeding only after too long a time. Perry's proposal of about > a month of real time is on the right order, though I could see up > to 3 months being possible. > > Here's what I'm thinking of doing: > > 1. Writing a prose description of the platform independent speedups. > > 2. Writing a proposal for a client-server protocol for doling out > keyspace and returning results. Aside from the direct Internet > interface, there will also be a mechanism for i/o via plain text - > suitable for cut-and-paste, or simple CLI interfaces. Take a look at SKSP (Simple Key Search Protocol) before you do, this was what was used for the 31 hr Netscape SSL brute force. Piete Brooks has perl implementations for clients and servers, and should be able to point you at the draft RFC for SKSP. www.brute.cl.cam.ac.uk was a DNS he set up for the purpose. Some of the software is available starting from: http://www.cl.cam.ac.uk/brute/ Andy Brown wrote a win95/NT client for the SKSP protocol, this would be another reason to use the protocol, few modifications presumably would be required to the NT client to work for a DES break. SKSP was written to make it possible to have a multiple tier system, with key dolers taking out large chunks from the main server, and doling it out to clients, or further sub-servers. Multiple servers could be also managed by multiple IPs for the same DNS name, with random selection of the IPs, to share out work for the servers. The protocol was set up to do multiple targets (bruterc4, brutessl, all that would be needed would be a brutedes which followed the template of responses, especially for the unix setup). The protocol also had some (albeit weak) protection against mistakes, and uninformed malicious attacks -- the acknowledgements are only counted with a checksum. (It is fairly trivial to generate the checksum without doing the work). As a way of providing slightly more robust reslience to malicious attacks, I remember that the approach of the server picking a random key in the range doled out, and computing the decrypt for that key itself was discussed in relation to the SSL attack. The key matching the decrypt would then form the sanity check. People can still can abuse the system, but they can't help doing some work, even if they lie about the outcomes, and this slows them down. Adam -- #!/bin/perl -sp0777i ----------------------------------------------------------------------------- _____ _____ _______ / ____| __ \__ __| ____ ___ ____ __ | | | | | | | | / __ \____ / (_)______ __ / __ \____ _____/ /_ | | | | | | | | / /_/ / __ \/ / / ___/ / / / / /_/ / __ \/ ___/ __/ | |____| |__| | | | / ____/ /_/ / / / /__/ /_/ / / ____/ /_/ (__ ) /_ \_____|_____/ |_| /_/ \____/_/_/\___/\__, / /_/ \____/____/\__/ The Center for Democracy and Technology /____/ Volume 2, Number 35 ---------------------------------------------------------------------------- A briefing on public policy issues affecting civil liberties online ---------------------------------------------------------------------------- CDT POLICY POST Volume 2, Number 35 October 3, 1996 CONTENTS: (1) Latest Administration Crypto Policy Continues Push Towards Key Escrow (2) Analysis of the Administration's Next Step: Short-Term Export Relief to Compel Long-Term Key Escrow (3) How to Subscribe/Unsubscribe to the Policy Post list (4) About CDT, contacting us ** This document may be redistributed freely with this banner intact ** Excerpts may be re-posted with permission of ** This document looks best when viewed in COURIER font ** ----------------------------------------------------------------------------- (1) LATEST ADMINISTRATION CRYPTO POLICY CONTINUES PUSH TOWARDS KEY ESCROW This week the Administration announced the latest in a series of encryption policies designed to promote the use of key escrow systems, both domestically and abroad. This latest initiative continues the drive towards a global guarantee of law enforcement access to all encrypted communications and stored data. CDT believes that such governmental access systems -- whether through "key escrow" or "key recovery" -- threaten the fundamental privacy rights of computer users, both domestically and abroad. The latest Administration proposal would promote key escrow by temporarily easing current export restrictions on moderately strong encryption products. The proposal would raise the current export limit from 40 bits to 56 bits for companies that agree to produce key escrow products. Companies would be required to report their progress every six months. After two years, all exportable encryption systems stronger than 40-bits would have to include key escrow. Encryption producers will be compelled to be part of this scheme in order to stay competitive, eventually producing and adopting key escrow systems which so far have been largely rejected by the public. An overview of the latest Administration policy, considered within the context of the government's relentless drive towards key escrow, is attached below. - THE UNSWERVING GOAL: GOVERNMENT ACCESS TO ALL COMMUNICATIONS AND STORED DATA The long-standing goal of every major encryption plan by the Administration has been to guarantee government access to all encrypted communications and stored data. In 1993, the Clipper Chip policy achieved access through keys held by the government. In 1995, the "Clipper II" proposal allowed export relief for commercial key escrow systems. This summer, "Clipper III" sought access to keys through the dual incentives of export controls and a new government "key management infrastructure." In each case, the ultimate goal has been a guarantee of government access to the plaintext of encrypted information. Law enforcement and national security interests have driven this process. The attempt to institutionalize key escrow worldwide is a fundamental threat to the privacy and security of Internet users both domestically and abroad. * GUARANTEED ACCESS TO INTERNET COMMUNICATIONS AND STORED DATA WOULD BE A DRAMATIC EXPANSION OF CURRENT LAW ENFORCEMENT CAPABILITIES. Guaranteed access to Internet communications and stored files is a far greater intrusion into the privacy of computer users than current wiretapping. As individuals conduct more aspects of their lives online, key escrow is tantamount to guaranteeing law enforcement access to all of our most intimate conversations, sensitive personal records, musings and thoughts in a way never available before. Within the United States, Congress and the courts have established a delicate balance in electronic surveillance between law enforcement and individual privacy rights. Key escrow destroys that balance, providing law enforcement with a comprehensive dossier of individual lives and activities. * GLOBAL KEY ESCROW ENDANGERS THE PRIVACY RIGHTS OF COMPUTER USERS COMMUNICATING IN COUNTRIES THAT HAVE NO FOURTH AMENDMENT OR OTHER PRIVACY PROTECTIONS. An international key escrow scheme will necessarily entail the escrow of key information in foreign countries, with access by foreign governments through much weaker privacy protections. Such global key escrow jeopardizes the privacy rights of any American who communicates or stores files abroad, where key information might be released with few privacy protections. Moreover, global key escrow endangers the privacy and free expression of computer users everywhere by establishing the global machinery for government surveillance without privacy protections. * THE CHOICE TO ACCEPT THE COSTS AND RISKS OF KEY ESCROW SHOULD BE MADE BY INDIVIDUAL USERS, NOT FORCED UPON THEM. Additional access points to encrypted data will create added vulnerabilities, new security problems, and additional costs. While some users may decide that the benefits of key escrow outweigh the costs, governments should not be imposing these costs and risks on users who do not want them. Individuals should be able to choose the type of encryption they want. The global adoption of government access systems has serious, negative consequences on the privacy of computer users. The recent Administration announcement is another step in that wrong direction. ----------------------------------------------------------------------- WHAT YOU CAN DO -- ADOPT YOUR LEGISLATOR As Members of Congress head home for the fall elections, they need to hear from Internet users about the importance of encryption policy reform for the future of the Net. Adopt your legislator -- tell them that the Administration's Key Escrow plan threatens the basic privacy rights of Internet users, and let us know what they say! Please take a moment to join the "Adopt Your Legislator" campaign. By taking a moment to sign up to contact your member of Congress, you can make a critical difference in the debate over privacy and security on the Internet. Details can be found at: http://www.crypto.com/ and http://www.cdt.org/crypto/ Tell them it's "My Lock, My Key!" (The Adopt Your Legislator Campaign is a joint effort organized by the Voters Telecommunications Watch (VTW), the Electronic Frontier Foundation (EFF) and the Center for Democracy and Technology (CDT)). ----------------------------------------------------------------------- (2) ANALYSIS OF THE ADMINISTRATION'S NEXT STEP: SHORT-TERM EXPORT RELIEF TO COMPEL LONG-TERM KEY ESCROW The latest Administration encryption policy, announced October 1, continues this trend towards governmental access to all encrypted information. Using a carrot-and-stick approach, the plan promises moderate, short-term export relief in return for the development and eventual adoption of key recovery systems. The Administration unveiled its encryption initiative at a White House briefing by CIA Director John Deutch, Domestic Policy Advisor to the Vice President Greg Simon, Undersecretary of Commerce William Reinsch, and high-level representatives of the Department of Justice and the Office of Management and Budget. The basic outlines of the proposal included below were culled from the Administration's statement and Tuesday's White House briefing. Major features of the new policy include: * ALLOWS EXPORT OF 56-BIT ENCRYPTION PRODUCTS FOR THE NEXT TWO YEARS, "contingent upon industry commitments to build and market future products that support key recovery." Six-month licenses for 56-bit exports would be granted and renewed for up to two years -- contingent on satisfactory progress towards key escrow. * REQUIRES KEY ESCROW CAPABILITIES AFTER TWO YEARS in all exportable products with more than 40 bits. * "ENCOURAGES" THE ADOPTION OF KEY ESCROW SYSTEMS through international agreements, standards processes, and a new key management infrastructure. * TRANSFERS JURISDICTION OVER ENCRYPTION EXPORT LICENSING TO THE DEPARTMENT OF COMMERCE, but grants the Department of Justice a formal vote in the process. The President is expected to sign an Executive Order enacting many of these changes in mid-October. Other pieces will be published as agency rules or regulations; a small part of the proposal (rules governing key holders) may require legislation. WHAT IT ALL MEANS FOR INTERNET USERS: In the short run, computer users may see more widespread availability of moderately stronger encryption products (up to 56-bit key length) if vendors choose to and are able to meet the "commitments" required under the proposal. In the longer term, however, even these moderately stronger products will only be exportable with key escrow. Ultimately, this proposal is designed to force the widespread adoption of key escrow systems, both domestically and abroad. A. EXPORT CONTROL RELIEF AS AN INCENTIVE FOR KEY ESCROW: The Administration proposal would allow for short-term export of 56-bit DES equivalent encryption products in return for commitments from exporters to develop "key recovery" systems. * Starting on Jan. 1, 1997, the Administration would begin granting six month general licenses for export of 56-bit encryption products. * Licenses would be granted "contingent on commitments from exporters to explicit benchmarks and milestones for developing and incorporating key recovery features into their products and services." * Additional six month licenses would be granted "if milestones are met." * In two years, "the export of 56-bit products that do not support key recovery will no longer be permitted." * Export of longer key lengths would continue for certain sensitive financial applications. * Export of longer key lengths may be allowed more generally once key escrow mechanisms are in place. Questions remain as to exactly what form the commitments from exporters will take, who will qualify for these relaxations, and what will happen at the end of two years to 56-bit non-escrow products in the marketplace and how they will be supported. No interoperability restrictions on products have been mentioned, and the Administration seemed to indicate that it would be willing to tolerate a greater degree of interoperability between products. WHAT EXPORT CONTROLS MEANS FOR INTERNET USERS: This Administration export control scheme coerces industry into developing key escrow systems, domestically and abroad, whether they want to or not. Since 1992, export controls have been the favorite vehicle for enforcing the adoption of such key escrow systems. The strong public desire for secure global communications has allowed government to use key escrow as a precondition for export relief. Export controls are a force for key escrow in the domestic market as well as the international market because of the need for secure international communications and the cost of producing product lines for U.S. use only. The Administration realizes this: as CIA Director Deutch stated at the White House press briefing, he was more concerned with encryption that people "buy at Sears" than about less popular strong encryption products that the Administration concedes will always be available. In addition to their impact on the market for key escrow, the proposal's export controls and key length limits themselves hurt user privacy and security. * Export controls don't make sense for a global Internet; they place business at a competitive disadvantage and prevent deployment of a secure global infrastructure. * 56-bits is not enough for many applications. CDT welcomes the Administration's recognition that 40-bit products are not strong enough, but last winter's study by a panel of encryption experts argued that DES keys can be cracked relatively quickly by well- financed groups, and that 70- to 90-bit keys are more appropriate. * Key length limits are a flawed approach because they presuppose that some entities should be able to break keys and some should not -- a solution that is unlikely to appeal to worldwide consumers of encryption. B. "KEY RECOVERY": Government access to the plaintext of encrypted data remains the centerpiece of the Administration proposal. Major features of the key escrow requirements in the latest proposal include: * Key escrow systems would rely on a trusted party to recover a user's confidentiality keys for use by law enforcement acting under "proper authority." * The trusted recovery party might in some cases be internal to the user's organization, but in all cases notice to surveillance targets that their key information had been released would be prohibited. * Access to keys internationally "would be provided in accordance with destination country policies and bilateral understandings." * The Administration will pursue legislation to govern the release of keys, provide criminal and civil penalties for unauthorized releases or theft of keys, and provide liability protection for key holders. * The Administration will continue to "encourage" the adoption of key escrow systems through it's broad efforts to promote international key escrow agreements, government key escrow purchasing standards, and the creation of a key management infrastructure. None of the officials at the White House briefing were able to give specific information about the requirements to be placed on key holders (e.g., response times, security clearances, etc.) The Administration did indicate a broader approach to allowing industry key escrow systems that more limited access to confidential information through, for example, recovery of specific plaintext or separation of key information. NOTE: KEY ESCROW V. KEY RECOVERY -- CDT recognizes that real progress has been made in the development of systems that provide access to the plaintext of encrypted data while minimizing the collection and disclosure of sensitive key information. However, from a privacy policy perspective these approaches have the same basic privacy problem: they are designed to provide law enforcement with guaranteed access to all encrypted information. WHAT "KEY RECOVERY" MEANS FOR INTERNET USERS: CDT recognizes that some companies and users may wish to use key escrow systems. The Administration's apparent recognition that these systems are best designed in the private sector is welcome. However, this policy's acknowledged desire to widely promote key escrow is dangerous and threatens the privacy of users: * Users are being pushed towards key escrow, whether they want it or not. The Administration is using the enormous pressure of export controls, competitive markets, and industry standards to force adoption of key escrow. Each user should be free to decide for themselves whether to accept the costs of key escrow. * International key escrow doesn't protect privacy in a world without a Fourth Amendment -- What legal standards apply to communications when keys are held in foreign countries? Officials have been unable to clearly explain how the privacy of computer users will be preserved. * Key escrow dramatically expands law enforcement capabilities -- Guaranteed access to encrypted information is a far greater intrusion into our lives than the delicate balance struck under U.S. privacy law. * Key escrow is unproven -- The NRC's recent study argued that a policy relying on key escrow is "not appropriate at this time" and "is likely to have a significant negative impact on the natural development of applications." * Key escrow creates new security vulnerabilities, such as the creation of large aggregations of sensitive key information, that are poorly understood. C. TRANSFER OF JURISDICTION TO THE COMMERCE DEPARTMENT: According to the White House, "after consultation with Congress, jurisdiction for commercial encryption controls will be transferred from the State Department to the Commerce Department." * Encryption licenses will be reviewed under the Commerce Department's "normal process" by a committee with representatives from the Departments of Commerce, State, Defense, Energy, and for encryption exports, Justice. * The Justice Department will have a single vote in the review committee, which will make its decisions by majority rule. * The State Department will only have jurisdiction over special, single customer, military-specific encryption products. WHAT TRANSFERRING JURISDICTION MEANS FOR INTERNET USERS: While the switch to Commerce has been perceived as helpful by some, CDT believes the benefits are unclear if fundamental policy remains unchanged. The switch to Commerce will have little impact on the underlying policy direction aimed at institutionalizing key escrow. Moreover, the Commerce Department's review committee is heavily weighted towards the law enforcement and national security perspective (State, Defense, Justice, and Energy), with the Commerce Department the lone representative of industry and consumer interests. Finally, the presence of domestic law enforcement in export control decisions raises serious questions about the ultimate goal of this policy. IV. CONCLUSION The Administration's latest encryption proposal remains wedded to a flawed, key escrow and export control oriented approach that does not address the privacy concerns of users. While it contains some welcome ideas, at its heart the Administration proposal uses the short-term easing of export controls to promote key escrow through a Faustian bargain with an industry desperate to produce strong security products. Such manipulation of the market for encryption products is designed to forward law enforcement's dangerous agenda of worldwide governmental access to all encrypted information. The march towards institutionalized key escrow is a real threat to the privacy of computer users, particularly in a world where not everyone has a Fourth Amendment. The United States should be a force for Internet privacy and security worldwide. Rather than forcing key escrow on a wary public, the Administration should look to work with Congress, privacy and Internet advocates, the user community, and industry to craft a truly voluntary policy that meets the privacy and security needs of computer users in the global Information Age. ----------------------------------------------------------------------- (3) SUBSCRIPTION INFORMATION Be sure you are up to date on the latest public policy issues affecting civil liberties online and how they will affect you! Subscribe to the CDT Policy Post news distribution list. CDT Policy Posts, the regular news publication of the Center For Democracy and Technology, are received by nearly 10,000 Internet users, industry leaders, policy makers and activists, and have become the leading source for information about critical free speech and privacy issues affecting the Internet and other interactive communications media. To subscribe to CDT's Policy Post list, send mail to policy-posts-request at cdt.org with a subject: subscribe policy-posts If you ever wish to remove yourself from the list, send mail to the above address with a subject of: unsubscribe policy-posts ----------------------------------------------------------------------- (4) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US The Center for Democracy and Technology is a non-profit public interest organization based in Washington, DC. The Center's mission is to develop and advocate public policies that advance democratic values and constitutional civil liberties in new computer and communications technologies. Contacting us: General information: info at cdt.org World Wide Web: http://www.cdt.org/ FTP ftp://ftp.cdt.org/pub/cdt/ Snail Mail: The Center for Democracy and Technology 1634 Eye Street NW * Suite 1100 * Washington, DC 20006 (v) +1.202.637.9800 * (f) +1.202.637.0968 ----------------------------------------------------------------------- End Policy Post 2.35 10/3/96 ----------------------------------------------------------------------- From snow at smoke.suba.com Fri Oct 4 01:42:45 1996 From: snow at smoke.suba.com (snow) Date: Fri, 4 Oct 1996 16:42:45 +0800 Subject: Did Sun get a sweetheart deal? In-Reply-To: Message-ID: <199610040512.AAA00647@smoke.suba.com> Mr. Green wrote: > On Thu, 3 Oct 1996, Ernest Hua wrote: > > Sun Microsystems Inc. said Wednesday it received two contracts from > > NASA's Goddard Space Flight Center worth a total of $100 million. The > > Mountain View-based company said the pact calls for software > > development and the design about 34,000 computer-aided engineering > > and design workstations. NASA will use the workstations to design > > integrated circuits. > 34,000 Sun workstations? If any of the software designers from Sun are > reading this, I would like to make a suggestion as to the screensaver > that will ship with every workstation. Would that bring the crack down to under a month? Petro, Christopher C. petro at suba.com snow at smoke.suba.com From dthorn at gte.net Fri Oct 4 02:03:56 1996 From: dthorn at gte.net (Dale Thorn) Date: Fri, 4 Oct 1996 17:03:56 +0800 Subject: gack vs. key escrow vs. key recovery In-Reply-To: <199610040153.SAA24250@slack.lne.com> Message-ID: <3254B26B.700E@gte.net> Eric Murray wrote: > Vladimir Z. Nuri writes: > > cpunks, a note about recent developments in "key recovery" initiative. > > is the government always going to be your > > enemy, no matter what they do? > It seems to be bent on doing so. > > I have posted here before that many companies find the concept > > of "key recovery" highly acceptable and even desirable. the > > basic question is, what does this mean to wiretapping and > > search warrants and subpoenas? > They get served, and the keys are produced. Same with personal > crypto- if I'm in court and some encryped file that I have the > key for is demanded as evidence, I provide the key or get > hit with contempt of court, my choice. > No one is arguing about that. The objections to Clipper III are: [additional text deleted] Sounds to me like there's a need for a program that can produce secure encryption, yet the output looks like "real junk", i.e., not anything like what one of the *better* programs would produce. Then you can claim (with testimony of experts if necessary) that "I didn't encrypt it, must be just garbage". And even if you got some bozo govt. person testifying against you, you shouldn't have much problem making them look stupid and vindictive in front of a jury. From mccoy at communities.com Fri Oct 4 02:06:18 1996 From: mccoy at communities.com (Jim McCoy) Date: Fri, 4 Oct 1996 17:06:18 +0800 Subject: Clipper III questions In-Reply-To: <199610040135.SAA24060@slack.lne.com> Message-ID: >The recent CDT policy post sez of Clipper III: > >>* Access to keys internationally "would be provided in accordance with >> destination country policies and bilateral understandings." > > >This reminds me of the understanding between CIA/NSA and their counterparts >in British Intelligence. [...] While I am not sure that this oft-made claim can actually be proven, it does raise an interesting point: a large amount of communications traffic crosses international boundaries, which country's laws and procedures are to be followed when a "legitimate law enforcement need" is perceived? While Americans have become somewhat disenchanted with protections given to American suspects via our Fourth Amendment, a possible line of attack upon Clipper III might be that those who want to monitor communications will select the jurisdiction in which it is easiest for them to get a court order. While "coddling criminals" and "throwing out evidence based upon technicalities" has a negative PR value, Americans are a cheuvanistic lot who tend to go completely ballistic when told that they must be subject to the laws of another country, and given the nature of internet communications this might be something which could be used to our advantage. Something like "Clipper III is giving away your First Amendment rights in cyberspace and replacing them with the restrictive expresion laws of Country X, is that what you really want?" The international angle may be a good card to play in the American debate. >From a law-enforcement point of view international communications gives them little to work with: there are already numerous articles which can be quoted pointing out that terrorists [insert optional horseman] already have access to strong crypto so Clipper III will not catch them, the only thing it is good for is spying on honest Americans... :) jim p.s. On the commercial side, the known economic espionage cases of the French and Japanese governements may also be points to raise. From dlv at bwalk.dm.com Fri Oct 4 02:07:59 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 4 Oct 1996 17:07:59 +0800 Subject: Cypherpunk forgery. In-Reply-To: <19961003164259.20019.qmail@kiwi.pyrotechnics.com> Message-ID: scallon at kiwi.pyrotechnics.com writes: > I just got word from one of my buddies that someone has been forging > my e-mail to cypherpunks talking about the pederast organization > NAMBLA. There's a character on cypherpunks named Timmy May with a long history of attributing to people various nonsense they didn't say. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dthorn at gte.net Fri Oct 4 02:42:04 1996 From: dthorn at gte.net (Dale Thorn) Date: Fri, 4 Oct 1996 17:42:04 +0800 Subject: support for "crack DES" In-Reply-To: <199610032143.OAA13883@mail.pacifier.com> Message-ID: <3254AE32.1DFA@gte.net> jim bell wrote: > At 01:26 PM 10/3/96 +0000, Omegaman wrote: > >Considering the situation -- considering that RSA has even signed on > >to this scheme -- I'd have to say that I don't give a rat's ass what > >Bill Gates claims. If Micro$oft bucks the system, I'll gladly > >applaud their stand. > >The situation is not good at all. > >Cracking DES (whether distributed or through a hardware crack, or > >both!) seems critical at this point. > Just remember that it would be far better to make the crack look easy, > than to make it look hard. quantity 9000+, $1,000 Pentiums for a year > (plus maybe $500,000 in electricity) looks "hard." 1000 dedicated > chips (whether they be FPGA or custom or...) for 1.5 months or so > looks "easy." > The latter crack looks far more likely to be repeated. The former is > OBVIOUSLY a stunt. I don't know from discussion here whether anyone wants to take this in front of one of those C-Span Congress hearings or not; it's not that hard to do if you weasel your way in with the right folks.... Timing is important, and the element of surprise. From what I hear, Sen. Specter was hoping to gild his bid for the pres. race with his hearings on militias et al, then he got sideswiped by some smarter people who had documents in hand. If "the box" is ready at the right time, and you can catch the politicos at a moment when they're increasing their ambition, it could make a heckuva bang. The fundamental laws of logic (via Joey the Hit Man): Never steal from the boss, never, ever rat on the boss, and above all, don't get too ambitious. From dougr at skypoint-gw.globelle.com Fri Oct 4 03:42:42 1996 From: dougr at skypoint-gw.globelle.com (Douglas B. Renner) Date: Fri, 4 Oct 1996 18:42:42 +0800 Subject: gack vs. key escrow vs. key recovery In-Reply-To: <199610040033.RAA18660@netcom19.netcom.com> Message-ID: On Thu, 3 Oct 1996, Vladimir Z. Nuri wrote: > > it is clear we are coming to a fork in the road at this moment. > there are going to be two types of cpunk opinions based on recent > developments. > > 1. those who feel that wiretapping was illegitimate from the > start and are working to make wiretapping impossible. confronted > with a legal search warrant/subpoena etc. for personal data, > they would not hand over keys. they would "superencrypt" in > systems that do etc. > > 2. those who feel that there is such a thing as a legal warrant > or subpoena for information protected by cryptography keys, and > would agree that this logically means that governments will be > getting access to "key recovery" infrastructures. > If I correctly understand what you are saying, I agree with your thesis that people who are stuck in an antiestablishment frame of mind may just as easily hinder their own cause by acting blindly. But if we make a distinction between two very different levels and types of wiretapping, I believe a sizeable third category becomes apparent: 3. Those who are aware of the existence of large-scale systems of electronic monitoring by the NSA, which does not need any search warrant or subpoena of any kind to collect, archive, index, correlate, interpret & summarize the supposedly private communications of all of us. When presented with an actual search warrant, people who have this awareness would typically cooperate with any law enforcement agencies, since they would also be aware of how impractical noncooperation would be. Far from considering the government as always bad, they may only have a healthy mistrust of those branches of big government which can operate both above the law and behind a cloak of secrecy. People in category 3 may be aware of the pure power of knowledge which can be extracted from large data mines, and simply desire to exclude as much of their personal communications from these mines as possible. They are not comforted by an encryption system where keys could be recovered without one's knowledge, and see this as a threat to the current growth of truly unbreakable systems. Former US Senator Dave Durenburger, while still head of the Senate Select Intelligence Committee, remarked to the press that he wondered if CIA Director William Casey enacted covert plots "just for kicks." If absolute power corrupts absolutely, is it not our civic duty to ensure that the former does not come into being? Douglas B. Renner From unicorn at schloss.li Fri Oct 4 03:56:35 1996 From: unicorn at schloss.li (Klaus E. vonEbel) Date: Fri, 4 Oct 1996 18:56:35 +0800 Subject: Fw: Re: ITAR satellite provision In-Reply-To: <199610032109.OAA11555@mail.pacifier.com> Message-ID: On Thu, 3 Oct 1996, jim bell wrote: > At 02:05 PM 10/3/96 -0400, Michael Froomkin - U.Miami School of Law wrote: > >Alas, a common fallacy. > > > >You have committed a prohibited export when the stuff lands outside the > >USA....It's not illegal when it goes up ("by reason of the launching" and, > >e.g. *stays up* in orbit) but it is illegal when it comes down abroad. > > Sure about that? The regulation said something like "launch vehicle" or > "launch," apparently indicating that a "launch vehicle" could actually be > exported, THEN launched, etc, without violating ITAR. And since the > regulation does not go into any detail about the "launch", other than it is > a "launch" (and does not explicitly prohibit landing subsequent to launch) > the implication is that there is no prohibition. > > I still think the regulation was just written sloppily. Thankfully, you're not an attorney. > > Jim Bell > jimbell at pacifier.com > -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From pclow at pc.jaring.my Fri Oct 4 04:00:14 1996 From: pclow at pc.jaring.my (pclow) Date: Fri, 4 Oct 1996 19:00:14 +0800 Subject: WINDOWS NT ???? In-Reply-To: <19961004024009156.AAA66@GIGANTE> Message-ID: <32548D47.39CD@pc.jaring.my> Adamsc wrote: > > is Windows NT secured system ? NT? Secured? hahahahahahahahahahahahahahahahhahahahahahahaha From declan at eff.org Fri Oct 4 04:05:01 1996 From: declan at eff.org (Declan McCullagh) Date: Fri, 4 Oct 1996 19:05:01 +0800 Subject: Fighting Clipper III In-Reply-To: <9610031655.AA00896@ch1d157nwk> Message-ID: IBM truly does deserve to be criticized, soundly. When I get a chance I'll write up the report of what happened at yesterday's IBM "let's recruit industry to join our alliance" confab session that took place in the afternoon at their DC lobby-office. It was supposedly closed to the press. :) -Declan On Thu, 3 Oct 1996, Andrew Loewenstern wrote: > Jim McCoy writes: > > The big brother inside stickers from the last campaign were > > nice, maybe people can come up with variations of various > > corporate logos or marketting phrases which help get the > > message across? > > Big Brother Inside stickers are a classic and should be revived. I would > like to see a takeoff of the IBM logo since they are the ones who seem to be > cozying up to the USG the most (with the exception of TIS whom nobody has ever > heard of). How about "GAK" in the familiar IBM blue pinstripe logo? Or > "IBBM" International Big Brother Machines? Everyone recognizes the IBM logo. > > > andrew > // declan at eff.org // I do not represent the EFF // declan at well.com // From accessnt at ozemail.com.au Fri Oct 4 04:08:48 1996 From: accessnt at ozemail.com.au (Mark Neely) Date: Fri, 4 Oct 1996 19:08:48 +0800 Subject: paging nets Message-ID: <3.0b15.32.19961004124320.006b0320@ozemail.com.au> >BBC Blows Radiopager Security Systems Wide Open >LONDON, ENGLAND, 1996 OCT 2 (NB) -- By Steve Gold. Now, why does he sound familiar :) Regards, Mark Mark Neely - accessnt at ozemail.com.au Lawyer, Internet Consultant, Professional Cynic & Author From shamrock at netcom.com Fri Oct 4 04:15:00 1996 From: shamrock at netcom.com (Lucky Green) Date: Fri, 4 Oct 1996 19:15:00 +0800 Subject: Margaret Milner Richardson loses her breakfast... In-Reply-To: Message-ID: On Thu, 3 Oct 1996, Robert Hettinga wrote: > Ms. Richardson said: "How would you like to be responsible for > administering tax laws and have to read these ads over breakfast?" My heart bleeds for her :-) [what's the smiley for a huge grin?] --Lucky From joelm at eskimo.com Fri Oct 4 04:15:06 1996 From: joelm at eskimo.com (Joel McNamara) Date: Fri, 4 Oct 1996 19:15:06 +0800 Subject: Esther Dyson: Pro-crypto in Poland Message-ID: I'm in Warsaw doing some consulting for a local ISP and got invited to an Internet conference last night targeted toward government ministry officials. Even though I speak no Polish, I decided to go because Esther Dyson was one of the keynotes. The three day conference is being held outside of Warsaw. The location has to be one of the most unique conference settings I've ever seen. How about in a classroom of what appeared to be the government police training barracks. Guarded gates, barking German shepherds in kennels, and armed, marching cops in camo fatigues. Interesting. Got to suggest it to the DefCon folks instead of Vegas. Anyway, not knowing what Esther was going to talk about, I started to smile when she launched into a very pro-crypto (as in anti-key escrow) presentation. Through a translator, she did a good job of covering most of the issues near and dear to Cypherpunks's hearts. She closed with urging the Polish officials to make their own decisions regarding privacy and crypto, and not be swayed by the actions of the US government. Someone in the audience asked what the average American thought of the ongoing crypto controversy. Esther answered correctly, that they're mostly clueless. Of course I had to stand up and mention the grassroots Cypherpunk efforts just to let folks know not everyone besides EFF is idly standing by (I think my host did a pretty good job of translating). Esther's comment was that Cypherpunks weren't average. You decide if that was a compliment or not. I don't know. Despite the bashing she got on the list about anonymity, I was impressed. Presenting the issues in a very logical and rational manner to government officials in "crypto-neutral" territory counts for something in my book. Anyway, based on all of the nonsense going on in the US, it's interesting to be in an environment where there are strong concerns about privacy and government abuses by the average citizen. I think Americans have taken for granted many things, that only living under a repressive regime would make them appreciate. Joel From gbroiles at netbox.com Fri Oct 4 04:19:02 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Fri, 4 Oct 1996 19:19:02 +0800 Subject: ITAR satellite provision Message-ID: <3.0b28.32.19961004015418.006b44d0@ricochet.net> On Thu, 3 Oct 1996, jim bell wrote: > The wording was > clearly intended to be an exception to a rule. What the wording doesn't > include is the "exception to the exception," most likely because they > weren't thinking in too great a detail when they wrote the regulations. Yow. The "if we put it in a rocket it's exportable" interpretation made me think twice before posting the text of that definition, because it's seductive and wrong. I posted it because it's amusing to think about and because we all had a good laugh about it at the Mac crypto conference; but I'd feel like a jerk if someone got themselves in a lot of trouble with an enthusiastic misreading of that sentence out of pages and pages of regulations (plus quite a few more pages of opinions interpreting those regulations). > It appears that the government left a loophole so large that you could > drive a truck...er...shoot a rocket through it. If you think you've found an enormous loophole in a regulation which has been around for 15-20 years, you should double-check your research and get a good nights' sleep. Law is like science this way - if you think you have found room-temperature fusion you should stop and check your work. It's much more likely that you're not reading carefully or you've missed something. -- Greg Broiles | "We pretend to be their friends, gbroiles at netbox.com | but they fuck with our heads." http://www.io.com/~gbroiles | | From deviant at pooh-corner.com Fri Oct 4 04:31:09 1996 From: deviant at pooh-corner.com (The Deviant) Date: Fri, 4 Oct 1996 19:31:09 +0800 Subject: RSA's position on espionage-enabled crypto. In-Reply-To: <199610032013.NAA23928@toad.com> Message-ID: On Thu, 3 Oct 1996, Peter Trei wrote: > Date: Thu, 3 Oct 1996 16:14:34 -6 > From: Peter Trei > To: cypherpunks at toad.com > Subject: RSA's position on espionage-enabled crypto. > > RSA has put up a 'position statement' on clipper 4 at their home > page at www.rsa.com. > > They're not rejecting it, but are clearly not wildly pro-GAK either. It's > clearly early days yet. > Hrmm.. when I read and forwarded it to the list (about 10 minutes ago now), it seemed to be a "we think its a good thing" type of statement... --Deviant Art is a lie which makes us realize the truth. -- Picasso From attila at primenet.com Fri Oct 4 04:34:16 1996 From: attila at primenet.com (attila) Date: Fri, 4 Oct 1996 19:34:16 +0800 Subject: "Mormon Asshole?" re: GAK In-Reply-To: Message-ID: <199610040852.CAA00766@infowest.com> In , on 10/03/96 at 07:35 PM, dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) said: .attila writes: . .> .> "The only natural criminal class in America, the U.S. Congress" > .> --Mark Twain .Mark Twain had some very negative things to say about your criminal cult. . WRONG, read the entire article. in the balance he was rather positive in his "review" of the Mormons, particularly family life and work ethic. the first part of his rambling was critical more from the very negative attitude to the Mormons in MIssouri at the time Samuel Clemmons was growing up. The three bloody marches in winter with a loss of over 6,000 lifes were less than 10 years history in his childhood. One of our most basic beliefs in the 13 Articles of Faith (in addition to the ten commandments) is that we believe everyone should be allowed to practice the religion of their choice, any religion, as they wish to observe; we only ask the same of them. For instance, when the Catholic Church established a parish in Salt Lake City, they had no meeting place. Brigham Young granted them the free use of the Tabernacle on Temple Square why they were raising money to build their own church. The same was true in St. George; the classic tabernacle at main & tabernacle was used free of charge by the Catholics until they were able to erect their own church, school, etc at 200 N 300W, two blocks down the street from Brigham Young's winter residence. I have never believed we have been persecuted for religion. the work ethic, and the extended 'ward' family, where everyone cooperated on advancing the community --for instance, one family took the responsibility of making soap (nasty job which takes time) for everyone, and so on. This is cooperative "husbandry"/industry, and it was beneficial to everyone; there are numerous others. even today, our wards are organized so individual families have a "skill" for the ward should we find ourselves isolated in a wall street disaster, a natural disaster, or whatever. do you have 3 years of food storage? almost 4,000 lbs. and 9,000 gallons of drinking water for 3 years for a family of 5? --that's 72,000 lbs (36 tonnes!... ) almost 10,000 cu. ft. we work and we share. which means prosperity, which means economic success, which usually means stable, cohesive politics. and this too often creates not only jealousy and hostility from our non-Mormon neighbors, but fear. therefore, the basest of arguments and untruths are used against us to justify the quick annihilation of the "offenders in our midst." but what inflames the anti-mormon passions the most is the paid clergy of other organized religions whose employment is the paid ministry to their flock. Mormons threaten their jobs; the mormons have no paid ministry; it is all part of our "callings" to do the Lord's work. The 40,000 young men and women who leave MTC in Provo, and other training centers, each graduation to scatter to every country in the world, have earned their *own* money to support themselves on their two year missions. these young men and women return with unbelievably positive attitudes and the satisfaction they earned the money themselves --which took planning and perseverance. Dimitri, try reading a balanced analysis of the LDS faith, the teachings, and their accomplishments before you jump off and prove your ignorance and bigotry... it will not harm you, and you might be surprised at what you learn, particularly "forgiving those who trespass against us." -no retaliation. remember, all members are missionaries in a way; noone will *ask* you to join. all we do is offer you the opportunity to *investigate* our beliefs and our community. After *you* study the materials and ask questions, it is up to you to get on your knees and ask the Lord if you should join. We neither ask nor tell you you will die an agonizing death, again and again in eternity, if you do not join. everyone is there own free agent, and we can not influence your "free agency" --we will not pursue you if your prayers are not answered; but we will still be you friend, and our offer to participate in our services and our activities is still extended. For instance, I will never attack you with hate speech, and even my sarcasm is questionable, despite the fun a good play on words provides; you could probably snitch me off to my bishop and I would likely face a church council. As a high priest, that is a serious matter. something else you probably do not know: we NEVER pass the plate at any service. tithing is a private matter. -- "I don't make jokes. I just watch the government and report the facts." --Will Rogers From die at pig.die.com Fri Oct 4 04:39:37 1996 From: die at pig.die.com (Dave Emery) Date: Fri, 4 Oct 1996 19:39:37 +0800 Subject: Pager security Message-ID: <9610032348.AA22047@pig.die.com> Lest anyone doubt this, pagers in the US have the same exact vulnerability as those in the UK. No current paging systems use any kind of serious encryption and all can be intercepted by using a scanner, a very simple data detector consisting of one IC and an ordinary PC running appropriate software. I wrote a USENET article about decoding POCSAG paging back in 1993, and am aware of at least four different individuals who have implemented programs based in part on my description of the protocol - three of whom have sold the product to the hobbiest market. Dave Emery N1PRE die at die.com From blancw at cnw.com Fri Oct 4 04:42:37 1996 From: blancw at cnw.com (blanc) Date: Fri, 4 Oct 1996 19:42:37 +0800 Subject: gack vs. key escrow vs. key recovery Message-ID: <01BBB187.08797720@king1-18.cnw.com> From: Vladimir Z. Nuri, [who still doesn't get it] what is the precise difference between gack, key escrow, and key recovery? [and] I'll be watching the debate closely, as the true extremists incapable of compromise (and thereby living in a fantasy world) show their colors.... ............................................................................... The precise difference is: who is in control. In order to understand this critical point you must understood the idea of having personal authority as a standard for living. But you would expect that everyone should accept being subject to inspection by default, as if governments owned everyone within the national boundaries and keeping personal things away from them were a sin. The more that governments obliterate the lines of division between what is exclusively one's own to manage and what they have "the right" to share in (including holding your extra keys) or to demand (access to private communication), the less defined the concept of individuality becomes (as compared to being a "borg" of the State) and the more difficult it becomes intellectually to uphold one's separateness from it, since it all seems to be the same, undifferentiated control over things in general ("we are all One - how could you object?"). It is right to resist any attempts by the State to assimilate everyone into its fold by blurring the boundaries of authority (in its favor). It is a better thing to strengthen each individual's ability to maintain their own, than to put them in a situation where they *must* use the assistance of (become dependent upon) the (supposed) benevolence and rational judgement of an overwhelming overseer. It is better to reserve the right of authority over who & when anyone may keep one's software keys in escrow. It is better than to forfeit the right to make that decision on one's own good time and according to one's own plan, which would otherwise weaken that authority. .. Blanc [If 51% of the true extremist voters would elect Harry Browne, GAK would not be a problem.] From attila at primenet.com Fri Oct 4 04:49:48 1996 From: attila at primenet.com (attila) Date: Fri, 4 Oct 1996 19:49:48 +0800 Subject: "Mormon Asshole?" re: GAK In-Reply-To: Message-ID: <199610040846.CAA00681@infowest.com> In , on 10/03/96 at 07:35 PM, dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) said: .attila writes: . .> .> "The only natural criminal class in America, the U.S. Congress" > .> --Mark Twain .Mark Twain had some very negative things to say about your criminal cult. . WRONG, read the entire article. in the balance he was rather positive in his "review" of the Mormons, particularly family life and work ethic. the first part of his rambling was critical more from the very negative attitude to the Mormons in MIssouri at the time Samuel Clemmons was growing up. The three bloody marches in winter with a loss of over 6,000 lifes were less than 10 years history in his childhood. One of our most basic beliefs in the 13 Articles of Faith (in addition to the ten commandments) is that we believe everyone should be allowed to practice the religion of their choice, any religion, as they wish to observe; we only ask the same of them. For instance, when the Catholic Church established a parish in Salt Lake City, they had no meeting place. Brigham Young granted them the free use of the Tabernacle on Temple Square why they were raising money to build their own church. The same was true in St. George; the classic tabernacle at main & tabernacle was used free of charge by the Catholics until they were able to erect their own church, school, etc at 200 N 300W, two blocks down the street from Brigham Young's winter residence. I have never believed we have been persecuted for religion. the work ethic, and the extended 'ward' family, where everyone cooperated on advancing the community --for instance, one family took the responsibility of making soap (nasty job which takes time) for everyone, and so on. This is cooperative "husbandry"/industry, and it was beneficial to everyone; there are numerous others. even today, our wards are organized so individual families have a "skill" for the ward should we find ourselves isolated in a wall street disaster, a natural disaster, or whatever. do you have 3 years of food storage? almost 4,000 lbs. and 9,000 gallons of drinking water for 3 years for a family of 5? --that's 72,000 lbs (36 tonnes!... ) almost 10,000 cu. ft. we work and we share. which means prosperity, which means economic success, which usually means stable, cohesive politics. and this too often creates not only jealousy and hostility from our non-Mormon neighbors, but fear. therefore, the basest of arguments and untruths are used against us to justify the quick annihilation of the "offenders in our midst." but what inflames the anti-mormon passions the most is the paid clergy of other organized religions whose employment is the paid ministry to their flock. Mormons threaten their jobs; the mormons have no paid ministry; it is all part of our "callings" to do the Lord's work. The 40,000 young men and women who leave MTC in Provo, and other training centers, each graduation to scatter to every country in the world, have earned their *own* money to support themselves on their two year missions. these young men and women return with unbelievably positive attitudes and the satisfaction they earned the money themselves --which took planning and perseverance. Dimitri, try reading a balanced analysis of the LDS faith, the teachings, and their accomplishments before you jump off and prove your ignorance and bigotry... it will not harm you, and you might be surprised at what you learn, particularly "forgiving those who trespass against us." -no retaliation. remember, all members are missionaries in a way; noone will *ask* you to join. all we do is offer you the opportunity to *investigate* our beliefs and our community. After *you* study the materials and ask questions, it is up to you to get on your knees and ask the Lord if you should join. We neither ask nor tell you you will die an agonizing death, again and again in eternity, if you do not join. everyone is there own free agent, and we can not influence your "free agency" --we will not pursue you if your prayers are not answered; but we will still be you friend, and our offer to participate in our services and our activities is still extended. For instance, I will never attack you with hate speech, and even my sarcasm is questionable, despite the fun a good play on words provides; you could probably snitch me off to my bishop and I would likely face a church council. As a high priest, that is a serious matter. something else you probably do not know: we NEVER pass the plate at any service. tithing is a private matter. -- "I don't make jokes. I just watch the government and report the facts." --Will Rogers From ses at tipper.oit.unc.edu Fri Oct 4 04:57:49 1996 From: ses at tipper.oit.unc.edu (Simon Spero) Date: Fri, 4 Oct 1996 19:57:49 +0800 Subject: Did Sun get a sweetheart deal? In-Reply-To: <199610040109.SAA23900@slack.lne.com> Message-ID: On Thu, 3 Oct 1996, Eric Murray wrote: > In addition, I had lunch today with the people I used to work > with/for at Sun, who're probably the most likely to be asked to implement > such a thing. They haven't heard anything about it and were quite dismayed > at the whole idea. I'd love to know what John Gage says about this, since in the past I believe he's used been "Over My Dead Body" on GAK. Simon --- Cause maybe (maybe) | In my mind I'm going to Carolina you're gonna be the one that saves me | - back in Chapel Hill May 16th. And after all | Email address remains unchanged You're my firewall - | ........First in Usenet......... From geeman at best.com Fri Oct 4 04:58:22 1996 From: geeman at best.com (geeman at best.com) Date: Fri, 4 Oct 1996 19:58:22 +0800 Subject: DESCrack keyspace partitioning Message-ID: <01BBB163.FC317940@geeman.vip.best.com> What about the heuristics of partitioning the keyspace? Seems to me that a _subset_ of all possible keys is much more likely to appear than a random selection from an equidistributed population 0..2^56. (P)RNG's just aren't that likely to produce a key of 010101010..... nor 001100110011... etc etc and I have been thinking about how one might formalize and exploit this randomness property to increase the probability of finding the key sooner. So a keysearch strategy should be something other than a partitioning of 2^26 into N bins with a linear search within each bin. I realize that it is POSSIBLE that a key of 1010101010... was used, (excluding weak keys from consideration) ---- but I have seen "certifiable" RNG's and, God Bless 'em, they just dont ever produce anything with any predictability. Is not the lack of predictability a predictable, and therefore exploitable, attribute? Any thoughts here? ---------- From dlv at bwalk.dm.com Fri Oct 4 05:01:50 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 4 Oct 1996 20:01:50 +0800 Subject: "Mormon Asshole?" re: GAK In-Reply-To: <199610031843.MAA10736@infowest.com> Message-ID: attila writes: > "The only natural criminal class in America, the U.S. Congress" > --Mark Twain Mark Twain had some very negative things to say about your criminal cult. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From Adamsc at io-online.com Fri Oct 4 05:03:52 1996 From: Adamsc at io-online.com (Adamsc) Date: Fri, 4 Oct 1996 20:03:52 +0800 Subject: ADJ_ust Message-ID: <19961004020539265.AAD223@GIGANTE> On Tue, 1 Oct 1996 10:26:12 -0800, Timothy C. May wrote: >Personally, I think there's a lot of hype about this whole "infowar" thing. >Sure, security measures and vulnerabilities always need to be looked at, >but a lot of the rhetoric is being driven by journalists looking for lead >stories. This is certainly the case with 99% of the computer industry press! I certainly have no problem believing that a group of well-supplied professionals could, with enough time and [political] support, take down a single target. For instance, if the CIA,FBI and NSA wanted to hose the 1st Bank of China, I have a feeling that they would - eventually. I have strong doubts that someone would come up with a non-nuke that could destroy stuff indiscriminately within a useably large area. # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From Adamsc at io-online.com Fri Oct 4 05:07:39 1996 From: Adamsc at io-online.com (Adamsc) Date: Fri, 4 Oct 1996 20:07:39 +0800 Subject: White House crypto proposal -- too little, too late Message-ID: <19961004020539265.AAG223@GIGANTE> On Tue, 1 Oct 1996 20:50:17 -0700, John Anonymous MacDonald wrote: >> "What?" I asked. "Unless you're talking about import restrictions." >> >> "Exactly," he said. >> >> -Declan > >I don't doubt that they can do this if they really want to, but I >wonder what legal basis they will use for import restrictions. > >Are there any current import restrictions for products on can legally >manufacture, sell, and use in the United States? > >Thanks. They could easily levy a $1*10^99 tariff per byte. That might have the same effect... # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From jimbell at pacifier.com Fri Oct 4 05:11:28 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 4 Oct 1996 20:11:28 +0800 Subject: [NOISE] ITAR Satellite Message-ID: <199610040209.TAA03849@mail.pacifier.com> At 06:46 PM 10/3/96 -0400, David Lesher wrote: >Michael Froomkin - U.Miami School of Law sez: >> >> Alas, a common fallacy. >> >> You have committed a prohibited export when the stuff lands outside the >> USA....It's not illegal when it goes up ("by reason of the launching" and, >> e.g. *stays up* in orbit) but it is illegal when it comes down abroad. >> > >"I just shoots them, who CARES where they come down? >It's not my department, said Werner Von Braun...." No... not exactly. "Vhen the rockets go up... who cares vhere they come down... That's not my department... says Werner Von Braun." Tom Lehrer. 1965. "That was the year that Was." Jim Bell jimbell at pacifier.com From Adamsc at io-online.com Fri Oct 4 05:12:45 1996 From: Adamsc at io-online.com (Adamsc) Date: Fri, 4 Oct 1996 20:12:45 +0800 Subject: Clipper III on the table Message-ID: <19961004020539265.AAF223@GIGANTE> On Tue, 1 Oct 1996 19:34:23 -0800, Timothy C. May wrote: >As for IBM's involvement, they've played around with the NSA for decades. >Nothing new there. Fortunately, today they're just a marginal player. This is a very dangerous statement to make. IBM is nowhere near as powerful as they were, but they're still very solidly entrenched in the business world*. Money is what will ultimately decide this issue - if Bill Clinton's VISA was abused after a hacker sniffed a network transaction ITAR would be dead within seconds! * - people have said that OS/2 is dead. Well it turns out that IBM is making several *BILLION* in sales every year on it from their business deals. According to figures I've seen, they have a high percentage of the F500 market. # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From dthorn at gte.net Fri Oct 4 05:14:36 1996 From: dthorn at gte.net (Dale Thorn) Date: Fri, 4 Oct 1996 20:14:36 +0800 Subject: Conspiracy Stuff: Ron Brown's death and Crypto ... In-Reply-To: <199610030600.XAA20074@krypton.chromatic.com> Message-ID: <3254A3E8.2DFC@gte.net> Ernest Hua wrote: > Too much fun for the conspiracy buffs ... > Did Ron Brown's plane really fly off course due to pilot error? > No, don't even bother replying to me on this matter. I'm just > up too late, and I tossing this one out there on a whim ... Sorry, but you asked. Brown's plane was deliberately guided into a mountain by a different tower signal than was guiding it in mid-flight. Someone had the real tower kill or redirect their signal so the second tower or whatever could switch in. I thought everyone knew that. Bear in mind, when you first go to work for a U.S. intel agency, the first thing they teach you is "there are no coincidences" (of any real significance). And how fortunate for Mr. Eisner and his hundreds of millions in personal income per year that Frank Wells (Mr. Disney's protege) expired in that helicopter(?) crash a couple years ago. From Adamsc at io-online.com Fri Oct 4 05:27:11 1996 From: Adamsc at io-online.com (Adamsc) Date: Fri, 4 Oct 1996 20:27:11 +0800 Subject: White House crypto proposal -- too little, too late Message-ID: <19961004020539265.AAI223@GIGANTE> On Wed, 2 Oct 1996 10:27:46 -0700 (PDT), Joe Shea wrote: > You just managed to justify your own censorship of the list, >Declan. Talk about clueless! How'd that old line go about cooking implements and carbon deposits? As has often been enumerated on the list: If someone wishes to say something - anything - to a group of like-minded people, that is his choice. If they choose not to listen, that is their choice. If declan chooses not to forward mail to a list he moderates, it's his choice. He doesn't force anyone to read that list. He certainly doesn't force them to avoid any other lists. If they don't like his list or disagree with his views they can show their disapproval by going elsewhere (seealso: Free Market) Consider your argument in a different light: Do you complain that Rush Limbaugh never lets the head of N.O.W. or Bill Clinton do a show? # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From aaron at burn.ucsd.edu Fri Oct 4 05:27:30 1996 From: aaron at burn.ucsd.edu (Aaron) Date: Fri, 4 Oct 1996 20:27:30 +0800 Subject: Uruguayan 'pirate' radio seized Message-ID: I thought that I had sent this out already to my various private lists, but it appears that I haven't. From my perspective of involvement in Free Radio and support for armed struggle, I consider it important. Feel free to redistribute this. If you can improve the translation, or find additional information, please send me a copy. --Aaron The Spanish original follows my translation. La Jornada (Mexico), 23 September 1996 Uruguayan pirate radio equipment seized; transmitted EZLN messages. Ap y Dpa, Montevideo, 22 de septiembre. Uruguayan military intelligence services confiscated the transmission equipment of a clandestine radio station that broadcast messages of Mexico's EZLN, according to the Defense Minister, Ra�l Iturria. He speculated that it could have involved the promotion of collective armed uprisings, and possible terrorist acts. According to a report in the Uruguayan periodical El Pa�s, the raid on the broadcaster 'La Intrusa', located in the Montevideo suburban barrio of La Teja, allowed the discovery of "subversive plans" and radio messages sent from the Lacandon jungle and from Nicaragua, although not 'codified' by the military intelligence services. [Can any Spanish speakers clarify the last clause? See original below.--Aaron] The Nicaraguan instructional materials contained formulas, systems of putting together explosives, and some suggestions for illegally obtaining the various materials necessery for the armaments to reach their maximum potency. The instructions were put to music, with Central American rhythm, explaining directly and even joyfully the means of equipping any group. In the international communications broadcast by the pirate radio, reporters, presumably Uruguayan, reported from the Mexican jungle "whole chapters of tactics useful for confronting the enemy", and these made reference to impending contact with unidentified inserrectional forces of Chile, according to the newspaper. According to a Uruguayan broadcast official, the police operation also allowed the seizure of propaganda material and materials for making molotov cocktails that were used by members of the pirate radio station against patrol vehicles in their area of operation. ******************************************* La Jornada 23 de septiembre de 1996 Confiscaron en Uruguay equipo de radio que difund�a mensajes del EZLN. Ap y Dpa, Montevideo, 22 de septiembre. Los servicios de inteligencia militar de Uruguay confiscaron los equipos de transmisi�n de una estaci�n de radio clandestina que difund�a mensajes del movimiento rebelde Ej�rcito Zapatista de Liberaci�n Nacional, de M�xico, inform� hoy el ministro de Defensa, Ra�l Iturria, quien especul� que podr�a tratarse de la promoci�n de alzamientos armados colectivos, y eventuales acciones terroristas. De acuerdo con informaci�n del peri�dico matutino uruguayo El Pa�s, el allanamiento a la radiodifusora La Intrusa, ubicada en el barrio suburbano La Teja, de Montevideo, permiti� descubrir ``planes subversivos'' y mensajes radiales enviados desde la Selva Lacandona y de Nicaragua, a�n no codificados por los servicios de inteligencia militar. El material instructivo nigarag�ense conten�a f�rmulas, sistemas de ensamblado para explosivos y algunas sugerencias para la obtenci�n ilegal de los distintos materiales necesarios para que el armamento alcanzara su m�xima potencia. Las indicaciones eran musicalizadas, con ritmo centroamericano, dijo, al explicar directa y hasta alegremente el modo de pertrechar a cualuqier grupo. En las comunicaciones internacionales difundidas por la radioemisora pirata, reporteros, presumiblemente uruguayos, informaban desde la selva mexicana ``cap�tulos enteros de t�cticas ejecutables para enfrentar al enemigo'', y en ellos se hac�a referencia a un pr�ximo contacto con fuerzas insurrectas de Chile a�n no identificadas, precis� el diario. As�, el operativo policial permiti� incautar, adem�s, material de propaganda y elementos para la fabricaci�n de cocteles molotov que, seg�n dijo el director nacional de Comunicaciones de Uruguay, Ernesto Dhel, eran utilizados por los miembros de la radioemisora ilegal, contra los veh�culos de patrullaje instalados en su �rea de acci�n. From attila at primenet.com Fri Oct 4 05:31:08 1996 From: attila at primenet.com (attila) Date: Fri, 4 Oct 1996 20:31:08 +0800 Subject: [FUN/GAMES] re: airhead In-Reply-To: Message-ID: <199610040731.BAA29702@infowest.com> "Deana Holmes" writes: .Sheesh. .You know you're doing good when both Dmitri Vulis and Attila both badmouth .you. (For the record, Attila's badmouthing consisted of stating via private .email that I was "the same air head pseudo-intellectual who has poisoned .her own life with hatred and ignorance in so many other venues.") . .Some people are just terribly threatened, I guess. . threatened by an airhead?!? ROTFL ...reminds me of the man driving in the country with his blond bimbo, when they crest a hill and see YABB in the middle of a grazing field rowing a boat, ...absolutely oblivious to all else. our fearless BB demands her date stop as they pull abreast of the scene; our BB nimbly jumps from the car, runs to the fence line, and commences screaming at the YABB who is still rowing away with all her heart. BB, returning to the car, is asked by her date what she was screaming at YABB. "Oh," BB said, "I was sooo mad! I told her she was a disgrace to all blonde [bimbos]; ...and that if I could only swim, I would come out there and thrash her..." Go on home, Deana; you have been in one more than too many intellectual arguments with only one oar and half the deck. --attila 04 10 96 : 06 20 15 UT -- "Why should I go the circus? Congress is in session." --Will Rogers From Adamsc at io-online.com Fri Oct 4 05:33:29 1996 From: Adamsc at io-online.com (Adamsc) Date: Fri, 4 Oct 1996 20:33:29 +0800 Subject: Export laws don't just affect crypto Message-ID: <19961004020539265.AAA223@GIGANTE> On Tue, 1 Oct 1996 00:05:16 -0700 (PDT), Lucky Green wrote: >The recent posts about GPS made me research the state of the art of GPS >receivers. Seems they are getting pretty good. Two pounds, sub-meter >accuracy, attitude determination, all at altitudes up to 60,000 feet and >speeds up to 1,000 nmph. But what really caught my eye was the fine print >at the bottom of the spec sheet: > >"Higher altitude and velocities up to 25,000 nautical miles-per-hour >options are available in the U.S." > >I gather from this that as long as you are in the US, you are welcome to >use this technology for applications that require larger than 1,000 nmph >speeds. > >Seems the software industry is not the only industry that's suffering >from silly export control laws. Possibly - certainly there are plenty of legislators who'd do it. I'd heard, however, that the precision of your signal could be increased by getting a fix on more than 3 satellites at a time - and that the GPS network had been designed to 'blanket' the Northern Hemisphere. # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From Adamsc at io-online.com Fri Oct 4 05:35:31 1996 From: Adamsc at io-online.com (Adamsc) Date: Fri, 4 Oct 1996 20:35:31 +0800 Subject: How might new GAK be enforced? Message-ID: <19961004020539265.AAH223@GIGANTE> On Tue, 1 Oct 1996 20:55:40 -0800, Timothy C. May wrote: >And just what would you call PGP? >Long before the MIT deal, people in the U.S. were using their "OK in >America" (not counting RSADSI's issues) software to communicate with >"illegally exported" copies in foreign lands. Just informally, how many of the people on this list do you think have bypassed any cooperation with the USG on general principles and are using International PGP? ("Well this one uses non-banned math") Unfortunately, we've already demonstrated that hackers (real ones) and/or cpunks will use Underground Crypto. What's missing is evidence that business (and thus Joe Sixpack - either directly or indirectly) will. # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From majordomo at dws008.ako.dec.com Fri Oct 4 05:43:42 1996 From: majordomo at dws008.ako.dec.com (majordomo at dws008.ako.dec.com) Date: Fri, 4 Oct 1996 20:43:42 +0800 Subject: Majordomo results: mailto:pr-news@pa.dec.com Message-ID: <9610040303.AA08635@dws008.ako.dec.com> -- >>>> What is DEC's official position regarding the new Clipper III proposal? **** @_ **** No valid commands found. **** Commands must be in message BODY, not in HEADER. **** Help for majordomo at dws008.ako.dec.com: This is Brent Chapman's "Majordomo" mailing list manager, version 1.93. In the description below items contained in []'s are optional. When providing the item, do not include the []'s around it. It understands the following commands: subscribe [

] Subscribe yourself (or

if specified) to the named . unsubscribe [

] Unsubscribe yourself (or

if specified) from the named . get Get a file related to . index Return an index of files you can "get" for . which [

] Find out which lists you (or

if specified) are on. who Find out who is on the named . info Retrieve the general introductory information for the named . lists Show the lists served by this Majordomo server. help Retrieve this message. end Stop processing commands (useful if your mailer adds a signature). Commands should be sent in the body of an email message to "majordomo at dws008.ako.dec.com". Commands in the "Subject:" line NOT processed. If you have any questions or problems, please contact "majordomo-Owner at dws008.ako.dec.com". From azur at netcom.com Fri Oct 4 05:49:03 1996 From: azur at netcom.com (Steve Schear) Date: Fri, 4 Oct 1996 20:49:03 +0800 Subject: The Right to Keep and Bear Crypto Message-ID: >No. And No. This argument will never fly in any court. > >If you want to see why, go to my homepage > >http://www.law.miami.edu/~froomkin > Thanks, the material was indeed informative. Some great work! However, I found much disturbing. The inference that the Exec branch could on the one hand classify crypto as a munition ('arms' by any other name), while for constitutional purposes the Courts may not exposes a deep-seated legal duplicity. Constitutional interpretations over the past century not withstanding, it is clear (to me) that a substantial number of the Framers would abhor what has become of the Second Amendment's ... right to keep and bear arms. One of the primary reasons put forth by the Framers for such a right was in order to resist the an oppressive state. The strongest reason for the people to retain the right to keep and bear arms is, as a last resort, to protect themselves against tyranny in government. --Thomas Jefferson When firearms go, all goes. We need them every hour. --George Washington It is ludacrous to expect citizens armed with no more than side arms, bolt-actions and shot guns to resist the actions of a modern military or law enforcement which citizens may find in violation of their inaliable natural rights (whether mistaken or not). In my opinion, all citizens should be be able to keep and bear any arms (without registration) which the state might use against them. To do so now is a criminal action. So be it. Unfortunately, it is common for groups especially governmental to be come statist, mean spirited and eventually malevolent. I hope jim bell or his ilk are soon successful at putting up functional, anonymous and active AP sites. I can't wait to wager! -- Steve From Adamsc at io-online.com Fri Oct 4 05:58:01 1996 From: Adamsc at io-online.com (Adamsc) Date: Fri, 4 Oct 1996 20:58:01 +0800 Subject: ITAR satellite provision Message-ID: <19961004020539265.AAJ223@GIGANTE> On Wed, 02 Oct 1996 09:28:22 -0800, jim bell wrote: >> "Export means, for purposes of this subchapter: >[snip] >>* A launch vehicle or payload shall not, by reason of the launching >>* of such vehicle, be considered an export for purposes of this >>* subchapter. Most of the requirements of this subchapter relate >> only to exports, as defined above. However, for certain limited >> purposes, the controls of this subchapter apply to sales and other >> transfers of defense articles and defense services (see, e.g., Sec. >> 126.1) of this subchapter." > > >Okay, everybody, call Estes! We've got some crypto to export...er...launch! For some reason I'm getting a very comical picture here of a Crypto-CD inside one of those cylindrical oatmeal boxes with about 50 F model-rocket engines strapped to it.... Now, if you could just hit Airforce 1 on the way over - call it sending a message. # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From shamrock at netcom.com Fri Oct 4 06:03:55 1996 From: shamrock at netcom.com (Lucky Green) Date: Fri, 4 Oct 1996 21:03:55 +0800 Subject: Did Sun get a sweetheart deal? In-Reply-To: <199610040001.RAA15595@ohio.chromatic.com> Message-ID: On Thu, 3 Oct 1996, Ernest Hua wrote: > Sun Microsystems Inc. said Wednesday it received two contracts from > NASA's Goddard Space Flight Center worth a total of $100 million. The > Mountain View-based company said the pact calls for software > development and the design about 34,000 computer-aided engineering > and design workstations. NASA will use the workstations to design > integrated circuits. 34,000 Sun workstations? If any of the software designers from Sun are reading this, I would like to make a suggestion as to the screensaver that will ship with every workstation. --Lucky From jimbell at pacifier.com Fri Oct 4 06:33:39 1996 From: jimbell at pacifier.com (jim bell) Date: Fri, 4 Oct 1996 21:33:39 +0800 Subject: "Macintosh -- the Surveillance System for the Rest of Us Message-ID: <199610040340.UAA09668@mail.pacifier.com> At 08:48 PM 10/3/96 -0400, Robert Hettinga wrote: >At 7:13 pm -0400 10/3/96, Timothy C. May wrote: >> "Macintosh, the Surveillance System for the Rest of Us." >> >> (Why Apple would go along with this, while Microsoft and Netscape are >> apparently not playing ball, is incomprehensible to me. Apple risks >> alienating its remaining core user base, who often characterize Microsoft >> as "the Borg." So, Apple capitulates, while MS does not. I guess the >> "Macintosh Crypto Forum" didn't do a lot of good, did it?) > >Ouch. > >My first reaction to the above was to say, "Oh, Yeah??? Well, you're ugly, >buddy, and your mother dresses you funny, too!" But, I won't upset the >decorum of so august a forum with such eggregious classlessness. Not here >on cypherpunks. :-). > > >If one were to be completely uncharitable in the interpretation of Tim's >most recent outbreak of vitriol here, it would seem that he's offended that >he wasn't asked first to be the keynote at MacCrypto, the conference a >bunch of us had at Apple a month ago, which, I might add, was a >considerable success. I know what probably happened. A new high-level manager at Apple picked up some old dusty videotape off the shelf, labelled "Super Bowl 1984", played it and said, "Yah know, that guy on the screen was making a hell of a lot of sense until that trouble-makin' bitch smashed it!" Jim Bell jimbell at pacifier.com From whgiii at amaranth.com Fri Oct 4 07:10:46 1996 From: whgiii at amaranth.com (William H. Geiger III) Date: Fri, 4 Oct 1996 22:10:46 +0800 Subject: gack vs. key escrow vs. key recovery In-Reply-To: <199610040033.RAA18660@netcom19.netcom.com> Message-ID: <199610041141.GAA15744@mailhub.amaranth.com> In <199610040033.RAA18660 at netcom19.netcom.com>, on 10/03/96 at 05:33 PM, "Vladimir Z. Nuri" said: >regarding (2): the government may actually help bring crypto >to the masses via the post office and other routes. are >cpunks going to continue to hold the simplistic, reactionary, >knee-jerk, black-and-white opinion that "anything with the >word 'government' in it is evil"? "if the government is doing >something, then we must sabotage it"? Hmmmm.... It seems that your are not familiar with the fact that a false sense of security is WORSE than no security at all. This is exactly what this type of "crypto" provides: a FALSE sense of security. The masses are much better off with out any crypto that some sudo-crypto provided by the government. Atleast when you send messages in the clear the user knows that it is open for everyone to read and not to send sensitive info. >I'll be watching the debate closely, as the true extremists >incapable of compromise (and thereby living in a fantasy world) >show their colors.... another simpleton. Why is it whenever anyone stands up against the "powers that be" to defend their rights and the Consitution they are branded as "extreamist". Just which Article of the Bill of Rights should we "compromise" on next? It is obvious you have no respect for the 1st, 4th & 5th admendments or a clue as to what they stand for or how they relate to this issue. -- ----------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting WebExplorer & Java Enhanced!!! Cooking With Warp 4.0 Author of PGPMR2 - PGP Front End for MR/2 Ice Look for MR/2 Tips & Rexx Scripts Get Work Place Shell for Windows!! PGP & MR/2 the only way for secure e-mail. Finger whgiii at amaranth.com for PGP Key and other info ----------------------------------------------------------- From deviant at pooh-corner.com Fri Oct 4 07:18:28 1996 From: deviant at pooh-corner.com (The Deviant) Date: Fri, 4 Oct 1996 22:18:28 +0800 Subject: boycott GAKkers (was Re: NYT on IBM GAK) In-Reply-To: Message-ID: On Thu, 3 Oct 1996, Mark M. wrote: > Date: Thu, 3 Oct 1996 20:39:58 -0400 (EDT) > From: "Mark M." > To: cypherpunks at toad.com, Adam Back > Subject: Re: boycott GAKkers (was Re: NYT on IBM GAK) > > -----BEGIN PGP SIGNED MESSAGE----- > > On Thu, 3 Oct 1996, Adam Back wrote: > > > (I've seen HP, Sun, RSADSI, TIS, Apple, Atalla, DEC, Groupe Bull, IBM, > > NCR Corp., and UPS mentioned). Any confirmations? Denials? > > IBM and TIS are definitely pro-GAK. TIS is selling a firewall that uses > GAKked DES. IBM has been working on developing the "key recovery" technology. > The article posted here a while ago that told of IBM's plans to support GAK > also said that they were planning to license the technology to Sun and > Netscape. I don't know about the accuracy of that last statement. > > Mark > - -- So really, what it boils down to is that the masses (thats us) have o crack DES before GAK is imposed. --Deviant "The C Programming Language -- A language which combines the flexibility of assembly language with the power of assembly language." From declan at eff.org Fri Oct 4 07:24:12 1996 From: declan at eff.org (Declan McCullagh) Date: Fri, 4 Oct 1996 22:24:12 +0800 Subject: Key recovery/RSA/Bidzos/WTF?!? In-Reply-To: <199610031655.JAA18003@animal.blarg.net> Message-ID: PC World (at www.pcworld.com) has a radio interview with Bidzos, I'm told, probably in the same story for which they interviewed me. -Declan On Thu, 3 Oct 1996, Walt Armour wrote: > What's up with some of these press releases? > > Can anyone clear up the confusion with RSA/Bidzos/Key recovery? > > Here are some quotes: > > ================= > > >From NYT:CyberTimes (2 Oct) > "Clinton Encryption Plan Is Generating Resistance" > > Executives of the International Business Machines Corp. said > late Tuesday that they were still lining up the final list of > companies in the alliance. Those involved will include Digital > Equipment and smaller data-security companies including RSA > Data, Cylink and Trusted Information Systems. > > ================= > > >From NYT:CyberTimes (2 Oct) > "Clinton Encryption Plan Is Generating Resistance" > > "The government announcement is disastrous," said Jim Bidzos, > chief executive of RSA Data Security, one of the country's > leading developers of data-scrambling software. "We warned IBM > that the National Security Agency would try to twist their > technology." > > ================= > > >From BusinessWire (2 Oct) > "JOINT PRESS ANNOUNCEMENT/ HIGH-TECH LEADERS JOIN FORCES TO > ENABLE INTERNATIONAL STRONG ENCRYPTION" > > "Export controls are a fact of life," said Jim Bidzos, president > of RSA Data Security. "The key recovery alliance's approach will > allow companies to use cryptography with differing levels of > security in an interoperable way. When the alliance implements > this technology it will give the user a new level of flexibility > that did not exist before. In an imperfect world this technique > will at least allow you to take advantage of what governments > around the world will allow." > > ================= > > So is RSA part of this or not? > Is the middle quote above mis-attributed? > > walt > // declan at eff.org // I do not represent the EFF // declan at well.com // From Adamsc at io-online.com Fri Oct 4 07:40:32 1996 From: Adamsc at io-online.com (Adamsc) Date: Fri, 4 Oct 1996 22:40:32 +0800 Subject: Can we kill single DES? Message-ID: <19961004020539265.AAB223@GIGANTE> On Tue, 1 Oct 1996 16:27:18 -6, Peter Trei wrote: >1. Is this a good idea? What will happen if DES becomes perceived > as insecure? That's Declan's department (and other non-clueless journalists - declan is just the most visible). If it get's widespread and the target is something like Digicash, it'd get picked up by the Crime/Snoozeweek crowd. >2. What is the probability of success required to make it worth doing? Judging by the people on the list, about 50%.... >3. What would be the consequences of failure? Depends on the type of failure - ranging from dreadful to minor. >4. What other platforms than NT/Win95/Pentium should be considered? > I could write a Unix demon version, but unless it's tailored for the > cpu, a lot of efficency is lost > (The aggregate number of idle cycles available for testing is the > crucial number). A Linux port (Pentium) would be *very* good - lots of Linux people tend to by pro-cpunk. Ditto for OS/2. And who knows, if you hyped the business aspects enough you might even find IBM or some other large corp willing to donate some time on large system. >5. What's a good target? Ideally, we need a plaintext/ciphertext pair, ecash, ecash, ecash! Given all the attention anything that 'will give your VISA number to evil hackers' gets, this is an important target. It's serious and newsworthy. >6. What other incentives can be used to recruit machines? Maybe give away a Pentium to the person who finds it? (Assuming donations from list members, of course) # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From Adamsc at io-online.com Fri Oct 4 07:49:37 1996 From: Adamsc at io-online.com (Adamsc) Date: Fri, 4 Oct 1996 22:49:37 +0800 Subject: Can we kill single DES? Message-ID: <19961004020539265.AAE223@GIGANTE> On Tue, 01 Oct 1996 19:01:08 -0800, jim bell wrote: >Maybe Microsoft would be willing to help? After all, it is THEY who are >going to be limited to DES-strength exports if things continue as they've >been going. How about Intel? Netscape would be a great choice as well - the Internet security market is *very* important. Microsoft has publically said that their cash flow model will work if they make NOTHING off of internet software of any sort. Compare this with the fortunes being spent on "Netscape Enterprise Server" or the like. They could issue press releases talking about how they have the software to keep your VISA secure but the USG isn't allowing them to use it! Microsoft would probably do anything the USG asked if, say, immunity from the DOJ was granted under the table. NTT is also a great choice, as you mentioned above. IBM, Sun, DG, Cray (a Silicon Graphics subsidiary?), etc. might go for some free publicity - I've seen a LOT of press releases out of IBM that talk about "blue-sky" research being done. Given that IBM lives because of big business, they also have a demonstratable interest. I'm sure they'd love to be able to advertise that the data you trust to DB2 (for instance) is entirely secure. The same argument works for DG. Also, IBM has a lot invested in chip fabrication facilities - there's got to be some extra capacity there! Sun has always seemed to be big on tech-demo type things. Cray - well that's obvious. The supercomputer market is heading toward massive parallelism. Leaching time looks interesting! # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From dthorn at gte.net Fri Oct 4 08:32:01 1996 From: dthorn at gte.net (Dale Thorn) Date: Fri, 4 Oct 1996 23:32:01 +0800 Subject: Utah as a Religious Police State [RANT] In-Reply-To: <199610021832.MAA17915@mail.xmission.com> Message-ID: <3254976E.7F3@gte.net> Deana Holmes wrote: > On 2 Oct 96 at 8:47, John C. Randolph wrote: > > Moroni says: > > >I never cease to be surprised by the interest that gentiles show > > >in working mormon communities while totally neglecting their own > > >failing areas. > > I don't do a lot of nit-picking on this mailing list, but: > > I am a Jew. *You* are a gentile. So are all the rest of the mormons. > > Get this point straight. > Uh, in Utah, Jews are Gentiles. No lie. I hope I can add something useful to this: There are quite a few religious groups which claim Zionist spinoff beliefs. Rastafarians (spelling OK?), Mormons, Jews, Christians, and probably a host of others. Some of these groups specifically exclude others who make similar claims. There is good evidence that the Jews, to name one example, did not originally (whenever that was) make claim to being a Chosen People, etc., but added it later. Certainly Mormons and other Christians "added it later", no question about that. St. Paul in the Christian "new testament" makes it quite clear that, at least from his time onward, the value of being a Jew is in the spirit, not in the flesh. Deep stuff, indeed. Then there's the question of how one obtains the "right to exist" as an ethnic identity, hopefully without having to exterminate someone else. I for one was raised in a very conservative Christian culture, and we were taught that God "gave" Canaan (later Israel) to the Israelis, when it was already occupied. Refer to Dick Gregory's comments about Columbus "discovering" America, and how he should be able to go downtown and "discover" himself a Cadillac. BTW, in a review of HP products I once read (they made the first personal computers, circa 1966 I believe), it said that HP people, in their main plants in Corvallis OR and Ft. Collins CO, had a really great "work ethic", and that they were almost all Mormons and "born again" Christians. That probably says more about homogenous culture than about any particular culture, I would guess. Bottom line for me is, I sincerely appreciate a lot of the good values some of these religions bring to their followers, but let's be serious, if any of these groups get too much power, look the *hell* out! P.S. I cringe every time I hear one of the CNN bozos pronounce Israel as in real estate, or get real. I think they all have to attend the Rick Dees school of broadcasting, so it's a standard, like GAK or something is going to be the standard. From shamrock at netcom.com Fri Oct 4 08:33:33 1996 From: shamrock at netcom.com (Lucky Green) Date: Fri, 4 Oct 1996 23:33:33 +0800 Subject: gack vs. key escrow vs. key recovery In-Reply-To: <199610040033.RAA18660@netcom19.netcom.com> Message-ID: On Thu, 3 Oct 1996, Vladimir Z. Nuri wrote: > what is the precise difference between gack, key escrow, and > key recovery? TCM has argued that the administration is muddying > the issue by manipulating the terminology. I don't know if Tim said that as well, but I certainly did. The government's move is ingenious. By appropriating the term "key recovery" for GAK, the government made it almost impossible to discern between key recovery as required in many commercial environments and GAK as required by an Orvelian surveillance state. > perhaps so, but I feel > that cpunks are equally guilty, by branding anything that emanates > out of the government as inherently orwellian. do you always have > to have an enemy? is the government always going to be your > enemy, no matter what they do? Yes. What is good for the government and what is good for the people will always be opposite. > I have posted here before that many companies find the concept > of "key recovery" highly acceptable and even desirable. the > basic question is, what does this mean to wiretapping and > search warrants and subpoenas? I agree that true key recovery for the corporate environment is often desirable. I do not believe that it will ever have to include an outside 'escow" agent. > it is clear we are coming to a fork in the road at this moment. > there are going to be two types of cpunk opinions based on recent > developments. > > 1. those who feel that wiretapping was illegitimate from the > start and are working to make wiretapping impossible. confronted > with a legal search warrant/subpoena etc. for personal data, > they would not hand over keys. they would "superencrypt" in > systems that do etc. That's me. [opposing view elided for brevity only] > those who continue to pursue (1) are going to be perceived as > more and more radical and extremist, because arguably it is not > even a system we have today or one that was ever devised. > remember, the constution guarantees > freedom from *unreasonable* search and seizure, but never > prohibited search and seizure in the first place!! apparently > at least our found fathers believed that "reasonable" search > and seizure was a wholly legitimate function of government, > based on this wording. The problem is that what the Funding Fathers considered "reasonable" and what today's courts consider reasonable have *nothing* in common. [...] > I'll be watching the debate closely, as the true extremists > incapable of compromise (and thereby living in a fantasy world) > show their colors.... Those who believe that the infringements on our rights can continue for all times with impunity are living in a fantasy world. While I am a peaceful, non-violent person, an ever increasing number of others feel differently. If the government continues on the course they are on - and requiring (never mind the 'voluntary') GAK is doing just that - there will be those who will feel that armed resistance is the only option left. I will try everything in my power to not let it come to that. Therefore I must oppose GAK. --Lucky From dlv at bwalk.dm.com Fri Oct 4 08:34:19 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 4 Oct 1996 23:34:19 +0800 Subject: Clipper III on the table In-Reply-To: <199610040321.WAA00736@manifold.algebra.com> Message-ID: ichudov at algebra.com (Igor Chudov @ home) writes: > Alan Olsen wrote: > > I think we should refer to what they are pushing as the "Key Recovery > > Alliance Program". K.R.A.P. is a good description as to what we are going > > to get from them. > > Key recovery is a great thing, as long as it is not mandated by > the government. Hear, hear. If I own a computer and some contractor is writing something on it for me, I should have the right to tell the contractor that I don't want, e.g., any unlicences software and any data encrypted so that I can't read it. Likewise the gubmint or a corporation bigger than mine is free to say that there should be no data on its computers or its contractors computers that they can't read. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From tcmay at got.net Fri Oct 4 08:37:19 1996 From: tcmay at got.net (Timothy C. May) Date: Fri, 4 Oct 1996 23:37:19 +0800 Subject: "Macintosh -- the Surveillance System for the Rest of Us In-Reply-To: Message-ID: At 8:48 PM -0400 10/3/96, Robert Hettinga wrote: >If one were to be completely uncharitable in the interpretation of Tim's >most recent outbreak of vitriol here, it would seem that he's offended that My comments here are not vitriolic, just factual. Clearly, while the "guerilla" crypto meeting was happening, the higher-ups were selling out their customers and going much further than they needed to in ensuring a Big Brother State. (BTW, in response to my "the surveillance system for the rest of us" comment, Andrew Loewenstern sent me a note in which he contrasted Apple's "1984" commercial with the current reality.) >he wasn't asked first to be the keynote at MacCrypto, the conference a >bunch of us had at Apple a month ago, which, I might add, was a >considerable success. This is the epitome of armchair psychoananalysis. How can you _possibly_ know what I thought about things? Jeez. >Of course, the real irony here is that Tim *was* the first person we asked >to keynote. The irony compounds itself slightly more when you consider the >*last* person who we asked, Phil Zimmermann, at the *last* possible minute, >graciously accepted our invitation and delivered his keynote speech to a >very enthusiastic crowd. Who cares? Such comparisons are odious. I responded to Vinnie, not to the "us" implied in "we asked," and the matter would've remained between Vinnie and me had he not shared our e-mail with you and had you not then gone into one of your "free association" rants. Recall that even Vinnie was highly critical of this performance. >Anyway, let us *be* charitable, and take Tim's apparent vituperation about >Apple's complete capitulation to government pressure, not to mention the >appalling failure of the MacCrypto conference to lob any clues over the >walls of Fortress Apple, entirely at their face value, shall we? > >Let's assume that he really *wasn't* trying to rattle the bars on the Mac >crypto community's collective cage, and that he actually was trying to >contribute something constructive to what appears to be a *truly* apalling >situation to anyone who wants strong crypto, and thus internet commerce, to >be transparent and easy to do on the Macintosh. The Mac crypto community's >cage is plenty rattled by the recent news from Washington, as it is. Fuck off, to be blunt. You've got to learn to start making actual points, and not trying to show your writing chops from the Hunter S. Thompson Correspondence School of Creative Writing. >Frankly, I'd rather see actual code being written than press releases, >wouldn't you, Tim? Fuck off. Back into my killfile you go. --Tim May "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM that the National Security Agency would try to twist their technology." [NYT, 1996-10-02] We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dlv at bwalk.dm.com Fri Oct 4 08:50:01 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Fri, 4 Oct 1996 23:50:01 +0800 Subject: [FACTS] Mountain Meadows Massacre In-Reply-To: <199610040022.SAA13554@mail.xmission.com> Message-ID: "Deana Holmes" writes: > On 3 Oct 96 at 14:42, Dr.Dimitri Vulis KOTM wrote: > > > "Deana Holmes" writes: > > > > > > > > > > > > > > No wonder the criminal cult doesn't want its foul deeds subjected to > > public scrutiny by "dead-agenting" its critics. Is Timmy May a > > paid cult apologist? > > Sheesh. > > You know you're doing good when both Dmitri Vulis and Attila both > badmouth you. Naw - you're not worth badmouthing - unless you're Timmy May's tentacle. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From snajdr at pvt.net Fri Oct 4 08:52:59 1996 From: snajdr at pvt.net (Petr Snajdr) Date: Fri, 4 Oct 1996 23:52:59 +0800 Subject: WINDOWS NT ???? In-Reply-To: <19961004024009156.AAA66@GIGANTE> Message-ID: <325488A8.4F27BCF7@pvt.net> pclow wrote: > > Adamsc wrote: > > > is Windows NT secured system ? > > NT? Secured? hahahahahahahahahahahahahahahahhahahahahahahaha 8-) How ? -- S pozdravem Petr Snajdr *--------------------------------------------------------------* | "640K should be enough for anybody." - Bill Gates | | | | "OS/2 is destined to be a very important piece of software. | | During the next 10 years, millions of programmers and users | | will utilize this system." - Bill Gates (Again) | *--------------------------------------------------------------* From gary at systemics.com Fri Oct 4 09:00:12 1996 From: gary at systemics.com (Gary Howland) Date: Sat, 5 Oct 1996 00:00:12 +0800 Subject: DESCrack keyspace partitioning In-Reply-To: <01BBB163.FC317940@geeman.vip.best.com> Message-ID: <325501C5.167EB0E7@systemics.com> geeman at best.com wrote: > > What about the heuristics of partitioning the keyspace? > > Seems to me that a _subset_ of all possible keys is much more likely > to appear than a random selection from an equidistributed population 0..2^56. > > (P)RNG's just aren't that likely to produce a key of 010101010..... > nor 001100110011... Why? They seem just as likely as any other sequence. etc etc and I have been thinking about how one might formalize > and exploit this randomness property to increase the probability of finding the key sooner. Again, which randomness property? Gary -- "Of course the US Constitution isn't perfect; but it's a lot better than what we have now." -- Unknown. pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From dlv at bwalk.dm.com Fri Oct 4 09:15:57 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 5 Oct 1996 00:15:57 +0800 Subject: Timmy May the buffoon In-Reply-To: <199610041200.OAA11852@basement.replay.com> Message-ID: I'm glad that you agreed with my assessment of Timmy May. >From remailer at flame.alias.net Fri Oct 4 08:00:56 1996 >Date: Fri, 4 Oct 1996 14:00:48 +0200 (MET DST) >Message-Id: <199610041200.OAA11852 at basement.replay.com> >To: dlv at bwalk.dm.com >From: nobody at flame.alias.net (Anonymous) >Organization: Flame International Inc. >Comments: Please report misuse of this automated remailing service to >Subject: your idea > > >>Tim is an ignorant asshole who knows nothing about cryptography and floods >>this mailing list with inane rants and personal attacks. I recommend that >>he be massively killfiled. > >Gosh, we have never heard this from you before! A new idea. > > From omega at bigeasy.com Fri Oct 4 09:16:42 1996 From: omega at bigeasy.com (Omegaman) Date: Sat, 5 Oct 1996 00:16:42 +0800 Subject: Jon Katz retracts...thanx Jon Message-ID: <199610041241.HAA27250@bigeasy.bigeasy.com> "And a final note, on another topic entirely. In Threads and in my recent columns, I've tried repeatedly to make the distinction between the original Cypherpunk mailing list - designed to ensure anonymous access to information on the Web and, in other contexts, a techno-anarchist movement - and the adolescent pinheads using the name Cypherpunk to successfully block open and free speech on The Netizen's public forums. They are not the same thing. The movement to protect anonymity is an important part of the Web and the Net. The use of the name to anonymously attack people is not an embodiment of that movement, but a perversion of it. I didn't make this distinction clear in my columns this week. Many thanks to the people who pointed it out." -------------------------------------------------------------- Omegaman PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2 59 0A 01 E3 AF 81 94 63 Send a message with the text "get key" in the "Subject:" field to get a copy of my public key. -------------------------------------------------------------- From stewarts at ix.netcom.com Fri Oct 4 09:29:33 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sat, 5 Oct 1996 00:29:33 +0800 Subject: The New GAK-Clipper Thing will Fail Message-ID: <199610041241.FAA12497@dfw-ix3.ix.netcom.com> At 03:07 PM 10/3/96 -0800, jim bell wrote: >The point, of course, is NOT to encourage these companies to support Clipper >IV. Rather, goal is to suggest to them a "poison pill" which would make >their cooperation meaningless in the end, while at the same time giving them >a 2-year free 56-bit export. Think of it as a monkey-wrench they can throw >into the works. A really _fine_ post! I'm also impressed by the way they announced it just _after_ Congress ended its session, while they're busy losing the export level in court. On the other hand, boycotts aren't particularly useful, when RSA (who is or is not joining the Bad Guys) owns half the public key patents and Cylink (who definitely is) owns the other half. If you're selling public key, you've got to pay the Bad Guys, until the DH patents expire in 97 (later for RSA.) Or you've got to buy from somebody who's paying the Bad Guys. And the Bad Guys Unindicted Co-Conspirators' announcements haven't even _mentioned_ permitting export of public key technology (since 56-bit RSA doesn't quite make it.) But they _could_ export Kerberos, with only minor hacks needed to implement Key Ripoff. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com America's Open Presidential Debate - Beyond Dole and Clinton! Tuesday, Oct. 8th 8:00 PM EDT From stewarts at ix.netcom.com Fri Oct 4 09:51:14 1996 From: stewarts at ix.netcom.com (Bill Stewart) Date: Sat, 5 Oct 1996 00:51:14 +0800 Subject: WINDOWS NT ???? Message-ID: <199610041241.FAA12482@dfw-ix3.ix.netcom.com> At 07:47 PM 10/3/96 +1030, you wrote: >hi, > is Windows NT secured system ? Windows NT 3.51 is a real operating system. It is not as secure as I would like, but it is much better than Windows 3.1, which was totally insecure. It has some good security techniques, but I don't know how secure the networking is, and networking is the big technical insecurity on most machines today. (Well, bad administration is the biggest insecurity on almost all machines for almost all time. And physical security is also big.) Windows 4.x moves the graphics/windowing system into Ring 0, where the "secure" parts of the kernel are. Bad. This means graphics bugs can make the kernel insecure or crash. I don't trust it, especially because Windows 3.1 crashes all the time for me, and stupid bugs make Windows 3.1 behave badly for me. So if they put the window system in the kernel, I don't trust it. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com America's Open Presidential Debate - Beyond Dole and Clinton! Tuesday, Oct. 8th 8:00 PM EDT From shamrock at netcom.com Fri Oct 4 09:52:36 1996 From: shamrock at netcom.com (Lucky Green) Date: Sat, 5 Oct 1996 00:52:36 +0800 Subject: ADJ_ust In-Reply-To: <19961004020539265.AAD223@GIGANTE> Message-ID: On Wed, 2 Oct 1996, Adamsc wrote: > I have strong > doubts that someone would come up with a non-nuke that could destroy stuff > indiscriminately within a useably large area. Fuel/air bombs. --Lucky From shamrock at netcom.com Fri Oct 4 10:08:44 1996 From: shamrock at netcom.com (Lucky Green) Date: Sat, 5 Oct 1996 01:08:44 +0800 Subject: Can we kill single DES? In-Reply-To: <19961004020539265.AAB223@GIGANTE> Message-ID: On Wed, 2 Oct 1996, Adamsc wrote: > On Tue, 1 Oct 1996 16:27:18 -6, Peter Trei wrote: > > >1. Is this a good idea? What will happen if DES becomes perceived > > as insecure? > > That's Declan's department (and other non-clueless journalists - declan is > just the most visible). If it get's widespread and the target is something > like Digicash, it'd get picked up by the Crime/Snoozeweek crowd. Sorry, not a chance. The symmetric cipher used in Ecash is 3DES. Since DigiCash has the good fortune to be located in The Netherlands, full strength crypto can be (and is) used in all their products. I would advise any company suffering from a loss of competitiveness due to US export regulations to do the logical thing and move their operation to a more suitable location. --Lucky From m5 at tivoli.com Fri Oct 4 10:25:20 1996 From: m5 at tivoli.com (Mike McNally) Date: Sat, 5 Oct 1996 01:25:20 +0800 Subject: How to fight GAK by obeying the law In-Reply-To: <199610040457.VAA25485@server1.chromatic.com> Message-ID: <32550ACC.1894@tivoli.com> Ernest Hua wrote: > First thing we definitely need is a way to determine with fairly good > accuracy, whether a host is in the U.S. I really don't see how that's possible, given the possibility of me taking my laptop to Ecuador, dialing into a stateside ISP, and being issued an IP address in the ISP's domain. In other words, anything that bases a decision on host location by inference on the domain will inherently be rooted in the notion that hosts in that domain are stuck to the ground "nearby". ______c_________________________________________________________________ Mike M Nally * IBM % Tivoli * Austin TX * How quickly we forget that mailto:m5 at tivoli.com mailto:m101 at io.com * "deer processing" and "data http://www.io.com/~m101/ * processing" are different! From m5 at tivoli.com Fri Oct 4 10:25:37 1996 From: m5 at tivoli.com (Mike McNally) Date: Sat, 5 Oct 1996 01:25:37 +0800 Subject: DESCrack keyspace partitioning In-Reply-To: <01BBB163.FC317940@geeman.vip.best.com> Message-ID: <32550CC5.8F6@tivoli.com> geeman at best.com wrote: > > (P)RNG's just aren't that likely to produce a key of 010101010..... > nor 001100110011... etc etc Right. A good CSPRNG is ulikely to produce the pattern 010101010101. It's also unlikely to produce the pattern 0011001100110011. Oh, and it's also unlikely to produce 01100100101001011. In fact, a good 32-bit CSPRNG has only a 1/2^32 chance of producing any particular bit pattern. Of course, another way of saying that is that it's just as likely to get an "obvious" bit pattern as it is to get any other one. You can't just throw away part of the keyspace based on such bogus reasoning. (There may be other reasons to throw away part of the keyspace, of course.) ______c_________________________________________________________________ Mike M Nally * IBM % Tivoli * Austin TX * How quickly we forget that mailto:m5 at tivoli.com mailto:m101 at io.com * "deer processing" and "data http://www.io.com/~m101/ * processing" are different! From deviant at pooh-corner.com Fri Oct 4 10:25:50 1996 From: deviant at pooh-corner.com (The Deviant) Date: Sat, 5 Oct 1996 01:25:50 +0800 Subject: RSA's Official Permission Message-ID: ---------- Forwarded message ---------- RSA Optimistic on User Benefits of Administration's Recent Key Recovery Initiative Announcement Further policy change required for US vendors to be competitive worldwide REDWOOD CITY, Calif.---Oct. 2nd, 1996--RSA Data Security, Inc., a wholly-owned subsidiary of Security Dynamics Technologies, Inc. (NASDAQ: SDTI), issued the following comments on the administration's recent announcement of a Key Recovery Initiative: The administration's proposed Key Recovery Initiative is a positive step towards meeting the needs of individuals and organizations that buy and use products which utilize encryption. However, the proposal leaves significant competitive issues unresolved for suppliers who compete overseas. Modern encryption and authentication technologies are crucial to the growth of electronic commerce and the health of the future global electronic economy. The continued leadership of American computer and software firms in the world market depends on their ability to provide competitive solutions for consumers and business around the world. These consumers and businesses depend increasingly on encryption and authentication technologies -- such as those developed at RSA -- to provide solutions that protect the privacy of consumer purchases, personal medical information, sensitive corporate data, and electronic commerce and funds transfers as they travel over the global Internet. US government agencies, however, have long insisted that they must have potential access to all encrypted information for law enforcement purposes, and have advanced several proposals towards those ends. To date, these proposals have met with little support from the user and vendor communities due to concerns about privacy and competitiveness. This new proposal from the administration, however, is a move in the right direction for users. One positive step is that the administration has indicated, for the first time in over six years of discussion, that it will lift all key size restrictions on the export of products which utilize cryptography, provided that manufacturers provide a viable means of key recovery for legitimate government access. In addition, under the administrations proposal, industry, not government, will develop and propose the actual key recovery mechanisms. This will to result in more effective solutions to managing and recovering keys. Finally, the proposal addresses the concerns of users that any third party designated to hold user keys might improperly disclose those keys, thereby compromising a user's right to privacy. The administration has agreed that under certain circumstances, organizations would be allowed to "self-escrow" their own encryption keys. RSA is confident that industry can develop and gain approval for several excellent key recovery mechanisms that would be acceptable to government concerns. In fact, RSA has been a pioneer in this field with our RSA Emergency Access� technology in its award-winning RSA SecurPC� product. In the case of SecurPC, companies using the product can use Emergency Access keys with RSA's unique secret-splitting technology to gain access to critical information in the event of an emergency. The recently announced Key Recovery Alliance, of which RSA is a part, is chartered to provide a flexible, workable solution for users working within the government's proposed key recovery framework. Members of the group are working on technology which will allow users to maintain the privacy of their keys while allowing legitimate business or law enforcement authorities to recover keys when appropriate. It will also address challenges that arise when a user must comply with the differing encryption policies in countries around the world. The technology could allow products to provide the flexibility a user needs to take full advantage of the maximum privacy allowed in their locality, while maintaining interoperability and information exchange with other users regardless of location. It is not clear, however, to what extent the administration's proposal provides relief to US software and hardware companies who must compete with foreign suppliers. These foreign suppliers, not subject to US law, can provide strong, non-key-recovery encryption in their products. Today, most major computer and software solutions firms derive significant revenues from outside the United States. The government's proposal, while satisfying the US government's needs, does little to enhance the competitiveness of American products overseas. Robust encryption products are already available from many overseas suppliers, and U.S. market share in encryption-enabled products is under siege. Under this proposal, it appears that U.S. companies will still be prohibited from selling non-key-recovery encryption solutions in overseas markets, creating a significant barrier to their competitiveness. RSA looks forward to additional announcements by the administration that specifically address this issue and provide competitive relief for the US computer software and hardware industries. RSA Data Security, Inc. RSA Data Security, Inc., a wholly-owned subsidiary of Security Dynamics Technologies, Inc. (NASDAQ: SDTI), is the world's brand name for cryptography, with more than 75 million copies of RSA encryption and authentication technologies installed and in use worldwide. RSA technologies are part of existing and proposed standards for the Internet and World Wide Web, ITU, ISO, ANSI, IEEE, and business, financial and electronic commerce networks around the globe. The company develops and markets platform-independent developer's kits and end-user products and provides comprehensive cryptographic consulting services. Founded in 1982 by the inventors of the RSA Public Key Cryptosystem, the company is headquartered in Redwood City, Calif. -0- Note to Editors: BSAFE and TIPEM are trademarks of RSA Data Security, Inc. All other product and brand names are trademarks or registered trademarks of their respective companies. | [1]Al Gore's Statement | [2]Jim's Testimony | [3]IBM's Alliance | CONTACT: Corman/Croel Marketing & Communications (for RSA) Patrick Corman, 415/326-9648 [4]corman at cerfnet.com ---------- End Forwarded message ---------- This is definatly bad... If you want to look it up yourselves, its at http://www.rsa.com/PRESSBOX/releases/keyrecov.htm --Deviant They seem to have learned the habit of cowering before authority even when not actually threatened. How very nice for authority. I decided not to learn this particular lesson. -- Richard Stallman From jya at pipeline.com Fri Oct 4 10:40:44 1996 From: jya at pipeline.com (John Young) Date: Sat, 5 Oct 1996 01:40:44 +0800 Subject: NYT Nix GAK Message-ID: <199610041312.NAA20299@pipe2.ny3.usa.pipeline.com> The New York Times, October 4, 1996, p. A32. A Flawed Encryption Policy [Editorial] The new White House proposal to keep high-powered encryption software out of the hands of foreign terrorists and criminals is needlessly restrictive and probably unworkable. Though the new plan is better than previous Administration proposals, it risks doing more harm than good. The Administration is rightly worried that foreign terrorists or criminals will get hold of encryption software that will make it impossible for the Government to eavesdrop on their telephone and computer messages. The technology is legal in this country, but the Administration wants to keep the powerful new software out of foreign hands. However, the Administration downplays the fact that encryption is also a good way for honest citizens to prevent crime. At a time when banks and other private companies send vast amounts of confidential information over the electronic highway, it would seem sensible to make high-quality encryption widely available so that the private sector can protect itself from criminal or malicious eavesdropping. For that reason, the Government ought to promote wide-scale dissemination of encryption, both here and abroad. Trying to block dissemination is probably useless and almost certainly harmful to American exports. Powerful encryption systems made by foreign companies are already available in Europe and Asia, and American exporters will need to sell state-of-the-art software to keep competitive. The Clinton Administration previously proposed that the computer industry adopt a single type of encryption, known as key-escrow, which would scramble messages with mathematical passwords. Under the plan, private companies and individuals would turn over these passwords to the Government, which, with court authorization, could use them to unscramble the phone and computer traffic. The purpose of key-escrow, then, would be to preserve the Government's existing ability to tap phone calls. But that Clinton plan was firmly rejected by industry and privacy-rights advocates who feared that a government that held passwords would abuse First Amendment prohibitions against listening in on private communications. The latest White House plan addresses many of these concerns. It would impose restrictions only on the software that exporters sell abroad. Privacy advocates have less to fear from the latest plan because it would allow individuals to deposit their passwords with private organizations, rather than the Government. Yet the Administration has not explained why foreigners would buy American software that would allow the F.B.I. to eavesdrop when they could buy equally powerful software from non-American manufacturers that omits any such trap door. Critics assume that foreign governments -- few of which pay attention to American constitutional protections against invasion of privacy -- would demand access to passwords, making such software unattractive for anyone to use. There is room to improve the plan. A panel of the National Research Council recently concluded that there is no good reason to restrict exports of currently available encryption because foreigners already have access to equally powerful software. There is time to work out restrictions, in cooperation with the industry and privacy advocates, for the next generation of encryption software. In the meantime the Administration might push forward on the panel's other sensible recommendations -- such as developing better encryption expertise within the F.B.I. and helping the private sector develop the encryption software it needs to stop illegal eavesdropping. [End] The National Research Council report is available at: http://pwp.usa.pipeline.com/~jya/nrcindex.htm From declan at eff.org Fri Oct 4 10:56:17 1996 From: declan at eff.org (Declan McCullagh) Date: Sat, 5 Oct 1996 01:56:17 +0800 Subject: Fighting Clipper III In-Reply-To: <325b245d.288509144@super.zippo.com> Message-ID: Point taken. And for the record, I've learned that Netscape pays an upfront fee to RSA; RSA doesn't get royalties. -Declan On Thu, 3 Oct 1996, Mark Heaney wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > erm, a boycott means not _buying_ a product, as opposed to not _using_ a > product. In the case of PGP, I never intended to purchase it from RSA. As > for Netscape, there are other browsers out there (or so I heard). > > Realistically, a boycott is likely to be ineffective. Writing letters to > companies and congresshmucks and working with non-US crypto companies to > create a standard that can be legally imported into the US (for now) would > be more effective, IMHO. Boycotts rely on large numbers of participants, > and not enough people understand or care about encryption. We'd be better > off trying to change that first. > > Mark > > > On Thu, 3 Oct 1996 06:37:45 -0700 (PDT), Declan McCullagh > wrote: > > >You'll have trouble doing a successful boycott of RSA. What, you won't > >use Netscape Navigator or PGP? > > > >-Declan > > > > > >On Wed, 2 Oct 1996, Jim McCoy wrote: > > > >> Rich Burroughs wrote: > >> [...] > >> >>>On Wed, 2 Oct 1996, John Young wrote: > >> >>> > >> >>>> The New York Times, October 2, 1996, pp. D1, D8. > >> >>>> Executives of the International Business Machines > >> >>>> Corporation said late yesterday that they were still lining > >> >>>> up the final list of companies in the alliance. Those > >> >>>> involved will include Digital Equipment and smaller > >> >>>> data-security companies including RSA Data Security, Cylink > >> >>>> and Trusted Information Systems. > >> >>> > >> >>>We are in deep trouble. > >> >> > >> >>Wouldn't a letter-writing campaign be in order here? > >> >[snip] > >> > > >> >The word "boycott" leaped into my mind. I personally do not believe that I > >> >will be buying products from any of these companies, as long as thay > >> >participate in this GAK charade. > >> > >> Such an initiative will need publicity and letter-writing early in the > >> campaign will help us set the tone and points of debate on this issue. > >> A boycott works best when everyone knows why and there are a few key > >> phrases which can be used to get the message across. Something like > >> "company X is helping build big brother, boycott their products" or a > >> few similar sound bites are needed fast. The big brother inside stickers > >> from the last campaign were nice, maybe people can come up with variations > >> of various corporate logos or marketting phrases which help get the message > >> across? > >> > >> jim > >> > >> > > > > > >// declan at eff.org // I do not represent the EFF // declan at well.com // > > > > > > > > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQB1AwUBMlQmC936bir1/qfZAQF9dwL/fN1HZhHWbnOa6gZ71WMwf32nuOGS1CGm > H2f9MlNvZhYF6TVAwCmfUG4hgeJQLkC97GrR/0hIfNYzir0Eb+qmF2Mptvl5tUiJ > I89H2WRVl+BJBoqThGXJx8BqL6uVDX9H > =sBVJ > -----END PGP SIGNATURE----- > > Mark Heaney finger snipe at starburst.cbl.cees.edu for public key > PGP Fingerprint= BB D8 9B 07 51 87 05 AC 47 7B F2 4F A6 AB 1A CD > ----------------------------------------------------------------- > Vote against government *** Vote Libertarian > // declan at eff.org // I do not represent the EFF // declan at well.com // From richieb at teleport.com Fri Oct 4 12:31:10 1996 From: richieb at teleport.com (Rich Burroughs) Date: Sat, 5 Oct 1996 03:31:10 +0800 Subject: Key recovery/RSA/Bidzos/WTF?!? Message-ID: <3.0b24.32.19961004062157.0070fcd8@mail.teleport.com> At 08:38 PM 10/3/96 -0700, Declan wrote: >PC World (at www.pcworld.com) has a radio interview with Bidzos, I'm >told, probably in the same story for which they interviewed me. RSA's "position statement" is at: http://www.rsa.com/PRESSBOX/releases/keyrecov.htm ______________________________________________________________________ Rich Burroughs richieb at teleport.com http://www.teleport.com/~richieb See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon U.S. State Censorship Page at - http://www.teleport.com/~richieb/state New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause From bkmarsh at feist.com Fri Oct 4 13:26:50 1996 From: bkmarsh at feist.com (Bruce M.) Date: Sat, 5 Oct 1996 04:26:50 +0800 Subject: Can we kill single DES? In-Reply-To: <19961004020539265.AAB223@GIGANTE> Message-ID: On Wed, 2 Oct 1996, Adamsc wrote: > A Linux port (Pentium) would be *very* good - lots of Linux people tend to by > pro-cpunk. Ditto for OS/2. And who knows, if you hyped the business > aspects enough you might even find IBM or some other large corp willing to > donate some time on large system. Maybe Deep Blue gets bored in between its chess matches. :) ________________________________ [ Bruce M. - Feist Systems, Inc. ] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 'DISA information shows that computer attacks on the Department of Defense are successful 65 percent of the time. The DoD, despite its problems, probably has one of the strongest computer security programs in government.' -GAO/T-AIMD-96-108 From jbugden at smtplink.alis.ca Fri Oct 4 13:31:09 1996 From: jbugden at smtplink.alis.ca (jbugden at smtplink.alis.ca) Date: Sat, 5 Oct 1996 04:31:09 +0800 Subject: DESCrack keyspace partitioning Message-ID: <9609048444.AA844448332@smtplink.alis.ca> "geeman at best.com" wrote: >(P)RNG's just aren't that likely to produce a key of 010101010..... nor 001100110011... etc etc and I have been thinking about how one might formalize and exploit this randomness property to increase the probability of finding the key sooner. ... >Any thoughts here? Suppose we have a function f() that randomly chooses an integer between 1 and 100 such that each integer in the range is equally likely to be selected on each call. If we call f() 6 times, each time noting whether the result is even or odd, which of the following sequences is more likely? Even Even Even Even Even Even Even Odd Odd Even Even Odd If you picked the second sequence as more likely, you are like most people who responded to similar questions in a classic study of cognitive biases [1]. The two sequences actually have an identical probability of occuring, and, in fact, all sequences of six outcome are EQUALLY probable. This example illustrates the representativeness bias, in which we mistakenly suspect the global characteristics of a process to be represented locally in a specific sequence[2]. Ciao, James 1. Kahnman, D., and Tversky, A. Subjective probability: A judgement or representativeness. Cognit. Psych. 3 (1972) 430-454 2. Stacy, Webb and MacMillian, Jean, Cognitive Bias in Software Development. Communications of the ACM June 1995, 57-63 From geeman at best.com Fri Oct 4 13:50:15 1996 From: geeman at best.com (geeman at best.com) Date: Sat, 5 Oct 1996 04:50:15 +0800 Subject: DESCrack keyspace partitioning Message-ID: <01BBB1D1.991B3940@geeman.vip.best.com> Sorry, but you are ASSUMING that which I dispute. The point I am making is that keys in the real world are not uniformly distributed. Some results forthcoming. Suppose we have a function f() that randomly chooses an integer between 1 and 100 such that each integer in the range is equally likely to be selected on each call. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ If we call f() 6 times, each time noting whether the result is even or odd, which of the following sequences is more likely? From geeman at best.com Fri Oct 4 14:09:22 1996 From: geeman at best.com (geeman at best.com) Date: Sat, 5 Oct 1996 05:09:22 +0800 Subject: DESCrack keyspace partitioning Message-ID: <01BBB1D1.92DA93A0@geeman.vip.best.com> Re: DESCrack keyspace partitioning geeman at best.com wrote: > > What about the heuristics of partitioning the keyspace? > > Seems to me that a _subset_ of all possible keys is much more likely > to appear than a random selection from an equidistributed population 0..2^56. > > (P)RNG's just aren't that likely to produce a key of 010101010..... > nor 001100110011... Why? They seem just as likely as any other sequence. I left out a piece: again heuristically speaking, most DES keys are derived from pasword hash, or similar technique. In such a case the statistics of the generated keys are (it looks like) _highly_ skewed. etc etc and I have been thinking about how one might formalize > and exploit this randomness property to increase the probability of finding the key sooner. Again, which randomness property? The property that essentially _no_ predictability is found in a hash-derived key. Gary -- "Of course the US Constitution isn't perfect; but it's a lot better than what we have now." -- Unknown. pub 1024/C001D00D 1996/01/22 Gary Howland Key fingerprint = 0C FB 60 61 4D 3B 24 7D 1C 89 1D BE 1F EE 09 06 From dustman at athensnet.com Fri Oct 4 14:14:01 1996 From: dustman at athensnet.com (Anonymous) Date: Sat, 5 Oct 1996 05:14:01 +0800 Subject: [IMPORTANT] GAK Message-ID: <199610041549.LAA26732@porky.athensnet.com> Timmy May is a convicted child molester. From schryver at radiks.net Fri Oct 4 14:25:55 1996 From: schryver at radiks.net (Scott J. Schryvers) Date: Sat, 5 Oct 1996 05:25:55 +0800 Subject: boycott GAKkers (was Re: NYT on IBM GAK) Message-ID: <199610041507.KAA10250@sr.radiks.net> -----BEGIN PGP SIGNED MESSAGE----- At 08:39 PM 10/3/96 -0400, you wrote: GAKked DES! Talk about redundant. >-----BEGIN PGP SIGNED MESSAGE----- > >On Thu, 3 Oct 1996, Adam Back wrote: > >> (I've seen HP, Sun, RSADSI, TIS, Apple, Atalla, DEC, Groupe Bull, IBM, >> NCR Corp., and UPS mentioned). Any confirmations? Denials? > >IBM and TIS are definitely pro-GAK. TIS is selling a firewall that uses >GAKked DES. IBM has been working on developing the "key recovery" technology. >The article posted here a while ago that told of IBM's plans to support GAK >also said that they were planning to license the technology to Sun and >Netscape. I don't know about the accuracy of that last statement. > >Mark >- -- >PGP encrypted mail prefered. >Key fingerprint = d61734f2800486ae6f79bfeb70f95348 >http://www.voicenet.com/~markm/ > >-----BEGIN PGP SIGNATURE----- >Version: 2.6.3 >Charset: noconv > >iQEVAwUBMlRcsCzIPc7jvyFpAQEiIwf/btvAiIVHF3alGh+Vivr3MoHnSSciFjGX >qhqdS+SEsM4cTxE+y8vvfpHFs/faQPmWLgT70lyf1pJ+Avei7brieb/qWoC5q9MJ >gBlSa1f2yVMY7ax+KPTwU+Yk63A7oi964d+ebCp51BLOtzKammRlIw/nBFuDMq/5 >ss2a4w4PuOEOP35WQIy0i8NBoJxEi5gHx5J/+gGzWK9iw/yZa0xyoT25ci6uh7mJ >sPgNmedr/Pq+D5gk5GduGgGni/jrDeADH0K7R0M8Jqlh0Xc82NPkau8xwZAXDMJV >947PF56souwrx3BHmj7fXPXIVBJEjWy/Ymv2N8LBm+BHS09CN0ns5Q== >=URZJ >-----END PGP SIGNATURE----- > > -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMlUoaf+hzPlzwZAdAQGopQgAvlREZb8S6SPQs/WQvZzkoR9ETJy1byEK xGO/ymOpkivpGCZBXGcdOLnnDJbH26x8eh7iHi+Mzv6iVrbt11YkbZ9h7z7UTkdq jtUMVN9MvOaKPxcLqTvcYgTOyKgLPYpIa27xKlP5Y7NqovacTHHA6TgSz5HjC8fQ Jg+xCPDYsJTLEDmmdJVykJx/SU4ovIFP2o/8eF+LMIW7M3L7w5bHUO14HYkuMrUy hpNp4NCycGbwia1GYkwfOYnx5YuQFSjBeubIm8sqC2Zs3A7B9OoTyOmec12JyvGz G4kJe5vKhF+q8MktOSzazqMvdJ8PgQX0ecrhrurLVdVnwu1H1QB1ZQ== =HViK -----END PGP SIGNATURE----- From asgaard at Cor.sos.sll.se Fri Oct 4 14:27:02 1996 From: asgaard at Cor.sos.sll.se (Asgaard) Date: Sat, 5 Oct 1996 05:27:02 +0800 Subject: Secret Swedish GAK and ITAR Message-ID: Gunnar Klein, a Swedish MD, is chairing a EU committee dealing with standardization of security measures in medical information systems. Recently, in a full-page anti-GAK debating article in a national Swedish evening newspaper (Aftonbladet 9/25/96), he chose to reveal some secret information he's gotten hold of: Sweden's representatives in the OECD GAK proceedings have declared that Sweden is willing to sign bilateral or multilateral GAK treaties, if other countries so demand. This declaration, along with the OECD records per se, has been classified. He also discloses that Sweden in late 1994, effectively in total secrecy, issued a completely new law against export of 'stretegic products', principally including all cryptography, without permission from the 'Inspection for Strategic Products'. In theory this law would cover export of a crypto program on a notebook. Gunnar Klein suspects US strong-arming behind all this. Obviously, Denmark has taken a different, anti-GAK, position in the OECD proceedings. Denmark is less susceptible to US blackmail than Sweden - they don't build fighter-planes with lots of US high tech parts inside (like the JAS/Gripen). Asgaard From geeman at best.com Fri Oct 4 14:29:16 1996 From: geeman at best.com (geeman at best.com) Date: Sat, 5 Oct 1996 05:29:16 +0800 Subject: DESCrack keyspace partitioning Message-ID: <01BBB1D1.94D09740@geeman.vip.best.com> Another thinking step: most real-world DES keys are derived from hashes. Not (P)RNGs. The distributions are **not** uniform. I am talking about FAMILIES of predictable bit patterns in keys, not any specific pattern. I'm doing the stats. The goal is to search the most likely keys first, and not all keys are created equally. Your reasoning is thin. ---------- From: Mike McNally[SMTP:m5 at tivoli.com] Sent: Friday, October 04, 1996 6:10 AM To: geeman at best.com Cc: 'cypherpunks at toad.com' Subject: Re: DESCrack keyspace partitioning geeman at best.com wrote: > > (P)RNG's just aren't that likely to produce a key of 010101010..... > nor 001100110011... etc etc Right. A good CSPRNG is ulikely to produce the pattern 010101010101. It's also unlikely to produce the pattern 0011001100110011. Oh, and it's also unlikely to produce 01100100101001011. In fact, a good 32-bit CSPRNG has only a 1/2^32 chance of producing any particular bit pattern. Of course, another way of saying that is that it's just as likely to get an "obvious" bit pattern as it is to get any other one. You can't just throw away part of the keyspace based on such bogus reasoning. (There may be other reasons to throw away part of the keyspace, of course.) ______c_________________________________________________________________ Mike M Nally * IBM % Tivoli * Austin TX * How quickly we forget that mailto:m5 at tivoli.com mailto:m101 at io.com * "deer processing" and "data http://www.io.com/~m101/ * processing" are different! From snow at smoke.suba.com Fri Oct 4 14:42:49 1996 From: snow at smoke.suba.com (snow) Date: Sat, 5 Oct 1996 05:42:49 +0800 Subject: The attitude of US peoples toward govt WAS: [AP stuff] (fwd) Message-ID: <199610041616.LAA01460@smoke.suba.com> Jean-Francois Avon asked me to forward this to the list. It is part of a conversation that He and I had last week. The Crypto Relevance if any is in the attitudes we are discussing, and in the the last couple paragraphs of Mr. Avon's writing. Forwarded message: > From jf_avon at citenet.net Fri Sep 27 23:59:05 1996 > Message-Id: <9609280545.AB01676 at cti02.citenet.net> > Comments: Authenticated sender is > From: "Jean-Francois Avon" > Organization: JFA Technologies, Montreal, QC, Canada > To: snow > Date: Sat, 28 Sep 1996 01:45:30 -0500 > Subject: The attitude of US peoples toward govt WAS: [AP stuff] > Priority: normal > X-Mailer: Pegasus Mail for Windows (v2.32) > > On 27 Sep 96 at 20:01, snow wrote: > > When I talked about driving for 48 hours straight, I was trying to > > impart an idea that many midwestern people are rasied with, the > > total VASTNESS of the world. We (midwesterners, and some of the > > westerners, and a lot of older people (in their 60's & 70's) > > honestly believe deep down inside that this country is too vast to > > effectively control that the government simply CAN'T do it. They > > can't enforce any control they wish to have with the army, because > > WE have guns, and a lot of us are ex-army (a little older, a > > little slower, a HELL of a lot more devious and a lot less > > impetuious). We simply don't accept the fact that any one CAN > > control us. > > This might be why I liked NM, and AZ and TX. I can understand the > feeling you describe as you can barely escape it while visiting the > place. I suppose our canadian politicians also understood that: c.f. > Bill C-68 :( > > > Anyway, [the person's] point was that [some type of software] took > > control and decesions out of peoples hands, and that is why it was > > a market sucess. This I see as a European disease, the looking to > > government & the church for the solutions to every day problems. > > That is the feudalist attitude and philosophy. Absolutely > disgusting. Although we have, here in Quebec, french roots and > civil laws based on the Napoleon Code (Common Law everywhere in > Canada except in QC), the population have a very american way of > seeing life. Every time I have political discussion with French from > France, the feudal mentality always surfaces up and I always have > problems with them. They have a hierarchy-worshiping attitude, > coupled with an abdication of the power of their own reason (at the > individual level). In short, they are brought-up to become yes-men. > It litterally gives me an uncomfortable feeling in my guts. > Disgusting. > > > The original Colonists didn't have that attitude (well, they did to > > some degree, but not the people on the edges) In fact the attitude > > really didn't develop fully in this country until the 1920's, and > > still hasn't caught on everywhere. > > Roosevelt and his New Deal... I got the chance to find a magazine > who explained how the Federal Reserve was created. Politicians > sneaking into trains as "duck hunters", grand political socialistic > schemes sprung on peoples in secret, etc. The magazine did not say > that but I am leaning on the Objectivist side and I tend to read > what *is* written... > > > politicians started paying for votes with government largess > > As a 70 years old englishmen, ex-company managing president & very > friend of mine once said: Everyday, they buy us with our own money... > > > These two attitudes are pretty diametrically opposed, but coupled > > it with a school system that doesn't encourage extra-curriculer > > thought, and you have some pretty incosistent people. > > Unfortunately, you are absolutely right. > > > [slight topic drift...] I was wondering lately... Words have a lot > of power. They are the building blocks we use to materialize > concepts. Think about the word "Government". You would think of it > as a body that governs. But the american peoples think the > government ought to be a body that acts under a mandate to > administrate and oversee certain things. > > The very word "govt" seems to (conceptually) almost "justify" the > actions of present govts, while any other word (like, for example, > "overseers", "Mandated", etc) would stress out that they are under > *our* orders (and nowadays, exceeding their mandate). > > Maybe we should start using a new word to describe *exactly" what it > is that they ought to be doing. Doing so would also stress out > *exactly* what they are pulling on us... > > Comments? > > jfa > > Please e-mail me directly since I am not on cypherpunks anymore. > Thanks. > Jean-Francois Avon, Pierrefonds (Montreal) QC Canada > DePompadour, Societe d'Importation Ltee > Finest Limoges porcelain and crystal > JFA Technologies, R&D consultants > physicists and engineers, LabView programing > PGP keys at: http://w3.citenet.net/users/jf_avon > ID# C58ADD0D : 529645E8205A8A5E F87CC86FAEFEF891 > ID# 5B51964D : 152ACCBCD4A481B0 254011193237822C Petro, Christopher C. petro at suba.com snow at smoke.suba.com From m5 at tivoli.com Fri Oct 4 14:51:17 1996 From: m5 at tivoli.com (Mike McNally) Date: Sat, 5 Oct 1996 05:51:17 +0800 Subject: DESCrack keyspace partitioning In-Reply-To: <01BBB1D1.968E25C0@geeman.vip.best.com> Message-ID: <325550B5.7CCD@tivoli.com> geeman at best.com wrote: > > Another thinking step: most real-world DES keys are derived from > hashes. Not (P)RNGs. Hashes? Hashes of what? > The distributions are **not** uniform. Then that's a wonderful weakness in the cryptosystem. Let's fix it. > The goal is to search the most likely keys first, and > not all keys are created equally. Any cryptosystem for which one can compute likely vs. unlikely keys has already been partially compromised. ______c_________________________________________________________________ Mike M Nally * IBM % Tivoli * Austin TX * How quickly we forget that mailto:m5 at tivoli.com mailto:m101 at io.com * "deer processing" and "data http://www.io.com/~m101/ * processing" are different! From dlv at bwalk.dm.com Fri Oct 4 14:51:22 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 5 Oct 1996 05:51:22 +0800 Subject: Utah as a Religious Police State [RANT] In-Reply-To: <3254976E.7F3@gte.net> Message-ID: <4Ly0uD38w165w@bwalk.dm.com> Dale Thorn writes: > Deana Holmes wrote: > > On 2 Oct 96 at 8:47, John C. Randolph wrote: > > > Moroni says: > > > >I never cease to be surprised by the interest that gentiles show > > > >in working mormon communities while totally neglecting their own > > > >failing areas. > > > > I don't do a lot of nit-picking on this mailing list, but: > > > I am a Jew. *You* are a gentile. So are all the rest of the mormons. > > > Get this point straight. > > > Uh, in Utah, Jews are Gentiles. No lie. > > I hope I can add something useful to this: > > There are quite a few religious groups which claim Zionist spinoff > beliefs. Rastafarians (spelling OK?), Mormons, Jews, Christians, and > probably a host of others. Some of these groups specifically exclude > others who make similar claims. There is good evidence that the Jews, > to name one example, did not originally (whenever that was) make claim > to being a Chosen People, etc., but added it later. Certainly Mormons > and other Christians "added it later", no question about that. > > St. Paul in the Christian "new testament" makes it quite clear that, at > least from his time onward, the value of being a Jew is in the spirit, > not in the flesh. Deep stuff, indeed. > > Then there's the question of how one obtains the "right to exist" as an > ethnic identity, hopefully without having to exterminate someone else. > I for one was raised in a very conservative Christian culture, and we > were taught that God "gave" Canaan (later Israel) to the Israelis, when > it was already occupied. Refer to Dick Gregory's comments about > Columbus "discovering" America, and how he should be able to go downtown > and "discover" himself a Cadillac. > > BTW, in a review of HP products I once read (they made the first > personal computers, circa 1966 I believe), it said that HP people, in > their main plants in Corvallis OR and Ft. Collins CO, had a really great > "work ethic", and that they were almost all Mormons and "born again" > Christians. That probably says more about homogenous culture than about > any particular culture, I would guess. > > Bottom line for me is, I sincerely appreciate a lot of the good values > some of these religions bring to their followers, but let's be serious, > if any of these groups get too much power, look the *hell* out! > > P.S. I cringe every time I hear one of the CNN bozos pronounce Israel > as in real estate, or get real. I think they all have to attend > the Rick Dees school of broadcasting, so it's a standard, like > GAK or something is going to be the standard. > > What is the crypto-relevance of the above-quoted passage? --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From hua at chromatic.com Fri Oct 4 14:56:54 1996 From: hua at chromatic.com (Ernest Hua) Date: Sat, 5 Oct 1996 05:56:54 +0800 Subject: The Myth of the "Balanced" Middle Ground (Was: Re: gack vs. key recovery) Message-ID: <199610041759.KAA27421@server1.chromatic.com> > From: "Vladimir Z. Nuri" > > ... I feel > that cpunks are equally guilty, by branding anything that emanates > out of the government as inherently orwellian. do you always have > to have an enemy? is the government always going to be your > enemy, no matter what they do? Actually, the government encourages this view by lying. We can get into the many examples on encryption and wire taps, but if the TLAs keep using lies and PR instead of honesty and facts, then no one will accept anything they propose as-is. There will always be some suspicion of hidden agendas. And really, the agenda is obvious, but they have always refused to acknowledge the full extent of it, probably because it would forever damage their credibility. At least right now, Freeh has done enough PR (paid by your generous tax dollars) to make him look like a good guy. Janet Reno already looks innocent enough (hey, who could criticize someone who might look like your grandmother?) ... The PR concepts are all there, deliberately or accidentally. > I have posted here before that many companies find the concept > of "key recovery" highly acceptable and even desirable. Let them buy it. There are companies already making products with key recovery. But remember that key recovery are mostly useful to corporations, so it will be billed as the "professional" version (in off-the-shelf PC-class software) and also be pushed through the IS consulting channels. None of that really addresses E-Mail, I-phone, etc for the rest of us. > 2. those who feel that there is such a thing as a legal warrant > or subpoena for information protected by cryptography keys, and > would agree that this logically means that governments will be > getting access to "key recovery" infrastructures. I agree that there is a legitimate interest by legitimate law enforcement and national security interests. But ... 1. If it's so darn easy to get non-GAK encryption, why dumb it down for the rest of us? (Really, I just don't buy the "no plans for domestic regulations" bit. Plenty of current and ex-executive branchies have admitted as much in private.) 2. The Orwellian possibilities are definitely there. I simply will not let the government have drift-net-fishing rights on the NII. Sorry. I'll let them tap one-sie two-sie's, and I want the process to guarantee by functional design (not legal constraints) that it's expensive to tap more than a few at a time. > personally I am leaning toward 2, because I feel that we already > live in such a society, and that it is not orwellian. That was true because it was too darn expensive. Hey, at $50K per tap, I would be really selective about spending my hard-lobbied wire tap budget. If I can just push a button, I will be far less selective. (oh ... and make sure I ask real nicely later in front of the judge ... maybe ... if I have time ... too busy catching terrorists and child molesters, y'know) I'm not as worried about the indiscriminant tapping ordered by "good" FBI directors; I'm worried about the tapping by the bad ones. There is ZERO detectability if the FBI gets everything they want. There is not a chance of being accidentally discovered by a phone company employee or a wandering by-stander. That lack of check-and-balance is what I am completely against. I don't mind letting them have the technology if I can be sure it will 1) work and 2) minimize abuse. > the recipe for 200+ years has always been > and remains "eternal vigilance". in other words, I am in favor > of some kind of mechanism by which the government can obtain > keys via subpoenas/warrants. Ok. So every corporation (big and small) now must have a Chief Law Enforcement Relations Officer (CLERO) if they build encryption into their products? Every software engineering consultant has to jump through hoops to export their product? Sorry. If the software engineering industry were just big mammoth corporations, I wouldn't care. But it could just be me and my home office. I cannot afford to fly to D.C. to amuse some panel at the D.o.C. with my stupid key-recovery tricks. No. This plan completely discriminates against small players, and there are a lot of them. Finally, writing software is an art. It is not purely art, but it certainly is an art, which I believe falls fully under free expression and the First Amendment. The work of art is not functional until someone compiles it and run it on a machine. So regulating anything before the actual execution is definitely a violation of the First Amendment. I don't have time to deal with privacy but as soon as it starts executing, it becomes an instrument of privacy so regulating that is also against my basic beliefs, not to mention my engineering sense of practicality. > those who continue to pursue (1) are going to be perceived as > more and more radical and extremist, because arguably it is not > even a system we have today or one that was ever devised. Good point. If we are not careful, we could get bad PR. But then, I've been trying to argue that use of words like "anarchy" is against good PR principles anyway. I don't think cypherpunks have such pristine reputations that we must tread carefully for fear of damaging our "reputation". In fact, I don't think we even have one. That is, in some ways, worse than having one at all. > regarding (2): the government may actually help bring crypto > to the masses via the post office and other routes. are > cpunks going to continue to hold the simplistic, reactionary, > knee-jerk, black-and-white opinion that "anything with the > word 'government' in it is evil"? "if the government is doing > something, then we must sabotage it"? I think you are making the obvious mistake that many people make about similar groups, such as Libertarians. When someone says you should be able to freely choose, that is all that they are saying. They are not saying that someone else may not make a system that is not ideal, but does provide many other value-added benefits. Ern From jya at pipeline.com Fri Oct 4 15:00:42 1996 From: jya at pipeline.com (John Young) Date: Sat, 5 Oct 1996 06:00:42 +0800 Subject: TWP: Tighten ITAR Message-ID: <199610041518.PAA20690@pipe4.ny3.usa.pipeline.com> The Washington Post, October 4, 1996, p. A22. Crypto Politics [Editorial] The Clinton administration once had a coherent, if unpopular, position on encryption software, the stuff that allows you to encode your email messages or other data so that no one can read it en route without a key. Now, in the wake of word that the president will sign an executive order, the position is no longer coherent, nor discernibly more popular with the high-tech audience it attempts to mollify. People and companies doing international financial business are highly interested in this kind of software, the more powerfully "uncrackable" the better. The U.S. software industry thinks there's a lot of money in it, especially if encryption becomes routine. The administration position till recently was that, much as U.S. software companies might profit from being able to market "uncrackable" encryption software freely, national security and law enforcement considerations dictated that such exports be controlled by license. Powerful encryption, like arms, could be dangerous in the hands of terrorists, rogue governments or international criminals. The software was classed as a munition; software above a certain uncrackability level could not be exported unless law enforcement authorities could get access somehow to the "key" after obtaining the proper warrants. Unbreakable codes on the loose strike us as a real danger, a legitimate reason for tight export controls. But if the administration really believes this, you'd think it would stick with steps that can plausibly meet the goal of control. Instead, trying to please, it has been splitting and splitting the difference between itself and the largely unmoved industry, which argues that no one will buy an encryption product that a government can decrypt at will. As with arms sales, the companies also argue that if they don't sell it, somebody else will, and that anyway it's far too late to fence off rogues. The national security people respond that there is still a "window," perhaps two years, in which they can prevent, if not all leaks of unauthorized crypto technology, at least its off-the-shelf use and wide adoption as the international standard. The administration initially proposed, then repeatedly refined, the concept of key "escrow" -- depositing a copy of the code with trusted third parties -- but never came up with a version the industry would accept. It commissioned a National Research Council report, which recommended a significant easing of restrictions. Now the president appears to have embraced a yet looser form of licensure upon declaration by a company that it will develop a plan within two years for key recovery. Also, the technology no longer will be considered munitions. What kind of plan? Nobody can quite say. What if the plans aren't acceptable? Licensing will revert to the old rule in two years. Will the security issue be moot by then? Probably. Barring some burst of clarity, one is left wondering whether the administration has compromised or caved, and what it now believes about the dangers of exporting uncrackable software. [End] Ditto, see the National Research Council report: http://pwp.usa.pipeline.com/~jya/nrcindex.htm From tcmay at got.net Fri Oct 4 15:11:37 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 5 Oct 1996 06:11:37 +0800 Subject: Clipper III questions In-Reply-To: <199610040135.SAA24060@slack.lne.com> Message-ID: At 11:40 PM -0800 10/3/96, Jim McCoy wrote: >>The recent CDT policy post sez of Clipper III: >>This reminds me of the understanding between CIA/NSA and their counterparts >>in British Intelligence. [...] > >While I am not sure that this oft-made claim can actually be proven, Actually, Bamford documents it in detail in "The Puzzle Palace," 1982. See the sections on the "UKUSA" or "UK-USA" agreement. More recent reports have described how the actual sharing is done in a room at Fort Meade between GCHQ and NSA intercept analysts. The GCHQ guys monitor the U.S. traffic, and then "summarize it" (as per the UK-USA arrangement) for their American counterparts. All strictly according to the letter of the law, such as it is. The practical effect is obvious. (I also heard a report that the telephone Long Lines, built some decades ago, were deliberately routed across Indian reservations in several states--for the purposes of the domestic surveillance laws, Indian reservations have "sovereign nation" status! Same reason the CIA used the Cabazon Band of Indians lands for illegal work.) >it does raise an interesting point: a large amount of communications >traffic crosses international boundaries, which country's laws and >procedures are to be followed when a "legitimate law enforcement need" >is perceived? While Americans have become somewhat disenchanted with This is a very important point, I think. Given that users have little control over packet routing, mightn't packets get deliberately routed to jurisdictions where the "Global GAK" policies might be interpreted favorably? Suppose encrypted traffic between two American sites actually went by way of a Canadian hop, and Canadian authorities (possibly working for/with NSA) went to the "Trusted Key Authorities" with a _Canadian_ warrant? And so on, including some nations whose notions of "search warrants" bear no resemblance even to our somewhat tattered notions. So much for U.S. Constitutional protections, even in the post-GAK age. --Tim May "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM that the National Security Agency would try to twist their technology." [NYT, 1996-10-02] We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From froomkin at law.miami.edu Fri Oct 4 15:12:59 1996 From: froomkin at law.miami.edu (Michael Froomkin - U.Miami School of Law) Date: Sat, 5 Oct 1996 06:12:59 +0800 Subject: The Right to Keep and Bear Crypto In-Reply-To: Message-ID: This will be my last post on this thread. On Thu, 3 Oct 1996, Steve Schear wrote: [...] > > However, I found much disturbing. The inference that the Exec branch could > on the one hand classify crypto as a munition ('arms' by any other name), > while for constitutional purposes the Courts may not exposes a deep-seated > legal duplicity. > Why is it "disturbing" that for administrative convenience a regulation uses a shorthand term (in effect saying "treat crypto as if it was a munition"), but that the courts say whatever convenient shorthand you use for regulatory bookkeeping, it has no constitutional effect? What would be the advantage of having the government simply re-impose the ITAR word for word identically for all materials that are not arms in the constitutional sense? The ultimate result would be the same (since this is arguably allowed by the statute, and the non-arms have *even less* constitutional protection (unless they are speech). > Constitutional interpretations over the past century not withstanding, it > is clear (to me) that a substantial number of the Framers would abhor what > has become of the Second Amendment's ... right to keep and bear arms. > This is a different issue; it is irrelevant to the matter at hand since crypto is not arms under ANY reading of the second amendment. As for your argument that the 2nd Am should be read expansively, rather than narrowly, personally I doubt strongly that the Framers would have been unanimous on this. Recall that the Articles of Confederation were abandoned in part due to Shay's rebellion -- and the (majority) Federalists (of whom the Jefferson you quote WAS NOT a part) managed to push through a strong centralizing government. Recall that the constitution in its first draft didn't even have a bill of rights! I am absolutely certain that the Framers recognized that things change over time, and that they would have intended indeed did intend for us to interpret the constitution with some degree -- but not too much -- flexibility. As someone who believes in the importance of fidelity to legal texts, I think we have a duty to make every word in the Constitution count. I therefore place weight on the fact that the 2nd amendment is *unique* in giving the policy reason for the limitation on government power ("a well-regulated militia" being essential &tc.). This is ample grounds to read the text as applying only in the context of an organized militia -- not casual gun ownership -- **whether or not** this complies with our best (and inevitably fallible) reconstruction of what certain historical individuals may have thought the text meant, especially if the historical evidence is mixed. [PS. Why do you privilege the authors of the bill of rights over the people who voted for it?] I might add that I personally find all discussions of plots to kill people, or to watch gleefully while others seek to do so, so morally repulsive that I now killfile everyone who takes part in them. (This has the interesting side-benefit of cutting the list down to very manageable size.) This may explain why I do not respond to certain kinds of messages. I should also add for the benefit of certain third parties to this debate that I stopped responding to gun control flames three years ago after the email flood attack by rabid pro-gun people that temporarily crashed my account. I do not mean by this to attempt to stifle any discussion, only to explain why I'll concentrate on baby-tending and other work rather than go on in this vein. **Benjamin Bradley Froomkin, b. Sept. 13, 1996, 8 lbs 14.5oz 21.5"** **Age two weeks: 9 lbs 12 oz, 23"** A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin at law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's hot here. And humid. From alano at teleport.com Fri Oct 4 15:13:07 1996 From: alano at teleport.com (Alan Olsen) Date: Sat, 5 Oct 1996 06:13:07 +0800 Subject: CNET Digital Dispatch Vol. 2 No. 40 Message-ID: <3.0b16.32.19961004113328.00bb6fa0@mail.teleport.com> This was in the latest version of CNET's e-mail list. Anyone want to add a few good sound bytes? > >7. "YOUR TURN": ARE ENCRYPTION LAWS TOO STRICT? > >The White House has finally loosened up the export restrictions on >powerful encryption software: > > http://www.news.com/News/Item/0%2C4%2C4003%2C00.html > >But the software industry and the Web community generally agree >it's too little, too late. How do you feel about the export of >encryption technology? What about the government's continued >insistence that law enforcement be availed of a method to decode >any encrypted message if granted a court order? > >To contribute your opinion, phone CNET at 415/395-7805, enter >extension 5400, and leave a message. We'll listen to the responses >and broadcast some of the best on CNET Radio. > >Each week Digital Dispatch brings you the new "your turn" >question, and each Wednesday you can hear the responses to the >previous week's question on CNET Radio: > > http://www.cnet.com/Content/Radio/ --- Alan Olsen -- alano at teleport.com -- Contract Web Design & Instruction `finger -l alano at teleport.com` for PGP 2.6.2 key http://www.teleport.com/~alano/ "We had to destroy the Internet in order to save it." - Sen. Exon "Microsoft -- Nothing but NT promises." From jcr at idiom.com Fri Oct 4 15:20:58 1996 From: jcr at idiom.com (John C. Randolph) Date: Sat, 5 Oct 1996 06:20:58 +0800 Subject: "Mormon Asshole?" re: GAK Message-ID: <199610041936.MAA29441@idiom.com> Attilla Says: >but what inflames the anti-mormon passions the most is the >paid clergy of other organized religions whose employment is >the paid ministry to their flock. Mormons threaten their jobs; >the mormons have no paid ministry; it is all part of our >"callings" to do the Lord's work. Well, speaking as one who has occasionally been called anti-mormon (although, I'm *really* not that specific!) The only time I feel any anti-mormon "passion" is when I want to throttle one of your missionaries. I like sleeping in, and being awakened by a kid who wants me to join a religion is really offensive. If the LDS church would just give up this damnable proselytizing, I'd find you no more objectionable than the Tibetan Buddhists (whom I actually hold in rather high regard, although they're never going to convert me either!) -jcr PS: I do think it's a Good Thing that mormons don't pay the clergy. One positive for LDS. Did you pick up that idea from the Ba'ha'i? From azur at netcom.com Fri Oct 4 15:33:26 1996 From: azur at netcom.com (Steve Schear) Date: Sat, 5 Oct 1996 06:33:26 +0800 Subject: ADJ_ust Message-ID: Ya' know, I keep seeing government references to all this terrorist technology and know-how on the Net, but when I do some pretty exhaustive searches I come up pretty-much empty handed. Are their claims just rhetoric or am I incompetent at using Web search tools? For example, where can one find on the Net: the means to anonymously purchase CBW precursors or strains, manufacuting and know-how? Where can one find practical EMP designs and components? Where can one find practical Fuel/air explosives device construction info? I'm sure you can think of other significant items I've left out. Hope you get the picture. >On Wed, 2 Oct 1996, Adamsc wrote: > >> I have strong >> doubts that someone would come up with a non-nuke that could destroy stuff >> indiscriminately within a useably large area. > >Fuel/air bombs. > >--Lucky From tcmay at got.net Fri Oct 4 15:36:33 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 5 Oct 1996 06:36:33 +0800 Subject: Very brief comments on LDS/Mormons In-Reply-To: Message-ID: I suppose I'm chagrinned that a thread I named, "Utah as a Religious Police State," has been followed by *so many* religious flames, pro- and con- Mormonism. (I use Mormonism as shorthand for LDS...sosumi.) My point was not to attack Mormonism, esp. the religious beliefs. Personally, I think cults are useful in keeping people off the streets (better than police-enforced curfews). I was mainly challenging Attila's glowing opinion of how his community "enforces curfews big time." Telling people when they can be on public streets and when they cannot is no different than telling them what they can read and what they cannot. ("Telling them" in the sense of backing it up with the power of the state. For example, the LDS church is perfectly free to "tell" its members not to read the books of, say, Juanita Brooks. However, this may not be enforced by the government or its police and court arms, so long as Utah is part of these United States. Period.) Personally, I find Mormonism to be a good "survival meme." Self-preparedness, food storage, self-reliance, etc., are all counter to the "I'll just let government take care of me" meme which is so common in the rest of society. I don't cotton to supernatural explanations of the world, though, so I've never been in involved in any religion (past age 11). This is the last thing I'll say on Mormonism. Whether some subset of settlers committed some set of crimes in Mountain Meadows is a footnote in history--who really cares about such anomalies? I care more about the present. I still urge Attila to rethink his enthusiastic support of state-enforced curfews, or state-imposed bans on alcohol (not that I recall him supporting this particular law), etc. --Tim "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM that the National Security Agency would try to twist their technology." [NYT, 1996-10-02] We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From scottb at aca.ca Fri Oct 4 15:40:40 1996 From: scottb at aca.ca (scottb at aca.ca) Date: Sat, 5 Oct 1996 06:40:40 +0800 Subject: picture encryption Message-ID: <96Oct4.160134edt.15734@gateway.aca.ca> Sometime back someone mentioned a program that would hide messages inside a picture, by replacing the LSB of the color with the message. Does anyone know where I can get this?? I was thinking that if they outlawed high strength encryption (non GAK approved), not letting them realize that you were sending encrypted information would be an excellent alternative. Of course the message hidden in the image would be encrypted as well. You could spend many months on trying to break the key, only to find out that it was really only a picture. /sb From rah at shipwright.com Fri Oct 4 15:50:52 1996 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 5 Oct 1996 06:50:52 +0800 Subject: MacGAK: Tim has a snit. Again. In-Reply-To: Message-ID: At 11:20 pm -0400 10/3/96, Timothy C. May wrote: > My comments here are not vitriolic, just factual. Clearly, while the > "guerilla" crypto meeting was happening, the higher-ups were selling out > their customers and going much further than they needed to in ensuring a > Big Brother State. Indeed. Welcome to the club, Tim. I'm reminded of all those c'punk meetings at places like Sun, or SGI, or any of several Bay Area landmark firms, all of whom have managements full of people who think they're "doing the right thing" by helping the Feds spy on us all. That's okay. Cypherpunks, some of them, anyway, write code. And so, your point is? > (BTW, in response to my "the surveillance system for the rest of us" > comment, Andrew Loewenstern sent me a note in which he contrasted Apple's > "1984" commercial with the current reality.) Talking about people's private mail in the third person, Tim? It seems I'm not the only one guilty of such stuff. At least I don't post names with the opinions, though I shouldn't have posted anything in the first place. If you remember, it is something which I apologized to the list for at the time. It was late. I was tired. And, I might add, you were pissing on my shoes. Fortunately, I wear my seaboots around here, given our past history on this list. > This is the epitome of armchair psychoananalysis. How can you _possibly_ > know what I thought about things? Jeez. Nope. Can't tell what you think, Tim. Just an opinion. I'm just engaging in a little constant conjunction; to take a leaf from Mr. Hume's book. That is, however right he may be most of the time, Tim May seems to have an ego the size of the Hindenburg, and he can be just about as inflamatory, when he says he's been slighted. If you get in the way of that ego at all, regardless of your facts, he will flame you to your shorts. Happens every time. Impute causality however you want. The phenomena are clearly linked. Must be what happens when you're holed up out in the woods all day with nothing to keep you company but a mailing list. > Who cares? Such comparisons are odious. I responded to Vinnie, not to the > "us" implied in "we asked," and the matter would've remained between Vinnie > and me had he not shared our e-mail with you and had you not then gone into > one of your "free association" rants. Recall that even Vinnie was highly > critical of this performance. Depends on what you call "highly". It seems that if you hadn't gone into a towering snit, he probably wouldn't have said anything, because I was right. And, my point still stands. You were behaving childishly. Both to Vinnie then, to the list then, and to me and the list now. By the way, "we", Vinnie and I, are the people who put MacCrypto together. Admittedly, Vinnie did all the work, but it was ever thus. :-). You say, X is important, we should do it, Vinnie says fine, let's do X, and Vinnie makes it happen. I've never worked with anyone quite like that before. It's very refreshing... Frankly, Tim, you could have just let it pass, or at least have been more of an adult about it, constitutionally impossible though that might be for you. Inadvertantly, your churlishness probably increased the attendance at the MacCrypto conference. So, thanks anyway. *I* certainly got lots of positive comments about our interchange. ;-). > Fuck off, to be blunt. You've got to learn to start making actual points, > and not trying to show your writing chops from the Hunter S. Thompson > Correspondence School of Creative Writing. Ah. Tim, are you *jealous*? Of me? Aw, shucks... And *your* mother wears army boots, too. However, in case you missed them, probably because the blood vessels in your eyes were busy hemoraging, I *did* make several points. Allow me to summarize again. They are: 1. Tim's lashing out at Apple because he feels slighted by not being invited first to keynote the MacCrypto conference, though he was in fact invited first, which makes it all mildly ironic, if not humorous. 2. Instead of Tim, Phil Zimmermann *did* speak at MacCrypto, which Phil probably regrets, given the current Mac-GAK flap. 3. Apple's Ms. Hancock, whether or not she's "doing the right thing" by helping the Feds spy on us all, or whether she just thinks corporate, but not government, key "recovery" is, by itself, okay, has clearly stuck her foot in her mouth, in the much same way that Mr. Barksdale(?) of Netscape did last year. Unfortunately, Apple probably won't be as quick to react as Netscape was, because, as an industrial corporation -- like Microsoft -- Apple may live *on* the net, but it is certainly certainly not *in* the net, like Netscape, or you, or I am, Tim. 4. I expect that the people in the Macintosh Crypto community, and the Mac internet community in general, will do their best to disabuse her of any notions she may have in regard to GAK. It has already started to happen. 5. A lot of real good work was done at MacCrypto, which was a resounding success, despite Tim's early efforts to piss all over it, which he seems to be carrying forward to the present. No problem. That's what seaboots are for. > Fuck off. Back into my killfile you go. Ah. A waste of a good summary. Oh, well. :-). It's interesting to note that the only person who is supposed to be in your killfile is Perry Metzger, even though you respond to him anyway, especially when he says something which offends your vanity. So, such a killfiling claim is probably dubious. Since such luminaries as VZNuri, Dr. Vulis, and Jim Bell are *not* in your killfile, evidenced by your voluminous replies to them, your killfiling me can't be much of a threat, on its face, or, for that matter, to my reputation here on cypherpunks, even. ;-). And, no, Tim, *I'm* not going to put you in my killfile, because *almost* always, though it's becoming harder to see for all the fulminatory theatrics, you're spot on. I believe that, for some reason, I got off on the wrong foot with you from my very first posting, more than two years ago last June. Your nasty crack about the MacCrypto conference is just one of a series of personal fusilades in what seems to be an ongoing pissfight. I bet you wouldn't have given MacCrypto a passing thought, otherwise. The cost of doing business on cypherpunks, I suppose. One gets used to it. So, have a nice day, Tim, and don't forget your seaboots. It's getting wet out here. Again. Cheers, Bob Hettinga ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From deviant at pooh-corner.com Fri Oct 4 15:56:42 1996 From: deviant at pooh-corner.com (The Deviant) Date: Sat, 5 Oct 1996 06:56:42 +0800 Subject: Fw: Re: ITAR satellite provision In-Reply-To: Message-ID: On Thu, 3 Oct 1996, Black Unicorn wrote: > Date: Thu, 3 Oct 1996 17:07:47 -0400 (EDT) > From: Black Unicorn > To: jim bell > Cc: Remo Pini , cypherpunks at toad.com > Subject: Re: Fw: Re: ITAR satellite provision > [...] > "A launch vehicle or payload shall not, by reason of the launching of such > vehicle, be considered an export for purposes of this subchapter." > > Focus on "by reason of launching of such vehicle," > > Launching a vehicle alone is not export. It takes more than launch to > make it an export. More than the launching is not much. [...] > -- > I hate lightning - finger for public key - Vote Monarchist > unicorn at schloss.li > So.. if I were to take PGP, put it on a floppy disk, tape it to a model rocket, and launch it across the mexican border, that's not exporting it (although the FAA might complain)? --Deviant "Whatever you do will be insignificant, but it is very important that you do it." --Mahatma Gandhi From se7en at dis.org Fri Oct 4 16:02:17 1996 From: se7en at dis.org (se7en) Date: Sat, 5 Oct 1996 07:02:17 +0800 Subject: Speaker Wanted Message-ID: I need someone who can give a speech on Contingency Disaster Planning from November 4-6 in Northern California to the computer security group at NASA AMES. Female speakers are encouraged as well. All expenses would be paid as well as a speaker fee for each individual day. While this is a *one time* event, it may be possible that it would lead to other engagements on a periodic basis both across the US, and infrequently in Japan and Europe. Email me if interested or if you need more information. se7en From dougr at skypoint-gw.globelle.com Fri Oct 4 16:03:30 1996 From: dougr at skypoint-gw.globelle.com (Douglas B. Renner) Date: Sat, 5 Oct 1996 07:03:30 +0800 Subject: DESCrack keyspace partitioning In-Reply-To: <01BBB163.FC317940@geeman.vip.best.com> Message-ID: On Thu, 3 Oct 1996, geeman at best.com wrote: > Seems to me that a _subset_ of all possible keys is much more likely > to appear than a random selection from an equidistributed population 0..2^56. This is a contradiction. Unless you were defining "subset" using a specific weakness in a specific RNG, in which case your argument would have been a tautology, saying nothing. > (P)RNG's just aren't that likely to produce a key of 010101010..... > nor 001100110011... etc etc and I have been thinking about how one might formalize > and exploit this randomness property to increase the probability of finding the key sooner. RNG's are written to maximize randomness of of the numerical _value_ of the integer, independent of any arbitrary radix, including binary. The "property" you describe is imaginary. Like the Gambler's Fallacy, it's an artifact of our own cognitive functioning, and does not exist in the real world. . . . The radix is 13. The answer is 42. The question is "What do you get when you multiply 6 by 9?" Let any search begin with self-knowledge... Douglas B. Renner From rah at shipwright.com Fri Oct 4 16:04:02 1996 From: rah at shipwright.com (Robert Hettinga) Date: Sat, 5 Oct 1996 07:04:02 +0800 Subject: Cybertax Message-ID: --- begin forwarded text MIME-Version: 1.0 Date: Fri, 4 Oct 1996 10:17:00 -0500 Reply-To: Law & Policy of Computer Communications Sender: Law & Policy of Computer Communications From: Evelyn Brody Organization: Chicago-Kent College of Law Subject: Re: Cybertax Comments: To: loukidej at tor.gpv.com To: CYBERIA-L at LISTSERV.AOL.COM The U.S. Treasury Department and other agencies are quite interested in these issues. In September, at a 2-day conference in Washington, DC, on electronic money and banking, Internal Revenue Commissioner Margaret Richardson described the concerns of tax commissioners world-wide about digital currency. Treasury will be issuing a White Paper in the next month or two that will request comments from the public on a range of tax and policy legal issues relating to electronic commerce. These issues will include, among others, permanent establishment, U.S. trade or business, and compliance and enforcement. See the news story in _Tax Notes_ magazine, Sept. 23, 1996, at 1588, by Ryan Donmoyer, "Tax Principles Must Be Applied to Wired Economy, Richardson Says." (A version of this story is also available electronically in LEXIS, Fedtax Library, TNT file (as a new search).) EB --- end forwarded text ----------------- Robert Hettinga (rah at shipwright.com) e$, 44 Farquhar Street, Boston, MA 02131 USA "'Bart Bucks' are not legal tender." -- Punishment, 100 times on a chalkboard, for Bart Simpson The e$ Home Page: http://www.vmeng.com/rah/ From vznuri at netcom.com Fri Oct 4 16:05:41 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Sat, 5 Oct 1996 07:05:41 +0800 Subject: legality of wiretapping: a "key" distinction Message-ID: <199610042004.NAA27789@netcom7.netcom.com> reponses to my last post were very illuminating and interesting, and one key point by someone-or-other caught my attention. he made the distinction of "search and seizure" made with the knowledge of the person involved, and "search and seizure" such as wiretapping done without the knowledge of the person surveilled. if one were to try to say that wiretapping was unconstitutional, it seems one would have to define why it is an *unreasonable* kind of search and seizure. and this distinction might be a great, prime candidate: because the participant is *unaware* of the "seizure," there is too great a potential for abuse. it seems to me many people's fears here boil down to this fear of the government surveilling them without their knowledge, of them being denied the right to choose to be in contempt of court and reject handing over information when presented with a warrant/subpoena. (is this a right? is it being broken by surreptitious surveillance?) == I am really amazed that there isn't much case law on wiretaps, which have been around a long time. at least it is rarely quoted here. what exactly is a legal wiretap? has anyone challenged the fundamental authority of the government in making wiretaps in which subjects are unaware of the metaphorical "search and seizure" going on? recent Bernstein and Junger cases are going to be fantastic milestones in our legal system for challenging the cryptographic status quo. I wonder if cpunks might be interested in challenging the wiretap status quo!! it would seem like the first logical step. the FBI has often said they don't want to expand their powers in wiretapping areas. but are those powers they have right now legitimate? if they are not, as many here seem to argue, then they ought to be challenged in court ala the one-man-guerilla attacks like Bernstein and Junger. (any takers? ) anyway, I propose that cpunks try to collect all the minutia in the case law about wiretaps and try to make the case that wiretapping that the FBI has enjoyed is itself not legitimate, and therefore any extension of it (such as Clipper) is also illegitimate. == more and more I wonder if this is one of the key differences between libertarian and spook bureacrat's views on GAK, key escrow, key recovery (let us put it all under the heading "key access"). the spooks seem to emphasize that they should be able to get access to communications without giving anyone the opportunity to refuse or possibly even know about such access. libertarians seem to insist that this is a violation of privacy and due process etc. I think there may be a legitimate argument here that might have legal merit that a reasonable "search and seizure" ought to involve the knowledge of the participant, and that unreasonable searches and seizures often do not. hence, wiretapping without suspect agreement may be illegal? (in all the other ways that evidence is obtained through warrants/subpoenas, one needs the cooperation of the suspect?) obviously the government would argue that the cooperation of the suspect is irrelevant and impossible. what exactly does it mean to "present a warrant" or subpoena? is there a right to refuse such a subpoena similar to the way one is guaranteed freedom from self-incrimination? From snajdr at pvt.net Fri Oct 4 16:07:16 1996 From: snajdr at pvt.net (Petr Snajdr) Date: Sat, 5 Oct 1996 07:07:16 +0800 Subject: WINDOWS NT ???? In-Reply-To: <199610041914.OAA00187@smoke.suba.com> Message-ID: <3254F5FD.DA54534@pvt.net> snow wrote: > > > pclow wrote: > > > Adamsc wrote: > > > > > is Windows NT secured system ? > > > NT? Secured? hahahahahahahahahahahahahahahahhahahahahahahaha > > 8-) > > How ? > > By turning off the machine, unpluging the ethernet, moving the > hard drive to another state... > 8-) ..and Os/2,unix .etc.etc. not ? -- Petr Snajdr *--------------------------------------------------------------* | "640K should be enough for anybody." - Bill Gates | | | | "OS/2 is destined to be a very important piece of software. | | During the next 10 years, millions of programmers and users | | will utilize this system." - Bill Gates (Again) | *--------------------------------------------------------------* From deviant at pooh-corner.com Fri Oct 4 16:09:35 1996 From: deviant at pooh-corner.com (The Deviant) Date: Sat, 5 Oct 1996 07:09:35 +0800 Subject: How to fight GAK by obeying the law In-Reply-To: <199610040457.VAA25485@server1.chromatic.com> Message-ID: On Thu, 3 Oct 1996, Ernest Hua wrote: > Date: Thu, 3 Oct 1996 21:57:54 -0700 (PDT) > From: Ernest Hua > To: cypherpunks at toad.com > Cc: hua at chromatic.com > Subject: How to fight GAK by obeying the law > > It seems that the best method for fighting GAK is to accelerate > wide-spread domestic use of freely redistributable non-GAK crypto. > > The Lynux automatic firewall concept that John Gilmore is pushing is a > great idea, but it is still brewing, and he's shooting for developing > an exportable ... er ... importable version. That will take much time > to develop, and time is what we don't have much of. > > We need to work on applications, API's, flexible software modules, etc. > and the primary reason we cannot do it so easily is because we cannot > redistribute the software so easily. > > First thing we definitely need is a way to determine with fairly good > accuracy, whether a host is in the U.S. This MUST be an automagic > mechanism ... no person involved so there is little delay in getting > the goodies. The best implementation would automatically set the > group of an incoming anonymous FTP session daemon to a special group > if there is a high degree of certainty that the originating host is > within the U.S. > > Second thing we definitely need is a convenient way and universal way > to clearly notify the recipient of the current export restrictions of > such software, so that the recipient knows what he/she is in for. > > Basically, we have to do our best to NOT violate the law, no matter > how much we hate it. What the government wants to happen is that > everyone will get hooked on GAK, and it will be too inconvenient to > use something else. A good counter-strategy is to get everyone hooked > on the good stuff. > > Right now, the FBI/NSA is looking for an excuse to prosecute anyone > not jumping on their bandwagon. We have to avoid give them an excuse > to prosecute us while still enabling rapid application development. > > Communication and distribution are key. > > Ern > While I think your ideas are certainly good, and will work out well, they are not necisarily the "best" way (although, any means to the same ends are essentially the same, assuming no drastic measures, i.e. Machavelian concepts). Its a shame that in the US, teachers seem to be afraid to teach the term "Civil Disobediance". I think its a shame that people in 20th Century America are afraid to stand up against their government. I'm not saying rebel in the streets, but there are certainly other things one can do when a law is unjust. One idea is simply to give them so many cases that they can't _POSSIBLY_ pros^H^H^Hersicute them all. If _EVERY ONE_ of us went and made it perfectly obvious that we beleived the ITAR is wrong, forceful implementation of GAK is bad, and that we don't give a fuck what they think, or that its "illegal" to export crypto, then they wouldn't stand a chance. Just a suggestion. I'm certainly not a brave enough person to do this, but I wish someone was. --Deviant Blood is thicker than water, and much tastier. From paul at fatmans.demon.co.uk Fri Oct 4 16:09:46 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Sat, 5 Oct 1996 07:09:46 +0800 Subject: DESCrack keyspace partitioning Message-ID: <844458782.11259.0@fatmans.demon.co.uk> > Seems to me that a _subset_ of all possible keys is much more likely > to appear than a random selection from an equidistributed population 0..2^56. No, this is not true of a good PRNG > (P)RNG's just aren't that likely to produce a key of 010101010..... > nor 001100110011... etc etc and I have been thinking about how one might formalize > and exploit this randomness property to increase the probability of finding the key sooner. Good PRNGs are as likely to produce these key values as anything else. the reason random looking patterns occur more often is because there are more of them. > Is not the lack of predictability a predictable, and therefore exploitable, attribute? The fact is a PRNG may *LOOK* predictable, ie. 111000111000 but the next bit will have an equal probability of being a 0 as a 1. > Any thoughts here? None whatsoever. Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: 5BBFAEB1 "Don`t forget to mount a scratch monkey" From vznuri at netcom.com Fri Oct 4 16:11:25 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Sat, 5 Oct 1996 07:11:25 +0800 Subject: DESCrack keyspace partitioning In-Reply-To: <325501C5.167EB0E7@systemics.com> Message-ID: <199610042021.NAA29619@netcom7.netcom.com> of course, any number in the range of a random number generator is theoretically as likely/unlikely to appear. however, consider the case in which DES keys are generated from ascii sequences or words that people enter in at password prompts, which is in fact how the unix passwd file word. these obviously have far less randomness and Gary's attempt to narrow the keyspace is highly relevant. also, I took his post as suggesting that some parts of the keyspace ought to be searched at higher priority than others. in the above example, keys that correspond to ascii sequences typable on a keyboard should be searched first in the keyspace. a lot of systems use DES only in conjuction with a one-time-key generated for a particular message. (similar to the way PGP uses IDEA for the session key, and transmits this encoded key using RSA). in general I would say these could be considered random in a way that the previous "less-than-random" property doesn't hold. From paul at fatmans.demon.co.uk Fri Oct 4 16:33:06 1996 From: paul at fatmans.demon.co.uk (paul at fatmans.demon.co.uk) Date: Sat, 5 Oct 1996 07:33:06 +0800 Subject: The Right to Keep and Bear Crypto Message-ID: <844458781.11258.0@fatmans.demon.co.uk> > Crypto relevancy? Well, the so-called "gun nuts" have already tolerated far > more regulation and restriction of guns than we should ever accept. But if > we use their tactics, can we expect any better results? I don`t know so much about the US law, but here in the UK the problem with the gun lobby and the campaigns against internet controls are purely volume and not technique, there has not been enough done. In the UK now we are looking at a total ban on handguns, within 5 or 10 years all guns will probably be banned, the shit has seriously hit the fan over here, all because of the Dunblane murders (15 or so schoolchildren killed by a nutter with a legally owned (licenced) handgun) The fact is the police fucked up, he was known to be a loner and a child molester and they granted him a firearms licence. In addition the media have played a big part too, I don`t know if the US mainstream paper media is as bad as the UK`s but we have about 5 papers which I wouldn`t wipe my ass on, such as the sun, the mail, the mirror etc. all of which have, at sometime during the ordeal used the exact words below: Gun owners are big children who like to play with dangerous toys All gun owners are dangerous psychopaths They have also described gun lobby activists as "gun toting" and "obsessed with firearms" More has got to be done before the USA goes the same way, I sure as hell won`t be living in the UK much longer if the law continues to change like it has. Fuck them all, that is really all I can say, don`t let it happen to you kids... Datacomms Technologies web authoring and data security Paul Bradley, Paul at fatmans.demon.co.uk Paul at crypto.uk.eu.org, Paul at cryptography.uk.eu.org Http://www.cryptography.home.ml.org/ Email for PGP public key, ID: 5BBFAEB1 "Don`t forget to mount a scratch monkey" From snow at smoke.suba.com Fri Oct 4 17:17:36 1996 From: snow at smoke.suba.com (snow) Date: Sat, 5 Oct 1996 08:17:36 +0800 Subject: WINDOWS NT ???? In-Reply-To: <325488A8.4F27BCF7@pvt.net> Message-ID: <199610041914.OAA00187@smoke.suba.com> > pclow wrote: > > Adamsc wrote: > > > > is Windows NT secured system ? > > NT? Secured? hahahahahahahahahahahahahahahahhahahahahahahaha > 8-) > How ? By turning off the machine, unpluging the ethernet, moving the hard drive to another state... Petro, Christopher C. petro at suba.com snow at smoke.suba.com From deeb at x.org Fri Oct 4 17:30:44 1996 From: deeb at x.org (Stephen Humble) Date: Sat, 5 Oct 1996 08:30:44 +0800 Subject: Clipper III on the table In-Reply-To: Message-ID: <9610042054.AA22661@hydra.cde.x.org> dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) sez: > If I own a computer and some contractor is writing something on it > for me, I should have the right to tell the contractor that I don't > want, e.g., any unlicences software and any data encrypted so that I > can't read it. well, it's *your* computer... > Likewise the gubmint or a corporation bigger than mine is free to > say that there should be no data on its computers or its contractors > computers that they can't read. Whoa! Unless the service contracted for includes the use of the contractors' computers, what business does the employer have poking around in someone else's computer? I can easily see Big Brother demanding exactly that, but He won't hire me under those conditions. Or was that just a slip of the mind, assuming large organizations should have greater powers than smaller ones? I do that too much myself. Stephen From jimbell at pacifier.com Fri Oct 4 17:41:04 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 5 Oct 1996 08:41:04 +0800 Subject: Fighting Clipper III Message-ID: <199610041617.JAA17746@mail.pacifier.com> At 08:37 PM 10/3/96 -0700, Declan McCullagh wrote: >IBM truly does deserve to be criticized, soundly. When I get a chance I'll >write up the report of what happened at yesterday's IBM "let's recruit >industry to join our alliance" confab session that took place in the >afternoon at their DC lobby-office. It was supposedly closed to the >press. :) > >-Declan If those "Big Brother Inside" stickers are re-printed, in fine print should be included a web-page at which more information could be obtained. See, I anticipate actually visiting local hardware/software sellers and placing those labels. Including an address would allow people to get far more information, and get involved. Jim Bell jimbell at pacifier.com From jya at pipeline.com Fri Oct 4 17:42:42 1996 From: jya at pipeline.com (John Young) Date: Sat, 5 Oct 1996 08:42:42 +0800 Subject: KRF_eat Message-ID: <199610041735.RAA19781@pipe1.ny2.usa.pipeline.com> A roundup of press reports on GAK: "IBM, other firms, in data encryption alliance" The consortium was initiated by IBM. "Export controls are a fact of life," said Jim Bidzos. "U.S. To Loosen Computer Code Restrictions" "It's wrongheaded, and it's going backward," Peter Harter, at Netscape, said. "U.S. Export of High-Tech Devices Planned" CDT's Danny Weitzner said U.S. companies' and citizens' encrypted communications sent over the Internet could be vulnerable to "improper foreign government access." The administration doesn't want that to happen and is working with major trading partners and other countries to adopt plans that are consistent with the U.S. plan and to expedite electronic key recovery by law enforcement, the CIA's Deutch said. "IT Execs, Lawmakers Reactions Mixed on Encryption Plan" Rick Cardona, a security technology engineer at security software maker TradeWave Corp., said the law doesn't go far enough. "I think this is part of a trend. It's only a matter of time before the government will allow exports of 128-bit key software." "NCR Corp. Joins Alliance To Develop Exportable, Worldwide Strong Encryption " "We also look forward to the rapid movement of the work of the alliance into an established standards- based consortium body." "TradeWave meets new government data encryption requirements" Although other Internet software security companies have announced their intention to support this new key-recovery requirement, no other Internet Web security software company currently offers this service to its customers besides TradeWave. TradeWave's current customers, which include over 350 electric power companies representing over 70% of the electric power industry, are using the TradeVPI software and services which include this key recovery feature. ----- http://jya.com/krfeat.txt (22 kb for 6) ftp://jya.com/pub/incoming/krfeat.txt KRF_eat From adam at homeport.org Fri Oct 4 17:44:32 1996 From: adam at homeport.org (Adam Shostack) Date: Sat, 5 Oct 1996 08:44:32 +0800 Subject: Can we kill single DES? In-Reply-To: Message-ID: <199610041744.MAA05403@homeport.org> DB only has 64 Pentiums. There are lots of small businesses with more compute power. Much more useful to sell IBM on the idea of a Christmas Tree screen saver. :) Adam Bruce M. wrote: | > A Linux port (Pentium) would be *very* good - lots of Linux people tend to by | > pro-cpunk. Ditto for OS/2. And who knows, if you hyped the business | > aspects enough you might even find IBM or some other large corp willing to | > donate some time on large system. | | Maybe Deep Blue gets bored in between its chess matches. :) -- "Every year the Republicans campaign like Libertarians, and then go to Wasthington and spend like Democrats." Vote Harry Browne for President. http://www.harrybrowne96.org From jimbell at pacifier.com Fri Oct 4 18:09:05 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 5 Oct 1996 09:09:05 +0800 Subject: Fw: Re: ITAR satellite provision Message-ID: <199610042101.OAA08867@mail.pacifier.com> At 08:09 PM 10/4/96 +0000, The Deviant wrote: >On Thu, 3 Oct 1996, Black Unicorn wrote: >[...] >> "A launch vehicle or payload shall not, by reason of the launching of such >> vehicle, be considered an export for purposes of this subchapter." >> >> Focus on "by reason of launching of such vehicle," >> >> Launching a vehicle alone is not export. It takes more than launch to >> make it an export. More than the launching is not much. >[...] >> -- >> I hate lightning - finger for public key - Vote Monarchist >> unicorn at schloss.li >> > >So.. if I were to take PGP, put it on a floppy disk, tape it to a model >rocket, and launch it across the mexican border, that's not exporting it >(although the FAA might complain)? That's _my_ interpretation. I look at it this way: Missile launches can 1. Return to the country of origin. 2. Splash down in International waters. 3. land on foreign soil. 4. Orbit for awhile and land "somewhere." 5. Orbit essentially forever. 6. Go somewhere in space other than an earth orbit. All this stuff is obvious to the people who wrote the regulation. In addition, it is not necessarily certain which of these outcomes will occur in any given launch. The terminology in the rule above does not distinguish any of these outcomes. In the absense of further clarification, it is logical to conclude that which particular route the missile subsequently takes is irrelevant to the applicability of the exception. This is particularly true, since the writers of that regulation were free to add clarification should they have chosen to do so. Further, that they DIDN'T "clarify" is logical, because if the outcome of any given missile may be uncertain, and assuming that this regulation was written as a mutual-suck-up maneuver between government and industry, it is reasonable to assume that the regulation would be interpretated to immunize the launcher regardless of the launch's outcome. One can reasonably suppose that Rockwell wouldn't want to be declared in violation of ITAR simply because the second stage of a rocket failed and dropped a crypto-carrying satellite onto China. Jim Bell jimbell at pacifier.com From iang at cs.berkeley.edu Fri Oct 4 18:11:27 1996 From: iang at cs.berkeley.edu (Ian Goldberg) Date: Sat, 5 Oct 1996 09:11:27 +0800 Subject: Export laws don't just affect crypto In-Reply-To: Message-ID: <53407h$5gn@abraham.cs.berkeley.edu> -----BEGIN PGP SIGNED MESSAGE----- In article <199610011632.MAA01864 at jekyll.piermont.com>, Perry E. Metzger wrote: > >Lucky Green writes: >> > Umm, so are you violating ITAR if you *use* these GPS-guided missiles >> >> No you aren't. A little known provision in the ITAR excempts exports >> by missile. Seriously. > >Well, not quite -- it exempts exports by space launch, but I think >thats intended for things like satelite launchings and not for things >like missile attacks against other countries... > And I quote: # (6) A launch vehicle or payload shall not, by reason of the launching of # such vehicle, be considered an export for purposes of this subchapter. # However, for certain limited purposes (see @ 126.1 of this subchapter), # the controls of this subchapter may apply to any sale, transfer or # proposal to sell or transfer defense articles or defense services. - Ian -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMlWELkZRiTErSPb1AQHn6QQAiylUndaqWbsVTScmyzn8dQlWS1vOx8tK mBZlPlz0pvMY8jEi0pxT8PHsF2RI7vCi5yE4Z1PHAPDOUesrQiSZERzAlzRkxXgf t2qn1ZSrlsgIEN50ttDoEu2geF74nakKeb4LtsTAmA7+dfceVZlu9v5sWfcoeAX/ utB5JYLMzz4= =fbOv -----END PGP SIGNATURE----- From tcmay at got.net Fri Oct 4 18:36:31 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 5 Oct 1996 09:36:31 +0800 Subject: Did Sun get a sweetheart deal? In-Reply-To: <199610040109.SAA23900@slack.lne.com> Message-ID: At 1:50 AM -0400 10/4/96, Simon Spero wrote: >On Thu, 3 Oct 1996, Eric Murray wrote: >> In addition, I had lunch today with the people I used to work >> with/for at Sun, who're probably the most likely to be asked to implement >> such a thing. They haven't heard anything about it and were quite dismayed >> at the whole idea. > >I'd love to know what John Gage says about this, since in the past I >believe he's used been "Over My Dead Body" on GAK. You hadn't heard? Sadly, John Gage was run over in the Sun Microsystems parking lot two weeks ago. The driver was not apprehended, but an APB for hit-and-run is out on black Ford Contintental with the license plate "WeBeSpooks." Jim Bidzos was narrowly missed by the same car, and now supports GAK. --Klaus! von Future Prime "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM that the National Security Agency would try to twist their technology." [NYT, 1996-10-02] We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From unicorn at schloss.li Fri Oct 4 18:44:31 1996 From: unicorn at schloss.li (Black Unicorn) Date: Sat, 5 Oct 1996 09:44:31 +0800 Subject: Fw: Re: ITAR satellite provision In-Reply-To: <199610042101.OAA08867@mail.pacifier.com> Message-ID: On Fri, 4 Oct 1996, jim bell wrote: > At 08:09 PM 10/4/96 +0000, The Deviant wrote: > >On Thu, 3 Oct 1996, Black Unicorn wrote: > >[...] > >> "A launch vehicle or payload shall not, by reason of the launching of such > >> vehicle, be considered an export for purposes of this subchapter." > >> > >> Focus on "by reason of launching of such vehicle," > >> > >> Launching a vehicle alone is not export. It takes more than launch to > >> make it an export. More than the launching is not much. > >[...] > >> -- > >> I hate lightning - finger for public key - Vote Monarchist > >> unicorn at schloss.li > >> > > > >So.. if I were to take PGP, put it on a floppy disk, tape it to a model > >rocket, and launch it across the mexican border, that's not exporting it > >(although the FAA might complain)? > > > That's _my_ interpretation. I look at it this way: Missile launches can > > 1. Return to the country of origin. > 2. Splash down in International waters. > 3. land on foreign soil. > 4. Orbit for awhile and land "somewhere." > 5. Orbit essentially forever. > 6. Go somewhere in space other than an earth orbit. > > All this stuff is obvious to the people who wrote the regulation. In > addition, it is not necessarily certain which of these outcomes will occur > in any given launch. The terminology in the rule above does not > distinguish any of these outcomes. In the absense of further clarification, > it is logical to conclude that which particular route the missile > subsequently takes is irrelevant to the applicability of the exception. > > This is particularly true, since the writers of that regulation were free to > add clarification should they have chosen to do so. Further, that they > DIDN'T "clarify" is logical, because if the outcome of any given missile may > be uncertain, and assuming that this regulation was written as a > mutual-suck-up maneuver between government and industry, it is reasonable to > assume that the regulation would be interpretated to immunize the launcher > regardless of the launch's outcome. One can reasonably suppose that > Rockwell wouldn't want to be declared in violation of ITAR simply because > the second stage of a rocket failed and dropped a crypto-carrying satellite > onto China. I could make a practice around you alone if I were disposed to take malpractice cases and if you had a license to practice law. > > Jim Bell > jimbell at pacifier.com > -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From tcmay at got.net Fri Oct 4 18:44:55 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 5 Oct 1996 09:44:55 +0800 Subject: DESCrack keyspace partitioning In-Reply-To: <01BBB163.FC317940@geeman.vip.best.com> Message-ID: At 7:48 PM -0700 10/3/96, geeman at best.com wrote: >What about the heuristics of partitioning the keyspace? > >Seems to me that a _subset_ of all possible keys is much more likely >to appear than a random selection from an equidistributed population 0..2^56. > >(P)RNG's just aren't that likely to produce a key of 010101010..... >nor 001100110011... etc etc and I have been thinking about how one might >formalize >and exploit this randomness property to increase the probability of >finding the key sooner. A PRNG is of course "just as likely" to produce 01010101010101...010101 as it is to produce, say, "01110011101010....010100001010001001010 or any other of the possible seequences. The key is that 01010101010101...010101 is a "special sequence," just like a "royal flush" is a "special hand" in poker. The formalism for this is "algorithmic information theory," or "descriptive complexity theory," developed more or less independently by Kolmogoroff, Chaitin, Martin-Lof, and others, mostly in the 1960s. The core idea is this: "a number is random if it has no shorter description than itself." That is, a random number is not compressible. In the example above, the sequence "01010101010101...010101" has a simple generating algorithm: "alternating 0s and 1s," and this is a shorter description than the actual sequence. Naturally, there are relatively few sequences with short descriptions (translation: "nearly all" sequences "look to be random"). (One of the exciting conclusions is that no number can ever be _proved_ to be random, via the Halting Problem, so I use the very term "random" with this in mind. Substitute a more nuanced "a number believed to be random" for every occurrence of "random." We can say that a number was generated from, say, what we believe to be a "naturally random" process, e.g., radioactive decay, but we cannot prove the number is random. We can of course prove it to be nonrandom if we can find a generator which consistently generates it. This is the essence of von Neumann's comment that the output of a PRNG algorithm cannot be random.) These ideas are closely related to notions of entropy, compressibility, etc. The standard works in English are by Gregory Chaitin, at IBM. He has several books out, including a collection of his articles, "Information and Randomness." Also, several readable articles in "Scientific American." He also has an extensive Web site, last I looked, so some searches on his name and/or algorithmic information theory should produce good results. --Tim May "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM that the National Security Agency would try to twist their technology." [NYT, 1996-10-02] We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jya at pipeline.com Fri Oct 4 18:53:19 1996 From: jya at pipeline.com (John Young) Date: Sat, 5 Oct 1996 09:53:19 +0800 Subject: ABA Likes GAK Message-ID: <199610041740.RAA19910@pipe1.ny2.usa.pipeline.com> 10-03-96 at 19:09 EDT, American Banker Banks Like Export Plan for High-Power Encryption By Drew Clark ----- "Banks have really taken a leadership role in the responsible management of cryptography," said a senior Clinton administration official who asked not to be named. "Banks are already doing what we want other organizations to do: safeguarding their keys and providing them, when necessary, to law enforcement." "Providing 56-bit encryption with key recovery doesn't help us," said Netscape spokeswoman Chris Holton. "The government is saying that you can export it but you have to provide us with the keys. We feel that is extortion on the part of the government." "We are making the best of a bad situation," said Scott Schnell, vice president of marketing for RSA Data Security. ----- Bank technology experts have reacted favorably to the Clinton administration's proposal to liberalize the development and sale of strong data security tools. This week, the government said it would lift export restrictions on certain kinds of cryptography, provided U.S. companies agree to cooperate with a procedure that would give law enforcement officials access to the "keys" of such codes, upon presentation of a warrant. Banks were heartened by the announcement because many view the widely used Data Encryption Standard - a low-level form of data scrambling - as inadequate protection against the rising computer power of so-called hackers. Though banks can use a complex 56-bit data encryption key for financial transactions, sensitive communications with overseas branches are limited to a less powerful 40-bit standard. Banks hope that a loosening of restrictions in general will benefit them, too. "This policy announcement is better than anyone expected," said Kawika M. Daguio, federal representative at the American Bankers Association in Washington. "It is gravy for us, but it's the meat and potatoes for the hardware and software industries." "Banks probably won't be adversely affected," said Stewart A. Baker, a partner at Steptoe & Johnson, a Washington law firm, "and they will be left pretty much where they were before." The announcement by Vice President Al Gore said that controls over powerful encryption technology would be lifted as the government and private sector develop a "key recovery" system. (International Business Machines Corp. already has stepped forward to head a consortium dedicated to creating such a system.) Current law forbids the export of computer hardware or software that uses cryptographic codes with digital "keys" - randomly generated combinations of 0's and 1's - longer than 40 bits. The longer the key length, the more impenetrable the code. For three years, the government has said it would permit the general use of more complex cryptography only if the companies using it placed their keys in the hands of the government or a third party. "Key escrow," as it is known in the technical community, is needed in order to prosecute people who have stored evidence of illegal activity on the hard drive of a computer, officials argued. But the private sector - banks included - have balked at handing over such access to any third party. The disagreement gave rise to a compromise system known as "key recovery" in which companies would hold their own keys but could be required to divulge certain information about specific transactions when presented with a court order or warrant. "What is novel is that it doesn't escrow any keys," said Homayoon Tajalli, executive vice president of Trusted Information Systems, Glenwood, Md., one of IBM's consortium partners. "If the government comes and gets this data with a court order," explained Mr. Tajalli, "then they take a digital lockbox from the third party or parties that hold it, and they read the message." Kathy Kincaid, director of information technology for IBM, said the difference between key escrow and key recovery is analogous to the following approach to securing a house when its owner goes on vacation: Instead of giving a key to two neighbors, the owner gives each neighbor half the combination to a lockbox that holds the key. "You must have both halves and put them together in exactly the right sequence," said Ms. Kincaid. "This provides protection against a single point of attack." Companies participating in development of key recovery systems include: Apple Computer Inc., Digital Equipment Corp., Groupe Bull, Hewlett-Packard Co., NCR Corp., RSA Data Security, Sun Microsystems Inc., Trusted Information Systems, and United Parcel Service. And a government official said banks may even play a role. "Banks have really taken a leadership role in the responsible management of cryptography," said a senior Clinton administration official who asked not to be named. "Banks are already doing what we want other organizations to do: safeguarding their keys and providing them, when necessary, to law enforcement." Heidi Kukis, a spokeswoman for Vice President Gore, said: "This key recovery system is the proper balance between commercial interests and national security." But not all agree. Some argue that the key recovery system still gives the government too much control over information flow. "Providing 56-bit encryption with key recovery doesn't help us," said Netscape spokeswoman Chris Holton. "The government is saying that you can export it but you have to provide us with the keys. We feel that is extortion on the part of the government." "We are making the best of a bad situation," said Scott Schnell, vice president of marketing for RSA Data Security. "The bottom line is that the standard proposed by the government is an insubstantial step in the right direction," he said. "We want to make sure it is usable and prepare for the day that products will be available that do not have this key recovery situation." The government's announcement came three months after a National Research Council report on the role of cryptography in an information-oriented society. The report encouraged liberalization of government standards and questioned the feasibility of the key escrow system then favored by government. "We raised the issue about the security of key escrow systems," said law professor Kenneth W. Dam, chairman of the body that prepared the report, "and we said the government should work on it." "I take it this is an attempt to move in the way of key escrow, with the help of industry," said Mr. Dam. [End] From talon57 at well.com Fri Oct 4 18:56:40 1996 From: talon57 at well.com (Brian D Williams) Date: Sat, 5 Oct 1996 09:56:40 +0800 Subject: [COMMENT][GAK] "GAK from KRAP" Message-ID: <199610042113.OAA08487@well.com> 1) Thanks to Phil Zimmerman the world already has "Pretty Good Privacy." 2) Only an idiot, much less one of the 4 Horsemen would get caught using GAK from KRAP. 3) As the FOIA obtained documents from the Clipper I era indicated, the gubmint knows the only way to make this work is to ban other forms of encryption. 4) That and that alone would be "The Shot Heard 'Round the Net." Brian From jimbell at pacifier.com Fri Oct 4 19:08:22 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 5 Oct 1996 10:08:22 +0800 Subject: MacGAK: Tim has a snit. Again. Message-ID: <199610042132.OAA11336@mail.pacifier.com> At 11:30 AM 10/4/96 -0400, Robert Hettinga wrote: >It's interesting to note that the only person who is supposed to be in your >killfile is Perry Metzger, even though you respond to him anyway, >especially when he says something which offends your vanity. So, such a >killfiling claim is probably dubious. Since such luminaries as VZNuri, Dr. >Vulis, and Jim Bell are *not* in your killfile, evidenced by your >voluminous replies to them, Aw, C'mon Bob! I resent being placed in the same short list as Nuri and Vulis. While some people may consider my ideas to be similarly wacky, I try to not be NEARLY as rude as those other guys (singular?). Jim Bell jimbell at pacifier.com From unicorn at schloss.li Fri Oct 4 19:21:30 1996 From: unicorn at schloss.li (Klaus E. vonEbel) Date: Sat, 5 Oct 1996 10:21:30 +0800 Subject: Fw: Re: ITAR satellite provision In-Reply-To: Message-ID: On Fri, 4 Oct 1996, The Deviant wrote: > On Thu, 3 Oct 1996, Black Unicorn wrote: > > > Date: Thu, 3 Oct 1996 17:07:47 -0400 (EDT) > > From: Black Unicorn > > To: jim bell > > Cc: Remo Pini , cypherpunks at toad.com > > Subject: Re: Fw: Re: ITAR satellite provision > > > [...] > > "A launch vehicle or payload shall not, by reason of the launching of such > > vehicle, be considered an export for purposes of this subchapter." > > > > Focus on "by reason of launching of such vehicle," > > > > Launching a vehicle alone is not export. It takes more than launch to > > make it an export. More than the launching is not much. > [...] > > -- > > I hate lightning - finger for public key - Vote Monarchist > > unicorn at schloss.li > > > > So.. if I were to take PGP, put it on a floppy disk, tape it to a model > rocket, and launch it across the mexican border, that's not exporting it > (although the FAA might complain)? Incorrect. That is exporting it. Launching it is not exporting it. Causing it to land in Mexico is. > > --Deviant > "Whatever you do will be insignificant, but it is very important that > you do it." --Mahatma Gandhi > > > -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From lzirko at c2.net Fri Oct 4 19:26:52 1996 From: lzirko at c2.net (Lou Zirko) Date: Sat, 5 Oct 1996 10:26:52 +0800 Subject: (Firewalls) Where is that Snake Oil FAQ again? Message-ID: <199610042214.PAA13751@infinity.c2.org> -----BEGIN PGP SIGNED MESSAGE----- To: adam at homeport.org, cypherpunks at toad.com Date: Fri Oct 04 18:15:25 1996 This is the same company that made the claim earlier on this list to "break our code and own the company for $1". It definately generated a lot of comments then, I think about six months ago. They changed their name to IPG midway through the process. This should be in the archives. Sorry about the late response to this but I have been unavailable for the last four days working on a project and am just beginning to catch up on sleep and mail. Lou Zirko Lou Zirko (502)383-2175 Zystems lzirko at c2.org "We're all bozos on this bus" - Nick Danger, Third Eye -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: latin1 iQEVAwUBMlWamctPRTNbb5z9AQGoAggAngPrYPYCOp+53BZ3Ns0XJtsI6O/PqUzQ sbxzpROa/blx9O3e1zIxbxPk1+aQcEwUXsnfFbDnciAjouaSnRzIfKG9XJ+cOy5y XRaLzBgZ3lQr3fIp7mHv5n+nsdtrj8mdgmUxYXpO9q+MwTuGL54n12Qw23rJ4KMq TSkBSgJWeqr7Mf1X2bI8ejaIbgImv9dCNFXIF+mUpKea2rarGej7lM1NOFd5FuyT umaFeOcH05pcmC8sYmaabe5i9kmDXztCiGaCD3O101a7JoIh8GOCNjg7blo7q/lZ rw77jyYpsI+3Ra67jWOMRK3p3WeBq9K8XqpP0b0Wo02R5nU1w5UnjQ== =eT3d -----END PGP SIGNATURE----- From hua at chromatic.com Fri Oct 4 19:35:52 1996 From: hua at chromatic.com (Ernest Hua) Date: Sat, 5 Oct 1996 10:35:52 +0800 Subject: Did HP get a sweetheart deal, too? Message-ID: <199610042159.OAA17092@ohio.chromatic.com> Ditto ... I expect Apple and the rest of the "gang" to announce something soon. Ern -------- From: San Jose Mercury (Breaking News) Hewlett-Packard wins $100 million NASA deals PALO ALTO, Calif. (Reuter) - Hewlett-Packard Co. said Friday that it won several contracts with a potential value of $100 million from the National Aeronautics & Space Administration (NASA). The contracts cover scientific and engineering workstation procurement contracts for mechanical computer-aided design and geographic information systems. The contracts cover a four year period. Hewlett-Packard will provide workstations, as well as peripherals, software, training and support services. From fstuart at vetmed.auburn.edu Fri Oct 4 19:52:05 1996 From: fstuart at vetmed.auburn.edu (Frank Stuart) Date: Sat, 5 Oct 1996 10:52:05 +0800 Subject: Sun's GAK position Message-ID: <199610042232.RAA14312@snoopy.vetmed.auburn.edu> I haven't been able to find a position statemnet from Sun Microsystems about the new GAK plan, but it looks like I did find a position. This is from "http://www.sun.com/corporateoverview/CorporateEmployment/LISTINGDIR/JobDetailAUF971004.html": >Created on Oct 01 1996 06:01. To return to: Employment Opportunities Home >Page. >---------------------------------------------------------------------------- > >Sun Employment Req#: AUF971004 > >SUMMARY > >Descriptive Title: System Engineer >Skills: Security & Cryptography Exp. >Functional Area: Engineering: Engineering >Location: Vienna, VA > >DESCRIPTION > >Extensive Security and Cryptography knowledge and skills, ability to >authoratatively present and advocatae security technologies at technical and >public policy levels, confidence and skill at writing and presenting >security documents and presentations. specific knowledge of government >security requirements. A US Government Top Secret SCI and potentially other >clearances will be necessary for this position. >The position of Principal Architect for Security and Networks requires an >individual with the following levels of education, experience and >specialized knowledge. A masters degree in a computer related field or a >bachelors degree in a computer technology and a masters degree in a business >oriented discipline is required. A minimum of twelve years of directly >related experience in computers, computer security and mission critical >systems design, and deployment is also required. Credit for four years >experience may be granted for a candidate with a masters degree in computer >science or computer security. Up to six years experience can be credited for >a PHD in somputer security. The condidate needs experience and >specializedknowledge in the areas of: >Government Security Requirementes, NSA MISSI and DoD DMS programs, Public >policy issues of cryptography and Key Escrow, Current workstation and server >hardware, Trends in network and systems security, Analysis of competing >security products and technologies. Hands-on experience with installing and >configuring computer hardward, Sun's product offerings in the security >arena, NCSC and Common Criteria evaluaations of trusted systems. Export >controls as they apply to encryption and security products. >To be successful in the position the candidatae must be able and willing to >write short analytical papers and long research documents. The position also >requires short notice or extemporaneous presentations on security, >technology and Sun specific subjects to groups of one to two hundred >customers or industry professionals. >A successful candidate must be capable of presenting themselves in an >authoritative fashion on many aspects of security in order to influence >product development in directions advantageous to Sun Federal. the candidate >must also be comfortable and confident when representing Sun and Sun Federal >in government and industry standards bodies and technology forums. >To be successful the candidate must be able to develop, define and >articulate a security vision and to develop support both within and external >to Sun for necessary technological and procedural changes necessary to >accomplish that vision. The condidate must either hold or be capable of >receiving US Government Security Clearances for Top Secret and Special >Compartmented Information. These clearances may require a CI Polygraph test. >This position will be locate in Vienna, VA and report to the Sun Federal >Director of Systems Engineering. >---------------------------------------------------------------------------- >CONTACT: >Employment Agency resumes referred to this posting are considered >unsolicited; Sun does not accept unsolicted resumes. >To apply, please reference the requisition number of AUF971004 and email, >fax or mail your resume, attention Recruiter: Staffing45/OWSMI96, using: > > * Resume Submittal Form > * Email alias: Staffing45 at bruin.corp.Sun.COM [ASCII ONLY, PLEASE] > * Fax number: 630-285-8177 > * Mail Address: > Sun Microsystems, Inc. > 2550 Garcia Avenue > Mountain View, CA 94043-1100 > Mail Stop: UITA01 > >---------------------------------------------------------------------------- > >Employment Opportunities at Sun > >---------------------------------------------------------------------------- | (Douglas) Hofstadter's Law: | It always takes longer than you expect, even Frank Stuart | when you take into account Hofstadter's Law. From azur at netcom.com Fri Oct 4 19:52:22 1996 From: azur at netcom.com (Steve Schear) Date: Sat, 5 Oct 1996 10:52:22 +0800 Subject: The Right to Keep and Bear Crypto Message-ID: >Why is it "disturbing" that for administrative convenience a regulation >uses a shorthand term (in effect saying "treat crypto as if it was a >munition"), but that the courts say whatever convenient shorthand you use >for regulatory bookkeeping, it has no constitutional effect? > >What would be the advantage of having the government simply re-impose the >ITAR word for word identically for all materials that are not arms in the >constitutional sense? I guess this is the crux of the matter. I believe that most or all of ITAR's munitions should be constitutionally as arms. > >As for your argument that the 2nd Am should be read expansively, rather >than narrowly, personally I doubt strongly that the Framers would have >been unanimous on this. I doubt they were unanimous on most any issue. >Recall that the Articles of Confederation were >abandoned in part due to Shay's rebellion -- and the (majority) >Federalists (of whom the Jefferson you quote WAS NOT a part) managed to >push through a strong centralizing government. Yep, when they saw that some of the principles which help fuel the Revolution could be used to oppose a new order they adopted some of the same tactics and governmental view points of their former oppressors. The original calls for strong states rights and a weak central authority were swept away under Hamilton and early Supreme Court rulings. In some sense, the new government became just different clothing on the same old body. >Recall that the >constitution in its first draft didn't even have a bill of rights! I am >absolutely certain that the Framers recognized that things change over >time, and that they would have intended indeed did intend for us to >interpret the constitution with some degree -- but not too much -- >flexibility. As someone who believes in the importance of fidelity to >legal texts, I think we have a duty to make every word in the Constitution >count. I therefore place weight on the fact that the 2nd amendment is >*unique* in giving the policy reason for the limitation on government >power ("a well-regulated militia" being essential &tc.). This is ample >grounds to read the text as applying only in the context of an organized >militia -- not casual gun ownership -- **whether or not** this complies >with our best (and inevitably fallible) reconstruction of what certain >historical individuals may have thought the text meant, especially if the >historical evidence is mixed. [The Constitution preserves] the advantage of being armed which Americans possess over the people of almost every other nation [where] the governments are afraid to trust the people with arms. --James Madison The Federalist No. 46, 1787 >[PS. Why do you privilege the authors of the bill of rights over the >people who voted for it?] Many of the framers, their mentors (e.g., Machiavelli) and even dyed-in-the-wool pacificists (e.g., Mahatma Gandhi) feared a central authority which, after making arms unavailable to general population would commence to tyranny. If I did I appologize. It was not intentional. > >I might add that I personally find all discussions of plots to kill >people, or to watch gleefully while others seek to do so, so morally >repulsive that I now killfile everyone who takes part in them. I hope that includes all comuniques from our government's Executive branch (although they almost never discuss these things publitically, with the possible exception of our raid on Kadaffi). How about the popular U.S. consensus that the government aught to have killed Saddam? Seems to me that some of the natural rights the people gave the government need to be taken back (such as the perogative for personal actions affecting those outside the U.S.) Though I doubt that the government would ever allow it. Why should the government call all the foreign policy shots and have all the fun? Especially when you see what a poor track record they have. Seems they should step aside for while and let some direct democracy go to work for a change. Thanks for your informative responses. I don't expect a reply as you've undoubtedly placed me in your kill file (as some other may have already). -- Steve From stainles at bga.com Fri Oct 4 21:15:19 1996 From: stainles at bga.com (Dwight Brown) Date: Sat, 5 Oct 1996 12:15:19 +0800 Subject: [Books] Kahn's *The Code Breakers* Message-ID: -----BEGIN PGP SIGNED MESSAGE----- My room-mate just brought me the latest catalog from Uncle Hugo's Science Fiction Bookstore & Uncle Edgar's Mystery Bookstore. The updated edition of Kahn's *The Code Breakers* is listed as being expected by mid-November, with a cover price of $65. (No publisher listed.) Hugo's can be reached at 612-824-6347, or unclehugo at aol.com. No connection except as a satisfied customer. ==Dwight -----BEGIN PGP SIGNATURE----- Version: 2.6ui iQCVAgUBMlW+rYY4AzhdF11FAQEfzwP5AXP/63of9MPefzguLX5n9byRVUPcXOKT cYJNdTGe9ErVb6skDNN7e4PiwlZPSV03OFgntsp9CBFed+2AN/d+EFI3kNyFWQ5p fwEZ2u6VYINaQ0PhYaxneoMrxa+U8gnB5PZ8sa/Pwq4hhf6XxcOk7vUwKsLPQmeX 2KBLVLKeWj8= =f5D5 -----END PGP SIGNATURE----- From snow at smoke.suba.com Fri Oct 4 21:26:47 1996 From: snow at smoke.suba.com (snow) Date: Sat, 5 Oct 1996 12:26:47 +0800 Subject: ADJ_ust In-Reply-To: Message-ID: <199610050158.UAA00123@smoke.suba.com> Mr. Green wrote: > On Wed, 2 Oct 1996, Adamsc wrote: > > I have strong > > doubts that someone would come up with a non-nuke that could destroy stuff > > indiscriminately within a useably large area. > Fuel/air bombs. Wouldn't work real good in a city, and would leave most computers inside buildings working just fine, especially given any predomanance of underground powerlines. Petro, Christopher C. petro at suba.com snow at smoke.suba.com From gbroiles at netbox.com Fri Oct 4 21:27:38 1996 From: gbroiles at netbox.com (Greg Broiles) Date: Sat, 5 Oct 1996 12:27:38 +0800 Subject: Fw: Re: ITAR satellite provision Message-ID: <3.0b28.32.19961004164704.006bc324@ricochet.net> At 08:09 PM 10/4/96 +0000, The Deviant wrote: >So.. if I were to take PGP, put it on a floppy disk, tape it to a model >rocket, and launch it across the mexican border, that's not exporting it >(although the FAA might complain)? As I read the regs, it's not an export at the moment it's launched, but it's almost certainly an export when it reaches Mexican airspace or when it touches Mexican soil. The "rocket exception" is not useful vis-a-vis crypto. Period. I'm very sorry I ever had anything to do with this thread and I'm not posting about it again. -- Greg Broiles | "We pretend to be their friends, gbroiles at netbox.com | but they fuck with our heads." http://www.io.com/~gbroiles | | From dlv at bwalk.dm.com Fri Oct 4 21:33:39 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 5 Oct 1996 12:33:39 +0800 Subject: Clipper III on the table In-Reply-To: <9610042054.AA22661@hydra.cde.x.org> Message-ID: Stephen Humble writes: > > Likewise the gubmint or a corporation bigger than mine is free to > > say that there should be no data on its computers or its contractors > > computers that they can't read. > > Whoa! Unless the service contracted for includes the use of the > contractors' computers, what business does the employer have poking > around in someone else's computer? I can easily see Big Brother > demanding exactly that, but He won't hire me under those conditions. > > Or was that just a slip of the mind, assuming large organizations > should have greater powers than smaller ones? I do that too much > myself. Well, no. I (and any other employer) should be able to specify that if you do work _for me, you do it on either my equipment, or on equipment configured and secured to my standards. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From dthorn at gte.net Fri Oct 4 21:59:37 1996 From: dthorn at gte.net (Dale Thorn) Date: Sat, 5 Oct 1996 12:59:37 +0800 Subject: "Macintosh -- the Surveillance System for the Rest of Us In-Reply-To: Message-ID: <3255CDE2.B17@gte.net> Timothy C. May wrote: > At 1:17 PM -0700 10/3/96, Lucky Green wrote: > >On Thu, 3 Oct 1996, Timothy C. May wrote: > >> I think we should support Microsoft and Netscape in their nonparticipation > >> in the Cabal. Sometimes being an 800-pound gorilla has its advantages. > >Indeed we do need to support Netscape and Microsoft as long as > >they oppose GAK. [some text deleted] > (Why Apple would go along with this, while Microsoft and Netscape are > apparently not playing ball, is incomprehensible to me. Apple risks > alienating its remaining core user base, who often characterize Microsoft > as "the Borg." So, Apple capitulates, while MS does not. I guess the > "Macintosh Crypto Forum" didn't do a lot of good, did it?) [more text deleted] At the risk of offending some people, it occurs to me that there were considerable arguments going around about Windows etc. copying ideas from Apple Mac and so on, but looking at it from the other end, since when does the appearance of crypto programs on a Mac make it something it's not? From jimbell at pacifier.com Fri Oct 4 22:07:03 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 5 Oct 1996 13:07:03 +0800 Subject: legality of wiretapping: a "key" distinction Message-ID: <199610050252.TAA02130@mail.pacifier.com> At 06:10 PM 10/4/96 -0700, Vladimir Z. Nuri wrote: >>It didn't have to be this way. The SC might simply have said that wiretap >>warrants must follow the same rules all other warrants followed, meaning >>that the target is informed of the tap when it is placed. Sure, the police >>would howl, complaining that they'll never hear anything "useful" if the >>target is informed, but then again, the Constitution cannot guarantee that >>any particular search would achieve its intended results. > >but then again, if "we the people" didn't challenge a usurpation of >our rights when it happened, something's wrong here. I've read references to polls which repeatedly show that well over 60% of the public is opposed to wiretaps, period. But no, I'm under no illusion that even a legal challenge would be respected. > hence my >opinion that wiretapping should be challenged in court. Well, I agree it should be challenged, but if anything my point is that the reason it wasn't challenged was the fact that wiretap targets are never given the opportunity. (Note for the clueless out there: An after-the-fact challenge doesn't count. Apparently, "non-incriminating" wiretaps are essentially never announced to the victim...er...target. And judges are sufficiently biased, gutless, and brainless that they almost never throw out the _incriminating_ results of a wiretap warrant. THis is for the same reason Judge Ito didn't throw out the evidence the four crooked detectives got in OJ's house, after jumping the fence without a warrant, claiming that they were afraid somebody was in danger inside. As I'm fond of saying, "Fuhrman pretended to tell the truth, and Ito pretended to believe him.") >>Are police entitled to use thumbscrews if simply asking a question won't get >>the "right" answer"? I don't think so. > >very poor analogy. a rhetorical loser imho characterisitic of >painting the issue in terms of extremism. wiretapping doesn't involve >any physical pain to the surveilled. also it is barely analogous >to "search and seizure" in that there is nothing physical being >seized. (just playing the devil's advocate here) No, not at all. The point is that acknowledged illegal tactics (remember, wiretaps were illegal before 1968, but they were done!) may be unquestionably "useful," but that doesn't mean that they are acceptable. If anything, the fact that cops would use illegal tactics proves that they aren't very good judges of what tactics are appropriate. Furthermore, the fact that telephone companies ALLOWED cops to do illegal wiretaps before 1968 (and even assisted them) proves that you can't depend on them to limit these tactics to reasonable limits. >>One thing that was very important to those who wrote the US Constitution was >>the sanctity of contracts. > >well, if the person entered in a contract with their phone company >to provide protected communications, maybe you'd have a case there. >in fact such a thing is not such a bad idea. Since up until now people have not had a choice, I think it's appropriate to assume that every telephone customer would have been entitled to insist on an anti-wiretap clause, and got it. >>As I understand it, there is a principle in law that all affected parties to >>a dispute must be included in a proceeding. (To ensure that each can protect >>his own rights.) Obviously, targets of wiretaps have not been informed, and >>thus can't possibly have been included. > >on the other hand, there are clear laws that say you can't withhold >evidence. That's misleading. If a cop wants in your house to collect evidence but he doesn't have a warrant, not letting him in is "withholding evidence." But that's obviously okay. So you need to qualify that claim. >>While I'm sure that I will be corrected if this is wrong, somehow I doubt >>whether there has EVER been a "before-the-fact", full challenge of a wiretap >>order _including_ representation for the target of the wiretap. Further, I >>also doubt whether there is frequently ANY SORT of challenge to a wiretap >>by a telephone company, even when the target was not informed. Quite >>simply, the telephone company does not consider itself to be in the business >>of protecting the rights of its customers! And without real challenges, >>there can be no presumed validity to such warrants. > >no, you have it backwards; without real challenges, there >is no validity to anyone trying to defeat the status quo. That depends on whose burden of proof you think it is. Since: 1. Wiretaps were done illegally before 1968, demonstrating that the people involved (cops, government officials) don't think they have to obey the law anyway. This should destroy any presumption on your part that wiretaps are constitutional, because those people are the main ones pushing wiretaps. 2. 60% of the public opposes wiretaps, period. (I think it's arguable that if most of the public decides that society should do without wiretaps, they are entitled to do this. Otherwise, "Who's country is it?") 3. Wiretaps do not resemble ordinary searches, because the target is not informed, and he's not given a chance to challenge them. 4. Wiretaps have "never" been adequately challenged, precisely because the only outside people who know about them have no motivation to do them. (Primarily telephone companies.) I'd say the bulk of the evidence is that the legal system accepts wiretaps simply as a convenience, without genuinely believing that they are constitutional. > >[bernstein, etc] >>Since it has always been legal to use encryption (in the US), they're really >>not "challenging the cryptographic status quo." > >no, ITAR has been around a long time and they are challenging it. you're >mixing up the issue. No, YOU'RE mixing it up. _DOMESTIC_ wiretaps are being compared with DOMESTIC use of encryption. ITAR says nothing about wiretaps. The government is pushing Clipper et al based primarily on domestic wiretap issues. >>I don't know about you, but somehow I'm past the idea that it's possible to >>reliably get unbiased justice in court. Know what I mean? > >ah yes, we revert to the basic cypherpunk nihilist position oft repeated >by lucky green, tcmay etc-- "essentially, we're screwed" Not really. It's just that when there's enough evidence of dishonesty already in the treatment of this issue in the courts, there is no reason to presume that the right decision will be reached in the future. Jim Bell jimbell at pacifier.com From Tunny at inference.com Fri Oct 4 22:14:12 1996 From: Tunny at inference.com (James A. Tunnicliffe) Date: Sat, 5 Oct 1996 13:14:12 +0800 Subject: DESCrack keyspace partitioning Message-ID: >geeman at best.com[SMTP:geeman at best.com] writes: >Another thinking step: most real-world DES keys are derived from hashes. >Not (P)RNGs. >The distributions are **not** uniform. Oh?? >I am talking about FAMILIES of predictable bit patterns in keys, not any >specific pattern. >I'm doing the stats. [...snip...] If you've discovered significant biases in MD5, or some other crypto-strength hash, that could be exploited to speed a keyspace search, that would be newsworthy indeed. I'm skeptical, but please share your results with us. [For context, Mike McNally wrote, in part] >[...] a good >32-bit CSPRNG has only a 1/2^32 chance of producing any particular >bit pattern. Of course, another way of saying that is that it's just >as likely to get an "obvious" bit pattern as it is to get any other >one. You can't just throw away part of the keyspace based on such >bogus reasoning. (There may be other reasons to throw away part of >the keyspace, of course.) Tunny ====================================================================== James A. Tunnicliffe | WWWeb: http://www.inference.com/~tunny Inference Corporation | PGP Fingerprint: CA 23 E2 F3 AC 2D 0C 77 tunny at Inference.com | 36 07 D9 33 3D 32 53 9C ====================================================================== From moroni at scranton.com Fri Oct 4 22:14:32 1996 From: moroni at scranton.com (Moroni) Date: Sat, 5 Oct 1996 13:14:32 +0800 Subject: I resent the word cult. In-Reply-To: Message-ID: The resent the word cult being used to describe my religions. While I don't think it is good to make fun of even one's own religion I really think that it is in bad taste to knock another's religion. Time and bandwidth have been wasted on more than one occasion with your interjecting your personal views about other peoples religions only to find that other people do not view their faiths academically. I think that all religion should be kept off this list . I did not become a member to prostelytise people on this list and did not expect other people to start agitating mormons or moslems or Jews or other faiths. I mind my p's&q's but I don't have and certainly will sit idly by when someone makes my people look bad. Any trouble that you have made starting this thread was done by you so don't complain. Inciderntally, I emailed tilly a great source for soy meats for all those that have emailed me to say that they are returning to the church. On Fri, 4 Oct 1996, Timothy C. May wrote: > > I suppose I'm chagrinned that a thread I named, "Utah as a Religious Police > State," has been followed by *so many* religious flames, pro- and con- > Mormonism. (I use Mormonism as shorthand for LDS...sosumi.) > > My point was not to attack Mormonism, esp. the religious beliefs. > Personally, I think cults are useful in keeping people off the streets > (better than police-enforced curfews). I was mainly challenging Attila's > glowing opinion of how his community "enforces curfews big time." Telling > people when they can be on public streets and when they cannot is no > different than telling them what they can read and what they cannot. > > ("Telling them" in the sense of backing it up with the power of the state. > For example, the LDS church is perfectly free to "tell" its members not to > read the books of, say, Juanita Brooks. However, this may not be enforced > by the government or its police and court arms, so long as Utah is part of > these United States. Period.) > > Personally, I find Mormonism to be a good "survival meme." > Self-preparedness, food storage, self-reliance, etc., are all counter to > the "I'll just let government take care of me" meme which is so common in > the rest of society. I don't cotton to supernatural explanations of the > world, though, so I've never been in involved in any religion (past age 11). > > This is the last thing I'll say on Mormonism. Whether some subset of > settlers committed some set of crimes in Mountain Meadows is a footnote in > history--who really cares about such anomalies? I care more about the > present. > > I still urge Attila to rethink his enthusiastic support of state-enforced > curfews, or state-imposed bans on alcohol (not that I recall him supporting > this particular law), etc. > > --Tim > > "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM > that the National Security Agency would try to twist their technology." > [NYT, 1996-10-02] > We got computers, we're tapping phone lines, I know that that ain't allowed. > ---------:---------:---------:---------:---------:---------:---------:---- > Timothy C. May | Crypto Anarchy: encryption, digital money, > tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero > W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, > Higher Power: 2^1,257,787-1 | black markets, collapse of governments. > "National borders aren't even speed bumps on the information superhighway." > > > > From nobody at zifi.genetics.utah.edu Fri Oct 4 22:17:10 1996 From: nobody at zifi.genetics.utah.edu (Anonymous) Date: Sat, 5 Oct 1996 13:17:10 +0800 Subject: ironic, no? Message-ID: <199610050339.VAA06380@zifi.genetics.utah.edu> "Dr." Vulis - KOTM whines: >What is the crypto-relevance of the above-quoted passage? what is the irony-factor in the above statement? From varange at crl.com Fri Oct 4 22:19:59 1996 From: varange at crl.com (Troy Varange) Date: Sat, 5 Oct 1996 13:19:59 +0800 Subject: FUCK!!!!!!;-) In-Reply-To: <1.5.4.32.19961003141245.006604ec@pop3.interramp.com> Message-ID: <199610050310.AA01791@crl5.crl.com> > >Or maybe this journalist, like most, doesn't know what the fuck he's > >talking about? > > To which this card-carrying member of the media replies: > > Companies cited in the PRESS RELEASE - that means public relations product, > not journalism product - were involved in signing off on what went into the > release. By definition, no member of the press was involved in producing > this document > > It seems directing questions to the companies would be a good idea. > > Will Rodger > Washington Bureau Chief > Interactive Week. You media monopoly asswipes love corporate press releases because your too cheap to hire real journalists. Yes, there's a problem with publishing ADS as news. Look at the magazine shelfs and the newspapers for proof. From santoyof at petersenpub.com Fri Oct 4 22:21:20 1996 From: santoyof at petersenpub.com (Santoyo, Felipe) Date: Sat, 5 Oct 1996 13:21:20 +0800 Subject: Ignorance Message-ID: <9609048444.AA844468635@petersenpub.com> The topics inwhich are discussed here are interesting to say the least, but I need to be brought up to speed. So if anyone could help with this or suggest so good sources of information on this subject I would more than appreciate it. Thanks! Feshnicad at petersenpub.com From travel23 at juno.com Fri Oct 4 22:29:48 1996 From: travel23 at juno.com (The Traveler) Date: Sat, 5 Oct 1996 13:29:48 +0800 Subject: The lesser-known presidential candidates' views Message-ID: <19961004.222423.3230.0.travel23@juno.com> [Article carried by the A.P.] Campaigning mostly in obscurity, these lesser-known men and one woman, have managed to get their names on most if not all 50 state ballots. Here they are: Harry Browne, Libertarian Party: A best-selling investment writer, he's on the ballot in all 50 states. He says the Libertarians ``believe in individual liberty, personal responsibility and freedom from government.'' The party seeks to end income tax and ``to reduce government to the absolute minimum possible.'' Browne, 63, opposes Internet censorship and supports a repeal of the assault weapons ban. The Libertarians have been around for about a quarter of a century. Their platform includes proposals to deregulate the health-care industry, privatize Medicare and Medicaid and legalize drugs. Ralph Nader, Green Party: Primary concerns are environmental, but Nader has long fought against large corporations in the role of consumer advocate. Nader's name is on 21 state ballots. The party hopes to increase that number to 30 and to encourage write-in campaigns in the remaining states. Nader, 62, plans to use his candidacy as the catalyst for starting an ``aggressive political force for the future.'' He says the two major parties have become so similar in their views that voters are left with little choice. When Nader was nominated to head the Green Party ticket, he said, ``It's time this country has a political alternative -- a progressive mainstream that defends consumers and workers against corporate welfare.'' John Hagelin, Natural Law Party: On the ballot in 47 states -- and still trying in New Hampshire, Georgia and Oklahoma -- the Natural Law Party hopes to ``bring the light of science into politics.'' Its platform includes prevention-oriented health care, renewable energy and sustainable agriculture without pesticides. The party also wants a cost-effective government with a safety net that promotes well-being, including a 10 percent flat tax by 2002. Hagelin, 42, is a Harvard-educated physics professor and one of the party's founders. In 1992 he garnered less than 40,000 votes. The Natural Law Party advocates transcendental meditation, contending it can lower the crime rate by setting up meditation groups in prisons, and can serve as a foreign policy tool by supporting groups who practice it in other countries. Howard Phillips, U.S. Taxpayers Party: Hopes to restore American jurisprudence to its ``heritage of biblical liberty,'' abolish the Internal Revenue Service and eliminate federal income taxes, capital gains taxes and inheritance taxes. Phillips' party also supports ending legalized abortion and reducing ``the reach, the grasp and take of the federal government.'' The party platform says that while the United States should be a friend to liberty everywhere, it should only invest and fight to guarantee it for the United States. Phillips, 55, supports dismantling the Education, Housing and Urban Development departments and end government support of the arts. He is on the ballot in about 40 states. Monica Moorehead, Workers World Party: Calls for tripling the minimum wage, making polluters pay for a clean environment, furthering affirmative action and ensuring equal rights for women, lesbians, gays and bisexuals. The party supports big cuts in military spending. Moorehead's party, which is on the ballot in 12 states, believes the election is dominated by the rich and considers the Workers World Party campaign an opportunity to bring working-class politics to a broad audience. It is opposed to capitalism, advocating socialism instead. Moorehead, 44, has been a leader in the party since 1979. James Harris, Socialist Workers Party: Stands for ``the struggles of the oppressed and exploited against the increasingly brutal assault by the wealthy minority the world over,'' according to the party platform. The Socialist Workers Party supports the right of Cuba to defend its sovereignty. Harris, 48, a former meatpacker in Atlanta, is on about 10 ballots. Harris criticizes the government's response to black church burnings, airline safety and labor unions. The Socialist Workers Party accuses the major presidential candidates of continuing ``their war preparations in response to the increasing world disorder, using threats or military force from Cuba to Liberia, from China to Korea, and by backing the Israeli regime's brutal assault on Lebanon.'' From jimbell at pacifier.com Fri Oct 4 22:32:26 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 5 Oct 1996 13:32:26 +0800 Subject: legality of wiretapping: a "key" distinction Message-ID: <199610042343.QAA20758@mail.pacifier.com> At 01:04 PM 10/4/96 -0700, Vladimir Z. Nuri wrote: > >reponses to my last post were very illuminating and >interesting, and one key point by someone-or-other >caught my attention. > >he made the distinction of "search and seizure" made with >the knowledge of the person involved, and "search and >seizure" such as wiretapping done without the knowledge >of the person surveilled. > >if one were to try to say that wiretapping was unconstitutional, >it seems one would have to define why it is an *unreasonable* >kind of search and seizure. and this distinction might be a >great, prime candidate: because the participant is *unaware* >of the "seizure," there is too great a potential for abuse. I've been saying this for years! I think that one of the most telling arguments is that the main (if not the only!) reason that wiretaps are kept secret is that, for obvious technical reasons, they CAN BE kept secret! Pardon me for being facetious, but I see no principle in the Constitution that states "Anything the government can get away with is okay," so I think it's predictable that wiretap law would be constitutionally defective. If wiretaps had been somehow impossible to accomplish secretly, nobody today would believe that secrecy was somehow allowable! It didn't have to be this way. The SC might simply have said that wiretap warrants must follow the same rules all other warrants followed, meaning that the target is informed of the tap when it is placed. Sure, the police would howl, complaining that they'll never hear anything "useful" if the target is informed, but then again, the Constitution cannot guarantee that any particular search would achieve its intended results. Are police entitled to use thumbscrews if simply asking a question won't get the "right" answer"? I don't think so. >it seems to me many people's fears here boil down to this >fear of the government surveilling them without their knowledge, >of them being denied the right to choose to be in contempt of >court and reject handing over information when presented with >a warrant/subpoena. (is this a right? is it being broken by surreptitious >surveillance?) One thing that was very important to those who wrote the US Constitution was the sanctity of contracts. The idea was, presumably, that any citizen should be entitled to enter into agreements with others without fearing that the terms of those contracts would be abused/changed by the government. (assuming those terms were legal.) By its very nature, a (secret) wiretap warrant violates the right of a person to CHALLENGE the warrant, and it also requires the other person (telephone company?) to break what is or should be an implied right of user to private communications. >I am really amazed that there isn't much case law on wiretaps, which >have been around a long time. at least it is rarely quoted here. >what exactly is a legal wiretap? has anyone challenged the fundamental >authority of the government in making wiretaps in which subjects >are unaware of the metaphorical "search and seizure" going on? I think it's really very simple. Wiretaps in the US were illegal until 1968. Congress had repeatedly refused to authorize them, although they were done anyway but were not admissible in court. (proving that the same kind of people who will tell you wiretaps are "reasonable" apparently think it's "reasonable" to break the law for their own goals...) 1968 was a time of great (and well-justified!) turmoil in the country. And prior to and subsequent to 1968, until about 1983, telephone service (both local and LD) were monopolized, so the only entity which was aware of those wiretaps and could thus challenge them had a non-arm's-length relationship with the US Government. Even subsequent to 1983, local service is still monopolized, although that will shortly change. (This monopoly status has helped confuse the issue, because being a monoply a telephone company must deal with the government and is dependant on it, and morever a customer is not entitled to "shop around" for a more trustworthy source of phone service.) As I understand it, there is a principle in law that all affected parties to a dispute must be included in a proceeding. (To ensure that each can protect his own rights.) Obviously, targets of wiretaps have not been informed, and thus can't possibly have been included. There is, therefore, no reason to believe that the rights of wiretap-targets have been protected, and further it seems apparent that any relevant precedents which have been set in the wiretap era cannot be considered Constitutionally valid. Of course, some lawyers (who have been trained to accept the status quo with little or no challenge) will disagree! However, those same lawyers would have accepted the Dred Scott decision without question, Plessy vs. Fergusen, etc. While I'm sure that I will be corrected if this is wrong, somehow I doubt whether there has EVER been a "before-the-fact", full challenge of a wiretap order _including_ representation for the target of the wiretap. Further, I also doubt whether there is frequently ANY SORT of challenge to a wiretap by a telephone company, even when the target was not informed. Quite simply, the telephone company does not consider itself to be in the business of protecting the rights of its customers! And without real challenges, there can be no presumed validity to such warrants. >recent Bernstein and Junger cases are going to be fantastic milestones >in our legal system for challenging the cryptographic status quo. >I wonder if cpunks might be interested in challenging the >wiretap status quo!! it would seem like the first logical step. Since it has always been legal to use encryption (in the US), they're really not "challenging the cryptographic status quo." Rather, they are trying prevent the "cryptographic status quo" from being CHANGED to match the desires of the government. (naturally, the government tries to misrepresent this...) The government uses phrases like, "preserving law-enforcement access," implying that they're somehow maintaining the status quo, when they're actually trying to change it. What's changing now (for engineering reasons) is the practicality of encryption (actually, the expense!), not the legality. The government wants to change the law, in order to make illegal what was previously impractical. >the FBI has often said they don't want to expand their powers in >wiretapping areas. but are those powers they have right now legitimate? >if they are not, as many here seem to argue, >then they ought to be challenged in court ala the one-man-guerilla >attacks like Bernstein and Junger. (any takers? ) I don't know about you, but somehow I'm past the idea that it's possible to reliably get unbiased justice in court. Know what I mean? Even so, if there's one thing we need, it's a challenge to ensure that the "fully-caved-in" telephone companies precedent doesn't get automatically assumed valid for ISP wiretap orders. >anyway, I propose that cpunks try to collect all the minutia in the >case law about wiretaps and try to make the case that wiretapping >that the FBI has enjoyed is itself not legitimate, and therefore >any extension of it (such as Clipper) is also illegitimate. I like the first part of your comment, but let there be no illusion that failure to get the government thugs to admit that wiretapping is unconstitutional (per se or as done) somehow means that Clipper is legitimate. >more and more I wonder if this is one of the key differences between >libertarian and spook bureacrat's views on GAK, key escrow, key >recovery (let us put it all under the heading "key access"). the >spooks seem to emphasize that they should be able to get access >to communications without giving anyone the opportunity to refuse >or possibly even know about such access. libertarians seem to >insist that this is a violation of privacy and due process etc. However, one doesn't have to be a libertarian to conclude that wiretap law is disjoint from the rest of search-warrant precedent. Fortunately, the advent of good encryption should (if it is allowed to) make wiretap law irrelevant. In a sense, technology will be fixing a legal error. (This fix would have been far quicker and cheaper if it had been accomplished using firearms, but that's another story.) >I think there may be a legitimate argument here that might have >legal merit that a reasonable "search and seizure" ought to >involve the knowledge of the participant, and that unreasonable >searches and seizures often do not. hence, wiretapping without >suspect agreement may be illegal? (in all the other ways that >evidence is obtained through warrants/subpoenas, one needs >the cooperation of the suspect?) Well, they don't technically need the "cooperation," but they are still required to inform the target. For example, if they get a search warrant for a house that happens to be empty when they show up, they are obligated to leave notice of the search and lists of what was taken. Apparently they need to do this EVEN IF they would have been able to get into the house surreptitiously without leaving any trace. Jim Bell jimbell at pacifier.com From attila at primenet.com Fri Oct 4 22:35:08 1996 From: attila at primenet.com (attila) Date: Sat, 5 Oct 1996 13:35:08 +0800 Subject: Very brief comments on LDS/Mormons In-Reply-To: Message-ID: <199610050036.SAA23740@infowest.com> In , on 10/04/96 at 09:03 AM, "Timothy C. May" said: .Personally, I find Mormonism to be a good "survival meme." .Self-preparedness, food storage, self-reliance, etc., are all counter to the ."I'll just let government take care of me" meme which is so common in the .rest of society. I don't cotton to supernatural explanations of the world, .though, so I've never been in involved in any religion (past age 11). . dont worry, there has never been a book burning in Utah --even when it was fashionable in the East for almost two centuries. anyone who advocates book burning in Utah is not LDS. the LDS church does not disseminate a list of proscribed literature, and does not actually 'preach' anything other than what we consider 'acceptable' morality. everyone has their own "free agency" and if they are practicing, certainly understand what those standards mean. personally, I see nothing wrong with nudity, but R pictures have starting to approach what was X and is now NC-17 (under 16) --and NC-17 now includes almost what was XXX. the Church does not dictate, nor actually moralize --each individual is left with their own responsibility and the impending review of their mortal life. .I suppose I'm chagrinned that a thread I named, "Utah as a Religious Police .State," has been followed by *so many* religious flames, pro- and con- .Mormonism. (I use Mormonism as shorthand for LDS...sosumi.) . tim, at the end (instead of here where it probably belongs) is some extended food for thought on how a corrupt Fed regulates thought and action --starting in the 1800s, proving that the party in power, even in a supposed democratic republic, still dictates what you will read, think, and practice. the more I study (what is now --going on since I started school in 1945), the more cynical I become of human nature and the abuse men have permitted from whatever government extant. if you think about it, the actions against the LDS in the 1800s is very little different than the power hungry, corrupt Feds of today who are attacking the Bill of Rights as obsolete in the face of todays terrorism (is it so different from any before except it is faster and deadlier?). In our (LDS) terms I refer to the Feds as the Gadianton robbers who were the insidious 'mafia' which usurped government power under the guise of 'law and order' in a period of the book of Mormon... --or even the Pharisees (the temple money changers) of Jesus' time. The same concept of the Pharasees is still practiced by the Jewish faith today. (another comment on today's pharisee's --a truly amazing eye opener, towards the end). .My point was not to attack Mormonism, esp. the religious beliefs. . No, I sure it was not --but you may have been the only one! .Personally, .I think cults are useful in keeping people off the streets (better than .police-enforced curfews). I was mainly challenging Attila's glowing opinion .of how his community "enforces curfews big time." . Frankly, we do not wish curfews, and there never were curfews before the immense immigration into the area, mostly from So. CA, over the last 15 years which changed St. George from the small town of less than the 5,000 in 1970 when I left St. George, to the almost 30,000 when I came home within the last year. I chose not to actually return to St. George, where a two lane main drag had been changed from a two lane, tree line "road" to a glitzed 4 lanes plus center lane boulevard, instead moving North to the rural high desert (we have no legislated curfew). St. George today is not Mormon dominated politics, but the bulk of the immigrants expected to find, and maintain, that small town innocence --which they have more or less done. However, these people, Mormons (some good, some inactive) and non-Mormans alike, unfortunately brought with them the alien cultural they were trying to escape: bored children without super- vision, a junk food way of life, dual-income families, and children feeling aliented and lost in a world they do not understand --not St. George, but the world itself and its television age. It was in this atmosphere the "non-homogenous" but somewhat like thinking apparently demanded the permanent curfew --there is absolutely nothing to do by that time, and milling around what passes for a mall here (grocery store) was/is not considered acceptable. Secondly, St. George seems to attract an influx of 3-5,000 high school students at Spring break (it is very warm by that time, despite the 3,000 ft alt) --but why? there is nothing here. they wanted beer, but they could not legally buy beer, or rent a hotel room under 18 --does not make sense. so they had a milling, loose crowd of "foreign" teenagers. --just like Sonny Bono, as mayor of Palm Springs, found himself with every year: illegal drinking, convertibles with even pre-pubescent girls standing naked on the trunk decks, etc. --don't say "where? where? where!?! well, that prompted the curfew, but they found it also maintained the semblance of peacful family oriented community among the lost and alienated families --so it is apparently here to stay. other than the fact we are telling tparents who do not wish to manage their children they must keep them home or take them somewhere, what does the law do? .Telling people when they .can be on public streets and when they cannot is no different than telling .them what they can read and what they cannot. . that was my initial reaction -you wouldn't tell me that! but consider the right of society to legislate and regulate in the common good, despite both my and your abhorence of law in an of itself. it is an effective means of forcing parents who do not seem to care, or parents who wish to shift their responsibilities to social workers who are not available, they have a responsibility. what happens to the violators --few are arrested, they are asked to go home. there is no great wild-west roundup of teenaged cattle! any who resist or commit minor vandalism are taken to the center --but, unlike every other city I have seen, they do not mix the 'miscreants' with the juvenile delinquents, repeat offenders, and the teenagers who are obviously on their way to the dead end. what is the penalty? call their parents for a ride home. they are not fingerprinted and mugged, etc. very few are required to even see a social worker. consistent repeat offenders eventually enter the system --as they should. .I still urge Attila to rethink his enthusiastic support of state-enforced .curfews, or state-imposed bans on alcohol (not that I recall him supporting .this particular law), etc. actually, the curfew laws are local laws, and I reluctantly decided to support curfew laws for minors after looking at the means and results --it does provide an early point of intercepting behavioral patterns with the *parent* being the judge and warder, and hopefully give those parents a wakeup call they need to guide their children as they are fast approaching adulthood where they are fully accountable. alcohol is available at any large grocery store; it has not been banned to any extent since prohibition, but not necessarily avail- able in rural areas. in Salt Lake City and the more heavily populated north, there are bars. prior to about 15 years ago, you could brown bag your own hard liquor to a restaurant; today restaurants have full permits. In St. George there actually is a bar! --you do need to *know* where to find it (I was told a few weeks ago the area, but I could care less). I do not think you can prohibit anything from adults --drugs, prescription or recreational, included --no matter how destructive. all 18 of the US code provides is a 'illegalization' of a criminal class with enormous financial power --and, worse, a corrupt and lawless enforcement agency with an equally corrupt and evil class of attorneys to protect both the distributors and the corrupt opponents --modern, legal, efficient predatation on a class. legalize drugs, etc. and the ATF, the DEA, and a host of allied agencies which cause billions of dollars per year and provide nothing in return will be totally unnecessary (except to snoop for paranoid Bubba...) --even Bubba could enjoy his five lines a day and not be in defiance of our legal system! and think of the destruction of the narco-terrorist gangs; --there would be no money, power, or illicit prestige; no enormous slush funds to put Uzis in the hands of an 8 year old, or bribe cops and politicians. our urban decay and combat zones would be boring --some might find it necessary to even learn enough to be able to watch a robomachine do the work! this is beginning to sound like utopia. so why do we not legalize dope? simple: George Bush's income stream would dry up along with the literally thousands of other supposedly law-abiding politicians who are on the gravy train! take away the illicit profits for Congress and we might even an honest reformer or two in Washington. certainly we are justified in ranting against any abridgement of our right to freely (and privately) communicate, freedom of *peaceful* assembly, a truly free press --certainly not the New World Order blinded press printing the official line dictated by political/economic Boss Tweeds of what is effectively an oligarchy --they do not possess common principles sufficient to even be called 'national socialists' (fascists). or, there is a government like Washington where they are trying to, and may anyway, implement President Hillary's "It takes a Global Village" so the state can dictate everything and raise a new generation of robots in the mold of their revisionist history which we are now suffering by attrition.... If Bubba and the President are reelected with a Democratic Congress, we will not recognize our once almost free country in the space of a few short years. Bubba is a space cadet political wonder -the front man, wandering in his drug induced sub-space; Hillary is a the intelligent, crafty, 60s idealist socialist liberal --dedicated and determined to impose her order at whatever expense of liberty necessary. or, Hillary's social order which plays directly into the hands of the NWO, the very rich, old family elitists. first the cradle to the grave thought control welfare state; and entire amorphous classes of thoughtless drones --then comes the changes for the survival of the human race: the total disenfranchisement of major components of the underclass, and the establishment of an effec- tively feudal structure with a serf labor pool. or, the disturbing trend of an almost exponentially increasing prisoner class who are being shifted to prisons run by defense contractors who are permitted to "employ" them at minimum wage; paying WH, FUTA, FICA, and all that good stuff; and taking all but chump change for their room and board. Today that decuction does not cover their actual confinement, but we can obviously rest assured the defense contractors will take the burden off the tax- payers (at what cost human suffering) *and* make a profit! in other words, encouraging the breakdown of the classic American family actually benefits the NWO by providing a lawless element which can be imprisoned for profit, and reduce the birth rate simultaneously --what a benefit! .I still urge Attila to rethink his enthusiastic support of state-enforced .curfews, or state-imposed bans on alcohol (not that I recall him supporting .this particular law), etc. .This is the last thing I'll say on Mormonism. Whether some subset of settlers .committed some set of crimes in Mountain Meadows is a footnote in .history--who really cares about such anomalies? I care more about the .present. some historical thought on why lack of religious freedom: actually, when you look back in history, what was it that just just lit the fires in Washington which provoked the Feds to even legislate laws which contravened the whole concept of what the Constitution stands for --laws which literally dissolve the Church a legal entity, confiscated Church property in excess of $50,000 [not that much by 1875], revoked woman's suffrage in Utah (Wyoming (which is heavily, though not predominantly Mormon, at that time enacted woman's suffrage first in the nation a few months before Utah), disenfranchised all officials of the Church, and any members practicing polygamy? other than the fact a number of territorial governors after the first one sent from Washington with Johnson's Army (trapped at Fort Bridger) who was gracious and therefore replaced by some pretty vicious and greedy slimeballs who transmitted messages to a very distant Washington of "rebellion" by armed and dangerous outlaws, what was it? utah was a land no-one, including many of Brigham Young's followers wanted, but they had transformed a very inhospitable land into a virtual land of plenty. even though Brigham Young was replaced as governor in 1858 by the territorial governors from Washington, the Church was both monolithic and defensive --understandably. The Pharisees are alive and well today: in my previous ward in California, the LDS chapel was "leased" gratis, other than janitorial fees, (including totally rearranging our own worship schedules to accommodate) to one Jewish temple's overflow for the Rosh Hosana (sp?) and Yom Kipper holidays. their advance guard 'required' six hours to set up and I was still in our ward offices (member of the bishopric) at the start... they litterally set up two rows of _money changing_ tables at the entrance (tables you must pass between); they had sold tickets of admission; and the seats in the chapel were sold like opera tickets: priced according to location. OK, that's their deal, I thought --so what? but curiosity got the better of me, and I asked one of their people who appeared to be approachable about the seating --it was he who informed me of the price schedule --the front area seating was $10,000 per seat --anything moving into our multicultural hall (gym, etc.) which has acoustical 'curtains' between the chapel was still >$500! I did not have the courage to ask what it cost to sit upon the dias! .--Tim ."The government announcement is disastrous," said Jim Bidzos,.."We warned IBM .that the National Security Agency would try to twist their technology." [NYT, .1996-10-02] .We got computers, we're tapping phone lines, I know that that ain't allowed. .---------:---------:---------:---------:---------:---------:---------:---- .Timothy C. May | Crypto Anarchy: encryption, digital money, .tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero .W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, .Higher Power: 2^1,257,787-1 | black markets, collapse of governments. ."National borders aren't even speed bumps on the information superhighway." -- "I don't make jokes. I just watch the government and report the facts." --Will Rogers From pstira at escape.com Fri Oct 4 22:37:56 1996 From: pstira at escape.com (pstira at escape.com) Date: Sat, 5 Oct 1996 13:37:56 +0800 Subject: Signs of Trouble in D.C. In-Reply-To: <199610021523.LAA12819@porky.athensnet.com> Message-ID: The news these days is NOT good. Just tonight: Anybody under the age of 16 will now be assigned a chaperone (paid by the mall) at the Passaic Mall. Will be carded. The use of ATM's at night will be banned. Payphones will be eradicated in one area : they attract drug dealers, et al. I don't like where we are headed. This is only started. -Millie, from my bf's acct. sfuze @ tiac . net -"live from New york" On Tue, 1 Oct 1996, Dustbin Freedom Remailer wrote: > On Tue, 1 Oct 1996, Black Unicorn wrote: > > > Any person congregating in a group of 2 or more persons on > > public space within the boundaries of this drug free zone for > > Keep moving, proles. The War on Some Drugs must continue. Now excuse me > while I join my friends for a joint. > > > > From se7en at dis.org Fri Oct 4 22:51:10 1996 From: se7en at dis.org (se7en) Date: Sat, 5 Oct 1996 13:51:10 +0800 Subject: Speaker Position Filled Message-ID: Thanks for all who responded to my request for a speaker on Computer Security Disaster Prepardness. I have filled the position and have two alternates. se7en ------------------------------------------- I will be speaking in nine different states over the next nineteen days. I will not be reading my email while I am gone......se7en ------------------------------------------- From moroni at scranton.com Fri Oct 4 23:01:31 1996 From: moroni at scranton.com (Moroni) Date: Sat, 5 Oct 1996 14:01:31 +0800 Subject: pumpcon info Message-ID: Does anyone have info on pumpcon for next month? If so please send it to me email. I am looking for the hotel and the exact dates. Also is it open invite? Thanks in Advance, moroni From drink at aa.net Fri Oct 4 23:21:03 1996 From: drink at aa.net (! Drive) Date: Sat, 5 Oct 1996 14:21:03 +0800 Subject: anagrams Message-ID: <199610050424.VAA09345@ws6.aa.net> I generally use wordsmith at wordsmith.org Its preety quick! ---------- : Subject: anagrams : Date: Friday, October 04, 1996 7:42 PM : Fast(est?) anagram generator: : : ftp://suburbia.net/pub/proff/original/gan/an-0.93.tar.gz : (unix source and dos executable) : : : Some Anagrams Found Using an-0.92 : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ : Free Software Foundation - I'd fan out tons of freeware! : National Security Agency - Lusty yearning at cocaine. : President Dole - Led despite Ron. : Central Intelligence Agency - Langley: Inelegant, eccentric. : From jfricker at vertexgroup.com Fri Oct 4 23:23:04 1996 From: jfricker at vertexgroup.com (John Fricker) Date: Sat, 5 Oct 1996 14:23:04 +0800 Subject: WINDOWS NT ???? Message-ID: <19961005002433046.AAA82@dev.vertexgroup.com> An NT machine running off the shelf protocols and services is certainly more secure than your average linux install. Of course clueless administrators for either (any) platform can leave the door wide open easily enough. But what do you mean by secure? >snow (snow at smoke.suba.com) said something about Re: WINDOWS NT ???? on or about 10/4/96 2:57 PM > >> pclow wrote: >> > Adamsc wrote: >> > > > is Windows NT secured system ? >> > NT? Secured? hahahahahahahahahahahahahahahahhahahahahahahaha >> 8-) >> How ? > > By turning off the machine, unpluging the ethernet, moving the >hard drive to another state... > > >Petro, Christopher C. >petro at suba.com >snow at smoke.suba.com >End of message From dthorn at gte.net Fri Oct 4 23:26:56 1996 From: dthorn at gte.net (Dale Thorn) Date: Sat, 5 Oct 1996 14:26:56 +0800 Subject: NYT Nix GAK In-Reply-To: <199610041312.NAA20299@pipe2.ny3.usa.pipeline.com> Message-ID: <3255C1AA.31EC@gte.net> John Young wrote: > The New York Times, October 4, 1996, p. A32. > A Flawed Encryption Policy [Editorial] [some text deleted] > However, the Administration downplays the fact that > encryption is also a good way for honest citizens to > prevent crime. At a time when banks and other private > companies send vast amounts of confidential information > over the electronic highway, it would seem sensible to make > high-quality encryption widely available so that the > private sector can protect itself from criminal or > malicious eavesdropping. For that reason, the Government > ought to promote wide-scale dissemination of encryption, > both here and abroad. Now, for those folks who oppose the personal ownership of firearms, or at least "really dangerous" firearms, I'd like to know exactly what's the difference (in principle) between the above "...high-quality encryption widely available so that the private sector can protect itself from criminal or...", and making firearms widely available? Surely the NYT is not going to join the NRA equivalent of pro-personal- crypto crackpots, anarchists, and all that? From dlv at bwalk.dm.com Fri Oct 4 23:32:27 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 5 Oct 1996 14:32:27 +0800 Subject: MacGAK: Tim has a snit. Again. In-Reply-To: <199610042132.OAA11336@mail.pacifier.com> Message-ID: jim bell writes: > At 11:30 AM 10/4/96 -0400, Robert Hettinga wrote: > > >It's interesting to note that the only person who is supposed to be in your > >killfile is Perry Metzger, even though you respond to him anyway, > >especially when he says something which offends your vanity. So, such a > >killfiling claim is probably dubious. Since such luminaries as VZNuri, Dr. > >Vulis, and Jim Bell are *not* in your killfile, evidenced by your > >voluminous replies to them, > > Aw, C'mon Bob! I resent being placed in the same short list as Nuri and > Vulis. While some people may consider my ideas to be similarly wacky, I try > to not be NEARLY as rude as those other guys (singular?). Clarification: I think AP is a cool idea, but Jim Bell is an obnoxious asshole, almost (not quite) as ignorant of cryptography as the senile Timmy May (fart). --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps From tcmay at got.net Fri Oct 4 23:50:44 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 5 Oct 1996 14:50:44 +0800 Subject: Very brief comments on LDS/Mormons In-Reply-To: Message-ID: (Attila's long post deleted to save space, and to keep me from commenting on sections.) This was one of the most thought-provoking pieces I've read. I can't say I'm in favor of curfews, but Attila presented some thought-provoking points, consistent with my own "best is often the enemy of the good" points. I doubt I'm ready to move to St. George, Utah, attractive as it sounds in some ways. (Nevada is probably just as attractive, and California even more so, for me. I drove from Las Vegas to Reno, but gave up in the vaste nothingness, and cut over through Tioga Pass and Yosemite to my area...boy, was I happy to be back in California. For all of its oddnesses and problems, it is truly an amazing place. Though I dislike some things about it, I always come back.) As to Moroni's objection to my characterization of LDS/Mormonism as a "cult," I refer to _all_ religions this way. Catholocism, Judaism, Protestantism, Mormonism, Buddhism, they are all roughly the same to me. If you are offended, this is your problem. I take no position on which of these belief systems are valid and which are not. --Tim "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM that the National Security Agency would try to twist their technology." [NYT, 1996-10-02] We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From jimbell at pacifier.com Fri Oct 4 23:57:20 1996 From: jimbell at pacifier.com (jim bell) Date: Sat, 5 Oct 1996 14:57:20 +0800 Subject: The New GAK-Clipper Thing will Fail Message-ID: <199610050013.RAA22933@mail.pacifier.com> At 05:41 AM 10/4/96 -0700, Bill Stewart wrote: >At 03:07 PM 10/3/96 -0800, jim bell wrote: >>The point, of course, is NOT to encourage these companies to support Clipper >>IV. Rather, goal is to suggest to them a "poison pill" which would make >>their cooperation meaningless in the end, while at the same time giving them >>a 2-year free 56-bit export. Think of it as a monkey-wrench they can throw >>into the works. > >A really _fine_ post! I'm also impressed by the way they announced it >just _after_ Congress ended its session, while they're busy losing the export >level in court. There's an uncomfortable "tactics" problem, associated with my previous suggestions. To say something like, "we think you ought to change that GAK proposal by [fill in the blank]", at least IMPLIES that it will somehow be "acceptable" should that change be made. Well, to me, no GAK will ever be acceptable. Even so, I think it would still be tactically useful to help sabotaging GAK by "improving it to death." I start by assuming that most of the companies who signed onto the Axis ("alliance") would really have preferred to NOT see GAK, everything else being the same. They want the goodies; they don't want the shit. I think they should be approached by pointing this out, and suggesting that if they want to limit the negative publicity they'll surely get from this plan, while at the same time collecting the goodies the government is offering, they can conveniently and publicly "interpret" their rights broadly, announce that they'll structure their systems in the least government-friendly way possible. All this should be possible, because of the fact that this proposal isn't really even settled. In fact, it doesn't even ask the participants to show their plan immediately, merely after two years or so. Insisting that the government pay for all legal challenges is a good start, and refusing to do any GAK transfer without a court challenge. Another thing they could do is to insist that 56-bits of key always remain non-GAK. (perhaps increasing at the rate of two bits every three years.) This would make GAK essentially useless for that drift-net fishing that's often talked about, because even a sudden policy change forcing "key-escrow" people to give up all their keys will still make decrypting a message a pain. It would also make it easier to use super-encryption, because finding that needle in that 2**56 haystack would make it impossible to prove which particular decrypt contained a further-encrypted message: Even if super-encryption were outlawed, it would become essentially impossible to prove that none of the other (2**56)-1 messages were not some valid, non-super-encrypted message. Jim Bell jimbell at pacifier.com From jfricker at vertexgroup.com Sat Oct 5 00:01:20 1996 From: jfricker at vertexgroup.com (John Fricker) Date: Sat, 5 Oct 1996 15:01:20 +0800 Subject: WINDOWS NT ???? Message-ID: <19961005003845132.AAA82@dev.vertexgroup.com> >Bill Stewart (stewarts at ix.netcom.com) said something about Re: WINDOWS NT ???? on or about 10/4/96 7:44 AM >At 07:47 PM 10/3/96 +1030, you wrote: >>hi, >> is Windows NT secured system ? > >Windows 4.x moves the graphics/windowing system into Ring 0, >where the "secure" parts of the kernel are. Bad. >This means graphics bugs can make the kernel insecure or crash. >I don't trust it, especially because Windows 3.1 crashes all the time >for me, and stupid bugs make Windows 3.1 behave badly for me. >So if they put the window system in the kernel, I don't trust it. >End of message Graphics bugs will not crash the system since graphics bugs still run in protected mode. (ie bugs in applications that screw up GDI). Buggy video drivers though can bring the system down. But this does not affect security, only stability. Security in NT can be defeated by any clever, out of work, bored, NT device driver author who brews up a stealth device driver replacement (perhaps a COM port improvement) that could run amok on the file system or basically do anything. Of course, any clever device driver developer is making enough money to not be bored nor even consider writing a backdoor into a driver. Right? --j From dthorn at gte.net Sat Oct 5 00:04:20 1996 From: dthorn at gte.net (Dale Thorn) Date: Sat, 5 Oct 1996 15:04:20 +0800 Subject: gack vs. key escrow vs. key recovery In-Reply-To: <199610040033.RAA18660@netcom19.netcom.com> Message-ID: <3255CC23.2029@gte.net> Vladimir Z. Nuri wrote: > cpunks, a note about recent developments in "key recovery" initiative. > I think cpunks as a group should reconsider very seriously their > own positions on cryptography and come up with something more > sophisticated than "any government bill or plan associated with > crypto is evil" which is the functional equivalent of the ideology > behind many recent posts. [some text deleted] > personally I am leaning toward (2), because I feel that we already > live in such a society, and that it is not orwellian. companies are > going to lean toward (2). I do agree [more text deleted; (2) is a reference to a legal warrant or subpoena for "information"] I think you will find ultimately that personal communication is just that, i.e., personal. OTOH, the means by which that communication are effected (phones, computers, with or without encryption) are the things that the government wants to control, presumably to get at information that you and I couldn't conveniently communicate in person, in private. The very idea that people don't have the right to hide their private conversations from *anyone*, including police, is ludicrous, and can't possibly be enforced, but the devices (if any) that are used, that's another matter. I hope someone understands what I'm getting at, and can add to this. From reagle at rpcp.mit.edu Sat Oct 5 00:31:29 1996 From: reagle at rpcp.mit.edu (Joseph M. Reagle Jr.) Date: Sat, 5 Oct 1996 15:31:29 +0800 Subject: Tietmeyer-Only banks should issue electronic money Message-ID: <2.2.32.19961004155849.006ff404@206.33.128.129> I'm sure they'd like to have it "applied to Internet network money.".... > FRANKFURT, Oct 3 (Reuter) - Bundesbank President Hans >Tietmeyer said on Thursday a new government policy to give only >banks the right to issue pre-paid cards, or ``electronic purses'', >should also be applied to Internet network money. > Tietmeyer said in the text of a speech to The Economic Club >of New York that G-10 central bank governors were addressing the >new payment forms because they may cause difficulties for >central banks to ensure the integrity of payments. > Tietmeyer noted European Union central bankers have agreed >that only banks should issue the pre-paid cards. The policy is >expected to be widened to include the rights to create and >maintain Internet-based electronic cash systems. > ``In our opinion, the same should definitely also apply to >network money,'' he said. > Tietmeyer said electronic forms of money tend to crowd out >currency and deposit money, which may increase the potential for >credit institutions to create money. > ``Electronic money may impair the supervisory functions of >the central bank, or, in other words, its function of ensuring >the integrity of payments,'' Tietmeyer said in a text of the >speech released in Frankfurt under embargo. > ``That would increase the risk of crises in one country >spreading out to engulf payment systems worldwide,'' he said. > Electronic purses are plastic cards with a built-in >micro-chip which stores the electronic cash value of an account >and can be reloaded at special machines. > The proposal to restrict such projects to banks is part of a >new German banking law which is still under preparation but >expected to be enforced in 1997. > Tietmeyer said it was difficult to create definitive >regulations for electronic money at ``this early stage''. > ``The evolution of electronic money is only in its infancy. >But it is a characteristic feature of today's world that >tomorrow's world will be upon us in no time,'' he said. > Electronic purses, also known as smart cards, are not yet >available in cash-dominated Germany but tests are being run on >several projects. > Internet banking is slowly gaining credence in Germany after >some of the top banks, including Dresdner Bank AG, launched >securities trading accounts via the Internet. _______________________ Regards, He who foresees calamities suffers them twice over. -? Joseph Reagle http://rpcp.mit.edu/~reagle/home.html reagle at mit.edu E0 D5 B2 05 B6 12 DA 65 BE 4D E3 C1 6A 66 25 4E From tcmay at got.net Sat Oct 5 00:33:38 1996 From: tcmay at got.net (Timothy C. May) Date: Sat, 5 Oct 1996 15:33:38 +0800 Subject: Electromagnetic Pulse In-Reply-To: Message-ID: At 8:58 PM -0500 10/4/96, snow wrote: >Mr. Green wrote: >> On Wed, 2 Oct 1996, Adamsc wrote: >> > I have strong >> > doubts that someone would come up with a non-nuke that could destroy stuff >> > indiscriminately within a useably large area. >> Fuel/air bombs. > > Wouldn't work real good in a city, and would leave most computers >inside buildings working just fine, especially given any predomanance >of underground powerlines. By the way, it's a myth of our age that nukes destroy electronics! The infamous "electomagnetic pulse," or EMP, was discovered by the American side in the Cold War only during the extremely high altitude bursts over Johnson Atoll, circa 1962. (This is the test where streetlights in Hawaii, a thousand or more miles away, were burned out, etc.) EMP results from the prompt gammas from a nuclear explosion interacting with the upper atmosphere to produce a wavefront of electromagnetic energy as the gammas interact with the uppper ionosphere. Ground-level bursts have no such effects, though I wouldn;t want to be close to one. The key is that the effects of near-ground-level bursts are _extremely_ localized. Shocking so, no pun intended. The largest bomb in the U.S. arsenal, believed to be 20 MT, might leave a crater several miles in diameter, but would hardly be felt 30 miles away. Certainly almost no electronic devices would be damaged, except if close to the blast center. --Tim May "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM that the National Security Agency would try to twist their technology." [NYT, 1996-10-02] We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway." From dustman at athensnet.com Sat Oct 5 00:38:00 1996 From: dustman at athensnet.com (Anonymous) Date: Sat, 5 Oct 1996 15:38:00 +0800 Subject: [IMPORTANT] GAK In-Reply-To: <199610041549.LAA26732@porky.athensnet.com> Message-ID: <199610050503.BAA30677@porky.athensnet.com> > Timmy May is a convicted child molester. When and where was he convicted? How long did he spend in jail? Where can I find out more information about this? From unicorn at schloss.li Sat Oct 5 00:41:08 1996 From: unicorn at schloss.li (Black Unicorn) Date: Sat, 5 Oct 1996 15:41:08 +0800 Subject: legality of wiretapping: a "key" distinction In-Reply-To: <199610042004.NAA27789@netcom7.netcom.com> Message-ID: On Fri, 4 Oct 1996, Vladimir Z. Nuri wrote: [...] > he made the distinction of "search and seizure" made with > the knowledge of the person involved, and "search and > seizure" such as wiretapping done without the knowledge > of the person surveilled. > > if one were to try to say that wiretapping was unconstitutional, > it seems one would have to define why it is an *unreasonable* > kind of search and seizure. and this distinction might be a > great, prime candidate: because the participant is *unaware* > of the "seizure," there is too great a potential for abuse. This is hardly news. An old and inconsequential distinction unfortunately. > it seems to me many people's fears here boil down to this > fear of the government surveilling them without their knowledge, > of them being denied the right to choose to be in contempt of > court and reject handing over information when presented with > a warrant/subpoena. (is this a right? is it being broken by surreptitious > surveillance?) "Right to choose to be in contempt of court" ? If only I could attach a sound file with my howling laughter to this post. > == > > I am really amazed that there isn't much case law on wiretaps, which > have been around a long time. at least it is rarely quoted here. > what exactly is a legal wiretap? has anyone challenged the fundamental > authority of the government in making wiretaps in which subjects > are unaware of the metaphorical "search and seizure" going on? Do not make the mistake of thinking there is no case law on wiretap simply because you have not/are too lazy to go to the library and look it up. > recent Bernstein and Junger cases are going to be fantastic milestones > in our legal system for challenging the cryptographic status quo. > I wonder if cpunks might be interested in challenging the > wiretap status quo!! it would seem like the first logical step. Tried and failed decades ago. > the FBI has often said they don't want to expand their powers in > wiretapping areas. but are those powers they have right now legitimate? > if they are not, as many here seem to argue, > then they ought to be challenged in court ala the one-man-guerilla > attacks like Bernstein and Junger. (any takers? ) Again, you're late. Several years too late. > anyway, I propose that cpunks try to collect all the minutia in the > case law about wiretaps and try to make the case that wiretapping > that the FBI has enjoyed is itself not legitimate, and therefore > any extension of it (such as Clipper) is also illegitimate. You propose to refight a case soundly resolved ages ago and you propose to get the rest of the list to do your homework for you. I propose you go to the library and do your own work for a change. > == > > more and more I wonder if this is one of the key differences between > libertarian and spook bureacrat's views on GAK, key escrow, key > recovery (let us put it all under the heading "key access"). the > spooks seem to emphasize that they should be able to get access > to communications without giving anyone the opportunity to refuse > or possibly even know about such access. libertarians seem to > insist that this is a violation of privacy and due process etc. I wonder what caused you to think this was some kind of novel revelation. > I think there may be a legitimate argument here that might have > legal merit that a reasonable "search and seizure" ought to > involve the knowledge of the participant, and that unreasonable > searches and seizures often do not. hence, wiretapping without > suspect agreement may be illegal? (in all the other ways that > evidence is obtained through warrants/subpoenas, one needs > the cooperation of the suspect?) obviously the government would > argue that the cooperation of the suspect is irrelevant and > impossible. what exactly does it mean to "present a warrant" > or subpoena? is there a right to refuse such a subpoena similar > to the way one is guaranteed freedom from self-incrimination? I know you think you're being very clever and original, as if somehow you aquired the skills of a noted constitutional scholar whilest no one was looking. I also know that you have not bothered to research your own claims. I can't decide, however, if this is cleverness on your part in trying to get someone else to do all your work for you, in which case it's not working on me, or simple laziness, in which case it's apparent and unsurprising. -- I hate lightning - finger for public key - Vote Monarchist unicorn at schloss.li From vznuri at netcom.com Sat Oct 5 00:41:53 1996 From: vznuri at netcom.com (Vladimir Z. Nuri) Date: Sat, 5 Oct 1996 15:41:53 +0800 Subject: legality of wiretapping: a "key" distinction In-Reply-To: <199610042343.QAA20758@mail.pacifier.com> Message-ID: <199610050110.SAA01860@netcom7.netcom.com> >> >>if one were to try to say that wiretapping was unconstitutional, >>it seems one would have to define why it is an *unreasonable* >>kind of search and seizure. and this distinction might be a >>great, prime candidate: because the participant is *unaware* >>of the "seizure," there is too great a potential for abuse. > >I've been saying this for years! sorry, I must have been distracted with the references to assassinating politicians. (hee, hee) (BTW, why don't you get an AP web site together if you are so hot on the idea? collect all your writing on the subject and the objections of your enemies. do you believe in it or not? put your web pages where your mouth is!!) >It didn't have to be this way. The SC might simply have said that wiretap >warrants must follow the same rules all other warrants followed, meaning >that the target is informed of the tap when it is placed. Sure, the police >would howl, complaining that they'll never hear anything "useful" if the >target is informed, but then again, the Constitution cannot guarantee that >any particular search would achieve its intended results. but then again, if "we the people" didn't challenge a usurpation of our rights when it happened, something's wrong here. hence my opinion that wiretapping should be challenged in court. >Are police entitled to use thumbscrews if simply asking a question won't get >the "right" answer"? I don't think so. very poor analogy. a rhetorical loser imho characterisitic of painting the issue in terms of extremism. wiretapping doesn't involve any physical pain to the surveilled. also it is barely analogous to "search and seizure" in that there is nothing physical being seized. (just playing the devil's advocate here) >One thing that was very important to those who wrote the US Constitution was >the sanctity of contracts. well, if the person entered in a contract with their phone company to provide protected communications, maybe you'd have a case there. in fact such a thing is not such a bad idea. perhaps some would be willing to pay a premium for phone companies that reject wiretaps and the whole thing could be solved ala capitalism. perhaps as a "thousand phone companies bloom" over the next few years this will become a reality, assassin-boy. >As I understand it, there is a principle in law that all affected parties to >a dispute must be included in a proceeding. (To ensure that each can protect >his own rights.) Obviously, targets of wiretaps have not been informed, and >thus can't possibly have been included. on the other hand, there are clear laws that say you can't withhold evidence. these and the "right not to incriminate" are intertwined. >While I'm sure that I will be corrected if this is wrong, somehow I doubt >whether there has EVER been a "before-the-fact", full challenge of a wiretap >order _including_ representation for the target of the wiretap. Further, I >also doubt whether there is frequently ANY SORT of challenge to a wiretap >by a telephone company, even when the target was not informed. Quite >simply, the telephone company does not consider itself to be in the business >of protecting the rights of its customers! And without real challenges, >there can be no presumed validity to such warrants. no, you have it backwards; without real challenges, there is no validity to anyone trying to defeat the status quo. [bernstein, etc] >Since it has always been legal to use encryption (in the US), they're really >not "challenging the cryptographic status quo." no, ITAR has been around a long time and they are challenging it. you're mixing up the issue. >I don't know about you, but somehow I'm past the idea that it's possible to >reliably get unbiased justice in court. Know what I mean? ah yes, we revert to the basic cypherpunk nihilist position oft repeated by lucky green, tcmay etc-- "essentially, we're screwed" [searches] >Well, they don't technically need the "cooperation," but they are still >required to inform the target. For example, if they get a search warrant >for a house that happens to be empty when they show up, they are obligated >to leave notice of the search and lists of what was taken. Apparently they >need to do this EVEN IF they would have been able to get into the house >surreptitiously without leaving any trace. interesting and very significant point, one that I was not aware of. more good legal arguments for challenging "secret wiretaps". more and more I think cpunks could win on this issue by asserting that the government doesn't have a right to "*secret* wiretaps" of the kind they are pushing and ramming down via CALEA. if we got a court to agree that secret wiretaps are illegitimate, that leaves the government only with "announced" ones, something that cpunks find permits an acceptable level of monkeywrenching. i.e. start making the distinction between the way wiretaps are secret and the suspect is not ever informed of the wiretapping, contrary to physical search-and-seizure procedures. From dthorn at gte.net Sat Oct 5 00:44:20 1996 From: dthorn at gte.net (Dale Thorn) Date: Sat, 5 Oct 1996 15:44:20 +0800 Subject: Utah as a Religious Police State [RANT] In-Reply-To: <4Ly0uD38w165w@bwalk.dm.com> Message-ID: <3255BFA3.7AE3@gte.net> Dr.Dimitri Vulis KOTM wrote: > Dale Thorn writes: > > Deana Holmes wrote: > > > On 2 Oct 96 at 8:47, John C. Randolph wrote: > > > > Moroni says: > > P.S. I cringe every time I hear one of the CNN bozos pronounce > > Israel as in real estate, or get real. I think they all have to > > attend the Rick Dees school of broadcasting, so it's a standard, > > like GAK or something is going to be the standard. > What is the crypto-relevance of the above-quoted passage? Caught ya' that time, "doctor". Didn't ya' see the term "GAK" above? From iang at cs.berkeley.edu Sat Oct 5 00:57:16 1996 From: iang at cs.berkeley.edu (Ian Goldberg) Date: Sat, 5 Oct 1996 15:57:16 +0800 Subject: encrypting pppd? In-Reply-To: <199610021431.JAA02934@linkdead.paranoia.com> Message-ID: <534nh8$c4p@abraham.cs.berkeley.edu> -----BEGIN PGP SIGNED MESSAGE----- In article <961002.235706.1R8.rnr.w165w at sendai.scytale.com>, Roy M. Silvernail wrote: >In list.cypherpunks, vax at linkdead.paranoia.com writes: > >> Anyone worked on, or know of a freely available, one of these beasts? > >What threat model does this address? It'd be link encryption, where the >best security is found in end-to-end encryption. pppd doesn't necessarily run over a modem; you can "tunnel" it over another IP connection. I have in fact done this very thing. Use ssh to (encrypted) log in to the ppp server, and start pppd at each end. It's been a while; I think I had to tweak something to make it work over a pty instead of a serial port. - Ian -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMlXhZkZRiTErSPb1AQEidQP8DEYaAcDyJMFY7AyRL4Q03tD+REiqqKPZ 1I8stlu7sx9OVFAgitqAWeWdi5HeXop0YpyAP9yYFxI9JTw6TgXfpP2P38pJ3vvU jebEyK+pVJnCw16As6rJJTNYlUFGlEqceuK8Bj4xNyrG1E4oGx8AEig4CT8RjGhk AOj4aFd7y+8= =aZOj -----END PGP SIGNATURE----- From proff at suburbia.net Sat Oct 5 01:02:09 1996 From: proff at suburbia.net (Julian Assange) Date: Sat, 5 Oct 1996 16:02:09 +0800 Subject: anagrams Message-ID: <199610050242.MAA07877@suburbia.net> Fast(est?) anagram generator: ftp://suburbia.net/pub/proff/original/gan/an-0.93.tar.gz (unix source and dos executable) Some Anagrams Found Using an-0.92 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Free Software Foundation - I'd fan out tons of freeware! National Security Agency - Lusty yearning at cocaine. President Dole - Led despite Ron. Central Intelligence Agency - Langley: Inelegant, eccentric. -- "Of all tyrannies a tyranny sincerely exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies, The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for own good will torment us without end, for they do so with the approval of their own conscience." - C.S. Lewis, _God in the Dock_ +---------------------+--------------------+----------------------------------+ |Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union | |proff at suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = | |proff at gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 | +---------------------+--------------------+----------------------------------+ From dthorn at gte.net Sat Oct 5 01:07:51 1996 From: dthorn at gte.net (Dale Thorn) Date: Sat, 5 Oct 1996 16:07:51 +0800 Subject: legality of wiretapping: a "key" distinction In-Reply-To: <199610042004.NAA27789@netcom7.netcom.com> Message-ID: <3255D400.1A48@gte.net> Vladimir Z. Nuri wrote: [some text deleted] > I think there may be a legitimate argument here that might have > legal merit that a reasonable "search and seizure" ought to > involve the knowledge of the participant, and that unreasonable > searches and seizures often do not. hence, wiretapping without > suspect agreement may be illegal? (in all the other ways that > evidence is obtained through warrants/subpoenas, one needs > the cooperation of the suspect?) obviously the government would > argue that the cooperation of the suspect is irrelevant and > impossible. what exactly does it mean to "present a warrant" > or subpoena? is there a right to refuse such a subpoena similar > to the way one is guaranteed freedom from self-incrimination? The point is, the govt. already has the info, much as if you had a bunch of computers and digiboards or whatever monitoring all your neighbors' phone calls. It's whether they can legally present the info in court to put you away or not that matters. The law tends to move in the direction of recent decisions, particularly in saying that the police "acted in good faith" in collecting the info, and that they "didn't conspire to collect the info deliberately knowing it wasn't legal", etc. Problem is, the govt. will continue to ease the restrictions on the latter argument, since in the former, they *always* act in "good faith". From Adamsc at io-online.com Sat Oct 5 01:51:19 1996 From: Adamsc at io-online.com (Adamsc) Date: Sat, 5 Oct 1996 16:51:19 +0800 Subject: gack vs. key escrow vs. key recovery Message-ID: <19961005064623375.AAA228@GIGANTE> On Thu, 03 Oct 1996 23:44:59 -0700, Dale Thorn wrote: >Sounds to me like there's a need for a program that can produce secure >encryption, yet the output looks like "real junk", i.e., not anything >like what one of the *better* programs would produce. Then you can >claim (with testimony of experts if necessary) that "I didn't encrypt >it, must be just garbage". And even if you got some bozo govt. person >testifying against you, you shouldn't have much problem making them look >stupid and vindictive in front of a jury. OTP anyone? # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From Adamsc at io-online.com Sat Oct 5 01:58:23 1996 From: Adamsc at io-online.com (Adamsc) Date: Sat, 5 Oct 1996 16:58:23 +0800 Subject: WINDOWS NT ???? Message-ID: <19961005065648125.AAA235@GIGANTE> On Fri, 04 Oct 1996 22:03:17 +1030, Petr Snajdr wrote: >> > > > > is Windows NT secured system ? >> > > NT? Secured? hahahahahahahahahahahahahahahahhahahahahahahaha >> > How ? >> By turning off the machine, unpluging the ethernet, moving the >> hard drive to another state... > 8-) ..and Os/2,unix .etc.etc. not ? OS/2 doesn't claim to be a secure multiuser operating system. If they have console access, they *can* get almost anything*. Unix can be secure, but most places don't run it in the most secure form. However, your average Unix box is probably going to do pretty well, especially if you've compiled Linux with an encrypting file system. Microsoft claims C2 or higher for NT and deserves any ragging they get if it's not. Ditto for any other vendor who claims one thing and sells another. BTW: Bizarre NT Quirk #15413 - The Administrator account does not have access to the entire disk. You got it - if you're the administrator you still cannot look into certain directories belonging to another user - even if you've given all access privileges to the Admin account. Got a few chuckles at work. * - The various OS/2 Servers have a new version of the High Performance File System. HPFS386 does a much better job of maintaining security. Apparently even the boot-floppy that can defeat NTFS won't work. I haven't verified this yet because I'm still waiting for my personal copy of Warp Server Advanced-SMP to arrive. # Chris Adams | http://www.io-online.com/adamsc/adamsc.htp # | send mail with subject "send PGPKEY" "That's our advantage at Microsoft; we set the standards and we can change them." --- Karen Hargrove, Microsoft (quoted in the Feb 1993 Unix Review editorial) From dlv at bwalk.dm.com Sat Oct 5 02:06:45 1996 From: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) Date: Sat, 5 Oct 1996 17:06:45 +0800 Subject: [SPAM] More "fuckhead" e-mail from Timmy May and his young friends In-Reply-To: <199610050215.AA00807@crl5.crl.com> Message-ID: Timmy May has no life. >From: Troy Varange >Message-Id: <199610050215.AA00807 at crl5.crl.com> >Subject: Re: [VULIS] >To: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) >Date: Fri, 4 Oct 1996 19:15:36 -0700 (PDT) >In-Reply-To: from "Dr.Dimitri Vulis KOTM" at Oct 2, 96 08:29:14 pm >X-Mailer: ELM [version 2.4 PL23] >Mime-Version: 1.0 >Content-Type: text/plain; charset=US-ASCII >Content-Transfer-Encoding: 7bit >Content-Length: 7527 > >> >> I have no dog, nor any other pets. Timmy May (fart) reportedly has two cats. >> If you suspect that Timmy May (fart) sexually abuses his cats, or any other >> animals, you should promptly contact the ASPCA and also alert rec.pets.cats. >> >> (Frankly, I doubt that the old fart can get his dick up to sexually abuse >> anything, including his cats. Senility puts an end to sexual molestation.) >> >> >From: Troy Varange >> >Message-Id: <199610021931.AA24883 at crl11.crl.com> >> >Subject: Important >> >To: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) >> >Date: Wed, 2 Oct 1996 12:31:21 -0700 (PDT) >> >In-Reply-To: from "Dr.Dimitri Vulis KOTM" at Sep 30, 96 07:57:27 am >> >X-Mailer: ELM [version 2.4 PL23] >> >Mime-Version: 1.0 >> >Content-Type: text/plain; charset=US-ASCII >> >Content-Transfer-Encoding: 7bit >> >Content-Length: 6226 >> > >> >Dr. Vulis sucks his dog's butt. >> > >> >> Timmy May has no life. >> >> >> >> >From: Troy Varange >> >> >Message-Id: <199609300441.AA10704 at crl12.crl.com> >> >> >Subject: Re: Vulis FUCKHEAD sucks Timmy's Cock >> >> >To: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) >> >> >Date: Sun, 29 Sep 1996 21:41:42 -0700 (PDT) >> >> >In-Reply-To: from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 11:58:09 pm >> >> >X-Mailer: ELM [version 2.4 PL23] >> >> >Mime-Version: 1.0 >> >> >Content-Type: text/plain; charset=US-ASCII >> >> >Content-Transfer-Encoding: 7bit >> >> >Content-Length: 5298 >> >> > >> >> >Vulis sucks Timmy's boyfriend's cock. >> >> >> >> >> >> Timmy May has no life. >> >> >> >> >> >> >From: Troy Varange >> >> >> >Message-Id: <199609300332.AA09870 at crl12.crl.com> >> >> >> >Subject: Re: [SPAM] More "fuckhead" fan mail from Timmy "peteur" May >> >> >> >To: dlv at bwalk.dm.com (Dr.Dimitri Vulis KOTM) >> >> >> >Date: Sun, 29 Sep 1996 20:32:58 -0700 (PDT) >> >> >> >In-Reply-To: from "Dr.Dimitri Vulis KOTM" at Sep 29, 96 09:45:41 pm >> >> >> >X-Mailer: ELM [version 2.4 PL23] >> >> >> >Mime-Version: 1.0 >> >> >> >Content-Type: text/plain; charset=US-ASCII >> >> >> >Content-Transfer-Encoding: 7bit >> >> >> >Content-Length: 4378 >> >> >> > >> >> >> >> berserk >> >> >> >> Timmy May has gone . Has he been eating speed? >> >> >> >> bananas >> >> >> >> >> >> >> >> >From: Troy Varange

Scotland Yard said this was the first time it had heard that pager messages could be intercepted

Other messages seen include arrangements for sexual liaisons and details of fruit machines that are malfunctioning

JAMES M. RAY