Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
The following is summarized from an article in the _Detroit_Free_Press_, 2 June 1994, pages A5-6. The article was written by John Markoff of the New York Times [and appeared on the front page of the Times on that day]. AT&T Bell Labs researcher Matthew Blaze has been quietly circulating a report among computer researches and federal agencies which demonstrates a flaw in Clipper. Using Blaze's technique, two parties can use Clipper to have a conversation which could not be decrypted by government officials using the proper escrowed keys. The flaw would not permit third parties without the escrowed keys to decrypt the conversation either; essentially, this technique would reduce Clipper to the status of other commercially-available cryptography which is computationally infeasible to break. Stanford's Martin Hellman, who has reviewed Blaze's work, states "People who want to work around Clipper will be able to do it." In a written statement, NSA directory of policy Michael Smith stated that Clipper would still remain useful: "Anyone interested in circumventing law-enforcement access would most likely choose simpler alternatives." Smith claims that Blaze's technique would be too difficult and time-consuming for practical use. Comments: of course, this will probably re-ignite most of the Clipper controversy again, since this seems to strike at the heart of NSA's purposes in creating Clipper (secure cryptography with a mandatory back-door for the government). I'm more interested in NSA's statement that says in essence that Clipper can be avoided more simply: perhaps this shows that Clipper won't be all that useful after all? Jim Huggins, University of Michigan (huggins@umich.edu)
The account of a collision with a sky-diver reminds me of an incident some
years ago when a commercial jet hit a salmon at altitude, which smashed
through the nose, demolished the co-pilot's rudder pedals and broke his leg,
ending against the rear bulkhead of the cockpit [the salmon, presumably,
not the rudder pedals or the leg].
The accident report assumed an eagle had dropped it.
[The eagle salmoned up all its carriage? PGN]
A spokesman from Dunkin' Donuts tells me that the chain has ordered all DD to remove their listening equipment. Apparently, the front-page news about their listening devices finally brought the public sentiment to their attention. Maybe if they had stronger mikes they would have gotten the message sooner?
[...] The security cameras that are installed in in many stores will remain,
however; the company said they are a proved deterrent to robbery.
— David Wright, Hitachi Computer Products (America), Inc. Waltham, MA
wright@hi.com
In the 3 Jun 1994 Wall Street Journal there is an article about a Whitbread sailboat race. The story includes a description of how one team is accusing one of its members of telling another team about the weather, which is apparently against their rules. The evidence for this is *computer logs of faxes* sent between the individuals, who are also possibly romanticly linked. (There may also be financial motives connected with boat sponsorship.) Anyway, the risk to perpetrators in not covering their electronic trails (tails?) is present even on a sailboat in the South Pacific.
There is the RISK of not double-checking dubious information, including information in the Risks Digest. I dialed 1-800-OPE-RATO[R] (I didn't dial that last R — for "redundancy"), and sure enough, I got a "(pong) AT&T". Then I dialed 1-800-OPE-RATE[R], and sure enough, I got . . . nothing. Is there a regional discrepancy, or is the rumor of MCI's devious cunning just an urban myth? [I got RINGING with NO ANSWER after 20 rings. Maybe that is exactly the point? Ultimate denial of service, intended to make you want to go elsewhere when you think you are getting AT&T? PGN] There were also several Risks Digest items about clever color copiers blocking the reproduction of US and some foreign currencies. This seems almost impossible algorithmically, and indeed appears to be fictional, based on what testing one can do legally. [We have gone around on that one in the past. PGN] What are the Risks here? Just that people will go about spreading urban myths, I guess. Greg Sorkin (sorkin@watson.ibm.com)
This appeared in rec.humor.funny. I'm submitting it to RISKs because
nothing on the risks of faxing has appeared in a while. The problems are that
there is often little way to ensure your fax is going to the correct place,
and that the faxed paper is out of your control once faxed, and might be
copied, and redistributed with your name & private correspondence.
Public-key encryption programs, such as PGP, would have allowed the
unfortunate applicant to encrypt this (as email). If it was mail, he would
have to type the wrong address twice, once for the mail address, and also for
the encryption recipient. He might have had a chance at getting the job. (Of
course, using the phone would also have avoided the problem, but can be
inconvenient & expensive when colleagues are overseas.)
> You might enjoy this.
> A candidate for the Director of our Research Center faxed a
> colleague to request a letter of recommendation. It was
> accidentally faxed here instead. It read in part:
> "Iowa is too wet and droll. But it's a directorship
> so I should apply..."
> The fax is now part of his permanent application file.
Date: Sun, 29 May 1994 22:40:43 -0500 (EST)
From: RESCLOVE@amherst.edu
To: loka-l@amherst.edu
Subject: The Ghost in the Modem (Loka Alert 1:6--from the Washington Post)
Loka Alert 1:6 (May 29, 1994)
>From the Sunday _Washington Post_:
IF INFORMATION HIGHWAYS ARE ANYTHING LIKE
INTERSTATE HIGHWAYS--WATCH OUT!
Friends and Colleagues:
This is one in an occasional series of e-mail postings on democratic
politics of science and technology, issued by The Loka Institute. You are
welcome to post it anywhere you feel is appropriate. The following essay,
written by Loka Institute members, is reprinted from the Outlook Section of
_The Washington Post_, Sunday, May 29, 1994.
--Dick Sclove
Executive Director, The Loka Institute, P.O. Box 355,
Amherst, MA 01004-0355, USA
Tel. 413 253-2828; Fax 413 253-4942
E-mail: resclove@amherst.edu
*****************************************************************
THE GHOST IN THE MODEM
For Architects of the Info-Highway, Some Lessons
From the Concrete Interstate
By Richard Sclove and Jeffrey Scheuer
Vice President Gore envisions the information superhighway as the second
coming of the interstate highway system championed by his father, former U.S.
Senator Al Gore, a generation ago. Let us hope that the junior Gore is proven
wrong. Rush-hour traffic jams, gridlock, garish plastic-and-neon strips, high
fatality rates, air pollution, global warming, depletion of world oil
reserves--have we forgotten all of the interstate highway system's most
familiar consequences?
It's not that Gore's analogy is wrong, only that his enthusiasm is
misplaced. Comparing the electronic and asphalt highways is useful--but
mostly as a cautionary tale. Building the new information infrastructure will
not entail the degree of immediate, physical disruption caused by the
interstate highway system. But sweeping geographic relocations, and
accompanying social transformations, seem probable. And the risk of inequity
in contriving and distributing electronic services--or, conversely, imposing
them where they are not wanted--is clear.
Indeed, disparities in access to new information systems have already
begun to surface. A study released this past week by a group of public
interest organizations, including the National Association for the Advancement
of Colored People and the Center for Media Education, notes that low-income
and minority communities are underrepresented in U.S. telephone company's
initial plans for installing advanced communications networks.
Unequal access is only the most obvious among many social repercussions
that may lie in store for us. The real history of the interstate highway
system suggests how we can think about and control the vast implications of
new technologies and a new national public infrastructure.
It is widely assumed that Americans' infatuation with cars led to the
construction of America's superhighways. But actually when Congress passed
the Interstate Highway Act in 1956, car sales were slack, and there was no
popular clamor for building a new road system. At the time only about half of
American families owned an automobile; everyone else depended on public
transportation. Congress was responding to aggressive lobbying by auto makers
and road builders, plus realtors who saw profits in developing suburban
subdivisions.
The act's key provisions included support for bringing freeways directly
into city centers and earmarking gasoline tax revenues for highway
construction. As the interstate highways were built, city and suburban
development adapted to the quickening proliferation of autos. Soon more
Americans found themselves forced to buy a car in order to be able to shop or
hold a job. The Highway Trust Fund, by assuring the rapid atrophy of
competing public transit systems, bolstered this trend.
Thus the asphalt highways--and the society around them--are a reflection
of successful lobbying by powerful business interests and external compulsion,
not simply the free choices of consumers. There is no guarantee that the
process of wiring consumers and employees into the electronic highway system
will be different.
The effects of the interstate highway system on American communities were
profound, especially in the cities. As historian James Flink notes,
"Ambitious programs for building urban freeways resulted in the massive
destruction of once viable poor and minority neighborhoods." In other cases,
new highways encircled poor neighborhoods, physically segregating minorities
into marginalized ghettos.
Gradually, a black and Hispanic middle-class did emerge. Its members too
fled along the interstate to the suburbs, further draining economic and
cultural resources from the inner city. This contributed to the emergence of
a new social phenomenon: today's desperately deprived, urban underclass.
Elsewhere the effects were subtler but still significant. The noise and
danger from growing numbers of autos drove children's games out of the street,
and neighbors and families off their front porches. Before long, suburbs
without sidewalks came to signal an unprecedented paucity of local
destinations worth walking to. Suburban housewives found themselves leading
increasingly isolated daytime lives at home.
Highways made shopping malls possible, enabling franchise and chain store
sales to boom. But this sapped downtown centers.
For some teenagers and senior citizens, today's anonymous, consumption-mad
expanses provide a semblance of community space-- having swallowed up the
general store, the soda fountain, the Main Street sidewalk, and the town
square. There is ample danger of the new electronic technology extending
these losses.
Remember too that it is easy to romanticize new technology. The popular
arts glorified life on the highway. People read Jack Kerouac's "On the Road,"
watched "Route 66" on television, and recall the Merry Pranksters' psychedelic
bus-capades during the '60s. In fusing alienation and rebellion with youthful
exuberance, each of these foreshadows contemporary cyberpunk culture. Yet
real-life experience on the interstate is mostly banal and uneventful.
McDonald's, Pizza Hut, and Wal-Mart look about the same wherever you exit.
There are also political ramifications of a vast new public
infrastructure. Interstate highways contributed to national and even
international economic integration. But while GNP soared, mom-and-pop
production and retailing declined. That meant greater local dependence on
national and global market forces and on distant corporate
headquarters--powers that communities simply couldn't control. The locus of
effective political intervention thus shifted toward more distant power
centers. But because those are realms in which everyday citizens cannot be as
effectual as in smaller political settings, democracy was impaired.
If the growth of the highways is revealing, so too is the opposition to
freeway construction that emerged. As citizens became more politically
mobilized during the 1960's and early '70s, opposition to relentless highway
expansion arose from environmentalists and from local communities, both rich
and poor.
Transportation engineers reeled at the specter of upright citizens rejecting
their good works. Many current telecommunications engineers and
true-believing entrepreneurs are no less convinced of the unalloyed
beneficence of their art.
The importance of the analogy between the information and asphalt
highways lies in the political procedures that create them. What if a wider
range of people, including non-car owners, had been involved in transportation
planning all along? Considering the alternatives envisioned by critics such
as Lewis Mumford, it seems likely we would have a smaller and different road
system today. As in Europe and Japan, there probably would have been greater
investment in public transit. Modern America might exhibit less sprawl, less
dependence on foreign oil, and more cohesive urban neighborhoods.
Three lessons for the construction of the information superhighway
suggest themselves:
o _No Innovation Without Evaluation_: To help reduce adverse social
impact, the federal government should mandate evaluated social trials of
alternative electronic services. Analogous to environmental impact
statements, these trials should precede full-scale deployment of any major
components of new information infrastructures.
o _No Innovation Without Regulation_: We should conserve cultural space
for face-to-face social engagement, traditional forms of community life,
off-screen leisure activities and time spent in nature. How about a modest
tax on electronic home shopping and consumer services, rebating the revenue to
support compensatory, local community-building initiatives?
o _No Innovation Without Participation_: A number of European nations are
out-competing America in including lay people in technology decision-making.
For instance, the Danish government appoints panels of everyday citizens to
cross-examine a range of experts, deliberate among themselves and then publish
their own social assessments of technological alternatives. Sweden, Norway
and Germany have pioneered processes for involving workers directly in
designing new production systems.
The coming revolution in information systems is going to change life for
everyone--including the multitude who, by circumstance or choice, never use
computers. It is imperative to develop mechanisms for involving all segments
of our society in designing, evaluating and governing these new systems.
Data highway enthusiasts may see such measures as wasteful obstructions
of market forces. But what entrepreneurs call red tape is really democracy in
action.
__________________
Richard Sclove is executive director of the Loka Institute in Amherst,
Mass., a public interest research organization concerned with science,
technology and democracy. He also directs the Public Interest Technology
Policy Project at the Institute for Policy Studies. Jeffrey Scheuer, a New
York writer, is a fellow of the Loka Institute.
*****************************************************************
[If you would like more info regarding the Loka Institute, please send
an e-mail message to that effect to: resclove@amherst.edu ; however,
the staff warns that they may be slow in responding, due to travels. PGN]
-----BEGIN PGP SIGNED MESSAGE----- From: Philip Zimmermann, author of PGP To: People interested in PGP Date: 28 May 94 On 24 May 1994, the Massachusetts Institute of Technology released PGP (Pretty Good Privacy) version 2.6. PGP is a software package that encrypts electronic mail, using public key cryptography. Over the past three years, PGP has become the worldwide de facto standard for email encryption. PGP 2.6 is being published under the terms of the RSAREF license from RSA Data Security, Inc (RSADSI). This is a significant milestone in PGP's legal development. Export of this software from the US or Canada may be restricted by the US Government. PGP version 2.6 is being released through a posting on a controlled FTP site maintained by MIT. This site has restrictions and limitations which have been used on other FTP sites to comply with export control requirements with respect to other encryption software such as Kerberos and software from RSA Data Security, Inc. These special mechanisms are intended to preclude export of cryptographic software from the US. The MIT FTP site that carries PGP is net-dist.mit.edu, in the pub/PGP directory. This new freeware version of PGP is for noncommercial use. For commercial use, you may get ViaCrypt PGP, available on a variety of platforms. ViaCrypt may be contacted at 602-944-0773, or via email at viacrypt@acm.org. PGP 2.6 is as strong as earlier versions. It contains no back doors. It can read messages, signatures, and keys from PGP versions 2.5, 2.4, 2.3a, and 2.3. Beginning in September, a built-in software timer will trigger PGP 2.6 to begin producing messages, signatures, and keys that cannot be read by earlier versions of PGP. It will still retain its ability to read things from earlier versions after that date, so that users who upgrade to 2.6 will not be inconvenienced, particularly if everyone else upgrades by that time. The reason for the change in format is to grant RSADSI's request to MIT to encourage all users to stop using older versions. ViaCrypt's new products will support the new formats used by PGP 2.6. Details of the compatibility issues and their reasons are outlined in the PGP User's Guide, included in the release package. See also the official statements released by MIT for further details. Version 2.6 also has some bug fixes and improvements of the version 2.5 released by MIT on 9 May 1994. Both the 2.5 and 2.6 versions were produced in a joint project between myself and MIT. Both versions were released by MIT after extensive review by MIT's administration and their legal counsel. I am told by MIT that MIT's legal counsel believes that both versions 2.5 and 2.6 do not infringe the RSA patents in any way, and they both comply with the terms of the RSAREF licenses that each were released under. But regardless of the noninfringing nature of version 2.5, I urge all PGP users in the US to upgrade to version 2.6, to help move toward eradication of earlier, pre-RSAREF versions of PGP. This will improve the overall political and legal landscape surrounding PGP. MIT will publish details on the simple format change so that earlier European versions of PGP may be independently upgraded by the Europeans. This note does not attempt to answer all the questions you may have about the implications of this new release of PGP. For further details, see the information released by MIT, or see the PGP User's Guide in the new release package. -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAgUBLegMXmV5hLjHqWbdAQE0NAQAiTafSwM8eNfYYvkslNR6bun/GIelvziA M/9h5fn3zUQt2Bc6rkuz1TBlnMZUoduufinI9eSr+cdXbfhxNIQmRArhw3EJd1f+ siZaPmTR3YXvUwuXMcruMbUvEYpSBmtBVrxTzxNSIwx3/hJJB2z9sT1/B+UZdFwi EZX1O/mpiZw= =ULD1 -----END PGP SIGNATURE-----
Subject: "The Hacker Crackdown" by Bruce Sterling BKHKRCRK.RVW 940314 Bantam Books 1540 Broadway New York, NY 10036 "The Hacker Crackdown", Sterling, 1992, 0-553-56370-X, U$5.99/C$7.50 It is important to keep in mind that the crackdown of the title refers to a specific incident: the series of raids in 1990 by various United States law enforcement agencies which tend to be collectively, if incorrectly, subsumed under the code name, "Operation Sundevil". The book brings together a number of the stories surrounding this event, as well as giving some background, particularly in regard to AT&T and the US Secret Service. There are, however, significant gaps which prevent it from being an overall analysis of either the cracker/phone phreak culture or the data security/law enforcement community. As an overview of the 1990 raids, the book is entertaining, often informative, and generally well written. Digressions often provide very interesting background, although at times they consume entire chapters without much bearing on the central issues. Those who were around for the electronic discussions of the 1990 raids will possibly be glad of the collection of all the stories into one place. (Those who have dealt with the crackers, phone phreaks and wannabes will readily recognize some of the descriptions, as well as the repeated emphasis on braggadocio as a primary character trait.) Although Sterling is aware of the debate over the term "hacker"; indeed, he worries over contributing to the degradation of the term; he does not distinguish between the various communities of electronic outlaws. In fact, he states, at one point, that all are the same. Similarly, his contacts with law enforcement and data security people are limited. For these reasons, the book is not useful as a general introduction to the field. The writing is highly opinionated. The US-centric view of technology borders on jingoism. In general, neither law enforcement nor the cracking communities are seen with any favour. Although we can sympathize with Sterling's motivation in wanting to bring to light the injustice done to his friend, the extreme sarcasm which cloaks most of the first half of the book makes it difficult to understand what point he is trying to make. For those involved in data security, a very entertaining read. For newcomers, please take it with a very large grain of salt. copyright Robert M. Slade, 1994 BKHKRCRK.RVW 940314 Vancouver Institute for Research into User Security Canada V7K 2G6 ROBERTS@decus.ca Robert_Slade@sfu.ca rslade@cue.bc.ca p1@CyberStore.ca
Please report problems with the web pages to the maintainer