Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
This is the Justice Dept. press release, verbatim [with considerable whitespace trimmed by PGN], announcing the dropping of the investigation of Phil Zimmermann (and presumably anyone else involved with PGP distribution to Usenet in '91). Transcribed from fax:
[logo] United States Attorney
Northern District of California
San Jose Office (408) 535-5061
280 South First Street, Suite 371
San Jose, California 95113 FAX: (408) 535-5066
PRESS RELEASE, FOR IMMEDIATE RELEASE, January 11, 1995
Michael J. Yamaguchi, United States Attorney for the Northern District of California, announced today that his office has declined prosecution of any individuals in connection with the posting to USENET in June 1991 of the encryption program known as "Pretty Good Privacy." The investigation has been closed. No further comment will be made by the U.S. Attorney's office on the reasons for declination.
Assistant U.S. Attorney William P. Keane of the U.S. Attorney's Office in San Jose at (408) 535-5053 oversaw the government's investigation of the case.
In this Sunday's paper, the AP reported on yet another failure of the ATC system. Apparently, this one was caused by a technician who (after an overnight shift) thought he was working on the standby power conditioning system.
Power was killed when he went to reinsert a "card" into the system at about 6:55am. "We were completely in the dark for at least 5 and more like 6 minutes, "said a controller and union representative for the National Air Traffic Controllers Association.
Limited radio contact was restored within minutes, but the main radio and communications system was not fully operational until 8:38am, and all systems were not back to normal until 9:32.
It was reported that no emergencies were reported during that time, possibly due in part because it happened at a time when traffic normally was low.
My analysis: You often will see work being carried out by a group of 2 or 3 people in which only 1 of the people is really "working". A classic example was a local televised problem that had some utility company working on the problem. The news was interviewing a representative at the site who was saying "we're working our butts off to get it fixed" while in the background there were 3 or 4 guys standing around watching another guy dig.
It sounds like 2 possible actions can be taken in the future. 1 is making it easier to distinguish the "live" and "standby" systems (some red spray paint perhaps). Another is to have someone there "helping" the technician. "Whoa, Bob! Don't'cha think you should be doing that on the STANDBY machine?" Overnight shifts can be a real killer (no pun intended) if you aren't extra careful.
(On a side note, I watched Apollo 13 a couple of weeks ago and think techies can get a lot out of this movie. I loved watching the control systems. In particular I remember the silenceable alarms similar to the medical ones we've been talking about lately).Sean Reifschneider <firstname.lastname@example.org>
The RISKS described below are that when faced with new technology, people who don't know what they are talking about, yet are given credence, can do more harm than good. [This is in fact an old topic in RISKS, but it has some new twists. PGN]
I encountered a double-barreled example on the radio today. The Victorian Government (Victoria is a state of Australia) plans to build a freeway system called CitiLink. It will be built and run by private companies and a French company will be collecting tolls for about 34 years. The road will cover a distance of something like 40km (22 miles).
A questionaire sent out by the opposition to the government (who detest anything the government does - moreso than normal these days) was being discussed on the radio. The 2 points discussed were completely misunderstood by both the interviewer and the opposition member of parliament who was pushing the survey results.
It had escaped the minds of these people that if you pay anybody in advance, or open an account with anybody, that person will know your balance. They have to. If they don't, who else will? These two had decided that this was an EFTPOS style system and that they could query your balance unlike any other EFTPOS system.
This is on the number 1 rating radio show in Melbourne.
I am yet to hear any discussion of this point and the privacy problems associated with it. Does the legislation prevent or allow the authorities to obtain such information and/or use it in this way.
The only discussion of speed was whether the transponder could transmit the speed of your car to the toll detectors. And the audience of these politicians and media geniuses (genii?) will believe anything they hear!Kevin Lentin K.Lentin@cs.monash.edu.au CARLTON 21-15-141 d geelong 11-14-80
Think about the impact of doing [the correction] at midnight. 1)The day increments to January 1, 1996, 00:00:00. 2) you reset the clock to 23:59:59 - minus one second. 3) The clock starts running again. 4) the day flips over, and it's suddenly, January 2, 1996, 00:00:00. No wonder they had problems. I know that's what my VCR would do if I tried that :-).
My understanding is that in order to minimize problems, this "duplicate" second was supposed to occur at 7:00pm on December 31, 1995. (Not sure about 7:00pm, but) It was *not* supposed to happen at midnight. But, based on the observed effect it sounds like the adjustment did, in fact, happen at midnight.
What I don't understand is: shouldn't NIST be the responsible body to set the official time (moment) when the leap second occurred!!?? Did they decide on 7:00pm 12/31, and then the implementors didn't follow the specification? :-)) Or were we at the mercy of a world organization (something else for the militias to worry about :-), that specified the UT (new/improved GMT :-) when it occurred, and it just happened to be midnight in Washington? (Although, I think the clock is actually in Colorado?)
I wonder if the government shutdown had any impact on this!!
February 15 at the Software Engineering Institute, Pittsburgh, PA
Who should attend?
The seminar will cover fundamental security practices for UNIX system administration. Participants will learn about the latest information on security problems, defensive strategies, offensive strategies, network security, and establishing appropriate site security policy.
After completing the seminar, participants will be able to establish and maintain a secure Internet site that allows the benefits of connectivity to the Internet while protecting the organization's data. Participants will also gain familiarity with tools that assist them in securing their systems.
Seminar topics include:
To inquire about registration, payment, or logistics, contact--
Registration, Phone: 412 / 268-7388
To inquire about the course [and receive the full announcement], contact--
Customer Relations, Phone: 412 / 268-5800
I've recently had the unfortunate `pleasure' of dealing with the troubling consequences of the `Concept Virus' that affects Microsoft Word for Windows (WinWord) and Word for Macintosh. (To refresh your memory, the `Concept Virus' is a Trojan horse that rides on AutoExec macros that can be hidden in documents)
Microsoft has distributed a set of macros that partially protects users - the macros identify documents that have macros and warns users that these macros MIGHT be hazardous...
Several risks here...
What can we do to address this problem?
I really do not understand Mr. Kabay's concern for C$. (Of course, the repeated reference to the NCSA forum may indicate that there is some bias there.) Mr. Baker is free to write whatever he wants including a rather restrictive copyright notice. Peter is free to publish or not and C$ is free (practically not legally speaking) to respect it or not.
As an expression of intent it is clear that once the electronic word reaches the Internet, any hope for control is about the same as controlling cats. Certainly, if notices were universally respected, I would have retired long ago from shareware revenue. Fortunately, it was not my expectation to derive an income from it, rather to have some measure of control hence "copyrighted freeware".
I have an opinion on the subject (in fact is the same one I sent to Klaus before the first RISKS posting appeared) but it is really not necessary to discuss. The question Mr. Baker faces is the same as the German authorities face concerning "International" regulations: enforceability.
Their power to enforce does not extend beyond the limits of their sovereignty. C$ does business in Germany. If they wish to continue then a corporate decision must be made (and there are a number of options). It is probable that Mr. Baker has even less ability to enforce his copyright statement.
However I suspect that "free speech" is often confused with "property rights". Anyone may disagree with Mr. Baker's position but to say that he is wrong to take that position or to declare an intent to limit dissemination is something entirely different.
I have been flamed on numerous occasions for refusing to provide viral code or software I have developed to people simply because they feel they have a need (often just a desire or pure laziness) for it. That is my "right". As a result it is bothersome to see a respected member of the community chiding another for putting restrictions on dissemination of what they have created particularly when the restriction was obviously intended to be a statement itself.Padgett
CompuServe's recent action to shut down subscriber access to 200 newsgroups carrying sexual content was motivated more by U.S. politics than German objections, apparently. Reports that the action was in response to Bavarian government complaints are false — the incident was sparked by an inquiry from a district attorney in Munich regarding the alt.sex groups. Leaders of all four parties in the Bundestag have spoken out against any legislation to regulate the Internet and agree that existing criminal law in Germany is sufficient to handle any potential legal misconduct. It's rumored that, rather than reacting to German authorities, CompuServe's restrictions were enacted in response to legislation pending in Congress against "indecent" digital content in an effort to bolster CompuServe's reputation as a morally responsible online service provider. (STERN Infomat, 3, 1996)
It puzzles me that so many people are up in arms over Compuserve's decision to block newsgroups, no matter how many. Discussion over the (lack of) right of individual countries to say what they think is reasonable is bizarre, to say the least.
If Germany decides, in any way, that it does not want certain sorts of material available via Compuserve (a company that provides what amounts to the largest bulletin board in the world - the Internet is different in that each computer is actually part of it), and that decision is in accordance with German law, it has the right to enforce it. Compuserve might find it technically simpler to treat the entire world as basically groups of people speaking funny languages, but if it wants to trade in Germany, it must act in accordance with its laws, however bewildering or unreasonable.
If Compuserve finds it easiest to solve this problem (almost certainly in the short-term) by canning all access to some news groups, then so be it - you don't have to use Compuserve if you don't want to. The risk of trying to insist that US liberalism should apply across the globe seems dangerous to me. Expecting another country to obey according to your rules has probably been a significant factor in the starting of a number of wars over the centuries!
Global war, or even a local one, is not a likely consequence of differing restrictions on pornographic material on Compuserve or the Internet. But, a growing feeling that anyone should be allowed to say anything may be the outcome. As is evidenced by comments in many newsgroups, the US dominates Compuserve and the Internet - but US ideals are definitely not appropriate nor appreciated by every country.*** Sean Dunn, Wolverhampton, England ***
I've thought of a RISK arising from the reaction of CompuServe to pornography on its discussion groups.
If there were a discussion group that you wanted to attack, you could submit some child pornography to it, and then wait for CompuServe to do your dirty work for you, and close it down. And if you wanted to be thoroughly despicable, you could submit the pornography via an anonymous remailer. Every news group in the world is wide open to that kind of risk.
My opinion on the subject is this: if someone uses a telephone to commit a crime, do you prosecute the telephone company? Obviously not - you prosecute the person who committed the crime. I think that the case with Internet service providers is similar.
Just because there are difficulties in the Internet, finding the person who has committed the crime, doesn't make it reasonable to prosecute someone who is innocent.Ben
I feel compelled to point out that Robert Anton Wilson found an even more elegant solution in one of his fictional works. He believed it unlikely that the Supreme Court justices would find their own names obscene, so (using contemporary Justices) he would have a couple wildly thomasing in the back of their car, a drunk man renquisting against a tree, a ditzy blonde model with huge scalias, etc.
For anyone interested, I think this appeared in the second _Schroedinger's Cat_ book, but I might be mistaken.Bear Giles email@example.com
Begin forwarded message:
Date: Sat, 06 Jan 1996 09:33:39 GMT From: firstname.lastname@example.org (Michael Kunze) Newsgroups: alt.censorship Subject: CIS censorship--The whole story
Some few five-hundred postings ago, I promised you let you have more details about the CompuServe censorship case investigated by the editorial staff of SPIEGEL online. It is not a story of evil but of people acting overambitious and ignorant. And it is not quite as simple as DrG might be wishing!
To keep it short, here are the facts:
In 1994, a Task Force called "AG EDV" was set up by the Bavarian Minister of Interior at the Police Headquarters in Munich. Initially, the Task Force was formed to search persons dealing with pornographic material via BTX the former online service of German Telekom and its work was limited to one year.
For the moment, investigations of this Task Force ran successfully due to the assistance of Telekom. But simultaneously, people being suspected changed their ways of distributing either to closed BBS systems or chose more secret methods. So the Task Force was compelled to enhance their efforts and they raided Munich BBS systems. Furthermore, they studied computer magazines to find ads for pornographic CD-ROMs. During this operation they found what they were looking for, and "PC Direkt", a Ziff Davis publication, and some other magazine were forced to pulp some issues.
All activities of the Task Force could not have happened, if they were not supported by a whole bunch of local prosecutors and judges. Sticking together, chatting, doing favours forms a part of the social life in Munich - in malicious words - the `Munich swamp'.
The prevailing opinion of the Task Force and of some prosecutors is that carriers of digital information could held responsible for the content of what they are spreading. This meaning matches exactly the content of the CDA. But this is only one point of view. Up to now, there doesn't exist any law or direction in Germany concerning responsibilities of ISPs or online services regarding contents they only do deliver. And so, judges decide from case to case. The German department of justice thinks that carriers could be held responsible if they deliver illegal content "deliberately". But then, could one call them "carriers"? [I suppose, if they are carrying "common" materials, then they must be "common" carriers! PGN]
Last summer, a kind of hysteria about Internet pornography broke out in German media. A few journalist had made their first steps in the Internet and discovered nasty postings in the alt.binaries.pictures.erotica Usenet hierarchy. A student of Erlangen University was seized because of spreading child porn via Usenet. Then, the "Time" article about Internet porn was published and quoted by nearly every German newspaper.
I think at that time the Task Force planned to investigate the Usenet. Due to the facts that CIS had become a big ISP and their German office is located in Munich, CIS seemed to be a worthwhile target. Somehow the Task Force managed to get a search warrant to investigate the Munich CIS office on November, 22nd. However, the search was more or less like a visit. Let me quote the public prosecutor: CompuServe "was quite cooperative". "We sat together talking about chances to kick pornographic contents out of CompuServe's information system." The police officers just collected a copy of the CompuServe association contract and the address of the CEO.
Two days later, CompuServe's German managers published that they "will do anything to support the work of German authorities fighting against pornography in Cyberspace". On December, 8th, CIS was handed a list of more than 200 newsgroups by the Task Force. In my opinion, interpreting the prosecutor and the CIS spokeswoman, this list was presented to CIS as containing "suspicious newsgroups". In the attached letter from the prosecutor it is said: "... it is left to CompuServe to take the necessary steps to avoid possible liabilities to punishment."
So, if CompuServe should have ever had threats, it could have been only very small ones. But there is no reason to their German management to risk anything. CompuServe's approach is not to guarantee for "freedom of speech and information" but to make "money".
When I interviewed the prosecutor, it soon became quite clear that his department had tried to bring CIS to court to get its legal position checked by some judges. Because of CIS servile tactics they had to give up their goal.
The ominous list itself shows how ignorant the members of the Task Force are about the Usenet. In my opinion, they just sampled all newsgroups containing words like "sex", "erotic", "gay" and so on and put the result onto the list.
We have two in-depth articles on the whole affair on our web server. One is an extended version of what I've posted here, the other deals with the CDA and the actual political and legal situation concerning the Internet. Unfortunately for US readers,
these articles are in German, because we didn't find the time to translate them. But I hope will can manage this until Monday 8th, 8:00 AM, EST. Then, you should point your browser to <http://hamburg.bda.de:800/bda/int/spon/online/excl03.html> or have a look
at our complete online services at <http://www.spiegel.de>.
By the way, SPIEGEL Online is the online department of the [reputable] German news magazine DER SPIEGEL.Michael Kunze, Redaktion/editorial staff, Spiegel Online, Brandstwiete 19, 20457 Hamburg / Germany Tel.:+49(0)40-3007-0 Fax :+49(0)40-3007-2986
Please report problems with the web pages to the maintainer