THE JOURNAL OF AMERICAN UNDERGROUND COMPUTING / Published Periodically ====================================================================== ISSN 1074-3111 Volume One, Issue Two April 4, 1994 ====================================================================== Editor-in-Chief: Scott Davis (dfox@fennec.com) Technology Editor: Max Mednick (kahuna@bga.com) Consipracy Editor: Gordon Fagan (dolphin@bga.com) Network Security: George Phillips (ice9@bga.com) ** ftp site: etext.archive.umich.edu /pub/Zines/JAUC U.S. Mail: The Journal Of American Underground Computing 10111 N. Lamar #25 Austin, Texas 78753-3601 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% To Subscribe to "TJOAUC", send mail to: sub@fennec.com All questions/comments about this publication to: comments@fennec.com Send all articles/info that you want published to: submit@fennec.com Commercial Registration for Profitable Media: form1@fennec.com "The underground press serves as the only effective counter to a growing power, and more sophisticated techniques used by establishment mass media to falsify, misrepresent, misquote, rule out of consideration as a priori ridiculous, or simply ignore and blot out of existence: data, books, discoveries that they consider prejudicial to establishment interest..." (William S. Burroughs and Daniel Odier, "The Job", Viking, New York, 1989) %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Contents Copyright (C) 1994 The Journal Of American Underground Computing and/or the author of the articles presented herein. All rights reserved. Nothing may be reproduced in whole or in part without written permission of the Editor-In-Chief and/or the author of the article. This publication is made available quarterly to the amateur computer hobbyist free of charge. Any commercial usage (electronic or otherwise) is strictly prohibited without prior consent of the Editor, and is in violation of applicable US Copyright laws. To subscribe, send email to sub@fennec.com %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% DISCLAIMER AND NOTICE TO DISTRIBUTORS - NOTE: This electronic publication is to be distributed free of charge without modifications to anyone who wishes to have a copy. Under NO circumstances is any issue of this publication, in part or in whole, to be sold for money or services, nor is it to be packaged with other computer software, including, but not limited to CD Rom disks, without the express written or verbal consent of the author and/or editor. To obtain permission to distribute this publication under any of the certain circumstances stated above, please contact the editor at one of the addresses above. If you have intentions of publishing this journal in any of the ways described above, or you are in doubt about whether or not your intentions conflict with the restrictions, please contact the editor. FOR A COPY OF THE REGISTRATION FORM, MAIL - form1@fennec.com This publication is provided without charge to anyone who wants it. This includes, but is not limited to lawyers, government officials, cops, feds, hackers, social deviants, and computer hobbyists. If anyone asks for a copy, please provide them with one, or mail the subscription list so that you may be added. The articles and information printed herein are the property of the author and / or The Journal Of American Underground Computing. An electronic mail address of the author will be provided when made available to us so that you can contact the author with your comments. No article in this publication can be reprinted without the permission of the author / editor. Any attempt to do so will be in direct violation of United States Copyright laws. Any attempt to sell this publication in part or in whole, on CD Rom or while packaged with any other software bundle without the express consent of the editor is also a direct violation of United States Copyright laws. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% THE JOURNAL OF AMERICAN UNDERGROUND COMPUTING - Volume 1, Issue 2 TABLE OF CONTENTS 1) A note from the Editor Scott Davis 2) Comments from our readers Readers 3) Paul and Karla Hit The Net Wired Online 4) AT&T Cellular Privacy Systems David Arneke 5) Clipper / From "The Guardian" Mike Holderness 6) Privacy: Notes from Cyberspace Various 7) Kidnapped By The State / Internet Not Safe Matthew Mihaly 8) Legion Of Doom - Internet T-Shirts Chris Goggans 9) Public vs. Mass Media: The Case of The Internet Jim O'Loughlin 10) Bruce Sterling's Comments at CFP '94 Bruce Sterling 11) Book Review - Doing Business On The Internet Steve Brock 12) Generic Usenet Flame Form [Humor] 13) McDonnell Douglas Warranty Card [Humor] 14) Social Contract Between Us and Them [Humor] 15) Electronic Petition Against Clipper Editors 16) Form letter againt Clipper for the President Editors 17) Official Government press release: Clipper Editors 18) ISDN Information (RBOCS) Max Mednick 19) A catalog of national ISDN solutions Max Mednick 20) Sprint expands presence in China News 21) SSN FAQ / Social Security Number info Chris Hibbert 22) The Clipper Chip is your friend Bob Davis (WSJ) %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% A NOTE FROM THE EDITOR It is my pleasure to welcome aboard to the editing staff Mr. Max Mednick as the Technology Editor. Max is a technical trainer and network support specialist for a Fortune 500 company, and has several years of experience in the field of networking and communications. Everyone send him a message welcoming him. (kahuna@bga.com). Also, we are welcoming Carl Guderian as Director of Information Systems. He is currently employed by big-brother. His email address is bjacques@cypher.com %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% COMMENTS FROM OUR READERS From: jim@rsa.com (Jim Bidzos) To: comments@fennec.com Subject: TJOAUC-1.1 Great! I'm honored to have contributed to TJOAUC! Thanks, and keep up the good work. =-=-=-=-=-=-=-=-=-=-=-=-=-= From: Anonymous@some.government.agency To: comments@fennec.com Subject: Thanks! I checked your archived 'Journal of American Underground Computing' at extext.archive.umich.edu. I found the quality and content to be high. If you could also subscribe me, I would be grateful. Sorry about the skepticism (with reservations to Mark Lanes allegations that the CIA murdered JFK). %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% PAUL AND KARLA HIT THE NET Posted By Dennis R. Hilton (drhilton@kaiwan.com) Copyright 1993,4 Wired Ventures, Ltd. All Rights Reserved For complete copyright information, please see the end of this file WIRED 2.04 Electric Word ************* Recent events in Canada have proven once again that - for better or worse - the information genie has escaped into cyberspace and can't be put back in the bottle. When an Ontario judge issued an order barring media coverage of a sensationalized murder trial, Canadians used the Net to break the ban. The case concerns Paul "Bernardo" Teale and his wife, Karla Homolka Teale, who were each charged in the grisly murders of two teenagers. Paul Teale now stands accused of 48 sex-related charges, while Karla Homolka entered into a plea bargain: She pleaded guilty to manslaughter and is expected to testify against Paul. The nonstop press coverage prompted Paul Teale's lawyer to ask for a media gag order until the conclusion of his trial, on the grounds that it would be impossible to impanel an impartial jury. Despite legal intervention by several major Canadian media outlets, the court imposed a ban on the publication of the details of the crimes. At first the ban had its desired effect. When the US television show A Current Affair featured the case, it was banned in Canada, and Canadian cable stations blacked out CNN coverage of the case. With the conventional media halted, the infosphere took over. First, two BBSes in Toronto began to post daily details of the trial. In August, a group of McGill University students created a Usenet group, alt.fan.karla- homolka, to discuss the case. By December, after phone calls by law-abiding Net surfers to systems managers, the Usenet group had been banned by systems managers and university officials at sites all over Canada. After the banning of alt.fan.karla-homolka, two new Usenet groups were created: alt.pub-ban and alt.pub-ban.homolka. Some Net users theorized that if they cross-posted all over the Net, the Royal Canadian Mounted Police would be in the impossible position of scrambling through cyberspace plugging leaks. One Net dweller jokingly proposed the ideal tactic: "The solution is obvious. Take the discussion to rec.sport.hockey. You silly Canadians would never ban that group." Other curious Canadians searched the pay-per-view news and magazine databases on Nexis and CompuServe for stories published by US newspapers. Most of the banned articles were re-posted verbatim to alt.true-crime, a group overlooked by the Mounties. As the infosphere grows to encompass the planet, the question is no longer whether certain information is too sensitive to be made public. The real question becomes whether it is even possible to keep certain information out of cyberspace. In the Teale-Homolka case, the ban was not so much broken as rendered irrelevant by the voracious online community: It is estimated that one in four Canadians knows the banned facts. Anita Susan Brenner and B. Metson %%%%%%%%%%%%%%%%%%%% WIRED Online Copyright Notice %%%%%%%%%%%%%%%%%%%%%% Copyright 1993,4 Wired Ventures, Ltd. All rights reserved. This article may be redistributed provided that the article and this notice remain intact. This article may not under any circumstances be resold or redistributed for compensation of any kind without prior written permission from Wired Ventures, Ltd. If you have any questions about these terms, or would like information about licensing materials from WIRED Online, please contact us via telephone (+1 (415) 904 0660) or email (info@wired.com). WIRED and WIRED Online are trademarks of Wired Ventures, Ltd. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% AT&T CELLULAR PRIVACY SYSTEMS AMERITECH CELLULAR PRIVACY SERVICE USES AT&T TECHNOLOGY By David R. Arneke (darneke@attmail.com) AT&T SECURE COMMUNICATIONS SYSTEMS NEWS RELEASE Reprinted with permission GREENSBORO, N.C. -- Ameritech Cellular Services in Chicago has become the first cellular telephone system in the country to offer voice privacy service using the AT&T Advanced Cellular Privacy System. Ameritech launched its Enhanced Voice Privacy service in Chicago this month. "This technology adds to the productivity and value that Ameritech cellular service provides to its customers," said Thomas A. Brooks, AT&T Paradyne senior vice president, Secure Communications Systems. "And, by helping the carrier provide value to the cus- tomer, AT&T cellular privacy technology adds value to the carrier as well." The AT&T technology scrambles the cellular telephone's over-the-air signal. The signal is descrambled at Ameritech's cellular switch, transmitting a conventional phone signal to the recipient. If the scrambled over-the-air signal is intercepted, the eavesdropper will hear only a chirping sound. AT&T's advanced privacy technology renders the over-the-air signal unintelligible. The system already is in wide use in Japan in the cellular system of one of the two major Japanese telephone companies. The AT&T Cellular Privacy System offers cellular users a variety of benefits. -- Its technology is small enough and light enough to be embeddable in today's small, portable phones. -- The system features an unmatched combination of high voice quality and an advanced level of privacy. -- It is applicable to all three types of cellular telephones -- portable, transportable ("bag phones") and mobile (car phones). The system has two components. The AT&T privacy unit attaches to the phone and scrambles the phone's signal. Voice privacy modules are available for several brands of cellular telephones, among them AT&T models, including the AT&T Privacy-Capable Portable Telephone 9000; the Audiovox 3200 series; Mitsubishi models using the Model 1200 transceiver; the Motorola 2600; the NEC 3800B and 4800; the Oki 800 series; and the Toshiba 3200 series. Modules for other brands and models are in development. The Mobile Telephone Office Switch (MTSO) unit is installed at the cellular carrier's switch and descrambles the signal. Because the privacy system scrambles only the over-the-air portion of the call, no matching unit or special equipment is required at the receiving phone. The AT&T Paradyne Cellular Privacy System was developed by AT&T Secure Communications Systems, a world leader in the design, manufacture and integration of encryption and privacy products. It is a primary supplier of secure products to the governments of the United States and other nations as well as corporations around the world. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% CLIPPER (From The Guardian) By Mike Holderness (mikeh@gn.apc.org) This piece on the Clipper controversy appeared in the London, UK _Guardian_ on 3 March 1994. My apologies for the delay in circulating this to all of you who helped with advice and comments or expressed an interest; and to a couple people whose attributions got cut for space. Some Netizens may find the piece a bit wishy-washy. Better that than the _Independent_'s coverage, which was full of unsubstantiated claims -- if they _know_ the NSA has a back-door, I wish they'd publish the evidence... I _know_ the description of the technology ended up inexact. Anyone who can give an exact description in fewer words gets a bottle of champagne next time you're in London... If you re-distribute this, please do so in its entirety and un-cut. Contact me to discuss terms before you publish it on paper: I have a freelance living to earn and a landlord to feed. (C)opyright 1994 Mike Holderness mikeh@gn.apc.org London, UK HED: Are these men a threat to freedom? PIC: (4-column): Gore & Clinton YOUR COMPANY is, at last, connected to the Internet. You can swap memos with branch offices around the world within minutes. But you naturally don't want your competitors, or their governments, siphoning the details of your bid for that dam contract in the Philippines out of the net. What do you do? On the other hand, when you receive an electronic message announcing a call for tenders, how do you know it's genuine? You've heard that it's possible to fake electronic mail, and you're worried about all the possibilities for creative industrial espionage which this opens up. Then again, you might be a Cabinet minister, setting up a meeting with your boyfriend on the mobile phone. Wouldn't it be good to know that no-one could tap the message? The answer to all these problems lies in encryption technology. The solution the US government proposed earlier this month, however, has generated a furious row in the "on-line community" about the government interfering in citizens' right to communicate in private. The disturbing implications for people outside the US have gone largely unremarked. Computer programs that can do practically unbreakable encryption are available to the public in the US and elsewhere. One, named PGP for Pretty Good Privacy, is increasingly being used to authenticate electronic messages (Computer Guardian, Nov ?? 1993). It can encrypt the whole message, or send the main text "in clear", followed by an encrypted block containing a mathematical "fingerprint" of the message and the sender's name and address. The program can thus verify whether a signature belongs to the purported sender and whether the message arrives as it left. Encryption has long worried law-enforcement agencies. What if drug- dealers and terrorists start using unbreakable encryption? The US government's Key Escrow Encryption system -- commonly known by its working title, Clipper -- is its answer. Clipper uses an encryption chip suitable for building into a mobile phone or a modem. Its method of encryption, developed by the US National Security Agency (NSA), depends on "keys". These are codes which are used mathematically to mangle the text or speech. The receiver can only get the original back out if they have the key and can use it to un-mangle -- decrypt -- the message. PGP depends on a "public-key" system. Users sending signed messages encrypt the signature with keys known only to them. They also issue public keys. These are mathematically derived from the private key, and allow anyone to verify the signature. If someone sends them a message encrypted with their public key, only the private key will extract it. By contrast, each Clipper chip will have an encryption key built in. When the chip is manufactured, two parts of the key will be lodged with two separate US government agencies. (In legal jargon, this is like "holding the keys in escrow".) A secret "super-key" allows law enforcement agencies to retrieve the serial number of the chip used on the link they're tapping. Under US guidelines released on February 4, if a law enforcement agency wants to eavesdrop on encrypted communications, it should send details of a search warrant to the agencies holding the key components. This is a red rag to the inhabitants of Internet discussion forums, "the world's largest functioning anarchy". There, discussions of the right (under the First Amendment to the Constitution) to unrestricted free speech can and do slip effortlessly into the belief that, as one participant put it, "The People must be allowed to discuss anything, including revolution." According to Brian Yoder, president of California company Networxx, "The US Constitution doesn't grant the government the power to maintain this kind of surveillance capability over the population. Period. The assumption is that anything that enhances the ability of the police to catch criminals is OK, but that is not what the Constitution says, and that's not the kind of country I want to live in." Cryptology specialist Dr Dorothy Denning at Georgetown University in Washington DC, who was part of a team reviewing the NSA's design process, points out that Clipper "will not make it any easier to tap phones, let alone computer networks. All it will do is make it technically possible to decrypt communications that are encrypted with the standard, assuming the communications are not super-encrypted with something else. Law enforcers still need to get a court order." But who trusts the NSA? The Clipper design is secret. Many assume that the Agency has built in a "trap-door" allowing it to break encryption without the keys. No-one has proposed making non-Clipper encryption illegal, but the US government clearly hopes to establish it as an industry standard. For example, while it's usually illegal to export any form of encryption technology from the US, it will be legal to export Clipper. Non-US companies using it to protect their communications will have to live with the uneasy knowledge that the NSA could be listening in -- and the NSA, like its UK sibling organisation GCHQ in Cheltenham, has a long history of intercepting foreign commercial messages for the benefit of home companies. (GCHQ declined to say whether it had been involved in any discussions over Clipper.) The protests have started. A petition organised by Computer Professionals for Social Responsibility against Clipper, and in favour of a Bill to permit export of competing encryption systems, gathered more than 20,000 electronic signatures in its first two weeks. Wired magazine has proclaimed that ``This is a pivotal moment in history'', accusing ``the Clinton-Gore administration'' of ``attempting a stealth strike on our rights''. It has asked readers to sign the CPSR petition against Clipper and to ``call or write your Congressional representatives and let them know how you feel''. Encryption and authentication are important for much more than the privacy of the frequently obscure or banal discussions on the Net. Medical and financial records are now commonly held on computers, and a growing proportion of business transactions take place on line. Cyberspace is where your money is. For private communications, Emma Nicholson MP takes a relaxed view: "In communicating, we should start from a belief that everyone listens to everything. Gossip is what makes the world go round. I have very few secrets. I would be deeply concerned if a device were marketed that could stop interception -- I would support the FBI completely." Computer-law barrister Alistair Kelman, however, believes that any attempt to enforce the Clipper chip as a worldwide standard would meet stiff opposition. The European Commission could be expected to object that it fell foul of Treaty of Rome provisions against misuse of a dominant position. "If you want to have a world standard for encryption, fine," Kelman said, but the EC could respond: "let's all get together and settle on something that meets our requirements as well." Wired articles on Clipper can be obtained via the Internet by putting the following three lines into the body of an electronic mail message addressed to infobot@wired.com: send clipper/privacy.meeks send clipper/privacy.barlow end %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% PRIVACY: NOTES FROM CYBERSPACE These are just little tidbits picked up from here and there...feel free to comment on them. -Editors NOTES FROM CYBERSPACE - ARTICLE 1 By Arthur Entlich (ua107@freenet.victoria.bc.ca) Subject: Privacy in Canada Over the last several years there has been a feeding frenzy in the private sector toward collection of private information. Currently, to my know- ledge there is only one province in Canada that has legislation on the books which protects individual's private information within the private sector, and that is Quebec, which may not be a province of Canada for long, if things continue. Anyway, recently a few provinces have developed Offices of Privacy and Freedom of Information (Ontario and British Columbia) both of which have "left of center" parties in power. However, these government offices only regulate the issues of freedom of information and privacy within the public sector (governmental agencies). These is also a similar office on a federal basis. Ther eis much to be done here to roll back the amount and connectivity of information in the public and private sector. For instance, our SIN number (Social Insurance Number) which was legislated originally for only about 6 programs, all relating to employment, has been expanded to uses such as banking, (required by law now) medical plans, etc, Also, the private sector has a field day with this number and it has basically become a national identity number. Some changes are occurring, such as in British Columbia, we were issued a separate and unique medical plan number after many complaints, however on several occasions I have by phone or in person requested information about my coverage and claimed I did not have my medical number handy, and was asked for my SIN, at which point they crossreferenced to my medical number, so obviously they are still connected internally. More recently, the government of B.C. has indicated that in two months a new program called PharmaNet will be put in place. This will hook up all pharmacies in the province so that ones drug profile is available to each pharmacist if they use a keyword you provide (the keyword was demanded by the office of privacy, originally it didn't even have this). You must provide this keyword and your medical plan number in order to purchase the drugs. The government claims it is becaus ethey have a problem with drug interactions, especially amongst the elderly who see numerous doctors and don't remember what they are taking. They also claim it is to prevent the practice of people seeing several doctors for one prescription type, then go to several pharmacies to buy multiple prescriptions, and then sell the drugs on the street. The government does have some justification, in that they do pay for the partial cost of drugs to people over 65 and they also pay for all drug costs over $600 per family per year. However, the vast majority of the population does not fit into these groups. In the private sector things are much worse. Most video stores re- quire D.L.# plus SIN, and they can sell this info to anyone at the present state of the law. Banks have gotten really nasty of late, and are requiring a credit card number just to open a chequing (or checking if you are south of the border) account. I was required to sign a statement when opening a simple chequing/savings account at a credit union which gave them permission to "acquire any information deemed necessary to verify the information provided, or to protect the credit union", and that such information could be transmitted to other financial institutions, branches of their company, and other companies they own (which includes and investment and insurance division). I am fighting to change this now, as the next shareholders meeting is in mid-April and i have submitted several resolutions to change the current constitution of the credit union. Anyway, I know this has been long winded... sorry. I would be most interested in anyone who can provide inform anyone who can provide information on laws in the states or elsewhere which deal with issues such as these. I would like to know what other legislation is out there to protect the privacy of personal information in either the public or private sector. Thanks... please E-Mail me. %%%%%%%%%%%%%%%%%%% NOTES FROM CYBERSPACE - ARTICLE 2 By Anonymous Subject: What is being done about Privacy??? I have been doing some reading about the available databases, I was shoked at some of the services that are listed. Just to name a few .... * Searches for SSN's, lists name, address, last transaction * Searches for Mass Mailings and magazine subscriptions * change of address, (someone also mentioned PO Box info!!) * for most states - car ownership and Drivers lisc history * Top of Credit reports (name, address, SSN, employer) * neighborhood searches, demographics (income, ect ..) * National Phone listings * Airplane and Boat ownership * Professional Lisc's * ect, ect, ...... I have seen alot of talk about not giving out a SSN, but whats the point? It seems like it is already too late. I haven't seen the info in all of these datbases, but it seems as though Big Brother is already here. I am sure many people in this group already knew about alot of this. I am curious if anything is actually being done about this? I have seen the EFF do alot against clipper; are they doing anything against these databases that are open to the public (for a price)??? The clipper petition got alot of names, couldn't the same be done about these databases. I would bet most people have no idea all this personal information is available. They would be just as shocked as I was and you could get more signatures than the clipper petition. %%%%%%%%%%%%%%%%%% NOTES FROM CYBERSPACE - ARTICLE 3 By Anonymous Subject: Comments on Wall Street Journal / NSA 'cryptomathematician' In the Tuesday March 22, 1994 issue of the Wall Street Journal appeared an interview by reporter Bob Davis of Clinton Brooks the head of the NSA effort for an Escrow Encryption system commonly associated with Clipper. In the article Mr. Brooks relates there efforts to produce such as system came to fruition in a timely fashion with respect to AT&T desiring to sell secure voice systems. Having spoken with several people marketing AT&T Surety Communications products, it appears that indeed, NSA 'balked', and not just over the point of export licensing for DES based products. AT&T also sells several proprietary encryption algorithms, including one approved for export under ITAR. These all predate clipper. One of the marketing types at AT&T Surety indicated that NSA didn't want DES in secure voice products and hinted at international agreements to limit proliferation of DES applications, although apparently no evidence of this has arisen through John Gilmores FOIA requests. If AT&T was ready to sell two tier products domestic/overseas, why the jump to clipper? They offered a captive market, the Justice Department, which has paid in the neighborhood of $8 million dollars from asset siezures for a couple thousand clipper phone units probably at a higher price than they would sell for on the open market. They have also gained the promise of a single tiered product, although the rest of the STUIII compatible products are still available. AT&T appears hard pressed to find a nongovernment related market place for secure voice, without significant non-Justice shipping. Part of this may be cost, a Telephone Security Device costs more than an AT&T videophone while having a lower complexity. A popular MODEM manufacturer Paradyne, a subsidiary of AT&T, sells a MODEM with more than half the complexity of the Telephone Security Device for $179 retail. The videophone is selling for around $940 while the TSD 3600, a unit sitting between your phone and the wall sells for $1050. AT&T appears to have had a hard time waiting for MYK-78e chip shipments from Mykotronx. They received the initial production lot in October or November, following a protracted nonreassuring rubber stamp review process and a NIST Encryption Escrow non Standard release, which from the WSJ article was staged simple for AT&Ts benefit. That and we get a secretive governmental agency starting an unprecedented propaganda effort. Is this a case of our government doing more for us than we would possibly ask? Perhaps we should ask why. %%%%%%%%%%%%%%%%%%%% NOTES FROM CYBERSPACE - ARTICLE 4 By Anonymous Subject: Creative Freedom / Restrictions on Free Communcication I am aware of a case where a student made significant headway in development of techniques which accelerate convergence of algorithms used in computer arbitrage. The advisor told the student that this was amazing and great! But then the advisor tried to get the student to change the name of the technique to something that would make it sound like the advisor thought of it. Then, on the second idea the student mentioned, the advisor exclaimed how great it was and then suddenly turned around and began to try to talk the student out of the idea. But, the student had already convinced his/herself of the validity and value and stood ground on the second idea. When the student began to e-mail others in the community, the advisor had an irrational reaction. The advisor required the student to consult with (the advisor) before discussing his/her results vi e-mail with others in the community. Also, the advisor said that such discussions should not leave the local research group. TELL ME, IS THIS AN ETHICAL REQUIREMENT?? WHAT DO YOU THINK IS GOING ON HERE? %%%%%%%%%%%%%%%%%%%%% NOTES FROM CYBERSPACE - ARTICLE 5 From: James Ebright (jebright@magnus.acs.ohio-state.edu) Subject: Re: Wall Street Journal Interview with NSA 'cryptomathematician' My response to AT&T: I switched to MCI today... (Who else is listening to my true voice?) You can switch too... call 800-624-8030. My response to NSA: I still don't think folks are going to buy many guaranteed tapable 'secure' phones. But this shows the power of entrenched bureacuracies who have a vested interest in intrusive government. If the Cantwell bill passes, this mugging of US businesses via ITARs would be impossible. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% KIDNAPPED BY THE STATE / INTERNET NOT SAFE By Matthew A. Mihaly (mam6@cornell.edu) O.k., here is the situation. I had been contemplating suicide and posted my situation on alt.romance.chat (lot's of nice people replied, btw.) I also posted something on alt.drugs (under the name "Matt" asking for some useful drugs for the purpose of killing myself (which, for any of you fu*king ass-sucking cops out there: I am not saying I want to). The Internet is not safe. Two days (on 3/14) after I posted it, a couple of cops show up at my door, along with some nut from the mental health department of Tompkins County (that's this county obviously) and tell me I have to come with them to the hospital for "an hour, maybe an hour and a half." I said "What if I don't choose to go." They replied that I don't have a choice. They informed me that I'm going with them because some people read my internet message and were concerned. I was in the middle of conducting some business on the phone and asked if I could make a couple of phone calls first but the pigs replied that no, I couldn't. In effect, they kidnapped me. So, they drive me to Tompkins County Hospital where I am forced to sit in a room for 2 hours (with a couple of goons waiting outside to make sure I don't try to run). Finally, some bitch comes in and talks to me for all of 4 or 5 minutes. I explicity told her that I am not planning on killing myself (partly due to the 20 or 30 supportive e-mail messages I got from people). She said it's not here decision whether I'm held or not but that she would go give the doctor her opinion (she left me with the impression that she would tell me to let me go.) The doctor came in, after another 45 minutes of waiting) and talked to me for maybe 2 minutes. I said I wanted a lawyer. He said "Sure, you can always have a lawyer." and walked away mumbling something about always being able to have a lawyer. Apparently he was being sarcastic because no lawyer ever showed up. After another 20 minutes or so, some guy pokes his head in the room and asks me who I am. I didn't tell me of course, but 2 minutes later, some little geek walks in, sits down and says "I don't know if you've heard yet, but you are being transfered to a mental health ward." I say something to the effect of f*ck you I'm not going anywhere. By this time, there were a couple of goons in the room also. They told me that I could either go of my own free will or they would drag me there. Noticing that there were about six other guys standing out in the hall way I said I'd go. I then stood up, told the little geek that I hope he goes home tonight and suffers the worst kind of hell (or something to that effect). Then, one of the goons grabs me and drags me out into the hallway where I see one of those portable beds for ambulances with restraining devices on them. AT this point I was absolutely livid with rage. No way are you f*ckers restraining me I said. Well, they said I had to be restrained because I had just threatened the little geek with violence (not true, I just wished hell on him). So, they strap me down (I cooperated but was berating them the whole time) and put me in the ambulance and left a guy in the back to watch me. I was telling him what a dick he is and how big a violation of my human rights this was and he just told me to shut up. After a period of silence I apologized to him and told him I didn't mean anything personal. He responded with something to the effect of "Well f*ck you, I dont' like your tone of voice." I asked him, very sarcastically, if he was pleased with how well he was doing his job. He said "Look, I'm just doing my job here." Yeah, yeah I replied, so were the Nazi death-camp guards. Anyhow, they get me to this hospital (Soldiers and Sailors Memorial in Penn Yan, NY). They made me strip and put on stupid hospital clothes. By this time it was 8:30 at night (I got picked up at about 4:30) and no one had given me anything to eat. They gave me some graham crackers at this point. Whoopee. So anyhow, I wait for an hour or so and some guy named Tom Rice (yeah, I hope you're reading this you cocksucker) comes in and talks to me for about 3 minutes and says "o.k., I'm admitting you." Well, I was pretty pissed as you might imagine. So, they bring me upstairs, give me a room, etc., etc. and expect me to go to sleep until morning. Yeah, whatever. Like I can sleep when I'm a prisoner. I spent the whole night planning a way to escape (pathetic security cause I was in the wing where people with things like depression are kept, not the criminally insane wing). At 6:30 in the morning, they come in and tell me they are going to take blood from me. When I said no they said they were going to anyhow. Well, the long and short of this all is that I ended up spending two nights in a f*cking mental hospital because A) some f*ckers at Cornell University are idiots (I know at least one of their names so far... Leeza Casinelli, a therapist at our health services.. she is a fascist pig, don't go see her) and B) the idiot psychiatrist I saw the next morning said they have to keep me another night for observation. Nevermind the fact that I was obviously fine and the rest of the staff knew it. The food there sucked, I was confined in EXTREME boredom (what, they expect me to read 2 year old Time magazines all day???), missed many classes, a test, and some papers. Furthermore, I do alot of investing and lost a significant sum during this time. I guess my point in all this is that the Internet is definitely not safe, even if you aren't breaking the law. I got back about 2 hours ago from that f*cking place. I'm thinking about suing Cornell U (they are the ones who started all this) and maybe the state of New York. The way I look at it, I was held without indictement, without warrant, and without legal representation based on evidence contained on a Usenet posting. I mean c'mon. Like even 1/8 of the stuff posted here should be taken seriously. Take a look at alt.devilbunnies for instance. A completely amusing group, but not something to take seriously. Anyhow, I go to Cornell and live in Ithaca. I keep on trying to contact the ACLU here but no one ever answers. I've only gotten a busy signal once too. Also, are there any lawyers around here that someone can recommend for me? I was kidnapped and imprisoned for two days by the state. The state, not just of America, but the state of the world must be destroyed. Power, concentrated like this is absolutely tyrannical. I am not suicidial (although I was at one point) and these morons should have realized this. Be careful what you post and look into PGP encryption. F*ck the government and f*ck you you Cornell U. bastards. I hope you rot in the worst part of hell for what you put me through. If you want me to be depressed, go ahead, do it again. Make me miss classes, tests, and lose money. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% LEGION OF DOOM T-SHIRTS!! Get 'em By Chris Goggans After a complete sellout at HoHo Con 1993 in Austin, TX this past December, the official Legion of Doom t-shirts are available once again. Join the net luminaries world-wide in owning one of these amazing shirts. Impress members of the opposite sex, increase your IQ, annoy system administrators, get raided by the government and lose your wardrobe! Can a t-shirt really do all this? Of course it can! -------------------------------------------------------------------------- "THE HACKER WAR -- LOD vs MOD" This t-shirt chronicles the infamous "Hacker War" between rival groups The Legion of Doom and The Masters of Destruction. The front of the shirt displays a flight map of the various battle-sites hit by MOD and tracked by LOD. The back of the shirt has a detailed timeline of the key dates in the conflict, and a rather ironic quote from an MOD member. (For a limited time, the original is back!) "LEGION OF DOOM -- INTERNET WORLD TOUR" The front of this classic shirt displays "Legion of Doom Internet World Tour" as well as a sword and telephone intersecting the planet earth, skull-and-crossbones style. The back displays the words "Hacking for Jesus" as well as a substantial list of "tour-stops" (internet sites) and a quote from Aleister Crowley. -------------------------------------------------------------------------- All t-shirts are sized XL, and are 100% cotton. Cost is $15.00 (US) per shirt. International orders add $5.00 per shirt for postage. Send checks or money orders. Please, no credit cards, even if it's really your card. Name: __________________________________________________ Address: __________________________________________________ City, State, Zip: __________________________________________ I want ____ "Hacker War" shirt(s) I want ____ "Internet World Tour" shirt(s) Enclosed is $______ for the total cost. Mail to: Chris Goggans 603 W. 13th #1A-278 Austin, TX 78701 These T-shirts are sold only as a novelty items, and are in no way attempting to glorify computer crime. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% PUBLIC vs. MASS MEDIA: THE CASE OF THE INTERNET By Jim O'Loughlin (v049lnwe@ubvms.cc.buffalo.edu) In its initial configuration, the Internet was designed to be neither a public or a mass media. Twenty years ago, the ARPAnet, as it was then called, was a U.S. Department of Defense research experiment into how to create a computer network that could withstand partial outages, as from a bomb attack. (Krol 11) In the mid 1980s, the National Science Foundation created a network built on the ARPAnet technology that for the first time expanded access beyond computer researchers and government employees. The NSF promoted universal access by connecting universities only if they had plans to promote Internet use. (12) The Internet, as a network of networks, began expanding rapidly, becoming international and spawning commercial imitators such as Prodigy, CompuServe, and America Online. Currently, strictly commercial ventures are banned on the Internet, which is still officially only used for research purposes. However, its growing popularity and commercial potential have whetted the appetite of business. Much of the current discussion about the "information superhighway" revolves around how to turn the Internet into a source of commercial profit. Lost in much of the information superhighway rhetoric is the nature of most of the "traffic" on the Internet. For while media discussion often portrays the Internet as a science fiction version of Cable TV, much of its current popularity is due to its ability to facilitate discussions between people throughout the globe. To understand what is at stake in the transition from the Internet to the information superhighway, it is necessary to consider the cultural position of the Internet, or, to use C. Wright Mills terminology from *The Power Elite*, the extent to which the Internet is a public vs. a mass media. Though Mills's model focuses on the extent to which a population is a public or a mass, I believe it can be applied to media and its use. First, the formal media of communication need to be examined for the proportion of expressed to received opinions. In a public, "virtually as many people express opinions as receive them." (303) In essence, opinions would be communicated through direct discussions. In a mass, "far fewer people express opinions than receive them." (304) The extreme of the latter state would be a case in which "one person talks impersonally through a network of communications to millions of listeners and viewers." (302) The second standard is the extent to which an opinion can be responded to without "internal or external reprisals being taken." (302) Public communications would be organized to facilitate the immediate and effective response to any publicly expressed opinion without fear of retribution. The conditions of mass communications make it impossible for any individual to "answer back immediately or with any effect." (304) The third term of measurement would be the degree to which the formation of opinions can lead to social action. In a public realm, opinions can readily lead to effective action, even against the powers that be. Authorities retain tight control over opinion in a mass sphere and can organize and control any attempts at such action. Finally, there is the extent to which "institutionalized authority, with its sanctions and controls, penetrates the public." (303) Is a particular media one in which the public has true autonomy? In an ideal public, "authoritative institutions do not penetrate the public," (304) while in a mass, people have no autonomy from institutions of power and are frequently manipulated. The limitations of these terms need to be understood. They represent extreme types, "social reality is always some sort of mixture of the two. Yet we cannot readily understand just how much of which is mixed into our situation if we do not first understand, in terms of explicit dimensions, the clear-cut and extreme types." (302) The Internet functions in a combination of mass and public roles. Importantly, however, this paper will argue that much of what is involved in the creation of the information superhighway will turn the Internet into more of a mass media, to the detriment of the extent to which the Internet is currently a public media. The Internet is probably most noteworthy as a public media for the extent to which people have equal access to expressing and receiving opinions. Though large parts of the Internet exist to disperse information (tools such as GOPHER and MOSAIC are designed to facilitate access to databases and other information banks), much of the Internet is made up of bulletin boards, salons, or discussion groups around cultural, political or leisure topics (such as alt.cyberspace, soc.politics or rec.food.veg.cooking). Though some groups are controlled by moderators, the majority have no limitations on what can be posted. In a newsgroup, there are usually a number of parallel conversations (or threads) going on at any one time. In a recent overview of commercial on-line services in *Newsweek*, it was noted that people seem more interested in communication than services. "People want to talk to one another." (Meyer 39) On-line shopping and banking facilities have had a less than stellar reception, however, discussion groups have been hugely popular. More than 100,000 messages are posted on the Prodigy system every day. On the Internet, the equivalent of dozens of full-length novels are written on a daily basis. This interchange, or the extent to which authorship has become a public role, is perhaps the Internet's most important feature. A concern with the coming of the information superhighway is the extent to which these discussion groups will be affected. As the Internet becomes increasingly privatized, it comes questionable whether or not these groups will retain their current form. Some businesses have attempted to capitalize on their popularity. Microsoft is launching a Complete Baseball newsgroup that features discussions, fantasy-baseball leagues, and access to a wealth of statistical information. According to Barry Berkov of CompuServe, "this is where the growth is... Anything addictive is good." (quoted in Meyer 39) Groups based on entertainment or leisure topics (particularly ones in which certain people have an obsessive interest) may attract capital. It remains questionable what would happen to less "addictive" or more politically inclined groups. At its best, discussion on the Internet operates on a civil libertarian model. One is free to post whatever one wishes and free to participate in any of the discussions. However, the computer technology upon which the Internet relies also makes surveillance and reprisals a simple matter. It is relatively easy for any group to monitor a conversation (some on the Internet have suggested that governmental agencies do just that), and a simple matter for systems operators at any computer site to tap into one's account or to withdraw one's Internet privileges. Though cases of direct governmental intervention so far are few, there are cases such as the 18 year old who was arrested for threatening the president's life over electronic mail (president@whitehouse.gov). However, one of the most ominous recent developments has been the proposed "Clipper chip." A Clinton administration proposal to standardize encryption chips was recently developed in consultation with the National Security Agency. Telephones containing the Clipper chip would send out "a string of bits called a law enforcement field. Its purpose is to enable the police and the FBI to decode conversations that they wiretap pursuant to court order." (Wallich 116) Both computer civil libertarians and major software companies have been opposed to this proposal (the former for reasons of privacy, the latter for reasons of international competitiveness). The Clinton administration is currently rethinking the policy, nevertheless, the technology and means does exist to give the government an exclusive "back-door" into cellular telephones. The third criterion for measurement, the extent to which the formation of opinions can lead to social action, is the one in which the jury is still out on the Internet. Few traditional political groups are entirely "online," and the physical distance between Internet participants raises serious questions as to its use in organizing. Is cyberspace a locale within which social action is likely or possible? Has it become a medium of a public sphere in which people can engage public authorities "in a debate over the general rules governing relations in the basically privatized but publicly relevant sphere of commodity exchange and social labor?" (Habermas 27) Computer Professionals for Social Responsibility circulated an electronic petition in opposition to the Clipper Chip proposal. This petition was distributed to a wide variety of newsgroups and eventually forwarded to the president. Such examples, however, are the exception rather than the rule. Calls to action are rare on the Internet. The question would be whether that is a carry over from the state of the world outside of cyberspace or endemic to shifting populations of the Internet. The final issue to consider is the role of institutionalized authority. No single authority governs the Internet. A council of elders (called the Internet Architecture Board) from the Internet Society has responsibility for the technical management and direction of the Internet. (Krol 14) However, this group has almost no control over the actual content of materials over the Internet. Often the metaphor used to describe the rules of the Internet is "frontier justice." "The two overriding premises of network ethics are: Individualism is honored and fostered. The network is good and must be protected." (35) Such a definition seems a bit romanticized but it does capture the suspicion of any authorial intrusion into cyberspace. Many recognize that the computer technology which brought about the Internet also makes stricter governmental control a possibility. As the Internet slowly becomes repaved into the Information superhighway, it will be important to watch the extent to which people are assumed to be either a mass or a public. In the former case, we can expect governmental concern about consumer rights, or the ability of people to have the ability to obtain as much information as possible for a reasonable price. Such a mindset governs most federal discussions about cable television regulation. However, if the people are considered to constitute a public, then concern will be raised about what Jurgen Habermas has termed "participatory rights" (229) These are not simply rights which protect people from something (often the intrusion of government), but rights which, in this case, ensure people's ability to partake in freedom of assembly and association through the medium of the Internet. Works Cited Habermas, Jurgen. *The Structural Transformation of the Public Sphere: An Inquiry into a Category of Bourgeois Society* Cambridge: MIT Press, 1993 (1962). Krol, Ed. *The Whole Internet: User's Buide & Catalog* Sebastopal, CA: O'Reilly & Associates, Inc., 1992. Meyer, Michael. "The 'On-Line' War Heats Up." *Newsweek* 28 March 1994: 38-9. Mills, C. Wright. *The Power Elite* New York: Oxford University Press, 1956. Wallich Paul. "Clipper Runs Aground." *Scientific American* August 1993: 116. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% BRUCE STERLING'S REMARKS AT CFP '94 Posted By Carl Kadie (kadie@eff.org) Comments to Bruce Sterling (bruces@well.sf.ca.us) LITERARY FREEWARE: NOT FOR COMMERCIAL USE I've been asked to explain why I don't worry much about the topics of privacy threat raised by this panel. And I don't. One reason is that these scenarios seem to assume that there will be large, monolithic bureaucracies (of whatever character, political or economic) that are capable of harnessing computers for one-way surveillance of an unsuspecting populace. I've come to feel that computation just doesn't work that way. Being afraid of monolithic organizations especially when they have computers, is like being afraid of really big gorillas especially when they are on fire. The threat simply doesn't concur with my historical experience. None of the large organizations of my youth that compelled my fear and uneasy respect have prospered. Let me just roll off a few acronyms here. CCCP. KGB. IBM. GM. AEC. SAC. It was recently revealed that the CIA has been of actual negative worth -- literally worse than useless -- to American national security. They were in the pockets of the KGB during our death struggle with the Soviet Union -- and yet we still won. Japanese zaibatsus -- Japan Inc. -- the corporate monoliths of Japan -- how much hype have we heard about that lately? I admit that AT&T has prospered, sort of -- if you don't count the fact that they've hollowed themselves out by firing a huge percentage of their personnel. Suppose that, say, Equifax, turned into an outright fascist organization and stated abusing privacy in every way they could. How could they keep that a secret? Realistically, given current employment practices in the Western economies, what kind of loyalty could they command among their own personnel? The low level temps have no health insurance and no job security; the high level people are ready to grab their golden parachutes and bail at any time. Where is the fanatically loyal army of gray flannel organization men who will swear lifelong allegiance to this organization, or *any* organization in this country with the possible exception of the Mafia? I feel that the real threat to our society isn't because people are being surveilled but because people are being deliberately ignored. People drop through the safety nets. People stumble through the streets of every city in this country absolutely wrapped in the grip of demons, groping at passersby for a moment's attention and pity and not getting it. In parts of the Third World people are routinely disappeared, not because of high-tech computer surveillance but for the most trivial and insane reasons -- because they wear glasses, because they were seen reading a book -- and if they survive, it's because of the thin thread of surveillance carried out by Amnesty International. There may be securicams running 24 hours a day all around us, but mechanical surveillance is not the same as people actually getting attention or care. Sure, rich people, like most of us here, are gonna get plenty of attention, probably too much, a poisonous amount, but in the meantime life has become so cheap in this society that we let people stagger around right in front of us exhaling tuberculosis without treatment. It's not so much information haves and have-nots and watch and watch-nots. I wish I could speak at greater length more directly to the topic of this panel. But since I'm the last guy to officially speak at CFP IV, I want the seize the chance to grandstand and do a kind of pontifical summation of the event. And get some irrepressible feelings off my chest. What am I going to remember from CFP IV? I'm going to remember the Chief Counsel of NSA and his impassioned insistence that key escrow cryptography represents normality and the status quo, and that unlicensed hard cryptography is a rash and radical leap into unplumbed depths of lawlessness. He made a literary reference to BRAVE NEW WORLD. What he said in so many words was, "We're not the Brave New World, Clipper's opponents are the Brave New World." And I believe he meant that. As a professional science fiction writer I remember being immediately struck by the deep conviction that there was plenty of Brave New World to go around. I've been to all four CFPs, and in my opinion this is the darkest one by far. I hear ancestral voices prophesying war. All previous CFPs had a weird kind of camaraderie about them. People from the most disparate groups found something useful to tell each other. But now that America's premiere spookocracy has arrived on stage and spoken up, I think the CFP community has finally found a group of outsiders that it cannot metabolize. The trenchworks are going up and I see nothing but confrontation ahead. Senator Leahy at least had the elementary good sense to backpedal and temporize, as any politician would when he saw the white-hot volcano of technological advance in the direct path of a Cold War glacier that has previously crushed everything in its way. But that unlucky flak-catcher the White House sent down here -- that guy was mousetrapped, basically. That was a debacle! Who was briefing that guy? Are they utterly unaware? How on earth could they miss the fact that Clipper and Digital Telephony are violently detested by every element in this community -- with the possible exception of one brave little math professor this high? Don't they get it that everybody from Rush Limbaugh to Timothy Leary despises this initiative? Don't they read newspapers? The Wall Street Journal, The New York Times? I won't even ask if they read their email. That was bad politics. But that was nothing compared to the presentation by the gentleman from the NSA. If I can do it without losing my temper, I want to talk to you a little bit about how radically unsatisfactory that was. I've been waiting a long time for somebody from Fort Meade to come to the aid of Dorothy Denning in Professor Denning's heroic and heartbreaking solo struggle against twelve million other people with email addresses. And I listened very carefully and I took notes and I swear to God I even applauded at the end. He had seven points to make, four of which were disingenuous, two were half-truths, and the other was the actual core of the problem. Let me blow away some of the smoke and mirrors first, more for my own satisfaction than because it's going to enlighten you people any. With your indulgence. First, the kidporn thing. I am sick and tired of hearing this specious blackwash. Are American citizens really so neurotically uptight about deviant sexual behavior that we will allow our entire information infrastructure to be dictated by the existence of pedophiles? Are pedophiles that precious and important to us? Do the NSA and the FBI really believe that they can hide the structure of a telephone switch under a layer of camouflage called child pornography? Are we supposed to flinch so violently at the specter of child abuse that we somehow miss the fact that you've installed a Sony Walkman jack in our phones? Look, there were pedophiles before NII and there will be pedophiles long after NII is just another dead acronym. Pedophiles don't jump out of BBSes like jacks in the box. You want to impress me with your deep concern for children? This is Chicago! Go down to the Projects and rescue some children from being terrorized and recruited by crack gangs who wouldn't know a modem if it bit them on the ass! Stop pornkidding us around! Just knock it off with that crap, you're embarrassing yourselves. But back to the speech by Mr. Baker of the NSA. Was it just me, ladies and gentlemen, or did anyone else catch that tone of truly intolerable arrogance? Did they guy have to make the remark about our missing Woodstock because we were busy with our trigonometry? Do spook mathematicians permanently cooped up inside Fort Meade consider that a funny remark? I'd like to make an even more amusing observation -- that I've seen scarier secret police agencies than his completely destroyed by a Czech hippie playwright with a manual typewriter. Is the NSA unaware that the current President of the United States once had a big bushel-basket-full of hair? What does he expect from the computer community? Normality? Sorry pal, we're fresh out! Who is it, exactly, that the NSA considers a level-headed sober sort, someone to sit down with and talk to seriously? Jobs? Wozniak? Gates? Sculley? Perot -- I hope to God it's not Perot. Bob Allen -- okay, maybe Bob Allen, that brownshoe guy from AT&T. Bob Allen seems to think that Clipper is a swell idea, at least he's somehow willing to merchandise it. But Christ, Bob Allen just gave eight zillion dollars to a guy whose idea of a good time is Microsoft Windows for Spaceships! When is the NSA going to realize that Kapor and his people and Rotenberg and his people and the rest of the people here are as good as people get in this milieu? Yes they are weird people, and yes they have weird friends (and I'm one of them), but there isn't any normality left for anybody in this society, and when it comes to computers, when the going got weird the weird turned pro! The status quo is *over!* Wake up to it! Get used to it! Where in hell does a crowd of spooks from Fort Meade get off playing "responsible adults" in this situation? This is a laugh and a half! Bobby Ray Inman, the legendary NSA leader, made a stab at computer entrepreneurism and rapidly went down for the third time. Then he got out of the shadows of espionage and into the bright lights of actual public service and immediately started gabbling like a daylight-stricken vampire. Is this the kind of responsive public official we're expected to blindly trust with the insides of our phones and computers? Who made him God? You know, it's a difficult confession for a practiced cynic like me to make, but I actually trust EFF people. I do; I trust them; there, I've said it. But I wouldn't trust Bobby Ray Inman to go down to the corner store for a pack of cigarettes. You know, I like FBI people. I even kind of trust them, sort of, kind of, a little bit. I'm sorry that they didn't catch Kevin Mitnick here. I'm even sorry that they didn't manage to apprehend Robert Steele, who is about one hundred times as smart as Mitnick and ten thousand times as dangerous. But FBI people, I think your idea of Digital Telephony is a scarcely mitigated disaster, and I'll tell you why. Because you're going to be filling out your paperwork in quintuplicate to get a tap, just like you always do, because you don't have your own pet court like the NSA does. And for you, it probably is going to seem pretty much like the status quo used to be. But in the meantime, you will have armed the enemies of the United States around the world with a terrible weapon. Not your court-ordered, civilized Digital Telephony -- their raw and tyrannical Digital Telephony. You're gonna be using it to round up wiseguys in streetgangs, and people like Saddam Hussein are gonna be using it to round up democratic activists and national minorities. You're going to strengthen the hand of despotism around the world, and then you're going to have to deal with the hordes of state-supported truckbombers these rogue governments are sending our way after annihilating their own internal opposition by using your tools. You want us to put an axe in your hand and you're promising to hit us with only the flat side of it, but the Chinese don't see it that way; they're already licensing fax machines and they're gonna need a lot of new hardware to gear up for Tiananmen II. I've talked a long time, but I want to finish by saying something about the NSA guy's one real and actual argument. The terrors of the Brave New World of free individual encryption. When he called encryption enthusiasts "romantic" he was dead-on, and when he said the results of spreading encryption were unpredictable and dangerous he was also dead-on, because people, encryption is not our friend. Encryption is a mathematical technique, and it has about as much concern for our human well-being as the fact that seventeen times seventeen equals two hundred and eighty-nine. It does, but that doesn't make us sleep any safer in our beds. Encrypted networks worry the hell out of me and they have since the mid 1980s. The effects are very scary and very unpredictable and could be very destabilizing. But even the Four Horsemen of Kidporn, Dope Dealers, Mafia and Terrorists don't worry me as much as totalitarian governments. It's been a long century, and we've had enough of them. Our battle this century against totalitarianism has left terrible scars all over our body politic and the threat these people pose to us is entirely and utterly predictable. You can say that the devil we know is better than the devil we don't, but the devils we knew were ready to commit genocide, litter the earth with dead, and blow up the world. How much worse can that get? Let's not build chips and wiring for our police and spies when only their police and spies can reap the full benefit of them. But I don't expect my arguments to persuade anyone in the NSA. If you're NSA and I do somehow convince you, by some fluke, then I urge you to look at your conscience -- I know you have one -- and take the word to your superiors and if they don't agree with you -- *resign.* Leave the Agency. Resign now, and if I'm right about what's coming down the line, you'll be glad you didn't wait till later. But even though I have a good line of gab, I don't expect to actually argue people out of their livelihood. That's notoriously difficult. So CFP people, you have a fight on your hands. I'm sorry that a community this young should have to face a fight this savage, for such terribly high stakes, so soon. But what the heck; you're always bragging about how clever you are; here's your chance to prove to your fellow citizens that you're more than a crowd of net- nattering MENSA dilettantes. In cyberspace one year is like seven dog years, and on the Internet nobody knows you're a dog, so I figure that makes you CFP people twenty-eight years old. And people, for the sake of our society and our children you had better learn to act your age. Good luck. Good luck to you. For what it's worth, I think you're some of the best and brightest our society has to offer. Things look dark but I feel hopeful. See you next year in San Francisco. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% [BOOK REVIEW] DOING BUSINESS ON THE INTERNET: HOW THE ELECTRONIC HIGHWAY IS TRANSFORMING AMERICAN COMPANIES By Steve Brock (sbrock@teal.csn.org) DOING BUSINESS ON THE INTERNET: HOW THE ELECTRONIC HIGHWAY IS TRANSFORMING AMERICAN COMPANIES by Mary J. Cronin. Van Nostrand Reinhold, 115 Fifth Avenue, N.Y., NY 10003, (800) 544-0550, (212) 254-9499 FAX. Index, bibliography, list of service providers. 320 pp., $29.95 paper. 0-442-01770-7 REVIEW Buying and selling on the Internet? Deals being made? Call the net police! Seriously, commercial traffic is only forbidden on the NSFnet - the Internet backbone, and restrictions there are scheduled to disappear by the end of this year, when the National Science Foundation (NSF) turns its administration of NSFnet over to commercial organizations. Sensing this transition, companies are flocking to the Internet. In a recent survey, 63% of Internet traffic worldwide is by businesses or their research labs. What can businesses get from the Internet? Mary Cronin, in her new book "Doing Business on the Internet," has many answers. After an overview of the mother of all networks and tips for choosing a service provider, she outlines strategies for seeking and exchanging information, increasing productivity, and increasing communications between departments and with customers. Another asset for businesses is that information can be retrieved swiftly. While the Internet has gone through many permutations, businesses have business to do right now, and Cronin says that companies with an Internet connection can "receive the advantages of high-speed telecommunications and continuously evolving technology while learning invaluable lessons about the management of networked organizations." While a few may desire more information than the non-technical overview Cronin provides, "Doing Business on the Internet" is a solid introduction to networked communication and information retrieval - the way business is going to be conducted from now on. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% GENERIC FLAME FORM This form is a generic-all-purpose Flame Form (tm). Don't you just hate it when you are reading Usenet and can't filter through all of the crap posted by people who simply do not have a clue! Well, maybe this form will cut down on some of that. If someone pisses you off on Usenet, fill it out and mail it to 'em. ---------cut here-------------cut here-------------cut here------------- ************************************************************************* GENERIC FLAME FORM ************************************************************************* Dear Sir/Madam I took exception to your recent post to alt.insert.newsgroup.here MESSAGE CONTENT SECTION It was (check all that apply): ___ lame. ___ stupid. ___ much longer than any worthwhile thought of which you may be capable. Your attention is drawn to the fact that: ___ What you posted/said has been done before. ___ Not only that, it was also done better the last time. ___ Your post was a pathetic imitation of ______________________. ___ Your post contained commercial advertising. ___ Your post contained numerous spelling errors. ___ Your post contained multiple grammatical errors. ___ YOUR POST CONTAINED EXCESSIVE CAPITALIZATION AND/OR PUNCTUATION!!!!! ___ Your post was an obvious forgery. ___ It was done clumsily. ___ You quoted an article in followup and added no new text. ___ You quoted an article in followup and only added ___ lines of text. ___ You quoted an article in followup and only added the line "Me, too!!!" ___ You flamed someone who has been around far longer than you. ___ You flamed someone who is far more intelligent and witty than you. ___ Your lines are 80 columns wide or wider. SIGNATURE SECTION ___ Your .sig is longer than four lines. ___ And your mailer truncated it. ___ Your .sig is ridiculous because (check all that apply): ___ You listed ___ snail mail address(es). ___ You listed a nine-digit ZIP code. ___ You listed ___ phone numbers for people to use in prank calls. ___ You included a stupid disclaimer. ___ Your pathetic attempt at being witty in the disclaimer failed. ___ Miserably. You included: ___ a stupid self-quote. ___ a stupid quote from a net.nobody. ___ a Rush Limbaugh quote. ___ a Dan Quayle joke. ___ a Hitler reference ___ a reference to the world being 6000 years old ___ a reference to Beavis & Butthead. ___ lame ASCII graphic(s) (Choose all that apply): ___ USS Enterprise ___ Australia ___ The Amiga logo ___ Company logo ___ and you stated that you don't speak for your employer. ___ Bicycle ___ Bart Simpson Furthermore: ___ You have greatly misunderstood the purpose of alt.insert.newsgroup.here ___ You have greatly misunderstood the purpose of the net. ___ You are a loser. ___ You must have spent your entire life on a milk carton to be this dumb! ___ This has been pointed out to you before. ___ It is recommended that you: ___ Stick to FidoNet and come back when you've grown up. ___ Find a volcano and throw yourself in. ___ Get a gun and shoot yourself. ___ Stop reading alt.censorship and get a life. ___ Stop sending email and get a life. ___ Learn the concepts of cross-posting and follow-ups ___ Try reading a newsgroup for a week (or more than an hour) before posting Additional comments: Follow-ups to: /dev/null %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% McDonnell Douglas AIRCRAFT-SPACE SYSTEMS-MISSILES Important! Important! Please fill out and mail this form within 10 days of purchase Thank you for purchasing a McDonnell Douglas military aircraft. In order to protect your new investment, please take a few moments to fill out the warranty registration card below. Answering the survey questions is not required, but the information will help us to develop new products that best meet your needs and desires. 1. _Mr. _Mrs. _Ms. _Lt. _Gen. _Comrade _Classified _Other First Name________________Initial____Last Name_______________________ Latitude________________________Longitude____________________________ Altitude____________________Password, Code Name, Etc.________________ 2. Which model aircraft did you purchase? _F-15 Eagle _F-16 Falcon _F-117A Stealth _Classified 3. Date of purchase: Month___________Day___________Year____________ 4. Serial Number____________________ 5. Please check where this product was purchased: _Received as Gift/Aid Package _Catalog Showroom _Sleazy Arms Broker _Mail Order _Discount Store _Government Surplus _Classified 6. Please check how you became aware of the McDonnell Douglas product you have just purchased: _Heard loud noise, looked up _Store Display _Espionage _Recommended by friend/relative/ally _Political lobbying by Manufacturer _Was attacked by one 7. Please check the three (3) factors which most influenced your decision to purchase this McDonnell Douglas product: _Style/Appearance _Kickback/Bribe _Recommended by salesperson _Speed/Maneuverability _Comfort/Convenience _McDonnell Douglas Reputation _Advanced Weapons Systems _Price/Value _Back-Room Politics _Negative experience opposing one in combat 8. Please check the location(s) where this product will be used: _North America _Central/South America _Aircraft Carrier _Europe _Middle East _Africa _Asia/Far East _Misc. Third-World Countries _Classified 9. Please check the products that you currently own, or intend to purchase in the near future: Product Own Intend to purchase Color TV VCR ICBM Killer Satellite CD Player Air-to-Air Missiles Space Shuttle Home Computer Nuclear Weapon 10. How would you describe yourself or your organization? Check all that apply: _Communist/Socialist _Terrorist _Crazed (Islamic) _Crazed (Other) _Neutral _Democratic _Dictatorship _Corrupt (Latin American) _Corrupt (Other) _Primitive/Tribal 11. How did you pay for your McDonnell Douglas product? _Cash _Suitcases of Cocaine _Oil Revenues _Deficit Spending _Personal Check _Credit Card _Ransom Money _Traveler's Check 12. Occupation You Your Spouse Homemaker Sales/Marketing Revolutionary Clerical Mercenary Tyrant Middle Management Eccentric Billionaire Defense Minister/General Retired Student 13. To help us understand our Customers' lifestyles, please indicate the interests and activities in which you and your spouse enjoy participating on a regular basis: Activity/Interest You Your Spouse Golf Boating/Sailing Sabotage Running/Jogging Propaganda/Disinformation Destabilizing/Overthrow Default on Loans Gardening Crafts Black Market/Smuggling Collectibles/Collections Watching Sports on TV Wines Interrogation/Torture Household Pets Crushing Rebellions Espionage/Reconnaissance Fashion Clothing Border Disputes Mutually Assured Destruction Thanks for taking the time to fill out this questionnaire. Your answers will be used in market studies that will help McDonnell Douglas serve you better in the future -- as well as allowing you to receive mailings and special offers from other companies, governments, extremist groups, and mysterious consortia. Comments or suggestions about our fighter planes? Please write to: McDONNELL DOUGLAS CORPORATION Marketing Department Military Aerospace Division P.O. Box 800 St. Louis, MO 55500 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% SOCIAL CONTRACT between an individual and the United States Government WHEREAS I wish to reside on the North American continent, and WHEREAS the United States Government controls the area of the continent on which I wish to reside, and WHEREAS tacit or implied contracts are vague and therefore unenforceable, I agree to the following terms: SECTION 1: I will surrender a percentage of my property to the Government. The actual percentage will be determined by the Government and will be subject to change at any time. The amount to be surrended may be based on my income, the value of my property, the value of my purchases, or any other criteria the Government chooses. To aid the Government in determining the percentage, I will apply for a Government identification number that I will use for all of my major financial transactions. SECTION 2: Should the Government demand it, I will surrender my liberty for a period of time determined by the Government and typically no shorter than two years. During that time, I will serve the Government in any way it chooses, including military service in which I may be called upon to sacrifice my life. SECTION 3: I will limit my behavior as demanded by the Government. I will consume the drugs only permitted by the Government. I will limit my sexual activities to those permitted by the Government. I will forsake religious beliefs that conflict with the Government's determination of propriety. More limits may be imposed at any time. SECTION 4: In consideration of the above the Government will allow me to find employment, subject to limits that will be subject to the Government. These limits may restrict my choice of career or the wages I may accept. SECTION 5: The Government will permit me to reside in the area of North America that it controls. Also the Government will permit me to speak freely, subject to limits determined by the Government's Congress and Supreme Court. SECTION 6: The Government will attempt to protect my life and my claim to the property that it has allowed me to keep. I agree not to hold the Government liable if it fails to protect me or my property. SECTION 7: The Government will offer various services to me. The nature and extent of these services will be determined by the Government and are subject to change at any time. SECTION 8: The Government will determine whether I may vote for certain Government officials. The influence of my vote will vary inversely with the number of voters, and I understand that it will be typically miniscule. I agree not to hold any elected Government officials liable for acting against my best interests or for breaking promises, even if those promises motivated me to vote for them. SECTION 9: I agree that the Government may hold me fully liable if I fail to abide by the above terms. In that event, the Government may confiscate any property that I have not previously surrended to it, and may imprison me for a period of time determined by the Government. I also agree that the Government may alter the terms of this contract at any time. ______________________________________ ______________________________ SIGNATURE DATE %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Electronic Petition to Oppose Clipper Please Distribute Widely On January 24, many of the nation's leading experts in cryptography and computer security wrote President Clinton and asked him to withdraw the Clipper proposal. The public response to the letter has been extremely favorable, including coverage in the New York Times and numerous computer and security trade magazines. Many people have expressed interest in adding their names to the letter. In response to these requests, CPSR is organizing an Internet petition drive to oppose the Clipper proposal. We will deliver the signed petition to the White House, complete with the names of all the people who oppose Clipper. To sign on to the letter, send a message to: Clipper.petition@cpsr.org with the message "I oppose Clipper" (no quotes) You will receive a return message confirming your vote. Please distribute this announcement so that others may also express their opposition to the Clipper proposal. CPSR is a membership-based public interest organization. For membership information, please email cpsr@cpsr.org. For more information about Clipper, please consult the CPSR Internet Library - FTP/WAIS/Gopher CPSR.ORG /cpsr/privacy/crypto/clipper %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% The President The White House Washington, DC 20500 Dear Mr. President: We are writing to you regarding the "Clipper" escrowed encryption proposal now under consideration by the White House. We wish to express our concern about this plan and similar technical standards that may be proposed for the nation's communications infrastructure. The current proposal was developed in secret by federal agencies primarily concerned about electronic surveillance, not privacy protection. Critical aspects of the plan remain classified and thus beyond public review. The private sector and the public have expressed nearly unanimous opposition to Clipper. In the formal request for comments conducted by the Department of Commerce last year, less than a handful of respondents supported the plan. Several hundred opposed it. If the plan goes forward, commercial firms that hope to develop new products will face extensive government obstacles. Cryptographers who wish to develop new privacy enhancing technologies will be discouraged. Citizens who anticipate that the progress of technology will enhance personal privacy will find their expectations unfulfilled. Some have proposed that Clipper be adopted on a voluntary basis and suggest that other technical approaches will remain viable. The government, however, exerts enormous influence in the marketplace, and the likelihood that competing standards would survive is small. Few in the user community believe that the proposal would be truly voluntary. The Clipper proposal should not be adopted. We believe that if this proposal and the associated standards go forward, even on a voluntary basis, privacy protection will be diminished, innovation will be slowed, government accountability will be lessened, and the openness necessary to ensure the successful development of the nation's communications infrastructure will be threatened. We respectfully ask the White House to withdraw the Clipper proposal. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% THE WHITE HOUSE Office of the Press Secretary For Immediate Release STATEMENT BY THE PRESS SECRETARY The President today announced a new initiative that will bring the Federal Government together with industry in a voluntary program to improve the security and privacy of telephone communications while meeting the legitimate needs of law enforcement. The initiative will involve the creation of new products to accelerate the development and use of advanced and secure telecommunications networks and wireless communications links. For too long, there has been little or no dialogue between our private sector and the law enforcement community to resolve the tension between economic vitality and the real challenges of protecting Americans. Rather than use technology to accommodate the sometimes competing interests of economic growth, privacy and law enforcement, previous policies have pitted government against industry and the rights of privacy against law enforcement. Sophisticated encryption technology has been used for years to protect electronic funds transfer. It is now being used to protect electronic mail and computer files. While encryption technology can help Americans protect business secrets and the unauthorized release of personal information, it also can be used by terrorists, drug dealers, and other criminals. A state-of-the-art microcircuit called the "Clipper Chip" has been developed by government engineers. The chip represents a new approach to encryption technology. It can be used in new, relatively inexpensive encryption devices that can be attached to an ordinary telephone. It scrambles telephone communications using an encryption algorithm that is more powerful than many in commercial use today. This new technology will help companies protect proprietary information, protect the privacy of personal phone conversations and prevent unauthorized release of data transmitted electronically. At the same time this technology preserves the ability of federal, state and local law enforcement agencies to intercept lawfully the phone conversations of criminals. A "key-escrow" system will be established to ensure that the "Clipper Chip" is used to protect the privacy of law-abiding Americans. Each device containing the chip will have two unique "keys," numbers that will be needed by authorized government agencies to decode messages encoded by the device. When the device is manufactured, the two keys will be deposited separately in two "key-escrow" data bases that will be established by the Attorney General. Access to these keys will be limited to government officials with legal authorization to conduct a wiretap. The "Clipper Chip" technology provides law enforcement with no new authorities to access the content of the private conversations of Americans. To demonstrate the effectiveness of this new technology, the Attorney General will soon purchase several thousand of the new devices. In addition, respected experts from outside the government will be offered access to the confidential details of the algorithm to assess its capabilities and publicly report their findings. The chip is an important step in addressing the problem of encryption's dual-edge sword: encryption helps to protect the privacy of individuals and industry, but it also can shield criminals and terrorists. We need the "Clipper Chip" and other approaches that can both provide law-abiding citizens with access to the encryption they need and prevent criminals from using it to hide their illegal activities. In order to assess technology trends and explore new approaches (like the key-escrow system), the President has directed government agencies to develop a comprehensive policy on encryption that accommodates: the privacy of our citizens, including the need to employ voice or data encryption for business purposes; the ability of authorized officials to access telephone calls and data, under proper court or other legal order, when necessary to protect our citizens; the effective and timely use of the most modern technology to build the National Information Infrastructure needed to promote economic growth and the competitiveness of American industry in the global marketplace; and the need of U.S. companies to manufacture and export high technology products. The President has directed early and frequent consultations with affected industries, the Congress and groups that advocate the privacy rights of individuals as policy options are developed. The Administration is committed to working with the private sector to spur the development of a National Information Infrastructure which will use new telecommunications and computer technologies to give Americans unprecedented access to information. This infrastructure of high-speed networks ("information superhighways") will transmit video, images, HDTV programming, and huge data files as easily as today's telephone system transmits voice. Since encryption technology will play an increasingly important role in that infrastructure, the Federal Government must act quickly to develop consistent, comprehensive policies regarding its use. The Administration is committed to policies that protect all American's right to privacy while also protecting them from those who break the law. Further information is provided in an accompanying fact sheet. The provisions of the President's directive to acquire the new encryption technology are also available. For additional details, call Mat Heyman, National Institute of Standards and Technology, (301) 975-2758. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% ISDN Contacts (RBOCS) Editor's Note: This is a list sent to us regarding getting more info on ISDN from the RBOCS. We claim no accuracy to this info. I am sure that most, if not all of it is valid. If you need ISDN info, feel free to contact one of the organizations below. COMPANY CONTACT TELEPHONE NO. AMERITECH National ISDN Hotline 1-800-543-ISDN BELL ATLANTIC ISDN Sales & Technology Center 1-800-570-ISDN BELL SOUTH National ISDN HotLine 1-800-428-ISDN CINCINNATI BELL ISDN Service Center 1-513-566-DATA NYNEX ISDN Information Hotline 1-800-GET-ISDN or Roy Ray 1-914-644-5152 PACIFIC BELL ISDN Information or Wayne Purves, 1-800-622-0735 NI-1 Product Mgr. 1-510-823-5118 SNET Donovan Dillon 1-203-553-2369 STENTOR (Canada) Steve Finlay 1-604-432-3527 SOUTHWESTERN BELL Cyd McInerney 1-314-235-1567 U S WEST Louise Walsh 1-303-965-7073 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% BELLSOUTH ANNOUNCES LARGEST GEOGRAPHIC DEPLOYMENT OF ISDN IN THE NATION Advanced telecommuting telemedicine and education applications will become the most widely available in the nation as a result of a technology deployment plan announced today by BellSouth Telecommunications. The nine-state introduction of a new way to provide Integrated Services Digital Network (ISDN), which combines voice, data and video services, begins in June 1994. ISDN can use advanced fiber optic cable or traditional copper cable to transmit multiple services. Until now, a customer who wished to use ISDN needed to be served by a telephone office that was ISDN capable. With the innovative approach by BellSouth, a customer can obtain the benefits of ISDN through an alternate serving arrangement which eradicates geographic boundaries. "Expanded access to ISDN will facilitate customer-oriented applications since there are fewer technological and geographic limitations on availability," said Larry Carter, assistant vice president of product management for BellSouth Telecommunications. This announcement is the latest in a very aggressive deployment strategy for ISDN. -- In July 1992, Bellsouth announced the nation's first metropolitan-wide deployment of ISDN in the cities of Huntsville and Madison, Ala. -- Six months later, South Central Bell customers throughout the state of Tennessee were offered ISDN Individual Line Service and now ISDN availability is being expanded region wide. This announcement significantly increases the percentage of customers with access to ISDN capabilities and will ultimately lead to 100% of BellSouth customers. Until now, 50% of BellSouth's customers in major metropolitan areas had direct access to ISDN and 320 central offices were equipped with ISDN. The expanded access applies to ISDN Individual Line (2B+D) and MegaLink (SM) ISDN Service which is BellSouth's primary rate (23B+D) offering. "Previously, you had to be served directly by a central office switch equipped with ISDN capability. Under this new alternate serving arrangement, ISDN capabilities can be routed from a nearby ISDN-capable switch to your home or office -- at no additional charge. This arrangement is a cost-effective and expeditious method of deploying ISDN region wide," Carter said. ISDN availability is an important part of the information superhighway providing access at lower speeds. For example, through distance learning, advanced classes could be transported at very high speeds to a customer's city on the information highway from a university in another city. This high speed signal is then divided into lower speeds and redistributed within the city. ISDN would make these classes available to any school anywhere. Dr. Ira Denton, chief surgeon at Crestwood Hospital in Huntsville, Ala., has used ISDN to send, receive and annotate X-rays and video images while talking to other physicians. Because ISDN is available citywide and there are no geographic restrictions, physicians can communicate through ISDN from any of their offices and even their homes. "Health care specialists as well as any other businesses that have multiple locations within a metropolitan area can benefit from this new capability," Carter added. "The education industry will especially benefit from applications including distance learning, security and truancy monitoring." To aid in marketing ISDN, last year BellSouth announced the "ISDN Applications and Solutions Plus" (IAS+) initiative where strategic marketing alliances are formed in major metropolitan areas to provide customers with complete and innovative solutions. This initiative in addition to the expanded access will make ISDN applications more readily available for BellSouth customers. BellSouth Telecommunications, Inc., with headquarters in Atlanta, provides telecommunications services in the BellSouth (NYSE: BLS) region. BellSouth Telecommunications, Inc. does business as Southern Bell in North Carolina, South Carolina, Georgia and Florida, and as South Central Bell in Kentucky, Tennessee, Alabama, Mississippi and Louisiana. These companies serve more than 19 million local telephone lines and provide local exchange and intraLATA long distance service over one of the most modern telecommunications networks in the world. CONTACT: Karen M. Roughton of BellSouth Telecommunications, 404-529-6514 BellSouth National ISDN HotLine, 1-800-428-4736 Posted by: Bellcore ISDN Hotline 1-800-992-ISDN %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% A CATALOG OF NATIONAL ISDN SOLUTIONS ... The files in this directory compose the final draft of "A Catalog of National ISDN Solutions for Selected NIUF Applications, Second Edition." This document was approved as an official product of the North American ISDN Users' Forum on February 11, 1994. The Catalog is intended for anyone who needs detailed information on how ISDN can be used today to support a wide variety of applications. Each of the 61 solution guides includes a description, picture, details on what to look for in end-systems, and what to ask for from the ISDN provider. A separate chapter presents one page summaries of over 200 products and services from over 100 companies. The new Catalog goes far beyond the First Edition. For the decision maker, example "feasibility studies" are included to help support a business' decision to use ISDN. Each solution is rewritten to be more accessible. The solutions cover National ISDN-1, National ISDN-2, BRI, and PRI. Applications range from multipoint videoconferencing to point of sale, telecommuting to PBX interflow. For the more technical reader, additional detailed information is included on a variety of topics. CONTENTS 0.ps Title page, Preface, Table of Contents, etc. 1.ps Introduction 2.ps ISDN - A Decision Maker's Perspective 3.0.ps National ISDN Solutions 3.1.A.ps NI-1 BRI Local Area Network (LAN) Solutions Integrating telephones and workstations Access on demand to local-area networks High performance access on demand to local-area networks Linking workstations with supercomputers Leased line replacement 3.1.B.ps NI-1 BRI Screen Sharing Solutions Screen sharing for two users Screen sharing for many users Screen sharing with workstations connected to a remote LAN 3.1.C.ps NI-1 BRI Video Solutions Desktop videoconferencing Centralized management of video images Videoconferencing facilities 3.1.D.ps NI-1 BRI Voice & Data Solutions Caller identification Call coverage ACD agent at home 3.1.E.ps NI-1 BRI File Transfer Solutions Flexible bandwidth allocation File transfer between personal computers File transfer between a personal computer and a host computer High speed transfer of large text and image files 3.1.F.ps NI-1 BRI Work-At-Home Solutions Telecommuting with casual data requirements Telecommuting and transferring files Telecommuting accessing interactive services High performance telecommuting (interactive graphics and text) 3.1.G. NI-1 BRI Facsimile and Imaging Solutions Group 3 facsimile Receiving faxes as electronic documents High speed access to electronic document image systems Multimedia real estate listings Medical document imaging 3.1.H.ps NI-1 BRI Transaction Services Solutions Credit card authorization at the point of sale Electronic Data Interchange (EDI) Insurance verification at the point of service Supermarket checkout 3.1.I.ps Other NI-1 BRI Solutions Access to IBM mainframes and compatibles Remote access to minicomputers Integrating voice and data communications Integrated communications and messaging Automatic utility meter reading University dormitory Access to frame relay services Switched access to frame relay services High fidelity voice transmission systems 3.2.ps National ISDN-2 BRI Solutions Roll about videoconferencing X.25 backup Packet mode screen sharing for many users Home office 3.3.0.ps National ISDN-2 PRI Solutions 3.3.A.ps NI-2 PRI Local Area Network (LAN) Solutions Local-area network interconnection File transfer and LAN access in PBX environment Private line overflow and disaster recovery ISDN concentrator for campus connectivity 3.3.B.ps NI-2 PRI Video Solutions PRI Videoconferencing Multimedia desktop video via Ethernet and Multirate ISDN Multipoint videoconferencing Videoconferencing facilities 3.3.C.ps NI-2 PRI Voice & Data Solutions Caller identification to PBXs and other devices Emergency-services call management Call by Call Service Selection 3.3.D.ps NI-2 PRI Facsimile and Imaging Solutions Fax mail Teleradiology 3.3.E.ps Other NI-2 PRI Solutions High quality audio transmission Access to litigation support system Call center load balancing Networked voice messaging systems 4.0&1.ps National ISDN Product Information and Industry Contacts 4.2.1.ps Basic Rate Terminal Adapters 4.2.2.ps Basic Rate Interface Cards for Personal Computers, Workstations, and Minicomputers; Workstations with Built-in ISDN 4.2.3.ps Attendant Consoles 4.2.4.ps ISDN Phones 4.2.5.ps Single Port ISDN LAN Bridges 4.2.6.ps Communications Servers, Routers, Bridges, and Multiport ISDN LAN Bridges and Routers 4.2.7.ps Inverse Multiplexers, Multiplexers, and Communications Controllers 4.2.8.ps PRI Adapters 4.2.9.ps Videoconferencing Systems and Multipoint Control Units 4.2.10.ps Other Products 4.2.11.ps Network Terminations (NT-1s) 4.2.12.ps Power Supplies 4.2.13.ps Software and Services 4.2.14.ps Private Network Solutions and Private Branch Exchanges(PBXs) 4.2.15.ps Service Providers 4.3.ps Supplier Contact Information 5.1.ps Selected Topics in ISDN Call Types and Bearer Capabilites Terminal Endpoint Identifiers (TEIs) Service Profile Identifiers (SPIDs) Rate Adaptation: V.110/V.120 Lower Layer Compatibility (LLC) and Higher Layer Compatibility (HLC) Information Elements Signaling System 7 (SS7) Interconnection Multiline Hunt Group Powering and Wiring of Customer Equipment Configurations for High Bandwidth Applications Communications Server Alternatives NIUF ISDN Interface Groups (NIIGs) and Parameter Groups (NIPGs) Additional Information Applicable to Many ISDN Solutions Conformance Testing 5.2.ps ISDN Signaling Diagrams 6.ps Bibliography 7.ps Glossary of Terms 8.ps Acronym List A.ps Annex: How the NIUF is making real the promise of ISDN An Overview of the North American ISDN Users' Forum (NIUF) Relevance of this NIUF Catalog Application Profiles Implementation Agreements Versions Conformance Criteria and ISDN Testing Application Software Interfaces Cost Justification Worksheet I.ps Index All of the above files are uncompressed PostScript files and may be FTPed using the text/ASCII option. The Catalog is a publicly available document and may be distributed and used freely with proper recognition of the source. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% SPRINT EXPANDS PRESENCE IN CHINA, INTRODUCES NEW SERVICES Interesting press release I thought you might like. THIS RELEASE WAS DISTRIBUTED IN CHINA ONLY. Contacts: Janis Langley, (O) 202-828-7427 BEIJING, March 21, 1994 -- Sprint today announced a significant expansion of its presence, and product and service offerings, in China. Sprint also announced the immediate availability of three of those services -- a toll-free Sprint Express(R) number for calling worldwide and for collect calling to the United States, a prepaid calling card, and CLEARLINE(R) international private-line service. Sprint made the announcements today at a press briefing and two-day seminar to inform customers and leading Chinese organizations of the company's expanded local capabilities. Sprint is one of the largest telecommunications carriers in the United States, providing innovative calling services to nearly 8 million customers in that country alone. Sprint offers voice, video and data communications services worldwide via some of the world's largest and most advanced networks. Sprint is a pioneer and innovator in technology. It built the first nationwide (40,000 kilometer) all-digital, fiber-optic network in the United States. It also is the first carrier to offer such advanced services as Asynchronous Transfer Mode -- a broadband service that simultaneously carries voice, data and image -- and a voice-recognition calling card that automatically dials frequently called numbers with a single-word command, such as "home" or "office." Sprint has operated locally in China since 1992 through an office in Beijing that primarily offered data communications systems support for the company's growing customer base. Its Beijing office now has expanded to 15 employees who represent the company's increasingly diverse capabilities in consumer services, including the Sprint Prepaid Calling Card and Sprint FONCARD(SM); international network solutions for large-scale multinational users; data communications systems and services; and international carrier services to provide transit and capacity for telecommunications carriers worldwide. Sprint China will immediately begin to offer several of Sprint's versatile and cost-effective calling products: a toll-free Sprint Express number for global calling and collect calls to the United States; Sprint's Prepaid Calling Card; and its CLEARLINE international private line service. o Sprint Express -- By dialing "108-13," callers in China can place collect calls to family and colleagues in the United States, and also charge calls to the United States and worldwide using their major credit card or Sprint FONCARD. Operator assistance is available in English, with Mandarin support planned. o Sprint's Prepaid Calling Card, which initially will be available only through a limited market test, lets consumers pre- purchase calling credits that they can use from any telephone without needing exact change. The card carries attractive designer graphics -- suitable for collectors -- and offers the added convenience of operator assistance. Callers can use the prepaid calling card from nearly 30 countries for calls to virtually any other country worldwide -- including the United States. Mandarin-language instructions are available for calls from China (by dialing 108-16). The card can also be used in more than 28 countries worldwide to make calls back to China or to virtually anywhere in the world. o CLEARLINE international private-line service lets large-scale users consolidate their international calling to receive volume discounts. The service is provided via Sprint's worldwide network, which extends from the United States through its participation in virtually every major submarine fiber-optic cable system project. "Sprint has been active in China for several years, and we are delighted to be able to expand our commitment to users in this important market by offering some of the other feature-rich, cost effective products popular in the United States and worldwide," said Herb Bradley, China country manager for Sprint International, Sprint's global telecommunications subsidiary. "We believe that businesses and consumers will benefit from these innovative services as much in China as they have in the United States, and we look forward to building on strong relationships we have formed with many Chinese organizations in delivering these new services," he said. Elsewhere in the Pacific Rim, Sprint has data network points of presence in Hong Kong, Indonesia, Japan, Korea, Taiwan, Singapore, Australia and New Zealand. It also has an office in Hong Kong, which provides sales and technical support for Sprint's business interests in Hong Kong, Indochina, Indonesia, Malaysia, the Philippines, Taiwan, Thailand and Singapore. Sprint operates fiber-optic and value-added networks that are among the world's largest, offering voice services to over 290 countries and locations, packet-switched data links to more than 120 countries and international locations, and video services via one of the world's largest videoconferencing networks, serving nearly 40 countries. Sprint also has U.S. cellular operations that serve 42 metropolitan markets and more than 50 rural service areas. The company has more than 50,000 employees and has operations in six continents through more than 50 subsidiaries, joint ventures and distributors. Sprint's customers include 80 percent of the 500 largest U.S. industrial corporations (the "Fortune 500"), and the U.S. federal government, which awarded Sprint a contract to provide 40 percent of the government's total long distance services, and data and video services, over a 10-year period. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% SOCIAL SECURITY FAQ HOW TO GET INFORMATION AND HOW TO PROTECT YOUR OWN By Chris Hibbert (hibbert@netcom.com) Computer Professionals For Social Responsibility Many people are concerned about the number of organizations asking for their Social Security Numbers. They worry about invasions of privacy and the oppressive feeling of being treated as just a number. Unfortunately, I can't offer any hope about the dehumanizing effects of identifying you with your numbers. I *can* try to help you keep your Social Security Number from being used as a tool in the invasion of your privacy. Surprisingly, government agencies are reasonably easy to deal with; private organizations are much more troublesome. Federal law restricts the agencies at all levels of government that can demand your number and a fairly complete disclosure is required even if its use is voluntary. There are no comparable Federal laws restricting the uses non-government organizations can make of it, or compelling them to tell you anything about their plans. Some states have recently enacted regulations on collection of SSNs by private entities. With private institutions, your main recourse is refusing to do business with anyone whose terms you don't like. They, in turn, are allowed to refuse to deal with you on those terms. Short History Social Security numbers were introduced by the Social Security Act of 1935. They were originally intended to be used only by the social security program. In 1943 Roosevelt signed Executive Order 9397 which required federal agencies to use the number when creating new record-keeping systems. In 1961 the IRS began to use it as a taxpayer ID number. The Privacy Act of 1974 required authorization for government agencies to use SSNs in their data bases and required disclosures (detailed below) when government agencies request the number. Agencies which were already using SSN as an identifier before January 1, 1975 were allowed to continue using it. The Tax Reform Act of 1976 gave authority to state or local tax, welfare, driver's license, or motor vehicle registration authorities to use the number in order to establish identities. The Privacy Protection Study Commission of 1977 recommended that the Executive Order be repealed after some agencies referred to it as their authorization to use SSNs. I don't know whether it was repealed, but no one seems to have cited EO 9397 as their authorization recently. Several states use the SSN as a driver's license number, while others record it on applications and store it in their database. Some states that routinely use it on the license will make up another number if you insist. According to the terms of the Privacy Act, any that have a space for it on the application forms should have a disclosure notice. Many don't, and until someone takes them to court, they aren't likely to change. (Though New York recently agreed to start adding the notice on the basis of a letter written by a reader of this blurb.) The Privacy Act of 1974 (Pub. L. 93-579) requires that any federal, state, or local government agency that requests your Social Security Number has to tell you four things: 1: Whether disclosure of your Social Security Number is required or optional, 2: What statute or other authority they have for asking for your number, 3: How your Social Security Number will be used if you give it to them, and 4: The consequences of failure to provide an SSN. In addition, the Act says that only Federal law can make use of the Social Security Number mandatory. So anytime you're dealing with a government institution and you're asked for your Social Security Number, just look for the Privacy Act Statement. If there isn't one, complain and don't give your number. If the statement is present, read it. If it says giving your Social Security Number is voluntary, you'll have to decide for yourself whether to fill in the number. Private Organizations The guidelines for dealing with non-governmental institutions are much more tenuous. Most of the time private organizations that request your Social Security Number can get by quite well without your number, and if you can find the right person to negotiate with, they'll willingly admit it. The problem is finding that right person. The person behind the counter is often told no more than "get the customers to fill out the form completely." Most of the time, you can convince them to use some other number. Usually the simplest way to refuse to give your Social Security Number is simply to leave the appropriate space blank. One of the times when this isn't a strong enough statement of your desire to conceal your number is when dealing with institutions which have direct contact with your employer. Most employers have no policy against revealing your Social Security Number; they apparently believe that it must be an unintentional slip when an employee doesn't provide an SSN to everyone who asks. Public utilities (gas, electric, phone, etc.) are considered to be private organizations under the laws regulating SSNs. Most of the time they ask for an SSN, and aren't prohibited from asking for it, but they'll usually relent if you insist. Ask to speak to a supervisor, insist that they document a corporate policy requiring it, ask about alternatives, ask why they need it and suggest alternatives. Lenders and Borrowers (those who send reports to the IRS) Banks and credit card issuers and various others are required by the IRS to report the SSNs of account holders to whom they pay interest or when they charge interest and report it to the IRS. If you don't tell them your number you will probably either be refused an account or be charged a penalty such as withholding of taxes on your interest. Most banks send your name, address, and SSN to a company called ChexSystem when you open an account. ChexSystem keeps a database of people whose accounts have been terminated for fraud or chronic insufficient funds in the past 5 years. ChexSystems is covered by the Fair Credit Reporting Act, and the bank is required to let you know if it refuses to open your account and a report from ChexSystems was a factor. You can also send a letter to ChexSystems directly and request a copy of your report. Many Banks, Brokerages, and other financial institutions have started implementing automated systems to let you check your balance. All too often, they are using SSNs as the PIN that lets you get access to your personal account information. If your bank does this to you, write them a letter pointing out how common it is for the people with whom you have financial business to know your SSN. Ask them to change your PIN, and if you feel like doing a good deed, ask them to stop using the SSN as a default identifier for their other customers. Some customers will believe that there's some security in it, and be insufficiently protective of their account numbers. Sometimes banks provide for a customer-supplied password, but are reluctant to advertise it. The only way to find out is to ask if they'll let you provide a password. (This is reportedly true of Citibank Visa, e.g. They ask for a phone number but are willing to accept any password.) When buying (and possibly refinancing) a house, most banks will now ask for your Social Security Number on the Deed of Trust. This is because the Federal National Mortgage Association recently started requiring it. The fine print in their regulation admits that some consumers won't want to give their number, and allows banks to leave it out when pressed. [It first recommends getting it on the loan note, but then admits that it's already on various other forms that are a required part of the package, so they already know it. The Deed is a public document, so there are good reasons to refuse to put it there, even though all parties to the agreement already have access to your number.] Insurers, Hospitals, Doctors No laws require medical service providers to use your Social Security Number as an ID number (except for Medicare, Medicaid, etc.) They often use it because it's convenient or because your employer uses it to identify employees to its groups health plan. In the latter case, you have to get your employer to change their policies. Often, the people who work in personnel assume that the employer or insurance company requires use of the SSN when that's not really the case. When a previous employer asked for my SSN for an insurance form, I asked them to try to find out if they had to use it. After a week they reported that the insurance company had gone along with my request and told me what number to use. Blood banks also ask for the number but are willing to do without if pressed on the issue. After I asked politely and persistently, the blood bank I go to agreed that they didn't have any use for the number. They've now expunged my SSN from their database, and they seem to have taught their receptionists not to request the number. Most insurance companies share access to old claims through the Medical Information Bureau. If your insurance company uses your SSN, other insurance companies will have a much easier time finding out about your medical history. You can get a copy of the file MIB keeps on you by writing to Medical Information Bureau, P.O. Box 105, Essex Station, Boston, MA 02112. Their phone number is (617)426-3660. If an insurance agent asks for your Social Security Number in order to "check your credit", point out that the contract is invalid if your check bounces or your payment is late. They don't need to know what your credit is like, just whether you've paid them. Children The Family Support Act of 1988 (Pub. L. 100-485) requires states to require parents to give their Social Security Numbers in order to get a birth certificate issued for a newborn. The law allows the requirement to be waived for "good cause", but there's no indication of what may qualify. The IRS requires taxpayers to report SSNs for dependents over one year of age, but the requirement can be avoided if you're prepared to document the existence of the child by other means if challenged. The law on this can be found at 26 USC 6109. The penalty for not giving a dependant's number is only $5. Several people have reported that they haven't provided SSNs for their dependents for several years, and haven't been challenged by the IRS. Universities and Colleges Universities that accept federal funds are subject to the Family Educational Rights and Privacy Act of 1974 (the "Buckley Amendment"), which prohibits them from giving out personal information on students without permission. There is an exception for directory information, which is limited to names, addresses, and phone numbers, and another exception for release of information to the parents of minors. There is no exception for Social Security Numbers, so covered Universities aren't allowed to reveal students' numbers without their permission. In addition, state universities are bound by the requirements of the Privacy Act, which requires them to provide the disclosures mentioned above. If they make uses of the SSN which aren't covered by the disclosure they are in violation. Why SSNs are a bad choice for UIDs in data bases Database designers continue to introduce the Social Security Number as the key when putting together a new database or when re-organizing an old one. Some of the qualities that are (often) useful in a key and that people think they are getting from the SSN are Uniqueness, Universality, Security, and Identification. When designing a database, it is instructive to consider which of these qualities are actually important in your application; many designers assume unwisely that they are all useful for every application, when in fact each is occasionally a drawback. The SSN provides none of them, so designs predicated on the assumption that it does provide them will fail in a variety of ways. Uniqueness Many people assume that Social Security Numbers are unique. They were intended by the Social Security Administration to be unique, but the SSA didn't take sufficient precautions to ensure that it would be so. They have several times given a previously issued number to someone with the same name and birth date as the original recipient, thinking it was the same person asking again. There are a few numbers that were used by thousands of people because they were on sample cards shipped in wallets by their manufacturers. (One is given below.) The passage of the Immigration reform law in 1986 caused an increase in the duplicate use of SSNs. Since the SSN is now required for employment, illegal immigrants must find a valid name/SSN pair in order to fool the INS, and IRS long enough to collect a paycheck. Using the SSN when you can't cross-check your database with the SSA means you can count on getting some false numbers mixed in with the good ones. Universality Not everyone has a Social Security Number. Foreigners are the primary exception, but many children don't get SSNs until they're in school. They were only designed to be able to cover people who were eligible for Social Security. Identification Few people ever ask to see an SSN card; they believe whatever you say. The ability to recite the number provides little evidence that you're associated with the number in anyone else's database. There's little reason to carry your card with you anyway. It isn't a good form of identification, and if your wallet is lost or stolen, it provides another way for the thief to hurt you, especially if any of your banks use the SSN as your PIN. Security The card is not at all forgery-resistant, even if anyone did ever ask for it. The numbers don't have any redundancy (no check-digits) so any 9-digit number in the range of numbers that have been issued is a valid number. It's relatively easy to copy the number incorrectly, and there's no way to tell that you've done so. In most cases, there is no cross-checking that a number is valid. Credit card and checking account numbers are checked against a database almost every time they are used. If you write down someone's phone number incorrectly, you find out the first time you try to use it. Why you should resist requests for your SSN When you give out your number, you are providing access to information about yourself. You're providing access to information that you don't have the ability or the legal right to correct or rebut. You provide access to data that is irrelevant to most transactions but that will occasionally trigger prejudice. Worst of all, since you provided the key, (and did so "voluntarily") all the info discovered under your number will be presumed to be true, about you, and relevant. A major problem with the use of SSNs as identifiers is that it makes it hard to control access to personal information. Even assuming you want someone to be able to find out some things about you, there's no reason to believe that you want to make all records concerning yourself available. When multiple record systems are all keyed by the same identifier, and all are intended to be easily accessible to some users, it becomes difficult to allow someone access to some of the information about a person while restricting them to specific topics. Unfortunately, far too many organizations assume that anyone who presents your SSN must be you. When more than one person uses the same number, it clouds up the records. If someone intended to hide their activities, it's likely that it'll look bad on whichever record it shows up on. When it happens accidentally, it can be unexpected, embarrassing, or worse. How do you prove that you weren't the one using your number when the record was made? What you can do to protect your number If despite your having written "refused" in the box for Social Security Number, it still shows up on the forms someone sends back to you (or worse, on the ID card they issue), your recourse is to write letters or make phone calls. Start politely, explaining your position and expecting them to understand and cooperate. If that doesn't work, there are several more things to try: 1: Talk to people higher up in the organization. This often works simply because the organization has a standard way of dealing with requests not to use the SSN, and the first person you deal with just hasn't been around long enough to know what it is. 2: Enlist the aid of your employer. You have to decide whether talking to someone in personnel, and possibly trying to change corporate policy is going to get back to your supervisor and affect your job. 3: Threaten to complain to a consumer affairs bureau. Most newspapers can get a quick response. Ask for their "Action Line" or equivalent. If you're dealing with a local government agency, look in the state or local government section of the phone book under "consumer affairs." If it's a federal agency, your congressmember may be able to help. 4: Insist that they document a corporate policy requiring the number. When someone can't find a written policy or doesn't want to push hard enough to get it, they'll often realize that they don't know what the policy is, and they've just been following tradition. 5: Ask what they need it for and suggest alternatives. If you're talking to someone who has some independence, and they'd like to help, they will sometimes admit that they know the reason the company wants it, and you can satisfy that requirement a different way. 6: Tell them you'll take your business elsewhere (and follow through if they don't cooperate.) 7: If it's a case where you've gotten service already, but someone insists that you have to provide your number in order to have a continuing relationship, you can choose to ignore the request in hopes that they'll forget or find another solution before you get tired of the interruption. If someone absolutely insists on getting your Social Security Number, you may want to give a fake number. There are legal penalties for providing a false number when you expect to gain some benefit from it. A federal court of appeals ruled that using a false SSN to get a Driver's License violates the federal law. There are a few good choices for "anonymous" numbers. Making one up at random is a bad idea, as it may coincide with someone's real number and cause them some amount of grief. It's better to use a number like 078-05-1120, which was printed on "sample" cards inserted in thousands of new wallets sold in the 40's and 50's. It's been used so widely that both the IRS and SSA recognize it immediately as bogus, while most clerks haven't heard of it. There are several patterns that have never been assigned, and which therefore don't conflict with anyone's real number. They include numbers with any field all zeroes, and numbers with a first digit of 8 or 9. For more details on the structure of SSNs and how they are assigned, use anonymous ftp to retrieve the file: /cpsr/privacy/ssn/SSN-structure from the machine cpsr.org. Giving a number with an unused patterns rather than your own number isn't very useful if there's anything serious at stake since they're likely to be noticed . The Social Security Administration recommends that people showing Social Security cards in advertisements use numbers in the range 987-65-4320 through 987-65-4329. If you're designing a database or have an existing one that currently uses SSNs and want to use numbers other than SSNs, you should make your identifiers use some pattern other than 9 digits. You can make them longer or shorter than that, or include letters somewhere inside. That way no one will mistake the number for an SSN. The Social Security Administration recommends that you request a copy of your file from them every few years to make sure that your records are correct (your income and "contributions" are being recorded for you, and no one else's are.) As a result of a recent court case, the SSA has agreed to accept corrections of errors when there isn't any contradictory evidence, SSA has records for the year before or after the error, and the claimed earnings are consistent with earlier and later wages. (San Jose Mercury News, 5/14, 1992 p 6A) Call the Social Security Administration at (800) 772-1213 and ask for Form 7004, (Request for Earnings and Benefit Estimate Statement.) When All Else Fails (Getting a Replacement Number) The Social Security Administration (SSA) will occasionally issue a replacement SSN. The most common justification is that the SSA or the IRS has mixed together earnings records from more than one person, and since one of the people can't be located, it's necessary to issue a new number to the other. The SSA tries very hard to contact the person who is using the number incorrectly before resorting to this process. There are a few other situations that the SSA accepts as justifying a new number. The easiest is if the number contains the sequences 666 or 13. The digits need to be consecutive according to SSA's policy manual, but may be separated by hyphens. You apparently don't have to prove that your religious objection is sincere. Other commonly accepted complaints include harassment, sequential numbers assigned to family members, or serious impact on your credit history that you've tried to clear up without success. In all cases, the process includes an in-person interview at which you have to establish your identity and show that you are the original assignee of the number. The decision is normally made in the local office. If the problem is with a credit bureau's records, you have to show that someone else continues to use your number, and that you tried to get the credit bureau to fix your records but were not successful. When they do issue a new number, the new recoreds are linked to the old ones. (Unless you can convince them that your life might be endangered by such a link.) There are a few justifications that they don't accept at all: attempting to avoid legal responsibilities, poor credit record which is your own fault, lost SSNm card (without evidence that someone else has used it), or use of the number by government agencies or private companies. The only justification the SSA accepts for cancelling the issuance of an SSN is that the number was assigned under their Enumeration at Birth (wherein SSNs are assigned when birth certificates are issued) program without the parent's consent. In this case, the field officer is instructed to try very hard to convince the parent that getting the number revoked is futile, but to give in when the parent is persistent. US Passports The application for US Passports (DSP-11 12/87) requests a Social Security Number, but gives no Privacy Act notice. There is a reference to "Federal Tax Law" and a misquotation of Section 6039E of the 1986 Internal Revenue Code, claiming that the section requires that you provide your name, mailing address, date of birth, and Social Security Number. The referenced section only requires TIN (SSN), and it requires that it be sent to the IRS and not to the Passport office. It appears that when you apply for a passport, you can refuse to reveal your SSN to the passport office, and instead mail a notice to the IRS, giving only your SSN (other identifying info optional) and notifying them that you are applying for a passport. [Copies (in postscript) of the letter that was used by one contributor (The measure of his success is that he didn't hear back from any with complaints.) are available by anonymous ftp from cpsr.org in /cpsr/privacy/ssn/passport.ps.Z. I'd be interested in hearing how the State department and the Post Office (which processes passport applications) react.] Results from Some Recent Legal Cases (3/24/93) CPSR joined two legal cases in 1992 which concerned Social Security Numbers and privacy. One of them challenged the IRS practice of printing Social Security Numbers on mailing labels when they send out tax forms and related correspondence. The other challenged Virginia's requirement of a Social Security Number in order to register to vote. Dr. Peter Zilahy Ingerman filed suit against the IRS in Federal District Court in 1991, and CPSR filed a friend of the court brief in August '91. The case was decided in favor of the IRS. According to "Privacy Journal", the IRS plans to start covering the SSNs on its mailing labels, but they made the decision too late to affect this year's returns. Some people got a version that hid their numbers, but it was apparently a pilot project in limited areas. | The Virginia case was filed by a resident who refused to supply a Social Security Number when registering to vote. When the registrar refused to accept his registration, he filed suit. He also challenged Virginia on two other bases: the registration form lacked a Privacy Act notice, and the voter lists they publish include Social Security Numbers. The Federal court of appeals ruled that Virginia may not require the disclosure of Social Security numbers as a condition of registering to vote. The court said that the Virginia requirement places an "intolerable burden" on the right to vote. The case is officially referred to as Greidinger v. Davis, No. 92-1571, Fourth Circuit Court of Appeals, March 22, 1993. If you have suggestions for improving this document please send them to me at: Chris Hibbert hibbert@netcom.com or 1195 Andre Ave. Mountain View, CA 94040 New versions of this posting are always available using any of the following mechanisms. You can use anonymous ftp from the following sites: Site Location rtfm.mit.edu /pub/usenet-by-hierarchy/news/answers/ssn-privacy ftp.pica.army.mil /pub/privacy/ssn-privacy.faq ftp.cpsr.org /cpsr/privacy/ssn/Social_Security_Number_FAQ Gopher can retrieve it from gopher.cpsr.org. World Wide Web (www) can find it using the following locator (and probably several others you could construct from the other directions I've given): http://polar.pica.army.mil/ssn_faq.html You can also retrieve it by sending email to Address Command (omit the quotes) listserv@cpsr.org "GET cpsr/privacy/ssn Social_Security_Number_FAQ" mail-server@rtfm.mit.edu "send usenet-by-hierarchy/news/answers/ssn-privacy" You can also ask for general help from either of these email servers by sending a message to the same address with just "help" in the body. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% CLIPPER CHIP IS YOUR FRIEND, NSA CONTENDS NSA Seeks to Dispel Misgivings of Public About Clipper Chip By Bob Davis Staff Reporter of The Wall Street Journal. (C)1994 Wall Street Journal FORT MEADE, Md. --- The National Security Agency wants everyone to know that its new computer-security system will protect individual privacy. But as the spy agency knows, hardly anyone believes that. Critics fear the government will use the NSA technology, designed in secret, to spy on Americans. The project "is a focal point for the distrust of government," acknowledges Clinton Brooks, the NSA scientist who led the so-called Clipper Chip project, in the agency's first interview on the subject. The Clinton administration last month adopted the NSA plan for a series of computer chips that would protect telephones and computers. Use of the technology would be voluntary. Federal agencies would adopt it first, and public use is expected to spread gradually. Under the plan, cryptographic "keys" that could unscramble the communications would be split in two and held separately at the Treasury Department and the National Institute of Standards and Technology. That way, law-enforcement agents could tap the communications by getting court authorization to obtain the two halves. The idea is to boost security but to keep the technology out of the hands of criminals and spies. The NSA is the world's biggest eaves-dropper. Equipped with the latest in super-computers and satellite receivers, it targets communications by foreign governments. The agency shuns publicity but agreed to the interview to explain its role in the Clipper controversy and try to dispel fears. Mr. Brooks, a 26-year veteran of the NSA, says the project began in 1989 and cost more than $2.5 million. He says the NSA is consumed with what it calls the "equities problem" --- how to balance privacy rights against the needs of law enforcement, national security and private industry. In 1989, he and Raymond Kammer, deputy director of NIST, began discussions about how to improve computer security without making it impenetrable to police. NIST is a Commerce Department agency with formal responsibility for unclassified computer security. Before the interview, Mr. Brooks takes a look around a small cryptographic museum just outside the NSA's gates. He stands before an exhibit of Enigma machines, used by the Germans during World War II to encrypt messages --- and later broken by Allied intelligence. Enigma started as a commercial product; recognizing its military value, the Nazis pulled it off the market. "That was the concern we're wrestling with today," Mr. Brooks says --- commercial encryption technology becoming so good that U.S. spy agencies can't crack it. In 1989, NIST and the NSA put together an eight-person team, split evenly between the agencies, to quietly work out security concepts. The team decided against using a weak encryption code --- "Roman Numeral One is that it had to be good security," says Mr. Brooks. And it also rejected a so-called trapdoor approach, in which the computer code would be designed so it would have a weak spot --- a trapdoor --- that federal agencies could enter via computer to tap the communications. Someone else could discover the trapdoor, they decided. The team settled on a system with a powerful encryption formula, called an algorithm, and encryption keys that would be held by outsiders. Law- enforcement agencies could get copes of the keys when they needed to bug the conversations. The toughest decision, both Mr. Brooks and Mr. Kammer say, was to keep the algorithm, dubbed the Skipjack, secret. That meant the public wouldn't know for sure whether the NSA had inserted a trapdoor or some other eavesdropping device. "It would defeat the purpose [of the project] if we gave the knowledge of how the algorithm worked" to the public, says the 56-year-old Mr. Brooks. "It was going to have to be kept classified." Otherwise, he explains, engineers could use the algorithm to design computer-security systems that the government's encryption keys couldn't unlock. By 1990, he says, as many as 30 NSA "cryptomathematicians" and other employees were working to perfect the algorithm and other features. A year later, the NSA launched what it called the Capstone Project to build the algorithm into a computer chip. The NSA contracted with Mykotronx Inc., a small company in Torrance, Calif., to do much of the development. By September 1992, the NSA was confident the system would work. None too early for the NSA. Earlier that year, Mr. Brooks says, American Telephone & Telegraph Co. informed the NSA that it wanted to sell a phone using a popular encryption technology to scramble conversations. The NSA balked. "We said it probably wouldn't get an export license from this country," Mr. Brooks says. Instead, AT&T was told of the Capstone work and agreed to use the technology if it became a federal standard and was exportable, he says. The NSA then took some of the functions of the Capstone chip and tailored it to phone equipment, calling the resulting product the Clipper Chip. For computers, Capstone was encased on a computer card that became known as Tessera. The the Bush administration, enmeshed in a re-election bid, never pushed Capstone. So shortly after the election, National-security heavyweights importuned the Clinton transition team to move quickly on Capstone. Just weeks after the inauguration, the new administration's national-security team was debating the NSA proposal and in April announced to the public that it would adopt the scheme. Last month, the administration gave the final go-ahead --- despite withering criticism from industry. Vice President Gore called encryption a "law and order issue." NIST's Mr. Kammer says the new administration was also trying to line up backing among national-security officials to liberalize export controls on computer equipment and other high-tech gear. The high-tech industry was stunned at the decision. David Peyton, vice president of the Information Technology Association of America, a trade group of computer companies, says the scheme will dangerously centralize power in the federal government and will limit exports. James Bidzos, president of a computer-security firm, RSA Data Security Inc., goes further. He posted a letter on the Internet computer network arguing that Clipper may be the "visible portion of a large-scale covert operation on U.S. soil by NSA." Nonsense, responds Mr. Brooks, who says he is distressed by the "emotionalism" of the arguments. "The only reason we're involved is that we have the best cryptomathematicians in the country." %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% In the super-state, it really does not matter at all what actually happened. Truth is what the government chooses to tell you. Justice is what it wants to happen. --Jim Garrison, New Orleans District Attorney %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% .