Computer underground Digest Sun July 4 1999 Volume 11 : Issue 29

Computer underground Digest    Sun  4 July, 1999   Volume 11 : Issue 29
                           ISSN  1004-042X

       Editor: Jim Thomas (
       News Editor: Gordon Meyer (
       Archivist: Brendan Kehoe
       Canape Editor:       Etaion Shrdlu, III
       Shadow-Archivists: Dan Carosone / Paul Southworth
                          Ralph Sims / Jyrki Kuoppala
                          Ian Dickinson
       Cu Digest Homepage:

CONTENTS, #11.29 (Sun, 4 July, 1999)

File 1--Congress, NSA butt heads over Echelon (Fed Computer Week excerpt)
File 2--SANS Newsbites Vol. 1 Num. 11 (News and Links)
File 3--Blurbs on Encryption Legislation  (EPIC Reprints)
File 4--CDT's Report on Library Filtering and Encryption Bills
File 5--Censorware Project Corrects Gross Distortion
File 6--Court's ruling on cable praised for doing what county wouldn't
File 7--Cu Digest Header Info (unchanged since 10 Jan, 1999)



Date: Wed, 9 Jun 99 07:35:27 -0400
From: Brandon J.M. Cotton 
Subject: File 1--Congress, NSA butt heads over Echelon (Fed Computer Week excerpt)

>From (Federal
Computer Week):

Congress, NSA butt heads over Echelon

Congress has squared off with the National Security Agency over a
top-secret U.S. global electronic surveillance program, requesting top
intelligence officials to report on the legal standards used to prevent
privacy abuses against U.S. citizens.
According to an amendment to the fiscal 2000 Intelligence Authorization
Act proposed last month by Rep. Bob Barr (R-Ga.), the director of Central
Intelligence, the director of NSA and the attorney general must submit a
report within 60 days of the bill becoming law that outlines the legal
standards being employed to safeguard the privacy of American citizens
against Project Echelon.

Echelon is NSA's Cold War-vintage global spying system, which consists of
a worldwide network of clandestine listening posts capable of
intercepting electronic communications such as e-mail, telephone
conversations, faxes, satellite transmissions, microwave links and
fiber-optic communications traffic. However, the European Union last year
raised concerns that the system may be regularly violating the privacy of
law-abiding citizens [FCW, Nov. 17, 1998].
However, NSA, the supersecret spy agency known best for its worldwide
eavesdropping capabilities, for the first time in the history of the
House Permanent Select Committee on Intelligence refused to hand over
documents on the Echelon program, claiming attorney/client privilege.

Congress is "concerned about the privacy rights of American citizens and
whether or not there are constitutional safeguards being circumvented by
the manner in which the intelligence agencies are intercepting and/or
receiving international communications...from foreign nations that would
otherwise be prohibited by...the limitations on the collection of
domestic intelligence," Barr said. "This very straightforward
amendment...will help guarantee the privacy rights of American citizens
[and] will protect the oversight responsibilities of the Congress which
are now under assault" by the intelligence community.

Calling NSA's argument of attorney/client privilege "unpersuasive and
dubious," committee chairman Rep. Peter J. Goss (R-Fla.) said the ability
of the intelligence community to deny access to documents on intelligence
programs could "seriously hobble the legislative oversight process"
provided for by the Constitution and would "result in the envelopment of
the executive branch in a cloak of secrecy."


Date: Wed, 9 Jun 1999 23:22:01 -0600 (MDT)
From: The SANS Institute 
Subject: File 2--SANS Newsbites Vol. 1 Num. 11 (News and Links)

                          SANS NEWSBITES

                  The SANS Weekly Security News Overview
Volume 1, Number 11                                        June 10, 1999
                          Editorial Team:
Kathy Bradford, Bill Murray, Alan Paller, Howard Schmidt, Eugene Schultz



7 June 1999  OMB Tells Feds to Post Privacy Policies
7 June 1999  AntiOnline Editor Accused of Paying for Attacks; also Claims
             To Have Repelled Denial of Service Attack
7 June 1999  Commerce Committee to Hold Privacy Hearing
7 June 1999  International E-Commerce Concerns Regulators
6 June 1999  Federal Web Security Honed
5 June 1999  MS Software Pirates Arrested
4 June 1999  Department of Justice Says Attacks Serious
4 June 1999  Digital Watermarking
4 June 1999  Conflicting Privacy Wording on United's Site Confuses Users.
3 June 1999  Recent Attacks Distract FBI from Real Threats, Some Say
3 June 1999  Attacks Will Not Stop, says FOrpaxe
3 June 1999  Germany Favors Strong Cryptography	
3 June 1999  DOD Background Checks Backlogged
3 June 1999  ISPs Express Skepticism About UK Government's Crypto Policy
3 June 1999  Black Boxes for Automobiles
2 June 1999  Cracker Moonlighting		
2 June 1999  FBI Cybercrime Unit Angers Crackers	
2 June 1999  Federal Cyberattack Policy Warranted
1 June 1999  EU Members Could Halt Data Flow to US
1 June 1999  E-mail Privacy in Japan
31 May 1999  Federal Network Monitoring Tools
31 May 1999  Oracle Database Security Hole

More stories about attacks on federal sites:
2 June 1999  Department of Defense
1 June 1999  Interior Department
1 June 1999  Interior department and Idaho National Engineering and
             Environmental Laboratory

Valuable New Resources
Model Security Policies (today)
Intrusion Detection FAQ (updated)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

7 June 1999:  OMB Tells Feds to Post Privacy Policies
The Office of Management and Budget is requiring federal sites to post
clear privacy policies on their home pages and on any other pages which
collect personal data.  While the 1974 Privacy Act requires federal
agencies to tell people when they've collected personal information
about them, 1974 law did not anticipate the web. The OMB wants the
federal sites to comply with the directive by September first of this

7 June 1999:  AntiOnline Editor Accused of Paying for Attacks
Computer attackers have accused AntiOnline editor John Vranesevich of
paying people to break into web servers so that he could scoop the
stories.  Vranesevich categorically denies the charges.  In a related
story, Vranesevich claims to have successfully weathered the same sort
of attack that took the FBI's site offline for a week.

7 June 1999:  Commerce Committee to Hold Privacy Hearing
Senator John McCain says senate Commerce Committee hearings to be held
this summer will focus on the question of federal regulation of online
privacy.  McCain hopes to avoid such legislation.  (Also, see the June
4 United story.)

7 June 1999:  International E-Commerce Concerns Regulators
As electronic commerce spreads worldwide, so do questions about
authentication, product safety regulations, and taxes, to name but a
few of the surfacing issues.  While some groups believe worldwide
regulations must be reached for international e-commerce to succeed,
others are unsure.

6 June 1999:  Federal Web Security Honed
In the wake of attacks on federal websites in the last few weeks, the
respective agencies are upgrading their security systems, though some
of the agencies are reluctant to discuss the measures they've taken for
fear of providing information that would help attackers.  Others
acknowledge the fact that no system is entirely secure, and that increased
vigilance is as valuable a tool as any firewall.

5 June 1999:  MS Software Pirates Arrested
Eight people were arrested in connection with a piracy ring that has
produced 15,000 copies of Microsoft programs, including Windows 98.
The pirated software was sold overseas.

4 June 1999:  Digital Watermarking
A group of computer companies and record companies will decide on digital
watermarking technology to resist DVD-Audio copyright infringement.

4 June 1999:  Conflicting Privacy Wording on United's Site Confuses Users.
While United Airlines reservations site posts a standard privacy policy,
the "terms and conditions" agreement on the site basically waives those
same rights.,4,37413,00.html

4 June 1999:  Department of Justice Says Attacks Serious
The Department of Justice (DOJ) has rejected the comparison of recent
federal computer attacks to graffiti, instead calling them serious
infringements of the agencies' ability to transmit information to the
public.  The DOJ has promised vigorous prosecution of those responsible.

3 June 1999:  Recent Attacks Distract FBI from Real Threats, Some Say
Some security pundits believe that the attention the FBI is giving those
responsible for the slew of attacks of federal computer sites in the
last week takes the focus off more "serious digital crimes."

3 June 1999:  Attacks Will Not Stop, says FOrpaxe
A group of Portuguese teenage computer attackers calling itself FOrpaxe
claims responsibility for over 60 site exploits and vows to continue
its "crusade."  Members say that there has been talk of attackers
worldwide formulating a unified attack on US government computers.

3 June 1999:  DOD Background Checks Backlogged
The Defense Department has an enormous backlog of employee background
security investigations; over half a million checks need to be performed.
Private investigative firms will be hired to help.  In AOL News, from

3 June 1999:  Germany Favors Strong Cryptography	
The German Government has issued a policy statement in favor of strong
cryptography.  The statement is an apparent response to allegations of
industrial espionage conducted with the aid of electronic surveillance
devices.  The policy also states that protecting electronic commerce
and people's privacy supersedes concerns about the possibility of the
criminal use of cryptography.

3 June 1999:  ISPs Express Skepticism About UK Government's Crypto Policy
The UK's new encryption policy could put Internet users in a position
where their e-mail is easily accessible by law enforcement officials.

3 June 1999:  Black Boxes for Automobiles
Devices already installed in many GM cars record data about crashes.
Although GM says that "information recorded is the property of the
vehicle owner," Barry Steinhardt of the ACLU asserts that the devices
were placed in the cars without the owners' consent, and that the data
could be subpoenaed.

2 June 1999 :  Cracker Moonlighting		
Many computer exploiters are also extremely talented code writers employed
by major software companies, but a recent raid on the home of a now
former Microsoft employee has brought to light the problems associated
with the "dual identities" of such people.

2 June 1999:  FBI Cybercrime Unit Angers Crackers	
The FBI's Cybercrime Unit conducted several raids in recent weeks against
people suspected of the theft and misuse of credit card numbers and
computer passwords.       Cracker groups angry about the raids launched
widespread retaliatory attacks of US federal websites.

2 June 1999:  Federal Cyberattack Policy Warranted
Since cyberattacks can now be part of international warfare, as evidenced
by attacks in protest of NATO actions on Kosovo, the US needs to "develop
a coordinated national response" to protect its infrastructure.

1 June 1999:  EU Members Could Halt Data Flow to US
The EU (European Union) wants the US to speed up the schedule for its
compliance with EU data privacy laws, and to tighten up language about
consumer access to data and enforcement policies in the "safe harbor"
agreement.  If the two entities cannot reach an accord, individuals and
member countries could stop sending their personal data to US companies
online, a significant blow to e-commerce.,4,37236,00.html

1 June 1999:  E-mail Privacy in Japan
The Tokyo Manager's Union has received a number of reports of employees
being censured or fired for their alleged misuse of e-mail.  An attorney
calls bosses' screening employees' e-mail an invasion of privacy.

31 May 1999:  Federal Network Monitoring Tools
Some federal agencies would like to see a single product that would
cover all their monitoring needs, while others are happy using a
combination of tools.

31 May 1999:  Oracle Database Security Hole
A security flaw in Oracle databases enables malicious individuals root
access to the system.  While the company is offering a patch, only those
clients who have maintenance contracts with the company were informed
of the hole.  Oracle is providing a patch to fix the problem.,4557,2267512,00.html

== Federal Web Site Attacks ===========================================

If you haven't read enough stories about attacks on federal web sites,
here are three more:

2 June 1999  Dept of Defense

1 June 1999:  Interior Department

1 June 1999:  Interior Department and Idaho National Engineering
and Environmental Lab

== Valuable New Resources =============================================

Model Security Policies (today)

The most sought-after sections in any SANS course books are Michele
Crabb-Guel's collection of model security policies (from her classic
course on Building Effective Security Infrastructures).  She graciously
provided the slide show that describes the policies along with the
policies and templates.  Posting these policies is the first step in a
new Joint Consensus Research project (with the CIO Institute) to develop
a consensus on model security policies for organizations connected to
the Internet.  Comments and contributions are welcome.  If you have
something to offer please do. Those who provide the most useful
information will be invited to participate in the consensus research
project.  Email the research office (

Intrusion Detection FAQ (last week)
Stephen Northcutt and a team of intrusion detection experts have created
a new version of the new Intrusion Detection FAQ.

If you would like to contribute new questions and answers, send your
proposal to with the subject `ID FAQ Proposal'.

== End ==

Please feel free to share this with interested parties.  For a free
subscription, e-mail  with the subject:
      Subscribe NewsBites

New easy subscription modification, just use the web:,s2QCxS8H

Or you can email  with instructions and your SD number
(from the headers) for subscribe, unsubscribe, change address, or with
any other comments.


Date: Wed, 30 Jun 1999 16:16:22 -0400
From: "EPIC-News List"
Subject: File 3--Blurbs on Encryption Legislation  (EPIC Reprints)

Source -    Volume 6.10    June 30, 1999

[1] Senate Committee Approves Mandatory Filtering Bill

Congress' move toward mandatory Internet filtering for schools and
libraries gained momentum on June 23, when the Senate Commerce
Committee approved the Children's Internet Protection Act (S.97).  The
legislation would mandate that public schools and libraries receiving
"E-Rate" universal service funds purchase and use Internet filtering
software to regulate access by minors. The House of Representatives
added a similar provision to the juvenile justice bill on June 17.

The Committee action came over the objections of leading education,
library  and civil liberties groups, which argued that the legislation
would impose a costly unfunded requirement and ignores a variety of
alternative approaches being taken in localities around the country.
Commerce Committee Chairman John McCain (R-AZ) rejected the criticism,
stating that filtering software is inexpensive and necessary to protect
children. "No issue is more important to America than protecting our
children," he said.  Under the language approved by the Senate
committee approach, the thousands of schools that participate in the
federal Internet subsidy program would be required to install software
preventing access to obscene material and child pornography.  Libraries
in the E-Rate program with more than one computer would face a similar
requirement; those with only one computer would have to ensure that
children could not access such material.

Prior to the vote, the Internet Free Expression Alliance (IFEA) sent a
joint letter to the Commerce Committee urging rejection of mandatory
filtering.  The coalition members told the committee, "We believe that
the majority of Americans share our conviction that parents and
teachers -- not the federal government -- should provide children with
guidance about accessing information on the Internet."  They urged the
Senators to consider alternative approaches, including training classes
to help children bring critical skills to the Internet; adult
supervision of Internet use by minors; highlighting recommended sites
to assist parents in navigating the Internet; and establishment of
limited time periods for supervised use of the Internet by young
children.  The groups noted that, "Clumsy and ineffective blocking
programs are nothing more than a 'quick fix' solution to parental
concerns, often providing a false sense of security that children will
not be exposed to material which parents may find inappropriate."

The text of the coalition letter is available at the website of the
Internet Free Expression Alliance:

[2] Congress Acts on Encryption Legislation

On June 23, the House Commerce Committee approved the Security and
Freedom Through Encryption (SAFE) bill (H.R. 850), which would relax
export controls on encryption, with several amendments. One of the
amendments would make it a crime to fail to decrypt encrypted
information when ordered to do so, raising serious privacy and
constitutional concerns.  The new provision would impose criminal
penalties (including up to ten years in prison) on anyone who

     is required by an order of any court to provide to
     the court or any other party any information in such
     person's possession which has been encrypted and who,
     having possession of the key or such other capability
     to decrypt such information into the readable or
     comprehensible format of such information prior to
     its encryption, fails to provide such information in
     accordance with the order in such readable or
     comprehensible form.

House consideration of the SAFE bill will continue for at least
another month; the International Relations Committee has until July 16
to act on the legislation and Intelligence and Armed Services have
until July 23.  The House Armed Services Committee has scheduled a
hearing on the bill for June 30.

Also on June 23, the Senate Commerce Committee approved the PROTECT
encryption bill (S. 798).  The legislation would allow U.S. companies
immediately to export medium-strength encryption products (64-bit) and
much more powerful products (up to 128-bit) beginning in 2002.  Current
U.S. policy generally limits exports to 56-bit encryption with some
exceptions such as for subsidiaries of U.S. firms and foreign companies
in  banking, insurance, health-care and electronic commerce.  The bill
would also establish a committee of government and private sector
officials that could vote to allow export of stronger products if
similar products are available outside the United States.  The
committee's decisions could be overturned by the President. Unlike the
SAFE bill in the House, the PROTECT Act does not include criminal
penalties for the use of encryption in furtherance of a crime.

Additional information on encryption policy is available at the
Internet Privacy Coalition website:

[3] Government Seeks Review of Bernstein Crypto Decision

While Congress continues to debate encryption policy, the federal
courts are also grappling with the issue.  On June 21, the Department
of Justice filed a petition for rehearing in the Bernstein case,
seeking to overturn the Ninth Circuit Court of Appeal's recent opinion
holding that encryption source code is scientific expression protected
by the First Amendment.

The federal appeals court in San Francisco ruled on May 6 that federal
regulations that prohibit the dissemination of encryption source code
violate the First Amendment.  The court found that the regulations are
an unconstitutional prior restraint on speech because they "grant
boundless discretion to government officials" and have "effectively
chilled [cryptographers] from engaging in valuable scientific
expression."  The case was initiated by researcher Daniel Bernstein,
who sought government permission to export source code he had written.
EPIC was both co-counsel and coordinator of a "friend-of-the-court"
(amicus) brief in the case, arguing against the government controls on
privacy-enhancing technology.  Civil liberties and privacy
organizations have consistently opposed restrictions on the
dissemination of encryption technology, and welcomed the Bernstein
decision as a major breakthrough.  The opinion was notably for its
recognition of the threats to privacy that citizens face today and the
role of encryption in protecting information.

In seeking the Ninth Circuit's reconsideration of the case, the Justice
Department argues that the May 6 decision

     rests on fundamental errors regarding First Amendment
     and severability law.  As a result of those errors,
     the panel has placed the entire encryption export
     regime in jeopardy.  The potential consequences of
     repudiating the President's decisions regarding
     encryption export controls are grave and far-reaching.
     Before the views of the panel majority become the law
     of this Circuit, and unrestricted export of encryption
     products receives this Court's imprimatur, further
     review is imperative.

Information on encryption export controls, including the text of the
Bernstein decision and the EPIC amicus brief, is available at the EPIC
Cryptography Archive:

Subscription Information

The EPIC Alert is a free biweekly publication of the Electronic Privacy
Information Center. A Web-based form is available for subscribing or
unsubscribing at:

To subscribe or unsubscribe using email, send email to with the subject: "subscribe" (no quotes) or

Back issues are available at:


Date: Thu, 24 Jun 1999 17:32:26 -0400
From: Ari Schwartz 
Subject: File 4--CDT's Report on Library Filtering and Encryption Bills

C D T   P O L I C Y   P O S T
Volume 5, Number 12       June 24, 1999

(1) Mandatory Filtering for Schools & Libraries Approved by Senate Committee
(2) Encryption Bills Clear Hurdles in House, Some Privacy Concerns Remain
(3) Senate Committee Passes Its Version Of Encryption Reform
(4) Subscription Information
(5) About the Center for Democracy and Technology

** This document may be redistributed freely with this banner intact **
Excerpts may be re-posted with permission of
This document is also available at:


The Senate Commerce, Science, and Transportation Committee held a markup
today to discuss the Childrens' Internet Protection Act (S.97) introduced
by its chairman, John McCain (R-AZ), and ranking Democrat, Ernest Hollings
(D-SC). The bill mandates that all schools and libraries receiving federal
e-rate assistance select a technology for computers with Internet access

* blocks or filters obscene material,
* blocks or filters child pornography, and
* may be -- but are not required to be -- used by local authorities to
block or filter materials deemed "inappropriate for minors."

The schools and libraries must then enforce a policy that ensures that all
minors use such technologies while on the Internet.

This language is different from previous drafts of this bill in several

* It requires filtering or blocking only when minors are using the computer.
* It narrows the federal filtering requirement from material deemed
"harmful to minors" to obscene material or child pornography,
* It broadens the optional filtering category to include a great deal of
speech that is protected by the First Amendment.

Senator McCain made it clear that such material determined to be
"inappropriate for minors" may include sites promoting hate groups or other
controversial material, although such material in each of these categories
is protected speech under the First Amendment. The bill's only other
amendment refined the time period available to schools and libraries to
come into compliance with new law, if passed.

Senator John Kerry (D-MA) voiced concerns about the bill, drawing attention
to the way in which it infringes on the rights of communities to
self-determination regarding their own access to the Internet and that of
their children. However, the Committee as a whole approved the bill by
voice vote. A floor vote has not yet been scheduled.

For more information regarding S.97 and the debate surrounding free speech
on the net, visit CDT's Free Speech page at



Significant movement towards encryption reform continued on Capitol Hill
yesterday as committees in both the House and Senate approved export relief
bills. The Security and Freedom through Encryption (SAFE) Act (H.R.850)
cleared a major hurdle with passage by the House Commerce Committee. The
committee did pass several amendments to the bill including a troubling new
federal crime, proposed by Rep. Stearns (R-FL), requiring the production of
decryption keys or other forms of decryption assistance when presented with
a court order. This amendment raised signficant privacy and fifth amendment
concerns by leaving encryption users open to prosecution without clear
guidelines for compliance.
Rep. Oxley proposed an amendment that would have allowed government
agencies to require non-government contractors to use key recovery systems.
This amendment was withdrawn after substantial opposition from other
members of the Committee. Three minor amendments sponsored by Reps. Oxley
and Wilson were adopted, all relating to national security.

The SAFE Act, as approved by the House Commerce Committee, would:

* Affirm the right to user and sell encryption and will allow stronger
encryption software than the existing 56 bits to be distributed without
export licensing requirements.
* Prohibit the government from requiring a backdoor into peoples' email and
computer files ("mandatory key recovery").
* Modernize U.S. export controls to permit the export of generally
available software and hardware if a product with comparable security is
commercially available from foreign suppliers.
* Create criminal penalties for the knowing and willful use of encryption
to conceal evidence of a crime, BUT specifies that the use of encryption
does not constitute probable cause of a crime.
* Require the production of decryption keys or other forms of decryption
assistance when presented with a court order
* Prohibit export of encryption products to the PLA and companies owned by
the Chinese military
* Call upon the Attorney General to compile examples in which encryption
has interfered with law enforcement.
* Call upon the President to convene an international conference to draft
encryption policy agreement
* Allows allows the Secretary of Commerce to deny the export of encryption
products to specific groups and organizations if it would be used to harm
national security, used to sexually exploit children or used for illegal
activities by organized crime.

Although the export relief provisions of the original bill stayed intact,
as the bill proceeds to the House floor, CDT will continue to look out for
and oppose amendments that raise these privacy concerns.

Background information on the SAFE bill is available at:

CDT encourages encryption activists to call members of the House Committees
that still must look at SAFE before it gets to the floor.  Please see our
Digital Democracy page to see if your member is on one of these important



The Senate PROTECT Act (S.798) passed the full Senate Commerce Committee by
voice vote Wednesday. While falling short of the immediate access to
products needed to protect privacy online, the bill represents a major
shift in position for key Senators once opposed to encryption reform.
Although the PROTECT Act takes an important step forward for encryption
reform, CDT believes that more comprehensive export relief is needed to
protect individual privacy.

The PROTECT Act, as approved by the Senate Commerce Committee, would:

* Allow the immediate export of 64-bit encryption products
* Require the National Institute for Standards and Technology (NIST) to
complete development of the Advanced Encryption Standard (AES) and
decontrols export of AES and equivalent products by 2002
* Allow export of strong encryption products to certain trusted end-users,
export of recoverable products, and export of "crypto-ready" products
*Allow export of generally available products over 64-bits after a one-time
* Create an Encryption Export Advisory Board to make recommendations to the
Secretary of Commerce about the general availability of encryption products
(The Secretary's decision is subject to judicial review, and the President
may override the Board's determinations for purposes of national security
without review.)
* Prohibits domestic controls and mandatory plaintext access
* Permit the immediate exportation of non-military encryption (above 64
bits) to "responsible" entities and governments of North Atlantic Treaty
Organization (NATO), Association of Southeast Asian Nations (ASEAN), and
Organization for Economic Cooperation and Development (OECD).

The bill will next be considered by the Intelligence Committee, with two
other committees also receiving subsequent referrals. As the bill proceeds
through the Senate, CDT will continue to advocate for greater export
relief. CDT's letter to the Senate Commerce Committee on PROTECT is
available online at

Background information on the PROTECT bills is available at:



Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center for Democracy and Technology, are received by
Internet users, industry leaders, policymakers, the news media and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to

In the BODY of the message (leave the SUBJECT LINE BLANK), type

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the above

    unsubscribe policy-posts



The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications

Contacting us:

General information:
World Wide Web:

Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968


Date: Thu, 24 Jun 1999 03:22:12 GMT
Subject: File 5--Censorware Project Corrects Gross Distortion


For Immediate Release

Contact: Jamie McCarthy
Day: (616) 381-9889
Evening: (616) 375-7637

New York, June 23, 1999 - Last Friday, Senator John McCain (R-Ariz.)
toured Secure Computing Corporation, makers of "SmartFilter," and was
told that a three-month old report by the Censorware Project proves
that product's accuracy. The Censorware Project is an activist
organization opposing the use of content-blocking software in
libraries and universities, and its report clearly shows the opposite.
The Project strongly protests the misuse of its name to support
pro-censorship legislation.

Today, the Senate Commerce Committee approved Sen. McCain's filtering
bill (S.97), which subsidizes censorware by mandating its installation
in every school and library which receives E-Rate funds.

"Apples and oranges," said Project member Jamie McCarthy. "Secure
Computing's phony math compares two numbers from different categories
to claim their product has only 0.0006% error. Our real-world analysis
shows that errors occur eight thousand times more often. Every twenty
times their software blocks a library patron from reading, say,, it blocks another from reading Mark Twain, William
Shakespeare, or the Declaration of Independence.  Secure Computing's
software can't tell the difference -- and its PR spin is an
illustration of Twain's classic adage about lies, damn lies, and

Added McCarthy, "The Bill of Rights doesn't allow our government to
burn Shakespeare, even if they try burning twenty Hustlers to make up
for it."

Though the raw data from the Censorware Project's report was made
available, Secure Computing never obtained this data - which was drawn
from 31 days of logs, not the "two-week period" that Secure Computing
claims.  In a followup report released today, the Censorware Project
exposes the statistical sleight-of-hand, sheds light on last year's
censored sites still censored to this day, and reveals new blocks
which were not listed in the original report.

"One is 'Responses to the Holocaust,'" said Project member Michael
Sims. "SmartFilter blocked it from Utah students in September and they
still block it today.  Only because its blacklist is put together by a
computer, with no effective human oversight, can documentation of Nazi
genocide be called 'hate speech.'"

Another wrongly-blocked site not mentioned in the March report is that
of the Censorware Project itself. Secure Computing's first reaction to
the same criticism that it now praises as an "exhaustive and thorough
review" was to ban it under all 27 blacklist categories.  Censorship of
critics is common with this type of software.

The Censorware Project also found accessing inappropriate material to
be easy, using the latest version of the software.  "With the trial
proxy installed, I found hardcore porn within three minutes, and
instructions for making drugs and bombs were just a few clicks away,"
said McCarthy.

The Censorware Project has written to the president of Secure
Computing, demanding that he withdraw the false information in the
company's press release.


Date: Sat, 19 Jun 1999 12:58:42 -0700
From: Jim Galasyn 
To: " (E-mail)" 
Subject: File 6--Court's ruling on cable praised for doing what county wouldn't

Court's ruling on cable praised for doing what county wouldn't
by Kery Murakami
Seattle Times staff reporter

When a federal judge ruled last week that Portland and other
municipalities could require AT&T and TCI to open Internet
access to competitors, Metropolitan King County Council members
were quick to applaud.

Within hours, council members Jane Hague and Greg Nickels issued
a press release saying the ruling upholds the county's position
that no communications giant should hold a monopoly over
high-speed access to the Internet.

What they were not so quick to point out, however, was that the
council had earlier backed away from requiring open access for
fear of being sued. In February, the council rejected a proposal
by County Executive Ron Sims to deny approval of the merger
between the two companies unless competitors such as America
Online were allowed to hook up to cable lines at minimal extra
cost to their customers.

Instead, the council decided to form an expert study panel -
which it got around to doing just this week. The council members'
press release rankled Sims, who said the court ruling did uphold
a position - his.

Sims said the council should have held firm with TCI and AT&T
last spring.



Date: Sun, 10 Jan 1999 22:51:01 CST
From: CuD Moderators 
Subject: File 7--Cu Digest Header Info (unchanged since 10 Jan, 1999)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup:

Or, to subscribe, send post with this in the "Subject:: line:

Send the message to:


The editors may be contacted by voice (815-753-6436), fax (815-753-6302)
or U.S. mail at:  Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message:   UNSUB CU-DIGEST
(NOTE: The address you unsub must correspond to your From: line)

The mailing list is automated, so no human lies at the other end.

CuD is readily accessible from the Net:
  UNITED STATES: ( in /pub/CuD/CuD
    Web-accessible from:
         ( in /pub/Publications/CuD/
         in /doc/EFF/Publications/CuD/
  EUROPE: in pub/cud/ (United Kingdom)

The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:

Readers wishing to auto-set their browsers to receive the
latest issue of CuD can point to:

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may  be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission.  It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified.  Readers are encouraged to submit reasoned articles
relating to computer culture and communication.  Articles are
preferred to short responses.  Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Digest contributors assume all
            responsibility for ensuring that articles submitted do not
            violate copyright protections.


End of Computer Underground Digest #11.29

<--">Return to the Cu Digest homepage

Page maintained by: Jim Thomas -