PRIVACY Forum Archive Document

PRIVACY Forum Home Page

PFIR - "People For Internet Responsibility" Home Page

Vortex Technology Home Page


PRIVACY Forum Digest      Sunday, 21 September 1997      Volume 06 : Issue 13

            Moderated by Lauren Weinstein (lauren@vortex.com)         
              Vortex Technology, Woodland Hills, CA, U.S.A.
                         http://www.vortex.com 

                       ===== PRIVACY FORUM =====              

    -------------------------------------------------------------------
                 The PRIVACY Forum is supported in part by
               the ACM (Association for Computing Machinery)     
                 Committee on Computers and Public Policy,      
          "internetMCI" (a service of the Data Services Division         
      of MCI Telecommunications Corporation), and Cisco Systems, Inc.
                                 - - -
             These organizations do not operate or control the     
          PRIVACY Forum in any manner, and their support does not
           imply agreement on their part with nor responsibility   
        for any materials posted on or related to the PRIVACY Forum.
    -------------------------------------------------------------------


CONTENTS 
        CPSR Warns About Encryption Legislation (Susan Evoy)
        EPIC and PI Charge US Violates Intl Crypto Agreement (Dave Banisar)
        House panel votes behind closed doors to build in Big Brother
           (Declan McCullagh)
        USACM Applauds California Legislature (ACM US Public Policy Office)
        Electronic Bracelets for Children (Roger Clarke)
        Internet access to criminal records info (Nancy Talner)
        Debate about an ISO privacy standard (Colin Bennett)
        SSA to Restore Online Web Service (from EPIC Alert 4.12)
           (Marc Rotenberg)
        Amended Complaint Filed in Cleveland Crypto Suit (Peter D. Junger)
        Peter Neumann to Receive Social Responsibility Award (Susan Evoy)


 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

-----------------------------------------------------------------------------
The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "privacy@vortex.com" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are by an automatic list handling system;
for subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"privacy-request@vortex.com".  Mailing list problems should be reported to
"list-maint@vortex.com". 

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp ftp.vortex.com",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the list handling system.  Please follow the instructions above
for getting the "help" information, which includes details regarding the 
"index" and "get" commands, which are used to access the PRIVACY Forum 
archive via the list handling system.

All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "gopher.vortex.com/".  Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL:  "http://www.vortex.com"; full
keyword searching of all PRIVACY Forum files is available via WWW access.
-----------------------------------------------------------------------------

VOLUME 06, ISSUE 13

   Quote for the day:

        "You'll laugh.  You'll cry.  You'll kiss three bucks goodbye!
         Get in line now!"

                -- Narrator (Paul Frees)
                   "Hardware Wars" (Pyramid Films; 1978)

----------------------------------------------------------------------

Date:    Wed, 17 Sep 1997 00:50:27 -0700
From:    Susan Evoy <sevoy@Sunnyside.COM>
Subject: CPSR Warns About Encryption Legislation  

September 16, 1997
For Immediate Release

For More Information:
Andy Oram
617 499 7479
Aki Namioka
206-587-6825

COMPUTER EXPERTS WARN ABOUT RESTRICTIVE ENCRYPTION LEGISLATION

Computer Professionals for Social Responsibility (CPSR) today strongly
protested Congressional initiatives to add onerous restrictions to the
Security And Freedom through Encryption (SAFE) bill (H.R. 695). CPSR
President, Aki Namioka, stated "The Weldon-Dellums amendment to H.R. 695
reflects a major disregard for civil liberties and a profound
misunderstanding of computer and Internet technology. This is a complete
reversal of the intent of SAFE legislation."

"These proposed bans on encryption are clearly attempts at restriction of
free speech," Namioka said. "Bernstein v. US Department of State stated that
encryption is a constitutionally protected method of communication".

"The public is not being represented in this assault on privacy and freedom
of speech", according to CPSR member Andy Oram.

CPSR points out that encryption legislation regulates a type of computer
technology that is becoming more and more central to modern communications.
Encryption is critical to online commerce, because it protects trade secrets
and assures users that money is being transferred properly. In the form of
digital signatures, encryption allows someone to pass a contract across the
Internet or stand behind a public statement. Encryption may soon be built
into networking protocols for authentication purposes. And it is used
heavily by human rights activists and other political figures in many
countries to protect themselves and their sources from arrest and
assassination; even in North America it is seen as critical by many to
protect private thoughts exchanged among colleagues.

CPSR outlined several problems with the proposed legislation:

1. Bans on encryption are violations of free speech, as ruled by U.S.
District Judge Patel in the case of Bernstein v. U.S. Dept. of State. Beyond
this case, which covers the teaching and publication of information about
encryption, it would be a gross and unprecedented violation of free speech
to ban types of software or formats for transmitting data, as the amendments
to SAFE would do.

2. In order to continue communicating with sites using the encryption
technologies required in the bill, all current Internet sites and users
would have to purchase, install, and test new systems. This is a burden that
many businesses, particularly Internet services with their low profit
margins, cannot afford.

3. Law enforcement will not benefit from restricting the export of encryption. 
Strong encryption software already exists outside the United States, and the 
technical understanding for creating such software is widely published.

4. Restrictions on export damage the international competitiveness of the
companies that offer encryption products, add unnecessarily to the costs of
developing such products, and ultimately leave the users of those products
vulnerable to malicious attack. The heavy controls imposed by the bill
contrast strongly with the Clinton Administration's claim in its recent
white paper, A Framework for Global Electronic Commerce, released onJuly 1,
1997, to maintain a "hands-off" stance toward the Internet.

5. While the amendment is claimed to be "technologically neutral," a better
description of it would be "technically untried." The only technology
proposed up to now to meet the bill's goal of providing unencrypted content
to law enforcement are key recovery systems, but no such system on the scale
required by the bill has ever been tested. Experts examining the
requirements for such systems have predicted them to be costly, insecure,
and burdensome. But even key recovery systems could probably not be
implemented in such a way as to provide the "immediate" access to
unencrypted data that the law demands. Compliance of the bill would require
new, currently unknown technologies, and possibly the highly intrusive
installation of special decryption software on each user's computer.

6. The amendment unduly expands the powers of government. Current
court-ordered wiretap standards could be bypassed. Current requirements that
law enforcement must demonstrate probable cause for a wiretap would be
eliminated.

There are so many aspects of dubious constitutionality in the current
version of the encryption bill that Congress faces another humiliation in
the courts like that dealt to the Communications Decency Act. CPSR calls on
Congress to protect our freedoms and reject the encryption measures. To
allow the benefits of modern electronic networks to be reaped, cryptography
products that provide for real privacy should be available, without
government intrusion.

# # # #

Computer Professionals for Social Responsibility (www.cpsr.org)

CPSR is a public-interest alliance of computer scientists and others
interested in the impact of computer technology on society. CPSR's goal is
to direct public attention to difficult choices concerning the applications
of computing and how those choices affect society.

--
Duff Axsom,  Executive Director
http://www.cpsr.org/home.html
Computer Professionals for Social Responsibility
P.O. Box 717, Palo Alto, CA  94302
Phone: (650) 322-3778  Fax: (650) 322-4748  Email: duff@cpsr.org

        [ The proposed legislation, in its current form, does indeed
          seem onerous in its implications.  Regular readers of
          this digest are aware that I'm an advocate of balancing
          the legitimate needs of privacy and law enforcement in these
          areas, and have frequently stated this explicitly--I don't
          take an absolutionist view on either side.

          However, the negative impact of the proposed encryption bill (as
          it stands today) on civil liberties, commerce, and a range of
          other areas that could affect us all is startling, and suggests
          that the pendulum is swinging too far and too fast in one
          direction.  If the proposed language of the bill stands, it would
          seem best to scratch the entire legislation and start over again
          with a balanced sequence of public hearings and an open
          and broad-ranging debate over all aspects of these issues.
        
                 -- PRIVACY Forum MODERATOR ]
        
------------------------------

Date: Mon, 15 Sep 1997 00:57:11 +0100
From: Dave Banisar <banisar@epic.org>
Subject: EPIC and PI Charge US Violates Intl Crypto Agreement

Press Release.

Privacy Groups Criticize United States Crypto Policy.

Charge US Violation of International Agreement.

Brussels - Two leading privacy organizations said today that the United
States cryptography policy violates an international agreement reached
earlier this year by more than two dozen countries at the Organization for
Economic Cooperation and Development.

The Electronic Privacy Information Center and Privacy International said
that recent legislative proposals introduced in the United States to
establish controls on the use of data scrambling technology are contrary to
the principles adopted by the OECD and should be withdrawn.

Marc Rotenberg, the director of EPIC and a member of the expert panel that
drafted the guidelines, said that "the OECD framework is based on the
voluntary, market-driven development of encryption products and services.
The Guidelines emphasize the importance of privacy protection and the need
for careful assessment of any key escrow proposal. Their  were specifically
intended to remove technical and legal obstacles to the use of
cryptography. But the US policy now points in exactly the opposite
direction -- extensive government regulation, little regard for privacy,
and the rapid development of key escrow techniques regardless of the
consequences."

Mr. Rotenberg said that the OECD member countries considered and explicitly
rejected the US recommendation that cryptography policy be based on law
enforcement access to private communications. "That proposal was turned
down by the OECD member countries. The United States accepted the judgment
of the OECD and endorsed the final recommendations. The U.S. should now
honor its commitment," said Mr. Rotenberg.

Simon Davies, Director General of Privacy International, said "The rush to
encourage technologies for communications surveillance comes at exactly the
wrong time. Illegal wiretapping is on the rise around the world.
Dissidents, political opponents, journalists, and human rights organizers
are most often the targets."

The current issue of the International Privacy Bulletin includes a review
of worldwide privacy abuses in 1996. Electronic surveillance features
prominently in the report. The review is based on "The Country Reports for
Human Rights Practices," prepared annually by the U.S. State Department.

Mr. Rotenberg and Mr. Davies said that the U.S. policy now stands as the
single greatest barrier to the development of tools to protect privacy and
security on the Internet.

The statement was made at a conference this week in Belgium, hosted by
Privacy International and EPIC, on "Cryptography and the Internet:
Developing Privacy and Security Policy for the European Information
Society."  Participants from more than twenty countries attended the event.

The Electronic Privacy Information Center is a civil liberties
organizations, based in Washington, DC. Privacy International is a human
rights organization concerned with privacy, surveillance and data
protection issues worldwide. It is based in London. Both organizations are
members of the Global Internat Liberty Campaign.

WEB RESOURCES

 o EPIC [http://www.epic.org/]
 o Privacy International [http://www.privacy.org/pi/]
 o Global Internet Liberty Campaign [http://www.gilc.org/]
 o Brussels Cryptography Conference
      [http://www.privacy.org/pi/conference/brussels/]
 o OECD Cryptography Policy Guidelines
      [http://www.oecd.org/dsti/iccp/crypto_e.html]

CONTACT (15-17 September)

 Marc Rotenberg, EPIC (Brussels +32 2 227 05 05, voicemail +1 202 298 0824)
 Simon Davies, PI (Brussels +32 2 513 29 73)

------------------------------

Date:    Thu, 11 Sep 1997 23:37:39 -0700 (PDT)
From:    Declan McCullagh <declan@well.com>
Subject: House panel votes behind closed doors to build in Big Brother

Software that protects your privacy is a controlled substance that may no
longer be sold, a Congressional committee decided today.

Meeting behind closed doors this morning, the House Intelligence committee
voted to replace a generally pro-encryption bill with an entirely
rewritten draft that builds in Big Brother into all future encryption
products. (The Senate appears to be moving in a similar direction.)

The new SAFE bill -- titled in a wonderfully Orwellian manner the
"Security and Freedom through Encryption" act even though it provides
neither -- includes these provisions:

SELLING CRYPTO: Selling unapproved encryption products (that do not include
"immediate access to plaintext") becomes a federal crime, immediately after
this bill becomes law. Five years in jail plus fines. Distributing,
importing, or manufacturing such products after January 31, 2000 is another
crime.

NETWORK PROVIDERS: Anyone offering scrambled "network service" including
encrypted web servers or even "ssh" would be required to build in a backdoor
for the government by January 31, 2000. This backdoor must provide for
"immediate decryption or access to plaintext of the data."

TECHNICAL STANDARDS: The Attorney General will publish technical
requirements for such backdoors in network service and encryption products,
within five months after the president signs this bill.

LEGAL TO USE CRYPTO: "After January 31, 2000, it shall not be unlawful to
use any encryption product purchased or in use prior to such date."

GOVERNMENT POWERS: If prosecutors think you may be selling, importing, or
distributing non-backdoor'd crypto or are "about" to do so, they can sue.
"Upon the filing of the complaint seeking injunctive relief by the Attorney
General, the court shall automatically issue a temporary restraining order
against the party being sued." Also, there are provisions for holding secret
hearings, and "public disclosure of the proceedings shall be treated as
contempt of court." You can request an advisory opinion from the government
to see if the program you're about to publish violates the law.

ACCESS TO PLAINTEXT: Courts can issue orders, ex parte, granting police
access to your encrypted data. But all the government has to do to get one
is to provide "a factual basis establishing the relevance of the plaintext"
to an investigation. They don't have to demonstrate probable cause, which is
currently required for a search warrant. More interestingly, this explicitly
gives the FISA court jurisdiction (yes, the secret court that has never
denied a request for a wiretap). If they decode your messages, they'll tell
you within 90 days.

GOVERNMENT PURCHASING: Federal government computer purchases must use a key
escrow "immediate decryption" backdoor after 1998. Same with networks
"purchased directly with Federal funds to provide the security service of
data confidentially." Such products can be labeled "authorized for sale to
U.S. government"

ENCRYPTION EXPORTS: The Defense & Commerce departments will control exports
of crypto. Software "without regard to strength" can be exported if it
includes a key escrow backdoor and is first submitted to the government.
Export decisions aren't subject to judicial review, and the "president may
by executive order waive any provision of this act" if he thinks it's a
threat to national security. Within 15 days, he must send a classified
briefing to Congress.

ADVISORY PANEL: Creates the Encryption Industry and Information Security
Board, with seven members from Justice, State, FBI, CIA, White House, and
six from the industry. 

INTERNATIONAL: The president can negotiate international agreements and
perhaps punish noncompliant governments. Can you say "trade sancation?"

(Other provisions barring the use of crypto in a crime and some forms of
cryptanalysis are also in the bill.)

Next the Commerce Committee will vote on SAFE, and a former FBI
agent-turned-Congressman is vowing to ensure that similar language to this
is included. (The committees are voting on the bill in parallel, and a
four-person team of Congressmen is working to forge a compromise before
Commerce votes.) Then the heads of the five committees that have rewritten
the legislation will sit down and work out another compromise. If it's
acceptable to the House Rules committee -- and if the FBI/NSA get what they
want it will be -- the bill can move to the floor for a vote. 

That's why the encryption outlook in Congress is abysmal. Crypto-advocates
have lost, and lost miserably. A month ago, the debate was about export
controls. Now the battle is over how strict the //domestic// controls will
be. It's sad, really, that so many millions of lobbyist-dollars were not
only wasted, but used to advance legislation that has been morphed into a
truly awful proposal. 

I wrote more about this at:

  http://cgi.pathfinder.com/netly/opinion/0,1042,1385,00.html

-Declan

------------------------------

Date:    Wed, 10 Sep 1997 06:02:32 -0400
From:    ACM US Public Policy Office <usacm_dc@acm.org>
Subject: USACM APPLAUDS CALIFORNIA LEGISLATURE

PRESS RELEASE

Association for Computing
U.S. Public Policy Office

September 8, 1997

USACM APPLAUDS CALIFORNIA LEGISLATURE FOR UNANIMOUSLY
ENDORSING RELAXED EXPORT CONTROLS ON ENCRYPTION

As the Congress prepares to address the issue of computer security and
privacy, the California legislature has sent a clear message that relaxing
controls on cryptography is a critical first step.

On September 5, the California legislature passed a resolution that calls on
the California members in Congress to support legislation that would make it
easier for US companies to develop and market strong cryptography products.
The resolution was sponsored by Representative Vasconcellos (D. San Jose)
and passed without opposition.

Dr. Barbara Simons, chair of the policy committee for the Association for
Computing (USACM), said that the California resolution makes clear that
industry and users are united in support of good cryptography.

"We believe that Congress should support the Security and Freedom Act,
sponsored by Representative Goodlatte.  The legislation will help protect
security and privacy on the internet. It will be a serious mistake for the
administration to oppose the development of this technology," said Dr.
Simons.

On August 26, USACM Chair Barbara Simons spoke in support of the
Vasconcellos resolution before a California Senate committee. Also
participating at the Committee hearing were Dr. Whit Diffie from Sun, Kelly
Blough from PGP, Jack Wilson of ACL Datacom, Chuck Marson representing the
California Internet Industry Alliance (Netscape, Microsoft, AOL, CompuServe
and Netcom), and a representative of the Software Publishers Association.
Undersecretary of Commerce Reinsch wrote a letter opposing the resolution.

The Association for Computing (ACM) is an international non-profit
educational and scientific society with 76,000 members worldwide, 60,000 of
whom reside in the U.S.  USACM, the Association for Computing's U.S. Public
Policy Office, serves as the focal point for ACM's interaction with U.S.
government organizations, the computing community and the U.S. public in all
matters of U.S. public policy related to information technology. The USACM
web site is located at http://www.acm.org/usacm/

For more information, please contact USACM Chair Barbara Simons at
408/256-3661 or USACM Associate Director Lauren Gelman at 202/544-4859.

/\ /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
Association for Computing,             +   http://www.acm.org/usacm/
Office of U.S. Public Policy           *   +1 202 544 4859 (tel)
666 Pennsylvania Ave., SE Suite 302 B  *   +1 202 547 5482 (fax)
Washington, DC 20003   USA             +   gelman@acm.org

To subscribe to the ACM Washington Update, send e-mail to: listserv@acm.org
with "subscribe WASHINGTON-UPDATE name" (no quotes) in the body of the
message.

------------------------------

Date:    Wed, 10 Sep 1997 09:32:47 +1000
From:    Roger Clarke <Roger.Clarke@anu.edu.au>
Subject: Electronic Bracelets for Children

On page 2 of this morning's SMH:
http://www.smh.com.au/daily/content/970910/national/national2.html

"The Northern Territory is considering using electronic bracelets to impose
a night-time curfew on children.  Those children selected for the scheme
... would be banned from roaming the streets at night and their activities
monitored via a computer-linked electronic device strapped to their wrists
or ankles.  ... it was too early to say whether the electronically
monitored curfew would apply only to children with past convictions, or
could be used to monitor children who had never committed a criminal
offence".

Pity that the relevant Minister's email address fails, and so does the
search-function on the N.T. government's pages ...  However, his Press
Secretary, Warwick, on (08) 8999 6811, confirms that the Press Release is
not on the web;  but he's faxing it to me.

Of course, this actually is a set-up between me and me mate Steve Hatton,
Minister for Correctional Services for N.T., to help promote my paper, at:
http://www.anu.edu.au/people/Roger.Clarke/DV/IDCards97.html

Roger Clarke              http://www.anu.edu.au/people/Roger.Clarke/
                                        http://www.etc.com.au/Xamax/
Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 6 288 1472, and 288 6916     mailto:Roger.Clarke@anu.edu.au

Visiting Fellow,   Faculty of Engineering and Information Technology
The Australian National University     Canberra  ACT  0200 AUSTRALIA
Information Sciences Building Room 211        Tel:  +61  6  249 3666

------------------------------

Date:    Tue, 5 Aug 1997 21:22:00 -0400 (EDT)
From:    NTalner@aol.com
Subject: Internet access to criminal records info

[ From Risks-Forum Digest; Volume 19 : Issue 28 -- PRIVACY Forum MODERATOR ]

The Washington State Patrol is starting a pilot project called the WATCH
program, which was authorized by the 1997 legislature.  The program will
make criminal history information available on the Internet so that anyone
who wants to run a background check on someone for employment purposes (or
to deny housing rental or just to snoop) can do so without going through the
state patrol.  This raises some dilemmas regarding privacy, public records
access, and allowing people to rehabilitate themselves from a criminal
conviction.  For example, under current law, you can get a conviction
vacated after a certain period of time and then answer "no" when asked by
employers if you have a conviction, but this is useless if anybody can find
the record anyway.  Also, current law allows background checks on criminal
records to be done for certain jobs, but not for every job.  Under the new
system, anyone who has ever had a criminal case may risk having jobs,
housing, and many other things denied to them because of that case.  It is
further clear that under current public disclosure law, most conviction
records are public.  Can anybody help me analyze these issues and propose a
remedy that maintains access to public records while at the same time
lessens the ongoing punishment of individuals who can never escape their
past?  Thanks.  Nancy Talner

------------------------------

Date:    Mon, 8 Sep 1997 11:22:25 -0700
From:    Colin Bennett <cjb@uvic.ca>
Subject: Debate about an ISO privacy standard

Subscribers might be interested in recent debates about the desirability of
an ISO standard for privacy protection.  The initiative has been quietly
debated for over a year as a result of Canadian pressure to elevate the
Canadian Standards Association's "Model Code for the Protection of
Information" to the status of an international instrument, similar to the
series of ISO quality management standards in the ISO 9000 series.  Such a
standard has been regarded as an efficient way for organizations to
demonstrate "adequate data protection" to European authorities.  But the
idea has also run into a certain amount of resistance from American business
and from ANSI (the American National Standards Institute).

The issues are complicated and should, in my view, be actively engaged by
privacy advocates around the world.  I have recently written a report
entitled "The Prospects for an International Standard for the Protection of
Personal Information."  It is available at URL:
www.cous.uvic.ca/poli/cben.htm (Under unpublished papers).  I would be
interested in any comments.  

Prof. Colin J.Bennett
Department of Political Science
University of Victoria
Victoria, B.C.  V8W 3P5
CJB@Uvic.ca

------------------------------

Date:    Thu, 4 Sep 1997 18:26:47 -0400
From:    Marc Rotenberg <rotenberg@epic.org>
Subject: SSA to Restore Online Web Service (from EPIC Alert 4.12)

The Social Security Administration announced today it would put a modified
version of the Personal Earnings and Benefits Estimate Statement (PEBES)
service back on-line before the end of the year. The service was suspended
on April 9, following public concerns about the risk of improper access to
personal information held by the agency.

The Social Security Administration said that the new service would be based
on an "opt-in" privacy standard.  Individuals could affirmatively choose to
request the on-line delivery of PEBES information by first obtaining an
authentication code that would only be delivered to a registered email
address.  Records of individuals who did not request the code would not be
available at the web site.

The SSA also said that it would limit the amount of information made
available on-line.  Payment records would not be accessible at the SSA web
site, although they will still be sent by the U.S. mail.

Privacy experts expressed support for the SSA recommendations, saying that
the agency has done a good job meeting with the public, consulting with
experts, and developing sensible standards to protect personal information.

The SSA experience with Internet service delivery is being watched closely
by other federal agencies as well as private companies who hope to take
advantage of the Internet and avoid public concerns about privacy.

The SSA PEBES Service is available at:

     http://s3abaca.ssa.gov/pro/batch-pebes/bp-7004home.shtml

More information on the SSA and Online Privacy is available at:

     http://www.epic.org/privacy/databases/ssa/

        [ While this indeed represents a step forward from the original
          system, it still must be viewed only as an initial step, and
          obviously must improve further over time.  In particular,
          since e-mail addresses can be trivially created and destroyed,
          the existence of a valid e-mail destination says nothing
          about the identity of the person making the request.  However,
          the new procedures do at least provide a potential means
          for tracking some forms of system abuse.

                        -- PRIVACY Forum MODERATOR ]

------------------------------

Date:    Wed, 03 Sep 1997 06:50:46 -0400
From:    "Peter D. Junger" <junger@samsara.LAW.CWRU.Edu>
Subject: Amended Complaint Filed in Cleveland Crypto Suit

                            Press Release

     New Complaint Filed in Suit Challenging Constitutionality of
      Regulations Forbidding Publication of Software on Internet

           Suit Seeks to Enjoin Enforcement of Regulations
                on ``Export'' of  Encryption Software

     Programmers Are Entitled to at Least as Much Constitutional
            Protection as Pornographers, Professor Claims

            ---------------------------------------------

             Cleveland, Ohio, Tuesday, September 2, 1997
                        For Immediate Release

                    For More Information Contact:
 
                    Peter D. Junger (216) 368-2535
                    <junger@samsara.law.cwru.edu>

                    Gino Scarselli (216) 291-8601
                    <gscarsel@mail.multiverse.com>

                    Raymond Vasvari (216) 622-1780
                   <freespeech@mail.multiverse.com>

        Or see URL: http://samsara.law.cwru.edu/comp_law/jvc/
 

To be added to, or removed from, the list of those who were sent this
 press release, please send e-mail to <lawsuit@upaya.multiverse.com>.

                                ------
   

Cleveland, Ohio, September 2. -- 

In the wake of last week's decision in Bernstein v. U.S. Department of
State, in which Judge Patel of the federal district court in San Francisco
held that the regulations that forbid the publication of encryption software
on the Internet or the World Wide Web without a license from the Department
of Commerce ``are an unconstitutional prior restraint in violation of the
First Amendment'', lawyers for Professor Peter Junger of Case Western
Reserve University Law School, in Cleveland, Ohio, filed a an amended
complaint in his suit to enjoin the government from enforcing those same
regulations.

The regulations, which were initially part of the International Traffic in
Arms Regulations (``ITAR'') administered by the Department of State and
which are now contained in the Export Administration Regulations (``EAR'')
administered by the Department of Commerce, originally required one to apply
for and obtain a license under the ITAR before disclosing any cryptographic
software in any way to ``foreign persons''.  Under the EAR, however, one is
permitted to export such software in books and other ``hard copy'', but is
still required to obtain a license before publishing the same software on
the Internet or the World Wide Web or in other electronic form or media.

The amended complaint, which names Secretary of Commerce Daley as the
primary defendant, simplifies the issues by focusing only on the new version
of the regulations that are set out in the EAR.  In that complaint Professor
Junger, who wishes to publish a number of encryption programs, written by
himself and others, on his World Wide Site as part of the materials used in
his course in Computing and the Law, seeks not only relief for himself but
also a ``preliminary and permanent injunction enjoining the 
defendants . . .  from interpreting, applying and enforcing the 
encryption software and technology provisions of EAR against any 
person who desires to disclose or `export' . . . encryption software and 
technology.'' The complaint alleges that those encryption regulation 
violate the freedom of speech and of the press that are protected,
particularly from prior restraints such as licensing requirements, 
by the First Amendment to the United States Constitution as has 
already been held by Judge Patel in the Bernstein case.

The question of whether the export regulations on cryptography should be
relaxed is being hotly debated in Congress at the present time and the
software industry has expended considerable sums lobbying in favor of
weakening or abolishing those regulations, claiming that they cause severe
damage to the software industry in the United States and that the
restriction on the export of cryptographic software written in the United
States is leading to the export of programming jobs from the United States
to other countries without such regulations.
     
Professor Junger points out, however, that the case involves far more
than the effect of the EAR on the writing and publication of
cryptograpic programs by the software industry.  ``The government's
claim is not that the publication of encryption software is not
protected by the First Amendment,'' he says.  ``Rather its claim is
that no publication of software is protected, because software is
functional.  

``If the government can constitutionally require me to get a license,
which I probably can't get, before I publish encryption software, they
could require me to get a licencse before I publish any sort of
software.  And they just might do that it in order to standardize the
programs that are available and limit competition in favour of certain
selected large companies.  They already have provisions that allow IBM
or Microsoft to get a license to export fairly strong encryption
programs that are not available to me or to any other individual
programmer or small enterprise.''

``What tends to get overlooked,'' Junger adds, ``is that computer
programs are not a floppy disk that one sticks into a computer to make
it work.  Computer programs are written and published by human beings
just as, for example, pornography is.  The Supreme Court recently held
in Reno v. ACLU that the full protection of the First Amendment
extends to pornography in cyberspace.  I find it hard to believe that
programmers are not entitled to at least as much constitutional
protection as pornographers.''

Copies of the amended complaint will shortly be available at
<http://www.jya.com/>; and .

                                 -30-

--
Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
 EMAIL: junger@samsara.law.cwru.edu    URL:  http://samsara.law.cwru.edu   

------------------------------

Date:    Wed, 17 Sep 1997 00:15:19 -0700
From:    Susan Evoy <sevoy@Sunnyside.COM>
Subject: Peter Neumann to Receive Social Responsibility Award

September 16, 1997
For Immediate Release

Contact:
Duff Axsom
650-322-3778

Peter Neumann To Receive Social Responsibility Award

Palo Alto, CA.  Peter Neumann, a national authority on computer security and
risk, will be given the prestigious Norbert Wiener Award for excellence in
promoting socially responsible use of computing technology. Computer
Professionals for Social Responsibility (CPSR) annually honors an
outstanding leader for personal dedication to increasing the public
awareness of the social and political consequences of the uses of
technology. Dr. Neumann will be honored October 4, 1997 at the CPSR Annual
Conference in Berkeley, CA.

"Peter Neumann is a remarkable scholar and social activist", said CPSR
president Aki Namioka. "His contributions to our knowledge about the risks
and reliability of computing technology are widely published in scientific
journals, but even more importantly he initiated the public dialogue through
open discussion in one of the most widely read computer online USENET
newsgroups, RISKS Forum (comp.risks)."

"Dr. Neumann is a pioneer in linking the risks in using technology to our
most cherished rights to privacy and our need for a secure environment",
stated Namioka. "CPSR is extremely proud to present the Norbert Wiener Award
for 1997 to a truly important citizen, an activist and a distinguished
scientist. He was one of the early members of CPSR and helped bring public
awareness to the major flaws in the Strategic Defense Initiative (SDI)
during the Reagan administration."

The Norbert Wiener Award was established in 1987 by CPSR in memory of the
originator of the field of cybernetics. Norbert Wiener was among the first
to examine the social and political consequences of computing technology.
His book, The Human Use of Human Beings, pointed out the dangers of nuclear
war and the role of scientists in weapons development in 1947, shortly after
Hiroshima.

Dr. Neumann's research on the implications of computing gained wide
recognition when he created the ACM SIGSOFT Software Engineering Notes in
1976 with considerable attention to risks issues, and then created the
online Risks Forum in 1985. He was also co-author of the National Research
Council (NRC) report, Computers at Risk in 1990.

Dr. Neumann is the author of Computer-Related Risks, published in 1995 by
The Association for Computing (ACM) and Addison-Wesley Publishing Company.
Computer-Related Risks summarizes many real events involving computer
technologies and the people who depend on those technologies, with widely
ranging causes and effects. It considers problems attributable to hardware,
software, people, and natural causes. More information about this book can
be found at:
http://heg-school.awl.com/cseng/authors/neumann/crrisks/crrisks.html

His expertise in the issues of privacy and cryptography are demonstrated in
his role as an author of the seminal study, Cryptography's Role in Securing
the Information Society for the NRC. He served on the Expert Panel of the
U.S. House of Representatives' Judiciary Subcommittee on Civil and
Constitutional Rights. He is a member of the U.S. General Accounting
Office's newly formed Executive Council on Information Management and
Technology.

Over five decades, Dr. Neumann, Principal Scientist at SRI International in
Menlo Park, CA, has been concerned with critical computer and communications
systems issues such as security, reliability and human safety. He holds a
Ph.D. from Harvard and was a Fulbright scholar at the Technicsche
Hochschule, Darmstadt, Germany. He has worked in the computer field since
1953. He is a Fellow of the American Association for the Advancement of
Science, the Association for Computing Machinery (ACM), and the Institute of
Electrical and Electronics Engineers (IEEE). He was the recipient of the
Electronic Frontier Foundation Pioneer Award in 1996 and the ACM SIGSOFT
Distinguished Service Award in 1997.

More information and access to many of his writings may be obtained at his
webpage, http://www.CSL.sri.com/neumann.html.

CPSR was founded in 1981 by computer professionals in the Silicon Valley
concerned about the use of computers in nuclear weapons systems. CPSR has
grown into a national public interest alliance of computer scientists,
information technology professionals, and others concerned about the
critical choices facing society in the applications of computer related
technology. CPSR has 22 Chapters throughout the United States and is based
in Palo Alto, CA.

# # # #

--
Duff Axsom,  Executive Director
http://www.cpsr.org/home.html
Computer Professionals for Social Responsibility
P.O. Box 717, Palo Alto, CA  94302
Phone: (650) 322-3778  Fax: (650) 322-4748  Email: duff@cpsr.org

    [ My special congratulations to Peter for this well-deserved award!
      Peter is Chairman of the ACM Committee on Computers and Public Policy,
      of which I'm a member and with which the PRIVACY Forum is affiliated.
      Again, congratulations!

                -- PRIVACY Forum MODERATOR ]

------------------------------

End of PRIVACY Forum Digest 06.13
************************


PRIVACY Forum Home Page

Vortex Technology Home Page

Copyright © 2005 Vortex Technology. All Rights Reserved.