Computer underground Digest Sun Feb 16, 1997 Volume 9 : Issue 09 ISSN 1004-042X Editor: Jim Thomas (cudigest@sun.soci.niu.edu) News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Field Agent Extraordinaire: David Smith Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #9.09 (Sun, Feb 16, 1997) File 1--Cyber Angels FACES Project File 2--FYI: "Contributory copyright infringement" File 3--Re: "Hacking Chinatown" File 4--Coalition Letter on Privacy and Airline Security File 5--BELLSOUTH CHALLENGES AT&T ACCESS CHARGE PROPOSAL (fwd) File 6--Cu Digest Header Info (unchanged since 13 Dec, 1996) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Sun, 9 Feb 1997 18:40:06 +0000 From: David Smith Subject: Fle 1--Cyber Angels FACES Project Attached is an excerpt from the December Cyber Angels bulletin containing the details of their FACES project. ------- Excerpt Begins ------- **************************************************************** USENET TEAM NEWS USENET "FACE" PROJECT "FACE" = FREEING ABUSED CHILDREN from EXPLOITATION WE ARE IN THE PROCESS OF CONSTRUCTING AN ONLINE DATABASE OF THE FACES OF THE CHILDREN WHO HAVE BEEN ABUSED AND PHOTOGRAPHED TO MAKE CHILD PORNOGRAPHY Child pornography as some of you no doubt know is regularly posted to the Usenet. Child pornography is also illegal - that is why we are regularly passing evidence to Federal Authorities that we gather from the Usenet. Who are the children who are used in the child pornography that is posted to the Usenet? Do you know any? How could you find out? That is exactly what our FACE UNIT is all about. Our volunteers spend time each week finding child pornography posts on the Usenet, and cropping the picture so that just the child's face is left. These faces - the faces of innocent children who are the victims of abuse crimes by adults - are then passed with the full header reference to our FACE UNIT Leader. The images are then posted up to our website, in the hope that as thousands of people pass through our website someone somewhere may recognize the face of someone in our online database and then we can contact law enforcement and perhaps bring someone to justice and rescue an abused child. To help on this unit you need to have cropping ability - in other words the ability to take a jpg image and cut out the child's face and make a new jpg out of it. NB For legal reasons the FACE UNIT accepts only volunteers 18 years old and above. You may like to know that this work follows guidelines given to us by Federal Authorities. This is pioneering work! YOU can help us! Contact me if you are inspired to assist us. The FACE database will open at our main site at the beginning of January. **************************************************************** ---- Excerpt Ends ---- I feel such a database would be a case of "double victimization" -- that someone who was the victim of child pornography would not want pictures of their faces openly distributed. No one I've spoken to thinks this is a good idea. In an exchange of e-mail, Gabriel Hatcher (gabriel@cyberangels.org) politely disagreed, suggesting that their project would identify children who are currently being abused and thus rescue/save them from suffering. He's heard nothing but positive feedback, and is working with various law enforcement officials to make sure the project is done properly. ------------------------------ Date: Mon, 17 Feb 1997 17:48:03 -0600 (CST) From: Jim Davis Subject: Fle 2--FYI: "Contributory copyright infringement" ----- Date--Sun, 16 Feb 1997 00:15:27 -0600 (CST) From--Netiva Caftori This is a report David Loundy from CPSR Chicago prepares for a committee which he chairs. fyi Netiva Caftori, DA (CS dept) e-mail--n-caftori@neiu.edu /\/\/\/\/\ Northeastern Illinois Univ. http://www.neiu.edu/users/uncaftor/home.html Date--Sat, 15 Feb 1997 14:42:14 -0500 From--"David J. Loundy" The Law Office of David J. Loundy 465 Pleasant Avenue Phone: (847) 926-9744 Highland Park, Illinois Electronic Mail: David@Loundy.com 60035-4909 World Wide Web: http://www.Loundy.com/ ISBA INTELLECTUAL PROPERTY SECTION COUNCIL INTERNET LAW SUBCOMMITTEE REPORT February 13, 1997 Compiled by David Loundy A final decision has been reached in the Sega v. MAPHIA case. The court held that a BBS operator who ran a pirate bulletin board for the distribution of video games was guilty of contributory copyright infringement (though direct infringement was not proven), federal trademark infringement, California trade name infringement, and state unfair competition. In Sega Enterprises Ltd v. Sabella, in the Northern District of California, Sega was granted summary judgment on its claim of contributory copyright infringement by a BBS operator. The defendant's BBS was used for the uploading and downloading of pirated games on the BBS. Unlike in the Sega v. MAPHIA case, the Court denied summary judgment on a trademark infringement claim based on the system operator's claim that she was not aware of, and did not authorize, the use of Sega's trademark on the pirated games. Hallmark cards received a "cease and desist" letter as a result of its use of "E-Greetings," as a term for electronic cards marketed off its web site. Hallmark has filed a challenge with the U.S. Trademark Office over Greet Street's rights to use E-Greetings claiming the term "E-Greetings" or anything else prefaced with "e-" is not suitable for trademark protection. An Oklahoma court has denied journalism professor Bill Loving's request for an injunction against the University of Oklahoma. The University removed access on its public news server to all of the "alt.sex" hierarchy of usenet newsgroups after the group "Oklahomans for Children and Families" complained that the newsgroups contained illegal content. Legislation has been introduced in Maryland that would make it illegal to send "annoying" or "embarrassing" e-mail. It is similar to a bill currently working its way through the New York legislature. Another suit was filed against the Communications Decency Act. The webmaster of the "annoy.com" web site filed for a preliminary injunction against Janet Reno on Jan. 30. The suit specifically targets the "with intent to annoy" provision of the act, since that is what the web site is intended to do. The creator's intent is to create an online service that delivers scathing, anonymous postcards to public figures, as well as provide controversial commentary on "hot button" issues. One of the reasons behind the sites creation and accompanying lawsuit was the creator's frustration that all of the press surrounding the CDA focused on its attempts to protect minors, without addressing the impact on adult speech. Sen. Patrick Leahy introduced a bill that would repeal amendments to the Communications Act made by the CDA. In the mean time, 22 members of Congress filed an Amici Curiae brief with the Supreme Court in Reno v. ACLU in support of the Communications Decency Act (the brief is available at http://www.cdt.org/ciec/SC_appeal/970121_Cong_brief.html). In New York, U.S. District Judge Kimba Wood has issued a temporary restraining order against Richard Bucci, an anti-abortion activist who registered the domain name "plannedparenthood.com." Mr. Bucci registered the domain and set up a web site labeled as "Planned Parenthood's Home Page" from which he sold an anti-abortion book. Planned Parenthood Federation of America has sued Bucci alleging his use of the group's name constitutes trademark infringement. A Feb. 20 hearing on a motion for a preliminary injunction is scheduled. A U.S. District Judge in North Carolina has denied Gateway2000's motion for a preliminary injunction against gateway.com, Inc. for use of its domain name. Gateway2000 claims that use of the domain name gateway.com constitutes trademark infringement, trademark dilution, and predatory business practices. In Cardservice International, Inc. v. McGee, 1997 WL 16795 (E.D. Va. Jan. 17, 1996), Judge Clarke issued a permanent injunction against using cardservice.com or csimall.com as a domain name-- stating that the use of at least the cardservice.com name constitutes trademark infringement. It is worth noting that csimall.com in no way resembles the plaintiff's trademark, and was registered by the defendant to use to in "guerilla warfare" against the plaintiff. For the first time in a domain name case the judge also awarded attorneys' fees. The Internet Ad-Hoc Committee has released its final report on how the domain name system should be changed (available at http://www.iahc.org/). The report recommends the creation of seven new top-level domains, plus the creation of an international trademarks domain. It also advocates the creation of a trademark domain under each individual country's top level domain. The report also sets forth a plan that top level domain administration will be shared by multiple registrars, including the .com top level domain as soon as NSI's contract expires. The report calls for a non-mandatory 60 day publication period on all registered domain names. It also provides for a dispute resolution policy to be used for trademark conflicts (which will probably be somewhat ineffectual). In Heroes, Inc. v. Heroes Foundation, No. 96-1260, Judge Flannery found that the defendants web page, along with a Washington Post ad, which solicited charitable contributions from its location in New York constituted sufficient minimum contacts to allow the court to exercise jurisdiction in the trademark infringement action. The judge refused to hold that the web page alone was enough to confer jurisdiction-- pointing out some of the conflicting Internet jurisdiction cases. Suit has been filed in the United States District Court for the Western District of Pennsylvania by an Internet Service Provider against another ISP and some of its staff. The claim is that the service provider spammed the plaintiff and its users thereby violating Section 227(b)(1)(C) of the Telephone Consumer Protection Act-- the "junk fax" law. In Nevada, legislation has been introduced which would prohibit a sending unsolicited e-mail to solicit a person to purchase real property, goods or services unless the recipient has a pre-existing business relationship with the message sender. On February 3, 1997, Judge James L. Graham of the United States District Court for the Southern District of Ohio preliminarily enjoined Cyber Promotions, Inc. and its president, Sanford Wallace from e-mailing ads to CompuServe subscribers. The Court argued that while making available an e-mail account provides tacit approval to send e-mail to that account, Cyber Promo's use of the CompuServe system exceeded any tacit approval and therefore Cyber Promo's actions constitute a trespass to chattels. Cyber Promotions, Inc. has settled with America Online, in part because of having lost its fight against CompuServe. (In which the judge made some comments about the applicability of his decision to the AOL case.) According to a litigation attorney for AOL, Stanford Wallace (president of Cyber Promo) "agreed to the entry of an injunction restricting him to use only domains that could be blocked by AOL's Preferred Mail tool and which requires him to provide a viable remove option for AOL members, he dismissed all of his claims against AOL with prejudice and dismissed his appeal of the state action/First Amendment decision which was pending in the Third Circuit." America Online has had another 5 class action suits filed against it (bringing the total to 6) by customers who are unable to log on to the service due to busy phone lines caused by increased usage after AOL instituted a flat-rate pricing scheme. AOL settled with 36 state attorneys general who became interested in AOL's problems by promising to offer refunds, reduce advertising, hire more phone staff to handle cancellations, put a notice on any advertising already in the works that there may be some delays in logging on, and cap the subscriber base until its network infrastructure has been improved. A Florida mother is suing America Online, claiming it allowed a subscriber to distribute pornographic pictures of her son and two other boys to pedophiles. The suit alleges that AOL is breeding "a home shopping network for pedophiles and child pornographers." Others claim that the suit is analogous to suing New York for having pedophiles living in the city. The Executive Committee of the New York State Bar Association has adopted the bar association's opinion on the use of e-mail in attorney-client communications. The opinion states that "merely because a communication took place over e-mail, or by similar electronic means, it would not lose its privileged nature." The opinion (at http://www.nysba.org/committees/cplr/library/4547.html) does, however, state that there are some communications that would be too sensitive to trust to e-mail (such as communicating trade secrets or confessions). The Consumer Internet Privacy Protection Act of 1997 (H.R. 97) has been introduced in the House. The Act, among other things, provides that "an interactive computer service shall not disclose to a third party any personally identifiable information provided by a subscriber to such service without the subscriber's prior informed written consent." The 6th Circuit affirmed the dismissal of the indictment against Jake Baker (by a 2-1 vote). Jake Baker is the former University of Michigan student who posted a piece of "erotic fiction" on the Internet which described the sexual torture and murder of a classmate, who was mentioned by name. Jayne Hitchcock is suing the Woodside Literary Agency in New York federal court alleging that people at or affiliated with the agency electronically impersonated, harassed, and defamed her with what she describes as a scorched-earth slander campaign in retaliation for her attempts to warn others away from the agency. She received over 200 e-mail messages from a forged address. Her literary agent received forged e-mail, reporting to be from her, threatening to cancel her contract. Even a personal add was forged stating "Female International Author, no limits to imagination and fantasies, prefers group ma\cho/sadistic interaction including lovebites and indiscriminate scratches. . . . Will take your calls day or night." was posted to various places on the Internet-- listing Ms. Hitchcock's name, address, and phone number. The suit seeks $10 million in damages. An Internet scam has cost some Canadian victims up to $1,200 in phone bills. Web surfers are offered the opportunity to download free nude pictures from a web site, however, the people are told that they must download a "special image viewer" first. The "viewing" software, unbeknownst to most users, hangs up the modem from the user's local service provider and quietly reconnects the call to a number in Moldavia. Canadian police have ordered that all outgoing calls to the number in Moldavia be blocked. INTERNATIONAL The United Arab Emirates state-owned Emirates Telecommunications Corporation (Etisalat) has put into place national proxy servers which will route all Internet traffic and censor selected Internet sites which conflict with local moral values and traditions. Berlin prosecutors have filed charges against Angela Marquardt, a leader of Germany's reform communist Party of Democratic Socialism (PDS), for placing a link on her home page to the outlawed Radikal magazine. A Berlin prosecutor's office spokesman is quoted by Reuters as saying that "It is illegal in Germany to teach others how to commit a felony or to sanction a felony." Attorneys for the Australasian Mechanical Copyright Owners Society (AMCOS) and the Australian Music Publishers Association Limited (AMPAL) forced have shut down Internet archives of song lyrics and MIDI (Musical Instrument Digital Interface) files located at two Australian Universities (Monash University and the University of Western Sydney) to remove the material from sites at those schools. MISCELLANEOUS WebTV and OnCommand, Inc. have teamed up to provide Internet access in hotel rooms to business travellers. The companies claim that half of all business travellers already subscribe to an on-line service. UPS is making its database of digitized signatures available to anyone with a computer, modem, and package tracking number. You can download the software from the Internet and have your modem reconnect to an 800 number for access to the database. ------------------------------ Date: Mon, 10 Feb 1997 19:51:22 -0800 (PST) From: Daniel Brown Subject: Fle 3--Re: "Hacking Chinatown" > Re CuD - -"Hacking Chinatown" > > "Hacking Chinatown" > by > Richard Thieme This article agitates the long-abused word 'hack'. As I call myself a hacker, I wish to clean up this mess thoughoughly. I invite you to RTFM -- try reading the Jargon File (http://www.ccil.org/jargon). First of all, nothing I do which I call hacking is illegal, or frowned upon by security people. Some who read, say, alt.2600, are in another boat than I am. What do I call hacking? Here's an excerpt from the Unofficial alt.hackers FAQ: In short, hacking is about using available technology in a creative way to solve a problem. It can be a stupid problem and an ugly solution, as long as it is a new and creative solution. Hacking extends to all forms of technology, not just computers--using the thighbone of an antelope to bash in the head of another antelope was an excellent hack. As well, a 'hack' is often an object. A section of code could be an example, if you 'hacked it up'. I have a home-made headphone-to-"line in" converter (it's a headphone plug I put into my CD player, and soldered to it are "line in" wires for left and right sound that goes into my cassette/radio player), and I call that a mini hack. Do you get the idea? On a historical note, many crackers think the history of hacking begins the same as all hackers know it ... that TMRC at MIT (late 1950s) was the birthplace of curious techies who called themselves 'hackers', who found the TX-0, and worked on this first of the minicomputers, and their influence spread to places like the SAIL. Where the ideas diverge is that crackers, quite possibly from Levy's book named "Hackers" (1984), think that that culture died (quite possibly when MIT's ITS machine was shut down) and now the current "breed" of hackers are those who crack security. Wrong. How that definition arrived was by journalistic misuse of the work 'hackers', after some hackers who were curious about security got into the habit of cracking BBSs. (The first word used to defend against this misuse was to call people who did this 'worms'; this failed, and a couple years later, the term 'cracker' got started.) The original culture did not die per se; hackers still continued to thrive (there were other ITS machines, most notably at SAIL; micros were another interest). But this small minority of crackers within hackerdom got media attention, and soon the public's definition of hackers turned and took on approximately the same definition today. What do you get? People who call them hackers but never saw a minicomputer in their life, beleive IBM invented the PC, and think hacking is all about cracking. The culture that was spawned in MIT has a direct link to the real hacker culture of today. The interests have not really changed.. hackers still create their own Operating System (Linux comes to mind), still optimize code for speed, still find solutions to unique problems, .. you get the idea. I mean to say that cracking isn't "the current generation of hacking". The two are different, and I'm tired of one marring the validity of the other (cracking on hacking). Specific responses follow... > Hacking means tracking -- and counter-tracking -- and > covering your tracks -- in the virtual world. Hacking means > knowing how to follow the flow of electrons to its source and > understand on every level of abstraction -- from source code to > switches and routers to high level words and images -- what is > really happening. You make understanding the idea of abstraction a wizardly concept, which is bogus. > Hackers are unwilling to do as little as possible. Hackers > are need-to-know machines driven by a passion to connect > disparate data into meaningful patterns. Hackers are the online > detectives of the virtual world. > You don't get to be a hacker overnight. Actually, it's a lifestyle. You could develop hackish habits/ preoccupations (creating jargon, consuming curiosity, enjoying the accomplishment of something unheard of, ...), but never know these same qualities were common in a culture wich mades computers what they are now. (I mean that. The person to invent the PC was a hacker who decided to make a computer out of the Intel 4004, even though noone thought it would be possible. Some Linux hackers look to the Nintendo 64 with a similar inspiration -- a possible host for a Linux microkernel :) You *could* "make" yourself into a hacker, though. If you drive yourself crazy enough :-). > The devil is in the details. Real hackers get good by > endless trial and error, failing into success again and again. Wrong. This is characteristic of crackers, and is primarily useful for their art. (Should I dare call it so? Breaking into computers is *NOT* beautiful). Real hackers avoid tedium, and read the manual(s) and devise their hacks before making them. "Trial and error" is a facet of lacking brilliance. > Isn't it ironic that curiosity, the defining characteristic > of an intelligent organism exploring its environment, has been > prohibited by folk wisdom everywhere? Cracking does not involve intelligence. At most, it involves 5% cleverness spent on finding new exploits (that is, if the perpetrator has nothing to exploit first), and 95% dogged determination (spent on activities as garbaging). The mental capacity used for such skill aught to be garbage collected for helpful activities. Graduate high school, and go to a university where real hackers will teach you. > The endless curiosity of hackers is regulated by a higher > code that may not even have a name but which defines the human > spirit at its best. The Hacker's Code is an affirmation of life > itself, life that wants to know, and grow, and extend itself > throughout the "space" of the universe. The hackers' refusal to > accept conventional wisdom and boundaries is a way to align his > energies with the life-giving passion of heretics everywhere. And > these days, that's what needed to survive. You mean the Hacker Ethic? I always freely distribute my software (by either putting it in the Public Domain or giving it the GNU Copyleft). What about you? > We know we build on quicksand, but building is too much fun > to give up. We know we leave tracks, but going is so much more The Free Software Foundation is a collection of hackers that makes excellect freeware in alternative to proprietary tools. Much of their software is ancient in that it was created a long time ago (in computer historical terms, at least), but is still around today because it is always maintained. If you say "we build on quicksand", I don't doubt you talk about cracking, and it proves cracking is backwards, hacking is forwards. > To say that when we engage with one another in cyberspace we > are "Hacking Chinatown" is a way to say that asking questions is > more important than finding answers. We do not expect to find > final answers. But the questions must be asked. We refuse to do > as little as possible because we want to KNOW. You say that asking questions is more important than the answers. True, you can't seek something if you don't wonder about it (this true to hacking too), but real hacking delights in finding the answers (or the answers, depending on the purpose of the hack). I really tell you, cracker ideals are teenagerisms about technology. Hackers don't say thing in w!3rd w4yz, because there is no joy in that. It also goes against the logical use of the English language (you can't really hack if you can't think logically). Also, doing something in retaliation is illogical (ie, breaking into the IRS to find the auditing selection code, because the IRS refuses to release it) -- it isn't the Right Thing, which would be a) work out the problem, or b) forget it. There's a gulf of difference between hacking and the ecstatic feeling that hackers get when they circumvent a limitation or apply something brand new, and cracking which searches to satisfy a adolescent's problem (I say this in psychological terms; all stages of life have their problems to solve). If you want to be a hacker, read my .sig. But if you don't, please distinguish between the words 'hack' and 'crack'. ------------------------------ Date: Wed, 12 Feb 1997 20:41:26 -0500 From: Dave Banisar Subject: Fle 4--Coalition Letter on Privacy and Airline Security A HTML version of this is available at http://www.epic.org/privacy/faa/airline_security_letter.html February 11, 1997 Vice President Albert Gore, Jr. The White House 1600 Pennsylvanpia Ave, NW Washington, DC 20500 Dear Mr. Vice President, We are writing to you to express our views on the serious civil liberties issues raised by recent government activities in the name of airline security. These include recent orders issued by the Federal Aviation Administration, and also proposals recommended by the White House Commission on Aviation Safety and Security and the FAA Advisory Aviation Security Advisory Committee. Many of these proposals were developed in the highly-charged atmosphere following the still-unsolved crash of TWA Flight 800 and reflect a misguided rationale that something had to be done, no matter how marginal in value or violative of individual rights. We all feel strongly that air travel must be safe - nobody wants to feel that to set foot on an airplane or an airport is to take a substantial safety risk. However, basic civil liberties protected by the Constitution should not be sacrificed in the name of improving air safety, especially where the potential benefits are questionable. At the airport ticket counter, passengers check their luggage, not their constitutional rights. Identification One area of concern is a secret FAA order issued in August 1995 and apparently revised in October 1995. The FAA order purportedly requires airlines to demand government-issued photo identification from all passengers before they can board an airplane. It remains unclear whether a passenger must provide that identification and what discretion an airline has to allow, or refuse, any passenger to board if they refuse to provide identification or simply do not have any available. Americans are not required to carry government-issued identification documents. Any requirement that passengers show identification raises substantial constitutional questions about violations of the rights to privacy, travel, and due process of law. The Supreme Court has consistently struck down laws that interfere with the constitutional right to travel. The Court has also overturned laws in a variety of circumstances that require an individual to provide identification in the absence of any specific suspicion that a crime has been committed. In addition, it is unclear that requiring passenger boarding an aircraft to identify him or herself actually makes the people with whom they travel any safer. A bomber with a fake ID is just as effective as a bomber with no ID. We urge the FAA to withdraw its directive and to notify airlines that identification should not be requested for security reasons. At a minimum, the FAA should require airlines to post notices telling passengers that they cannot be denied boarding just because they fail or refuse to identify themselves. Computer Databases and Profiling Another major concern involves the proposed increased utilization of the practice of "profiling" passengers to determine whether they pose a security risk and should thus be searched. This would require the collection of personal information on passengers prior to their boarding a plane. Information that may be collected includes a picture or other biometric identifier, address, flying patterns with a particular airline, bill paying at a particular address, criminal records, and other information. This, and information gleaned from observing the persons with whom the passenger was traveling, would be fed into a computer data base that would be used to decide whether the passenger "fits the profile" and should be subjected to heightened security measures. Under this proposal, the checked luggage of people selected by the computer would be scanned by new sophisticated scanning devices. The risks to privacy are enormous and run not only to those who "fit the profile." For this system to be useful, it must apply to every person who might take a flight, i.e., to everybody. A new government dossier on everyone would have to be created, computerized, and made accessible to airline personnel. In addition, for the system to be useful, it would have to be linked to other data bases and constantly updated. Each time a person changes their address or takes another flight, or does anything related to the characteristics about them deemed significant by the profiling system, the government would track it. All of our experience with the creation and updating of such ever-changing data bases teaches us that the likelihood of inaccuracy at any given moment is high. The FBI, for instance, recognizes that data in its computer system of criminal records has an inaccuracy rate of 33 percent. Such inaccuracy would lead to both a breach of safety and to violations of the rights of innocent people. This proposal is a quick fix that won't fix anything. The proposal also violates a central principle of the Code of Fair Information Practices and the Privacy Act (5 U.S.C =A7 552a): information given to the government for one purpose ought not be used for other purposes without the consent of the person to whom it pertains. The use of criminal records in such a data base, particularly where those records include arrests that do not result in convictions, is particularly troubling. Profiling also frequently leads to discriminatory practices. Already, we have received numerous reports of discrimination against individuals and families with children who have been refused entry onto aircraft because their names appeared to be of Middle-Eastern origin. In the well publicized example of security guard Richard Jewel, reports indicated that the FBI profile led the police to unfairly target Mr. Jewel for the incident, even in the absence of other evidence. This incident vividly shows the limitations of basing a law enforcement decision on a profile. We urge the FAA and airlines to discontinue the use of passenger profiling. X-Ray Cameras We also view with concern proposals to install in airports new cameras which can depict highly detailed images of individuals' bodies under their clothes. Existing scanners, the development of which was partially funded by the FAA, already show a revealing and invasive picture of a naked body in high detail and the technology is likely to improve. This is clearly a search under the Fourth Amendment and is far more intrusive than a standard metal screening device. Passengers should not be subject to an "electronic strip search" in order to board an aircraft. To expose travelers' anatomies to the general public or even to selected (not by the victim of the unreasonably intrusive search) strangers is extremely embarrassing and shocking to the conscience. We urge the FAA to reject proposals to use body scanners capable of projecting an image of a person's naked body. Secrecy Much of the key decision-making surrounding these proposals has been shrouded by secrecy. The FAA has claimed that it is exempt from open government laws and has refused to release its directives on profiling and identification. Relevant meetings have been closed to the public or limited to participants who can afford to pay expensive fees. We urge the FAA to publish its directives and open all further decision making open to public scrutiny. Conclusion In conclusion, we believe that these proposals raise grave constitutional issues and are likely to produce only minimally beneficial results to improve airline safety. We urge the FAA and the advisory commissions to focus their efforts on improving security in a balanced and rational manner that is open to public scrutiny and consistent with constitutional rights. Sincerely, Houeida Saad American-Arab Anti-Discrimination Committee Greg Nojeim American Civil Liberties Union Maher Hanania American Federation of Palestine James Lucier, Jr., Director of Economic Research Americans for Tax Reform Aki Namioka, President Computer Professionals for Social Responsibility Lori Fena, Executive Director Electronic Frontier Foundation David Banisar, Staff Counsel Electronic Privacy Information Center Ned Stone Friends Committee on National Legislation Judy Clarke, President National Association of Criminal Defense Lawyers Kit Gage, Washington Representative National Committee Against Repressive Legislation Audrie Krause, Executive Director NetAction Sharisa Alkhateeb North American Council of Muslim Womem Simon Davies, Director General Privacy International Robert Ellis Smith, Publisher Privacy Journal Evan Hendricks, Chairman US Privacy Council and Publisher, The Privacy Times Enver Masud Executive Director The Wisdom Fund John Gilmore Civil Libertarian and co-founder, The Electronic Frontier Foundation ------- David Banisar (Banisar@epic.org) * 202-544-9240 (tel) Electronic Privacy Information Center * 202-547-5482 (fax) 666 Pennsylvania Ave, SE, Suite 301 * HTTP://www.epic.org Washington, DC 20003 * PGP Key http://www.epic.org/staff/banisar/key.html =20 ------------------------------ Date: Mon, 3 Feb 1997 16:50:24 -0500 (EST) From: "noah@enabled.com" Subject: Fle 5--BELLSOUTH CHALLENGES AT&T ACCESS CHARGE PROPOSAL (fwd) From -Noah ---------- Forwarded message ---------- Date--Mon, 27 Jan 1997 14:35:29 -0500 (EST) From--BellSouth BellSouth ............................................January 24, 1997 BELLSOUTH CHALLENGES AT&T ACCESS CHARGE PROPOSAL Background: AT&T told reporters Thursday that they will ask the Federal Communications Commission to slash the price they pay to local telephone companies for use of the local lines to deliver calls to businesses and home customers. The following response may be attributed to David J. Markey, BellSouth vice president governmental affairs. "As usual, AT&T is looking for a federally enforced free ride. "The Commission should ignore their rhetoric and the Congress should monitor this process closely. "At risk is the ability of the local telephone industry to maintain and improve the public telephone network. "AT&T wants the FCC to ignore our real costs. The AT&T analysis of what they think our costs ought to be is based on the so-called Hatfield model which has not been accepted by most state commissions. TELRIC prices an imaginary network and has been discredited by the noted economist, Alfred Kahn who points out that the TELRIC approach doesn't take into consideration the costs of maintaining the network or the costs of universal service. "Congress was told by the FCC that the so-called trilogy of proceedings interconnection, universal service and access charges) would result in a balanced implementation of the Telecommunications Act of 1996. We're still looking for that balance. "First the Commission ordered us to allow companies like AT&T to buy our service at half price through the "unbundled elements" scheme. Then they proposed a universal service regime that requires us to provide more services, like wiring inside school buildings for which we are not fully paid and now AT&T thinks we should give them another half-price ride on our network. "It's pretty clear that long distance oligopolists, offered the choice of leasing our service below cost or spending money to build their own local facilities, are choosing the cheap approach. At that rate, no one will build their own networks. So, the improvements Congress envisioned and the people were promised won't come. AT&T won't build it and we won't have the money to and we may not even have the money to maintain the network to the same high level customers have come to expect. Some potential facilities based competitors, like cable companies, have looked at the new and proposed rules and decided there's no way to pay for network improvements if AT&T can cream-skim all the business by just re-selling our service. "The commission needs to ignore AT&T's posturing and provide the balance they promised Congress." (A copy of Dr. Kahn's letter can be found at http://www.bellsouthcorp.com/headlines/bell_releases/97/jan/kahnltr.html) #### BellSouth is a $19 billion communications services company. It provides telecommunications, wireless communications, directory advertising and publishing, video and information services to more than 25 million customers in 17 countries worldwide. ## Internet users: For more information about BellSouth Corporation visit the BellSouth Webpage http://www.bellsouth.com BellSouth Corporation news releases dating back one year are available by fax at no charge by calling 1-800-758-5804, Ext. 095650. For information: Bill McCloskey 202-463-4129 ------------------------------ Date: Thu, 15 Dec 1996 22:51:01 CST From: CuD Moderators Subject: Fle 6--Cu Digest Header Info (unchanged since 13 Dec, 1996) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: cu-digest-request@weber.ucsd.edu DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (860)-585-9638. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown) In ITALY: ZERO! BBS: +39-11-6507540 In LUXEMBOURG: ComNet BBS: +352-466893 UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/CuD ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #9.09 ************************************