########## ########## ########## | QUESTION TECHNOLOGY:| ########## ########## ########## | Information Age Fallacies| #### #### #### | | ######## ######## ######## | OLD SCAMS IN NEW BOTTLES:| ######## ######## ######## | Computer Crime Now| #### #### #### | | ########## #### #### | ANS & CIX to Interconnect| ########## #### #### | | =====================================================================| EFFector Online June 9, 1992 Issue 2.10| A Publication of the Electronic Frontier Foundation | ISSN 1062-9424 | =====================================================================| ANS CO+RE and CIX Agree to Interconnect Elmsford, NY . . . ANS CO+RE Systems, Inc., (ANS) and the Commercial Internet Exchange (CIX) have announced that they will interconnect for a provisional period in order to increase connectivity among their clients and members. During this period they will continue to work together on technical issues and equitable arrangements that could lead to a permanent interconnection. ANS operates a high-speed, nationwide data network (ANSnet) supporting research, education and business. The ANSnet interconnects with 17 other networks that carry commercial data, as well as data related to research and education. The CIX is an association of seven networks that carry commercial traffic. By signing an agreement with ANS and by joining the CIX, midlevel networks will be able to exchange commercial traffic with other CIX members via the ANS network. ANS is not becoming a member of the CIX at this time. During the provisional period of interconnectivity, the CIX and ANS will co-sponsor a workshop, which will include other commercial networking service providers, to develop a framework conducive to the rapid expansion of the Commercial Internet. Among the issues to be addressed in the workshop sessions are the potential methods for permanently interconnecting network service providers and for managing all related issues associated with interconnection. Both ANS and the CIX have agreed to forego any cross payments during the provisional period. In commenting on the agreement, ANS President and CEO Al Weis stated, "The CIX and ANS have taken a step forward in addressing some of the challenges that face our industry. Providing a means for CIX members and ANS clients to exchange commercial traffic has been an important issue to the networking community. Today's announcement is the result of negotiations that include input from many members of this community, especially the New England Academic and Research Network (NEARnet), whose ideas were instrumental in bringing about the final agreement. I am hopeful that our efforts will help broaden interconnectivity and begin to establish a framework for the evolution of the Commercial Internet." Mitch Kapor, Chairman of the CIX, said, "In taking this significant step, we enable greater freedom from content restrictions on the Internet. This agreement stands as an example that the private sector can achieve the important goal of strengthening the openness of our nation's information and communications infrastructure on a cooperative basis, without the necessity of government regulation." CONTACTS: June 8, 1992 Susan Eldred (ANS) 914-789-5339 eldred@ans.net Mitchell Kapor (CIX) 617-864-1550 mkapor@eff.org -==--==--==-<>-==--==--==- Around the Virtual Town Notes by van@eff.org With the advent of June weather in Cambridge its time to see what has been happening in the EFF office and out on the Net in the past few weeks. Mitchell Kapor has been trying, with some success, to cut back on his hectic schedule of meetings for and speeches about EFF and its activities to groups around the country. But as this domestic schedule begins to lessen, he is preparing for an extended trip to Japan at the middle of this month. In Japan, Kapor will meet with key people in telecom. He just finished an online stint at EFFSIG, the new EFF Forum on CompuServe, fielding CIS users questions and comments. The Washington office continues to take on more and more projects. A large part of the effort of Berman and Company is the development of the EFF Open Platform proposal for making digital voice, data, and video communications possible on public switched telephone, cable and other networks using technologies like ISDN as a transition to fiber optics. Another item at the top of Washington's agenda is continued coalition building among industry and public-interest groups to oppose the FBI's digital telephony proposal; a proposal with could slow down the development of advanced communications technology as well as threaten the privacy of groups and individuals. EFF has also testified against HR191, legislation which would allow the government to copyright software developed by the government and which could impede public access to government information. With the able assistance of Shari Steele, Daniel Weitzner, Andrew Blau and Craig Neidorf, the Washington office is also keeping up with filings and motions and general tracking of issues such as business rate charges for home BBS services, 900 number legislation, video dialtone, common carriage, and first amendment questions. In their spare time, the Washington office discuss current electoral politics, and win bets on primary outcomes from Cambridge staff members. John Barlow, as if he didn't have enough to do in Cyberspace, has just been made a member of the Board of Directors of the Whole Earth 'Lectronic Link (The WELL) at a crucial moment in that system's evolution. EFF/Publications recently finished the first issue of our members newsletter, "@eff.org" and are working on the second for later this month. This publication is mailed to the "formal" members of EFF to keep them apprised of what the various people here are doing. We will be publishing this short newsletter monthly, so if you are an EFF member, look for it in a non-virtual mailbox near you soon. We have also just produced an update of the EFF General Information brochure, as well as new pamphlets such as CRIME & PUZZLEMENT by John Barlow, and BUILDING THE OPEN ROAD by Mitchell Kapor and Jerry Berman. All of these are free for the asking by writing to us here in Cambridge. Adam Gaffin, the writer of The EFF Guide to the Net has been bombarding us with chunks of copy for weeks now. It looks like we have that rarest of all book projects, one that is ahead of schedule. We still have a long way to go however. Look for this in the late Fall at the earliest. Print is slow you know. Also in pre-production is the next issue of EFFECTOR, our main printed journal designed to present longer articles. EFFECTOR 3 will be in magazine format and will feature such writers as Howard Rheingold, John Barlow, Mike Godwin and others. The topics will range from "Innkeeping in Cyberspace" to a "History of Women on the Internet" as well as an interview with Cliff Figallo, departing manager of the WELL. It will also be illustrated (sorry, no color as yet). In keeping with EFF policy, this will be available as a PostScript file via ftp. So look for it around the end of July. Chris Davis and Helen Rose keep expanding and improving our Internet node, eff.org, in so many ways that it is impossible to track them. Recent improvements are the expansion of our WAIS archive (Yes, Virginia, EFF is a WAIS site), and overseeing the installation of a new 56kbps line to the Washington Office to enhance communication. They are also continually tweaking the Sun SPARC stations in order to handle EFF's ever increasing ftp load smoothly and transparently. In addition, they keep up with a mail load that would sink the U.S. Post Office and handle IRC! If you are going to USENIX next week, the dynamic duo will be there representing the EFF at the BOF and in the halls. Look for them. They'll be wearing EFF t-shirts and probably looking for a place to jack their Powerbooks into the Net in order to login and read mail. Mike Godwin, Staff Counsel, is currently hiding out for the first part of the day studying for the Massachusetts Bar. During his remaining 30 minutes of consciousness, he is also managing to be among the top 25 posters to USENET, *and* carry on discussions on CompuServe and the WELL at the same time. Mike is already a member of the bars of Texas and Washington, D.C. Last month, he made a trip to New York and spoke to the NYACC on civil-liberties and the new technologies (see below). Rita Rouvalis? Rita has taken a vacation break from all this and is currently spelunking in various caves near St. Louis. She still logs in and checks her mail twice a day from down there. No, we don't know how. -==--==--==-<>-==--==--==- GOLDEN THREAD OF THE MONTH AWARD TO: >>>There's no modem tax being proposed. It's a myth. -- Cliff Stoll (stoll@ocf.berkeley.edu) >>But isn't there supposed to be an FCC-imposed tax on postings mentioning >>Craig Shergold? -- Mike Godwin (mnemonic@eff.org) >No, it's on the cookies you buy at Neiman-Marcus. Be sure to ask for >the recipe. -- Ed McCreary (mccreary@sword.eng) Prodigy tried to replace one of my spreadsheet files with the cookie recipe, but the virus in my laser printer stopped it. -- James Davies (jrbd@craycos.com) from comp.org.eff.talk -==--==--==-<>-==--==--==- OLD SCAMS IN NEW TECHNOLOGIES: A Discussion Before the New York Amateur Computer Club On May 15, Mike Godwin, staff counsel of the EFF, and Donald Delaney, Senior Investigator New York State Police, discussed the advent of organized crime in cutting-edge computer crime. The discussion, moderated by Newsbytes, John McMullen, took place before a meeting of the New York Amateur Computer Club. To open the discussion, McMullen reflected that at a previous appearance before the NYACC in 1991, Delaney had called for: 1. An effort by law enforcement to increase public awareness of computer crime. 2. Increasing education of law enforcement officers in the technological aspects of the new media. 3. The establishment of a New York State Computer Crime Lab. McMullen noted that, in the main, all of these items on Delaney's 1991 agenda had been fulfilled. McMullen went on to remark that PBX & Cellular Phone Fraud, mounting privacy concerns, and the wiretapping and encryption controversies had largely replaced the previous year's concerns. In response, Delaney agreed with McMullen's general assessment and noted that "carding" of goods -- the buying of equipment with stolen credit cards or credit card numbers -- had become much more prevalent as well. More significant, Delaney said, was the explosion in "call-sell" operations. These crimes, where international calls are placed for a "fee," and which use a private company's PBX exchange illegally to do so, have become the most widespread and lucrative form of computer crime today--so lucrative and relatively risk-free, he noted, that many drug- pushers are moving into the business. This impression was bolstered by the fact that one of Delaney's 1991 phone-fraud arrestees had recently been found murdered. Delaney believes that he may have been killed for trying to operate a call-sell operation in an area of New York City felt to be under the control of an Colombian mob-run phone-fraud operation. Delaney predicted that PBX fraud will continue to grow and to vex companies for as long as companies using PBX systems fail to understand the security problems and to correct them. Mike Godwin, in his portion of the discussion, drew attention to the fact that, without greater recognition of the uniqueness of BBS and conferencing systems, legislators seeking to reduce PBX-related crime and other telecommunications fraud may make decisions affecting BBS systems through misunderstandings. Godwin made a distinction between telephone conversations which are one-to-one (except for conference calls, which are often ineffective and inefficient), newspaper and broadcast media which are one-to-many, and BBS systems which are many-to-many. "We are concerned," he said, " that law enforcement will respond to the challenges of this new technology in inappropriate ways. For example, the FBI and Justice Department in the recent 'Digital Telephony' Initiative have requested that phone companies be *required* to provide law enforcement with a method of wire-tapping, arguing that technological developments that make present methods less effective." "Such a procedure would, in effect, make the phone companies part of the surveillance system. We don't think that is their job. The EFF believes that it is up to law enforcement to develop their own crime-fighting tools. When the telephone was first developed it made it more difficult to catch crooks. They no longer had to go to known criminal hangouts to conspire to commit crimes; they could do it by telephone. The government responded to this problem by resorting to wiretapping." It is appropriate for law enforcement to bear the burden of coming up with new ways to investigate crimes if technology threatens to make old ways obsolete, Godwin said. Godwin cited the recent conviction of John Gotti as a case in which law enforcement had innovated in response to Gotti's refusal to use his wiretapped phones for important conversations. In that case, he said, law-enforcement agents bugged the lampposts along the street where Gotti walked as he consulted with his subordinates. Godwin also spoke briefly concerning the on-going debate over encryption. "The government," he said, "through various agencies such as NSA, keeps attempting to restrict citizens from cloaking their computer files or messages in seemingly unbreakable encryption. The EFF believes that people have rights to privacy and, should they wish to protect it by encrypting computer messages, have a perfect right to do so." The last speaker of the evening was Bruce Fancher, owner of MindBox, a commercial BBS in New York. His remarks told of his early experience as a "hacker". Fancher asked the audience to understand that these individuals, even if discovered inside a computer system, were not computer terrorists with malign intentions, but explorers. Following these presentations there was a question-and-answer period. In response to one question, Delaney suggested that a method of resolving the debate over who should hold the keys to encrypted messages was to allow a third party -- such as an insurance company or a bank -- to maintain the keys for those using encryption. An official seeking to read an encrypted message would have to get a court order to obtain the key and read the documents in question. Godwin disagreed with this saying that such a third party and its system would become a high-profile target for "crackers". It was not, he said, in the best interest of the country to add yet another level of complexity and bureaucracy to the problem. -==--==--==-<>-==--==--==- Fifty Ways to Hose Your Code ----- ---- -- ---- ---- ---- Kind of by Paul Simon The problem's all inside your code she said to me; Recursion is easy if you take it logically. I'm here to help you if you're struggling to learn C, There must be fifty ways to hose your code. She said it's really not my habit to #include, And I hope my files won't be lost or misconstrued; But I'll recompile at the risk of getting screwed, There must be fifty ways to hose your code. Just blow up the stack Jack, Make a bad call Paul, Just hit the wrong key Lee, And set your pointers free. Just mess up the bus Gus, You don't need to recurse much, You just listen to me. She said it grieves me to see you compile again. I wish there were some hardware that wasn't such a pain. I said I appreciate that and could you please explain, About the fifty ways. She said why don't we both just work on it tonight, And I'm sure in the morning it'll be working just right. Then she hosed me and I realized she probably was right, There must be fifty ways to hose your code. Just lose the address Les, Clear the wrong Int Clint, Traverse the wrong tree Lee, And set your list free. Just mess up the bus Gus, You don't need to recurse much, You just program in C. --by Miles Deforest (deforest@sundae11.dab.ge.com) and Al Pena -==--==--==-<>-==--==--==- TECHNO-FALLACIES OF THE INFORMATION AGE Gary T. Marx Department of Sociology Massachusetts Institute of Technology Cambridge, Massachusetts New information technologies are breaking the boundaries of time and space, and are bringing with them far-reaching changes in the way information is gathered, accessed, and disseminated. While holding much promise, it is also important to be aware of the background assumptions that often accompany the advocacy and introduction of new technologies. In particular, it is critical to examine the broader cultural climate, the rationales for action, and the empirical and value assumptions surrounding the introduction and widespread adoption of a technology. Academic analysts try to offer theories, concepts, methods, and data, and also, hopefully, wisdom. A part of the wisdom arises in being able to identify and question the web of tacit assumptions that underlie action. As an ethnographer, I watch and listen. When it comes to technology, I sometimes hear things that seem empirically, logically, or normatively wrong, much as a musician knows that certain notes are off key: "Turn the technology loose and let the benefits flow"..."Do away with the human interface"..."When you choose to make a phone call, you are consenting to have your telephone number released"..."Only the computer sees it"..."Those of us who are involved in consumer marketing are the best agents for protecting the consumer's privacy"..."That's never happened"..."The public interest is whatever the public is interested in watching"..."There is no law against this"..."The technology is neutral." There are a number of assumptions underlying assertions like these. If we are to use emergent technology to best serve human needs in a democratic society, it is important we be on guard against what can be called "tarnished silver-bullet techno-fallacies". Following are a number of these information-age leaps in logic of which we must be aware, and against which we must guard. 1. The fallacy of assuming that only the guilty have to fear the development of intrusive technology (or, if you've done nothing wrong, you have nothing to hide). 2. The fallacy of the free lunch or "painless dentistry" in which it is assumed that information technology offers cost-free solutions. 3. The legalistic fallacy of assuming that the only criterion that ought to guide the use of technology is whether or not the law permits it. 4. The fallacy of assuming that pragmatism and/or efficiency should automatically overrule other values such as fairness, equity, external costs imposed on third parties, and symbolic meaning. 5. The fallacy of lowest common denominator morality, in assuming that if the competition or others push moral limits, you are justified in doing the same. 6. The fallacy of assuming that personal information on customers, clients, and cases possessed by an organization is a kind of property, to be bought and sold just like office furniture or raw materials. 7. The fallacy of assuming that because our privacy expectations are historically determined and relative, they must necessarily become weaker as technology becomes more powerful. 8. The fallacy of technical neutrality. (George Orwell's response to the assertion that technology was neutral--"so is the jungle"--is applicable here). 9. The fallacy of implied consent and free choice (For example, some phone company officials claim that if you choose to make a call you have consented to have your phone number released. You thus are encouraged to protect your privacy by not using the phone. But that's like saying if you breathe polluted air or drink contaminated water, you consent to these). 10. The fallacy of believing that because it is possible to successfully skate on thin ice it is acceptable to do so. We should not have to wait for a disaster to occur before concluding that some uses of information technology are simply too risky to be adopted. 11. The fallacy of assuming that the means will never determine the end. There is a danger of starting with the technology and asking what can it be used for, rather than starting with goals and asking how can they best be achieved. 12. The fallacy of perfect containment (or, technology will always remain the solution rather than become the problem). 13. The fallacy of assuming that if a critic questions the means, he or she must also be against the ends. With respect to information gathering technology, we are now in the twilight that Justice William O. Douglas wrote about when he argued that the protection of our basic values is not self-executing, and that "As nightfall does not come at once, neither does oppression. In both instances, there is a twilight when everything remains seemingly unchanged. And it is in such twilight that we all must be most aware of change in the air--however slight--lest we become unwitting victims of the darkness." One could as well argue that we are in a sunrise zone and that we must be aware of change in the air in order to insure that we all profit from the sunshine. But for this to happen, the technology must be bounded by increased public awareness, responsible corporate and government behavior, and new laws and policies framed to ensure individual freedoms and protect individual rights. * * * * * * * * This essay is based in part on the author's article "Technology and Privacy" that appeared in The World and I, September, 1990 issue, pp. 523-541. Other recent publications by the author touching these and related themes include "The Case of the Omniscient Organization", Harvard Business Review, 90(March/April, 1990): 12-30; Undercover: Police Surveillance in America, Berkeley: University of California Press, 1988; and "Monitoring on the Job" (with S. Sherizen), Technology Review, 89(November/December, 1986): 62-72. -==--==--==-<>-==--==--==- ELECTRONIC FRONTIER FOUNDATION OFFERS T-SHIRTS For a $10 donation, EFF will send you a spiffy 100% cotton white T-shirt with the new black and red EFF logo tastefully displayed on front, and the following on the back: ELECTRONIC FRONTIER FOUNDATION eff@eff.org (50's style graphic with large building sitting on world) Serving Cyberspace since 1990 These are the very same hot t-shirts that sold quickly at CFP-2! They come in sizes XL and child's S only. Send your $10 check or money order to The Electronic Frontier Foundation ATT: Rita T. Shirts 155 Second Street Cambridge MA 02141 "What a DEAL! People will be hard-pressed to find a shirt of the same quality with such fantastic silk-screening for less than $20 in any T-shirt store in the country. (You can quote me on that.)" -- Brendan Kehoe upon receiving his shirt. *** Mention that you are an EFFector Online reader, and we will *** waive all shipping and handling charges! (We'll also do this if you *don't* mention you're an EO reader.) -==--==--==-<>-==--==--==- MEMBERSHIP IN THE ELECTRONIC FRONTIER FOUNDATION In order to continue the work already begun and to expand our efforts and activities into other realms of the electronic frontier, we need the financial support of individuals and organizations. If you support our goals and our work, you can show that support by becoming a member now. Members receive our quarterly newsletter, EFFECTOR, our bi-weekly electronic newsletter, EFFector Online (if you have an electronic address that can be reached through the Net), and special releases and other notices on our activities. But because we believe that support should be freely given, you can receive these things even if you do not elect to become a member. Your membership/donation is fully tax deductible. Our memberships are $20.00 per year for students, $40.00 per year for regular members. You may, of course, donate more if you wish. Our privacy policy: The Electronic Frontier Foundation will never, under any circumstances, sell any part of its membership list. We will, from time to time, share this list with other non-profit organizations whose work we determine to be in line with our goals. But with us, member privacy is the default. This means that you must actively grant us permission to share your name with other groups. If you do not grant explicit permission, we assume that you do not wish your membership disclosed to any group for any reason. ---------------- EFF MEMBERSHIP FORM --------------- Mail to: The Electronic Frontier Foundation, Inc. 155 Second St. #210 Cambridge, MA 02141 I wish to become a member of the EFF I enclose:$__________ $20.00 (student or low income membership) $40.00 (regular membership) $100.00(Corporate or company membership. This allows any organization to become a member of EFF. It allows such an organization, if it wishes to designate up to five individuals within the organization as members.) | I enclose an additional donation of $___________ Name:______________________________________________________ Organization:______________________________________________ Address: __________________________________________________ City or Town: _____________________________________________ State:_______ Zip:________ Phone:( )_____________(optional) FAX:( )____________________(optional) Email address: ______________________________ I enclose a check [ ] . Please charge my membership in the amount of $_____________ to my Mastercard [ ] Visa [ ] American Express [ ] Number:____________________________________________________ Expiration date: ____________ Signature: ________________________________________________ Date:______________________ I hereby grant permission to the EFF to share my name with other non-profit groups from time to time as it deems appropriate [ ] . Initials:___________________________ =====================================================================| EFFector Online is published by | The Electronic Frontier Foundation | 155 Second Street, Cambridge MA 02141 | Phone:(617)864-0665 FAX:(617)864-0866 | Internet Address: eff@eff.org | Reproduction of this publication in electronic media is encouraged | To reproduce signed articles individually, | please contact the authors for their express permission. | =====================================================================| REMEMBER:Only *you* can prevent more postcards to Craig Shergold! Downloaded From P-80 International Information Systems 304-744-2253