Date: Sat, 05 Jun 93 15:11:35 EST
Errors-To: Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>
From: Computer Privacy Digest Moderator <comp-privacy@PICA.ARMY.MIL>
To: Comp-privacy@PICA.ARMY.MIL
Subject: Computer Privacy Digest V2#049
Computer Privacy Digest Sat, 05 Jun 93 Volume 2 : Issue: 049
Today's Topics: Moderator: Dennis G. Rears
PowerBop, the first cordless notebook
Re: California ID Requirement
Did they have an address for Hillary?
Even the White House Discovered the risks!
california id
NIST CSSPAB 6/4/93 Resoluti
Re: Retaliatory Crimes
The Computer Privacy Digest is a forum for discussion on the
effect of technology on privacy. The digest is moderated and
gatewayed into the USENET newsgroup comp.society.privacy
(Moderated). Submissions should be sent to
comp-privacy@pica.army.mil and administrative requests to
comp-privacy-request@pica.army.mil.
Back issues are available via anonymous ftp on ftp.pica.army.mil
[129.139.160.133].
----------------------------------------------------------------------
From: jbcondat@attmail.com
Date: 31 Dec 69 23:59:59 GMT
Subject: PowerBop, the first cordless notebook
Apple European R&D extends mobile computing
with wireless communications
Paris La Defense, June 4, 1993--With PowerBop, the first notebook
integrating cordless communications technology, recently launched in
France, Apple European R&D extands mobile computing and enhances
communications capabilities. PowerBop, the newest model of the popular
PowerBook series, offers the highest degree of autonomy on the notebook
computer market today.
The ongoing technical cooperation between Apple European R&D Centre based
in Paris, and France Telecom, the French PTO operator resulted in the
integration of radio capabilities with notebook computers making it
possible to connect them to Telepoint services. Telepoint is expanding
more and more in Europe and uses the most affordable wireless technology
available today.
Apple European R&D focuses primarily on modems, on telecommunications in
mobile computers and on products that comply with OSI (Open System Inter-
connection) standards.
PowerBop: A new dimension in communications freedom
+---------------------------------------------------
PowerBop brings notebook users an added dimension of freedom, above and
beyond the inherent benefits of Apple's popular PowerBook models. The
PowerBop contains a radio modem conform to the CT2 Telepoint standard in
accordance with the Common Air Interface (CAI), adopted in June 1991 on an
European level. The CT2 standard allows a new generation of personal
telephones. Their owners are able to use them in public places in large
cities, at home as a traditional cordless phone and in the office via PBX
extensions.
Within the PowerBop, the radio modem CT2 provides the ability to connect
it to a full range of communications services, at any time, from any place
that is located between 20 and 500 meters from the base station of the
Pointel network "Bi-Bop", launched by France Telecom in Paris and
Strasbourg on April 22,1993. These services include: access to the France
Telecom videotex service "Minitel", message and file exchange, fax
transmission, access to servers and databases.
Thanks to the low energy consumption of the CT2 technology, the PowerBop
retains its 1 - 1/2 to 2 hours of endurance when the wireless modem is
being used.
The PowerBop features all the advantages of the PowerBook 180, Apple's
high-end notebook. The internal floppy disk drive is replaced by the CT2
modem which means that users do not need to carry any additional equipment
to communicate via the telepoint network. An external floppy disk drive is
supplied as a standard accessory.
Like the Bi-Bop pocket phone designed and developped by France Telecom, the
Apple PowerBop has a small antenna which folds into a special slot.
The Express Modem provided as standard equipment inside the PowerBop,
offers a full range of communications functions:
* access to one of the 15,000 Minitel services;
* fax transmision (reception will be available on the French
network from Septembre 1993);
* data transmission from 300 to 14,400 bps.
The Express Modem can either be connected directly to a telephone line or
use the Bi-Bop network for wireless communications up to 9,600 bps.
Digital Cordless Market
+-----------------------
European operators view telepoint as a mass market application for wireless
telephones. At the present time, no European country offers a nationwide
commercial telepoint service. However there are currently a number of
networks of this type spreading out. Mainly, in the UK, Netherlands,
Finland and Belgium.
In other parts of the world, others such developments are under way, in
Asia, Australia, Canada and the United-States.
On the sales side, it appears that all the operators have a common desire
to implement a pricing structure to allow this technology to be affordable
for a consumer market.
France Telecom's new Bi-Bop service
+-----------------------------------
France Telecom took a leading role in the development of European telepoint
services. On April 22, France Telecom launched the Bi-Bop cordless digital
pocket phone in Paris. The system which employs the CT2 cordless standard,
sets up a digital radio link between the Bi-Bop terminal and a public or
home base station.
The Bi-Bop service covers three main types of use:
* Public use: Bi-Bop subsribers can call anywhere in the world from
major cities, starting with Paris and Strasbourg. The network is
designed to cover major thoroughfares and public places. Today, some
3,000 base stations (4,000 by fall 1993) span Paris and the greater
Paris area (Ile-de-France) and the network will be progressively
extended to other areas. Starting in September 1993, subscribers will
also be able to receive calls, and PowerBop notebook users will have
fax reception capacities;
* With a private home base station connected to a standard telephone
outlet, the PowerBop is transformed into a high-performance mobile
computing tool allowing one to access all private communications
services;
* Wireless PBXs are available to companies, allowing PowerBop users
anywhere at a site, for example, to benefit from the same computing
environment as if the user was at his desk. The PowerBop can also
become a mobile fax terminal.
Availability
+------------
The PowerBop will be available through certified Apple Computer France
distributors in June 1993.
PowerBop owners must have a special telephone subscription with France
Telecom.
Nota Bene
+---------
At this time, I am in a luxurous cafe on the Champs-Elysees in Paris in
holidays and I send this note to _Computer Privacy Digest_ with my PowerBop
without any problem...
+----- -----+
Jean-Bernard Condat
General Secretary
Chaos Computer Club France, B.P. 155, 93404 St-Ouen Cedex, France
Private Address: P.O. 8005, 69351 Lyon Cedex 08, France
Phone: +33 1 40101764, Fax: +33 1 47877070
InterNet: jbcondat@attmail.com or cccf@altern.com
------------------------------
Date: Thu, 3 Jun 93 17:39 PDT
From: John Higdon <john@zygot.ati.com>
Organization: Green Hills and Cows
Subject: Re: California ID Requirement
Susanna Elaine Johnson <sej3e@kelvin.seas.virginia.edu> writes:
> What the police do now is cite you under Section 148(a) of the
> California Penal Code (Resisting arrest or obstructing or
> delaying a peace officer in the lawful (sic) performance of hs
> duty). This is a jailable offence.
But then there would have to be an arrest in progress for some
identifiable infraction. I cannot imagine that the court would allow
any kind of "circular" police action. The original probable cause could
not be related to the person's lack of ID. Walking along a street is
not much probable cause for anything.
> If you also do not have
> the required amount of cash money ($50.00) on you at the time of
> arrest you will be cited for also violating Section 647(g) of the
> California Penal Code, in that you are a vagrant "Without visible
> means of support and/or sufficient funds to support a legal
> lifestyle".
This is incredible! There are no doubt countless people who are out and
about without $50 on them. In urban California particularly, you are a
fool to carry more than $20 in cash on your person, unless you enjoy
funding low-life-mugging scum. Ironically, a number of people I know
purposely do not carry money, credit cards, or identification so as not
to provide a reward for urban misfits--necessary because the police are
powerless to correct the situation.
So $50 is what makes one a "legal" person. Interesting.
--
John Higdon | P. O. Box 7648 | +1 408 264 4115 | FAX:
john@ati.com | San Jose, CA 95150 | 10288 0 700 FOR-A-MOO | +1 408 264 4407
------------------------------
Date: Fri, 4 Jun 1993 04:00:00 -0400 (EDT)
From: "Tansin A. Darcos & Company" <0005066432@mcimail.com>
Subject: Did they have an address for Hillary?
From: Paul Robinson <TDARCOS@MCIMAIL.COM>
Organization: Tansin A. Darcos & Company, Silver Spring, MD USA
-----
Someone wrote me to ask:
> Thank you for relaying information concerning the high-tech
> White House. Did they have an address for Hillary? I can't
> imagine her suffering first.lady@whitehouse.gov. Seriously,
> I need to get to her press secretary
I wanted to see if there was anything:
% telnet
telnet> open whitehouse.gov 25
Trying 198.137.240.100 ...
Connected to whitehouse.gov.
Escape character is '^]'.
220 SMTP/smap Ready.
helo
250 Charmed, Im sure.
vrfy hillary
250 <hillary>
"250" in this case, is an "ok" indicating the mail-server receiving
the request considers the address to be valid. So try that, then:
hillary@whitehouse.gov
That will probably go to one of the clerks that handles her
correspondence.
-----
Paul Robinson -- TDARCOS@MCIMAIL.COM
------------------------------
Date: Fri, 4 Jun 1993 20:21:12 -0400 (EDT)
From: "Tansin A. Darcos & Company" <0005066432@mcimail.com>
Subject: Even the White House Discovered the risks!
From: Paul Robinson <TDARCOS@MCIMAIL.COM>
Organization: Tansin A. Darcos & Company, Silver Spring, MD USA
-----
After posting the message about the White House E-Mail system, someone
asked if there was an address for Mrs. Clinton, e.g. Hillary. I tried
calling up the White House SMTP port and seeing if a "hillary" was a valid
adddress. The SMTP gateway gave a 250 ("ok") response in request to the
command "VRFY hillary".
More than a half dozen people pointed out to me that the SMTP gateway at
WHITEHOUSE.GOV would accept *anything* for a VRFY address. One guy noted
that the server gave the following response:
vrfy h.ross.perot
250 <h.ross.perot>
I guess they wanted to preserve PRIVACY of the people there (and as
someone pointed out to me, knowing who is on the Whitehouse E-Mail system
might be a National Security Risk).
But the kicker is that even the White House saw the risks involved,
because within a day after I reported what I had tried for the alleged
E-Mail address "hillary" the SMTP gate there no longer accepts
VRFY requests!
But they still don't have it right; reports from people who who sent me
capture buffers show that a refused VRFY request should return
code "550 Access Denied to You" but instead is returning code
"500 Syntax Error".
[Moderator's Note: As a moderator of this list as well as running an
exploder list for the RISKS digest for the MILNET/Government subscribers
I check/verify addresses all the time. If a site doesn't accept vrfy I
execute the following commands:
HELO fender.pica.army.mil
MAIL FROM:<drears@pica.army.mil>
RCPT TO:<name> or RCPT TO:<name@host.domain>
RSET
QUIT
BTW, I would say about 20% of sites I deal with do not have their mail
systems in full compliance with RFC 822. ._dennis ]
-----
Paul Robinson -- TDARCOS@MCIMAIL.COM
------------------------------
From: The Jester <ygoland@hurricane.seas.ucla.edu>
Subject: california id
Date: 4 Jun 93 20:05:56 GMT
According to the supreme court of the united states of america no
citizen is required to carry identification papers with them.
Actually the exact ruling was that no citizen is required to
identify themselves to the police.
Before I hear cries of 'what about driver's licences and police
pulling you over' I would remind everyone that driving a vehicle, at
least in California (and there was a specific court case in Los
Angeles) is NOT a right, it is a privledge. As such the state can
require that you carry and produce a licence WHILE OPERATING A
VEHICLE.
The bottom line is that if a police officer stops you while you are
walking down the street and demands you identify yourself, you do
not have to. However if a police officer pulls you over and demands
identification, you must produce it.
Yaron (The Jester) Goland
ygoland@seas.ucla.edu
--
The Jester-Finger for PGP V2.1
"You have failed me for the last time"-Darth Vader
"I have it on good authority that this is not happening"-A jet jock
from a show on the history of aircraft in battle
------------------------------
Organization: CPSR Civil Liberties and Computing Project
From: Dave Banisar <banisar@washofc.cpsr.org>
Date: Fri, 4 Jun 1993 20:46:59 EST
Subject: NIST CSSPAB 6/4/93 Resoluti
NIST CSSPAB 6/4/93 Resolutions
NIST Crypto Resolutions
Computer System Security and Privacy Advisory Board
June 4, 1993
Resolution #1
At Mr. Kammer's request we have conducted two days of
hearings. The clear message of the majority of input
was that there are serious concerns regarding the Key
Escrow Initiative and the Board concurs with these
concerns. Many of these issues are still to be fully
understood and more time is needed to achieving that
understanding.
Accordingly, this Board resolves to have an additional
meeting in July 1993 in order to more completely respond
to Mr. Kammer's request and to fulfill its statutory
obligations under P.L. 100-235. The Board recommends
that the inter-agency review take note of our input
collected, our preliminary finding, and adjust the
timetable to allow for resolution of the significant
issues and problems raised.
Attached to this resolution is a preliminary
distillation of the serious concerns and problems.
Resolution #2
Key escrowing encryption technology represents a
dramatic change in the nation's information
infrastructure. The full implications of this
encryption technique are not fully understood at this
time. Therefore, the Board recommends that key
escrowing encryption technology not be deployed beyond
current implementations planned within the Executive
Branch, until the significant public policy and
technical issues inherent with this encryption technique
are fully understood.
[Attachment to Resolution #1]]
- A convincing statement of the problem that Clipper
attempts to solve has not been provided.
- Export and important controls over cryptographic
products must be reviewed. Based upon data compiled
from U.S. and international vendors, current controls
are negatively impacting U.S. competitiveness in the
world market and are not inhibiting the foreign
production and use of cryptography (DES and RSA)
- The Clipper/Capstone proposal does not address the
needs of the software industry, which is a critical and
significant component of the National Information
Infrastructure and the U.S. economy.
- Additional DES encryption alternatives and key
management alternatives should be considered since there
is a significant installed base.
- The individuals reviewing the Skipjack algorithm and
key management system must be given an appropriate time
period and environment in which to perform a thorough
review. This review must address the escrow protocol
and chip implementation as well as the algorithm itself.
- Sufficient information must be provided on the
proposed key escrow scheme to allow it to be fully
understood by the general public. It does not appear to
be clearly defined at this time and, since it is an
integral part of the security of the system, it appears
to require further development and consideration of
alternatives to the key escrow scheme (e.g., three
"escrow" entities, one of which is a non-government
agency, and a software based solution).
- The economic implications for the Clipper/Capstone
proposal have not been examined. These costs go beyond
the vendor cost of the chip and include such factors as
customer installation, maintenance, administration, chip
replacement, integration and interfacing, government
escrow systems costs, etc.
- Legal issues raised by the proposal must be reviewed.
- Congress, as well as the Administration, should play a
role in the conduct and approval of the results of the
review.
=======================================================
NIST Resolutions on Key Escow Issues and Clipper
provided by
CPSR Washington office
666 Pennsylvania Ave., SE Suite 303
Washington, DC 20003
rotenberg@washofc.cpsr.org
=======================================================
------------------------------
Apparently-To: gatech!emory!uunet!comp-society-privacy
Newsgroups: comp.society.privacy
From: John De Armond <gatech!dixie.com!jgd@uunet.uu.net>
Subject: Re: Retaliatory Crimes
Date: Sat, 05 Jun 93 05:39:47 GMT
Organization: Dixie Communications Public Access. The Mouth of the South.
John Higdon <john@zygot.ati.com> writes:
>ThriftyTel got even by invoking a very nasty "hacker tariff" that
>called for holding system penetrators liable for charges an order of
>magnitude higher than normal. It was (and still is) quite a nice cash
>cow for the operation. It also supplies the company with computers,
>which they are allowed to seize. And there are quite a few families in
>very dire straights right now trying to pay off TT's confiscatory
>judgments.
Too bad. I'm sure there are families in dire straights because the provider
has committed a conventional crime and is now doing the time. Tough.
The issue is not whether a company's systems can be secured. The issue is
should they have to? Just as I should not have to lock up my house at
night to protect myself from thieves, so should I not have to lock up my
system in order to protect my data. That I have to lock my doors is an
indication that the system has failed and NOT that the burglars are somehow
innocent because they found easy spoils.
Perhaps if we adopted something from the Saudi system and chopped off a
finger of anyone caught hacking or stealing services, there would be no
need for tight security. I really see no gray area here. Either the
person is authorized to be on a system or he is not. If he is not,
he should be punished just like someone who physically tresspasses
is punished.
John
--
John De Armond, WD4OQC |Interested in high performance cars?
Performance Engineering Magazine(TM) | Interested in high tech and computers?
Marietta, Ga | Send ur snail-mail address to
jgd@dixie.com | perform@dixie.com for a free sample mag
The Great Tragedy of the 20th century is that Clinton's name isn't on the Wall.
------------------------------
End of Computer Privacy Digest V2 #049
******************************