Computer underground Digest Wed Oct 13 1993 Volume 5 : Issue 80 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Copy Eidtor: Etaoin Shrdlu, III CONTENTS, #5.80 (Oct 13 1993) File 1--CALIF AB1624 signed into law - PUBLIC INFO ACCESS! File 2--Thanks to The folks who made AB1624 possible File 3--Response to Cohen in re ITAR & Export Regs File 4--Space computer hacker gets bond. File 5--all eff.org machines moving 10/15-10/18 File 6--IGC Wins Public Interest Aw File 7--Response to PGP Encryption Flap (RE:CuD 574) File 8--RSAREF VERS NUMBER File 9--Elansky/Hartford bbs Hearings - Case Continues Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG WHQ) (203) 832-8441 NUP:Conspiracy; RIPCO BBS (312) 528-5020 CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893; In ITALY: Bits against the Empire BBS: +39-461-980493 ANONYMOUS FTP SITES: AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD. EUROPE: nic.funet.fi in pub/doc/cud. (Finland) UNITED STATES: aql.gatech.edu (128.61.10.53) in /pub/eff/cud etext.archive.umich.edu (141.211.164.18) in /pub/CuD/cud ftp.eff.org (192.88.144.4) in /pub/cud halcyon.com( 202.135.191.2) in /pub/mirror/cud ftp.warwick.ac.uk in pub/cud (United Kingdom) COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- From: Jim Warren Subject: File 1--CALIF AB1624 signed into law - PUBLIC INFO ACCESS! Date: Tue, 12 Oct 1993 14:26:21 -0700 Shortly before 8 a.m. this morning, Assembly Member Debra Bowen's legislative aide who has been honchaing AB1624, Mary Winkley, sent the following hand-written fax: "The Governor signed 1624 last night! [Oct 11th, Monday, Columbus Day] Yes. You read this correctly. This is not a joke! Congratulations & thank you! Mary" AB1624 will take effect Jan.1, 1994 (as is true of most of the 1,100+ bills, passed by the Legislature in 1993, that Gov. Pete Wilson signed into law). To my knowledge*, this is the first time that comprehensive information about state legislation-in-process and state laws have been made available by a state via the nonproprietary public computer networks, especially without any fees charged by the state. (Hawaii makes such information available, but only via an expensive private state network, so far.) This will permit *timely* access to legislative details -- crucial to effective citizen participation in the process of their/our governance; participation that is simply not practical via snailmailed copies of quickly-obsolete printed legislative information (useful only for after-the-fact fury). It makes the information available in *useful* form. Whereas printed legislative information can only be read , the same information arriving in computerized form can be: Automatically monitored for *all* words and phrases that are "interesting," Quickly searched for *all* specified topics and subjects, Indexed, hyperlinked and cross-referenced to other related information, Extracted, excerpted and forwarded to others, quickly and accurately, and, oh yes, recipients can also read it. Using the public global networks will provide other state legislative staff, legislators and federal legislators with fast, easy access to California legislation and statutes -- often used as models for other states. And, AB1624 can be used as a model -- by citizen-activists and legislators -- for other states willing to encourage open democratic processes. Finally, as far as I know*, this is the first time online advocacy and network-assisted citizen action was *instrumental* in structuring and obtaining the passage of legislation. (There have, however, been several instances where net-based action has *halted* undesired legislation or regulations -- re crypto prohibitions, modem taxes, etc.) It won't be the last! * - Please let me know if you know of other instances. (But, please phone; I'm backlogged over a thousand messages in my email .) ITS THE LAW! The final version of the bill states [hand-typed for the last time!; typos and bracketed notes are mine]: "(a) The Legislative Counsel shall, with the advice of the Assembly Committee on Rules and the Senate Committee on Rules, make all of the following information available to the public in electronic form: " (1) The legislative calendar, the schedule of legislative committee hearings, a list of matters pending on the floors of both houses of the Legislature, and a list of the committee of the Legislature and their members. " (2) The test of each bill introduced in each current legislative session, including each amended, enrolled [passed by the Legislature] and chaptered [signed or passed into law] form of each bill. " (3) The bill history of each bill introduced and amended in each current legislative session. " (4) The bill status of each bill introduced and amended in each current legislative session. " (5) All bill analyses prepared by legislative committees in connection with each bill in each current legislative session. [Bill analyses by the party caucuses are *not* included.] " (6) All vote information concerning each bill in each current % legislative session. " (7) Any veto message concerning a bill in each current legislative session. " (8) The California Codes. [the state's laws or statutes] " (9) The California Constitution [including enacted ballot initiatives] " (10) All statutes enacted on or after January 1, 1993. "(b) The information identified in subdivision (a) shall be made available to the public by means of access by way of the largest nonproprietary, nonprofit cooperative public computer network ... in one or more formats. ... Any person who accesses the information may access all or any part of the information. The information that is maintained in the legislative information system ... shall be made available in the shortest feasible time after the information is available in the [Legislature's internal] information system. The information that is not maintained in the information system shall be made available in the shortest feasible time after it is available to the Legislative Counsel. "... [public documentation of digital formats will be available, online] "(d) Personal information concerning a person who accesses the information may be maintained only for the purpose of providing service to that person. "(e) No fee or other charge may be imposed by the Legislative Counsel as a condition of accessing the information ... . ..." ------------------------------ Date: Tue, 12 Oct 1993 14:28:59 -0700 From: Jim Warren Subject: File 2--Thanks to The folks who made AB1624 possible ((MODERATORS' NOTE: Jim Warren graciously thanks all those who assisted in the enactment of California's AB1624, which expands the public's access to state government documents. But, Jim Warren was the primary force behind the legislation. Both the language of the law and the energy to push the Bill through are a credit to Jim's efforts. THANKS, JIM!!)) ++++ There are *lots* of folks who greatly assisted AB1624 to become law, but these are the crucial ones: Assembly Member Debra Bowen introduced the concepts embodied in this law. And, she did so on her own -- unlike most legislation, which is brought to legislators by outside special interests (i.e., no "sponsors"). Bowen's Legislative Aide Mary Winkley road herd on this bill, provided Bowen with massive, *essential* input and guidance regarding the details of the bill as it whip-sawed its way through the contorted amendment and committee processes. Her assistance was especially crucial given that Bowen had never held elective office before this year. Mary is the one who fielded several thousand phone calls and about 1,500 faxes and letters, concerning this bill alone (on top of a dozen-or-so others for which she had key responsibility). She was there days, evenings, nights, dawns, weekends and holidays (I know; I often called her -- or she, me -- at night and on weekends!). Without Mary Winkley's *consumptive* efforts, AB1624 would not be law. The 1,500-or-so people who sent the faxes and letters to Bowen and to crucial committee members as the bill went through the legislative process. YOUR *ACTION* WAS ESSENTIAL. (When I first heard about the bill and talked to Winkley, she said it was dead -- they had not found any public support for it,.amd the Legislative Counsel's staff had said it would cost millions of dollars to implement.) [ And maybe me: "How I Spent My Summer Vacation." :-) Most of all, I broadcast 32+ updates to you hundreds of folks who so-politely tolerated my un-terse-osity, and YOU made it happen via your support when and where it counted. (Also processed several thousand email messages.) I also showed 'em how they could do it for little or no cost via the Internet and a cheap file-server (detailed it in a 16-page implementation report), and detailed how the printed bills and their semantically-meaningful italics, underscoring and strike-thrus might be easily represented in ASCII text for dumb terminals. ] PLEASE THANK MARY AND DEBRA -- WELL-EARNED APPLAUSE, WORTH BOTH HANDS CLAPPING I have one final request of you: Please take the time to at least call, or possibly fax or write, and personally thank Mary Winkley and Debra Bowen for what they have done. They *deserve* to know we noticed; we care; we appreciate their consumptive efforts. Both are at: State Capitol, Room 3126, Sacramento CA 95814 voice/916-445-8528, fax/916-327-2201 Please, do it now. They deserve it! And, thank you all -- *so much* -- for your interest and efforts. It *is* possible for citizens to significantly impact government -- all it takes is time and effort. :-) ON TO THE NEXT PROJECT The next thing to do is get the Secretary of State to make already-required public campaign-contributor and financial-disclosure information from "serious" candidates available in the same way as AB1624 makes public legislative data and public laws available. Then we can cross-reference vote records to contributor information -- making reform of the legislative process possible via a better-informed electorate. Like AB1624, this could be done at little or no cost to the tax-payers or the candidates. There is already movement on this project. More in a later message. (Who knows -- maybe we won't need incumbency guarantees such as campaign-spending limits, or tax-suckin' public campaign-funding to pay for candidates' teevee ads and massive junk-mail.) ------------------------------ Date: Sun, 10 Oct 1993 17:42:00 -0700 From: bjones@WEBER.UCSD.EDU(Bruce Jones) Subject: File 3--Response to Cohen in re ITAR & Export Regs In CuD 5.79, Fredrick B. Cohen writes: Let's unpack a bit of what Mr. Cohen has to say about ITAR export regulations and his experiences. >Your discussion seems very strange to me. I seem to think I have >heard it all before - about 3 years ago - when I got permission from >the government to export an RSA cryptosystem with no restriction on >key length or anything else. > >It took a few weeks (6-8 as I recall), but all I did was submit the >software to the government (in 12 copies or so), and request a ruling. >After a few call-backs, I got permission. Please note that the posting site for Mr. Cohen's message is the Science Applications International Corporation, a La Jolla California based think tank that has deep ties to the U.S. Gov't and does lots of work for the DoD. Given his ties to the DoD, it comes as small surprise that he was able to get export permission for his RSA cryptosystem. [Discussion of key generation deleted because it's not germane to my critique] >All of this is not to say that I think it is reasonable to prevent us >from doing as we please in this area, and I certainly wish I didn't >have to wait so long before distributing new versions overseas, but >why not just apply for export and see what happens? Maybe you'll get >permission and it will all be no problem. Why should a software manufacturer or a private citizen have to ask permission in the first place, from the DoD (operating under the guise of the Dept of Commerce) to export software that uses encryption algorithms freely available in the country to which the product is being exported? >IBM has been exporting DES for quite a few years according to sources >I have in EC who have seen IBM chips with DES on them in EC computers. >I believe they simply asked for permission and got it. Again, it's likely quite simple for someone who does business with the DoD and the U.S. Gov't to get permission to export. >I applaud the EFF for helping defend people in this area, but maybe if >they tried to work within the law in the first place, they would have >found it was easier to obey the law than break it. Serious charges without foundation. Whom within the EFF has been accused of breaking the law? >Maybe if they apply now, they will end up with a no-case (assuming >they get permission). A dodge of the issue, which is not about whether or not one can get permission to do something specific, but whether or not the government has a right to require permission in the first place. One of the founding tenets of the Unites States of America is the idea that its citizens may do whatever they like, so long as their chosen activity is not proscribed by law and doesn't violate the rights of their neighbors. The opposite is ostensibly true for the government, which may only do what has been permitted it under the law. We live in a society where those distinctions apparently collapsed some time ago. Bruce Jones Department of Communication bjones@ucsd.edu/bitnet University of California, San Diego (619) 534-0417/4410 9500 Gilman Drive FAX (619) 534-7315 La Jolla, Ca. 92093-0503 ------------------------------ Date: Thu, 7 Oct 1993 17:49:40 +0800 (WST) From: Stephen Hardman Subject: File 4--Space computer hacker gets bond. Thursday: Space computer hacker gets bond. MELBOURNE: A computer hacker who forced a 24-hour shutdown at US National Aeronautics and Space Administration base was sentenced yesterday to a year's jail but freed on a good behaviour bond and ordered to do 500 hours' unpaid community work. Nashon Even-Chaim, 22, of Caulfield, pleaded guilty to 15 charges of unlawful interference with computer data in 1990, including using the password "friend" to penetrate a NASA computer in Virginia. Even-Chaim also admitted interfering with a CSIRO computer in Melbourne, a private computer manufacturer's system in Texas and a US government computer laboratory in California. ------------------------------ Date: Wed, 13 Oct 1993 17:31:14 -0400 From: Christopher Davis Subject: File 5--all eff.org machines moving 10/15-10/18 All eff.org machines will be disconnected and unavailable (due to moving from Cambridge, MA to Washington, DC) from approximately noon (EDT) Friday 15 October 1993 to approximately noon (EDT) Monday 18 October 1993. This includes email to eff@eff.org, access to the archives on ftp.eff.org and gopher.eff.org, and mail-news gateways for comp.org.eff.* and alt.comp.acad-freedom.*. Mirrors of the archives should be available during the weekend. We apologize for any inconvenience. ------------------------------ From: David Sobel Date: Tue, 12 Oct 1993 16:05:07 EST Subject: File 6--IGC Wins Public Interest Aw IGC Wins Public Interest Award Palo Alto, Calif., October 12, 1993 - Computer Professionals for Social Responsibility (CPSR), the national public interest organization based in Palo Alto, announced today that the Institute for Global Communications (IGC) has been named the winner of the 1993 Norbert Wiener Award for Social and Professional Responsibility. Beginning in 1986, CPSR has presented this award each year to a distinguished individual who, through personal example, demonstrated a deep commitment to the socially responsible use of computing technology. In 1992, the CPSR Board expanded the nominations to include organizations. IGC is the first organizational recipient of this prestigious award. "The award is particularly appropriate this year because of the enormous interest in computer networks generated by the debate over the proposed National Information Infrastructure (NII)," said Stanford professor and CPSR Board president Eric Roberts. "IGC has worked diligently to use network technology to empower previously disenfranchised individuals and groups working for progressive change. CPSR has a strong commitment to making sure that everyone has access to the resources and empowerment that networks provide. IGC has been providing such access ever since it was founded in 1986." "We're honored to be recognized by CPSR and to be the Norbert Wiener Award recipient," says Geoff Sears, IGC's Executive Director. "Of course, this award honors not just IGC, but the efforts and accomplishments of all our network members, our entire network community." Sears will accept the Wiener award at CPSR's annual meeting banquet in Seattle, Washington, on Saturday, October 16th. This year's annual meeting is a two-day conference entitled "Envisioning the Future: A National Forum on the National Information Infrastructure (NII)" that will bring together local, regional, and national decision makers to take a critical look at the social implications of the NII. The keynote speaker will be Bruce McConnell, Chief of Information Policy at the Office of Information and Regulatory Affairs in the Office of Management and Budget (OMB), who will present his views on the major NII issues now facing the administration. Other highlights of the meeting include Kit Galloway of Electronic Cafe International in Santa Monica, California, as the featured speaker at the banquet. Using videotapes and a live demonstration with CPSR chapters, Kit will present an innovative approach to electronic communication and discuss how the Electronic Cafe concept has been used. The Institute for Global Communications is a nonprofit computer networking organization dedicated to providing low-cost worldwide communication and information exchange pertaining to environmental preservation, human rights, sustainable development, peace, and social justice issues. IGC operates the PeaceNet, EcoNet, ConflictNet, and LaborNet computer networks. With a combined membership of 10,000 individuals and organizations ranging in size and scope from United Nations Commissions to local elementary schools, IGC members contribute to more than 1200 conferences covering virtually every environmental and human rights topic. The Wiener Award was established in 1987 in memory of Norbert Wiener, the originator of the field of cybernetics and a pioneer in looking at the social and political consequences of computing. Author of the book, The Human Use of Human Beings, Wiener began pointing out the dangers of nuclear war and the role of scientists in developing more powerful weapons shortly after Hiroshima. Past recipients of the Wiener Award have been: Dave Parnas, 1987, in recognition of his courageous actions opposing the Strategic Defense Initiative; Joe Weizenbaum, 1988, for his pioneering work emphasizing the social context of computer science; Daniel McCracken, 1989, for his work organizing computer scientists against the Anti Ballistic Missiles deployment during the 1960s; Kristen Nygaard of Norway, 1990, for his work in participatory design; Severo Ornstein and Laura Gould, 1991, in recognition of their tireless energy guiding CPSR through its early years; and Barbara Simons, 1992, for her work on human rights, military funding, and the U.C. Berkeley reentry program for women and minorities. Founded in 1981, CPSR is a national, nonprofit, public-interest organization of computer scientists and other professionals concerned with the impact of computer technology on society. With offices in Palo Alto, California, and Washington, D.C., CPSR challenges the assumption that technology alone can solve political and social problems. For more information about CPSR, the annual meeting, or the awards banquet, call 415-322-3778 or send email to . For more information about IGC, contact Sarah Hutchison, 415-442-0220 x117, or send email to . ------------------------------ Date: Mon, 11 Oct 93 12:07:01 From: bob.paddock@CIRCELLAR.COM Subject: File 7--Response to PGP Encryption Flap (RE:CuD 574) In Re CuD574: File 1--Phil Zimmerman Comments on Encryption Flap I'm posting this rather long message (sorry about the length, but I wanted it to be complete [as the copyright states that it must be for permitted redistribution]) with a couple of question in mind that I would like answered: 1) Why is one branch of the government trying to kill off PGP specifically, and possibly public key encryption in general. While an other branch (DARPA) is helping to promote its use (See below)? 2) Since DARPA is promoting the use of the PEM public key implementation, does this mean that it has a back door for "THEM"? 3) If you can get this public key program via anonymous FTP, that IS export controlled, whats the governments beef with Austin Code Works, and PGP's author? [Better get your copy now be for one side finds out what the other is doing! %Maybe some one could point this out to PGP's authors defence lawyer, humm?%] ============================================================================ Received: from RSA.COM (CHIRALITY.RSA.COM) !RSA.COM!rsaref-administrator !RSA.COM!coni Subject--RSAREF VERS NUMBER The current version of RSAREF is v1.01. To receive RSAREF read below. RSAREF(TM): A Cryptographic Toolkit for Privacy-Enhanced Mail RSA Laboratories (A division of RSA Data Security, Inc.) October 4, 1993 This document copyright (C) 1993 RSA Laboratories, a division of RSA Data Security, Inc. License is granted to reproduce, copy, post, or distribute in any manner, provided this document is kept intact and no modifications, deletions, or additions are made. WHAT IS IT? RSAREF is a cryptographic toolkit designed to facilitate rapid deployment of Internet Privacy-Enhanced Mail (PEM) implementations. RSAREF represents the fruits of RSA Data Security's commitment to the U.S. Department of Defense's Advanced Research Projects Agency (DARPA) to provide free cryptographic source code in support of a PEM standard. Just recently, PEM became an Internet proposed standard. Part of RSA's commitment to DARPA was to authorize Trusted Information Systems of Glenwood, MD, to distribute a full PEM implementation based on RSAREF. That implementation is now available via anonymous FTP to 'ftp.tis.com'. RSAREF supports the following PEM-specified algorithms: o RSA encryption and key generation, as defined by RSA Laboratories' Public-Key Cryptography Standards (PKCS) o MD2 and MD5 message digests o DES (Data Encryption Standard) in cipher-block chaining mode RSAREF is written in the C programming language as a library that can be called from an application program. A simple PEM implementation can be built directly on top of RSAREF, together with message parsing and formatting routines and certificate-management routines. RSAREF is distributed with a demonstration program that shows how one might build such an implementation. The name "RSAREF" means "RSA reference." RSA Laboratories intends RSAREF to serve as a portable, educational, reference implementation of cryptography. WHAT YOU CAN (AND CANNOT) DO WITH RSAREF The RSAREF license agreement gives legal terms and conditions. Here's the layman's interpretation, for information only and with no legal weight: 1. You can use RSAREF in personal, non-commercial applications, as long as you follow the interface described in the RSAREF documentation. You can't use RSAREF in any commercial (moneymaking) manner of any type, nor can you use it to provide services of any kind to any other party. For information on commercial licenses of RSAREF-compatible products, please contact RSA Data Security. (Special arrangements are available for educational institutions and non-profit organizations.) 2. You can give others RSAREF and programs that interface to RSAREF, under the same terms and conditions as your RSAREF license. 3. You can modify RSAREF as required to port it to other operating systems and compilers, or to improve its performance, as long as you give a copy of the results to RSA Laboratories. Other changes require written consent. 4. You can't send RSAREF outside the United States or Canada, or give it to anyone who is not a U.S. or Canadian citizen and doesn't have a U.S. "green card." (These are U.S. State and Commerce Department requirements, because RSA and DES are export-controlled technologies.) HOW TO GET IT To obtain RSAREF, read the RSAREF license agreement and return a copy of the following paragraph by electronic mail to . If your electronic mail address is located in Canada, please send your full name and mailing address; we'll need it to complete a Department of State export declaration. I acknowledge that I have read the RSAREF Program License Agreement and understand and agree to be bound by its terms and conditions, including without limitation its restrictions on foreign reshipment of the Program and information related to the Program. The electronic mail address to which I am requesting that the program be transmitted is located in the United States of America or Canada and I am a United States citizen, a Canadian citizen, or a permanent resident of the United States. The RSAREF Program License Agreement is the complete and exclusive agreement between RSA Laboratories and me relating to the Program, and supersedes any proposal or prior agreement, oral or written, and any other communications between RSA Laboratories and me relating to the Program. RSAREF is distributed by electronic mail in UNIX(TM) "uuencoded" TAR format. When you receive it, store the contents of the message in a file, and run your operating system's "uudecode" and TAR programs. For example, suppose you store the contents of your message in the file 'contents'. You would run the commands: uudecode contents # produces rsaref.tar tar xvf rsaref.tar You can also get a "uuencoded" PKZIP(TM) version of RSAREF. Just ask for the ZIP file when you return the acknowledgement. RSAREF includes about 60 files organized into the following subdirectories: doc documentation on RSAREF and RDEMO install makefiles for various operating systems rdemo RDEMO demonstration program source RSAREF source code and include files test test scripts for RDEMO RSAREF is also available via anonymous FTP to 'rsa.com'. Along with RSAREF you can get RIPEM, Mark Riordan's RSAREF-based privacy-enhanced mail application, and an Emacs command interface to RIPEM. See the file 'README' in the FTP directory 'rsaref' for more information. USERS' GROUP RSA Laboratories maintains the electronic-mail users' group for discussion of RSAREF applications, bug fixes, etc. To join the users' group, send electronic mail to . REGISTRATION RSAREF users who register with RSA Laboratories are entitled to free RSAREF upgrades and bug fixes as soon as they become available and a 50% discount on selected RSA Data Security products. To register, send your name, address, and telephone number to . INNOVATION PRIZES RSA Laboratories will award cash prizes for the best applications built on RSAREF. If you'd like to submit an application, want to be on the review panel, or would like more details, please send electronic mail to . Applications are due December 31, 1993, and awards will be announced March 31, 1994. First prize is $5000, second prize is $2000, and there are five prizes of $1000. First prize in 1992's content went to Mark Riordan for RIPEM. PUBLIC-KEY CERTIFICATION RSA Data Security offers public-key certification services conforming to forthcoming PEM standards. For more information, please send electronic mail to . PKCS: PUBLIC-KEY CRYPTOGRAPHY STANDARDS To obtain copies of RSA Laboratories' Public-Key Cryptography Standards (PKCS), send electronic mail to . OTHER QUESTIONS If you have questions on RSAREF software, licenses, export restrictions, or other RSA Laboratories offerings, send electronic mail to . AUTHORS RSAREF was written by the staff of RSA Laboratories with assistance from RSA Data Security's software engineers. The DES code is based on an implementation that Justin Reyneri did at Stanford University. Jim Hwang of Stanford wrote parts of the arithmetic code under contract to RSA Laboratories. ABOUT RSA LABORATORIES RSA Laboratories is the research and development division of RSA Data Security, Inc., the company founded by the inventors of the RSA public-key cryptosystem. RSA Laboratories reviews, designs and implements secure and efficient cryptosystems of all kinds. Its clients include government agencies, telecommunications companies, computer manufacturers, software developers, cable TV broadcasters, interactive video manufacturers, and satellite broadcast companies, among others. RSA Laboratories draws upon the talents of the following people: Len Adleman, distinguished associate - Ph.D., University of California, Berkeley; Henry Salvatori professor of computer science at University of Southern California; co-inventor of RSA public-key cryptosystem; co-founder of RSA Data Security, Inc. Martin Hellman, distinguished associate - Ph.D., Stanford University; professor of electrical engineering at Stanford University; co-inventor of public-key cryptography, exponential key exchange; IEEE fellow; IEEE Centennial Medal recipient Burt Kaliski, chief scientist - Ph.D., MIT; former visiting assistant professor at Rochester Institute of Technology; author of Public-Key Cryptography Standards; general chair of CRYPTO '91 Cetin Koc, associate - Ph.D., University of California, Santa Barbara; assistant professor at Oregon State University Ron Rivest, distinguished associate - Ph.D., Stanford University; professor of computer science at MIT; co-inventor of RSA public-key cryptosystem; co-founder of RSA Data Security, Inc.; member of National Academy of Engineering; director of International Association for Cryptologic Research; program co-chair of ASIACRYPT '91 Matt Robshaw, research scientist - Ph.D., University of London RSA Laboratories seeks the talents of other people as well. If you're interested, please write or call. ADDRESSES RSA Laboratories RSA Data Security, Inc. 100 Marine Parkway 100 Marine Parkway Redwood City, CA 94065 Redwood City, CA 94065 (415) 595-7703 (415) 595-8782 (415) 595-4126 (fax) (415) 595-1873 (fax) PKCS, RSAREF and RSA Laboratories are trademarks of RSA Data Security, Inc. All other company names and trademarks are not. +---------------------------------------------------------------------- RSA LABORATORIES PROGRAM LICENSE AGREEMENT Version 1.02 January 21, 1993 RSA LABORATORIES, A DIVISION OF RSA DATA SECURITY, INC. ("RSA") GRANTS YOU A LICENSE AS FOLLOWS TO THE "RSAREF" PROGRAM: 1. LICENSE. RSA grants you a non-exclusive, non-transferable, perpetual (subject to the conditions of Section 8) license for the "RSAREF" program (the "Program") and its associated documentation, subject to all of the following terms and conditions: a. to use the Program on any computer; b. to make copies of the Program for back-up purposes; c. to modify the Program in any manner for porting or performance improvement purposes (subject to Section 2) or to incorporate the Program into other computer programs for your own personal or internal use, provided that you provide RSA with a copy of any such modification or Application Program by electronic mail, and grant RSA a perpetual, royalty-free license to use and distribute such modifications and Application Programs on the terms set forth in this Agreement. d. to copy and distribute the Program and Application Programs in accordance with the limitations set forth in Section 2. "Application Programs" are programs which incorporate all or any portion of the Program in any form. The restrictions imposed on Application Programs in this Agreement shall not apply to any software which, through the mere aggregation on distribution media, is co-located or stored with the Program. 2. LIMITATIONS ON LICENSE. a. RSA owns the Program and its associated documentation and all copyrights therein. You may only use, copy, modify and distribute the Program as expressly provided for in this Agreement. You must reproduce and include this Agreement, RSA's copyright notices and disclaimer of warranty on any copy and its associated documentation. b. The Program and all Application Programs are to be used only for non-commercial purposes. However, media costs associated with the distribution of the Program or Application Programs may be recovered. c. The Program, if modified, must carry prominent notices stating that changes have been made, and the dates of any such changes. d. Prior permission from RSA in writing is required for any modifications that access the Program through ways other than the published Program interface or for modifications to the Program interface. RSA will grant all reasonable requests for permission to make such modifications. 3. NO RSA OBLIGATION. You are solely responsible for all of your costs and expenses incurred in connection with the distribution of the Program or any Application Program hereunder, and RSA shall have no liability, obligation or responsibility therefor. RSA shall have no obligation to provide maintenance, support, upgrades or new releases to you or to any distributee of the Program or any Application Program. 4. NO WARRANTY OF PERFORMANCE. THE PROGRAM AND ITS ASSOCIATED DOCUMENTATION ARE LICENSED "AS IS" WITHOUT WARRANTY AS TO THEIR PERFORMANCE, MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE RESULTS AND PERFORMANCE OF THE PROGRAM IS ASSUMED BY YOU AND YOUR DISTRIBUTEES. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU AND YOUR DISTRIBUTEES (AND NOT RSA) ASSUME THE ENTIRE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 5. LIMITATION OF LIABILITY. EXCEPT AS EXPRESSLY PROVIDED FOR IN SECTION 6 HEREINUNDER, NEITHER RSA NOR ANY OTHER PERSON WHO HAS BEEN INVOLVED IN THE CREATION, PRODUCTION, OR DELIVERY OF THE PROGRAM SHALL BE LIABLE TO YOU OR TO ANY OTHER PERSON FOR ANY DIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES, EVEN IF RSA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 6. PATENT INFRINGEMENT OBLIGATION. Subject to the limitations set forth below, RSA, at its own expense, shall: (i) defend, or at its option settle, any claim, suit or proceeding against you on the basis of infringement of any United States patent in the field of cryptography by the unmodified Program; and (ii) pay any final judgment or settlement entered against you on such issue in any such suit or proceeding defended by RSA. The obligations of RSA under this Section 6 are subject to: (i) RSA's having sole control of the defense of any such claim, suit or proceeding; (ii) your notifying RSA promptly in writing of each such clai proceeding against you on the basis of infringement of any United States patent in the field of cryptography by the unmodified Program; and (ii) pay any final judgment or settlement entered against you on such issue in any such suit or proceeding defended by RSA. The obligations of RSA under this Section 6 are subject to: (i) RSA's having sole control of the defense of any such claim, suit or proceeding; (ii) your notifying RSA promptly in writing of each such clai proceeding against you on the basis of infringement of any United States patent in the field of cryptography by the unmodified Program; and (ii) pay any final judgment or settlement entered against you on such issue in any such suit or proceeding defended by RSA. The obligations of RSA under this Section 6 are subject to: (i) RSA's having sole control of the defense of any such claim, suit or proceeding; (ii) your notifying RSA promptly in writing of each such claim, suit or proceeding and giving RSA authority to proceed y United States patent in the field of cryptography by the unmodified Program; and (ii) pay any final judgment or settlement entered against you on such issue in any such suit or proceeding defended by RSA. The obligations of RSA under this Section 6 are subject to: (i) RSA's having sole control of the defense of any such claim, suit or proceeding; (ii) your notifying RSA promptly in writing of each such claim, suit or proceeding and giving RSA authority to proceed as stated in this Section 6; and (iii) your giving RSA all information known to you relating to such claim, suit or proceeding and cooperating with RSA to defend any such claim, suit or proceeding. RSA shall have no obligation under this Section 6 with respect to any claim to the extent it is based upon (a) use of the Program as modified by any person other than RSA or use of any Application Program, where use of the unmodified Program would not constitute an infringement, or (b) use of the Program in a manner other than that permitted by this Agreement. THIS SECTION 6 SETS FORTH RSA'S ENTIRE OBLIGATION AND YOUR EXCLUSIVE REMEDIES CONCERNING CLAIMS FOR PROPRIETARY RIGHTS INFRINGEMENT. NOTE: Portions of the Program practice methods described in and subject to U.S. Patents Nos. 4,200,770, 4,218,582 and 4,405,829, and all foreign counterparts and equivalents, issued to Leland Stanford Jr. University and to Massachusetts Institute of Technology. Such patents are licensed to RSA by Public Key Partners of Sunnyvale, California, the holder of exclusive licensing rights. This Agreement does not grant or convey any interest whatsoever in such patents. 7. RSAREF is a non-commercial publication of cryptographic techniques. Portions of RSAREF have been published in the International Security Handbook and the August 1992 issue of Dr. Dobb's Journal. Privacy applications developed with RSAREF may be subject to export controls. If you are located in the United States and develop such applications, you are advised to consult with the State Department's Office of Defense Trade Controls. 8. TERM. The license granted hereunder is effective until terminated. You may terminate it at any time by destroying the Program and its associated documentation. The termination of your license will not result in the termination of the licenses of any distributees who have received rights to the Program through you so long as they are in compliance with the provisions of this license. 9. GENERAL a. This Agreement shall be governed by the laws of the State of California. b. Address all correspondence regarding this license to RSA's electronic mail address , or to RSA Laboratories ATTN: RSAREF Administrator 100 Marine Parkway, Suite 500 Redwood City, CA 94065 ------------------------------ Date: Wed, 13 Oct 1993 18:22:13 CDT From: CuD Moderators Subject: File 9--Elansky/Hartford bbs Hearings - Case Continues HEARINGS CONTINUE IN BOMB-RECIPES CASE Oct. 13, Page B-11, The Hartford Courant Michael Elansky, a 22-year-old West Hartford man accused of possessing bomb recipes on his computer bulletin board, will remain in jail pending further hearings on his case. A 90-minute pretrial hearing in closed chambers Tuesday in Hartford Superior Court produced no resolution in the case. Another hearing is scheduled next Tuesday. ((remainder, summarizing the case, deleted)) ------------------------------ End of Computer Underground Digest #5.80 ************************************