Date: Sat, 05 Jun 93 15:11:35 EST Errors-To: Comp-privacy Error Handler From: Computer Privacy Digest Moderator To: Comp-privacy@PICA.ARMY.MIL Subject: Computer Privacy Digest V2#049 Computer Privacy Digest Sat, 05 Jun 93 Volume 2 : Issue: 049 Today's Topics: Moderator: Dennis G. Rears PowerBop, the first cordless notebook Re: California ID Requirement Did they have an address for Hillary? Even the White House Discovered the risks! california id NIST CSSPAB 6/4/93 Resoluti Re: Retaliatory Crimes The Computer Privacy Digest is a forum for discussion on the effect of technology on privacy. The digest is moderated and gatewayed into the USENET newsgroup comp.society.privacy (Moderated). Submissions should be sent to comp-privacy@pica.army.mil and administrative requests to comp-privacy-request@pica.army.mil. Back issues are available via anonymous ftp on ftp.pica.army.mil [129.139.160.133]. ---------------------------------------------------------------------- From: jbcondat@attmail.com Date: 31 Dec 69 23:59:59 GMT Subject: PowerBop, the first cordless notebook Apple European R&D extends mobile computing with wireless communications Paris La Defense, June 4, 1993--With PowerBop, the first notebook integrating cordless communications technology, recently launched in France, Apple European R&D extands mobile computing and enhances communications capabilities. PowerBop, the newest model of the popular PowerBook series, offers the highest degree of autonomy on the notebook computer market today. The ongoing technical cooperation between Apple European R&D Centre based in Paris, and France Telecom, the French PTO operator resulted in the integration of radio capabilities with notebook computers making it possible to connect them to Telepoint services. Telepoint is expanding more and more in Europe and uses the most affordable wireless technology available today. Apple European R&D focuses primarily on modems, on telecommunications in mobile computers and on products that comply with OSI (Open System Inter- connection) standards. PowerBop: A new dimension in communications freedom +--------------------------------------------------- PowerBop brings notebook users an added dimension of freedom, above and beyond the inherent benefits of Apple's popular PowerBook models. The PowerBop contains a radio modem conform to the CT2 Telepoint standard in accordance with the Common Air Interface (CAI), adopted in June 1991 on an European level. The CT2 standard allows a new generation of personal telephones. Their owners are able to use them in public places in large cities, at home as a traditional cordless phone and in the office via PBX extensions. Within the PowerBop, the radio modem CT2 provides the ability to connect it to a full range of communications services, at any time, from any place that is located between 20 and 500 meters from the base station of the Pointel network "Bi-Bop", launched by France Telecom in Paris and Strasbourg on April 22,1993. These services include: access to the France Telecom videotex service "Minitel", message and file exchange, fax transmission, access to servers and databases. Thanks to the low energy consumption of the CT2 technology, the PowerBop retains its 1 - 1/2 to 2 hours of endurance when the wireless modem is being used. The PowerBop features all the advantages of the PowerBook 180, Apple's high-end notebook. The internal floppy disk drive is replaced by the CT2 modem which means that users do not need to carry any additional equipment to communicate via the telepoint network. An external floppy disk drive is supplied as a standard accessory. Like the Bi-Bop pocket phone designed and developped by France Telecom, the Apple PowerBop has a small antenna which folds into a special slot. The Express Modem provided as standard equipment inside the PowerBop, offers a full range of communications functions: * access to one of the 15,000 Minitel services; * fax transmision (reception will be available on the French network from Septembre 1993); * data transmission from 300 to 14,400 bps. The Express Modem can either be connected directly to a telephone line or use the Bi-Bop network for wireless communications up to 9,600 bps. Digital Cordless Market +----------------------- European operators view telepoint as a mass market application for wireless telephones. At the present time, no European country offers a nationwide commercial telepoint service. However there are currently a number of networks of this type spreading out. Mainly, in the UK, Netherlands, Finland and Belgium. In other parts of the world, others such developments are under way, in Asia, Australia, Canada and the United-States. On the sales side, it appears that all the operators have a common desire to implement a pricing structure to allow this technology to be affordable for a consumer market. France Telecom's new Bi-Bop service +----------------------------------- France Telecom took a leading role in the development of European telepoint services. On April 22, France Telecom launched the Bi-Bop cordless digital pocket phone in Paris. The system which employs the CT2 cordless standard, sets up a digital radio link between the Bi-Bop terminal and a public or home base station. The Bi-Bop service covers three main types of use: * Public use: Bi-Bop subsribers can call anywhere in the world from major cities, starting with Paris and Strasbourg. The network is designed to cover major thoroughfares and public places. Today, some 3,000 base stations (4,000 by fall 1993) span Paris and the greater Paris area (Ile-de-France) and the network will be progressively extended to other areas. Starting in September 1993, subscribers will also be able to receive calls, and PowerBop notebook users will have fax reception capacities; * With a private home base station connected to a standard telephone outlet, the PowerBop is transformed into a high-performance mobile computing tool allowing one to access all private communications services; * Wireless PBXs are available to companies, allowing PowerBop users anywhere at a site, for example, to benefit from the same computing environment as if the user was at his desk. The PowerBop can also become a mobile fax terminal. Availability +------------ The PowerBop will be available through certified Apple Computer France distributors in June 1993. PowerBop owners must have a special telephone subscription with France Telecom. Nota Bene +--------- At this time, I am in a luxurous cafe on the Champs-Elysees in Paris in holidays and I send this note to _Computer Privacy Digest_ with my PowerBop without any problem... +----- -----+ Jean-Bernard Condat General Secretary Chaos Computer Club France, B.P. 155, 93404 St-Ouen Cedex, France Private Address: P.O. 8005, 69351 Lyon Cedex 08, France Phone: +33 1 40101764, Fax: +33 1 47877070 InterNet: jbcondat@attmail.com or cccf@altern.com ------------------------------ Date: Thu, 3 Jun 93 17:39 PDT From: John Higdon Organization: Green Hills and Cows Subject: Re: California ID Requirement Susanna Elaine Johnson writes: > What the police do now is cite you under Section 148(a) of the > California Penal Code (Resisting arrest or obstructing or > delaying a peace officer in the lawful (sic) performance of hs > duty). This is a jailable offence. But then there would have to be an arrest in progress for some identifiable infraction. I cannot imagine that the court would allow any kind of "circular" police action. The original probable cause could not be related to the person's lack of ID. Walking along a street is not much probable cause for anything. > If you also do not have > the required amount of cash money ($50.00) on you at the time of > arrest you will be cited for also violating Section 647(g) of the > California Penal Code, in that you are a vagrant "Without visible > means of support and/or sufficient funds to support a legal > lifestyle". This is incredible! There are no doubt countless people who are out and about without $50 on them. In urban California particularly, you are a fool to carry more than $20 in cash on your person, unless you enjoy funding low-life-mugging scum. Ironically, a number of people I know purposely do not carry money, credit cards, or identification so as not to provide a reward for urban misfits--necessary because the police are powerless to correct the situation. So $50 is what makes one a "legal" person. Interesting. -- John Higdon | P. O. Box 7648 | +1 408 264 4115 | FAX: john@ati.com | San Jose, CA 95150 | 10288 0 700 FOR-A-MOO | +1 408 264 4407 ------------------------------ Date: Fri, 4 Jun 1993 04:00:00 -0400 (EDT) From: "Tansin A. Darcos & Company" <0005066432@mcimail.com> Subject: Did they have an address for Hillary? From: Paul Robinson Organization: Tansin A. Darcos & Company, Silver Spring, MD USA ----- Someone wrote me to ask: > Thank you for relaying information concerning the high-tech > White House. Did they have an address for Hillary? I can't > imagine her suffering first.lady@whitehouse.gov. Seriously, > I need to get to her press secretary I wanted to see if there was anything: % telnet telnet> open whitehouse.gov 25 Trying 198.137.240.100 ... Connected to whitehouse.gov. Escape character is '^]'. 220 SMTP/smap Ready. helo 250 Charmed, Im sure. vrfy hillary 250 "250" in this case, is an "ok" indicating the mail-server receiving the request considers the address to be valid. So try that, then: hillary@whitehouse.gov That will probably go to one of the clerks that handles her correspondence. ----- Paul Robinson -- TDARCOS@MCIMAIL.COM ------------------------------ Date: Fri, 4 Jun 1993 20:21:12 -0400 (EDT) From: "Tansin A. Darcos & Company" <0005066432@mcimail.com> Subject: Even the White House Discovered the risks! From: Paul Robinson Organization: Tansin A. Darcos & Company, Silver Spring, MD USA ----- After posting the message about the White House E-Mail system, someone asked if there was an address for Mrs. Clinton, e.g. Hillary. I tried calling up the White House SMTP port and seeing if a "hillary" was a valid adddress. The SMTP gateway gave a 250 ("ok") response in request to the command "VRFY hillary". More than a half dozen people pointed out to me that the SMTP gateway at WHITEHOUSE.GOV would accept *anything* for a VRFY address. One guy noted that the server gave the following response: vrfy h.ross.perot 250 I guess they wanted to preserve PRIVACY of the people there (and as someone pointed out to me, knowing who is on the Whitehouse E-Mail system might be a National Security Risk). But the kicker is that even the White House saw the risks involved, because within a day after I reported what I had tried for the alleged E-Mail address "hillary" the SMTP gate there no longer accepts VRFY requests! But they still don't have it right; reports from people who who sent me capture buffers show that a refused VRFY request should return code "550 Access Denied to You" but instead is returning code "500 Syntax Error". [Moderator's Note: As a moderator of this list as well as running an exploder list for the RISKS digest for the MILNET/Government subscribers I check/verify addresses all the time. If a site doesn't accept vrfy I execute the following commands: HELO fender.pica.army.mil MAIL FROM: RCPT TO: or RCPT TO: RSET QUIT BTW, I would say about 20% of sites I deal with do not have their mail systems in full compliance with RFC 822. ._dennis ] ----- Paul Robinson -- TDARCOS@MCIMAIL.COM ------------------------------ From: The Jester Subject: california id Date: 4 Jun 93 20:05:56 GMT According to the supreme court of the united states of america no citizen is required to carry identification papers with them. Actually the exact ruling was that no citizen is required to identify themselves to the police. Before I hear cries of 'what about driver's licences and police pulling you over' I would remind everyone that driving a vehicle, at least in California (and there was a specific court case in Los Angeles) is NOT a right, it is a privledge. As such the state can require that you carry and produce a licence WHILE OPERATING A VEHICLE. The bottom line is that if a police officer stops you while you are walking down the street and demands you identify yourself, you do not have to. However if a police officer pulls you over and demands identification, you must produce it. Yaron (The Jester) Goland ygoland@seas.ucla.edu -- The Jester-Finger for PGP V2.1 "You have failed me for the last time"-Darth Vader "I have it on good authority that this is not happening"-A jet jock from a show on the history of aircraft in battle ------------------------------ Organization: CPSR Civil Liberties and Computing Project From: Dave Banisar Date: Fri, 4 Jun 1993 20:46:59 EST Subject: NIST CSSPAB 6/4/93 Resoluti NIST CSSPAB 6/4/93 Resolutions NIST Crypto Resolutions Computer System Security and Privacy Advisory Board June 4, 1993 Resolution #1 At Mr. Kammer's request we have conducted two days of hearings. The clear message of the majority of input was that there are serious concerns regarding the Key Escrow Initiative and the Board concurs with these concerns. Many of these issues are still to be fully understood and more time is needed to achieving that understanding. Accordingly, this Board resolves to have an additional meeting in July 1993 in order to more completely respond to Mr. Kammer's request and to fulfill its statutory obligations under P.L. 100-235. The Board recommends that the inter-agency review take note of our input collected, our preliminary finding, and adjust the timetable to allow for resolution of the significant issues and problems raised. Attached to this resolution is a preliminary distillation of the serious concerns and problems. Resolution #2 Key escrowing encryption technology represents a dramatic change in the nation's information infrastructure. The full implications of this encryption technique are not fully understood at this time. Therefore, the Board recommends that key escrowing encryption technology not be deployed beyond current implementations planned within the Executive Branch, until the significant public policy and technical issues inherent with this encryption technique are fully understood. [Attachment to Resolution #1]] - A convincing statement of the problem that Clipper attempts to solve has not been provided. - Export and important controls over cryptographic products must be reviewed. Based upon data compiled from U.S. and international vendors, current controls are negatively impacting U.S. competitiveness in the world market and are not inhibiting the foreign production and use of cryptography (DES and RSA) - The Clipper/Capstone proposal does not address the needs of the software industry, which is a critical and significant component of the National Information Infrastructure and the U.S. economy. - Additional DES encryption alternatives and key management alternatives should be considered since there is a significant installed base. - The individuals reviewing the Skipjack algorithm and key management system must be given an appropriate time period and environment in which to perform a thorough review. This review must address the escrow protocol and chip implementation as well as the algorithm itself. - Sufficient information must be provided on the proposed key escrow scheme to allow it to be fully understood by the general public. It does not appear to be clearly defined at this time and, since it is an integral part of the security of the system, it appears to require further development and consideration of alternatives to the key escrow scheme (e.g., three "escrow" entities, one of which is a non-government agency, and a software based solution). - The economic implications for the Clipper/Capstone proposal have not been examined. These costs go beyond the vendor cost of the chip and include such factors as customer installation, maintenance, administration, chip replacement, integration and interfacing, government escrow systems costs, etc. - Legal issues raised by the proposal must be reviewed. - Congress, as well as the Administration, should play a role in the conduct and approval of the results of the review. ======================================================= NIST Resolutions on Key Escow Issues and Clipper provided by CPSR Washington office 666 Pennsylvania Ave., SE Suite 303 Washington, DC 20003 rotenberg@washofc.cpsr.org ======================================================= ------------------------------ Apparently-To: gatech!emory!uunet!comp-society-privacy Newsgroups: comp.society.privacy From: John De Armond Subject: Re: Retaliatory Crimes Date: Sat, 05 Jun 93 05:39:47 GMT Organization: Dixie Communications Public Access. The Mouth of the South. John Higdon writes: >ThriftyTel got even by invoking a very nasty "hacker tariff" that >called for holding system penetrators liable for charges an order of >magnitude higher than normal. It was (and still is) quite a nice cash >cow for the operation. It also supplies the company with computers, >which they are allowed to seize. And there are quite a few families in >very dire straights right now trying to pay off TT's confiscatory >judgments. Too bad. I'm sure there are families in dire straights because the provider has committed a conventional crime and is now doing the time. Tough. The issue is not whether a company's systems can be secured. The issue is should they have to? Just as I should not have to lock up my house at night to protect myself from thieves, so should I not have to lock up my system in order to protect my data. That I have to lock my doors is an indication that the system has failed and NOT that the burglars are somehow innocent because they found easy spoils. Perhaps if we adopted something from the Saudi system and chopped off a finger of anyone caught hacking or stealing services, there would be no need for tight security. I really see no gray area here. Either the person is authorized to be on a system or he is not. If he is not, he should be punished just like someone who physically tresspasses is punished. John -- John De Armond, WD4OQC |Interested in high performance cars? Performance Engineering Magazine(TM) | Interested in high tech and computers? Marietta, Ga | Send ur snail-mail address to jgd@dixie.com | perform@dixie.com for a free sample mag The Great Tragedy of the 20th century is that Clinton's name isn't on the Wall. ------------------------------ End of Computer Privacy Digest V2 #049 ******************************