Computer underground Digest Sun July 18 1993 Volume 5 : Issue 53
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Cpyp Editor: Etaoin Shrdlu, Senior
CONTENTS, #5.53 (July 18 1993)
File 1--CPSR Urges Revision of Secrecy System
File 2--CPSR/Berkeley Meeting on access to govt info
File 3--CU in da Newz
File 4--More CuD Sources for Non-Interneters --GEnie
File 5--Hyde For Wiretaps
File 6--Reply to Ferguson
File 7--Re: Cu Digest, #5.51 --The AIS BBS Incident
File 8--Viruses (Reply to Paul Ferguson)
File 9--Another Reply to Paul Ferguson (RE CuD 5.52)
File 10--CONGRESS ASKED FOR HEARINGS ON OWENS (INFO ACCESS) BIL
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically from firstname.lastname@example.org. The
editors may be contacted by voice (815-753-6430), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG
WHQ) (203) 832-8441 NUP:Conspiracy; RIPCO BBS (312) 528-5020
CuD is also available via Fidonet File Request from 1:11/70; unlisted
nodes and points welcome.
EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893;
In ITALY: Bits against the Empire BBS: +39-461-980493
ANONYMOUS FTP SITES:
UNITED STATES: ftp.eff.org (220.127.116.11) in /pub/cud
uglymouse.css.itd.umich.edu (18.104.22.168) in /pub/CuD/cud
halcyon.com( 22.214.171.124) in /pub/mirror/cud
aql.gatech.edu (126.96.36.199) in /pub/eff/cud
AUSTRALIA: ftp.ee.mu.oz.au (188.8.131.52) in /pub/text/CuD.
EUROPE: nic.funet.fi in pub/doc/cud. (Finland)
ftp.warwick.ac.uk in pub/cud (United Kingdom)
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
Date: Thu, 15 Jul 1993 16:58:33 EST
From: David Sobel
Subject: File 1--CPSR Urges Revision of Secrecy System
CPSR Urges Revision of Secrecy System
Computer Professionals for Social Responsibility (CPSR) has
called for a complete overhaul in the federal government's information
classification system, including the removal of cryptography from the
categories of information automatically deemed to be secret. In a
letter to a special Presidential task force examining the
classification system, CPSR said that the current system -- embodied
in an Executive Order issued by President Reagan in 1982 -- "has
limited informed public debate on technological issues and has
restricted scientific innovation and technological development."
The CPSR statement, which was submitted in response to a task
force request for public comments, strongly criticizes a provision in
the Reagan secrecy directive that presumptively classifies any
information that "concerns cryptology." CPSR notes that "while
cryptography -- the science of making and breaking secret security
codes -- was once the sole province of the military and the
intelligence agencies, the technology today plays an essential role in
assuring the security and privacy of a wide range of communications
affecting finance, education, research and personal correspondence."
With the end of the Cold War and the growth of widely available
computer network services, the outdated view of cryptography reflected
in the Reagan order must change, according to the statement.
CPSR's call for revision of the classification system is based
upon the organization's experience in attempting to obtain government
information relating to cryptography and computer security issues.
CPSR is currently litigating Freedom of Information Act lawsuits
against the National Security Agency (NSA) seeking the disclosure of
technical data concerning the digital signature standard (DSS) and the
administration's recent "Clipper Chip" proposal. NSA has relied on
the Reagan Executive Order as authority for withholding the
information from the public.
In its submission to the classification task force, CPSR also
called for the following changes to the current secrecy directive:
* A return to the "balancing test," whereby the public
interest in the disclosure of information is weighed against
the claimed harm that might result from such disclosure;
* A prohibition against the reclassification of information
that has been previously released;
* The requirement that the economic cost of classifying
scientific and technical be considered before such
information may be classified;
* The automatic declassification of information after 20
years, unless the head of the original classifying agency,
in the exercise of his or her non-delegable authority,
determines in writing that the material requires continued
classification for a specified period of time; and
* The establishment of an independent oversight commission
to monitor the operation of the security classification
The task force is scheduled to submit a draft revision of the
Executive Order to President Clinton on November 30.
The full text of the CPSR statement can be obtained via ftp, wais
and gopher from cpsr.org, under the filename
CPSR is a national organization of professionals in the computing
field. Membership is open to the public. For more information on
CPSR, contact .
Date: Thu, 15 Jul 1993 11:09:05 -0700
From: "James I. Davis"
Subject: File 2--CPSR/Berkeley Meeting on access to govt info
Computer Professionals for Social Responsibility
Sunday, July 25, 1993
BMUG Office: 2055 Center Street
2:00 - 4:00 p.m.
The Federal government produces information in nearly all areas
of interest. It not only provides information about its own
activities (Congressional Record and the Federal Register) and about
the nation (census information), but also in areas of agriculture,
commerce, science and even the arts. Numerous laws have been
enacted that mandate public access to Federal information. But the
fact is that over the last decades, public access to Federal
information has been steadily decreasing.
Where is Federal information policy going in an electronic age
and under a new presidential administration? What is happening to
the concept of "free access" to government documents in a period of
economic retrenchment? These and other government information
issues will be discussed by Gary Peete, UCB Business/Economics
Librarian and former head of the Berkeley Government Documents
CPSR/Berkeley Chapter welcomes all interested persons to
join us for this presentation and open discussion of the issues.
Date: 08 Jul 93 08:24:17 EDT
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 3--CU in da Newz
Captain Zap and Information Week
The June 21, 1993 issue of Information Week magazine features a cover story
on "Hackers for Hire: Would You Trust a Convicted Criminal to Test Your
Network's Security?". Pictured on the cover is Ian "Captain Zap" Murphy,
president of IAM/Secure Data Systems. IAM/Secure is a firm that employs
people convicted of computer crimes to form so-called "tiger teams". Murphy
claims to have made over $500,000. a year from his services. Price
Waterhouse also offers what it calls "Data Security Penetration Studies"
although the firm does not employ any ex-hackers. It offers four levels of
services, ranging from using "demon dialers" to find dial-ins to acting as
a legitimate user trying to break security from the inside of the system.
The article includes comments from Dorothy Denning, Donn Parker, and Phrack
prosecutor Bill Cook. The latter warns that firms hiring hackers may
inadvertently hire someone who has been targeted by law enforcement.
Internal Hackers at Dillard's
The Dillard's department store chain reports that five employees of Norstan
Communications broke into Dillard's automated special events ticket sales
system. The store was selling tickets for the Phoenix Sun's NBA playoff
games. The automated system was purchased from Norstan. Dillard's intends
to press charges and beef up the security of the system.
(Information Week. June 7, 1993. pg 8)
The Information Industry Association (IIA) joined with business, library ,
public interest, and press representatives to criticize implementation of a
law that directs a government agency to sell public information for a
profit. The coalition filed comments to the Federal Maritime Commission in
response to the FMC's proposed rules to charge royalty fees for access to
and redistribution of public domain data in electronic formats. Calling the
approach dictatorial, the IIA says the law "transgresses First Amendment
principles and distorts the relationship between citizens and their
(Communications of the ACM. May 1993. Pg 12 Reprinted with permission)
Data Breach Shocks Hospital Group
Information Week (June 14, 1993 pg 14) reports that an accidental security
breach at the American Hospital Association revealed the names of 42
employees who were scheduled to be laid off the following week. The article
states "The result of the June 4 security breach was total mayhem. Because
the layoffs were a surprise to many of the targeted employees, AHA
officials feared they or others might be a tempted to retaliate. As a
precaution, the AHA shut down its entire computer system that day, a
Friday, and sent employees home early". The breach occurred because the
confidential document was left in an unprotected subdirectory on a Unix
server in the human resources department.
After Computer Associates announced that it would give away 1 million
copies a new finance package for Intel-based PCs, another company topped
the offer by saying it would give away 2 million copies of its software.
Unfortunately the other company, Minnesota Software, apparently doesn't
exist. Many magazines were taken in by the offer, running stories about it,
including Information Week. The state of Minnesota is investigating but
says it is a low priority because few complaints have been received about
(Information Week. July 5, 1993. Pg. 8)
SRI says 'Shhhh'
SRI International, Inc (Menlo Park, CA) has released a report entitled "The
State of Security in Cyberspace". According to the report the biggest
security flaws in any computer system are the result of procedural and
administrative weaknesses, not technical flaws. Most hackers, it says, gain
admittance to networks by exploiting widely available, non-proprietary, and
public information. SRI advises that above all else, companies should keep
information about networks as proprietary as possible.
(Information Week. July 5, 1993. Pg. 62)
Date: Mon, 19 Jul 93 03:43:00 BST
Subject: File 4--More CuD Sources for Non-Interneters -- GEnie
This is part of our continuing series of where non-Internet users can find
issues of CuD. This installment focuses on GEnie (General Electric
Network for Information Exchange).
There are two main CuD repositories on GEnie. The PF*NPC RT and the
PF*NPC (Public Forum/Non-Profit Connection) Roundtable Keyword: PF
Issues of CuD can be found in the Computers & Technology section of the
library (library #2). The library features a complete collection of
CuD. If you're missing issues from prior years, this is the place to
find them. All issues are compressing using ARC for cross-platform
compatibility. The library is kept up-to-date will all new CuDs, but
there may be several days delay until new issues are uploaded.
(Uploading is usually done by Gordon, CuD co-mod, who may wait until
two or three issues are waiting to be sent.)
If you're looking for a discussion of issues similar to those covered
in CuD drop in on Category 7 (Technology) in the PF*NPC Bulletin
Board. The bulletin board features many other topics of political and
Virus & Security Roundtable Keyword: VSRT
The Virus Roundtable on GEnie is loaded with files and discussion of
interest to CuD readers. Issues of CuD are located in the section
four (publications) of the library. Issues appear here very quickly,
usually just a day or two, after they are released. They are
compressed in ZIP format.
The Bulletin Board section of the Roundtable is filled with topics of
interest. You'll find topics for encryption, security concerns, and
(of course) viruses. A CuD discussion can be found in category 4
(Computer Security Discussions).
Obtaining CuD directly via GEnie
As of July 1, 1993 all GEnie subscribers have access to Internet
mail. To obtain a subscription to CuD send a one-line message
('subscribe CuD') to the following address:
Note that the '@inet#' is specific to GEnie and signifies that the
message is to be sent to the Internet gateway.
You'll be added to the CuD mailing list and begin receiving new
issues as they are released. Note that CuD issues are typically
around 50K in length and are sent as regular ASCII text. If you want
to save online time it would be best to download a compressed file
from one of the Roundtables.
Signing up for GEnie
The Virus and Security Roundtable invites CuD readers to sign-up for
GEnie. Simply follow these directions....
1. Set your modem for half duplex (local echo), at 300, 1200 or
2. Dial (toll-free) 1-800-638-8369. Upon connection, enter HHH
(In Canada, dial 1-800-387-8330)
3. At the U#= prompt, enter XTX99259,GENIE and press RETURN.
If you need additional assistance, call 1-800-638-9636 (USA or
Canada) to talk to a GEnie Client Services Representative.
In CuD 5.49 we ran a transcript of GEnie Virus/Security Roundtable
conference. We neglected to mention that the complete transcript is
available for downloading in the Virus RT. Also, the transcript is
Copyrighted (c)1993 GEnie. It was re-printed with permission.
Date: 11 Jul 93 12:51:42 EDT
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 5--Hyde For Wiretaps
One of the CuD co-editors recently wrote to Representative Henry J.
Hyde (6th District - Illinois - Republican) and asked his position on
the digital telephone requirements being sought by the FBI. The
following is a verbatim copy of his reply.
Congress of the United States
House of Representatives
Henry J. Hyde
6th District, Illinois
Committee: Judiciary, Foreign Affairs
Chairman: Republican Policy Committee
June 30, 1993
Dear Mr. Meyer:
Thank you for your letter. I believe that law enforcement agencies
must be able to conduct wire surveillance over the telephone
networks. As telephone companies upgrade our nation's
telecommunications infrastructure, they must make sure that this
vital investigative tool is not lost. Presently, the Baby Bells and
the FBI are conferring over how to ensure the future of wire
surveillance in a way that will not retard the development of the
phone networks. While I hope these negotiations succeed, I will
support an appropriate legislative solution if one becomes necessary.
Thanks again for writing. Your comments were helpful and welcome.
Very truly yours,
Henry J. Hyde
Date: Tue, 13 Jul 1993 06:32:01 -0700
From: Frank Tirado
Subject: File 6--Reply to Ferguson
((MODERATORS' NOTE: A letter circulated by Jim Lipschultz providing
in-depth background on the AIS BBS incident as drawn considerable
attention. Some readers, apparently attributed Jim's letter to Frank
Tirado. Here, Frank removes any misundersandings)).
Apparently Fergie attributed Lipschultz's article to me. What follows is
AN OPEN LETTER TO PAUL FERGUSON.
Message from Paul Ferguson to Cory Tucker:
"....I find your posts rather humorous, yet at the same time
offensive. If Mr. Tirado wishes to confront the issue
himself, I'd suggest he do so. His absence here in Fidonet
or Usenet somehow diminishes his credibility. In the
meantime, please refrain from posting such drivel....."
I went through the back issues of Crypt, as well as anywhere else
I might have been quoted, to see what I might have said to so raise
your ire. I'm left with the impression that you ascribe to me the
article written by Jim Lipschultz, an article which I helped edit
and which I personally found quite droll. Sorry, much as I would
like to take credit for his work, the words are all his.
You say you found the article offensive? Frankly, that depends on
who's on the receiving end, eh? I'd call it irreverent, at worst.
Besides, you're a big boy and can handle this sort of thing without
loosing your cool....... can't you?
But I digress. I find it fitting that I am called upon to defend
an issue about which I have strong feelings. But how to go about
it? Anything I might say will simply be rehashing what is now
history, and will not bring about an ex post facto resurrection of
Kim's board. Suffice it to say that, for the most part, my
feelings and opinions, as well as those of most of my colleagues,
parallel those of Jim's (though I doubt if I could get my point
across with such savoir faire).
Lets take a look instead at what has been accomplished by shutting
down the AIS board:
o The information which was on that board is now on four others.
Obviously part of your carefully thought out strategy to
eliminate such information from "legitimate" boards. If
anything, these boards will provide the same services the AIS
board did, but to a greater extent.
o Kim Clancy is now far more credible than before in the
"underground", and an even more desirable commodity among the
the above-ground interests.
o Closing down the AIS board eliminated a major avenue for the
propagation of viruses........ Oops! My imagination ran wild
for a moment. You and I both know that not the slightest dent
has been made in the flow of information which you and your
cohorts find so objectionable.
o Now the virus boards cannot point at the AIS board and say:
"If they're doing it, why can't we?" I'll grant you this one,
but I really can't see virus boards using this defense very
successfully, should it ever come to that.
o Those individuals who could "legally" (there was nothing
illegal about any information obtainable through the AIS
board) obtain useful and pertinent information from the
underground will now probably gravitate towards hacker or
virus boards. You think not? Let's wait and see.....
A major victory for the forces of Good? Not at all. Nothing has
been accomplished other than to further inflate some people's
already grossly bloated egos (you know who you are).
Your statement that my "absence here in Fidonet or Usenet somehow
diminishes (my) credibility" is ludicrous. In other words, I'm
outside of your control so my opinions don't count. Frankly, I
reserve the right to disagree with you whenever our views differ.
If that means that I refuse to be subject to your petty satrapy,
then so be it. And, by the way, what would you say of the
credibility of an individual who doesn't have the courage to sign
his name to a message accusing someone else of excesses? At least
Jim and I sign our names to our posts.
Put into the simplest terms, I see the AV community, with some few
exceptions, evolving into a kind of priesthood whose Mysteries are
composed of polymorphic viruses and source code, hidden behind a
veil of mummery and slight of hand. Never mind that virus authors
and several hundred thousand people of all ages have access to that
self-same information; as a security officer I only need to know
what you tell me. Of course, you only are doing this for my own
I don't think so. I find it next to impossible to implicitly
accept the word of a group whose bottom line is the almighty
dollar. Besides, as a self-regulating group you guys can't even
police yourselves. I obtained my first 20 viruses from a vendor at
the same conference where Peter Tippett first proposed not sharing
viruses. The implications should be "crystal clear", considering
the plethora live viruses and source code floating around with the
imprimatur of the major AV software developers.
The fact is that the members of the AV community are nowhere near
the paragons of pulchritude they proclaim themselves to be, and the
virus underground is not the Evil Empire. If the truth be told,
there is both good and bad in each group.
Quis custodiet custodians? I find this statement apt as applied to
the AV community in general. Who is watching you? I guess I
shouldn't worry my little head about this, since you have only our
best interests at heart.
Finally, here's my bottom line: I will do whatever I think best in
order to accomplish my job effectively. If I must, I will collect
viruses in order to test the claims of AV products, or source code
so that I can understand the inner workings of viruses. That
includes access to 40-Hex, Nuke InfoJournal, and whatever else I
can get my hands on. That's my decision to make, not yours.
I encourage others to make their own decisions based on all
available information, and not slavishly follow the dictates of
some self-appointed virus gurus.
Date: Tue, 13 Jul 93 10:30:06 CDT
From: chris%canary%rio@UUNET.UU.NET(Chris Johnson)
Subject: File 7--Re: Cu Digest, #5.51 -- The AIS BBS Incident
After reading half a dozen articles about the AIS BBS controversy, I
can't help but think that the whole thing smacks of some sort of
personal vendetta on the part of Paul Ferguson against Kim Clancy.
Perhaps he was only jealous of her growing professional reputation.
Or maybe he made a pass at her only to be rebuffed for being the
unethical fink that he is.
I'm not as willing as Jim Thomas to believe Paul Ferguson was sincere
in his concerns. In fact, I don't believe he was at all, but rather
his entire intent was to cause trouble for someone, probably Kim.
Jim Thomas also writes:
"Sadly, I must make one final comment. It's said that some
people, angered at this affair, are planning to retaliate
against those judged responsible. This would be an ethically
bankrupt response. Predatory behavior decivilizes
cyberspace just as it does the "real world." The best
response to cyber-conflict usually is to air disputes in
public and debate them aggressively and honestly. We need
fewer, not more, razorblades in the sand if we're to create
a civilized environment."
I agree, mostly, but the problem is the lack of communications between
Cyberspace and the rest of the world. No amount of airing disputes
and debating them here in Cyberspace is going to correct the
wrong-headed criticism from the print media, congressional members and
staff, pressure to change from congressional members and staff, or
any sort of reprimand, criticism or loss of reputation Kim Clancy has
suffered from her superiors at the Bureau of Public Debt.
Date: Sun, 18 Jul 93 16:58:47 EDT
From: joec@CFCSYS.LINET.ORG(Joseph Christie)
Subject: File 8--Viruses (Reply to Paul Ferguson)
An open letter to Mr. Ferguson
I just could not read your response in CUD #5.52 (July 14 1993)
without responding. I realize that you are probably quite busy
reading(or trashing) large volumes of hate mail so I do not expect a
response to this, I just wanted to share my thoughts on this issue
In your article you say:
>I consider myself a proponent of freedom of
>information, but I also believe there are limits to one's freedom.
>In fact, I'm most fond of the adage,"The freedom to swing your fist
>ends when it meets my face." In other words, one's right to a
>particular freedom ends where it infringes on someone else's rights
>for safety or privacy, in this instance.
Using this logic we should close down or severely restrict access to
gasoline stations since there is a known correlation between the
number of gasoline related arsons and the availability of gasoline.
Society has chosen a different approach, we attempt to teach social
responsibility to all potential purchasers of this substance rather
than excessively restricting access to it.
Repression or limiting access to anything, be it tangible goods or
an idea, only creates a black market atmosphere among those who have
illicit access in spite of the repression. This mystifies the good/idea
and tends to make it more attractive to anti-social individuals. This
encourages them to become involved in the activity and even creates or
amplifies a competition atmosphere among those involved.
I would submit that the open exchange of ideas and information in this
area would help to demystify viruses and their creation and lessen
it's "fad potential". There will always be those with a curiosity
about viruses but if anyone can get a kit and whip out a virus in 5 or
10 minutes, then virus creators will not have the mythical status of
folk heroes that was once bestowed on practitioners of this activity a
few years ago.
Besides, I still think that some good can come from understanding
viruses and how they work beyond the field of virus protection. I have
a sneaky suspicion that one could learn a lot about how to write a
virus program by studying how file compression programs like Stacker
and Superstor work. They don't self replicate, but some of their
operations seem virus-like other than that.
Date: Sun, 18 Jul 93 23:53:52 CDT
Subject: File 9--Another Reply to Paul Ferguson (RE CuD 5.52)
I read your article in the Computer Underground Digest, and I must
admit that while your whole handling of the issue disgusts me, and I
am actually approaching a state of violent illness just typing this,
your pomposity really deserves some form of reproach.
Let's skip the preamble about what the distribution of virus code does
or doesn't do, and let's cut right to the chase:
| I certainly claim no "moral high ground" on the issue. I took what I
| thought was the best venue of approach, which was to bring this topic
| out of the shadows and into the forefront for discussion.
You did no such thing. "Discussion" was the furthest thing from your
mind. Call a spade a spade, man. You sent an anonymous message
giving an inaccurate portrayal of the situation (when you apparently
should have known better) to people you knew would react---not by
rationally discussing the issue---but by taking extreme, immediate
As a result, you've seriously damaged the reputation of someone who
appears to be a very capable asset to the security community. You've
removed a source of information on viral infections that---first-hand
testimony has it---was a valuable tool. And you've set a precedent
that will undoubtedly seriously skew the information content of that
BBS's files. Those documented security flaws? Can't have those on
here---this BBS is government funded. An explanation of the failings
of such-and-such an encryption scheme? Whoa! Can't let that fall
into the wrong hands. Congratulations, you've won one (or more) for
the bad guys!
And despite your pretense that you are taking great pains not to tread
moral high ground, you clearly shot to kill---you manipulated the
situation to ensure that your morality, and yours alone, would win the
As for your anonymity, in addition to affording you a cheap thrill
with respect to the whole "cloak-and-dagger" atmosphere, it
conveniently shielded you from any call to justify your accusations.
In the end, you've gotten your just deserts---it's made you out be a
coward, and more people will remember you as such than I'd want were I
in your shoes.
| Although I may not agree with what you may say, I would give my
| life for your right to freedom of expression.
You can't imagine how much I doubt this. Cheap lip service does
very little for me.
For your own sake, I hope you aren't the person your actions (and your
| What happened to the hacker ethic? I seem to recall a "no damage
| clause" which still echoes in my mind, especially with the advent
| of this fiasco. "Damage?" "Damage," you say, "What Damage?" "AIS
| only made it available -- they're not responsible for what is
| done with it!"
Maybe you should think about your own "no damage clause".
Date: Fri, 16 Jul 1993 17:07:01 EDT
Subject: File 10--CONGRESS ASKED FOR HEARINGS ON OWENS (INFO ACCESS) BIL
Taxpayer Assets Project
Information Policy Note
June 12, 1993
WASHINGTON, June 12. Today 15 citizen groups wrote to
Representative Gary Condit (D-CA) asking for hearings on HR 629,
the Improvement of Information Access Act (IIA Act, sometimes
referred to as the "Owens bill" after its sponor, Rep. Major
Owens of NY).
Condit is the new Chair of the House Subcommittee on
Government Information. This subcommittee has bottled HR 629
up for the past two years, due primarily to opposition to the
bill by lobbyists for commercial data vendors.
Groups calling for hearings include the Taxpayer Assets
Project, Computer Professionals for Social Responsibility, Public
Citizen, Center for Media Education, Association of Research
Libraries, Center for Civic Networking, the Information Trust,
Consumer Federation of America, FAIR, Government Accountability
Project, National Writers Union, Environmental Research
Foundation, Federation of American Scientists, Essential
Information, and the National Coordinating Committee for the
Promotion of History.
The letter follows:
June 12, 1993
Representative Gary Condit
Chair, Subcommittee on Government Information,
Justice and Agriculture
Committee on Government Operations
U.S. House of Representatives
Washington, DC 20515
Dear Representative Condit:
We are writing to request that you hold a hearing of the
Subcommittee on Government Information, Justice and Agriculture
to consider HR 629, the Improvement of Information Access Act
(IIA Act). This legislation, first introduced in 1991, is a very
important proposal that would broaden public access to government
information resources. The IIA Act reflects the views and needs
of the research, education and library community. The issues
addressed in the bill are relevant to public access to government
information in an era when computers are increasingly important.
The IIA Act addresses the following issues:
1. AGENCIES ARE GIVEN A MANDATE TO USE MODERN COMPUTER
TECHNOLOGIES TO DISSEMINATE GOVERNMENT INFORMATION
Agencies are required to disseminate information in diverse modes
and through appropriate outlets, including federal depository
libraries, national computer networks such as the Internet, and
other outlets. They must assure free or low-cost public access
to Government information. Agency dissemination efforts must
ensure the timeliness, usefulness, and reliability of the
information for the public. Agencies are given a mandate to
provide data users with adequate documentation, software,
indexes, or other resources that will permit and broaden public
access to Government information.
Why are these measures needed?
While some agencies have taken bold and imaginative
steps to broaden public access to Government
information through the use of modern information
technologies, other agencies actively resist efforts to
broaden public access. This bill would give federal
agencies a mandate to provide the types of information
services and products that are important to data users.
Agencies would be required to disseminate information products
and services in standardized record formats. Agencies would be
required to report annually on efforts to develop or implement
standards for file and record formats, software query command
structures, user interfaces, and other matters that make
information easier to obtain and use, and also on agency
provisions for protecting access to records stored with
technologies that are superseded or obsolete.
The National Institute for Standards and Technology (NIST) and
the National Records and Archives Administration (NARA) would be
required to develop and periodically revise voluntary performance
standards for public access to government records.
Why are these measures needed?
Many federal agencies have not yet developed standards
for information systems, and thus it is often difficult
for agencies to share data or for the public to obtain
access to agency information resources.
The IIA Act would set a government wide limit on the prices the
federal government can charge on information products and
services. This price limit would be the incremental cost of
dissemination, which is defined to exclude the costs of data
collection. Agencies would not be allowed to impose royalties or
other fees on the redissemination of federal government
Why are these measures needed?
As federal agencies are faced with difficult fiscal
pressures, they are looking at information resources as
a source of income. Many agencies price electronic
information products and services far above
dissemination costs, and impose royalties and
restrictions on the redissemination of information.
Such policies erode the public's right-to-know, and
lead to a society where information is rationed to the
most affluent. The IIA Act limits user fees on
information products and services to dissemination
costs, which is the policy which has long been used for
information published in paper formats. Limiting the
prices for information products and services to the
costs of dissemination is also consistent with the
recently revised OMB Circular A-130.
4. PUBLIC NOTICE
Perhaps most importantly, the IIA Act would make the federal
management of information resources more democratic. Every year
federal agencies would be required to publish a report which
- the plans to introduce or discontinue information products
- the efforts to develop or implement standards for file and
record formats, software query command structures and other
matters that make information easier to obtain and use,
- the status of agency efforts to create and disseminate
comprehensive indexes or bibliographies of their information
products and services,
- the means by which the public may access the agency's
- the plans for preserving access to electronic information
that is stored in technologies that may be superseded or
- the agency plans to keep the public aware of its information
resources, services and products.
Agencies would be required to solicit public comments on this
plan, including comments on the types of information collected
and disseminated, the agency's methods of storing information,
their outlets for disseminating information, the prices they
charge for information and the "validity, reliability,
timeliness, and usefulness to the public of the information."
The agency would be required to summarize the comments it
receives and report each year what it has done to respond to the
comments received in the previous year.
Why are these measures needed?
It is essential that federal agencies become more
involved with citizens at the grass roots as they
design information policies. Citizens have important
information regarding the way Government information is
used, and they also have important insights regarding
emerging information technologies. When issues such as
standards are involved, it is essential to have regular
and frequent input from citizens regarding the choice
of standards, particularly since technologies are
rapidly changing. These public notice provisions will
empower citizens at the grass roots to shape federal
policies in ways that benefit the public.
HEARINGS ARE NEEDED ON HR 629
While this important legislation has broad backing from the right
to know community, and has been endorsed by such groups as Public
Citizen, the American Library Assocation, Computer Professionals
for Social Responsibility (CPSR) and the Taxpayer Assets Project,
the Subcommittee on Government Information should schedule or
conduct a hearing on this bill.
James Love, Taxpayer Assets Project; P.O. Box 19367, Washington,
DC 20036; 202/387-8030; email@example.com
Paul Wolfson, Public Citizen; 2000 P Street, NW, Suite 700
Washington, DC 20036; 202/833-3000
Pam Gilbert, Congress Watch; 215 Pennsylvania Avenue, SE,
Washington, DC 20003; 202/546-4996
Marc Rotenberg, Computer Professionals for Social Responsibility
666 Pennsylvania Avenue, SE, Suite 303, Washington, DC 20003;
Tom Devine, Government Accountability Project, 810 First Street,
NE, Suite 630, Washington, DC 20002; 202/408-0034
Prue Adler, Association of Research Libraries, 21 Dupont Circle,
NW, Washington, DC 20036; 202/296-8656l; firstname.lastname@example.org
Jeff Chester, Center for Media Education, P.O. Box 330039,
Washington, DC 20033; 202/628-2620; email@example.com
Richard Civille, Center for Civic Networking, P.O. Box 65272
Washington, DC 20035; 202/362-3831; firstname.lastname@example.org
Page Miller, National Coordinating Committee for the Promotion of
History; 400 A Street, SE, Washington, DC 20003; 202/544-2422
Scott Armstrong, The Information Trust, 1330 Connecticut Avenue,
NW, Suite 220, Washington, DC 20036; 202/296-4833
Brad Stillman, Legislative Counsel, Consumer Federation of
America, 1424 16th Street, NW, Suite 604, Washington, DC 20036
Janine Jackson, FAIR, 130 West 25th Street, New York, NY 10011;
John Richard, Essential Information, P.O. Box 19405, Washington,
DC 20036; 202/387-8034; email@example.com
Jonathan Tasini, National Writers Union, 739 West 186th Street
Apartment 1A, New York, NY 10033; 212/927-1208;
Peter Montague, Environmental Research Foundation, P.O. Box 5036
Annapolis, MD 21403; firstname.lastname@example.org
Steven Aftergood, Federation of American Scientists, 307
Massachusetts Ave., NE, Washington, DC 20002; 202/675-1012
tap+info postings are archived at cpsr.org. ftp: ftp.cpsr.org;
gopher: gopher.cpsr.org; wais: wais.cpsr.org
To receive tap+info, send a note to email@example.com
Taxpayer Assets Project, P.O. Box 19367, Washington, DC 20036;
v. 202/387+8030; f. 202/234+5176; internet: firstname.lastname@example.org
End of Computer Underground Digest #5.53