Computer underground Digest Sun Feb 27, 1994 Volume 6 : Issue 19 ISSN 1004-042X Editors: J
Computer underground Digest Sun Feb 27, 1994 Volume 6 : Issue 19
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe (He's lurking in the archives now)
Acting Archivist: Stanton McCandlish
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Clipper Editor: Hank O'Haira
CONTENTS, #6.19 (Feb 27, 1994)
File 1--"Clipper Chip will Block Crime" / D. Denning (Newsday)
File 2--Re: "Clipper Chip will Block Crime" (#1)
File 3--Re: "Clipper Chip will Block Crime" (#2)
File 4--Nat'l Symposium on Proposed Arts & Humanities Policies
File 5--Criticism of CuD post on Virus Contest
File 6--Media "Hackers" Whack Harding's E-mail
File 7--Entrapment Scam?
File 8--Letter to Rep. Molinari (R-Brooklyn)
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.
To subscribe, send a one-line message: SUB CUDIGEST your name
Send it to LISTSERV@UIUCVMD.BITNET or LISTSERV@VMD.CSO.UIUC.EDU
The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on internet);
and on Rune Stone BBS (IIRGWHQ) (203) 832-8441.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.
EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893;
In ITALY: Bits against the Empire BBS: +39-461-980493
ANONYMOUS FTP SITES:
AUSTRALIA: ftp.ee.mu.oz.au (18.104.22.168) in /pub/text/CuD.
EUROPE: ftp.funet.fi in pub/doc/cud. (Finland)
ftp.warwick.ac.uk in pub/cud (United Kingdom)
aql.gatech.edu (22.214.171.124) in /pub/eff/cud
etext.archive.umich.edu (126.96.36.199) in /pub/CuD
ftp.eff.org (188.8.131.52) in /pub/Publications/CuD
ftp.halcyon.com (184.108.40.206) in mirror2/cud
KOREA: ftp: cair.kaist.ac.kr in /doc/eff/cud
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
Date: Mon, 21 Feb 1994 22:45:51 EST
Subject: File 1--"Clipper Chip will Block Crime" / D. Denning (Newsday)
Newsday, Tuesday, February 22, 1994, Viewpoints
The Clipper Chip Will Block Crime
By Dorothy E. Denning
Hidden among the discussions of the information highway is a fierce
debate, with huge implications for everyone. It centers on a tiny
computer chip called the Clipper, which uses sophisticated coding to
scramble electronic communications transmitted through the phone
The Clinton administration has adopted the chip, which would allow
law enforcement agencies with court warrants to read the Clipper codes
and eavesdrop on terrorists and criminals. But opponents say that, if
this happens, the privacy of law-abiding individuals will be a risk.
They want people to be able to use their own scramblers, which the
government would not be able to decode.
If the opponents get their way, however, all communications on the
information highway would be immune from lawful interception. In a
world threatened by international organized crime, terrorism, and rogue
governments, this would be folly. In testimony before Congress, Donald
Delaney, senior investigator with the New York State Police, warned
that if we adopted an encoding standard that did not permit lawful
intercepts, we would have havoc in the United States.
Moreover, the Clipper coding offers safeguards against casual
government intrusion. It requires that one of the two components of
a key embedded in the chip be kept with the Treasury Department and the
other component with the Commerce Department's National Institute of
Standards and Technology. Any law enforcement official wanting to
wiretap would need to obtain not only a warrant but the separate
components from the two agencies. This, plus the superstrong code and
key system would make it virtually impossible for anyone, even corrupt
government officials, to spy illegally.
But would terrorists use Clipper? The Justice Department has
ordered $8 million worth of Clipper scramblers in the hope that they
will become so widespread and convenient that everyone will use them.
Opponents say that terrorists will not be so foolish as to use
encryption to which the government holds the key but will scramble
their calls with their own code systems. But then who would have
thought that the World Trade Center bombers would have been stupid
enough to return a truck that they had rented?
Court-authorized interception of communications has been essential
for preventing and solving many serious and often violent crimes,
including terrorism, organized crime, drugs, kidnaping, and political
corruption. The FBI alone has had many spectacular successes that
depended on wiretaps. In a Chicago case code-named RUKBOM, they
prevented the El Rukn street gang, which was acting on behalf of the
Libyan government, from shooting down a commercial airliner using a
stolen military weapons system.
To protect against abuse of electronic surveillance, federal
statutes impose stringent requirements on the approval and execution
of wiretaps. Wiretaps are used judiciously (only 846 installed
wiretaps in 1992) and are targeted at major criminals.
Now, the thought of the FBI wiretapping my communications appeals to
me about as much as its searching my home and seizing my papers.
But the Constitution does not give us absolute privacy from
court-ordered searches and seizures, and for good reason. Lawlessness
Encoding technologies, which offer privacy, are on a collision
course with a major crime-fighting tool: wiretapping. Now the
Clipper chip shows that strong encoding can be made available in a way
that protects private communications but does not harm society if it
gets into the wrong hands. Clipper is a good idea, and it needs
support from people who recognize the need for both privacy and
effective law enforcement on the information highway.
Copyright Newsday. All rights reserved. This article can be freely
distributed on the net provided this note is kept intact, but it may
not be sold or used for profit without permission of Newsday.
Date: Fri, 25 Feb 1994 22:43:48 EST
From: email@example.com (Ron Rivest)
Subject: File 2--Re: "Clipper Chip will Block Crime" (#1)
(Fwd by CPSR)
Hi Dorothy --
Thanks for sending me a copy of your editorial. But I find the
reasoning you present misleading and unpersuasive.
First, you argue that the clipper chip will be a useful law
enforcement tool. Given the small number of currently authorized
wiretaps per year (under 1000) and the ease of using alternative
encryption technology or superencryption, it seems plausible to me
that law enforcement could expect at most ten "successful" clipper
wiretaps per year. This is a pretty marginal basis for claiming that
clipper will "block crime".
Second, you seem to believe that anything that will "block crime" must
therefore be a "good thing" and should therefore be adopted. This is
not true, even if it is not subject to government abuse. For example,
a system that could turn any telephone (even when on-hook) into an
authorized listening microphone might help law enforcement, but would
be unacceptable to almost all Americans. As another example, tattooing
a person's social security number on his or her buttocks might help
law enforcement, but would also be objectionable. Or, you could
require all citizens to wear a bracelet that could be remotely queried
(electronically, and only when authorized) to return the location of
that citizen. There are all kinds of wonderfully stupid things one
could do with modern technology that could "help" law enforcement.
But merely being of assistance to law enforcement doesn't make a
proposal a good thing; many such ideas are objectionable and
unacceptable because of the unreasonably large cost/benefit ratio
(real or psychological cost). The clipper proposal, in
my opinion, is of exactly this nature.
Third, you seem unnecessarily polly-annish about our government and the
potential for abuse. The clipper proposal places all trust for its
management within the executive branch; a corrupt president could
direct that it be used for inappropriate purposes. The unspecified
nature of many of the associated procedures leaves much room to
speculate that there are "holes" that could be exploited by government
officials to abuse the rights of American citizens. Even if the
proposal were modified to split the trust among the various branches
of government, one might still reasonably worry about possible abuse.
Merely because you've met the current set of representatives of
various agencies, and feel you can trust them, doesn't mean that such
trust can be warranted in their successors. One should build in
institutional checks and balances that overcome occasional moral
lapses in one or more office holders.
Fourth, your discussion of "searching your home and seizing your
papers" is misleading. You seem to imply that because law enforcement
can be issued a warrant to search your home, that we should adopt
clipper. Yet this analogy only makes sense if individuals were
required to deposit copies of their front door keys with the
government. I can build any kind of house I wish (out of steel, for
example), and put any kind of locks on it, and wire up any kind of
intrusion detectors on it, etc. The government, armed with a search
warrant, is not guaranteed an "easy entry" into my home at all. The
appropriate analogical conclusion is that individuals should be able
to use any kind of encryption they want, and the government should be
allowed (when authorized, of course) to try and break their
Finally, you argue (elsewhere, not in this editorial) that the decision
rests in part on "classified" information. Such an argument only makes
sense if there is a specific law-enforcement situation that makes such
classified information timely and relevant. (E.g., if there was a
current investigation as to whether the Department of the Treasury had
been infiltrated by organized crime.) The use of "classified information"
is otherwise generally inappropriate in discussing communications policy
that will last over decades.
This hardly covers all of the relevant issues, but it covers the
points that came immediately to mind in reading your editorial...
P.S. Feel free to pass along, quote, or otherwise re-distribute this...
Date: Fri, 25 Feb 1994 18:43:12 PST
From: Jim Thomas
Subject: File 3--Re: "Clipper Chip will Block Crime" (#2)
Dorothy Denning's defense of Clipper as a crime-fighting strategy (as
reported in Newsday, 22 Feb--see above file) reflects sincerity and
passion. I have considerable intellectual and personal respect for
Dorothy. In 1990, she was among the first to challenge media and law
enforcement myths of the "dangerous hacker," and she did so while
working in the private sector at the peak of the "hacker crackdown,"
which took considerable courage. She, along with John Nagel, also was
instrumental in deflating the Government's case against Craig Neidorf
in the Phrack/E911 trial in June, 1990, when she and John flew to
Chicago at their own expense to help the defense prepare its case. Her
good will, altruism, and integrity are unimpeachable. However, her
defense of Clipper on the grounds that it will help fight crime
requires some examination.
CPSR, EFF and others have addressed some of the issues the Newsday
story raises (see past CuDs and the documents in EFF's archives at
ftp.eff.org /pub/EFF and browse). There are, however, a few specific
examples used in the story to defend Clipper that I find troublesome.
1) Citing Don Delaney, senior investigator of the New York State
Police, inspires little confidence. Dorothy notes that Delaney said
that without an encoding standard that would not permit lawful
intercepts, "we would have havoc in the United States." The hyperbole
makes a dramatic media sound byte, but I can think of no society,
none, ever, in which social stability and order were based on a
government's ability and legitimate (or even illicit) power to surveil
citizens at will. Generally, societies in which government ability to
monitor citizens was high historically have been those in which
respect for government authority was low, or in which stability was
imposed by political repression. Although a minor point, the appeal
to fears of undemonstrated social chaos to enact policies that
threaten privacy are misdirected.
If Delaney's comments before last summer's Congressional hearings are
to be adduced as justification for Clipper, then his comments must be
placed in the context in which they were made. The context does little
to assure those of use concerned with the implications of Clipper for
civil liberties. Delaney's comments occurred as critical commentary on
2600 Magazine, which we judged as dangerous to teenagers (emphasis added):
Publications, such as "2600," which teach subscribers how to
commit telecommunications crime are protected by the First
Amendment, but disseminating pornography to minors is illegal. In
that many of the phone freaks are juveniles, I BELIEVE
LEGISLATION BANNING THE DISSEMINATION TO JUVENILES OF MANUALS ON
HOW TO COMMIT CRIME WOULD BE APPROPRIATE.
From a law enforcement perspective, I applaud the proposed
Clipper chip encryption standard which affords individuals
protection of privacy yet enables law enforcement to conduct
necessary court-ordered wiretaps, and with respect to what was
being said in the previous conversation, last year there were
over 900 court-ordered wiretaps in the United States responsible
for the seizure of tons of illicit drugs coming into this
country, solving homicides, rapes, kidnappings. If we went to an
encryption standard without the ability for law enforcement to do
something about it, we would have havoc in the United States --
my personal opinion.
Delaney expands in his later remarks:
Well, the problem is that teenagers do read the "2600" magazine.
I have witnessed teenagers being given free copies of the
magazine by the editor-in-chief. I have looked at a historical
perspective of the articles published in "2600" on how to engage
in different types of telecommunications fraud, and I have
arrested teenagers that have read that magazine.
THE PUBLISHER, OR THE EDITOR-IN-CHIEF, DOES SO WITH IMPUNITY
UNDER THE CLOAK OF PROTECTION OF THE FIRST AMENDMENT. However, as
I indicated earlier, in that the First Amendment has been
abridged for the protection of juveniles from pornography, I also
FEEL THAT IT COULD BE ABRIDGED FOR JUVENILES BEING PROTECTED FROM
MANUALS ON HOW TO COMMIT CRIME -- children, especially teenagers,
who are hackers, and who, whether they be mischievous or
intentionally reckless, don't have the wherewithal that an adult
does to understand the impact of what he is doing when he gets
involved in this and ends up being arrested for it.
There is considerable room for disagreement on whether 2600 Magazine
is any more a manual for crime than thousands of others examples drawn
from movies, television, comic books, magazines, or radio programs
are. What I find disturbing is the explicit advocacy that First
Amendment protections be so easily abridged on the basis of simplistic
opinions and interpretations. Following Delaney's logic for abridging
First Amendment rights, one could with equal ease justify banning
Bevis and Butthead, "Gangsta rap," and other forms of expression that
law enforcement perceived to contribute to potential criminal behavior.
Delaney's comments--although certainly well meaning and for a "higher
goal"--do little to inspire confidence that some over-zealous law
enforcement agents, believing they are acting for some higher purpose,
won't abuse their power and authority. Those who remember the
systematic abuses of law enforcement agents at all levels, especially
the FBI, in the political surveillance excesses of the 1960s have no
reason to trust the good faith of law enforcement in
2) The double escrow systems of the two components of the chip's key
do offer considerable protection from abuse, but the potential flaws
have not been addressed, as many critics (eg, CPSR, EFF) have noted.
The flaws include a) the ease of obtaining warrants, b) the misuse of
warrants to justify overly-broad searches, c) the possibility of
release of the key to unauthorized persons once obtained, and d) the
assumption that collusion between persons to obtain a given set of
keys is "impossible." Fully detailed discussion of security problems
can be found in the position papers of the groups in the ftp.eff.org
3) It is claimed that terrorists and others would, in fact, use
Clipper, and the World Trade Center bombers, who were "stupid enough
to return a truck that they had rented," is used as an example.
Although a small detail, the bombers did not return the truck--it was
destroyed in the blast. They returned for their deposit. Nonetheless,
the argument could also be made that, if criminals are stupid, then
why would they encrypt at all? Or, if they encrypted, why would they
necessarily have an unbreakable code? The fact is that sophisticated
criminals concerned with security of communications would likely
circumvent Clipper, and Clipper is not the answer to intercepting such
4) Clipper will have no significant impact on crime, and playing on
the current "fear of crime" hysteria ignores several points. First,
most of "crime" with which the public is concerned, street (or index)
crimes, constitutes only a small fraction (under 15 percent by most
estimates) of all crime. In dollar costs to society, white collar
crime and tax fraud constitute almost two-thirds ($131 billion).
Clipper will do absolutely nothing to reduce these offenses. Further,
interception of communications is rarely used in apprehending
criminals, and therefore would not be a significant factor in fighting
crimes at all.
Lets take a look at some figures on court-authorized orders granted
YEAR STATE FEDERAL
1969 174 0
1974 607 121
1979 466 87
1984 512 289
1989 453 310
1991 500 386
Intercepts are useful for law enforcement, but they are simply not
used often enough to justify the claim that Clipper would reduce
crime, let alone that without Clipper we'd have social "havoc." What
kinds of crimes are intercepts used for? In 1991, the Sourcebook of
Criminal Justice Statistics (p. 474) lists the following:
OFFENSE TOTAL FEDERAL STATE
Narcotics 536 228 308
Racketeering 114 61 53
Gambling 98 19 79
Other 108 48 60
So, about 63 percent of intercepts are for drug dealers, and about
another quarter are for racketeering and gambling. Intercepts for
homicide (21) and kidnaping (5) were the only violent crimes for which
intercepts were listed in 1991. This is hardly sufficient grounds on
which to base an argument that Clipper will reduce crime or help stem
5) The story alludes to the "success" of FBI wire taps of the El Rukns,
a Chicago Street gang:
In a Chicago case code-named RUKBOM, they prevented the El Rukn
street gang, which was acting on behalf of the Libyan government,
from shooting down a commercial airliner using a stolen military
My recollection of these events is quite different than those
described above. The FBI did, in fact, intercept considerable
communications between El Rukn members, include Jeff Forte, the
group's leader, who led the gang from federal prison. The El Rukns
attempted to obtain money from the Libyans for a variety of schemes,
and one of the schemes included shooting down an airliner. Nothing
ever came of the solicitations, and I recall no evidence that the plan
described above was foiled by the FBI through wire taps or any other
tactic. Some news accounts described it as a ploy to establish
credibility with the Libyans. Others saw it as a fantasy, and some saw
it as a potential danger that never went beyond posturing. I recall no
evidence that law enforcement intervened to prevent it. Perhaps those
with a better memory or with a press release at hand can refresh my
memory, but I'm inclined to judge the story as at best a distortion of
events and at worst simply false.
6) There's a sidebar to the El Rukn story relevant to Clipper.
Federal prosecutors successfully prosecuted and imprisoned the gang's
hierarchy. In 1993, it was revealed that the federal prosecutors
engaged in illegal behaviors, including providing gang members with
sex and drugs while in their custody to obtain testimony of some
against the others. The fallout from the incident is still settling,
but gross legal violations and other improprieties were commited
under "color of law." It is ironic that the El Rukn investigation be
used as an example of effective law enforcement when, in fact, it is
an example of federal malfeasance and justice at its worst. It is
precisely the blatant disregard of the rule of law by federal
prosecutors in the El Rukn case that causes some of us to question the
blind faith that others invest in it. It's an example of the dangers
of law enforcement out of control.
None of us like crime. All of us support reasonable ways to fight it,
and most of us recognize the need for communications' intercepts on
rare occasions. However, most U.S. citizens overwhelmingly oppose
wiretapping (70 percent in 1991, down from 80 percent in 1974,
according to Department of Justice Statistics). The history of
government abuse of surveillance and the continued willingness of
government agents to bend the law in pursuit of "justice," as the El
Rukn incident above illustrates, suggests that Clipper poses far more
risks to the commonweal than it offers protections. The subtext of the
Newsday story, which ironically argues for Clipper on the basis of a
case of government circumvention of law and a citation that occurred in
the context of arguing for abridging Constitutional rights to argue
FOR Clipper, in fact provides one of the best arguments against it.
Date: Mon, 21 Feb 1994 17:11:23 -0500
From: tomd@PANIX.COM(Tom Damrauer)
Subject: File 4--Nat'l Symposium on Proposed Arts & Humanities Policies
CALL FOR PAPERS, PANELS, AND PRESENTATIONS
On October 14th, 15th and 16th, the Center for Art Research in Boston
will sponsor a National Symposium on Proposed Arts and Humanities
Policies for the National Information Infrastructure.
Participants will explore the impact of the Clinton Administration's
AGENDA FOR ACTION and proposed NII (National Information
Infrastructure) legislation on the future of the arts and the
humanities in 21st Century America.
The symposium, which will be held at the American Academy of Arts and
Sciences in Cambridge, Massachusetts, will bring together government
officials, academics, artists, writers, representatives of arts and
cultural institutions and organizations, and other concerned individuals
from many disciplines and areas of interest to discuss specific issues of
policy which will effect the cultural life of *all* Americans during the
To participate, submit a 250-word abstract of your proposal for a paper,
panel-discussion or presentation, accompanied by a one-page vitae, by March
Special consideration will be given to those efforts that take a critical
perspective of the issues, and are concerned with offering specific
alternatives to current administration and congressional agendas.
NOTE: PLEASE FORWARD AND/OR RE-POST TO APPROPRIATE NEWSGROUPS AND
Jay Jaroslav, Director
CENTER FOR ART RESEARCH
241 A Street
Boston, MA 02210-1302 USA
voice: (617) 451-8030
fax: (617) 451-1196
Date: Fri, 25 Feb 1994 13:05:59 -0500
From: skirkham@ERC.CAT.SYR.EDU(Shawn Kirkham)
Subject: File 5--Criticism of CuD post on Virus Contest
I find it offensive that you would allow a user to have his application
for writing a virus published in CuD Issue 6.18. I think that this
world has enough problems without someone trying to show how much grief
they can cause on innocent computer users such as myself.
I even created a virus or two in my years of computing, but never with
the purpose of trying to harm another user's system! I create them only
for testing purposes, and when I find one that fails a scanned test, I
forward it to the company that created the anti-virus software.
My main concern on this issue is will this company (American Eagle)
forward all the viruses to all the possible anti-virus companies? If
they don't then this is considered an illegal activity.
**NOTE: It is ok to write a virus for your own use, but illegal if
someone else gets your program and causes damage**
I am sure the editors of CuD do not want their publication to say it's
O.K. to be a virus distributor. If you disagree with this, then you
have not proven to me that you are not out to destroy the world.
Date: Sat, 26 Feb 1994 15:54:54 CST
From: CuD Moderators
Subject: File 6--Media "Hackers" Whack Harding's E-mail
((MODERATORS' COMMENT: CuD has periodically reported on the manner in
which the media cover hackers. Perhaps we should have been paying more
attention to the manner in which the media covers by hacking. Perhaps
the lesson of the following story is that "hacking" should be
reclassified as a sport?))
NOT EVEN HARDING'S MAIL SAFE
REPORTERS BREAK INTO HER ELECTRONIC MAIL SYSTEM
Reporter: John Husar, Tribune Staff Writer
(From: Chicago Tribune, 26 Feb, 1994 (Sect 3, p. 7))
LILLEHAMMER, Norway--In what was described as a "stupid,
foolish mistake," perhaps as many as 100 American
journalists peeked into figure skater Tonya Harding's
private electronic mailbox at the Olympics.
According to the story, no one claimed to have read the story or used
the information. One reporter, Michelle Kaufman of the Detroit Free
Press, explained that the offense was a "spur-of-the moment" incident
that occurred after pizza at 2 a.m. According to Kaufman, the reporters
merely attempted to see if a code, reputed to be Tonya's, would work.
The story explains that an electronic information system is available
to all members of the "Olympic family" of coaches, athletes,
journalists, and others. The electronic system provides information
(weather, sports, news) and allows for sending or receiving messages.
The story explains that a double code is required to access messages:
One is the user's Olympic accreditation number, and the other the
secret password. The initial password is the user's birthdate.
Harding's accreditation number was retrieved from an enlarged photo of
her wearing an official Olympic ID tag. Her birthdate is readily
available from publicity and other sources.
Kaufman said she and a few others found that the code did
gain access to Harding's mailbox. A sign reported 68 unread
messages for Harding.
"But we never opened any messages," Kaufman said. "There were
none sent under her name. We made a joke--something about
her not being smart enough to figure out how to get her
mail--and closed the file and walked away. It couldn't have
lasted for more than a minute."
The story identifies Ann Killion of the San Jose Mercury News and
Jerry Longman of the New York Times as being among the group. Both
denied reading Harding's messages.
Mike Moran, head of the U.S. Olympic Committee's
information section, said he considered the situation an
ethical matter for journalists to settle rather than
anything that would require any kind of official reaction.
Date: Thu, 24 Feb 1994 12:39:12 CST
Subject: File 7--Entrapment Scam?
re:Software Evaluation Survey - Entrapment Fraud?
I've voluntarily enrolled with a company based in England, which
says it's purpose is to recruit shareware evaluators for various
shareware software developers. Since processing the enrollment program,
I've come to wonder if this could possibly be just an entrapment scam to
try and catch users of nonregistered software.
I first heard of this offer on a FIDONET announcement. The
sender was looking for software evaluators, who would be offered
free software in exchange for their evaluations. It sounded like it
might be all right, so I e-mailed my name and a private postal box I
have. Within about a month, I got a diskette and a cover letter, a
copy of which I'll include below. The company is called Scancom.
When you process the registration program, called an Electronic
Response Card, you are asked to key in your name, address, and phone
number, and to provide some info about your PC, as well as an indication
of what kinds of software you have. If you choose, you can take the
option to have the program scan your hard drive, and it will record
software you have. You can de-select some or all of it before
I didn't take the option to scan my hard disk. I'm a freelance
writer and evaluate a lot of shareware. I wouldn't want shareware
authors to think I'm stealing their products.
At the end of the program, you have a screen with several numbers
generated by the program, allegedly representing your name, address and
phone number. You can complete registration by modem (I couldn't
get that to work) or by calling a toll free 800 number. You key in
responses to a series of recorded queries, and finally get a serial
number. Keying that in gives you access to 5 "free" programs.
The programs are shareware. Three were games, one was an older
version of McAffee's SCAN; I forget the fifth. A windows game, I think.
The cover letter also invites you to e-mail one of their reps, on
Compuserve. I went ahead and sent in a little note to the address given.
I remember in the past couple of years something similar. The
program ended up actually being a way to spot unregistered software, and
the results were given to the manufacturer's legal department, to press
legal action. I think Microsoft may have been involved.
Anyway, I was wondering if another entrapment scam was involved
here. Maybe you could put this out as a query on CUD, and see what
Here is the letter. I may upload this to some local bulletin
boards, so added some info for those on FIDONET.
o / o / o / o /
o \ o \ o \ o \
P O Box 175
Telephone: +44 483 450949
FAX: +44 483 452631
This section added by me
(Please note that this is an international call. You might prefer to write,
or try e-mail instructions given below)
PC USER SURVEY
Thank you for participating in the survey. In these files you will find
a copy of the Electronic Response Card (ERC) and a file with 5 different
high quality shareware/software titles. As you probably know, shareware
often requires a payment to the author if you continue to use it after a
certain period of time. We will do our est to find the right software
and shareware for you, including titles which do not require any payment
even if you continue to use them, but we encourage you always to review
the license agreement for each separate product.
In future surveys you will be able to send the results back to us via
CompuServe, but this very first time I encourage you to call the 800
number given in the ERC program and try the touch tone relay as we need
to know how acceptable this method is for users without modems. Be sure
to key in your name and address, and let us know what you think about
I would appreciate comments directly to me on CompuServe (user ID
76116,2214). Also, I would appreciate if you could let me know about as
many applications you use as possible (legal only please) and a maximum
of 2 categories or types of software which you would prefer to receive
with future surveys (such as games, business, Windows, etc.). The survey
program automatically scans for many popular applications which you can
deselect if you do not wish to include them in the survey. Please also
let me know if you do not wish your name and address to be passed on to
any third parties, but be aware that this may restrict what future
software we can send to you, as some vendors will want to know to whom
they contribute free software for direct marketing and research
If you know of other users who might be interested in participating,
please pass along this archive.
This section added by me
The ERC program will want to be run from a floppy drive. So, dearchive
these files onto a floppy, then place into drive A: or B:. Type START
and hit [ENTER]. Now follow the instructions on the screen to install
and run the survey.
Call, fax, e-mail or write if you have any problems. Thank you for your
Mads K. Larsen
Partners: R E Braithwaite, S C Grundy
This added by me
P.S. If you are not on CompuServe, but have access to Internet or
FIDONET e-mail, here are the ways to send e-mail to me on Compuserve:
Internet: send to - firstname.lastname@example.org
FIDONET: in the TO portion, use UUCP. In the body of the message,
use these as the first two lines:
Some fidonet hosts will want you to use (1:103/208), instead, for
the first line. The parenthesis must be included. If both of these
reject, check with your fidonet host sysop. In order to receive e-mail
back, use this format for your address:
If your FIDONET address is 1:123/456, I should be able to reach you
with this address:
If all of this fails, then sending a letter by post will be your only
Date: Sun, 20 Feb 1994 18:04:32 -0500 (EST)
From: "Shabbir J. Safdar"
Subject: File 8--Letter to Rep. Molinari (R-Brooklyn)
Please find enclosed my letter to Rep. Molinari (R-NY). Rep. Cantwell's
bill would liberalize cryptographic exports, encouraging the production
of stronger crypto software by US firms. This would result in stronger
cryptography in products for ordinary people such as you and I.
What can you do? Help get your NY or NJ rep. to cosponsor HR 3627.
Commit to writing your rep. It's so easy! You didn't buy that
fax modem for nothing! If you don't have a fax modem, you've got
a phone or a stamp.
Want to help? Send me your rep's name as a commitment that you will
write to them. OR, send me your zip code or your nearest city. I will
email you with a letter of who your rep is if you don't know it.
(I just got a new book with district maps) Alternatively
you can just call the League of Women Voters (phone number below)
The Honorable Representative Susan Molinari
123 Cannon Building
Washington, D.C. 20515
Dear Representative Molinari,
Recently Rep. Maria Cantwell (D-WA) introduced HR 3627. I am writing
you to urge you to co-sponsor it. This bill would lift the outdated
restrictions on export of cryptographic technology. As you may already
know, it is illegal for an American business to produce hardware
products, such as software to encrypt electronic mail or hardware to
encrypt private telephone conversations, and then ship it to markets
outside the United States.
Such technology is available outside the United States already. In
fact, many US businesses purchase their equipment from companies
outside the US because they cannot obtain the equivalent products for
their offices worldwide from US distributors. As you can imagine, such
regulations hurt the global competitiveness of US technology firms.
Furthermore, US citizens cannot easily purchase privacy-enhancing
products because they are not available from US firms. This results in
a lack of privacy for US citizens and consumers.
Instead of developing products that incorporate strong
privacy-enhancing cryptographic technology, US firms are forced to
either develop two separate products (one for US use, and one for
international use), or to simply develop a single product with
sub-standard privacy-enhancing cryptographic technology. These
products cannot compete in the global marketplace with products
produced in other countries that do not have cryptographic export
Rep. Cantwells bill would allow US firms to compete alongside other
international firms in the area of privacy-enhancing technology. Also,
by creating a larger market for US firms, better privacy-enhancing
products will be available for purchase by US citizens. Products such
as encrypting cellular telephones are long overdue; we have seen way
too many examples of overheard cellular conversations tape-recorded by
As the press publicizes more examples of the security problems on the
Internet, it becomes more apparent that US Citizens need to be able to
purchase software to encrypt their electronic mail. Wouldn't it be
better for Americans to use American-written privacy software?
In closing, let me urge you to take a moment to read this analysis that
I am enclosing, and join your colleagues (such as Donald Manzullo R-IL)
in co-sponsoring HR 3627.
Thank you for your time,
Shabbir J. Safdar
115 Pacific St, #3
Brooklyn, NY 11201
End of Computer Underground Digest #6.19
E-Mail Fredric L. Rice / The Skeptic Tank