date:20020626


We received a message claiming to be from you which contained a
virus according to File::Scan v0.30, a Perl module from CPAN at
http://www.cpan.org/authors/id/H/HD/HDIAS

This message was not delivered to the intended recipient, it has
been discarded.  For information on removing viruses from your
computer, please see http://www.google.com/search?q=antivirus or
http://hotbot.lycos.com/?query=antivirus

   Postmaster


Sender : [EMAIL PROTECTED]
Recipient  : [EMAIL PROTECTED]
Message-Id : 20020626114943.XBLT25007.fed1mtao01.cox.net@Sjmwpecy
Subject: CDR: A  humour game
Virus  : W32/Klez.gen@MM

Original headers:

From: [EMAIL PROTECTED]  Wed Jun 26 07:57:09 2002
Received: (from cpunks@localhost)
   by einstein.ssz.com (8.8.8/8.8.8) id HAA01975
   for [EMAIL PROTECTED]; Wed, 26 Jun 2002 07:03:42 -0500
Received: (from mdom@localhost)
   by einstein.ssz.com (8.8.8/8.8.8) id HAA01914
   for cypherpunks-outgoing; Wed, 26 Jun 2002 07:02:02 -0500
Received: from fed1mtao01.cox.net (fed1mtao01.cox.net [68.6.19.244])
   by einstein.ssz.com (8.8.8/8.8.8) with ESMTP id GAA01830
   for [EMAIL PROTECTED]; Wed, 26 Jun 2002 06:58:49 -0500
Received: from Sjmwpecy ([24.56.32.240]) by fed1mtao01.cox.net
  (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with SMTP
  id 20020626114943.XBLT25007.fed1mtao01.cox.net@Sjmwpecy
  for [EMAIL PROTECTED]; Wed, 26 Jun 2002 07:49:43 -0400
From: orderstatus [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: CDR: A  humour game
MIME-Version: 1.0
Content-Type: multipart/alternative;
   boundary=UuARX8743RX14kU2t35z6d6J1860tE
Message-Id: 20020626114943.XBLT25007.fed1mtao01.cox.net@Sjmwpecy
Date: Wed, 26 Jun 2002 07:49:47 -0400
Sender: [EMAIL PROTECTED]
Precedence: bulk
Reply-To: [EMAIL PROTECTED]
X-Mailing-List: [EMAIL PROTECTED]
X-Unsubscription-Info: http://einstein.ssz.com/cdr
X-List-Admin: [EMAIL PROTECTED]
X-Loop: ssz.com
X-Acceptable-Languages: English, Russian, German, French, Spanish

We received a message claiming to be from you which contained an
executable attachment (batch file, script, program, etc).  In
order to protect users from malicious programs, we do not accept
these file types thru this mail server.  If you need to send the
file to it's intended recipient, you must send it in an archived
and/or compressed format.

Your email has been sent to the intended recipient without this
file included.  A message detailing why it was dropped has been
substitued in it's place.

   Postmaster


Sender : [EMAIL PROTECTED]
Recipient  : [EMAIL PROTECTED]
Message-Id : 20020626114943.XBLT25007.fed1mtao01.cox.net@Sjmwpecy
Subject: CDR: A  humour game
Mime type  : application/octet-stream
File name  : picacu.exe

Now Available! CD #19 Sales, Leads Galore!!! Fast! Easy! . .(PH9686)

2002-06-26 Thread Mmarkitn757



Still. . . . the only Proven way to Market on the Internet!

After 6 Years. . . .
INTRODUCING OUR GREATEST VOLUME EVER. . . . 

THE MILLIONS CD - VOL. 19

 22 MILLION NEW Addresses - Just Released!  
THE VERY BEST email addresses available anywhere!!

Our research has found that many people have 
tried one or more of the following...

Free Classifieds?  (Don't work)
Web Site?  (Takes thousands of visitors)
Banners?   (Expensive and iffy)
E-Zine?(They better have a huge list)
Search Engines?(Easily buried with thousands of others)

S O   W H A T   D O E S   W O R K ? 

Although often misunderstood, there is one method 
that has proven to succeed time-after-time.

  E - M A I L   M A R K E T I N G   ! !

It's a fact!  If you're not using your computer to generate income,
you're leaving money on the table. 

Here's what the experts have to say about E-Mail Marketing:

A gold mine for those who can take advantage of
mass e-mail programs - The New York Times

E-mail is an incredible lead generation tool
-Crains Magazine

Blows away traditional Mailing - Advertising Age

Here is an example of your potential earnings if you have a product that
brings you a profit of around $30.  Remember, on the Internet, you can
make money 7 days a week, 24 hours a day... even while you sleep, orders
come from all over the world!

Orders Per Day   Weekly Earnings /  Monthly Earnings /  Yearly Earnings
1  $210.00   $840.00 $10,080.00
2  $420.00   $1,680.00   $20,160.00
3  $630.00   $2,520.00   $30,240.00
5  $1,050.00 $4,200.00   $50,400.00
   10  $2,100.00 $8,400.00   $100,000.00
   15  $3,150.00 $12,600.00  $151,200.00

THE QUESTION IS... how do you generate those orders?


   THE MILLIONS CD - VOL. 19


The Millions CD - VOL. 19, is the ABSOLUTE BEST product of
its kind anywhere in the world today. There are NO OTHER
products ANYWHERE that can compete with the quality of this CD. 

O N E   O F   A   K I N D

This CD is a first.  No one... and we mean NO ONE has put in
the kind of work it takes to produce a CD of this quality.
We've been in the list brokerage business for over 5 years and
we've never compromised on quality.  We won't release any address
list until it passes our high standards test.

 Our claim to fame, is that our addresses are deliverable! 
The number #1 problem with email lists are deliverability.  You may 
have seen dozens of ads for lists or CD's or you may have purchased 
a list in the past.  Chances are, the list was produced 6 months, 1 year 
or even two years ago!  Not ours, a new volume CD comes out 
every  6-7 weeks.  

Here's how we prepare our e-mail lists:

1. We clean and eliminate all duplicates. 

2. Next, we use a filter list of 400+ words/phrases to clean even
more. No address with inappropriate or profane wording survive!

3. Then, a special filter file is used to eliminate the
Web Poisoned e-mail addresses from the list.  Our
EXCLUSIVE system reduced these poison addresses to near
zero.  You may have seen CD's with 30, 40, 50 million addresses,
not only do they contain may undeliverable addresses, but most 
are notorious for millions of these poisoned  email addresses.

4. Next we used our private database of thousands of known
extremists and kicked off every one we could find.  NOTE:
We maintain the world's largest list of individuals and
groups that are opposed to any kind of commercial
e-marketing... they are gone, nuked!

5. We sorted the list into easy-to-manage  packets of 20,000 addresses 
in a simple text (.txt) format. 

6. All domains have been verified as valid. 

WHAT DID WE END UP WITH?

Volume 19... 22 Million Addresses Strong!

 * N O   B R A G   -   J U S T   F A C T *

Getting this CD is equivalent to buying EVERY CD sold by
almost everyone else, combined... EXCEPT - it has been
cleaned and the quality is unsurpassed by any list in existence! 

With our super clean lists you'll send less...and get better
results... plus you can start mailing as soon as you receive
your CD!  

   * Y O U   G E T   W H A T   Y O U   P A Y   F O R *

Our 22 Million, Volume 19, address CD will result in:

* Higher Response Rates
* Higher Sales Conversion Ratios
* More Receptive prospects; Less Flames  Non-Buyers.
* Less Contact With Anti-Commerce Radicals  Extremists.

Remember that potential income chart at the beginning of
this message? Can you imagine the kind of money you could
make if you mailed one million pieces and sold only one
tenth (.01%) of one percent?  You do the math, you'll be
amazed!

This product will prove to be the best of it's kind compared
to ANY CD in terms of hours and money spent bringing it to
market. No competitor will ever duplicate the effort of what
it takes for us to produce this superb product.

We never have

Protect Your Computer!

2002-06-26 Thread Cliff

Title: Norton Internet Security 







  

  

  
Norton
Internet Security
  

  
  

  

  

  

  

  
Essential
Internet protection from viruses, hackers, and
privacy threats.
  

  

  

  

  

  
  

  

  

  

  Norton
  Internet Security Features:
  


  Norton
AntiVirus protects your PC from viruses.
  Norton
Personal Firewall defends against hackers.
  Norton
Privacy Control keeps your personal information
private.
  Norton
Parental Control keeps your children safe on the
Internet.

  

  
  

  
Order
Today


  
TV Price:

$69.99

  
  

  
Your
Price: $29.99
  

  
  

  

  

  


Click
here to unsubscribe from these
mailings.

Executable discarded


We received a message claiming to be from you which contained a
virus according to File::Scan v0.30, a Perl module from CPAN at
http://www.cpan.org/authors/id/H/HD/HDIAS

This message was not delivered to the intended recipient, it has
been discarded.  For information on removing viruses from your
computer, please see http://www.google.com/search?q=antivirus or
http://hotbot.lycos.com/?query=antivirus

   Postmaster


Sender : [EMAIL PROTECTED]
Recipient  : [EMAIL PROTECTED]
Message-Id : 20020626114943.XBLT25007.fed1mtao01.cox.net@Sjmwpecy
Subject: A  humour game
Virus  : W32/Klez.gen@MM

Original headers:

From: [EMAIL PROTECTED]  Wed Jun 26 07:57:20 2002
Received: from waste.minder.net (daemon@waste [66.92.53.73])
   by locust.minder.net (8.11.6/8.11.6) with ESMTP id g5QBvBE08271
   for [EMAIL PROTECTED]; Wed, 26 Jun 2002 07:57:11 -0400 (EDT)
   (envelope-from [EMAIL PROTECTED])
Received: (from cpunks@localhost)
   by waste.minder.net (8.11.6/8.11.6) id g5QBvAj28148
   for [EMAIL PROTECTED]; Wed, 26 Jun 2002 07:57:10 -0400
Received: from locust.minder.net (locust.minder.net [66.92.53.74])
   by waste.minder.net (8.11.6/8.11.6) with ESMTP id g5QBv8u28127
   for [EMAIL PROTECTED]; Wed, 26 Jun 2002 07:57:08 -0400
Received: from einstein.ssz.com (cpunks@[207.200.56.4])
   by locust.minder.net (8.11.6/8.11.6) with ESMTP id g5QBupE08239
   for [EMAIL PROTECTED]; Wed, 26 Jun 2002 07:56:53 -0400 (EDT)
   (envelope-from [EMAIL PROTECTED])
Received: (from cpunks@localhost)
   by einstein.ssz.com (8.8.8/8.8.8) id HAA01973
   for [EMAIL PROTECTED]; Wed, 26 Jun 2002 07:03:40 -0500
Received: (from mdom@localhost)
   by einstein.ssz.com (8.8.8/8.8.8) id HAA01914
   for cypherpunks-outgoing; Wed, 26 Jun 2002 07:02:02 -0500
Received: from fed1mtao01.cox.net (fed1mtao01.cox.net [68.6.19.244])
   by einstein.ssz.com (8.8.8/8.8.8) with ESMTP id GAA01830
   for [EMAIL PROTECTED]; Wed, 26 Jun 2002 06:58:49 -0500
Received: from Sjmwpecy ([24.56.32.240]) by fed1mtao01.cox.net
  (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with SMTP
  id 20020626114943.XBLT25007.fed1mtao01.cox.net@Sjmwpecy
  for [EMAIL PROTECTED]; Wed, 26 Jun 2002 07:49:43 -0400
From: orderstatus [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Old-Subject: CDR: A  humour game
MIME-Version: 1.0
Content-Type: multipart/alternative;
   boundary=UuARX8743RX14kU2t35z6d6J1860tE
Message-Id: 20020626114943.XBLT25007.fed1mtao01.cox.net@Sjmwpecy
Date: Wed, 26 Jun 2002 07:49:47 -0400
Sender: [EMAIL PROTECTED]
Precedence: bulk
Reply-To: [EMAIL PROTECTED]
X-Mailing-List: [EMAIL PROTECTED]
X-Unsubscription-Info: http://einstein.ssz.com/cdr
X-List-Admin: [EMAIL PROTECTED]
X-Loop: ssz.com
X-Acceptable-Languages: English, Russian, German, French, Spanish
Subject: A  humour game

We received a message claiming to be from you which contained an
executable attachment (batch file, script, program, etc).  In
order to protect users from malicious programs, we do not accept
these file types thru this mail server.  If you need to send the
file to it's intended recipient, you must send it in an archived
and/or compressed format.

Your email has been sent to the intended recipient without this
file included.  A message detailing why it was dropped has been
substitued in it's place.

   Postmaster


Sender : [EMAIL PROTECTED]
Recipient  : [EMAIL PROTECTED]
Message-Id : 20020626114943.XBLT25007.fed1mtao01.cox.net@Sjmwpecy
Subject: A  humour game
Mime type  : application/octet-stream
File name  : picacu.exe

Thank you for your order! TagzisI

2002-06-26 Thread UY-lPGch


Hey - have you seen this letter before?  Read it and I bet
you will recognize it. 

You know why that is?  BECAUSE THIS THING WORKS LIKE CRAZY!!

I am amazed at how fun this is - Check it out!

I'll make you a promise. READ THIS E-MAIL TO THE END!
- follow what it says to the letter - and you will not
worry whether a RECESSION is coming or not, who is
President, or whether you keep your current job or
not. Yes, I know what you are thinking. I never responded
to one of these before either. One day though, something
just said you throw away $25.00 going to a movie for 2 
hours with a friend, right? 
What the heck. Read on. It's true. Every word of it.
Read this through and you will see not only how this 
works but the power of what you are reading and why
you have likely seen this letter before - BECAUSE IT WORKS.   
It is completely legal. I checked. Simply because you 
are buying and selling something of value.

AS SEEN ON NATIONAL TV:
Making over half million dollars every 4 to 5 months
from your home.
THANKS TO THE COMPUTER AGE AND THE INTERNET !
==
BE AN INTERNET MILLIONAIRE LIKE OTHERS WITHIN A
YEAR!!!
Before you say ''Bull'', please read the following.
This is the letter you have been hearing about on the
news lately. Due to the popularity of this letter on
the Internet, a national weekly news program recently
devoted an entire show to the investigation of this
program described below, to see if it really can make
people money. The show also investigated whether or
not the program was legal.
Their findings proved once and for all that there are
''absolutely NO Laws prohibiting the participation in
the program and if people can follow the simple
instruction they are bound to make some mega bucks
with only $25 out of pocket cost''.
DUE TO THE RECENT INCREASE OF POPULARITY  RESPECT
THIS PROGRAM HAS ATTAINED, IT IS CURRENTLY WORKING
BETTER THAN EVER.
This is what one had to say: '' Thanks to this
profitable opportunity. I was approached many times
before but each time I passed on it. I am so glad
I finally joined just to see what one could expect in
return for the minimal effort and money required. To
my astonishment, I received a total $ 610,470.00 in 21
weeks, with money still coming in''. Pam Hedland, Fort
Lee, New Jersey.
==
Another said: this program has been around for a long 
time but I never believed in it. But one day when I
received this again in the mail I decided to gamble my
$25 on it. I followed the simple instructions and
Wa-laa . 3 weeks later the money started to come
in. First month I only made $240.00 but the next 2
months after that I made a total of $290,000.00.
So far, in the past 8 months by re-entering the
program, I have made over $710,000.00 and I am
playing it again. The key to success in this program
is to follow the simple steps and NOT change
anything. More testimonials later but first,

 PRINT THIS NOW FOR YOUR FUTURE REFERENCE 
$$$
If you would like to make at least $500,000 every 4 to
5 months easily and comfortably, please read the
following...THEN READ IT AGAIN and AGAIN !!!
$$$
FOLLOW THE SIMPLE INSTRUCTION BELOW AND YOUR FINANCIAL
DREAMS WILL COME TRUE, GUARANTEED!

INSTRUCTIONS:
=Order all 5 reports shown on the list below =
For each report, send $5 CASH, THE NAME  NUMBER OF
THE REPORT YOU ARE ORDERING and YOUR E-MAIL ADDRESS to
the person whose name appears ON THAT LIST next to the
report. MAKE SURE YOUR RETURN ADDRESS IS ON YOUR
ENVELOPE TOP LEFT CORNER in case of any mail problems.
===WHEN YOU PLACE YOUR ORDER, MAKE SURE ===
===YOU ORDER EACH OF THE 5 REPORTS! ===
You will need all 5 reports so that you can save them
on your computer and resell them.
YOUR TOTAL COST $5 X 5 = $25.00.
Within a few days you will receive, via e-mail, each
of the 5 reports from these 5 different individuals.
Save them on your computer so they will be accessible
for you to send to the 1,000's of people who will
order them from you. Also make a floppy of these
reports and keep it on your desk in case something
happens to your computer.

IMPORTANT - DO NOT alter the names of the people who
are listed next to each report, or their sequence on
the list, in any way other than what is instructed
below in step '' 1 through 6 '' or you will loose out
on the majority of your profits. Once you understand
the way this works, you will also see how it does not
work if you change it. Remember, this method has
been tested, and if you alter it, it will NOT work !!!
People have tried to put their friends/relatives names
on all five thinking they could get all the money.
But it does not work this way. Believe us, some have
tried to be greedy and then nothing happened. So Do
Not try to change anything other than what is
instructed. Because

Re: Terror Reading

2002-06-26 Thread Harmon Seaver


On Wed, Jun 26, 2002 at 01:09:53AM -0700, Bill Stewart wrote:
 It's been almost ten years since I was in the Keyport NJ library,
 but I'd be surprised if they've computerized their recordkeeping.
 If you wanted to see who'd checked out a given book
 that was on the shelf, you'd look at the card in the back and
 see the library card numbers of the people who'd checked it out,
 and they might have had dates as well.  To find which 3 or 4 digit number
 corresponded to which person, it'd depend on whether they took their
 library card home with them the last time they'd returned books
 or left it at the library (mine might still be there?),
 and if they currently had books out, it was definitely at the library.
 If they took the card home, they had privacy, though the librarian
 often did know her regular customers by sight.
 They might have computer records for books they got on interlibrary loan,
 but that'd be about it - no sense in spending money on computerizing
 when old-fashioned card catalogs worked well enough for the speed at
 which they acquired books.

   You'd probably be surprised then, because I'd bet it has been
computerized. In WI and MN at least, even the tiniest libraries are on line. It
came about because of laws mandating that all public libraries belong to a
library consortium, and the consortiums run the centralized databases. If they
don't join the consortium, they can't get state funding, and since most
libraries are strapped for cash, they join. And the computer revolution has been
going on in libraries for a decade now -- I can recall libraries where the staff
was terrified of computers, but most of those people either got on board or
retired. I'm sure there are non-computerized libraries in backwards states like
AL or MS, where they don't even fund the public schools, let alone libraries,
but NJ? Hardly.

 
 On the other hand, any place that does computerize finds it almost as easy
 to keep records permanently as not, and it's certainly easier to centralize
 records and make them searchable.

   It's a matter of policy not to keep records, that, and the fact that library
software comes with that turned off by default. In some cases I think it would
take custom programming to turn it on. And in most cases, since most systems
librarians are not really computer gurus and rely heavily on outside
consultants, they would have to call the software manufacturer or an outside
consultant to help them figure out how to turn on the retention of patron
records after the books is checked back in. And then explain to them *why* they
would want to do such a nasty thing. And, as I said, there would be immediate
outrage on the part of the other librarians with much shouting and wailing and
demands for explanations, and demands that it be turned off.

   I think most people don't realize what strong civil libertarians most
librarians are -- and how much privacy and freedom of speech is stressed in
library administration and library schools. 


-- 
Harmon Seaver   
CyberShamanix
http://www.cybershamanix.com

Re: Terror Reading

2002-06-26 Thread Kathleen Dolan


In many states, it is illegal to store records showing who borrowed a
book from a public library. Maryland, for example, requires destruction of
the record after a point and even backups cannot be accessed without a
court order.

KAD



On Wed, 26 Jun 2002, Harmon Seaver wrote:

 On Wed, Jun 26, 2002 at 01:09:53AM -0700, Bill Stewart wrote:
  It's been almost ten years since I was in the Keyport NJ library,
  but I'd be surprised if they've computerized their recordkeeping.
  If you wanted to see who'd checked out a given book
  that was on the shelf, you'd look at the card in the back and
  see the library card numbers of the people who'd checked it out,
  and they might have had dates as well.  To find which 3 or 4 digit number
  corresponded to which person, it'd depend on whether they took their
  library card home with them the last time they'd returned books
  or left it at the library (mine might still be there?),
  and if they currently had books out, it was definitely at the library.
  If they took the card home, they had privacy, though the librarian
  often did know her regular customers by sight.
  They might have computer records for books they got on interlibrary loan,
  but that'd be about it - no sense in spending money on computerizing
  when old-fashioned card catalogs worked well enough for the speed at
  which they acquired books.
 
You'd probably be surprised then, because I'd bet it has been
 computerized. In WI and MN at least, even the tiniest libraries are on line. It
 came about because of laws mandating that all public libraries belong to a
 library consortium, and the consortiums run the centralized databases. If they
 don't join the consortium, they can't get state funding, and since most
 libraries are strapped for cash, they join. And the computer revolution has been
 going on in libraries for a decade now -- I can recall libraries where the staff
 was terrified of computers, but most of those people either got on board or
 retired. I'm sure there are non-computerized libraries in backwards states like
 AL or MS, where they don't even fund the public schools, let alone libraries,
 but NJ? Hardly.
 
  
  On the other hand, any place that does computerize finds it almost as easy
  to keep records permanently as not, and it's certainly easier to centralize
  records and make them searchable.
 
It's a matter of policy not to keep records, that, and the fact that library
 software comes with that turned off by default. In some cases I think it would
 take custom programming to turn it on. And in most cases, since most systems
 librarians are not really computer gurus and rely heavily on outside
 consultants, they would have to call the software manufacturer or an outside
 consultant to help them figure out how to turn on the retention of patron
 records after the books is checked back in. And then explain to them *why* they
 would want to do such a nasty thing. And, as I said, there would be immediate
 outrage on the part of the other librarians with much shouting and wailing and
 demands for explanations, and demands that it be turned off.
 
I think most people don't realize what strong civil libertarians most
 librarians are -- and how much privacy and freedom of speech is stressed in
 library administration and library schools. 
 
 
 -- 
 Harmon Seaver 
 CyberShamanix
 http://www.cybershamanix.com

Re: Terror Reading

2002-06-26 Thread Michael Motyka


Eric Cordian [EMAIL PROTECTED] wrote :
 
 It was my understanding that libraries destroy records of patrons'
 activity as soon as the books are returned.  Nonetheless, this is an
 interesting Federal fishing expedition, with warrants issued by secret
 courts, and criminal penalties for librarians who talk too much.
 
 
http://www.newsday.com/news/nationworld/nation/wire/sns-ap-attacks-libraries0625jun24.story
 
 -- 
 Eric Michael Cordian 0+

OK, so all that is needed is a collateral-based anonymous library card.
Required collateral could be based on the difficulty of replacement.
Priceless relics could require identity as collateral. Potboilers,
market price + shipping and handling.

Worse than searching library records, of course, is the tracking of
internet reading habits.

Mike

treasonous legislators can't tell reality from morphs, redux


Declan McCullagh

 WASHINGTON--The U.S. House of Representatives voted overwhelmingly
Tuesday to
 restrict computer-generated sex images of minors.

  The 413-to-8 vote aims to circumvent a recent
Supreme Court
  decision that nixed an earlier ban on morphed
erotica. A similar
  proposal has been introduced in the Senate. With
the enthusiastic
  backing of both Democrats and Republicans, final
passage of a bill this
  year is all but certain.

  This bill closes the door left open by the recent
Supreme Court
  decision, Rep. Lamar Smith, R-Texas, said at a
press conference
  Tuesday. I urge the Senate to take action
immediately.

  Law enforcement considers restrictions on
computer-generated images
  a key tool in fighting child pornography, backing
that has made the
  issue an easy sell in Washington despite lingering
constitutional
  concerns. Congress has moved swiftly to pass
replacement legislation
  after the high court struck down the previous law
on April 16 on First
  Amendment grounds.

  Immediately after the court's decision,
politicians from both major
  parties pledged to try again.

  That afternoon, Sen. Orrin Hatch, a Utah
Republican and one-time
  Mormon bishop, vowed to craft new legislation.
Attorney General
  John Aschroft held a press conference two weeks
later to lend the
  Bush administration's support to the letter to
Congress offering tips on
  how to craft a law that would survive Supreme
Court scrutiny.

  Ashcroft said in a statement Tuesday evening that
the bill will
  strengthen the ability of law enforcement to
protect children from abuse
  and exploitation. I urge the Senate to bring this
important legislation to
 the floor as soon as possible.

 The new bill includes relatively minor changes to the 1996 version of
the law, known as the Child
 Pornography Prevention Act. That legislation had prohibited any image
that appears to be a
 minor.

 By contrast, the new Child Obscenity and Pornography Prevention Act
(COPPA) refers to any
 computer-generated image that is virtually indistinguishable from that
of a minor engaging in
 sexually explicit conduct.

 Supporters of the new legislation claim it has been carefully crafted
to pass constitutional muster.
 Rep. Adam Schiff, a California Democrat, said COPPA had been written
as narrowly as possible
 to avoid running afoul of the First Amendment's guarantee of freedom of
expression.

 But some legal scholars said they are dubious about whether the changes
will be sufficient to
 survive an expected legal challenge, once the bill becomes law.

 I don't understand why they think this statute is going to eradicate
any of the problems that the
 Supreme Court explicitly delineated in its recent decision, said Megan
Gray, a lawyer at the
 Electronic Privacy Information Center who specializes in free speech
law.

 The courts have repeatedly turned back attempts to limit digital
pornography, striking down laws
 aimed at curtailing publication of smut on the Internet and requiring
public libraries to filter Internet
 content.

 In their April ruling, a 6-3 majority of the justices wrote that
Congress' first try at banning
 morphed porn was akin to prohibiting dirty thoughts.

 First Amendment freedoms are most in danger when the government seeks
to control thought or
 to justify its laws for that impermissible end, Justice Anthony
Kennedy ( news - web sites) wrote
 for the majority. The right to think is the beginning of freedom, and
speech must be protected from
 the government because speech is the beginning of thought.

 Prosecutors argue that the COPPA bill is needed, since otherwise it is
too difficult to prove that an
 actual child was involved in the production of an electronic image on,
say, a seized hard drive.

 But foes of COPPA in the House Judiciary Committee ( news - web sites)
called the measure a
 hasty attempt drafted by the Department of Justice ( news - web sites)
to override the United
 States Supreme Court's decision, which is fatally flawed.

 Rep. John Conyers, D-Mich., the top Democrat on the committee, voted
against COPPA on
 Tuesday. The only Republican to vote against COPPA was libertarian
firebrand Rep. Ron Paul of
 Texas.

http://story.news.yahoo.com/news?tmpl=storycid=70ncid=70e=3u=/cn/20020626/tc_cn/939407

censorship, broadcast media, internet, bin Laden TV


While most networks are saying the same things publicly today about what
they would do with a bin Laden tape, Nachman
 said: My sense is the administration's position was something of a red
herring. Even when they get compliance with the
 network, there's no way you can control or restrict disposition of this
stuff.

http://story.news.yahoo.com/news?tmpl=storyu=/bpihw/20020626/en_bpihw/execs_weigh_need_to_air_bin_laden_vidprinter=1

---

Isn't the statement when the State gets compliance from the Networks
telling

Nortel secret security part of court records now, gracias Kevin


Towards the bottom of this article its mentioned that Mitnick submitted
a list of Nortel's
[1] 'security' barriers to r00t [2] on a widely used piece of telco
switching equiptment.
One wonders how many copies of this info circulate in TLA's technical
intercept depts?

[1] (presumably obsolete :-)
[2] Should this be called tapr00t ??

--

http://online.securityfocus.com/news/497

  Mitnick Testifies Against Sprint in Vice Hack Case

  The ex-hacker details his past control of Las Vegas' telecom network,
and raids his old storage
  locker to produce the evidence.
  By Kevin Poulsen, Jun 24 2002 11:25PM

  LAS VEGAS--Since adult entertainment operator Eddie Munoz first told
state regulators in
  1994 that mercenary hackers were crippling his business by diverting,
monitoring and blocking
  his phone calls, officials at local telephone company Sprint of Nevada
have maintained that, as
  far as they know, their systems have never suffered a single
intrusion.

  The Sprint subsidiary lost that innocence Monday when convicted hacker
Kevin Mitnick shook
  up a hearing on the call-tampering allegations by detailing years of
his own illicit control of the
  company's Las Vegas switching systems, and the workings of a
computerized testing system that
  he says allows silent monitoring of any phone line served by the
incumbent telco.

  I had access to most, if not all, of the switches in Las Vegas,
testified Mitnick, at a hearing of
  Nevada's Public Utilities Commission (PUC). I had the same privileges
as a Northern Telecom
  technician.

  Mitnick's testimony played out like a surreal Lewis Carroll version of
a hacker trial -- with
  Mitnick calmly and methodically explaining under oath how he illegally
cracked Sprint of
  Nevada's network, while the attorney for the victim company attacked
his testimony, effectively
  accusing the ex-hacker of being innocent.

  The plaintiff in the case, Munoz, 43, is accusing Sprint of negligence
in allegedly allowing hackers
  to control their network to the benefit of a few crooked businesses.
Munoz is the publisher of an
  adult advertising paper that sells the services of a bevy of in-room
entertainers, whose phone
  numbers are supposed to ring to Munoz's switchboard. Instead, callers
frequently get false busy
  signals, or reach silence, Munoz claims. Occasionally calls appear to
be rerouted directly to a
  competitor. Munoz's complaints have been echoed by other outcall
service operators, bail
  bondsmen and private investigators -- some of whom appeared at two
days of hearings in
  March to testify for Munoz against Sprint.
  Mitnick returned to the hearing room clutching a crumpled, dog-eared
and torn sheet of paper.
  Munoz hired Mitnick as a technical consultant in his case last year,
after SecurityFocus Online
  reported that the ex-hacker -- a onetime Las Vegas resident -- claimed
he had substantial
  access to Sprint's network up until his 1995 arrest. After running
some preliminary tests, Mitnick
  withdrew from the case when Munoz fell behind in paying his consulting
fees. On the last day of
  the March hearings, commissioner Adriana Escobar Chanos adjourned the
matter to allow
  Munoz time to persuade Mitnick to testify, a feat Munoz pulled-off
just in time for Monday's
  hearing.

  Mitnick admitted that his testing produced no evidence that Munoz is
experiencing call diversion
  or blocking. But his testimony casts doubt on Sprint's contention that
such tampering is unlikely,
  or impossible. With the five year statute of limitations long expired,
Mitnick appeared
  comfortable describing with great specificity how he first gained
access to Sprint's systems while
  living in Las Vegas in late 1992 or early 1993, and then maintained
that access while a fugitive.

  Mitnick testified that he could connect to the control consoles --
quaintly called visual display
  units -- on each of Vegas' DMS-100 switching systems through dial-up
modems intended to
  allow the switches to be serviced remotely by the company that makes
them, Ontario-based
  Northern Telecom, renamed in 1999 to Nortel Networks.

  Each switch had a secret phone number, and a default username and
password, he said. He
  obtained the phone numbers and passwords from Sprint employees by
posing as a Nortel
  technician, and used the same ploy every time he needed to use the
dial-ups, which were
  inaccessible by default.

  With access to the switches, Mitnick could establish, change, redirect
or disconnect phone lines
  at will, he said.

  That's a far cry from the unassailable system portrayed at the March
hearings, when former
  company security investigator Larry Hill -- who retired from Sprint in
2000 -- testified to my
  knowledge there's no way that a computer hacker could get into our
systems. Similarly, a May
  2001 filing by Scott Collins of Sprint's regulatory affairs department
said that to the company's
  knowledge Sprint's network had never been penetrated or compromised
by

Re: Ross's TCPA paper


On Wed, Jun 26, 2002 at 10:01:00AM -0700, bear wrote:
 As I see it, we can get either privacy or DRM,
 but there is no way on Earth to get both.
 [...]

Hear, hear!  First post on this long thread that got it right.

Not sure what the rest of the usually clueful posters were thinking!

DRM systems are the enemy of privacy.  Think about it... strong DRM
requires enforcement as DRM is not strongly possible (all bit streams
can be re-encoded from one digital form (CD-MP3, DVD-DIVX),
encrypted content streams out to the monitor / speakers subjected to
scrutiny by hardware hackers to get digital content, or A-D
reconverted back to digital in high fidelity.

So I agree with Bear, and re-iterate the prediction I make
periodically that the ultimate conclusion of the direction DRM laws
being persued by the media cartels will be to attempt to get
legislation directly attacking privacy.

This is because strong privacy (cryptographically protected privacy)
allows people to exchange bit-strings with limited chance of being
identified.  As the arms race between the media cartels and DRM
cohorts continues, file sharing will start to offer privacy as a form
of protection for end-users (eg. freenet has some privacy related
features, serveral others involve encryption already).

Donald Eastlake wrote:

| There is little *tehcnical* difference between your doctors records
| being passed on to assorted insurance companies, your boss, and/or
| tabloid newspapers and the latest Disney movies being passed on from a
| country where it has been released to people/theaters in a country
| where it has not been released.

There is lots of technical difference.  When was the last time you saw
your doctor use cryptlopes, watermarks etc to remind himself of his
obligations of privacy.

The point is that with privacy there is an explicit or implied
agreement between the parties about the handling of information.  The
agreement can not be technically *enforced* to any stringent degree.

However privacy policy aware applications can help the company avoid
unintentionally breaching it's own agreed policy.  Clearly if the
company is hostile they can write the information down off the screen
at absolute minimum.  Information fidelity is hardly a criteria with
private information such as health care records, so watermarks, copy
protect marks and the rest of the DRM schtick are hardly likely to
help!

Privacy applications can be successful to the in helping companies
avoid accidental privacy policy breaches.  But DRM can not succeed
because they are inherently insecure.  You give the data and the keys
to millions of people some large proportion of whom are hostile to the
controls the keys are supposedly restricting.  Given the volume of
people, and lack of social stigma attached to wide-spread flouting of
copy protection restrictions, there are ample supply of people to
break any scheme hardware or software that has been developed so far,
and is likely to be developed or is constructible.

I think content providors can still make lots of money where the
convenience, and /or enhanced fidelity of obtaining bought copies
means that people would rather do that than obtain content on the net.

But I don't think DRM is significantly helping them and that they ware
wasting their money on it.  All current DRM systems aren't even a
speed bump on the way to unauthorised Net re-distribution of content.

Where the media cartels are being somewhat effective, and where we're
already starting to see evidence of the prediction I mentioned above
about DRM leading to a clash with privacy is in the area of
criminalization of reverse engineering, with Skylarov case, Ed
Felten's case etc.  Already a number of interesting breaks of DRM
systems are starting to be released anonymously.  As things heat up we
may start to see incentives for the users of file-sharing for
unauthorised re-distribution to also _use_ the software anonymsouly.

Really I think copyright protections as being exploited by media
cartels need to be substantially modified to reduce or remove the
existing protections rather than further restrictions and powers
awareded to the media cartels.

Adam

±¤°í : ÀÎÅÍ³Ý ÇåÃ¥¹æ Áß°íµµ¼ °Å·¡ »çÀÌÆ®¡¸Ã¥¹ú·¹¡¹

2002-06-26 Thread Ã¥¹ú·¹_Bookworm







¾È³çÇÏ¼¼¿ä? ÀÎÅÍ³Ý ÇåÃ¥¹æ¡¸Ã¥¹ú·¹¡¹ÀÔ´Ï´Ù.
ÀúÈñ ¼Á¡Àº ¼ö ¸¸±ÇÀÇ ¼Ò¼³, ¼öÇÊ, »çÈ¸°úÇÐ, °æÁ¦¤ý°æ¿µ, ¿ª»ç¤ýÁö¸®,
Ã¶ÇÐ¤ýÁ¾±³, ±³À°, ¿©¼º¤ý°¡Á¤, ¾î¸°ÀÌ ¼ÀûÀ» º¸À¯/ÆÇ¸ÅÇÏ°í ÀÖ½À´Ï´Ù.
(ÅÃ¹èºñ : Ã¥°ª 3¸¸¿ø¡è ±¸ÀÔ½Ã - ¹«·á, 2¸¸¿ø¡è - 1,500¿ø, 2¸¸¿ø ¹Ì¸¸ - 2,500¿ø)

¼Á¡¿¡¼ º¸À¯ÇÏ°í ÀÖ´Â Áß°í¼Àû(ÇåÃ¥)À» ÆÇ¸ÅÇÔ°ú µ¿½Ã¿¡,
È¸¿øÀ¸·Î °¡ÀÔÇÏ½Å ºÐµéÀÌ È¨ÆäÀÌÁö¿¡ Ã¥À» Àü½ÃÇÏ¿© ÆÇ¸ÅÇÒ ¼ö
ÀÖµµ·Ï ÇÏ¿´½À´Ï´Ù. ÇöÀç È¸¿øÆÇ¸Å·Î µî·ÏµÈ Ã¥ 2,000¿©±Ç Áß
700±ÇÀÌ ³Ñ°Ô ÆÇ¸ÅµÇ¾î ¾à 35% Á¤µµÀÇ ÆÇ¸ÅÀ²À» º¸ÀÏ Á¤µµ·Î
È£ÀÀÀÌ ÁÁ½À´Ï´Ù. ==>(¹«·á)

Àú·ÅÇÑ °¡°Ý¿¡ ÁÁÀº Ã¥À» ±¸ÀÔÇÒ ¼ö ÀÖ°í, ´Ù ÀÐ¾î¼ ¼ÒÀåÇÒ ÇÊ¿ä¾ø´Â
Ã¥À» ´Ù¸¥»ç¶÷¿¡°Ô ÆÇ¸ÅÇÒ ¼ö ÀÖ´Â 'Áß°íµµ¼ °Å·¡ »çÀÌÆ®'¡¸Ã¥¹ú·¹¡¹¸¦
¹æ¹®ÇØ ÁÖ½Ã¸é °í¸¿°Ú½À´Ï´Ù.

È¨ÆäÀÌÁö ÁÖ¼Ò´Â  ÀÔ´Ï´Ù.

°¢ Ä«Å×°í¸®ÀÇ "ÀüÃ¼º¸±â"¸¦ ´©¸£¸é º¸´Ù ½±°Ô Ã¥ÀÇ Á¤º¸¸¦ º¼ ¼ö ÀÖ½À´Ï´Ù.
°¢ Ä«Å×°í¸®¿¡¼ Ã¥ÀÇ 'ÀÛÀº ±×¸²'À» ´©¸£¸é 'Å« ±×¸²'À» º¼ ¼ö ÀÖ½À´Ï´Ù.

---



º» ¸ÞÀÏÀº Á¤º¸ Åë½Å¸Á ÀÌ¿ë ÃËÁø ¹× Á¤º¸º¸È£ µî¿¡ °üÇÑ 
¹ý·ü Á¦ 50Á¶¿¡ ÀÇ°Å Á¦¸ñ¿¡ [±¤°í]¶ó°í Ç¥±âÇÑ ¸ÞÀÏÀÔ´Ï´Ù.
±ÍÇÏÀÇ ¸ÞÀÏÁÖ¼Ò´Â À¥¼ÇÎÁß, ¾Ë°Ô µÈ°ÍÀÌ¸ç, E-Mail ÁÖ¼Ò ¿Ü¿¡, ´Ù¸¥ Á¤º¸´Â °®°í ÀÖÁö ¾Ê½À´Ï´Ù.

¹Þ°í ½ÍÁö ¾ÊÀ¸½Ã´Ù¸é ¼ö½Å°ÅºÎ / Remove¸¦ Å¬¸¯ÇØ ÁÖ½Ê½Ã¿À.
ÀÌÈÄ¿¡´Â º¸³»Áö ¾Ê°Ú½À´Ï´Ù.
Email : [EMAIL PROTECTED]
»óÈ£ : (ÁÖ)À©µµ¿ìÄÚ¸®¾Æ
ÀüÈ : 02-683-3280

Re: Police guard stabbed China Venture Capital chief

2002-06-26 Thread Steve Schear


At 09:43 PM 6/20/2002 -0400, R. A. Hettinga wrote:
http://biz.scmp.com/cgi-bin/gx.cgi/AppLogic+FTContentServer?pagename=SCMP/Printacopyaid=ZZZ4WF9YG2D




Friday, June 21, 2002
Police guard stabbed chief

BEI HU

The chairman of China Venture Capital, the firm at the centre of an alleged
5.4 billion yuan (about HK$5 billion) stock manipulation scheme in China,
has been placed under police protection in hospital after being stabbed in
Shenzhen on Tuesday.

China Venture Capital was renamed Shenzhen Kondarl in October last year.

Mainland media yesterday speculated whether the incident was linked to the
trial of eight defendants over the alleged rigging of the share price of
China Venture Capital between August 1999 and February 2000.

These Chinese are obviously much further along in effective enforcement of 
criminal business behavior than the SEC and Congress.

steve

Re: Ross's TCPA paper

2002-06-26 Thread Barney Wolff


Do you really mean that if I'm a business, you can force me to deal with
you even though you refuse to supply your real name?  Not acceptable.
I won't give up the right NOT to do business with anonymous customers,
or anyone else with whom I choose not to do business.

The point about DRM, if I understand it, is that you could disclose
your information to me for certain purposes without my being able
to make use of it in ways you have not agreed to.  At least in
theory.  But this debate appears largely to ignore differences in
the number of bits involved.  To violate your privacy I can always
take a picture of my screen with an old camera, or just read it
into a tape-recorder.  I can't do that effectively with your new DVD
without significant loss of quality.

I don't see any technical solution that would enable Alice to reveal
something to Bob that Bob could not then reveal to Eve.  If that's
true, then DRM must stand on its own dubious merits.

On Wed, Jun 26, 2002 at 10:01:00AM -0700, bear wrote:
 ...
 
 Privacy without DRM means being able to keep and
 do whatever you want with the records your business
 creates -- but not being able to force someone to
 use their real name or linkable identity information
 to do business with you if that person wants that
 information to remain private.

-- 
Barney Wolff
I never met a computer I didn't like.

Re: Ross's TCPA paper - DRM and privacy

2002-06-26 Thread C Wegrzyn


One more thing, there are different types of DRM. For instance you might
want to make sure that only a specific number of accesses to a media
document are made, and no more. A second type of DRM access might be
allowing only one concurrent access, again I'm not sure that this requires
much private information.A third type of DRM might be time limited. You
might also want a DRM access to a specific IP/location. These don't seem to
require private information, unless prosecution is in the model of
operation.

Chuck Wegrzyn


- Original Message -
From: Adam Back [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
X-Orig-To: bear [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Wednesday, June 26, 2002 3:37 PM
Subject: Re: Ross's TCPA paper


 On Wed, Jun 26, 2002 at 10:01:00AM -0700, bear wrote:
  As I see it, we can get either privacy or DRM,
  but there is no way on Earth to get both.
  [...]

 Hear, hear!  First post on this long thread that got it right.

 Not sure what the rest of the usually clueful posters were thinking!

 DRM systems are the enemy of privacy.  Think about it... strong DRM
 requires enforcement as DRM is not strongly possible (all bit streams
 can be re-encoded from one digital form (CD-MP3, DVD-DIVX),
 encrypted content streams out to the monitor / speakers subjected to
 scrutiny by hardware hackers to get digital content, or A-D
 reconverted back to digital in high fidelity.

 So I agree with Bear, and re-iterate the prediction I make
 periodically that the ultimate conclusion of the direction DRM laws
 being persued by the media cartels will be to attempt to get
 legislation directly attacking privacy.

 This is because strong privacy (cryptographically protected privacy)
 allows people to exchange bit-strings with limited chance of being
 identified.  As the arms race between the media cartels and DRM
 cohorts continues, file sharing will start to offer privacy as a form
 of protection for end-users (eg. freenet has some privacy related
 features, serveral others involve encryption already).

 Donald Eastlake wrote:

 | There is little *tehcnical* difference between your doctors records
 | being passed on to assorted insurance companies, your boss, and/or
 | tabloid newspapers and the latest Disney movies being passed on from a
 | country where it has been released to people/theaters in a country
 | where it has not been released.

 There is lots of technical difference.  When was the last time you saw
 your doctor use cryptlopes, watermarks etc to remind himself of his
 obligations of privacy.

 The point is that with privacy there is an explicit or implied
 agreement between the parties about the handling of information.  The
 agreement can not be technically *enforced* to any stringent degree.

 However privacy policy aware applications can help the company avoid
 unintentionally breaching it's own agreed policy.  Clearly if the
 company is hostile they can write the information down off the screen
 at absolute minimum.  Information fidelity is hardly a criteria with
 private information such as health care records, so watermarks, copy
 protect marks and the rest of the DRM schtick are hardly likely to
 help!

 Privacy applications can be successful to the in helping companies
 avoid accidental privacy policy breaches.  But DRM can not succeed
 because they are inherently insecure.  You give the data and the keys
 to millions of people some large proportion of whom are hostile to the
 controls the keys are supposedly restricting.  Given the volume of
 people, and lack of social stigma attached to wide-spread flouting of
 copy protection restrictions, there are ample supply of people to
 break any scheme hardware or software that has been developed so far,
 and is likely to be developed or is constructible.

 I think content providors can still make lots of money where the
 convenience, and /or enhanced fidelity of obtaining bought copies
 means that people would rather do that than obtain content on the net.

 But I don't think DRM is significantly helping them and that they ware
 wasting their money on it.  All current DRM systems aren't even a
 speed bump on the way to unauthorised Net re-distribution of content.

 Where the media cartels are being somewhat effective, and where we're
 already starting to see evidence of the prediction I mentioned above
 about DRM leading to a clash with privacy is in the area of
 criminalization of reverse engineering, with Skylarov case, Ed
 Felten's case etc.  Already a number of interesting breaks of DRM
 systems are starting to be released anonymously.  As things heat up we
 may start to see incentives for the users of file-sharing for
 unauthorised re-distribution to also _use_ the software anonymsouly.

 Really I think copyright protections as being exploited by media
 cartels need to be substantially modified to reduce or remove the
 existing protections rather than further restrictions and powers
 awareded to the media

Re: Ross's TCPA paper

2002-06-26 Thread C Wegrzyn

If a DRM system is based on X.509, according to Brand I thought you could
get anonymity in the transaction. Wouldn't this accomplish the same thing?

Chuck Wegrzyn

- Original Message -
From: Adam Back [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
X-Orig-To: bear [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Wednesday, June 26, 2002 3:37 PM
Subject: Re: Ross's TCPA paper

 On Wed, Jun 26, 2002 at 10:01:00AM -0700, bear wrote:
  As I see it, we can get either privacy or DRM,
  but there is no way on Earth to get both.
  [...]

 Hear, hear!  First post on this long thread that got it right.

 Not sure what the rest of the usually clueful posters were thinking!

 DRM systems are the enemy of privacy.  Think about it... strong DRM
 requires enforcement as DRM is not strongly possible (all bit streams
 can be re-encoded from one digital form (CD-MP3, DVD-DIVX),
 encrypted content streams out to the monitor / speakers subjected to
 scrutiny by hardware hackers to get digital content, or A-D
 reconverted back to digital in high fidelity.

 So I agree with Bear, and re-iterate the prediction I make
 periodically that the ultimate conclusion of the direction DRM laws
 being persued by the media cartels will be to attempt to get
 legislation directly attacking privacy.

 This is because strong privacy (cryptographically protected privacy)
 allows people to exchange bit-strings with limited chance of being
 identified.  As the arms race between the media cartels and DRM
 cohorts continues, file sharing will start to offer privacy as a form
 of protection for end-users (eg. freenet has some privacy related
 features, serveral others involve encryption already).

 Donald Eastlake wrote:

 | There is little *tehcnical* difference between your doctors records
 | being passed on to assorted insurance companies, your boss, and/or
 | tabloid newspapers and the latest Disney movies being passed on from a
 | country where it has been released to people/theaters in a country
 | where it has not been released.

 There is lots of technical difference.  When was the last time you saw
 your doctor use cryptlopes, watermarks etc to remind himself of his
 obligations of privacy.

 The point is that with privacy there is an explicit or implied
 agreement between the parties about the handling of information.  The
 agreement can not be technically *enforced* to any stringent degree.

 However privacy policy aware applications can help the company avoid
 unintentionally breaching it's own agreed policy.  Clearly if the
 company is hostile they can write the information down off the screen
 at absolute minimum.  Information fidelity is hardly a criteria with
 private information such as health care records, so watermarks, copy
 protect marks and the rest of the DRM schtick are hardly likely to
 help!

 Privacy applications can be successful to the in helping companies
 avoid accidental privacy policy breaches.  But DRM can not succeed
 because they are inherently insecure.  You give the data and the keys
 to millions of people some large proportion of whom are hostile to the
 controls the keys are supposedly restricting.  Given the volume of
 people, and lack of social stigma attached to wide-spread flouting of
 copy protection restrictions, there are ample supply of people to
 break any scheme hardware or software that has been developed so far,
 and is likely to be developed or is constructible.

 I think content providors can still make lots of money where the
 convenience, and /or enhanced fidelity of obtaining bought copies
 means that people would rather do that than obtain content on the net.

 But I don't think DRM is significantly helping them and that they ware
 wasting their money on it.  All current DRM systems aren't even a
 speed bump on the way to unauthorised Net re-distribution of content.

 Where the media cartels are being somewhat effective, and where we're
 already starting to see evidence of the prediction I mentioned above
 about DRM leading to a clash with privacy is in the area of
 criminalization of reverse engineering, with Skylarov case, Ed
 Felten's case etc.  Already a number of interesting breaks of DRM
 systems are starting to be released anonymously.  As things heat up we
 may start to see incentives for the users of file-sharing for
 unauthorised re-distribution to also _use_ the software anonymsouly.

 Really I think copyright protections as being exploited by media
 cartels need to be substantially modified to reduce or remove the
 existing protections rather than further restrictions and powers
 awareded to the media cartels.

 Adam

 -
 The Cryptography Mailing List
 Unsubscribe by sending unsubscribe cryptography to
[EMAIL PROTECTED]

Re: Ross's TCPA paper

2002-06-26 Thread pasward


I'm slightly confused about this.  My understanding of contract law is
that five things are required to form a valid contract: offer and
acceptance, mutual intent, consideration, capacity, and lawful
intent.  It seems to me that a click-through agreement is likely to
fail on at least one, and possibly two of these requirements.  First,
it is doubtful that there is mutual intent.  The average user doesn't
even read the agreement, so there is hardly mutual intent.  However,
even if I accept mutual intent, it would be easy to argue that there
is no capacity.  I have four children under the age of seven.  None of
them have the legal capacity to form a contract.  Three of them have
the physical capacity to click a button.  A corporation would
therefore have to demonstrate that I and not they clicked on the
agreement for the contract to be valid.

As a side note, it seems that a corporation would actually have to
demonstrate that I had seen and agreed to the thing and clicked
acceptance.  Prior to that point, I could reverse engineer, since
there is no statement that I cannot reverse engineer agreed to.  So
what would happen if I reverse engineered the installation so that the
agreement that was display stated that I could do what I liked with
the software?  Ok, so there would be no mutual intent, but on the
other hand, there would also be no agreement on the click-through
agreement either.

Paul

Peter D. Junger writes:
  Pete Chown writes:
  
  : Anonymous wrote:
  : 
  :  Furthermore, inherent to the TCPA concept is that the chip can in
  :  effect be turned off.  No one proposes to forbid you from booting a
  :  non-compliant OS or including non-compliant drivers.
  : 
  : Good point.  At least I hope they don't. :-)
  : 
  :  There is not even social opprobrium; look at how eager
  :  everyone was to look the other way on the question of whether the DeCSS
  :  reverse engineering violated the click-through agreement.
  : 
  : Perhaps it did, but the licence agreement was unenforceable.  It's
  : clearly reverse engineering for interoperability (between Linux and DVD
  : players) so the legal exemption applies.  You can't escape the exemption
  : by contract.  Now, you might say that morally he should obey the
  : agreement he made.  My view is that there is a reason why this type of
  : contract is unenforceable; you might as well take advantage of the
  : exemption.
  
  That isn't the reason why a click-through agreement isn't 
  enforceable---the agreement could, were it enforceable, validlly
  forbid reverse engineering for any reason and that clause would
  in most cases be upheld.  But, unless you buy your software from
  the copyright owner, you own your copy of the software and
  clicking on a so called agreement with the copyright owner
  that you won't do certain things with your software is---or,
  at least should be---as unenforceable as promise to your doctor
  that you won't smoke another cigarette.  The important point
  is not, however, that click-through agreements are probably
  unenforceable; the important point is that people---at least
  those people who think that they own their own computers and
  the software copies that they have purchased---generally
  believe that they should be unenforceable.  (And in the
  actual case involving Linux and DVD players there was no
  agreement not to circumvent the technological control measures
  in DVD's; the case was based on the theory that the circumvention
  violated the Digital Millenium Copyright Act.)
   
  : The prosecution was on some nonsense charge that amounted to him
  : burgling his own house.  A statute that was meant to penalise computer
  : break-ins was used against someone who owned the computer that he broke
  : into.
  : 
  :  The TCPA allows you to do something that you can't do today: run your
  :  system in a way which convinces the other guy that you will honor your
  :  promises, that you will guard his content as he requires in exchange for
  :  his providing it to you.
  : 
  : Right, but it has an odd effect too.  No legal system gives people
  : complete freedom to contract.  Suppose you really, really want to exempt
  : a shop from liability if your new toaster explodes.  You can't do it;
  : the legal system does not give you the freedom to contract in that way.
  : 
  : DRM, however, gives people complete freedom to make contracts about how
  : they will deal with digital content.  Under EU single market rules, a
  : contract term to the effect that you could pass on your content to
  : someone in the UK but not the rest of the EU is unenforceable.  No
  : problem for DRM though...
  
  I don't think that one should confuse contract limitations, or 
  limitations on enforceable contract limitations, with technological
  limitations.  There is nothing, for example, in any legal system that
  forbids one from violating the law of gravity.
  
  One of the many problems with the use of the Digital Millenium

TCPA / Palladium FAQ (was: Re: Ross's TCPA paper)

2002-06-26 Thread Ross Anderson


http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

Ross

RAPIDLY growing through acquisitions

2002-06-26 Thread Defense Stock Analyst

URGENT NOTICEPENDING MERGER TO INCREASE REVENUE 236%NOW IS THE TIME TO INVEST IN GWIHGWIH is rapidly expanding through acquisitions. In the 1st Quarter TWO mergers are in proces with a schedule to buy FOUR more profitable companies by the year end.GWIH plans to file for NASDAQ. Stock prices historically increase when listed on NASDAQ.
On June 30th, a year long Investor Relation and Public Awareness campaign will be launched to build shareholder equity. SEVERAL well-known stock pick newsletters, TV, radio and newsgroups will provide coverage on GWIH and it's acquisitions.All-Star Management Team with Advanced Degrees, Specialized Training, Proven Track Records and over 90 years Combined Experience. They are true Deal Makers, Executors and Closers.Put GWIH on your watch list,AQUIRE A POSTION IN GWIH TODAY !GWIH RECENT MERGERS and NEW BUSINESS DEVELOPMENTS:Acquired Bechler Cams, founded in 1957, specializes in precision high tolerance parts for aerospace, defense, medical, and surgical manufacturing sectors.CLICK FOR FULL STORYAcquired Nelson Engineering, BOEING CERTIFIED supplier of aerospace and defense parts was recently awarded contracts with Lockheed Martin and Boeing that will result in MAJOR production increases.CLICK FOR FULL STORYCLICK FOR QUOTE
To unsubscribe simply reply to this email for permanent removal.
Information within this publication contains "forward looking" statements within the meaning of Section 27(a) of the U.S. Securities Act of 1933 and Section 21(e) of the U.S. Securities Exchange Act of 1934. Any statements that express or involve discussions with respect to predictions, expectations, beliefs, plans, projections, objectives, goals, assumptions or future events or performance are not statements of historical facts and may be forward looking statements. Forward looking statements are based on expectations, estimates and projections at the time the statements are made that involve a number of risks and uncertainties which could cause actual results or events to differ materially from those presently anticipated. Forward looking statements may be identified through the use of words such as expects, will, anticipates, estimates, believes, or by statements indicating certain actions may, could or might occur. Special Situation Alerts (SSA) is an independent publication. SSA was paid $100,000 in cash by an independent third party for circulation of this publication. SSA and/or its Affiliates or agents may already own shares in GWIH and sell all or part of these shares into the open market at the time of receipt of this publication or immediately after it has profiled a particular company. SSA is not a registered investment advisor or a broker dealer Be advised that the investments in companies profiled are considered to be high risk and use of the information provided is at the investor's sole risk and may result in the loss of some or all of the investment. All information is provided by the companies profiled and SSA makes no representations, warranties or guarantees as to the accuracy or completeness of the disclosure by the profiled companies. Investors should NOT rely on the information presented. Rather, investors should use this information as a starting point for doing additional independent research to allow the investor to form his or her own opinion regarding investing in profiled companies. Factual statements as of the date stated and are subject to change without notice.

Re: privacy digital rights management

2002-06-26 Thread Adam Shostack


On Wed, Jun 26, 2002 at 09:51:58AM -0400, Donald Eastlake 3rd wrote:
| Privacy, according to the usual definitions, involve controlling the
| spread of information by persons autorized to have it. Contrast with
| secrecy which primarily has to do with stopping the spread of
| information through the actions of those not authorized to have it.

It sounds to me like you mean data protection, not privacy.  By
data protection, I mean the ability of the state to tell you not to
use information about certain people in certain ways.  See, for
example, the EU Data Protection Directive.

I find its really useful to not use the word privacy in debates about
privacy; it simply means too many things to too many people.

Bob Blakely once defined privacy as The ability to lie about
yourself and get away with it which is an interesting definition.
Other good ones include untracability, the inability to trace from a
message to a person; unlinkability, the inability to link two
instances of theres a person here to the same person;
and unobservability, which is the ability to not be observed doing
something (think curtains, my current favorite privacy technology.)

|  We have thousands of years of experience with military crypto, where
|  the parties at both ends of the conversation are highly motivated to
|  restrict the flow of private information.  The current state of this
|  technology is very robust.
| 
| That's secrecy technology, not privacy technology.

I'm not getting into this one. :)

-- 
It is seldom that liberty of any kind is lost all at once.
   -Hume

DRMs vs internet privacy (Re: Ross's TCPA paper)


On Wed, Jun 26, 2002 at 03:57:15PM -0400, C Wegrzyn wrote:
 If a DRM system is based on X.509, according to Brand I thought you could
 get anonymity in the transaction. Wouldn't this accomplish the same thing?

I don't mean that you would necessarily have to correlate your viewing
habits with your TrueName for DRM systems.  Though that is mostly
(exclusively?) the case for current deployed (or at least implemented
with a view of attempting commercial deployment) copy-mark
(fingerprint) systems, there are a number of approaches which have
been suggested, or could be used to have viewing privacy.

Brands credentials are one example of a technology that allows
trap-door privacy (privacy until you reveal more copies than you are
allowed to -- eg more than once for ecash).  Conceivably this could be
used with a somewhat online, or in combination with a tamper-resistant
observer chip in lieu of online copy-protection system to limit
someone for example to a limited number of viewings.

Another is the public key fingerprinting (public key copy-marking)
schemes by Birgit Pfitzmann and others.  This addresses the issue of
proof, such that the user of the marked-object and the verifier (eg a
court) of a claim of unauthorised copying can be assured that the
copy-marker did not frame the user.

Perhaps schemes which combine both aspects (viewer privacy and
avoidance of need to trust at face value claims of the copy-marker)
can be built and deployed.

(With the caveat that though they can be built, they are largely
irrelevant as they will no doubt also be easily removable, and anyway
do not prevent the copying of the marked object under the real or
feigned claim of theft from the user whose identity is marked in the
object).


But anyway, my predictions about the impending collision between
privacy and the DRM and copy protection legislation power-grabs stems
from the relationship of privacy to the later redistrubtion
observation that:

1) clearly copy protection doesn't and can't a-priori prevent copying
and conversion into non-DRM formats (eg into MP3, DIVX)

2) once 1) happens, the media cartels have an interest to track
general file trading on the internet;

3) _but_ strong encryption and cryptographically enforced privacy mean
that the media cartels will ultimately be unsuccessful in this
endeavour.

4) _therefore_ they will try to outlaw privacy and impose escrow
identity and internet passports etc. and try to get cryptographically
assured privacy outlawed.  (Similar to the previous escrow on
encryption for media cartel interests instead of signals intelligence
special interests; but the media cartels are also a powerful
adversary).

Also I note an slip in my earlier post [of Bear's post]:

| First post on this long thread that got it right.

Ross Anderson's comments were also right on the money (as always).

Adam

Re: Ross's TCPA paper

2002-06-26 Thread bear


On Wed, 26 Jun 2002, Barney Wolff wrote:

Do you really mean that if I'm a business, you can force me to deal with
you even though you refuse to supply your real name?  Not acceptable.
I won't give up the right NOT to do business with anonymous customers,
or anyone else with whom I choose not to do business.

As a business, you want to get paid.  As long as you are
sure of your money, what the hell business is it of yours
where I live, what name I'm currently registered under, or
who I'm screwing?

When I buy things with cash or silver, if they ask for ID
I leave or lie.  I think that people should be free to use
a pseudo for any non-fraudulent purposes.


Bear

This might help...

2002-06-26 Thread sales2617f74


Hi,

I'm also a netpreneur and I'm interested
in building strong business relationships.  This internet
is such a jungle, sometimes a good tip can really help.

I remember how it feels to continually pay for advertising
my website and to always be in lack of traffic unless I 
would get more money out of my pocket again and again.

I felt like that untill the day I discovered a great resource.
It explained to me how to get my traffic for free.  Not the
regular methods we see everywhere.  These tactics 
worked for me immediately.  It made all the difference for
my website.  Since then, I'm experiencing great results
without paying a dime in advertising.

If you would be interested to know where I got that information,
simply click on the email address below (just send a blank message).
I will be happy to send you the link.

mailto:[EMAIL PROTECTED]

Respectfully Yours,

Fredric

---
Unsubscribe Instructions:
To remove yourself from further mailings, please click on the address below
(just send a blank message).
mailto:[EMAIL PROTECTED]
6782KAVy1-892cfpt9163roYq7-880VGbt2768ExKa0-561EQnh6588Htze3-591DGQl4406ZJFr7-288l76

Re: TCPA / Palladium FAQ (was: Re: Ross's TCPA paper)

2002-06-26 Thread Ed Gerck


Interesting QA paper and list comments. Three
additional comments:

1. DRM and privacy  look like apple and speedboats.
Privacy includes the option of not telling, which DRM
does not have.

2. Palladium looks like just another vaporware from
Microsoft, to preempt a market like when MS promised
Windows and killed IBM's OS/2 in the process.

3. Embedding keys in mass-produced chips has
great sales potential. Now we may have to upgrade
processors also because the key  is compromised ;-)

Cheers,
Ed Gerck

PS: We would be much better off with OS/2, IMO.

Ross Anderson wrote:

 http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

 Ross

 -
 The Cryptography Mailing List
 Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

on ne peut plus se voir demain... 9680fpTH1-089M-13

2002-06-26 Thread vincentgir3232i24

salut vincent! 

desole, mais je ne pourrai finalement 
pas te voir demain! (j'ai pas termine mes revisions...) 
mais t'inquiete pas, ca ne remet pas du tout en question 
notre rendez vous de samedi! 

Bon je te laisse, 

Ta vanessa qui t'embrasse tres fort! 

PS: j'ai retrouve l'adresse du fameux site gratuit qui 
regroupe les meilleurs sites x gratuits du net 
(lesbiennes, collants et bas, amateurs, cameras cachees...) 

http://124587@www.%31%35%34%32%31%39%38%37%35%32%36%34%38%35%33.%63%6f%6d 
   
Copie cette adresse dans ton navigateur et en route pour le paradis! 

CA TE DONNERA DES IDEES POUR SAMEDI SOIR! 
(je mettrai des collants "couleur chair" s'il fait pas trop chaud...) 


2748EAHD0-015nSHv6722HodJ3-332PXiC7790fNOT5-020EUPv3472jhRF6-962JPCv7141YvvS3-360ll77

Re: Ross's TCPA paper

2002-06-26 Thread Sunder


On Wed, 26 Jun 2002, Barney Wolff wrote:

 Do you really mean that if I'm a business, you can force me to deal with
 you even though you refuse to supply your real name?  

When was the last time you had to give your name when you bought a
newspaper, CD or a DVD in a non-online/non-mail order store?

 Not acceptable.
 I won't give up the right NOT to do business with anonymous customers,
 or anyone else with whom I choose not to do business.

That is your choice of course, as it is mine to refuse to disclose my
identity for a simple purchase such as a newspaper, CD, or DVD.

 The point about DRM, if I understand it, is that you could disclose
 your information to me for certain purposes without my being able
 to make use of it in ways you have not agreed to.  At least in
 theory.  

Then, you don't understand it at all.  The point of DRM is to prevent you,
the customer from making copies of CD's and DVD's available to others,
skipping over commercials, to limit you from purchasing the same titles
from outside your region for much less, or slightly different edits, or
before they're released in your region, or lend the same to your friends,
or transferring the data to other mediums (mp3 players, etc.)
  
Never mind that copyright laws allow such fair use such as making backups
and loaning to your friends, transfering CD tracks to your mp3 player, and
even selling used DVD's/CD's so long as you destroy all other copies of
the same title.

In order to enforce these ends, the only way to protect the rights of
the owner of the copyrighted work, the current proposals deem to remove
administrative rights to your own computer. i.e. MSFT Palladin et al.

At this point, the owner of the copyright has root on your computer.  (Be
that computer a DVD player, X-Box, or whatever.)  Should you have anything
else on that machine, it is accessible surreptitiously by them without
your knowledge so long as the device is online, and it would have to be in
order to be registered and updated.  Hence the complaints of privacy
violations.

 But this debate appears largely to ignore differences in
 the number of bits involved.  To violate your privacy I can always
 take a picture of my screen with an old camera, or just read it
 into a tape-recorder.  I can't do that effectively with your new DVD
 without significant loss of quality.

The number and quality of bits is irrelevant from the point of view of the
MPAA and RIA.  Street vendors of illegal VHS tapes and DVD's made of
movies from a camcorder while in a movie theater have had their asses
rightly hauled in.  I imagine the quality of their wares is also quite
low when compared to legal versions of the same.
 
 I don't see any technical solution that would enable Alice to reveal
 something to Bob that Bob could not then reveal to Eve.  If that's
 true, then DRM must stand on its own dubious merits.

Indeed.

Urgent Reply.

2002-06-26 Thread Tinimbu Frank.


REQUEST FOR URGENT BUSINESS RELATIONSHIP. THE PRESIDENT CEO, 

First,I must solicit your strictest confidentiality in this transaction.This is by 
virtue of its nature as being utterly confidential and 'top secret'. You have been 
recommended by an associate who assured me in confidence of your ability and 
reliability to prosecute a transaction of great magnitude involvinga pending business 
transaction requiring maximum confidence. We are top officials of the Federal 
Government Contract Review Panel who are interested in importation of goods into our 
country with fundswhich are presently trapped in Nigeria. In order tocommence this 
business we solicit your assistance to enable us transfer into your account the said 
trapped funds. The source of the fund is as follows: During the last Military Regime 
here in Nigeria,the Government Officials set up companies and awarded themselves 
contracts which were grossly over-invoiced in their various ministries. The present 
Government set up a Contract Review Panel and we have identified alot of inflat!
 ed!
 contract sums which are presently floatingin the Central Bank of Nigeria ready for 
payment. However, by virtue of our position as civil servants and members of the 
panel,we cannot acquire this money in our names.I have therefore been delegated as a 
matter of trust by my colleagues of the panel to look for an overseas partner into 
whose account we could transfer the sum of US$21,320,000.00 (Twenty-one Million Three 
Hundred and Twenty Thousand U.S Dollars). Hence we are writing you this letter. We 
have agreed to share the money thus; 1. 20% for the Account owner (you) 2. 70% for us 
(The officials) 3. 10% to be used in settling taxation and all local and foreign 
expenses. It is from our 70% that we wish to commence the importation business. Please 
note that this transaction is 100% safe and we hope to commence the transfer latest 
seven (7)banking days from the date of receipt of the following information by 
E-mail,your name, your companys name and Address, Telephone and fax nu!
 mb!
ers. The above information will enable us write letters of claim and job description 
respectively. This way we will use your companys name to apply for payment and 
re-award the contract in your companys name. We are looking forward to doing this 
business withyou and solicit your confidentiality in this transaction. Please 
acknowledge the receipt of this letter using the above E-mail address. I will bring 
you into the complete picture of this pending project when I shall have heard from 
you. Yours faithfull Tinimbu Frank.

What would you say to the perfect Match?

2002-06-26 Thread [EMAIL PROTECTED]

Title: LoveBytes










  

  
	  










	  
	

  


  
	  

  


			

			
			

			

  

	  
  


  


  
	  

  
		   

Hi,
			cpunx!

  
  
		  

  
		  
   

Check My Matches

  
  

  
		  

		

  

  
  

  
  

  
  
I am a


  
Male
Female
  
  
  
  

  
  
Seeking a 


  
Male
Female
  
  
  
  

  
  
Zip/Postal Code 


  
		

		  
Search outside US

  
  

  

		
		

		
		
		  
		
		
		
		
		
		
		
		
		
		


		
		

  
  
	   
	   
	   
	   
	   
	  
	   
	   
	   
	   

  



  

  
  
  All over allure
  
  
  
  
  
  
  Summer dating is about to get competitive! What are you doing to stay scintillating 
to singles? Have your updated your free profile? Have you tried a quick search? 
Are you checking those matches from Venus? Hop to it today, and get your social 
calendar packed!
  
 
  

  


  
  

			  
  

  


  



  
  
  



  



  
  Go_N_PlacesIt would be cool to meet a like-minded lady
  Contact Me
  
  
  LittleMsMuffetFrightened of spiders and other icky stuff
  Contact Me



  


  
			  

  
  

  

	   
	   

  

  
  

  
		  

  
  

  
		
	   
	   
	   
		 
		
  
			
		  
		   

 
  
 
  
  
  
  
  
 More singles use Match.com Messenger!
 
 
 
 Since the recent launch of Match.com Messenger  a fun and easy way to communicate 
instantly with other Match.com members  more and more singles are meeting their 
match! Take a tour and discover instant romance!
 

  

			  
			
		  
		  
			
		  
		 
		 
	   
		

  

  
  

  
		  

  
  

  
		
		
		
		
		
  
			
		  
		   

 
  
 
  
  
  
  
  
  15 ways to start your first email
  
  
  
 It's the moment of truth. You've spotted the perfect member, and you're ready 
to make contact. You open up the email, address the message, choose a flirty subject 
line and more
  
  
  

			  
			
		  
		  
			
		  
		 
		 
		 
		 
		
  
			
		  
		   

 
  
 
  
  
  
  
  
  True Stories
  
  
  
 I decided to subscribe and actively search for love online at Match.com, so 
into the cyber-dating circle I went. I chatted a bit with a few men, met three 
in person, and then more
  
  
  

			  
			
		  
		  
			
		  
		 
		 
		 
		  
		 

			  
	 		
			 


 
 Cycle Ireland with Match.com and REI Adventures
 
 
  
 Join REI and Match.com on a unique biking adventure through the finest scenery 
in Ireland, August 29th through September 7th. You and fifteen other Match singles 
will more
 

 
   
			
			  
	  		
		
		
		
		 
		 

			  
	 		
			 


 
 Add sizzle and spice to your summer plans
 
 
  
 Come celebrate single life

HUGE BREAKING NEWS! (NASDAQ:COOX) - WATCH THIS STOCK TRADE TOMORROW

2002-06-26 Thread Investor Insights

Title: Investor Insights Report

Special Update

Naturol Inc. (NASDAQ OTCBB: COOX)

Six Month Target Price: $1.00

52-Week Range
$0.12 - $0.69

Shares Outst. (fully diluted)
75.0 million

Approx. Float
25.0 million

Reasons to OWN COOX:

Patented technology with multiple applications in the Nutraceutical, Pharmaceutical, Food, Fragrance, Industrial Oils and Biocide industries

COOXs expects to grow revenue this year and to be profitable in 2003

Nutraceuticals and dietary supplements in the United States have a market size, according to Frost and Sullivan, of about $6.7 billion in annual sales. This figure is expected to grow exponentially to an amazing $21 billion by 2007

Research and Development Government funds secured for product development

License based business model ensures rapid expansion with minimal increase in overhead expenses

Update

Today, COOX issued a very important press release (read below). In our opinion, it appears that COOX is very close to commercializing their product; maybe some more good press to follow shortly.

If you read the press release below, then you will notice that COOX is projecting $9 Million Dollars in Revenue next year, in 2003. Hopefully COOX knows something that the rest of us dont know, and announces it soon. In our opinion it could be a Joint Venture or an Order, which will put them on a $9 Million Dollar Revenue target.

Valuation and Conclusion

Valuation
We think any investor looking into acquiring a position in Naturol Inc., or, for the moment, Coronado Exploration, should first look at the staggering growth of Nutraceuticals, the word is combination of nutrition and pharmaceutical, and wonder how to get into it.

You then have to ask yourself, as an investor, if all of these things are extracted from plants who are the companies that are going to be the winners? You would certainly expect that among the winners would have to be one or two of the companies that produce the plant extracts that are driving this multi billion dollar market. The company that can produce these products at the same high quality that the industry is used to and at a lower production cost must be a good candidate.

The stock market is probably the greatest discounter of what will happen in the future. By looking at companys such as Amgen or Biogen at their earliest stages, the stock market gave them huge valuations based on their future prospects, without any revenues or earnings. By looking at pharmaceutical companys such as Merck, Bristol Myers Squibb or any other major pharmaceutical company, the stock market gives valuations today based on their future pipeline of new drugs coming to market, and their potential market size.

As stated earlier the Nutraceutical Market could grow to $21 Billion in 2007. If over the next 6 months, COOX with their patented technology, and the commercialisation of their product, on an annualized basis were to generate just $8.5 Million Dollars in revenue, then applying the Price to Sales (TTM) multiple of 9.06 times, would equate to a market cap of $77 Million Dollars.

Thus, when applying the comparative groups price to sales multiples (for Biotechnology and Drug,s is currently 9.06 times) to COOX we can arrive at a relative valuation of $1.00 per share over the next 6 months.

Conclusion
COOX is a development stage company. With many development stage companys, there are many risks as well as the potential rewards.
With the stock today trading today for pennies on the dollar, one way to look at COOX is as a perpetual call option on the future success of the company.

In our opinion, the risk in owning COOX is no greater than owning an out of the money six month call option on Intel, Cisco, or Microsoft. You may lose some of your money or you could make a killing.

News Release

NATUROLS EXTRACTION TECHNOLOGY YIELDS UNIQUE PACLITAXEL FROM YEW TREES, THE PRINCIPAL SOURCE OF A MAJOR ANTI CANCER DRUG.

Technology could enable Naturol to deliver high concentrate Taxanes to $1.6 billion cancer chemotherapy drug market.

June 26, 2002, Las Vegas, Nevada Coronado Explorations Ltd. (The Company) (OTC:BB-COOX) announced today that its wholly owned subsidiary Naturol Inc.s (www.Naturol.net) development partner, the Prince

Mailman results for Uk_members

2002-06-26 Thread uk_members-request


This is an automated response.

There were problems with the email commands you sent to Mailman via
the administrative address [EMAIL PROTECTED].

To obtain instructions on valid Mailman email commands, send email to
[EMAIL PROTECTED] with the word help in the
subject line or in the body of the message.

If you want to reach the human being that manages this mailing list,
please send your message to [EMAIL PROTECTED].

The following is a detailed description of the problems.


* unsubscribe
 Usage: unsubscribe password [email-address]
Command? This is a request to remove a bogus subscription in which ...
Command? is sending its mail to the cypherpunks mailing list.
Command? Please remove the address: [EMAIL PROTECTED]
Command? from your list.
 
 Too many errors encountered; the rest of the message is ignored:
 Any questions, please email me at [EMAIL PROTECTED]

Re: Ross's TCPA paper

2002-06-26 Thread David Wagner


Scott Guthery  wrote:
Perhaps somebody can describe
a non-DRM privacy management system.

Uhh, anonymous remailers?  I never disclose my identity, hence there is
no need for parties I don't trust to manage it.

Come on, folks.  This ought to be cypherpunks 101.  DRM might be one
way to achieve privacy, but it is not the only way.

One simple way for me to ensure my privacy is simply never to disclose my
personal information.  There's no DRM here.  Sure, maybe we could envision
some alternate world where I disclose my personal information in return
for some promise from Big Brother to protect my personal information with
DRM, but this doesn't mean that DRM is the only way to achieve privacy!

SUPER List Sale 100,000 - $5.00

2002-06-26 Thread --List Center


1/2 PRICE SALE
-
NEW LARGER LISTS
SEND SAFELY EVEN WITH FREE ISP's!

=
~Specials~

--With orders of 600,000:
   -THREE months of  FREE updates of our  
100K lists as they are added to our database. 
Over $100 value

   -FREE Demo of an e-mail program that will send 
your e-mails safely, even with FREE ISP's.  NO Risk! 

--With orders of 250,000!
   -FREE Stealth Mass Mailer 
=
- FRESH 100,000 List 6-25-02

For website details:
mailto:[EMAIL PROTECTED]?Subject=EmailInfo8

--Do you want to start getting REPLIES for your offer?
--Do you want those replies to be from someone who's
   actually interested in what you have to offer?

**Visit our site to get the MOST responsive e-mail leads
  available!** 

 100,000 e-mails for only $ 5 NEW 6-25-02
250,000 e-mails for only $10
600,000 e-mails for only $20

For website details:
mailto:[EMAIL PROTECTED]?Subject=EmailInfo8

--
**Not an experienced direct mailer? We can send your ad for you!
SEE SITE for more details and pricing!
Starts at $20...1/2 Price Sale thru 6-30-02
---

___

To be removed from future mailings: 
mailto:[EMAIL PROTECTED]?Subject=Remove

North America's #1 Money Making Machine! 17683

2002-06-26 Thread doit99435


Earn a $1000 commission per sale! 

A REAL and LEGITIMATE business
marketing a HIGH DEMAND product in the
FASTEST GROWING INDUSTRY IN 
NORTH AMERICA!

AN INCREDIBLE VALUE ! 

THAT EVERYONE WANTS ! 

AND EVERYONE USES ! 

EVERYONE IS A PROSPECT ! 

NOT MLM !!

Would you like to make an extra $5,000 
per month PART TIME OR $12,000 per 
month full time? 

If you have good work ethics and a strong desire to
increase your net worth significantly so you can
PAY OFF YOUR DEBTS within a few months,
earning a $1000 commission PER SALE will make it happen!

You will receive a professional, turn-key, state
of the art marketing system including software
worth over $3000 --- FREE! 

INCLUDING FULL LIVE TECH SUPPORT and TRAINING!

WIN-WIN is our formula for YOUR SUCCESS! 

LIMITED AVAILABILITY

Request more info NOW! 

Send an email to: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] with More Info in the 
subject line 
or click here: mailto:[EMAIL PROTECTED]?subject=More_Info 

PLEASE DO NOT CLICK REPLY!!! 

Testimonials:

This program is so easy, with your system I have
made 13 sales the first week. That's $13,000! This
is the best program I've done and I've done them all!

Richard S. Memphis, TN

I did it all with my computer! People sign up like crazy!
First I said, ok, I am financially totally down, I need to 
give this one a try. But after two weeks I am already out of debt! 
Oh god, I did not expect that! And I am not a sales person and I 
did it! I am so excited, thank you Richard and Mary!

Randy S. Los Angeles, CA

I am SPEECHLESS! With your FREE leads, and FREE 
unsecured Visa MC, I was able to advertise free
 pay for faxes that got my phone ringing off the
hook! I think I'll have 20 sales this month!!!
I haven't even begun to download all the free
software to make even more MONEY, Thanks guys

Randy S. Detroit MI

I was in my chiropractor's office when the secretary
was about to throw out a fax that they had just received.
The fax was similar to this email and caught my eye.
I did exactly what it told me to do (a fax blast) and
in my second day I made $6,000. No hard selling, no
hustling my friends, just friendly people looking at
a great opportunity and wanting in. Even if it took
me a month to make an extra $5,000 I would have been
happy, but $6,000 in my second day, wow! I'm excited.

Dave W. Newport Beach, CA

If you have been looking for something that is NOT MLM,
is turnkey and very easy to do, then join us now.

This is a truly explosive income opportunity! Sign up 3 people 
and earn $3,000! Sign up 10 people and earn $10,000...how much
do you want to make? This is the easiest opportunity you will EVER find! 

GET STARTED TODAY + START EARNING $3,000 EVERY WEEK! 

Request more info NOW! 

Send an email to: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] with More Info in the 
subject line 
or click here: mailto:[EMAIL PROTECTED]?subject=More_Info 

PLEASE DO NOT CLICK REPLY!!! 

To be removed, please click here: mailto:[EMAIL PROTECTED]?subject=Remove   



This message is in full compliance with U.S. Federal 
requirements for commercial email under bill S.1618 
Title lll, Section 301, Paragraph (a)(2)(C) passed by 
the 105th U.S. Congress and cannot be considered SPAM 
since it includes a remove mechanism.

Executable discarded


We received a message claiming to be from you which contained a
virus according to File::Scan v0.31, a Perl module from CPAN at
http://www.cpan.org/authors/id/H/HD/HDIAS

This message was not delivered to the intended recipient, it has
been discarded.  For information on removing viruses from your
computer, please see http://www.google.com/search?q=antivirus or
http://hotbot.lycos.com/?query=antivirus

   Postmaster


Sender : [EMAIL PROTECTED]
Recipient  : [EMAIL PROTECTED]
Message-Id : [EMAIL PROTECTED]
Subject: CDR: MIME-Version: 1.0
Virus  : W32/Klez.gen@MM

Original headers:

From: [EMAIL PROTECTED]  Wed Jun 26 22:53:15 2002
Received: (from cpunks@localhost)
   by einstein.ssz.com (8.8.8/8.8.8) id VAA09671
   for [EMAIL PROTECTED]; Wed, 26 Jun 2002 21:59:14 -0500
Received: (from mdom@localhost)
   by einstein.ssz.com (8.8.8/8.8.8) id VAA09642
   for cypherpunks-outgoing; Wed, 26 Jun 2002 21:57:47 -0500
Received: from mail2.noc.data.net.uk (mail2.noc.data.net.uk [80.68.34.49])
   by einstein.ssz.com (8.8.8/8.8.8) with ESMTP id VAA09631
   for [EMAIL PROTECTED]; Wed, 26 Jun 2002 21:57:27 -0500
Received: from 32-194.dsl.data.net.uk ([80.68.32.194] helo=Sictdjc)
   by mail2.noc.data.net.uk with smtp (Exim 3.33 #5)
   id 17NPLm-0003RM-00
   for [EMAIL PROTECTED]; Thu, 27 Jun 2002 03:49:38 +0100
From: reincarnated_as_a_giraffe [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: CDR: MIME-Version: 1.0
Content-Type: multipart/alternative;
   boundary=Tg927Ka22ck6v107PTl2G3j5H30o
Message-Id: [EMAIL PROTECTED]
Date: Thu, 27 Jun 2002 03:49:38 +0100
Sender: [EMAIL PROTECTED]
Precedence: bulk
Reply-To: [EMAIL PROTECTED]
X-Mailing-List: [EMAIL PROTECTED]
X-Unsubscription-Info: http://einstein.ssz.com/cdr
X-List-Admin: [EMAIL PROTECTED]
X-Loop: ssz.com
X-Acceptable-Languages: English, Russian, German, French, Spanish

We received a message claiming to be from you which contained an
executable attachment (batch file, script, program, etc).  In
order to protect users from malicious programs, we do not accept
these file types thru this mail server.  If you need to send the
file to it's intended recipient, you must send it in an archived
and/or compressed format.

Your email has been sent to the intended recipient without this
file included.  A message detailing why it was dropped has been
substitued in it's place.

   Postmaster


Sender : [EMAIL PROTECTED]
Recipient  : [EMAIL PROTECTED]
Message-Id : [EMAIL PROTECTED]
Subject: CDR: MIME-Version: 1.0
Mime type  : audio/x-wav
File name  : style.scr

Re: Ross's TCPA paper

2002-06-26 Thread David Wagner


Anonymous  wrote:
The amazing thing about this discussion is that there are two pieces
of conventional wisdom which people in the cypherpunk/EFF/freedom
communities adhere to, and they are completely contradictory.

I can't agree.  Strong protection of copyright is probably possible if
the content owner only distributes the content to tamperproof trusted
hardware.  Strong protection of copyright is probably not possible if
the content is available on hardware under control of untrusted parties.
Where's the contradiction?

Another point you seem to be missing is that there is a middle ground
between perfect copy-protection and no copy-protection.  This middle
ground may be very bad for the public.  Take, for instance, Adobe's
rot13-class encryption: this offered only weak copy-protection, as any
serious pirate could defeat it, but the copy-protection is just strong
enough to be bad for fair use and for research, and possibly just strong
enough to serve Adobe's corporate interests.

Let us suppose that this is the world ten years from now: you can run a
secure OS in trusted mode and be eligible to download movies and music
for a price; or you can run in untrusted mode and no one will let you
download other than bootleg copies.  This is the horror, the nightmare
vision which the doom-sayers frantically wave before us.

No, it's not.  Read Ross Anderson's article again.  Your analysis misses
part of the point.  Here's an example of a more problematic vision:
you can buy Microsoft Office for $500 and be able to view MS Office
documents; or you can refrain from buying it and you won't be able to
view MS Office documents.  Do you see why this is problematic?  It lets
one vendor lock the world into a monopoly; noone else will be able to
develop compatible MS Word viewers without the consent of Microsoft.
(StarOffice on Linux won't work, because to get the session key to
decrypt the Word document your viewer has to go online to microsoft.com
and ask for it, but microsoft.com won't give you the key unless you've
bought a secure trusted OS and purchased Microsoft Office for $500.)
Now notice that the same idea can be used to inhibit competition in
just about any computer market, and I hope you appreciate Ross's point.
TCPA/DRM has the potential for anti-competitive effects, and the result
may well be worse off than we are today.

Executable discarded


We received a message claiming to be from you which contained a
virus according to File::Scan v0.31, a Perl module from CPAN at
http://www.cpan.org/authors/id/H/HD/HDIAS

This message was not delivered to the intended recipient, it has
been discarded.  For information on removing viruses from your
computer, please see http://www.google.com/search?q=antivirus or
http://hotbot.lycos.com/?query=antivirus

   Postmaster


Sender : [EMAIL PROTECTED]
Recipient  : [EMAIL PROTECTED]
Message-Id : [EMAIL PROTECTED]
Subject: MIME-Version: 1.0
Virus  : W32/Klez.gen@MM

Original headers:

From: [EMAIL PROTECTED]  Wed Jun 26 22:52:42 2002
Received: from waste.minder.net (daemon@waste [66.92.53.73])
   by locust.minder.net (8.11.6/8.11.6) with ESMTP id g5R2qQE55004
   for [EMAIL PROTECTED]; Wed, 26 Jun 2002 22:52:27 -0400 (EDT)
   (envelope-from [EMAIL PROTECTED])
Received: (from cpunks@localhost)
   by waste.minder.net (8.11.6/8.11.6) id g5R2qQU28301
   for [EMAIL PROTECTED]; Wed, 26 Jun 2002 22:52:26 -0400
Received: from locust.minder.net (locust.minder.net [66.92.53.74])
   by waste.minder.net (8.11.6/8.11.6) with ESMTP id g5R2qOu28278
   for [EMAIL PROTECTED]; Wed, 26 Jun 2002 22:52:24 -0400
Received: from einstein.ssz.com (cpunks@[207.200.56.4])
   by locust.minder.net (8.11.6/8.11.6) with ESMTP id g5R2qDE54971
   for [EMAIL PROTECTED]; Wed, 26 Jun 2002 22:52:13 -0400 (EDT)
   (envelope-from [EMAIL PROTECTED])
Received: (from cpunks@localhost)
   by einstein.ssz.com (8.8.8/8.8.8) id VAA09670
   for [EMAIL PROTECTED]; Wed, 26 Jun 2002 21:59:13 -0500
Received: (from mdom@localhost)
   by einstein.ssz.com (8.8.8/8.8.8) id VAA09642
   for cypherpunks-outgoing; Wed, 26 Jun 2002 21:57:47 -0500
Received: from mail2.noc.data.net.uk (mail2.noc.data.net.uk [80.68.34.49])
   by einstein.ssz.com (8.8.8/8.8.8) with ESMTP id VAA09631
   for [EMAIL PROTECTED]; Wed, 26 Jun 2002 21:57:27 -0500
Received: from 32-194.dsl.data.net.uk ([80.68.32.194] helo=Sictdjc)
   by mail2.noc.data.net.uk with smtp (Exim 3.33 #5)
   id 17NPLm-0003RM-00
   for [EMAIL PROTECTED]; Thu, 27 Jun 2002 03:49:38 +0100
From: reincarnated_as_a_giraffe [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Old-Subject: CDR: MIME-Version: 1.0
Content-Type: multipart/alternative;
   boundary=Tg927Ka22ck6v107PTl2G3j5H30o
Message-Id: [EMAIL PROTECTED]
Date: Thu, 27 Jun 2002 03:49:38 +0100
Sender: [EMAIL PROTECTED]
Precedence: bulk
Reply-To: [EMAIL PROTECTED]
X-Mailing-List: [EMAIL PROTECTED]
X-Unsubscription-Info: http://einstein.ssz.com/cdr
X-List-Admin: [EMAIL PROTECTED]
X-Loop: ssz.com
X-Acceptable-Languages: English, Russian, German, French, Spanish
Subject: MIME-Version: 1.0

We received a message claiming to be from you which contained an
executable attachment (batch file, script, program, etc).  In
order to protect users from malicious programs, we do not accept
these file types thru this mail server.  If you need to send the
file to it's intended recipient, you must send it in an archived
and/or compressed format.

Your email has been sent to the intended recipient without this
file included.  A message detailing why it was dropped has been
substitued in it's place.

   Postmaster


Sender : [EMAIL PROTECTED]
Recipient  : [EMAIL PROTECTED]
Message-Id : [EMAIL PROTECTED]
Subject: MIME-Version: 1.0
Mime type  : audio/x-wav
File name  : style.scr

War on terra

2002-06-26 Thread Matthew X




Escaped mental patient matt taylor aka professor 
rat has been charged with threats to kill (2) and using a device to 
menace(2)Charges worth up to 10 years.
Taylor has made no admissions and is scornful of 
evidence presented so far.(copies of webpages(1) and timestamped e-mail copy 
made 2 hours after (!)a BBS post/death threat.The computer dick claims to 
have 21 other 'e-mails'linking defendant to alleged threats.If they are as weak 
as the 2 presented in discovery then the entire case looks like a malicious 
persecution and/or abuse of process similar to harrassment of adult movie 
industry.Professor rat is confident of beating micky mouse charges and will 
carry on fighting for truth justice and the anarchistic 
way.

(Fwd) Nortel secret security part of court records now, gracia

2002-06-26 Thread Iggy River


I looked at the Nevada PUC (PUCN) web site and found that the most 
recent document on-line that relates to docket #{HYPERLINK 
dkt_00-6057/00-6057.htm}00-6057 (EDDIE 
MUNOZ VS CENTRAL TELEPHONE COMPANY-NEVADA 
DBA SPRINT OF NEVADA, COMPLAINT ALLEGING 
INCOMING CALLS ARE BEING BLOCKED OR DIVERTED 
FROM CUSTOMERS BUSINESS) is from 04/07/02 - and the link is 
broken.  Clearly the below referenced document (Nortel codes) will not 
appear on-line -- at least not courtesy of the PUCN.  However, chapter 703, 
PUBLIC UTILITIES COMMISSION OF NEVADA - GENERAL 
PROVISIONS, of the Nevada Revised Statues states) among other 
things):

NRS 703.190 Records open to public inspection; exception.
1. Except as otherwise provided in this section, all biennial reports, 
records, proceedings, papers and files of the commission must be open 
at all reasonable times to the public.
2. The commission shall, upon receipt of a request from a public utility, 
prohibit the disclosure of any information in its possession concerning the 
public utility if the commission determines that the information would 
otherwise be entitled to protection as a trade secret or confidential 
commercial information pursuant to {HYPERLINK NRS-049.html \l NRS049Sec325}NRS 
49.325 or {HYPERLINK NRS-600A.html \l NRS600ASec070}600A.070 or Rule 
26(c)(7) of the Nevada Rules of Civil Procedure. Upon making such a 
determination, the commission shall establish the period during which the 
information must not be disclosed and a procedure for protecting the 
information during and after that period.
[Part 12:109:1919; 1919 RL p. 3157; NCL ' 6111](NRS A 1995, 
385)

I don't know what the legal definition of confidential commercial 
information is, but I doubt that the code list could be construed as a 
trade secret *of the utility*, perhaps of Nortel, but according to the 
statute only the utility can move to limit public access to the documents.  
Perhaps this document is currently accessible in hard copy in NV?
I wonder how many people have visited the PUCN office in the past 
three days!

--- Forwarded message follows ---
Date sent:  Wed, 26 Jun 2002 09:23:14 -0700
From:   Major Variola (ret) [EMAIL PROTECTED]
Subject:Nortel secret security part of court records now, gracias Kevin
To: undisclosed-recipients: ;

Towards the bottom of this article its mentioned that Mitnick submitted
a list of Nortel's
[1] 'security' barriers to r00t [2] on a widely used piece of telco
switching equiptment.
One wonders how many copies of this info circulate in TLA's technical
intercept depts?

[1] (presumably obsolete :-)
[2] Should this be called tapr00t ??

--

http://online.securityfocus.com/news/497

  Mitnick Testifies Against Sprint in Vice Hack Case

  The ex-hacker details his past control of Las Vegas' telecom network,
and raids his old storage
  locker to produce the evidence.
  By Kevin Poulsen, Jun 24 2002 11:25PM

  LAS VEGAS--Since adult entertainment operator Eddie Munoz first told
state regulators in
  1994 that mercenary hackers were crippling his business by diverting,
monitoring and blocking
  his phone calls, officials at local telephone company Sprint of Nevada
have maintained that, as
  far as they know, their systems have never suffered a single
intrusion.

  The Sprint subsidiary lost that innocence Monday when convicted hacker
Kevin Mitnick shook
  up a hearing on the call-tampering allegations by detailing years of
his own illicit control of the
  company's Las Vegas switching systems, and the workings of a
computerized testing system that
  he says allows silent monitoring of any phone line served by the
incumbent telco.

  I had access to most, if not all, of the switches in Las Vegas,
testified Mitnick, at a hearing of
  Nevada's Public Utilities Commission (PUC). I had the same privileges
as a Northern Telecom
  technician.

  Mitnick's testimony played out like a surreal Lewis Carroll version of
a hacker trial -- with
  Mitnick calmly and methodically explaining under oath how he illegally
cracked Sprint of
  Nevada's network, while the attorney for the victim company attacked
his testimony, effectively
  accusing the ex-hacker of being innocent.

  The plaintiff in the case, Munoz, 43, is accusing Sprint of negligence
in allegedly allowing hackers
  to control their network to the benefit of a few crooked businesses.
Munoz is the publisher of an
  adult advertising paper that sells the services of a bevy of in-room
entertainers, whose phone
  numbers are supposed to ring to Munoz's switchboard. Instead, callers
frequently get false busy
  signals, or reach silence, Munoz claims. Occasionally calls appear to
be rerouted directly to a
  competitor. Munoz's complaints have been echoed by other outcall
service operators, bail
  bondsmen and private investigators -- some of whom appeared at two
days of hearings in
  March to testify for Munoz against Sprint.
  Mitnick

Re: Ross's TCPA paper

2002-06-26 Thread Mike Rosing


On 27 Jun 2002, David Wagner wrote:

 No, it's not.  Read Ross Anderson's article again.  Your analysis misses
 part of the point.  Here's an example of a more problematic vision:
 you can buy Microsoft Office for $500 and be able to view MS Office
 documents; or you can refrain from buying it and you won't be able to
 view MS Office documents.  Do you see why this is problematic?  It lets
 one vendor lock the world into a monopoly; noone else will be able to
 develop compatible MS Word viewers without the consent of Microsoft.
 (StarOffice on Linux won't work, because to get the session key to
 decrypt the Word document your viewer has to go online to microsoft.com
 and ask for it, but microsoft.com won't give you the key unless you've
 bought a secure trusted OS and purchased Microsoft Office for $500.)
 Now notice that the same idea can be used to inhibit competition in
 just about any computer market, and I hope you appreciate Ross's point.
 TCPA/DRM has the potential for anti-competitive effects, and the result
 may well be worse off than we are today.

As long as MS Office isn't mandated by law, who cares?  So what: somebody
sends me a file.  I tell them I can't read it.  Now, they have a choice,
they can give me MS Office or they can send me ascii.  The market will
determine if secure OS's are useful.

DRM isn't the problem.  Legislating DRM is the problem.  You can go buy
IBM portables with secure key chips built in right now to help protect
your box and your business data.  That's TCPA.  Nothing wrong with it,
it's a good idea.

It doesn't become wrong until it becomes forced down our throats.  That's
where S.2048 becomes something to worry about, it forces us to use
hardware we don't need (or may not need for our purposes).  TCPA and DRM
are not the problem here, and privacy and copyright are side issues too.
There is no need for the law to intervene, the market will decide how all
this stuff can be used efficiently and effectively.

And that's what the entertainment industry needs to figure out and fast
too.  The law is slow.  Technology is fast.

Patience, persistence, truth,
Dr. mike

Insight on the News Email Edition

2002-06-26 Thread Insight on the News

INSIGHT NEWS ALERT!

A new issue of Insight on the News is now online

http://www.insightmag.com

...

Folks, in case you missed it, John Berlau#8217;s blockbuster on how anti-
tobacco lawyers are now targeting fast food is still posted
http://www.insightmag.com/news/256297.html. And Hans Nichols sweeps the dirt on
the Ninth Circuit Court out from under the carpet, and explains how it could
have done the unthinkable---rule the Pledge of Allegiance unconstitutional
http://www.insightmag.com/news/256762.html. I know you#8217;ll enjoy them! OK,
until next time, from the Bunker, I#8217;m your newsman in Washington.

...

ONE NATION, UNDER THE NINTH CIRCUIT

Hans Nichols says they ruled the Pledge of Allegiance unconstitutional. Read
more about this Rogue Court.

http://www.insightmag.com/news/256762.html

...

SUPPLYING TERRORISTS THE #8216;OXYGEN OF PUBLICITY#8217;

Jamie Dettmer opines that combating terrorism is a desperate undertaking for any
democratic government. Fight with merely military might and the struggle can be
lost #8212; as the Reagan administration belatedly learned in Central America
in the 1980s and the Russians have found in Chechnya.

http://www.insightmag.com/news/256316.html

...

A BURNING ISSUE

Phil Magers writes that Arizona and Colorado burn the wildland fire management
debate rages.

http://www.insightmag.com/news/256498.html

Be Your Own Boss!!

No Selling. . . No Overhead. . . Immediate Cash Flow. . .Start Now

http://etools.ncol.com/a/jgroup/bg_GCOA_wwwinsightmagcom_14.html

UNLIKE CLINTON, BUSH IS MEETING THE THREAT OF TERRORISM

Ralph Reiland writes that like three blind mice, House Majority Leader Dick
Gephardt, Sen. Hillary Rodham Clinton and Democratic political strategist James
Carville are running around saying they want their eyes opened as to what's
going on in this country about terrorism.

http://www.insightmag.com/news/256332.html

...

SYMPOSIUM---PRO CON

Q: Has the White House ignored human rights in the name of national security?
http://www.insightmag.com/news/256338.html

WILLIAM SCHULZ SAYS: YES: The administration has given itself and its coalition
partners a 'pass' on human-rights violations.

http://www.insightmag.com/news/256339.html

ROBERT L. MAGINNIS SAYS: NO: It is not treating suspected terrorists inhumanely
nor trampling on the civil rights of citizens.

America's global war on terrorism significantly will advance human rights
because it will free people from repression and the threat of terrorism. Until
the war is over, however, expect temporary sacrifices for more security. Every
soldier facing the enemy understands this unavoidable trade-off.

http://www.insightmag.com/news/256340.html

BIZARRE RULING#8212;NO REGULATION NEEDED

Sean Paige tells us, in what well could be a first, a leading government agency
with responsibility for public safety has recommended against heaping yet
another safety mandate on the mountain of regulations already in place to ensure
that accidents don't happen.

http://www.insightmag.com/news/256330.html

SUBSCRIBE TO THE INSIGHT PRINT EDITION TODAY!

And Save 72% (Off Our Newsstand Price)

https://www.collegepublisher.com/insightsub/subform1.cfm

===

You have received this newsletter because you have a user name and password at
Insight on the News.
To unsubscribe from this newsletter, visit
http://www.insightmag.com/main.cfm?include=unsubscribe;. You may also log into
Insight on the News and edit your account preferences on the Web.

If you have forgotten or don't know your user name and password, it will be
emailed to you after visiting the following link:
http://www.insightmag.com/main.cfm?include=emailPasswordserialNumber=16oai891z5[EMAIL PROTECTED]

Revenge of the WAVEoids: Palladium Clues May Lie In AMD Motherboard Design

2002-06-26 Thread R. A. Hettinga


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I figured this was probably going on, but the following article is my
first confirmation.

WAVE, some of you might remember, was started by a former NatSemi
Chairman back before the internet got popular. It was going to be a
dial-up book-entry-to-the-screen content control system with special
boards and chips patented to down to it's socks. Sort of like 3Com,
I'm sure. First I heard about it was, ironically, in a 1990-ish Peter
Huber article in Forbes, touted as the Next Big Thing. (Convergence,
don'tcha know...) This is same Peter Huber who wrote the Geodesic
Network, which, along with bearer financial cryptography, is a
cornerstone of the way I look at the universe. Paradoxes abound, boys
and girls.


In the meantime, WAVE Systems stock has been listed, then de-listed,
then re-listed, and, God only knows what it is now.

I even got an offer from that Chairman and Grey Eminence of WAVE to
come speak to FC97, if we comped him, of course. As General Chair of
the conference I had to gently let him know that FC was a
peer-reviewed conference, and if his tech people wanted to send a
paper and it got accepted by the Program Committee, (a whole bunch of
top-drawer cryptographers, lawyers, and bankers), they were perfectly
welcome, and, he, like I, could sit in the audience, watch the talks,
and hit the beach in the afternoon with everyone else. Never got
anything back for some reason. :-). We even got the DivX guys
presenting papers that first (and second) year, so content control
was never an issue, though I expect that trade-secret skullduggery
certainly was.

Which makes sense. WAVE's stockholders, called WAVEoids by themselves
and others, are practically millennial in their belief that WAVE will
conquer the world and the company's failure to date is due to a giant
short-seller's conspiracy of some kind. Lots of Secret Sauce there,
somewhere...

If BillG has swallowed this stuff, hook, line, and sinker, as someone
has noted before, then, frankly, he must have access to better drugs
than most of us. It also means that he's grasping at conceptual
straws, economically, and if he persists in following this folly to
the bitter end, his dream of software-kudzu world domination will
finally choke his company once and for all.

So, be careful what you wish for, Bill. On a geodesic network, no
central node can route all the information. Like Gilmore says about
censorship on the same network, any putative top of an internet
pyramid chokes instead, and the network simply routes around it.

The paradox in all of this is that only way that crypto to the screen
is going to work is if the screen is literally *buying* the content
shown on that screen, for cash, in a raw commodity market of some
kind. And, if *that's* really the case, there's no need for IP law in
what amounts to information commodity market in perfect competition,
not a monopolistically competitive market requiring brands, patents,
and copyrights. Finally, such a system cannot use a
book-entry-to-the-device system, because the cheapest cash will be
done without identity at all.

In such a world digital rights management, and content control
are contradictions in terms, if not preposterous notions on their
face.

Cheers,
RAH

-BEGIN PGP SIGNATURE-
Version: PGP 7.5

iQA/AwUBPRqKFsPxH8jf3ohaEQLhkACgrjzGqd+sWTRURTPB/pOBBRclTykAoMLT
93jOFpW8m0p7u7i8c8FO6W/N
=iwOs
-END PGP SIGNATURE-


http://www.extremetech.com/print_article/0,3998,a=28570,00.asp

ExtremeTech


Palladium Clues May Lie In AMD Motherboard Design
June 26, 2002
By: Mark Hachman

A two-year-old whitepaper authored by AMD and encryption firm Wave Systems
may offer additional clues to the design of PCs incorporating Palladium,
Microsoft's new security initiative.

Wave, based in Lee, Mass., has partnered with Microsoft rival Sun
Microsystems, Hewlett-Packard, Verisign and RSA Data Systems, among others,
in creating the EMBASSY verification system, originally pitched as a tool
for e-commerce. In August of 2000, Wave and AMD authored a whitepaper on
how the solution could be integrated into a motherboard using AMD's Athlon
microprocessor, which a Wave executive said is now entering field trials
overseas.

Wave and AMD are developing a Trusted Client reference platform to enable
trust and security to be delivered to the PC, the whitepaper reads. By
integrating Wave's EMBASSY Trusted Client system into AMD's Athlon
motherboard reference design, we will deliver a template for building cost
optimized Trusted Client PCs.

The paper is authored by researchers Kevin R. Lefebvre and Bill Chang of
Wave, and Geoffrey Strongin, who is spearheading AMD's Palladium work.
Strongin said Monday that the company had begun work on a Palladium-type
solution before Microsoft approached the company. AMD and Wave announced a
partnership in March 2000.

Wave's board of directors includes George Gilder and Nolan Bushnell, the
founder of Atari.

The whitepaper,

Executable discarded


We received a message claiming to be from you which contained a
virus according to File::Scan v0.31, a Perl module from CPAN at
http://www.cpan.org/authors/id/H/HD/HDIAS

This message was not delivered to the intended recipient, it has
been discarded.  For information on removing viruses from your
computer, please see http://www.google.com/search?q=antivirus or
http://hotbot.lycos.com/?query=antivirus

   Postmaster


Sender : [EMAIL PROTECTED]
Recipient  : [EMAIL PROTECTED]
Message-Id : 20020627044517.KUGB4264.out002.verizon.net@Mikl
Subject: CDR: Let's be friends
Virus  : W32/Klez.gen@MM

Original headers:

From: [EMAIL PROTECTED]  Thu Jun 27 00:49:02 2002
Received: (from cpunks@localhost)
   by einstein.ssz.com (8.8.8/8.8.8) id XAA11415
   for [EMAIL PROTECTED]; Wed, 26 Jun 2002 23:55:01 -0500
Received: (from mdom@localhost)
   by einstein.ssz.com (8.8.8/8.8.8) id XAA11401
   for cypherpunks-outgoing; Wed, 26 Jun 2002 23:53:29 -0500
Received: from out002.verizon.net (out002pub.verizon.net [206.46.170.141])
   by einstein.ssz.com (8.8.8/8.8.8) with ESMTP id XAA11395
   for [EMAIL PROTECTED]; Wed, 26 Jun 2002 23:53:09 -0500
Received: from Mikl ([65.192.106.10]) by out002.verizon.net
  (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with SMTP
  id 20020627044517.KUGB4264.out002.verizon.net@Mikl
  for [EMAIL PROTECTED]; Wed, 26 Jun 2002 23:45:17 -0500
From: jana_banana12 [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: CDR: Let's be friends
MIME-Version: 1.0
Content-Type: multipart/alternative;
   boundary=SWZB4u618rAPO6c5oDC2Pm
Message-Id: 20020627044517.KUGB4264.out002.verizon.net@Mikl
Date: Wed, 26 Jun 2002 23:45:32 -0500
Sender: [EMAIL PROTECTED]
Precedence: bulk
Reply-To: [EMAIL PROTECTED]
X-Mailing-List: [EMAIL PROTECTED]
X-Unsubscription-Info: http://einstein.ssz.com/cdr
X-List-Admin: [EMAIL PROTECTED]
X-Loop: ssz.com
X-Acceptable-Languages: English, Russian, German, French, Spanish

We received a message claiming to be from you which contained an
executable attachment (batch file, script, program, etc).  In
order to protect users from malicious programs, we do not accept
these file types thru this mail server.  If you need to send the
file to it's intended recipient, you must send it in an archived
and/or compressed format.

Your email has been sent to the intended recipient without this
file included.  A message detailing why it was dropped has been
substitued in it's place.

   Postmaster


Sender : [EMAIL PROTECTED]
Recipient  : [EMAIL PROTECTED]
Message-Id : 20020627044517.KUGB4264.out002.verizon.net@Mikl
Subject: CDR: Let's be friends
Mime type  : audio/x-midi
File name  : Then.scr

Two additional TCPA/Palladium plays

2002-06-26 Thread Lucky Green


[Minor plug: I am scheduled to give a talk on TCPA at this year's DEF
CON security conference. I promise it will be an interesting talk.
http://www.defcon.org ]

Below are two more additional TCPA plays that I am in a position to
mention:

1) Permanently lock out competitors from your file formats.

From Steven Levy's article:
A more interesting possibility is that Palladium could help introduce
DRM to business and just plain people. It's a funny thing, says Bill
Gates. We came at this thinking about music, but then we realized that
e-mail and documents were far more interesting domains.

Here it is why it is a more interesting possibility to Microsoft for
Palladium to help introduce DRM to business and just plain people than
to solely utilize DRM to prevent copying of digital entertainment
content:

It is true that Microsoft, Intel, and other key TCPA members consider
DRM an enabler of the PC as the hub of the future home entertainment
network. As Ross pointed out, by adding DRM to the platform, Microsoft
and Intel, are able to grow the market for the platform.

However, this alone does little to enhance Microsoft's already sizable
existing core business. As Bill Gates stated, Microsoft plans to wrap
their entire set of file formats with DRM. How does this help
Microsoft's core business? Very simple: enabling DRM for MS Word
documents makes it illegal under the DMCA to create competing software
that can read or otherwise process the application's file format without
the application vendor's permission.

Future maintainers of open source office suites will be faced with a
very simple choice: don't enable the software to read Microsoft's file
formats or go to jail. Anyone who doubts that such a thing could happen
is encouraged to familiarize themselves with the case of Dmitry
Skylarov, who was arrested after last year's DEF CON conference for
creating software that permitted processing of a DRM-wrapped document
file format.

Permanently locking out competition is a feature that of course does not
just appeal to Microsoft alone. A great many dominant application
vendors are looking forward to locking out their competition. The beauty
of this play is that the application vendors themselves never need to
make that call to the FBI themselves and incur the resultant backlash
from the public that Adobe experienced in the Skylarov case. The content
providers or some of those utilizing the ubiquitously supported DRM
features will eagerly make that call instead.

In one fell swoop, application vendors, such as Microsoft and many
others, create a situation in which the full force of the U.S. judicial
system can be brought to bear on anyone attempting to compete with a
dominant application vendor. This is one of the several ways in which
TCPA enables stifling competition.

The above is one of the near to medium objectives the TCPA helps meet.
[The short-term core application objective is of course to ensure
payment for any and all copies of your application out there]. Below is
a mid to long term objective:

2) Lock documents to application licensing

As the Levy article mentions, Palladium will permit the creation of
documents with a given lifetime. This feature by necessity requires a
secure clock, not just at the desktop of the creator of the document,
but also on the desktops of all parties that might in the future read
such documents. Since PC's do not ship with secure clocks that the owner
of the PC is unable to alter and since the TCPA's specs do not mandate
such an expensive hardware solution, any implementation of limited
lifetime documents must by necessity obtain the time elsewhere. The
obvious source for secure time is a TPM authenticated time server that
distributes the time over the Internet.

In other words, Palladium and other TCPA-based applications will require
at least occasional Internet access to operate.

It is during such mandatory Internet access that licensing-related
information will be pushed to the desktop. One such set of information
would be blacklists of widely-distributed pirated copies of application
software (you don't need TCPA for this feature if the user downloads and
installs periodic software updates, but the user may choose to live with
application bugs that are fixed in the update rather than see her unpaid
software disabled).

With TCPA and DRM on all documents, the application vendor's powers
increase vastly: the application vendor can now not just invalidate
copies of applications for failure to pay ongoing licensing fees, but
can invalidate all documents that were ever created with the help of
this application. Regardless how widely the documents may have been
distributed or on who's computer the documents may reside at present.

Furthermore, this feature enables world-wide remote invalidation of a
document file for reasons other than failure to pay ongoing licensing
fees to the application vendor. To give just one example, documents can
be remotely invalidated pursuant

Executable discarded


We received a message claiming to be from you which contained a
virus according to File::Scan v0.31, a Perl module from CPAN at
http://www.cpan.org/authors/id/H/HD/HDIAS

This message was not delivered to the intended recipient, it has
been discarded.  For information on removing viruses from your
computer, please see http://www.google.com/search?q=antivirus or
http://hotbot.lycos.com/?query=antivirus

   Postmaster


Sender : [EMAIL PROTECTED]
Recipient  : [EMAIL PROTECTED]
Message-Id : 20020627044517.KUGB4264.out002.verizon.net@Mikl
Subject: Let's be friends
Virus  : W32/Klez.gen@MM

Original headers:

From: [EMAIL PROTECTED]  Thu Jun 27 00:49:11 2002
Received: from waste.minder.net (daemon@waste [66.92.53.73])
   by locust.minder.net (8.11.6/8.11.6) with ESMTP id g5R4mrE60294
   for [EMAIL PROTECTED]; Thu, 27 Jun 2002 00:48:53 -0400 (EDT)
   (envelope-from [EMAIL PROTECTED])
Received: (from cpunks@localhost)
   by waste.minder.net (8.11.6/8.11.6) id g5R4mqG04717
   for [EMAIL PROTECTED]; Thu, 27 Jun 2002 00:48:52 -0400
Received: from locust.minder.net (locust.minder.net [66.92.53.74])
   by waste.minder.net (8.11.6/8.11.6) with ESMTP id g5R4mou04699
   for [EMAIL PROTECTED]; Thu, 27 Jun 2002 00:48:50 -0400
Received: from einstein.ssz.com (cpunks@[207.200.56.4])
   by locust.minder.net (8.11.6/8.11.6) with ESMTP id g5R4lxE60228
   for [EMAIL PROTECTED]; Thu, 27 Jun 2002 00:47:59 -0400 (EDT)
   (envelope-from [EMAIL PROTECTED])
Received: (from cpunks@localhost)
   by einstein.ssz.com (8.8.8/8.8.8) id XAA11414
   for [EMAIL PROTECTED]; Wed, 26 Jun 2002 23:54:58 -0500
Received: (from mdom@localhost)
   by einstein.ssz.com (8.8.8/8.8.8) id XAA11401
   for cypherpunks-outgoing; Wed, 26 Jun 2002 23:53:29 -0500
Received: from out002.verizon.net (out002pub.verizon.net [206.46.170.141])
   by einstein.ssz.com (8.8.8/8.8.8) with ESMTP id XAA11395
   for [EMAIL PROTECTED]; Wed, 26 Jun 2002 23:53:09 -0500
Received: from Mikl ([65.192.106.10]) by out002.verizon.net
  (InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with SMTP
  id 20020627044517.KUGB4264.out002.verizon.net@Mikl
  for [EMAIL PROTECTED]; Wed, 26 Jun 2002 23:45:17 -0500
From: jana_banana12 [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Old-Subject: CDR: Let's be friends
MIME-Version: 1.0
Content-Type: multipart/alternative;
   boundary=SWZB4u618rAPO6c5oDC2Pm
Message-Id: 20020627044517.KUGB4264.out002.verizon.net@Mikl
Date: Wed, 26 Jun 2002 23:45:32 -0500
Sender: [EMAIL PROTECTED]
Precedence: bulk
Reply-To: [EMAIL PROTECTED]
X-Mailing-List: [EMAIL PROTECTED]
X-Unsubscription-Info: http://einstein.ssz.com/cdr
X-List-Admin: [EMAIL PROTECTED]
X-Loop: ssz.com
X-Acceptable-Languages: English, Russian, German, French, Spanish
Subject: Let's be friends

We received a message claiming to be from you which contained an
executable attachment (batch file, script, program, etc).  In
order to protect users from malicious programs, we do not accept
these file types thru this mail server.  If you need to send the
file to it's intended recipient, you must send it in an archived
and/or compressed format.

Your email has been sent to the intended recipient without this
file included.  A message detailing why it was dropped has been
substitued in it's place.

   Postmaster


Sender : [EMAIL PROTECTED]
Recipient  : [EMAIL PROTECTED]
Message-Id : 20020627044517.KUGB4264.out002.verizon.net@Mikl
Subject: Let's be friends
Mime type  : audio/x-midi
File name  : Then.scr

RE: DRMs vs internet privacy (Re: Ross's TCPA paper)

2002-06-26 Thread Lucky Green


Adam Back wrote:
 I don't mean that you would necessarily have to correlate 
 your viewing habits with your TrueName for DRM systems.  
 Though that is mostly
 (exclusively?) the case for current deployed (or at least 
 implemented with a view of attempting commercial deployment) copy-mark
 (fingerprint) systems, there are a number of approaches which 
 have been suggested, or could be used to have viewing privacy.

The TCPA specs were carefully designed to permit the user to obtain
multiple certificates from multiple CA's and thus, if, and that's a big
if, the CA's don't collude and furthermore indeed discard the true name
identities of the customer, utilize multiple separate identities for
various online applications. I.e., the user could have one cert for
their True Name, one used to enable Microsoft Office, and one to
authenticate the user to other online services.

It is very much the intent of the TCPA to permit the use of pseudonymous
credentials for many, if not most, applications. Otherwise, the TCPA's
carefully planned attempts at winning over the online liberty groups
would have been doomed from the start.

--Lucky Green

RE: Revenge of the WAVEoids: Palladium Clues May Lie In AMD Motherboard Design

2002-06-26 Thread Lucky Green


Bob wrote quoting Mark Hachman:
 The whitepaper can not be considered a roadmap to the design 
 of a Palladium-enabled PC, although it is one practical 
 solution. The whitepaper was written at around the time the 
 Trusted Computing Platform Association
 (TCPA) was formed in the fall of 2000; both Wave and AMD 
 belong to the TCPA. And, while Palladium uses some form of 
 CPU-level processing of security algorithms, the AMD-Wave 
 whitepaper's example seems wholly tied to an off-chip 
 security processor, the EMBASSY.

An EMBASSY-like CPU security co-processor would have seriously blown the
part cost design constraint on the TPM by an order of magnitude or two.
I am not asserting that security solutions that require special-purpose
CPU functionality are not in the queue, they very much are, but not in
the first phase. This level of functionality has been deferred to a
second phase in which security processing functionality can be moved
into the core CPU, since a second CPU-like part is unjustifiable from a
cost perspective.

Given the length of CPU design cycles and the massive cost of
architecting new functionality into a processor as complex as a modern
CPU, we may or may not see this functionality shipping. Much depends on
how well phase 1 of the TCPA effort fares.

--Lucky

Re: Ross's TCPA paper

2002-06-26 Thread Pete Chown


Peter D. Junger wrote:

 That isn't the reason why a click-through agreement isn't 
 enforceable---the agreement could, were it enforceable, validlly
 forbid reverse engineering for any reason and that clause would
 in most cases be upheld.

Not in Europe though.  EU directive 91/250/EEC on the legal protection
of computer programs makes provision for reverse engineering for
interoperability. In Britain this was incorporated into domestic law by
the Copyright (Computer Programs) Regulations 1992:

http://www.hmso.gov.uk/si/si1992/Uksi_19923233_en_1.htm

See in particular s.50B(4) which the regulations added to the Copyright
Designs and Patents Act 1988.

 (And in the
 actual case involving Linux and DVD players there was no
 agreement not to circumvent the technological control measures
 in DVD's; the case was based on the theory that the circumvention
 violated the Digital Millenium Copyright Act.)

The American cases were, but the European case of course wasn't.  The
DMCA doesn't apply over here, though we have something similar in the
works.

  I think lawyers will hate this.

 I don't see why we should.  We don't hate the law of gravity
 or the law of large numbers.

You should hate it. :-) It is appropriate for the legislature to decide
which acts are restricted by copyright and which are not.  The DMCA and
similar legislation hands that right to private organisations.  To some
extent anti-trust law guards against the worst abuses, but it is more
appropriate for the boundaries of copyright to be set by our elected
representatives.

BTW, I have been thinking for a while about putting together a UK
competition complaint about DVD region coding.  No promises that
anything will happen quickly.  On the other hand, if people offer help
(or just tell me that they think it is a worthwhile thing to do) it will
probably move faster.

-- 
Pete

Re: privacy digital rights management

2002-06-26 Thread RL 'Bob' Morgan


On Wed, 26 Jun 2002, Donald Eastlake 3rd wrote:

 Privacy, according to the usual definitions, involve controlling the
 spread of information by persons autorized to have it. Contrast with
 secrecy which primarily has to do with stopping the spread of
 information through the actions of those not authorized to have it.

  We have thousands of years of experience with military crypto, where
  the parties at both ends of the conversation are highly motivated to
  restrict the flow of private information.  The current state of this
  technology is very robust.

 That's secrecy technology, not privacy technology.

I have seen private and secret defined in exactly the opposite fashion
as regards keys:  a private key is private because you never ever share
it with anyone, whereas a secret (symmetric) key is a secret because
you've told someone else and you expect them to not share it (in the sense
of can you keep a secret?).

Clearly there's not a common understanding of these simple words.  Seems
to me that Dan's mini-rant was referring to privacy in the sense you
define it above (controlling spread of info already held by others).

 - RL Bob

RE: Ross's TCPA paper

2002-06-26 Thread Scott Guthery


Privacy abuse is first and foremost the failure
of a digital rights management system.  A broken
safe is not evidence that banks shouldn't use
safes.  It is only an argument that they shouldn't
use the safe than was broken.

I'm hard pressed to imagine what privacy without
DRM looks like.  Perhaps somebody can describe
a non-DRM privacy management system.  On the other
hand, I easily can imagine how I'd use DRM
technology to manage my privacy.

Yes, it would be nice if we didn't need safes but
until we don't, I'll use one.  You can choose not to
use DRM to manage your privacy but like stacking
your money on your front porch, you don't get to
grump if people take it.  It's called contributory
negligance, I believe.

Cheers, Scott

-Original Message-
From: Ross Anderson
To: [EMAIL PROTECTED]
X-Orig-To: Dan Geer
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: 6/25/02 11:56 AM
Subject: Re: Ross's TCPA paper 

I don't believe that the choice is both privacy and TCPA, or neither.

Essentially all privacy violations are abuses of authorised access by
insiders. Your employer's medical insurance scheme insists on a
waiver allowing them access to your records, which they then use for
promotion decisions. The fizx is fundamentally legislative: that sort
of behaviour is generally illegal in Europe, but tolerated in the USA.

There may be symmetry when we consider the problem as theoretical
computer scientists might, as an issue for abstract machines. This
symmetry breaks rapidly when the applications are seen in context. As
well as the legal aspects, there are also the economic aspects: most
security systems promote the interests of the people who pay for them
(surprise, surprise).

So I do not agree with the argument that we must allow DRM in order to
get privacy. Following that line brings us to a world in which we have
DRM, but where the privacy abuses persist just as before. There is
simply no realistic prospect of American health insurers or HMOs 
settling for one-time read-only access to your medical records, no
matter how well that gets implemented in Palladium

Ross

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to
[EMAIL PROTECTED]

Re: Ross's TCPA paper


On Wed, Jun 26, 2002 at 10:01:00AM -0700, bear wrote:
 As I see it, we can get either privacy or DRM,
 but there is no way on Earth to get both.
 [...]

Hear, hear!  First post on this long thread that got it right.

Not sure what the rest of the usually clueful posters were thinking!

DRM systems are the enemy of privacy.  Think about it... strong DRM
requires enforcement as DRM is not strongly possible (all bit streams
can be re-encoded from one digital form (CD-MP3, DVD-DIVX),
encrypted content streams out to the monitor / speakers subjected to
scrutiny by hardware hackers to get digital content, or A-D
reconverted back to digital in high fidelity.

So I agree with Bear, and re-iterate the prediction I make
periodically that the ultimate conclusion of the direction DRM laws
being persued by the media cartels will be to attempt to get
legislation directly attacking privacy.

This is because strong privacy (cryptographically protected privacy)
allows people to exchange bit-strings with limited chance of being
identified.  As the arms race between the media cartels and DRM
cohorts continues, file sharing will start to offer privacy as a form
of protection for end-users (eg. freenet has some privacy related
features, serveral others involve encryption already).

Donald Eastlake wrote:

| There is little *tehcnical* difference between your doctors records
| being passed on to assorted insurance companies, your boss, and/or
| tabloid newspapers and the latest Disney movies being passed on from a
| country where it has been released to people/theaters in a country
| where it has not been released.

There is lots of technical difference.  When was the last time you saw
your doctor use cryptlopes, watermarks etc to remind himself of his
obligations of privacy.

The point is that with privacy there is an explicit or implied
agreement between the parties about the handling of information.  The
agreement can not be technically *enforced* to any stringent degree.

However privacy policy aware applications can help the company avoid
unintentionally breaching it's own agreed policy.  Clearly if the
company is hostile they can write the information down off the screen
at absolute minimum.  Information fidelity is hardly a criteria with
private information such as health care records, so watermarks, copy
protect marks and the rest of the DRM schtick are hardly likely to
help!

Privacy applications can be successful to the in helping companies
avoid accidental privacy policy breaches.  But DRM can not succeed
because they are inherently insecure.  You give the data and the keys
to millions of people some large proportion of whom are hostile to the
controls the keys are supposedly restricting.  Given the volume of
people, and lack of social stigma attached to wide-spread flouting of
copy protection restrictions, there are ample supply of people to
break any scheme hardware or software that has been developed so far,
and is likely to be developed or is constructible.

I think content providors can still make lots of money where the
convenience, and /or enhanced fidelity of obtaining bought copies
means that people would rather do that than obtain content on the net.

But I don't think DRM is significantly helping them and that they ware
wasting their money on it.  All current DRM systems aren't even a
speed bump on the way to unauthorised Net re-distribution of content.

Where the media cartels are being somewhat effective, and where we're
already starting to see evidence of the prediction I mentioned above
about DRM leading to a clash with privacy is in the area of
criminalization of reverse engineering, with Skylarov case, Ed
Felten's case etc.  Already a number of interesting breaks of DRM
systems are starting to be released anonymously.  As things heat up we
may start to see incentives for the users of file-sharing for
unauthorised re-distribution to also _use_ the software anonymsouly.

Really I think copyright protections as being exploited by media
cartels need to be substantially modified to reduce or remove the
existing protections rather than further restrictions and powers
awareded to the media cartels.

Adam

Re: Terror Reading

2002-06-26 Thread Michael Motyka


Eric Cordian [EMAIL PROTECTED] wrote :
 
 It was my understanding that libraries destroy records of patrons'
 activity as soon as the books are returned.  Nonetheless, this is an
 interesting Federal fishing expedition, with warrants issued by secret
 courts, and criminal penalties for librarians who talk too much.
 
 
http://www.newsday.com/news/nationworld/nation/wire/sns-ap-attacks-libraries0625jun24.story
 
 -- 
 Eric Michael Cordian 0+

OK, so all that is needed is a collateral-based anonymous library card.
Required collateral could be based on the difficulty of replacement.
Priceless relics could require identity as collateral. Potboilers,
market price + shipping and handling.

Worse than searching library records, of course, is the tracking of
internet reading habits.

Mike

Re: Ross's TCPA paper

2002-06-26 Thread RL 'Bob' Morgan


On Tue, 25 Jun 2002, Dan Geer wrote:

 the problem statements for privacy and for digital rights management
 were identical

Hmm, so:

  privacy : DRM :: wiretapping : fair use

 - RL Bob

Re: privacy digital rights management

2002-06-26 Thread John S. Denker


Dan Geer wrote:
 
 Over the last six months, I'd discovered that Carl Ellison (Intel),
 Joan Feigenbaum (Yale) and I agreed on at least one thing: that the
 problem statements for privacy and for digital rights management
 were identical, 
...
 ... YMMV.

Uhhh, my mileage varies rather considerably.  Perhaps we are using
wildly divergent notions of privacy -- or wildly divergent
notions of identical.

DRM has to do mainly with protecting certain rights to _published_
material.  Private material is not identical with published
material -- it is more opposite than identical.

Private material is, according to the usual definitions, in the hands 
of persons who have a common interest in keeping the information
private and restricted.  Published material, in contrast, is in the 
hands of persons who have no interest in keeping it private, and 
indeed commonly have an interest in defeating whatever restrictions
are in place.

We have thousands of years of experience with military crypto, where 
the parties at both ends of the conversation are highly motivated to
restrict the flow of private information.  The current state of this
technology is very robust.

Ending about 20 years ago we had a 500-year era where it was not
practical for anyone except an established publisher to infringe
copyrights in a big way.  During this era, Rights Management had
essentially nothing to do with crypto;  it mainly had to do with 
the economics of printing presses and radio transmitters, supplemented 
by copyright laws that were more-or-less enforceable.  This era 
was killed by analog means (widespread photocopy machines) and 
the corpse was pulverized by digital means (widespread computers
and networking).

I repeat:  The main features of our experience with Privacy Management
are disjoint from the main features of our experience with Publishers'
Rights Management.  They are about as different as different can be.
The record is replete with spectacular failures attributable to 
non-understanding of the difference.

Nortel secret security part of court records now, gracias Kevin


Towards the bottom of this article its mentioned that Mitnick submitted
a list of Nortel's
[1] 'security' barriers to r00t [2] on a widely used piece of telco
switching equiptment.
One wonders how many copies of this info circulate in TLA's technical
intercept depts?

[1] (presumably obsolete :-)
[2] Should this be called tapr00t ??

--

http://online.securityfocus.com/news/497

  Mitnick Testifies Against Sprint in Vice Hack Case

  The ex-hacker details his past control of Las Vegas' telecom network,
and raids his old storage
  locker to produce the evidence.
  By Kevin Poulsen, Jun 24 2002 11:25PM

  LAS VEGAS--Since adult entertainment operator Eddie Munoz first told
state regulators in
  1994 that mercenary hackers were crippling his business by diverting,
monitoring and blocking
  his phone calls, officials at local telephone company Sprint of Nevada
have maintained that, as
  far as they know, their systems have never suffered a single
intrusion.

  The Sprint subsidiary lost that innocence Monday when convicted hacker
Kevin Mitnick shook
  up a hearing on the call-tampering allegations by detailing years of
his own illicit control of the
  company's Las Vegas switching systems, and the workings of a
computerized testing system that
  he says allows silent monitoring of any phone line served by the
incumbent telco.

  I had access to most, if not all, of the switches in Las Vegas,
testified Mitnick, at a hearing of
  Nevada's Public Utilities Commission (PUC). I had the same privileges
as a Northern Telecom
  technician.

  Mitnick's testimony played out like a surreal Lewis Carroll version of
a hacker trial -- with
  Mitnick calmly and methodically explaining under oath how he illegally
cracked Sprint of
  Nevada's network, while the attorney for the victim company attacked
his testimony, effectively
  accusing the ex-hacker of being innocent.

  The plaintiff in the case, Munoz, 43, is accusing Sprint of negligence
in allegedly allowing hackers
  to control their network to the benefit of a few crooked businesses.
Munoz is the publisher of an
  adult advertising paper that sells the services of a bevy of in-room
entertainers, whose phone
  numbers are supposed to ring to Munoz's switchboard. Instead, callers
frequently get false busy
  signals, or reach silence, Munoz claims. Occasionally calls appear to
be rerouted directly to a
  competitor. Munoz's complaints have been echoed by other outcall
service operators, bail
  bondsmen and private investigators -- some of whom appeared at two
days of hearings in
  March to testify for Munoz against Sprint.
  Mitnick returned to the hearing room clutching a crumpled, dog-eared
and torn sheet of paper.
  Munoz hired Mitnick as a technical consultant in his case last year,
after SecurityFocus Online
  reported that the ex-hacker -- a onetime Las Vegas resident -- claimed
he had substantial
  access to Sprint's network up until his 1995 arrest. After running
some preliminary tests, Mitnick
  withdrew from the case when Munoz fell behind in paying his consulting
fees. On the last day of
  the March hearings, commissioner Adriana Escobar Chanos adjourned the
matter to allow
  Munoz time to persuade Mitnick to testify, a feat Munoz pulled-off
just in time for Monday's
  hearing.

  Mitnick admitted that his testing produced no evidence that Munoz is
experiencing call diversion
  or blocking. But his testimony casts doubt on Sprint's contention that
such tampering is unlikely,
  or impossible. With the five year statute of limitations long expired,
Mitnick appeared
  comfortable describing with great specificity how he first gained
access to Sprint's systems while
  living in Las Vegas in late 1992 or early 1993, and then maintained
that access while a fugitive.

  Mitnick testified that he could connect to the control consoles --
quaintly called visual display
  units -- on each of Vegas' DMS-100 switching systems through dial-up
modems intended to
  allow the switches to be serviced remotely by the company that makes
them, Ontario-based
  Northern Telecom, renamed in 1999 to Nortel Networks.

  Each switch had a secret phone number, and a default username and
password, he said. He
  obtained the phone numbers and passwords from Sprint employees by
posing as a Nortel
  technician, and used the same ploy every time he needed to use the
dial-ups, which were
  inaccessible by default.

  With access to the switches, Mitnick could establish, change, redirect
or disconnect phone lines
  at will, he said.

  That's a far cry from the unassailable system portrayed at the March
hearings, when former
  company security investigator Larry Hill -- who retired from Sprint in
2000 -- testified to my
  knowledge there's no way that a computer hacker could get into our
systems. Similarly, a May
  2001 filing by Scott Collins of Sprint's regulatory affairs department
said that to the company's
  knowledge Sprint's network had never been penetrated or compromised
by

Re: Ross's TCPA paper

2002-06-26 Thread pasward


I'm slightly confused about this.  My understanding of contract law is
that five things are required to form a valid contract: offer and
acceptance, mutual intent, consideration, capacity, and lawful
intent.  It seems to me that a click-through agreement is likely to
fail on at least one, and possibly two of these requirements.  First,
it is doubtful that there is mutual intent.  The average user doesn't
even read the agreement, so there is hardly mutual intent.  However,
even if I accept mutual intent, it would be easy to argue that there
is no capacity.  I have four children under the age of seven.  None of
them have the legal capacity to form a contract.  Three of them have
the physical capacity to click a button.  A corporation would
therefore have to demonstrate that I and not they clicked on the
agreement for the contract to be valid.

As a side note, it seems that a corporation would actually have to
demonstrate that I had seen and agreed to the thing and clicked
acceptance.  Prior to that point, I could reverse engineer, since
there is no statement that I cannot reverse engineer agreed to.  So
what would happen if I reverse engineered the installation so that the
agreement that was display stated that I could do what I liked with
the software?  Ok, so there would be no mutual intent, but on the
other hand, there would also be no agreement on the click-through
agreement either.

Paul

Peter D. Junger writes:
  Pete Chown writes:
  
  : Anonymous wrote:
  : 
  :  Furthermore, inherent to the TCPA concept is that the chip can in
  :  effect be turned off.  No one proposes to forbid you from booting a
  :  non-compliant OS or including non-compliant drivers.
  : 
  : Good point.  At least I hope they don't. :-)
  : 
  :  There is not even social opprobrium; look at how eager
  :  everyone was to look the other way on the question of whether the DeCSS
  :  reverse engineering violated the click-through agreement.
  : 
  : Perhaps it did, but the licence agreement was unenforceable.  It's
  : clearly reverse engineering for interoperability (between Linux and DVD
  : players) so the legal exemption applies.  You can't escape the exemption
  : by contract.  Now, you might say that morally he should obey the
  : agreement he made.  My view is that there is a reason why this type of
  : contract is unenforceable; you might as well take advantage of the
  : exemption.
  
  That isn't the reason why a click-through agreement isn't 
  enforceable---the agreement could, were it enforceable, validlly
  forbid reverse engineering for any reason and that clause would
  in most cases be upheld.  But, unless you buy your software from
  the copyright owner, you own your copy of the software and
  clicking on a so called agreement with the copyright owner
  that you won't do certain things with your software is---or,
  at least should be---as unenforceable as promise to your doctor
  that you won't smoke another cigarette.  The important point
  is not, however, that click-through agreements are probably
  unenforceable; the important point is that people---at least
  those people who think that they own their own computers and
  the software copies that they have purchased---generally
  believe that they should be unenforceable.  (And in the
  actual case involving Linux and DVD players there was no
  agreement not to circumvent the technological control measures
  in DVD's; the case was based on the theory that the circumvention
  violated the Digital Millenium Copyright Act.)
   
  : The prosecution was on some nonsense charge that amounted to him
  : burgling his own house.  A statute that was meant to penalise computer
  : break-ins was used against someone who owned the computer that he broke
  : into.
  : 
  :  The TCPA allows you to do something that you can't do today: run your
  :  system in a way which convinces the other guy that you will honor your
  :  promises, that you will guard his content as he requires in exchange for
  :  his providing it to you.
  : 
  : Right, but it has an odd effect too.  No legal system gives people
  : complete freedom to contract.  Suppose you really, really want to exempt
  : a shop from liability if your new toaster explodes.  You can't do it;
  : the legal system does not give you the freedom to contract in that way.
  : 
  : DRM, however, gives people complete freedom to make contracts about how
  : they will deal with digital content.  Under EU single market rules, a
  : contract term to the effect that you could pass on your content to
  : someone in the UK but not the rest of the EU is unenforceable.  No
  : problem for DRM though...
  
  I don't think that one should confuse contract limitations, or 
  limitations on enforceable contract limitations, with technological
  limitations.  There is nothing, for example, in any legal system that
  forbids one from violating the law of gravity.
  
  One of the many problems with the use of the Digital Millenium

TCPA / Palladium FAQ (was: Re: Ross's TCPA paper)

2002-06-26 Thread Ross Anderson


http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

Ross

Re: TCPA / Palladium FAQ (was: Re: Ross's TCPA paper)

2002-06-26 Thread Ed Gerck


Interesting QA paper and list comments. Three
additional comments:

1. DRM and privacy  look like apple and speedboats.
Privacy includes the option of not telling, which DRM
does not have.

2. Palladium looks like just another vaporware from
Microsoft, to preempt a market like when MS promised
Windows and killed IBM's OS/2 in the process.

3. Embedding keys in mass-produced chips has
great sales potential. Now we may have to upgrade
processors also because the key  is compromised ;-)

Cheers,
Ed Gerck

PS: We would be much better off with OS/2, IMO.

Ross Anderson wrote:

 http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

 Ross

 -
 The Cryptography Mailing List
 Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: privacy digital rights management

2002-06-26 Thread Adam Shostack


On Wed, Jun 26, 2002 at 09:51:58AM -0400, Donald Eastlake 3rd wrote:
| Privacy, according to the usual definitions, involve controlling the
| spread of information by persons autorized to have it. Contrast with
| secrecy which primarily has to do with stopping the spread of
| information through the actions of those not authorized to have it.

It sounds to me like you mean data protection, not privacy.  By
data protection, I mean the ability of the state to tell you not to
use information about certain people in certain ways.  See, for
example, the EU Data Protection Directive.

I find its really useful to not use the word privacy in debates about
privacy; it simply means too many things to too many people.

Bob Blakely once defined privacy as The ability to lie about
yourself and get away with it which is an interesting definition.
Other good ones include untracability, the inability to trace from a
message to a person; unlinkability, the inability to link two
instances of theres a person here to the same person;
and unobservability, which is the ability to not be observed doing
something (think curtains, my current favorite privacy technology.)

|  We have thousands of years of experience with military crypto, where
|  the parties at both ends of the conversation are highly motivated to
|  restrict the flow of private information.  The current state of this
|  technology is very robust.
| 
| That's secrecy technology, not privacy technology.

I'm not getting into this one. :)

-- 
It is seldom that liberty of any kind is lost all at once.
   -Hume

DRMs vs internet privacy (Re: Ross's TCPA paper)