(Click this line for the BIG version of the cover. Press the BACK button on your browser to return here.)
Publisher/Editor: Mark Shapiro
Modems/Disks: Fred Townsend
Operating Systems: Randy Just
Copy Editors: Bryce Wolfson and Cheryl Milstead
Administration: Veronica Shapiro
Production: Steve Kong
Distribution: Sean Andrade, Leo Bounds, Chris Brown, Jami Chism, Bill Clark, Robert Escamilla, Adam Fernades, Phil Gantz, Phil Intravia, David & Lisa Janakes, Joe Jenkins, Wendie Lash, Frank Leonard, Sara Levinson, Mark Murphy, Pete Nelson, Laurie Newell, Ed Ng, Evan Platt, Jack Porter, Steve Pomerantz, Gary Ray, Alex Riggs, Lee Root, and Leigh Shevchik.
Printed at: Fricke-Parks Press (510) 793-6543
Pages 2 and 3 had full-page ads for Laitron Computers.
The local paper recently warned parents about the danger in letting their children (and teenagers) dial up a local BBS, such as those listed in "freebie" papers. The story indicated local BBSs could allow kids to get X-rated materials or be exposed to abusive adults. Of course, the story linked local BBSs with a potential for bestiality and "kiddie" porn.
The newspaper once again steered readers toward the belief that only giant online commercial services are safe. Small and medium-sized BBSs (and this magazine) have nothing against the giant online services. We do resent being classified as unsafe, or as being the sole source of adult material.
The BBSs and online services listed in BABBA keep children away from adult material and abusive adults. All have strict controls on adult material, and none have anything to do with child porn or bestiality. Should parents be careful as to what their child does online? - Of course, but local BBSs are no more dangerous than the commonly promoted online giants.
Page 4 had ads for the Bay Area Mega Board, the Silicon Matchmaker (www.silicon.email.net), and the Tiger Team Information Network.
Q: Have you ever heard of a crack for the various PC remote-control applications, like (PC Anywhere), or (Carbon Copy)? Is it possible to crack through their security? I'd like to know because I may put one on our network, and I'd hate to have anyone hack their way through.
A: As far as we know, these products are safe. To protect against a chance of "outside" hacking, you can set your modem to answer on the 7th ring, for example. This may discourage the random-dialing criminal hackers. For ultimate security, get a call-back modem. These modems get a call, accept a password, and then dial out only to a pre-approved list of phone numbers.
Anyone that knows of any special risks or precautions on the above-named software packages, please contact us.
Q: Why do BBS callers tend to have such poor grammar?
A: In the online world, function usually wins over form. Some considered it wasteful to spend time creating perfect grammar. When typing a message in a full-screen editor, coherent well-formed sentences, grammar, punctuation, and spelling are all good ideas. In a single-line editor, it can be difficult to go back and correct mistakes.
When you are chatting with someone online, typing "catch yuo latr, im goinng to sleep now!" gets your point across. Some would argue that it would waste time to backspace and correct mistakes if the meaning is clear.
Q: Our local newspaper recently ran front-page articles featuring Vice President Al Gore and Governor Pete Wilson in staged chat sessions with the general public. Gore's session was on Internet, and Wilson's over America Online. Both sessions seemed to be dismal failures. Why did these chat sessions turn out to such fiascoes, and why do you think they were covered with such vigor? (RG, San Jose)
A: Real-time online chat is no place for practical discussions with political figureheads. Online chatting requires time and practice to master. It's not the fault of the politicians, placed in the spotlight, that they were inundated with rapid-fire questions from anonymous sources. The governor couldn't type one reply without a multitude of interruptions. It was as if the governor appeared in public in a dark room without security, advisors, or a megaphone. He'd get drowned out by hecklers, just as he was online.
Your local newspaper editors should know better, especially when their guest and his encounter with the online world will be publicized. Next time, they should establish some filters, perhaps replacing chat with an email conference for the guest.
C1: I can answer the question from L.K. in last month's issue, about not being able to find 14.4 kbps in the software settings. For modems having:
Q: What kind of computer(s) are used to produce this magazine?
A: Most articles and artwork arrive via modems connected to our IBM-PC based BBSs, or through the Internet. Preliminary (plain ASCII) editing is done on PCs. All "final" production work (and all BBS databases) are done with on Apple Macintosh computers.
Page 5 had ads for the Travel Connection BBS, the Fun University Network (www.wbs.net), and the Terminal One, Weasel Den 2, and iNFormation Exchange BBSs.
Members receive a subscription to EFF's biweekly electronic newsletter, their quarterly hardcopy newsletter, and access to their BBS. Sysop members also get a special diskette with some of EFF's most popular resources, which can be posted for distribution, as well as ASCII and ANSI EFF membership screens. Sysops can also access EFF's (The Outpost) BBS and join their (FTN and QWK-format) echomail network.
The Major BBS v6.2 (Galacticomm, www.galacticomm.com):
Page 6 had ads for CCnet Communications and a2i Communications (www.rahul.net).
Skipjack (formerly called Clipper) is a method for scrambling digital telephone connections (both voice and data) to thwart snoopers. It has been promoted by two government agencies and if passed into law, it would require all government phone-based communication equipment to use a style of encryption developed by the military and kept secret from the public. The government would hold decoding keys in escrow to access encrypted phone traffic.
In trying to head off the arrival of privately-developed encryption products that would effectively prevent law enforcement from listening in, the government is proposing we (at first?) voluntarily use a single encryption method (Skipjack), with the keys to be kept in escrow by two unnamed agencies (either government or private). The administration proposes placing a computer chip in each product that operates over digital phone lines (modems, computers, phones & fax machines). The chip comes from the National Security Administration (NSA), which is chartered with listening in on phone conversations, here and abroad.
The first products to use Skipjack will be telephone security devices built by AT&T for the FBI, the IRS, and local law enforcement agencies, among others. As the government funds the National Information Infrastructure (the data superhighway), it will use Skipjack as the method for ensuring private, secure communications.
The second prong of the proposal lies in the Digital Telephony bill, which has not yet come before Congress. This bill gives law enforcement agencies the authorization to wiretap Skipjack-encrypted communications. The vagueness of the wording and the wiretap methodology have generated much controversy. The NSA refuses to divulge the detailed algorithm for Skipjack, another source of controversy.
The decryption keys for every Skipjack device in the country would be kept in escrow by two unnamed, independent agencies, either government or private. The idea is if a government agency wants to listen in to a particular Skipjack-encoded conversation, it would present evidence of lawful authority (a term not clearly defined) to the escrow holders. Once they have the decryption keys they can crack the code and begin listening to the subjects conversations, with the required help of the phone company that carries the transmission.
Like DES, Skipjack uses 64-bit blocks, and the chip supports all four DES modes of operation. Some consider Skipjack more secure than DES because the key size is 80 bits as compared with 56, and it uses 32 rounds of scrambling instead of 16.
Page 7 had ads for Hyperworks Macintosh Consulting Services, and Prestige PC Services.
Skipjack (formerly known as Clipper) is the popular name for an ill-advised encryption standard that the government is trying to force on all of us. The government will require all computers, modems, and phones it buys to include Skipjack technology.
Skipjack is opposed, nearly unanimously, by industry, watchdog organizations, and ordinary citizens. Despite this, the Clinton administration is pushing ahead with their original plans.
Pursuant to the Electronic Communication Privacy Act of 1986 (18 U.S.C. 2701 et seq.), notice is hereby given that there are no facilities provided by this system for sending or receiving private or confidential electronic communications. The operators of this BBS can read all messages left on this system, including Electronic Mail addressed to persons other than the system operators.
This message notifies the caller that email on that system is not private. It is the digital equivalent of a postcard: Anybody who handles the contents or manages the system usually can't help but read it. Would you send money, your credit card information, discussions of business negotiations, or intimate details of your love life via a postcard?
Your Sysop is not to blame for this lack of privacy. Many BBS packages lack the ability to keep messages private from the Sysop. Sysops are usually held responsible for what is placed on their systems. This situation mandates that Sysops preserve the ability to completely access any message on their system.
The nature of networked email is that it resides on many systems on its way to the destination. At any of those systems there are a number of persons with high-level system access. While most Sysops and system administrators are ethical and wouldn't edit your email without a user request, or to correct a mail routing problem, all it takes is one bad apple, and that person doesn't even have to be at your local site.
Some hobbyist networks, such as RIME and some FIDO nodes, explicitly forbid the use of digital encryption. I believe Sysops should be free to impose any policy that amuses them on their systems, as long as it is consistent with federal law. As callers, we can choose whether or not to patronize a BBS based on those policies. I don't patronize online systems that forbid the use of digital encryption. "Trust us" in terms of email privacy is not acceptable to me.
You can bet that foreign computers will be using RSA-based key encryption. The problem with Skipjack (or more properly, the technologies based on the Skipjack algorithm) is our government holds copies of all private keys from the manufacturers of computers, modems and phones. Europeans have no interest in Skipjack technology because the US government will be holding the keys.
The government agencies will turn over your key to any law enforcement agent who submits a request that says that there is a warrant for the key. The agent is not required to produce the warrant. The government has stated they will process these requests within a few minutes, once the system is in place and fully up to speed. This means that these requests cannot be checked for veracity. While wiretaps, in theory, will still require a warrant, an agent willing to lie to get a key isn't going to be worried about tapping a phone illegally.
Unlike other methods, critical parts of Skipjack's algorithm remain classified, suggesting there may be big problems with it. How big? I don't know. If the Skipjack algorithm is not secure, it isn't just dishonest cops or a rogue government agency you have to worry about. I wouldn't be surprised if within a year of Skipjack going into general use, a file called KRAKSKIP.ZIP starts appearing on BBSs with everything a 14-year old "hacker" (for lack of a better word) needs to tap your Skipjack-secured phone or to read your email.
Once it's out, that file will be online everywhere. The Feds and other police agencies will probably use the potential existence of that file as an excuse to harass quite a few US BBS Sysops, demanding access to make sure that nothing illegal is going on.
Suppose, after we've been Skipjacked and it's been cracked, that your credit gets attacked. What will you do when your account reports a mysterious one-way trip to the Cayman Islands, a nice computer system, and a few thousand dollars of spending money? The Feds will say the communications channels encrypted by Skipjack are secure, that the burden of proof to your credit provider is yours!
If Mr. Clinton has his way, our systems will be using Skipjack. Skipjack-based systems will not be compatible with the rest of the world, who will properly see our computers as security risks. Does the president think we can impose our encryption standards on the world?
How would you like to try selling a mainframe to the Italian government, telling your prospect, "Of course our machine is secure - we use Skipjack". The potential customer would laugh while security escorts you out of the building! If any potential customers don't know about Skipjack's origin, our competitors will be telling them in full-page ads. "Free spy in every American computer."
Will non-Skipjack methods of protecting your privacy become illegal? When asked, officials say, "Not at this time", using vague generalities. Can non-Skipjack methods of cryptography be made illegal? Probably. Can this be enforced? Very possibly, monitoring equipment could be used at telephone company central switches to sniff for forbidden crypto modes using pattern analysis, and could either block the messages, or store and forward them to the National Security Agency.
The justification used by the Clinton administration, the FBI, CIA, NSA, and other "spook shops" is that it'll help them catch drug dealers and terrorists. They go on to say that only stupid criminals will use their technology because it's known that the government can listen in. This basically is an admission that the only real reason for it is to allow the government to go on fishing expeditions in mailboxes and telephones for almost any reason.
"Big Brother Inside" is one way to describe this. This is the worst threat to civil liberties I've seen since the Nixon era. Skipjack could make impossible any political or religious organization the government doesn't like. When the government controls your communications, people can't talk to each other because it isn't safe.
Congress needs to be encouraged to yank any government funding for implementing the Skipjack program in any form. If you have Usenet access, read the alt.privacy.clipper newsgroup. If not, keep an eye on the press, both newspaper and trade. They are covering this critical issue closely. If your favorite computer magazine does not cover Skipjack, write or telephone or email them and demand that they do.
Complain to your congressperson over the phone and by mail. Don't talk privacy - talk loss of sales by US companies to foreign competitors due to Bill Clinton and the FBI's insistence on adding the electronic spy chip called Skipjack to US computers, phones and modems.
Also, tell your representative to vote YES on HR 3627, a measure allowing US companies to sell crypto technology overseas legally. Encryption is already widely available in most places in the world. Passing HR 3627 would damage the administration case for Skipjack even further. If you're writing, you might enclose a copy of this article.
Use a message title like "DUMP SKIPJACK" and a brief text message suggesting their continuing to push Skipjack will result in another GOP vote in '96 is all that's needed. These messages are counted - not read in detail.
Note - You can use Internet addresses to reach these folks through the major online services and several BBS networks such as FIDO. (Ask your Sysop/Customer Service representative how.)
You might contact the marketing departments at several computer makers and tell them that you won't buy anything with Skipjack built into it. This will give their lobbyists incentive to keep pushing.
While reading your encoded hard drive contents isn't impossible for the government or well-funded private investigative organizations, it will keep a thief out of the data on your hard disk, and the person who he sells it to, out of your secrets. DES isn't taken seriously by people outside of government. Companies generally use DES only when forced to, and this is one reason Skipjack is being promoted.
The fact that current versions of freeware PGP are produced in Europe is of no interest to the government. If you import PGP from a European site, do not email a copy to a friend outside the US, or make it available for anon-ftp on your system, unless you can restrict distribution to US-only. Make your international friends ftp the file themselves from a non-US site.
Page 8 had an ad for Arsenal Computer.
Page 10 had an ad for Liberty BBS (www.liberty.com)
Page 11 had ads for the Computer Training Center (www.ctetrain.com), and RGB Technology.