Re: New email could confound law enforcement

[Bill Stewart]

Ray - it looks like Disappearing Inc. has been disappearing.com
for about 1.5 years longer than you've been disappearing-inc.com.

In October 99, Maclen Marvit, the CEO of Disappearing, Inc.
spoke at the Cypherpunks meeting in San Francisco,
shortly after they had a front-page article in USA Today
(may have been business front-page, but it was still really
nice timing for a small startup to do their press release
on a slow news day :-)  And there was substantial discussion
of them and their service in the Cypherpunks mailing list.

Were you paying attention when you picked the name?
Or had the meme just been floating around long enough after
their announcement that it had gotten unstuck from its roots?
You probably ought to sell them the name at cost.


At 03:19 PM 9/25/00 -0400, Ray Dillinger wrote:
>Correction:  
>
>After a web search through USPTO, I find that there is another 
>company also named Disappearing Inc, on Howard street in San 
>Francisco. This is probably the company that was referred to. 
>
>To clarify:  I have done business as "disappearing inc", and I am 
>the owner of the domain name "disappearing-inc.com", which I have 
>not yet used.
>
>This pisses me off  now they'll probably try to evict me as 
>a cybersquatter.
>
>   Ray Dillinger


Thanks! 
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639

LEGAL CABLE TV DESCRAMBLER!!!

[thunder1974]

NOTE: THIS IS AN ADVERTISEMENT FOR LEGAL TV
   DE-SCRAMBLER IF YOU HAVE NO INTEREST IN THIS INFORMATION
PLEASE CLICK DELETE NOW.  THANK YOU--


LEGAL CABLE TV DE-SCRAMBLER

Want to watch Sporting Events?--Movies?--Pay-Per-View??

*This is the Famous R-D-O Shack TV Descrambler
You can assemble it from R-D-O Shack parts for about $12 or $15.

We Send You:
E-Z To follow Assembly Instructions.
E-Z To read Original Drawings.
The Famous R-D-O Shack Parts List.

PLUS SOMETHING NEW YOU MUST HAVE!

Something you can't do without.

THE UP-TO-DATE REPORT: USING A DESCRAMBLER LEGALLY



Warning: You should not build a TV Descrambler without 
reading this report first.

Frequently Asked Questions--CABLE TV DESCRAMBLER

Q: Will the descrambler work on Fiber, TCI, Jarrod 
and satellite systems? 
A: The answer is YES.  In respect to satellite, 
you just get more stuff! There is one exception:
 The descrambler will not work with DSS satellite.

Q: Do I need a converter box?
A: This plan works with or without a converter box.
  Specific instructions are included in the plans for each!

Q: Can the cable company detect that I have the descrambler?
A: No, the signal descrambles right at the box and does
   not move back through the line!

Q: Do I have to alter my existing cable system, 
television or VCR?
A: The answer is no!

Q: Does this work with my remote control?
A: The answer is yes.  The descrambler is 
manually controlled--but very easy to use!

Q: Can you email me the plans?
A: No the program comes with an easy to follow picture guide.

Q: Does this work everywhere across the country?
A: Yes, every where in the USA plus England,
 Brazil, Canada and other countries!

Q: When I order, when will I get my stuff?
A: We mail out all orders within 48 hours of receiving them.
 
 YOU SUPPLY A SELF-ADDRESSED, STAMPED, #10 LONG ENVELOPE, WITH
TWO-FIRST CLASS STAMPS.


Q: How much does it cost to get the instruction 
plans, the easy to follow diagram, and most
 important of all the Using a Descrambler LEGALLY.

A: You get the complete package all for just--$10.00
 (Cash, Check or Postal Money Order.)
(Arizona residents include 7% Arizona State Sales Tax)

(All orders outside the U.S.A. add $5.00)

ORDERS OUTSIDE THE US MUST BE IN THE FORM OF AN 
INTERNATIONAL MONEY ORDER PAYABLE FROM A US BANK OR US CASH!
NO POSTAGE COUPONS ACCEPTED!
FOREIGN CHECKS WILL BE RETURNED!

Q: How do I order?
A: Fill out form below and send it, along with your payment 
   AND YOUR SELF ADDRESSED STAMPED ENVELOPE to:

N Duran
PO BOX  8051
Mesa, AZ  85214-8051
   
MAKE CHECKS PAYABLE TO:  N Duran

PRINT YOUR:
   (orders without an envelope will be processed
up to 2 weeks later than complete orders)
 
NAME_

ADDRESS__

CITY/STATE/ZIP_







*N Duran is NOT ASSOCIATED in any way with RADIO SHACK. 
 Neither the design nor instructions were developed
 by, are sold by, or are endorsed by Radio Shack. 
 Parts for this fine-tuning device are available 
 at many electronics stores (including Radio Shack) 
 This is not a Radio Shack product.








**
All REMOVE requests AUTOMATICALLY honored upon receipt.

PLEASE understand that any effort to disrupt, close or block this
 REMOVE account can only result in difficulties for others wanting
 to be removed from our mailing list as it will be impossible to take
 anyone off the list if the remove instruction can not be received.

To be removed from our mailing list please
send an email to: [EMAIL PROTECTED]
and place remove in the subject
Thank you
*

GUARANTEED wat to instantly have EXCELLENT CREDIT!!

[michael]

Dear Friend,

Give yourself the ADVANTAGE of enjoying life more with EXCELLENT CREDIT!!
Over the past 8 years I have perfected a system called the Proven Credit 
Advantage Program. It's a guaranteed way for legally getting an excellent 
credit rating almost instantly. Here's how:

If you have bad credit you will simply go through my easy 5 step program 
to quickly get a new, legal, unblemished credit file and establish Excellent
Credit. If you don't have bad credit, but want to make your existing credit
EXCELLENT, we will go straight to STEP 5.

Step 1 - 
Because no two people in the United States have the same Social Security
Number, Banks and Creditors access your credit file almost entirely by your SS#.
You will not want to change your Social Security Number because it is extremely 
difficult to do so and you need it for your Employment, Taxes and Social 
Security Benefits. The FEDERAL PRIVACY ACT OF 1974 clearly states that only 
the Government and your employer can force you to use your SS#. Because of this
law you are allowed to legally use another 9 digit number to use in place of 
your Social Security # on credit applications. 

The first day you become our client, you will receive your own number through 
the Employer Identification Number Program. You will need us for this because 
95% of all Employer Identification Numbers, although 9 digits, do not look 
anything like Social Security Numbers and cannot be used on credit applications.
We will legally get you an Employer Identification Number that fits in the same 
range of Social Numbers in use today. Because the Federal Laws do not require 
you to give your SS# to anyone besides your Employer and the Government, you 
can now legally use this number in place of your SS# on credit applications. 
Remember, your new number will only be used for new credit. 

Step 2 - 
No two people with the same name have the same mailing address, so you will need
to obtain a new mailing address for use on your new credit file. A friend, 
relative or mailbox address in your area will be perfect.

Step 3 - 
No two people with the same name have the same telephone numbers, so you will 
also need a new telephone number for use on your new credit file. A friend, 
relative, voice mail or pager will again work perfectly.

Step 4 - 
With your new Social Security number, new address and new telephone number we
will open your new credit file. It will now be totally impossible for any 
creditor to know anything about your past credit history.

Step 5-
To guarantee that you will quickly have EXCELLENT CREDIT, we will assist you
in instantly adding UNLIMITED positive information to your credit file. This is an 
unknown way of adding real accounts to your new credit file to give you an 
Excellent Credit Rating in less than 30 days. As you know, the more positive 
information on your credit file, the more money banks will lend you. Countless 
clients of ours have credit lines over $100,000 because of our Proven Credit 
Advantage Program!

When we are finished you will receive a copy of your credit file proving that you 
now have excellent credit! This will take less than 30 days. You will now
be able to easily qualify for ANY credit you apply for! To be on the road to
EXCELLENT CREDIT simply send us your name, complete mailing address including 
zip code and telephone number (optional), along with a check or money order
payable to American Financial Services Inc. for $29.95. 

Send to: 
American Financial Services Inc.
Attn: Mike Robbins
311 N. Robertson Blvd. 
Suite 625
Beverly Hills, CA 90210

All necessary paperwork along with a telephone number to contact us for 
assistance will be priority mailed to you within 3 business days.

    RISK FREE DOUBLE YOUR MONEY BACK GUARANTEE!!  

My Proven Credit Advantage Program unconditionally guarantees you will qualify 
for personal loans, business loans, credit cards, auto loans, home loans and any
other credit you apply for!

If you are not able to qualify for credit after using my program, simply 
return your Proven Credit Advantage Program along with your denial letter and
your $29.95 investment will be refunded DOUBLE! That's a $59.90 refund if this
doesn't work like I say!

I make this guarantee to you because the Proven Credit Advantage Program has
already helped over 15,000 people just like you. I KNOW it works - all you need 
to do is sign up TODAY! I truly look forward to making you another SATISFIED CLIENT!!

Yes! I deserve excellent credit. Please enroll me in the Proven Credit Advantage 
Program. Enclosed is my check/money order for $29.95. The following information
is for our records only and does not need to be your new credit file information.

First Name__

Last Name

Address__

City_

State___

Re: free speech children michigan law

[Steven Furlong]

Tim May wrote:
> 
> At 9:23 PM -0400 9/27/00, Steven Furlong wrote:
> >

Tim:
> >  > The point being that civil cases for damages should not be allowed
> >>  for NONCRIMINAL issues. That is, a "matter of law" should be involved.

> >So, you're setting yourself up as the sole arbiter of the right? No
> >person or group in history has been able to set up a legal or moral code
> >which would fit all situations with no need for judgment, so you might
> >want to question your capability.
> 
> I see that Greg Broiles has already made the main points, that
> lawsuits must hinge on a "matter of law." It is not enough that
> someone feels aggrieved--there must be some element of criminality
> involved. Hence my example of the bookstore owner who feels
> "aggrieved" that another bookstores hurt his business: there is no
> basis for a lawsuit, and a competent judge will quickly throw the
> case out.

Right. And if the bookstore owner had to pay a few $K for the court
costs and the other store's legal costs, in addition to his own legal
expenses he'd be unlikely to file the claim in the first place unless he
really felt he had a good case.

The current American system is abused because there's almost no
incentive _not_ to file frivolous claims. You get a lawyer to work on
spec, pony up a small filing fee, and you can tie up the court for a few
hours and cost your opponent a few thousand dollars.


> >Any person should have recourse to systematic (to avoid the word
> >"legal") relief if he feels aggrieved.
> 
> Many people feel aggrieved, for many and diverse reasons.
> 
> Courtrooms are not the answer for about 99% of these cases.

No argument there.


> I'm not bothering with the rest of your post.

You ignored the question I asked: If one party to a contract breaks it,
what is the other party to do? Breaking a contract is not normally a
crime, so it sounds like you would have the second party have to simply
put up with the broken contract.



(diminishing) Regards,
SRF

-- 
Steve Furlong, Computer Condottiere Have GNU, will travel
   518-374-4720 [EMAIL PROTECTED]

Choate physics again

[A. Melon]

>By the time the coherent radiation (needed to make an image) passes

Were not talking holograms, Jimmy-boy

Re: free speech children michigan law

[Steven Furlong]

Greg Broiles wrote:
> 
> At 09:23 PM 9/27/00 -0400, Steven Furlong wrote:
> >You claim that the man's swearing at the woman didn't violate any law,
> >so she can't sue. That's probably false under Michigan criminal law
> >(anti-cussing law and disturbing the peace, according to the DA; I don't
> >say I agree with it)
> 
> Hmm, maybe wait on this until you've had con law and read _Cohen_, the
> "fuck the draft" case. There are a number of unenforceable "breach of
> peace" laws on the books that are neither repealed nor enforceable against
> someone who's current on constitutional law.

You're right, but I'm not sure of the point you're making. No one here
seems to think the cusser actually broke any laws, or at least any
enforceable laws.


> >  The
> >question is, at what point do you draw the line between those extremes
> >to say that some people can sue for damages and some can't? That is what
> >the jury system is for: to decide on a case-by-case basis.
> 
> Also, I think this may go a little too far - in a number of cases, there's
> no recovery available - as a matter of law, which means it's a judge's
> decision, not a jury's - because of the type of injury, the relationship
> (or lack thereof) between the litigants, and so forth. There are a lot of
> fussy rules here - juries don't get to just have a popularity contest and
> give the money to whomever they feel sorry for.

Right. Even a 1L knows that. :-)  I was simplifying. And the thread has
been mingling the current American legal system, Tim's ideal system, and
my ideal system, without always clearly demarking them.

Also, I think the evidence shows that at least in some cases American
juries ignore evidence and law and (in my opinion) justice and award
whatever they want. McDonald's coffee and that tobacco case in Florida
come to mind. True, only the outrageous cases come make the headlines,
and true, the awards are usually knocked down or thrown out at the
appelate level, but still.

To get back on my favorite legal hobby-horse, I think that a loser-pays
system would keep a lot of the truly frivolous cases from being filed.
That should free up enough of the courts' time that they can give proper
attention to the cases that do make it in.


> And, don't forget, the RoC does this with .. laws. The idea that
> governments will create systems by which their power can be turned against
> themselves (but only in the service of goodness & righteousness) is an
> attractive siren song .. I'm not saying it never works, but it seems to
> happen less often than one might imagine.

Right. Which is why it's useful to work within the system and try to
help on specific cases rather than whine about the current system and
refuse to play in it.


> While I have a lot of respect for the _Bernstein_ legal team, I suspect
> that John Gilmore's DES cracker did more to end export controls than
> litigation did. That's not because the lawyers didn't work hard (they did,
> and still are) or because they're not smart (they are) but because it's
> possible for politicians and policy wonks to argue forever about the merits
> of export control, but they can't do much about simple facts, like $225K
> buys a 5-day brute force crack of 56-bit DES. Case law and statutes come
> and go (especially in the 9th Circuit) .. but technological and economic
> facts like that aren't susceptible to argument.

Hmm. Good point. I'd been thinking of the "technology trumps laws"
argument in terms of what I described in my previous message: the
slashdotters nattering about how the net routes around censorship and is
therefore invulnerable to government action. (Extremely simplified
presentation, of course.) But before I completely concede the point,
I'll wait for further developments in the
NSA-versus-the-crypto-companies thread.


Regards,
SRF

-- 
Steve Furlong, Computer Condottiere Have GNU, will travel
   518-374-4720 [EMAIL PROTECTED]

Re: Choate physics again

[Michael Motyka]

>>By the time the coherent radiation (needed to make an image) passes
>
>Were not talking holograms, Jimmy-boy
>
It is fun isn't it?

I think what he was trying to convey were the effects of reflection,
absortion and diffusion. Without having tried one of these devices or
knowing what wavelengths they use or the characteristics of building
materials at these wavelengths all I have is a gut feeling that says
you'll get not so much images as locations. He's probably right about
the windows being the primary vulnerability.

Next time I'm at Home Debit I'm going to see if they sell more kraft
paper or foil-faced insulation. Seems to me the foil is less common than
it used to be. Is this a new conspiracy? Fibreglass-AG?

So, if you're expecting to be raided and you don't want the fuggers to
know where you are, keep the house at about 95. That should help. For
about 15 seconds.

If you have an illicit heat source insulate it, cool it with water and
dump the heat down the drain or on the yard.

Mike

Re: police IR searches to Supremes

[Michael Motyka]

>
>On Wed, 27 Sep 2000, Richard Fiero wrote:
>
>>One could argue that all electromagnetic radiation is in the public
>>domain and receivable. However it is illegal to have equipment capable
>>of receiving cell phone conversations because the rights of the
>>telephone company and the rights of the conversants could be violated.
>
>That is one part of legislation I find completely unbelievable. I view it as
>a case of people having far too high expectations of privacy which shouldn't
>be kept up artificially.
>
>Sampo Syreeni <[EMAIL PROTECTED]>, aka decoy, student/math/Helsinki university
>
No expectation of privacy is too high. Just as the police are
"artificially" allowed to spy on people by being funded through public
monies that allow them manpower and equipment, they can be
"artificially" commanded to piss off. One artifice deserves another.

Allowing selective use of technology does seem to be a bad idea - it's
usually the authorities who are selected as allowed and anyone else
incarcerated after being economically destroyed. If we allow IR imaging
without restriction there will be legal precendents required and even
some economic benefits.

The fact of a higher than average electric bill or a heat source unlike
heat sources in similar buildings must be found to be evidence of
nothing beyond the use of electricity and subsequent generation of heat.
Zero justification for a search warrant.

The benny will be a whole new industry to make clothing with a high
metallic content. This would also work as a counter to the mm wave
imaging that has been around since the 80's and seems to be going
mainstream.

Mike

Re: Lions and Tigers and Backdoors, oh, my...

[Michael Motyka]

> On Wed, 27 Sep 2000, David Honig wrote:
> 
> >Modularity *is* useful for keeping things simple enough to analyze, but
> >isn't a library with a well-defined API sufficient?
> 
> This sort of highlights how the current models of shared code fail. A good
> deal of modularity and independence of cryptography implementations (what
> Tim probably drives at with his comment of making life too easy for Three
> Letter Agencies) could be achieved with proper shared libraries with well
> thought out APIs. Only DLLs and alike aren't quite stable enough to be used
> for such heavy inter-vendor use. If they were, the massive single function
> apps could be implemented as lighter wrappers around them and modularity
> would be maintained, all without compromising ease of use. There would be
> security considerations in using someone else's library, yes, but a proper
> authentication architecture and/or open source development could be used to
> alleviate those. Too bad M$ does not place a lot of weight on such design
> considerations, instead pushing its own centralized model.
> 
> Sampo Syreeni <[EMAIL PROTECTED]>, aka decoy, student/math/Helsinki university
> 
You're running these crypto modules on an MS OS? Plaintext is entered
via the PC HW/MS Drivers and then exists in memory on the MS system?
This probably describes the environment for most users, though not
necessarily most of those on this list. So why run any crypto at all? On
Linux, maybe, unless you installed a binary that was compromised or
there is a keyboard logger built into the chipset. But on MS it is
probably wasted cycles. Unless it gives you a warm fuzzy feeling, I
guess. Maybe I'm just paranoid.

Mike

US spy software could devour RIP

[anonymous]

È David Ludlow and Liesbeth Evers, Network News , Wednesday 27 September 2000

Developers in the US have uncovered a way of snubbing the American equivalent of the 
Regulation of Investigatory Powers (RIP) Bill, prompting speculation that a similar 
system could be introduced into the UK. 

The US government's software, called Carnivore, is installed on ISP networks to 
enforce court orders calling for electronic monitoring. 

Operating in a similar way to commercial so-called sniffers, Carnivore looks at all 
data on a network, throwing away information that is not contained by the court order. 
For example, it could capture emails to and from a specific account.

Until now, only the FBI knew how the product worked. Hiding behind claims that 
Carnivore was partially based on commercial software, and that hackers could find a 
way to circumvent it, the FBI refused to open the source code.

But its attempts at secrecy have backfired, after a company called Network Ice 
released the source code for a rival product, altivore.c (www.networkice.com/altivore).

The code complies with the requirements for Carnivore, and is a legal substitute in 
the case of a court order. By making it open source, Network Ice has shown how the 
software works, and how public privacy can be maintained.

The UK's equivalent of Carnivore is a black box that, under the RIP Bill, will be 
placed at ISP premises to monitor emails. It is unclear whether it will be a mandatory 
device, which will leave the public suspicious of what it does, or an open source 
device that meets a defined technical description.

Security analyst Peter Williams, of DataCheck Consultants, said that if the technology 
can be developed in the US there is no reason why it could not be used to scupper the 
RIP in the UK. "The government didn't really think through the technology for this," 
he said.

A Home Office spokesman said that the government intends to discuss the matter with a 
technical advisory board.

First published in Network News 

This article is available online at http://vnunet.com/News/717

Re: police IR searches to Supremes

[Harmon Seaver]

  I'm having a very difficult time comprehending how plant
lights could even remotely be construed as "probable cause" -- don't the
courts have any idea of the millions of little old ladies (and whoever)
who use plant lights for their house plants? Or of the multitudes who
use them to jump start gardens every Spring, or the many who actually
grow veggies hydroponically in their basement?



--
Harmon Seaver, MLIS Systems Librarian
Arrowhead Library SystemVirginia, MN
(218) 741-3840  [EMAIL PROTECTED]  http://harmon.arrowhead.lib.mn.us

Re: Lions and Tigers and Backdoors, oh, my...

[David Honig]

At 01:51 PM 9/28/00 -0400, Michael Motyka wrote:

>You're running these crypto modules on an MS OS? Plaintext is entered
>via the PC HW/MS Drivers and then exists in memory on the MS system?
>This probably describes the environment for most users, though not
>necessarily most of those on this list. So why run any crypto at all? On
>Linux, maybe, unless you installed a binary that was compromised or
>there is a keyboard logger built into the chipset. But on MS it is
>probably wasted cycles. Unless it gives you a warm fuzzy feeling, I
>guess. Maybe I'm just paranoid.
>
>Mike

One very common security model is that the security perimeter includes
the PC and you're only concerned with transmission interception.  

MS is swiss cheese but most OS have some weakness in many configs.

How many people actually look at the source of the code they
install on *nix machines???  How many of those who do are actually qualified
to do security reviews?  Cf. recent PGP bugs.

If you're really worried you'd use a sealed PDA (that you can control at
all times) to capture/render and the PC is just for transport.  [This
applies Tim's modularity argument to hardware.]

I'd consider a Starium unit a dedicated PDA in this context.

Of course, both PDA and Starium remain succeptible to shoulder surfing, bugs, 
your windows modulating a laser, etc.

dh








  

visor phone vs. starium?

[A. Melon]

from the clueless dept:

Why would I want a PDA-phone hybrid?

   Why do I have the uneasy feeling the newly announced
   Motorola/Palm product, due in 2002, may end up combining
   everything Palm knows about cell phones with everything 
Motorola knows about personal
   organizers?

   Is it that none of the current devices even 
comes close to being useful
   for most people who already own a cell phone 
and a PDA? Dont
   take my word for it: Check out the MobilePlanet 
and iGO catalogs,
   where the latest wireless wonders are all on 
display. Sure, theyre
   cool, but are they useful?

   And how about those new devices that are 
supposed to turn Palms
   and Visors into cell phones? Give me a break -- 
Im supposed to talk
   into something that looks like that? How useful 
can the combination
   really be? Cool? Yes. Practical? Hardly. And 
$299 seems a bit steep.

   Is this really necessary?

http://dailynews.yahoo.com/h/zd/2926/tc/keep_your_phone_off_my_palm__1.html


The real issue will be power consumption vs. mips for
crypto.  And user interfaces.

digsig frenzy follies

[A. Melon]

The label "digital signature" for
nonrefutable cryptostrong sigs 
is going down in flames. A DTMF
pulse counts as a signature Oct 2. 

Tuesday September 26 09:15 PM EDT
   E-signatures for 30 million laptops 

   By Ben Charny, ZDNet News

   Touchpad maker Synaptics Inc. will bundle digital signature
   software with its newest products and make updates
   available to existing users.

   Touchpad maker Synaptics Inc. has announced a deal that could 
create electronic
   signatures for more than a third of the laptops on the planet.

   The company said Tuesday it will begin to bundle its touchpads, 
which are used on roughly
   40 percent of the worlds laptops, with digital signature 
software from Silanis Technology
   Inc. of Montreal.

   Owners of an estimated 30 million laptops that 
use Synaptics
   touchpads can also download a free version of 
the Silanis ApproveIt
   software from either the Silanis or Synaptics 
Web sites.

   The deal is one of the first of several product 
announcements
   expected prior to Oct. 1, when the Electronic 
Signatures in Global and
   National Commerce Act takes effect. The new 
federal law makes
   electronic signatures legally binding.

   Jupiter Communications senior analyst James Van 
Dyke said the deal
   answers a piece of the electronic signature 
problem, including
   distribution.

   Van Dyke said a bigger problem is the current lack of standards 
for electronic signature
   makers.

   "Its a good move for Synaptics, it will only cost a little and 
it puts them in a good position,"
   he said. "But, we are going to be in standards hell for a 
while. You can feel the flames."

   Shipping in 2001

   The first e-signature enabled touchpads will be shipped to 
Synaptic users such as Apple
   Compaq, Dell, Gateway and Hewlett Packard sometime next year, 
said Synaptics
   spokewoman Mariel Van Tatenhove.

   The software embeds a signature token into a document. Inside 
the token are the guts of a
   digital signature, including a time stamp and the public and 
private keys. It also will include a
   digitized version of a users handwritten signature. The 
signature will appear on the
   document.

   The software to be bundled on Synaptics touchpads is a stripped 
down version of
   ApproveIt, which normally allows from multiple signatures on 
the same document. But the
   bundled software will only allow for a single signature on 
Microsoft Word and Excel
   documents.

   The software available on the websites is called OnSign, which 
Synaptics introduced in July.
   It works for Word documents. It too only lets one signature per 
document.

   The OnSign software has been downloaded more than 65,000 times 
since its introduction
   July 5, said Silanis spokesman Mary Ellen Power.

   By years end, she expects more than 100,000 downloads. The site 
is averaging a download
   every two minutes, she said.

http://dailynews.yahoo.com/h/zd/2926/tc/e-signatures_for_30_million_laptops_1.html

Re: police IR searches to Supremes

[Tim May]

At 3:10 PM -0400 9/28/00, Harmon Seaver wrote:
>   I'm having a very difficult time comprehending how plant
>lights could even remotely be construed as "probable cause" -- don't the
>courts have any idea of the millions of little old ladies (and whoever)
>who use plant lights for their house plants? Or of the multitudes who
>use them to jump start gardens every Spring, or the many who actually
>grow veggies hydroponically in their basement?
>

Beside the point, from their point of view.

"Probable cause" is a an excuse, not a requirement to act. Meaning, 
if they subpoena the records of Alice's Hydroponics or Bob's Lamp 
Shop and discover that the purchases were made by a little old lady, 
they don't _have_ to launch a S.W.A.T. raid and call in the napalm 
strikes.

But if they cross-correlate the list they get from the subpoenaed 
records with other lists they have, they may find some ripe targets 
for a raid.

Similar to what happened here in Santa Cruz County, where a 
Soquel-based hydroponic company had its parking lot staked out by 
narcs with binoculars. Likely-looking perps (long hair, VW vans, 
whatever) entering the store had their license plates recorded. The 
home addresses were quickly found. A few months later the electric 
company had its billing records subpoened. Those who had shown a 
nonseasonal jump in electricity usage following their visits to the 
hydroponics store were considered for raids. Several folks were 
raided.

(Apparently no shoot outs with the narcs, as these were mostly 
hippy-dippy potheads, no doubt afraid of having babyklling assault 
weapons.)

By the way, imagine what Big Bro will be able to do by further 
cross-correlating these lists with lists of rifle owners (courtesy of 
our new gun registration laws), and with other records. No wonder 
Oracle is selling so much software to LEAs.

--Tim May
-- 
-:-:-:-:-:-:-:
Timothy C. May  | Crypto Anarchy: encryption, digital money,
ComSec 3DES:   831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
"Cyphernomicon" | black markets, collapse of governments.

no fedbucks means freedom

[A. Melon]

"Because the school accepts no government aid and prohibits its students from doing 
the same, it
has the right to discriminate on the basis of religion."

from a story http://www.newsday.com/ap/text/national/ap170.htm
about a college for home-schoolers.

Re: why govt subsidized arenas
have to be neutral wrt who you kiss, a
recent thread here.

Along those lines, two more recent refs: one where
a govt school cuts off the Scouts,
another where a county doesnt and
gets sued.

http://dailynews.yahoo.com/h/xnyap/2927/lo/brf_boy_scout_ban_1.html
 District Ends Boy Scout Affiliation 

   NEW YORK (AP) - A Manhattan school board has banned its
   42 schools from sponsoring Boy Scout troops because the
   90-year-old national organization excludes gays.

   The board of Community School District Two passed the
   resolution at a meeting Tuesday night, becoming the first 
district
   in the city to enact such a ban.


http://www.latimes.com/editions/orange/2927/t91530.html
Scouts Lease on Base Extended 
 ACLU, gays claim rent-free access 
to Newport Beach site is a government
   subsidy for a discriminatory group. 

   By DAVID REYES, Times Staff Writer


Over objections from the gay 
and lesbian community and the threat of an
   ACLU lawsuit, Orange County 
supervisors Tuesday unanimously approved a
   30-year extension of the Boy Scouts 
lease on a Newport Beach sea base under
   county authority. 
"This is good news for 
everybody in Orange County," said David Janes, a sea
   base volunteer and retired Navy 
rear admiral, after the boards vote. 
About 35 Scouts, their parents 
and Scout leaders attended the meeting in a
   show of support for the rent-free 
extension of the base lease, beginning in 2006.
   The Scouts have operated the base 
for 63 years and recently raised $4.5 million to
   renovate the popular facility. 
Opponents of the lease renewal 
argued that the county should not "subsidize" a
   group that discriminates against 
people because of sexual orientation. 
"It is clear that the Boy 
Scouts do not have the right to receive any
   government subsidies, sponsorship 
or special privileges, such as sweetheart deals
   on rent of government lands and 
buildings," said Martha Matthews, an attorney
   for the American Civil Liberties 
Union. 
The ACLU recently sued San 
Diego in federal court over a lease of public
   parkland to the Scouts for $1 a 
year. 
In response to a question 
Tuesday by Supervisor Todd Spitzer about whether
   the ACLU intends to sue Orange 
County, Matthews said, "Its likely that we
   would." 
Another great quote: 

The only thing different is you dont have to dumb down the vocabulary when youre 
teaching
home-schooled kids, said Farris, a Republican nominee for lieutenant governor in 1993 
and
founder of the Home School Legal Defense Association.

Re: Lions and Tigers and Backdoors, oh, my...

[Tim May]

At 3:03 PM -0400 9/28/00, David Honig wrote:
>
>One very common security model is that the security perimeter includes
>the PC and you're only concerned with transmission interception. 
>
>MS is swiss cheese but most OS have some weakness in many configs.
>
>How many people actually look at the source of the code they
>install on *nix machines???  How many of those who do are actually qualified
>to do security reviews?  Cf. recent PGP bugs.
>
>If you're really worried you'd use a sealed PDA (that you can control at
>all times) to capture/render and the PC is just for transport.  [This
>applies Tim's modularity argument to hardware.]

I'm somewhat surprised that this PDA approach is not more 
available..we talked about when some of us had Newtons, oh, six or 
seven years ago. Then the Palm came out, and a bunch of folks use 
that (I have a Visor, which is Palm OS-compatible).

The Bluetooth wireless developments of the next few years should be 
interesting. It should be quite feasible for secure local 
transmissions to be used. (Yeah, IR is available now, and USB, and 
serial, whatever. But having a small PDA or WebPad communicate 
seamlessly with a "transport machine" (PC, workstation) opens up new 
options.

An obvious niche product would be this: a wearable (necklace, 
wristwatch, etc.) security product with low-power processing and with 
Bluetooth links to nearby devices. Zero knowledge approaches, so that 
this dongle would authenticate without ever actually providing 
passwords. A small keypad could be included for the user to 
periodically punch in passwords; or a fingerprint (or retinal print, 
down the road) system.

Probably a more realizable product would be incorporating this into a 
PDA like the Palm, Visor, iPAQ, etc. Then the user could read and 
compose messages on his PDA without ever using the local PC or 
workstation.

(And, frankly, I expect that by the 2002 games nearly every athlete 
or journalist at the games will have his own wireless solutions with 
him, so the point is moot. Certainly any would-be terrorists will 
have thought about security issues and will have taken steps. 
Catching terrorists by tapping their public kiosk messages seems 
far-fetched.)

There are several levels of physical security:

1. Secure PDA, or dongle, or necklace (with something like Dallas 
Semicon. chips). Ideally, running a zero knowledge authentication 
system (so keys are never in the transmission channel).

2. Less secure, but still common: PC or workstation under the control 
of one person. This is the model most of us, probably, are using. (I 
say "less secure" than #1 only because it is likely easier to 
surreptitiously install backdoored software or sniffers than with the 
more limited options for PDAs and dongles. Though even PDAs and 
dongles could be affected.)

3. Less secure still: PC or workstation is accessible to others. 
Others who could install keyboard sniffers, altered versions of 
software, etc.

4. Least secure: "Olympic Village Convenience Stations" and similar 
sorts of public access terminals and kiosks.

That _anyone_ is blathering about how these Olympic Village kiosks 
will expose users to key and passphrase snatching is symptomatic of 
how people just don't get it. No doubt some are going to be pushing 
for "laws to protect users at public kiosks."

(Which will be supported by Law Enforcement and their allies, as this 
plays right into their hands.)

--Tim May
-- 
-:-:-:-:-:-:-:
Timothy C. May  | Crypto Anarchy: encryption, digital money,
ComSec 3DES:   831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
"Cyphernomicon" | black markets, collapse of governments.

IR "TEMPESTING" (was Re: police IR searches to Supremes)

[sunder]

Richard Fiero wrote:
> 
> One could argue that all electromagnetic radiation is in the public
> domain and receivable. However it is illegal to have equipment capable
> of receiving cell phone conversations because the rights of the
> telephone company and the rights of the conversants could be violated.
> IR equipment is capable of seeing far more from outside a house than
> just the wall temperature. This kind of surveillance is clearly
> invasive, in my opinion.

Certainly gives a new twist to TEMPEST. I suppose now if you wanted to
tempest your home, you'd additionally have to install randomly "blinking"
heat generators.

Hmmm, something like a big grid of resistors where they get turned on and
off at random.

You might want the resistors to spell out "Mind your own business, pigs!"
when viewed with a thermal device, but of course this kind of thing will 
only attract their attention.

You could also use peltier coolers, but they generate heat on the other 
side.

Another option would be to get big huge water circulators and call it
art - there are a few restaurants here in NYC where they have water 
running over glass panes.  It's a nice calming waterfall effect. :)

-- 
--Kaos-Keraunos-Kybernetos---
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
[EMAIL PROTECTED] http://www.sunder.net 

IR "TEMPESTING" (was Re: police IR searches to Supremes)

[Steven Furlong]

sunder wrote:
> Another option would be to get big huge water circulators and call it
> art - there are a few restaurants here in NYC where they have water
> running over glass panes.  It's a nice calming waterfall effect. :)

That's a good idea. It should stop the laser-off-the-windows accoustic
snooping, too.

-- 
Steve Furlong, Computer Condottiere Have GNU, will travel
   518-374-4720 [EMAIL PROTECTED]

Re: Bad Coding Practices

[Steve Furlong]

Steven Furlong wrote:
> Now, I think your general point is right, that it would be somewhat
> difficult for a subverted programmer to insert deliberately broken
> crypto, and a very bet to expect it to stay in for any length of time.
^---
> However, if the privacy software companies operate anything like the
> companies I've worked for or consulted at, it could well happen.

Duh, that's supposed to be "very bad bet".

Also, I should note that an ISO-900x shop will have procedures that
should be followed for all aspects of development. The procedures aren't
a cure-all, but they do make surreptitious bad behavior much less
likely. Alas, not many software shops have ISO-900x certification.

-- 
Steve Furlong, Computer Condottiere Have GNU, will travel
   518-374-4720 [EMAIL PROTECTED]

National Biographical Foundation-check it out.

[gotmilk00]

To:  First Name, Last Name 
 Congratulations, your have been recommended to the
 National Biographical Foundation
 for inclusion in the 2001 edition of  the America's Top One Thousand *. 
Inclusion is absolutely free. 
Please help us record your achievements, by submitting your
 application without delay.  Http://www.nationalBio.org
Respectfully,
Michael  N. Mathews
Managing Editor  

 * I kindly ask that you reply immediately. 
   Inclusion is limited to one thousand  per category. 
 

Re: Rebirth of Guilds

[Sampo A Syreeni]

On Wed, 27 Sep 2000, Jim Burnes wrote:

>Guy likes a girl.  Wants to have sex with her.  She doesn't like him
>and does not want to associate with him because he's a boor,
>unintelligent, ugly whatever.  She shuns him (as does every other
>woman in the village).

Shunning is rarely a problem if it's not concerted. Then it can be a great
problem indeed. If, and only if, it is, you have harm to the basic rights of
a person and you can establish causality, we are on a fine line. I *am*
sensible enough not to confuse satisfying arbitrary whims with e.g. keeping
someone alive.

Sampo Syreeni <[EMAIL PROTECTED]>, aka decoy, student/math/Helsinki university

Re: police IR searches to Supremes

[Sampo A Syreeni]

On Wed, 27 Sep 2000, jim bell wrote:

>You probably don't understand how this IR technology works.

I do, actually. It's not all that complicated.

>Now, American police are supposed to work on the standard of "probable
>cause."  While, thank heaven, I'm not a lawyer, I have experience with the
>high level of dishonesty in various police-type organizations in America.
>"Probable cause" OUGHT to mean that the police have determined that, more
>likely than not, a crime is being committed as evidenced by a particular
>piece of evidence.  But evidence of a warm house is just and only that:
>Evidence of a warm house.

I was neither defending a raid based on IR imaging (which I think is
reprehensible behavior, akin to racial profiling), just as I'm not
advocating extended police powers in case of drug offences (I *am*, after
all, an abolitionist).

Sampo Syreeni <[EMAIL PROTECTED]>, aka decoy, student/math/Helsinki university

Re: Lions and Tigers and Backdoors, oh, my...

[Sampo A Syreeni]

On Wed, 27 Sep 2000, David Honig wrote:

>Modularity *is* useful for keeping things simple enough to analyze, but
>isn't a library with a well-defined API sufficient?

This sort of highlights how the current models of shared code fail. A good
deal of modularity and independence of cryptography implementations (what
Tim probably drives at with his comment of making life too easy for Three
Letter Agencies) could be achieved with proper shared libraries with well
thought out APIs. Only DLLs and alike aren't quite stable enough to be used
for such heavy inter-vendor use. If they were, the massive single function
apps could be implemented as lighter wrappers around them and modularity
would be maintained, all without compromising ease of use. There would be
security considerations in using someone else's library, yes, but a proper
authentication architecture and/or open source development could be used to
alleviate those. Too bad M$ does not place a lot of weight on such design
considerations, instead pushing its own centralized model.

Sampo Syreeni <[EMAIL PROTECTED]>, aka decoy, student/math/Helsinki university

Re: police IR searches to Supremes

[Sampo A Syreeni]

On Wed, 27 Sep 2000, Richard Fiero wrote:

>One could argue that all electromagnetic radiation is in the public
>domain and receivable. However it is illegal to have equipment capable
>of receiving cell phone conversations because the rights of the
>telephone company and the rights of the conversants could be violated.

That is one part of legislation I find completely unbelievable. I view it as
a case of people having far too high expectations of privacy which shouldn't
be kept up artificially.

Sampo Syreeni <[EMAIL PROTECTED]>, aka decoy, student/math/Helsinki university