****************************************************************** ////////////// ////////////// ////////////// /// /// /// /////// /////// /////// /// /// /// ////////////// /// /// ****************************************************************** EFFector Online Volume 5 No. 4 3/19/1993 editors@eff.org A Publication of the Electronic Frontier Foundation ISSN 1062-9424 389 lines -==--==--==-<>-==--==--==- In this issue: Victory in the Steve Jackson Games Case EFF Pioneer Award Winners for 1993 Issues for K-12 Access to the Internet -==--==--==-<>-==--==--==- STEVE JACKSON GAMES WINS LAWSUIT AGAINST U.S. SECRET SERVICE A games publisher has won a lawsuit against the U.S. Secret Service and the federal government in a ground-breaking case involving computer publications and electronic mail privacy. In a decision announced in Austin, Texas, on March 12, Judge Sam Sparks of the federal district court for the Western District of Texas announced that the case of Steve Jackson Games et al. versus the U.S. Secret Service and the United States Government has been decided for the plaintiffs. The plaintiffs, which include Steve Jackson, the company he founded, and three users of the company's bulletin board system (BBS), sued the government on claims that their statutory rights to electronic mail privacy had been violated when the BBS and other computers, disks and printouts were seized by the Secret Service as part of a computer crime investigation. These rights are protected under the Electronic Communications Privacy Act (ECPA), which extended most of the protections of the federal Wiretap Act ("Title III") to electronic mail. Jackson and his company also claimed violations of the Privacy Protection Act of 1980, a federal law designed to limit searches of publishers in order to protect their First Amendment rights. Mitch Kapor, founder and chairman of the board for the Electronic Frontier Foundation, the public interest/civil liberties organization that has underwritten and supported the case since it was filed in 1991, said he is pleased with the decision. "This decision vindicates our position that users of computer bulletin board systems are engaging in Constitutionally protected speech," Kapor said. "This decision shows that perseverance pays off," he added. "We've been at this for almost three years now, and we still don't know if it's over -- the Justice Department might appeal it." Nevertheless, Kapor said he is optimistic about the case's ultimate outcome. Judge Sparks awarded more than $50,000 in damages to Steve Jackson Games, citing lost profits and violations of the Privacy Protection Act of 1980. In addition, the judge awarded each plaintiff $1,000 under the Electronic Communications Privacy Act for the Secret Service seizure of their stored electronic mail. The judge also stated that plaintiffs would be reimbursed for their attorneys's fees. The judge did not find that Secret Service agents had "intercepted" the electronic communications that were captured when agents seized the Illuminati BBS in an early morning raid in the spring of 1990 as part of a computer crime investigation. The judge did find, however, that the ECPA had been violated by the agents's seizure of stored electronic communications on the system. The case was tried in Austin, Texas, by the Austin-based media law firm George, Donaldson & Ford, with case assistance provided by the Boston, Massachusetts, law firm of Silverglate & Good. Pete Kennedy, the lawyer from George, Donaldson & Ford who litigated the case, calls the decision "a solid first step toward recognizing that computer communications should be as well- protected as telephone communications." Kennedy also said he believes the case has particular significance for those who use computers to prepare and distribute publications. "There is a strong indication from the judge's decision that the medium of publication is irrelevant," he said, adding that "electronic publishers have the same protections against law enforcement intrusions as traditional publishers like newspapers and magazines. All publishers that use computers should be heartened by this decision. It indicates that the works-in-progress of all types of publications are protected under the Privacy Protection Act. "The case also demonstrates that there are limits on the kinds of defenses law enforcement agents can use, Kennedy said, noting that "the judge made it very clear that it is no excuse that the seizure of draft material for publication held on a computer was incidental or accidental." Mike Godwin, an attorney for the Electronic Frontier Foundation who has worked on the case since 1990, said he is pleased with the scope of the decision. "This case is a major step forward in protecting the rights of those who use computers to send private mail to each other or who use computers to create and disseminate publications." -==--==--==-<>-==--==--==- SECOND ANNUAL EFF PIONEER AWARDS On March 10, at the Computers, Freedom and Privacy Conference in Burlingame, California, the Electronic Frontier Foundation presented its Second Annual Pioneer Awards to five recipients who were judged to have made significant and influential contributions to the field of computer-based communications. The 1993 Pioneer Award recipients were Paul Baran, Vinton Cerf, Ward Christensen, Dave Hughes and the USENET software developers, represented by the software's originators Tom Truscott and Jim Ellis. Nominations for the Pioneer Awards were carried out over national and international computer-communication systems from November 1992 to February 1993. A panel of four judges selected the winners from these nominations. The Pioneer Award Recipients Paul Baran was the original inventor of the notion of packet switching, a technology of fundamental importance to data networks. Packet switching makes possible the efficient and simultaneous transmission of many messages from many sources to many destinations over the same circuit. Mr. Baran's innovations in other and related technologies have led him to co-found a number of companies in Silicon Valley including Telebit, Packet Technologies (a portion of which later became StrataCom), Equatorial Communications, Metricom, InterFax and his current venture, Com21. Dr. Vinton Cerf led the research project which developed the TCP/IP protocol suite, the open system interconnection protocol which is used today by schools, government, corporations and an increasing number of individuals to communicate with each other over the Internet. Dr. Cerf also participated in the development of the ARPANET host protocols and managed the Internet, Packet Communications and Networked Security programs for DARPA. While working at MCI, he led the engineering effort to develop MCI Mail. He is now vice president of the Corporation for National Research Initiatives where he is responsible for projects involving the Internet, electronic mail, and Knowledge Robot research. Ward Christensen wrote the original software program, "MODEM.ASM", which came to be called "Xmodem" or the "Christensen protocol". For untold numbers of early-to-present day computer communications users, Xmodem has made it possible to transfer files, error-free, over phone lines from one computer to another. Xmodem file transfer has been the major means of information exchange for computer hobbyists and small business users through the first decade of the personal computer revolution. Mr. Christensen also programmed the first microcomputer dial-in system which he named a "BBS" - bulletin board system. His original BBS, CBBS/Chicago, is still in operation. He is in his 25th year at IBM. Dave Hughes has been an outspoken and effective grassroots evangelist and spokesperson for popular computer networking and electronic democracy for over a decade. He fashioned his own computer system at Old Colorado City Communications in1985, and soon brought the municipal elected government of Colorado Springs online. He helped design and implement a personal computer network connecting one-room rural schoolhouses in Montana to worldwide information resources. He continually brings network connections and new applications to new populations here and abroad. Perhaps most importantly, he is a tireless and enthusiastic communicator, offering his experience, his inspiration and his vision to any and all on the Net. USENET is a distributed bulletin board system with approximately two million readers worldwide. It came into being in late1979 through the inspiration of Tom Truscott and Jim Ellis combined with the design and programming efforts of Steve Bellovin, Stephen Daniel, and Dennis Rockwell. Following USENET's introduction in 1980, the resulting and ever-expanding collection of "newsgroups" began to be carried and circulated by a growing number of networked sites. The ongoing work of numerous individuals has allowed Usenet to survive its increasing popularity. The daily traffic is now approximately 20,000 articles, totaling 50 megabytes, posted to 2000 different newsgroups. Tom Truscott is currently a distributed computing professional at IBM in the Research Triangle Park, North Carolina. He has authored a number of UNIX-related articles, and is a member of ACM, IEEE, and Sigma Xi. James Ellis is currently the Manager of Technical Development at the Computer Emergency Response Team, which is the team created to assist Internet sites with computer security incidents. At CERT, he is responsible for analyzing UNIX system vulnerabilities and for developing tools to assist in the handling of security incidents. Judges This year's judges for the Pioneer Awards were: Jim Warren, Pioneer Award recipient from 1992 who coordinated the judging process, Steve Cisler of Apple Computer, Esther Dyson, editor of Release 1.0, and Bob Metcalfe, Editor of Infoworld. -==--==--==-<>-==--==--==- COMMUNICATIONS POLICY FORUM CPF Airs Issues for K-12 Access to the Internet by Andrew Blau The Communications Policy Forum (CPF), a non-partisan project of the EFF that brings stakeholders together to discuss communications policy issues, recently convened a roundtable to explore some of the legal questions that arise when K-12 schools provide Internet access to their students. Approximately 15 people, representing carriers who provide connections to the Internet, schools or school systems who are connected to the Internet, and legal experts with expertise in this and related areas, met to discuss issues of legal liability as this new medium enters an educational setting for minors. A key concern is that students may be exposed to material that parents or teachers find inappropriate for children. In other electronic media, such as broadcast television, cable TV, and audiotext, legal restrictions have been imposed to protect children from ÒharmfulÓ or ÒindecentÓ material, and liability has been assigned. No such framework exists for the Internet. Moreover, the very strengths of the Internet Ð its decentralized, unhierarchical, and essentially uncontrolled flow of traffic Ð offer distinct challenges to those who would seek to control it in the interest of protecting children. Finally, the tools available in other media Ð safe harbors, lockboxes, or subscription schemes Ð don't fit in this environment. Issues and Suggestions Following a brief summary of the Internet and how it operates and a review of how it is being used by a handful of K-12 institutions, participants identified specific problems and policy issues and considered existing statutes and case law for guidance. The group also considered the potential effects of "harmful to minors" or "obscene as to minors" statutes, which are on the books in 41 states. Although they are often vague or broad, the Supreme Court has agreed that it is constitutional to have such laws which prohibit the dissemination to minors of material that is protected by the First Amendment and would be constitutional for adults, to minors. Discussion then turned to various practical measures that carriers and schools might take in light of what had been described. One suggestion was that carriers work with school systems to provide a recommended set of features or services. In order to protect themselves, carriers could ensure that the school put in place a set of policies, identify for students their responsibilities, and place a teacher or other adult in control of what students access through the school's connection. It was also suggested that carriers could develop a contract that only connects schools that agree to indemnify the provider. Moreover, the carrier could require assurance that when access is provided to minors, the school will use some formal agreement with the minor's parent that includes provisions that hold the network provider harmless from liability. As an alternative, it was suggested that carriers could offer a simple warning to schools that alerts them that Internet access may enable access to materials inappropriate for minors, and that local discretion is advised. Schools could also offer disclaimers to parents modelled on those that parents are given before a field trip. A handful of technical solutions were suggested throughout the course of the meeting, and many elicited substantial interest. For example, various participants suggested using encryption, programs that flag key words or phrases and route them for human intervention, and mandatory password protection for all purveyors of certain kinds of information. Many participants seemed intrigued by a proposal to develop an addressing standard under which someone who gets access by virtue of his/her status as a K-12 student could get an address tag that identifies the student as such for various purposes. One example would be to press for the creation of an additional domain of ".stu" for K-12 students. The appearance of the ".stu" tag would function like any other identification stamp for access to certain materials. Statutory immunity for carriers was also seen by almost all participants as highly desirable and worth pursuing. Developing a legislative strategy may also highlight how these issues in the K-12 setting are linked to and can be addressed in partnership with other issues and other sectors of the communications field. It was also noted that all those interested in K-12 networking need to educate the new Administration as it considers "information highways," a new Federal Communications Commission, the implementation of the NREN, and other programs. According to this approach, a critical first step is to educate as many new players as possible, including Congressional staff and the new administration, that addressing these liability issues is part of the package of building the networks of tomorrow. Conclusion By the end of the session, most participants agreed that there are no easy answers to the issues raised. Yet participants also agreed that if the community of interested educators, carriers, and public interest groups could establish workable models and promote a positive agenda with lawmakers, instead of waiting for problems to arise, the resulting legislative and regulatory framework would be far more likely to cultivate educational access, as well as to provide a model for broadband policy as a whole. The value of the Internet as an educational resource is clear. As one educator pointed out, our schools lose both students and teachers because of inadequate access to resources; the Internet can enrich the resources available to both teachers and students and is not something that only universities should enjoy. The challenge is to articulate a policy framework that can enable that potential to be realized and then to work to see that framework constructed. ============================================================= EFFector Online is published by The Electronic Frontier Foundation 666 Pennsylvania Ave., Washington, DC 20003 Phone: +1 202 544-9237 FAX: +1 202 547 5481 Internet Address: eff@eff.org Coordination, production and shipping by Cliff Figallo, EFF Online Communications Coordinator (fig@eff.org) Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the view of the EFF. To reproduce signed articles individually, please contact the authors for their express permission. *This newsletter is printed on 100% recycled electrons* ============================================================= MEMBERSHIP IN THE ELECTRONIC FRONTIER FOUNDATION In order to continue the work already begun and to expand our efforts and activities into other realms of the electronic frontier, we need the financial support of individuals and organizations. If you support our goals and our work, you can show that support by becoming a member now. Members receive our bi-weekly electronic newsletter, EFFector Online (if you have an electronic address that can be reached through the Net), and special releases and other notices on our activities. But because we believe that support should be freely given, you can receive these things even if you do not elect to become a member. Your membership/donation is fully tax deductible. Our memberships are $20.00 per year for students, $40.00 per year for regular members, and $100.00 per year for organizations. You may, of course, donate more if you wish. Our privacy policy: The Electronic Frontier Foundation will never, under any circumstances, sell any part of its membership list. We will, from time to time, share this list with other non-profit organizations whose work we determine to be in line with our goals. But with us, member privacy is the default. This means that you must actively grant us permission to share your name with other groups. If you do not grant explicit permission, we assume that you do not wish your membership disclosed to any group for any reason. ============================================================= Mail to: The Electronic Frontier Foundation, Inc. 238 Main St. Cambridge, MA 02142 I wish to become a member of the EFF. I enclose: $_______ $20.00 (student or low income membership) $40.00 (regular membership) [ ] I enclose an additional donation of $_______ Name: Organization: Address: City or Town: State: Zip: Phone: ( ) (optional) FAX: ( ) (optional) Email address: I enclose a check [ ]. Please charge my membership in the amount of $ to my Mastercard [ ] Visa [ ] American Express [ ] Number: Expiration date: Signature: ________________________________________________ Date: I hereby grant permission to the EFF to share my name with other non-profit groups from time to time as it deems appropriate [ ]. Initials:___________________________ Downloaded From P-80 International Information Systems 304-744-2253