Indications [1] are that the Commerce Committee of the US House of Representatives is likely to vote in favor of unprecedented restrictions on Americans' right to be left alone. The so-called Oxley amendment [2] to the SAFE bill, which started out attempting to ease encryption export rules, would require Internet technology to enable immediate access to plaintext for any Net message, without notification to the sender.

This ZDNet coverage [3] gives an introduction of some of the technical objections raised last week to the Oxley amendment. Here are some more recent ones.

• Voices from England [4], [5] and Europe [6] refuted this approach to encryption. An article in Communications Week International [6] claims that the European Commission will refuse to endorse key recovery in a report to be issued on 1997-10-01.

• 28 law professors detailed [7] why the proposed law would be unconstitutional.

• 65 companies and organizations signed a letter [8] to the House Commerce Committee opposing Oxley or any similar legislation.

The Congressional Budget Office issued an analysis [9] of the costs of a key-recovery infrastructure; the top estimate was $2 billion per year. CBO requested expert input into its estimates (thanks to Rodney Thayer <rodney at sabletech dot com> for the first word on this). Here is some of what the CBO got.

• Donale Eastlake and others estimated upwards of several hundred billion dollars [10].

• William Allen Simpson estimated that Oxley would slow all data transmission on the Internet by 3 to 8 times, and in addition would require the construction of a secure infrastructure as large again as today's Internet for the transmission and storage of users' keys.

• Perry Metzger noted: "The cost to industry of implementing [Oxley] and... to the government of running it is only the tip of the iceberg. The cost to the economy [of] criminal activity that cryptography would normally stop cannot possibly be estimated."

• The last word goes to cryptographer Bruce Schneier: "Law enforcement needs to deal with technology. So, no more wiretaps. Big deal. [FBI Director] Freeh needs to deal with that fact."

[1] http://www.news.com/News/Item/0,4,14422,00.html
[2] http://www.cdt.org/crypto/legis_105/SAFE/Oxley_Manton.html
[3] http://www.zdnet.com/zdnn/content/zdnn/0922/zdnn0013.html
[4] http://www.techweb.com/wire/news/1997/09/0917crylaws.html
[5] http://www5.zdnet.com/zdnn/content/zduk/0918/zduk0001.html
[6] http://www.jya.com/euro-resist.htm
[7] http://www.law.miami.edu/~froomkin/lawprof-letter.htm
[8] http://www.jya.com/safe-oxley-no.htm
[9] http://www.jya.com/gak-costs.htm
[10] http://www.jya.com/gak-costs2.htm

Apex Global Internet Services Inc. had tried unilaterally to work a truce in the spam wars -- it hosted spammers, including the most notorious of them all, Sanford Wallace's Cyber Promotions, while sponsoring a trade association of "responsible" spammers: the Internet E-Mail Marketing Council. Last Wednesday the ISP kicked them all out [11], [12]. It shut down the accounts of three spam companies and ejected the IEMMC representstive from his office on the AGIS site. The reasons for the ouster are not clear but may involve protacted ping-flood attacks directed against CyberPromo. (Wallace claims that AGIS stopped blocking ping floods a week before.) This handy page [13] from Randy Benn keeps up-to-date with news accounts from the spam wars.

[11] http://www.news.com/News/Item/0,4,14429,00.html
[12] http://www.zdnet.com/intweek/daily/970922e.html
[13] http://www.clark.net/pub/rbenn/spam.html

For the first time since the launch of HotBot, a new player in the search-engine game bids to index the entire Web. Northern Light [14], a startup in Cambridge, MA, introduces a new technique -- folders generated on the fly -- to organize and present search results. The company offers searches of off-Web content such as journals, magazines, how-to guides, and reference works. Searching the "Special Collections" is free for now but the company will soon start charging; Web searches will remain free. Wired gives a good summary [15] of Northern Light's story.

[14] http://www.northernlight.com/
[15] tp://www.wired.com/news/news/culture/story/6992.html

The Autumn 1997 number of the World Wide Web Journal [16] will be a special issue on XML. One of its articles is available on the Web now in pre-copyright form [17]. If you don't know about XML, an evolutionary development from the tradition of SGML and HTML, you probably should; you'll find a graceful introduction in "The Evolution of Web Documents: The Ascent of XML," by Dan Connolly, Rohit Khare, and Adam Rifkin [17].

[16] http://www.w3j.com/
[17] http://www.cs.caltech.edu/~adam/papers/xml/ascent-of-xml.html

PC Week notes [18] the appearance of a new utility that can reveal passwords stored in the Windows 95 password list on a local machine. The tool is called Revelation [19], and it's a free download from SnadBoy Software. The utility does not rely on decryption; it simply grabs and displays data from a Windows 95 software buffer. SnadBoy positions Revelation as a convenience tool for those who have forgotten a password that they asked Windows 95 to remember for them. Its potential for abuse is scary, but fortuately Revelation can't be used over a network; it must be run from the keyboard attached to a local machine.

[18] http://www8.zdnet.com/pcweek/news/0908/11mrev.html
[19] http://www.snadboy.com/revelation.shtml

Data Art Corp. [20], a New York Internet consulting company, has hit on the idea of registering domain names that are slight misspellings of well-known company or site names. Examples are:

    abcnws.com                cdnaw.com
    atavista.com              cityseach.com
    barnesandnobels.com       compuserver.com
    bigfot.com                dinsey.com
    careermasaic.com          dojones.com
    careermozaic.com          ...

Data Art registered at least 256 such names in the first week in August. Perhaps they intend to sell the names to people who want to benefit from "accidental" advertising; meanwhile Data Art is using the names themselves to this end. Visit a plausible URL constructed from any of the names and you get an advertisement and an invitation to contact the company. (The HTML title of each such page is "typo.")

This inventive domain-name wangle was uncovered by Noah Friedman <friedman at splode dot com> and forwarded by glen mccready <glen at qnx dot com>.

[20] http://www.dataart.net/about.htm

Daniel Bernstein, the professor who recently won a narrow ruling [21] in his challenge [22] to US cryptography export restrictions, acquired a new email address courtesy of the Tonga registry [23]. Robert Harley <Robert.Harley at inria dot fr> received a message from Bernstein at his new address and gave public voice to the severe case of email envy inspired by

djb@cr.yp.to

At a recent Microsoft developers' conference in Paris the topic turned to Java. Microsoft spokesmen began disparaging the Sun-developed cross-platform language and talking up the Microsoft alternatives. To the presenters' astonishment, the audience of 1200 developers disrupted the presentation with boos and calls of "Go Java": Allez Java! They began walking out of the room -- first in a trickle and then in a flood. At the end only 50 remained in the audience. This account [24] of the debacle, penned by an unnamed attendee (a Sun employee), was forwarded by Keith Bostic .

Note added 1997-09-25: It looks as if this account is exaggerated. At the request of a reader, the IDG international news service spoke to developers who attended the Paris conference and came away with this summary of the affair: "A few people booed (the Sun author being one of them) and a few people left." Thanks to Mark Gibbs <mgibbs at gibbs dot com> for the correction. The IDG article is now online a [23a].

For a complete list of TBTF's (mostly email) sources, see http://www.tbtf.com/sources.html.

TBTF home and archive at http://www.tbtf.com/ . To subscribe send
the message "subscribe" to tbtf-request@world.std.com. TBTF is
Copyright 1994-1997 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Com-
mercial use prohibited. For non-commercial purposes please forward,
post, and link as you see fit.
_______________________________________________
Keith Dawson    dawson dot tbtf at gmail dot com
Layer of ash separates morning and evening milk.