Redacted passages are now highlighted in red

Electronic Frontiers Australia has posted an uncensored copy of the Review of Policy relating to Encryption Technologies, called the Walsh Report [1]. Two years ago the Australian government had been about to release a study of the effect of encryption technology on law enforcement and intelligence gathering. The study, commissioned by the Attorney General's office, was authored by Gerard Walsh, former deputy director of the Australian Security Intelligence Organisation. Just before publication someone high up in the Australian government developed cold feet and the release was cancelled. Electronic Frontiers Australia filed a freedom of information request and in June 1997 obtained a redacted copy of the report — that is, with some sections blacked out on grounds of public safety, law enforcement, or national security — and posted it on the Web. It now comes to light that before the report was pulled, "deposit copies" had been sent to major libraries; an alert student found one such last month growing dusty in the State Library in Hobart. EFA published the full report, with the originally censored parts highlighted in red, at the same URL [1]. Here is one of those redacted sections (1.2.22):

It is remarkable how many of the red passages track with proposals that, if publicized, would carry "political risk" — such as the risk of the public throwing the bums out. Among the initially redacted legislative amendments proposed are those to allow:

• legalized hacking by agencies (1.2.28, 6.2.3)

• legalized planting of trap-doors in proprietary software (1.2.33, 6.2.10, 6.2.11, 6.2.22)

• protection from disclosure of the methods used by agencies to obtain encrypted information (6.2.16)

This latter proposal the EFA's Greg Taylor <gtaylor at efa dot org dot au> calls "an apparent endorsement of rubber-hose code-breaking." A more charitable interpretation would be of a law to shield authorities from having to reveal in open court that they obtained evidence by cracking into and infecting a suspect's computer — might not play well with juries. Prosecutors routinely avoid such embarassment by using tainted evidence only to locate and develop other lines of evidence, which are then used to prosecute.

[1] http://www.efa.org.au/Issues/Crypto/Walsh/index.htm

Fixing FIPS 140-1 test failure will impact IE4, Outlook 98

Windows NT 4.0 has failed a critical government test [2] (registration required) that it must pass in order to be considered for sensitive applications in US and Canadian government agencies. Problems that surfaced in Microsoft's CryptoAPIs may be serious enough to require significant redesign of the operating system. The company expects to issue a service pack later this year after NT finally makes it through FIPS 140-1 testing. However, the patch will cause major problems for common applications, because only Internet Explorer 5.0 will know how to work in FIPS mode. The service pack will prevent users who apply it from using IE 4.0, Outlook 98, and possibly other applications such as Internet Information Server.

[2] http://www.nwfusion.com/news/0111ntcrypt.html

You can tell it's a good decision, it made both companies mad

A US magistrate has ordered Microsoft and Sun to schedule a settlement conference to hash out their ongoing dispute over Java technology. Judge Ronald Whyte's order [3] said the companies, which have developed two different methods for Java to work with Windows, should develop a single platform that "achieves Sun's goal of universality and Microsoft's goal of more efficient performance and ease of coding." Whyte also said the companies should consider expanding development of Microsoft's J/Direct, which lets Java developers access native Windows functions directly.

[3] http://www.techweb.com/printableArticle?doc_id=TWB19990108S0001

Let's patent like it's 1999

The mere flood of patents on business models [4] will surely now become a torrent. The US Supreme Court has let stand a lower court ruling in the State Street Bank case that mathematical algorithms used in a program may rate intellectual-property protection [5] (free registration and cookies required for this link). The silliest patent I've seen recently claimed exclusive rights to the "method" of teaching an in-house course using a book. Worse is to come.

[4] http://tbtf.com/archive/1998-08-31.html#Tspx
[5] http://www.nytimes.com/library/tech/99/01/biztech/articles/12patent.html

A business model from cloudcuckooland

Bill Gurley's latest Above The Crowd column [6] is a sober exploration of a business proposition that until recently was the punch line of a stock joke:

Gurley examines buy.com, a reborn Web virtual store whose business plan amounts to selling a buck for 85 cents and making it up on advertising. You can trace a straight line from the idealistic business model arising out of the Net's pre-commercial gift economy -- give away real value on your Web site and find a way to make money from the side-effects — through banner ads, eyeballs, and branding to the Americanized, Crazy Eddie purity of buy.com's aspirations. If the recent market for Net stocks has sent images of tulip bulbs dancing in your head, Gurley's analysis will do nothing to dispel them.

Perhaps when the Millenium has passed and the stock market crash is behind us, we can turn again to the serious business of inventing sustainable business models for the Net.

[6] http://www.news.com/Perspectives/Column/Textonly/0,197,282,00.html?tbtf

A maze of twisty items, all a little different

Microsoft releases a fix for frame spoof

See [7] and [8] for a description of this startlingly deep problem in the architecture of frames. Microsoft has released a patch for Wintel versions of Explorer 4.01 [9]; patches for Macintosh, HP-UX, and Solaris versions are not ready yet. In the email edition I wrote that Netscape has never acknowledged or responded to inquiries about the frame-spoof problem or said when a fix might be available for Navigator browsers. This just in —

[7] http://tbtf.com/archive/1998-11-17.html#s02
[8] http://www.securexpert.com/framespoof/tech.html
[9] http://www.microsoft.com/windows/ie/security/spoof.asp

No kudos from BugNet

Since 1994 the editors of BugNet have presented an award to a software company for the year's best bug-fix performance. This year the editors surveyed the software field and scowled in disgust, refusing to grant any award [10]. "We are in the midst of a PC quality / support crisis," they declare. Here is one sad tale among many that illustrates the sorry attitude of software companies toward the things they have wrought and the users who are stuck with them.

[10] http://www.bugnet.com/analysis/no_award.html

Cyber Underwriters Laboratories

The field of computer security has few hard standards: no company can certify that its software product is secure. Writing on the l0pht Heavy Industries site, Tan <tan at l0pht dot com> suggests looking to Underwriters Laboratories [11] for a model of Net security certification. Using the example of a UL-certified manufacturer of safes, Tan writes:

Thanks to Keith Bostic <nev at bostic dot com> for pointing out this proposal.

[11] http://www.l0pht.com/cyberul.html

India warns against US crippleware

An Indian defense official issued a "red alert" [12] against the dangers of depending on cryptography products developed in the US, because almost by definition their codes can be broken by US government agencies. India might require all local banks and financial institutions to buy only home-grown crypto software. The letter from the Defence Research and Development Organisation says:

[12] http://www.economictimes.com/120199/lead2.htm

A specialized shopping bot

Uniden introduced a phone at the Consumer Electronics Show that price-shops every time it's dialed, seeking the cheapest longdistance rate from among hundreds of plans before each call. The phone, called the Long Distance Manager, is expected to reach store shelves this spring at a price of about $49. Thanks to Keith bostic <nev at bostic dot com> for this item.

Bringing you the jagged edge of the Net's new lingo since 1995

Jargon Scout [13] is an irregular TBTF feature that aims to give you advance warning — preferably before Wired Magazine picks it up — of jargon that is just about ready to hatch into the Net's language.

Randy Enger writes:

[13] http://tbtf.com/jargon-scout.html
[14] http://tbtf.com/archive/1998-10-27.html#s10

The brightest stars, the biggest stories

One of my favorite email resources for nudiustertian news from the world of physics is the AIP's Physics News Update [15], whose research summaries, written by Phillip F. Schewe and Ben Stein, arrive by email weekly [16]. Here are some of Schwe and Stein's picks as the biggest physics stories in 1998. I've added direct URLs for the stories as they appeared in PNU.

• The realization (based on observations of distant supernovas) that the cosmological expansion of the universe is not only not slowing but is actually accelerating [17], [18]

• The observation of neutrino oscillation [19]

• Bose-Einstein research [20], [21], [22]

• progress in quantum teleportation [23], the complementarity principle demonstrated for electrons [20]

• quantum computing used to perform simple searches [24]

• the detection of gamma rays from a high-magnetic-field pulsar (or magnetar) [25], [26]

• the idea of chaos-based computing [27]

[15] http://www.aip.org/physnews/update/
[16] http://www.aip.org/physnews/update/subpnu.htm
[17] http://www.aip.org/enews/physnews/1998/physnews.355.htm
[18] http://www.aip.org/enews/physnews/1998/physnews.361.htm
[19] http://www.aip.org/enews/physnews/1998/physnews.375.htm
[20] http://www.aip.org/enews/physnews/1998/physnews.362.htm
[21] http://www.aip.org/enews/physnews/1998/physnews.382.htm
[22] http://www.aip.org/enews/physnews/1998/physnews.402.htm
[23] http://www.aip.org/enews/physnews/1998/physnews.356.htm
[24] http://www.aip.org/enews/physnews/1998/physnews.367.htm
[25] http://www.aip.org/enews/physnews/1998/physnews.374.htm
[26] http://www.aip.org/enews/physnews/1998/physnews.394.htm
[27] http://www.aip.org/enews/physnews/1998/physnews.389.htm

Old McDonald had some code, C-O-B-O-L

For those of you who rejoiced over the holidays because The Little Drummer Boy drowned out the pervasive babble about Y2K, here's a little something to jerk you fully into 1999: the latest in barnyard sounds from Patrick Tufts <zippy at cs dot brandeis dot edu>.

The foregoing nugget is carried on TBTF by permission. The author specified as a condition of publication that the period had to stay outside the quotation mark.

This week's TBTF title means, in a backhanded sort of way, "up to the minute; the latest thing." Mrs Byrne's Dictionary [29] says the word derives from the Latin phrase Nunc dies tertius est, meaning "It is now the third day," so a literal rendering would be "pertaining to the day before yesterday." The OED is more straightforward [30].

[29] http://www.powells.com/cgi-bin/partner?partner_id=23196&cgi=search/search&searchtype=isbn&searchfor=0806504986
[30] http://tbtf.com/resource/oed-defs.html#nudiustertian

For a complete list of TBTF's (mostly email) sources, see http://tbtf.com/sources.html.

TBTF home and archive at http://tbtf.com/ . To subscribe send the
the message "subscribe" to tbtf-request@tbtf.com. TBTF is Copyright
1994-1999 by Keith Dawson, <dawson dot tbtf at gmail dot com>. Commercial use pro-
hibited. For non-commercial purposes please forward, post, and link as
you see fit.
_______________________________________________
Keith Dawson    dawson dot tbtf at gmail dot com
Layer of ash separates morning and evening milk.