X-Sender: jwarren@well.com Mime-Version: 1.0 Date: Tue, 23 May 1995 08:41:14 +0800 To: GovAccess@well.com From: jwarren@well.sf.ca.us (Jim Warren) Subject: GovAccess.124: HOW TO protect personal privacy - until prohibited by law Sender: owner-govaccess@well.com Precedence: bulk For Protecting Our Privacy - And Thus, Our Speech, Press, Assembly & Freedom PGP is a program for encrypting email and files. It differs from the encryption used in most commercial software packages (such as, say, Microsoft Word) in that it uses "strong" encryption --- encryption that no one in the public scientific community can break, and probably no one in the government community can break either. As a result, it is classified as munitions under ITAR, and is illegal to export from the U.S. Sending it to a foreign ftp site counts as export. This doesn't mean that it's not widely available around the world, though. I would strongly encourage anyone even remotely interested to obtain a copy to look at. There is an alt.security.pgp newsgroup, and it has useful FAQs (ftp to rtfm.mit.edu:/pub/usenet/alt.security.pgp). For the passionately interested, I recommend the cypherpunks mailing list. Get the FAQ from ftp.netcom.com:/pub/tc/tcmay/CP-FAQ. While it is difficult to label any reasonably sized group, I would classify them (us) as individuals determined to preserve individual privacy through technological means that can overcome any political efforts to violate said privacy. &&&&&&&&&&&&&&&&&&&& For Personal Privacy, You Can Use Free PGP Communications Crypto - So Far [Better get pesonal privacy protection while you still can. Russia's already outlawed it. And U.S. federal snoops are vigorously urging that all 260-million not-presumed-innocent U.S. citizens be prohibited from uncrackably securing their/our communications and files - unless the government has the keys. Following are two excerpts from the public mac-eudora-forum@qualcomm.com forum, concerning use of Zimmermann's Pretty Good Privacy crypto program to protect email against snoops, while using Qualcomm's *glorious* offline email handler, available for the Mac and PC as freeware and as wee-feeware for a more'n-worth-it enhanced version. Idiotic-but-wise disclaimer: Do not download any crypto software from a U.S. site if you are not inside the United States, because you may be guilty of felony export of a munition without State Department permission. --jim] From: Michael Sattler Subject: Re: PGP usage from within Eudora >Does pay-eudora support pgp encoding internally? Is there any way of >using pgp short of composing the msg outside of eudora, encoding it w/ >mac-pgp, and then sending it within eudora? Yes. Both "pay-eudora" and the freeware version can interoperate with MacPGP 2.6.2(1.2.6b) via AppleEvents. A collection of scripts and related utilities, grouped together as "The MacPGP Kit", may be found at ftp://duke.bwh.harvard.edu/pub/adam/mcip/MacPGPKit-1.6.hqx === === Date: Thu, 13 Apr 1995 04:15:48 -0800 From: Dave Del Torto Subject: Encrypting Your Email - Eudora & PGP [excerpts] >>How does one send an encrypted message and how is it received on EUDORA? > >Encrypted e-mail is just like plaintext mail, except it's encrypted. Exactly. There's no rocket-science involved, as long as you read the documentation(!). >>When sending to unknown hosts, how is it done? That is, I don't know >>what mail-reader than JOE@Pizza.com is using. Everyone seems to have >>TO/FROM/SUBJECT/CC - are there standards about encrypting messages? > >The basic standards are what flavor of encryption you use. Pretty Good >Privacy (PGP) is the most-used freeware package, available for all sorts >of platforms. ... Anyway, encrypted msgs are handled normally, just like any old email would be. Once your recipient gets the msg, he just decrypts the msg-body with the PGP software he runs on his platform (there's a version of PGP forevery major platform out there) ... >To get the latest Mac version check out> > ftp://ftp.netcom.com/pub/dd/ddt/crypto/pgp_ftp_instructions Actually, let me correct that ever-so-slightly: ftp://ftp.netcom.com/pub/dd/ddt/crypto/READ_ME_FIRST! is what you want to go to first. All the instructions are there. Follow them _very_ carefully. Cryptographic software is considered "munitions" by the US Govt, so we have to be very careful they don't imprison us for "exporting arms" (I know it sounds goofy, but it's the law). You don't have to worry about using PGP yourself though, as long as you use it like a responsible person and don't send the software across international borders (aka "exporting") through the Internet. BTW, if you want general information on PGP (the best encryption available until the next Ice Age), please visit the directory: ftp://ftp.netcom.com/pub/dd/ddt/crypto/crypto_info/ where there are lots of informational text files. If you want human help, send a msg containing your question to the people living at: <--- preferred or where there are some cypherpunks waiting to answer you (perhaps even cheerfully). Also stay tuned (plug, plug!) for the gnarly book Mike and I are writing all about Eudora 3.0: it will have a significant amount of material on identity, privacy and encrypted email with Eudora. Real 007 stuff. You'll love it, we promise. :) Related Newsflash: Qualcomm is to be *highly* commended for recently agreeing to work with the PGP 3.0 development team on implementing encryption services in a future version of Eudora. I've leaked as much before, and no further details can yet be made public (please don't ask), but we're extremely pleased (and you should be too) to know that Qualcomm appreciates the value of personal privacy and secure, authenticatible mail on the Internet - and that they recognize the primacy of PGP in that arena. A healthy round of applause for Qualcomm is definitely in order for being Heroes of the Email Revolution. If you want to learn more about this when we're able to publicly discuss the details of the collaboration, send an email message to: and you'll be placed on the pgp-announce distribution list. The subject and body of your msg will be ignored and you will (probably) receive no confirmation message, but your email address will be added to the dist list. Until then, forget I mentioned it. ;) dave (wearing my PGP 3.0 dev team coordinator hat) &&&&&&&&&&&&&&&&&&&& "Society has recognized over time that certain kinds of scientific inquiry can endanger society as a whole and has applied either directly, or through scientific/ethical constraints, restrictions on the kind and amount of research that can be done in those areas." -- Adm. Bobby R. Inman (then CIA Deputy Dir.) in a February, 1982 article for _Aviation_Week_and_Space_Technology_, on why cryptographic research should be limited to government scientists. [Full text of this article available for anonymous ftp from ftp.eff.org aspub/EFF/Policy/Crypto/inman.article.] Mo' as it Is. --jim Jim Warren, GovAccess list-owner/editor (jwarren@well.com) Advocate & columnist, MicroTimes, Government Technology, BoardWatch, etc. 345 Swett Rd., Woodside CA 94062; voice/415-851-7075; fax/<# upon request> To add or drop GovAccess, email to Majordomo@well.com ('Subject' ignored) with message: [un]subscribe GovAccess YourEmailAddress (give your eaddr) For brief description of GovAccess, send the message: info GovAccess Past postings are at ftp.cpsr.org: /cpsr/states/california/govaccess and by WWW at http://www.cpsr.org/cpsr/states/california/govaccess May be copied & reposted except for any items that explicitly prohibit it.