Computer underground Digest Thu, Jan 8, 1992 Volume 4 : Issue 01
Moderators: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
CONTENTS, #4.01 ( Jan 8, 1992)
File 1--Moderators' Corner
File 2--How The Government Broke The Law And Went Unpunished
File 3--Federal Seizure of "Hacker" Equipment" (Newsbytes Reprint)
File 4--Re: FBI vs. Kiddie Porn (CuD 3.44)
File 5--Re: Whole Earth Review Questions Technology
File 6--Law Enforcement, the Government & You
Issues of CuD can be found in the Usenet alt.society.cu-digest news
group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG,
and DL0 and DL12 of TELECOM, on Genie, on the PC-EXEC BBS at (414)
789-4210, and by anonymous ftp from ftp.cs.widener.edu (147.31.254.132),
chsun1.spc.uchicago.edu, and ftp.ee.mu.oz.au. To use the U. of
Chicago email server, send mail with the subject "help" (without the
quotes) to archive-server@chsun1.spc.uchicago.edu.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to the
Computer Underground. Articles are preferred to short responses.
Please avoid quoting previous posts unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Thu, 7 Jan 92 10:44:31 CST
From: Moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 1--Moderators' Corner
Issue 4.01 launches the new year. For those asking why there was no
CuD for the past three weeks (#3.44 was the final issue of '91),
holidays are less than ideal for sending out mail. Systems, people,
and mysterious cosmic forces go walk-about, and too much mail bounces
back. That, coupled with Gordon's two-week jaunt to Utah and Jim's
trek to Michigan, caused the delay.
Apologies to those who sent articles that were delayed. We will catch
up in the next few weeks.
We encourage longer posts and especially encourage readers to send
media articles and stories from their local area that might not make
the national press. Contributors should be sure that, for longer
articles, no copyright is violated. If there is any question, then
excerpts should be sent. Shorter new stories of 25-30 lines or less
are, we are told, generally "fair use."
------------------------------
Date: Thu, 19 Dec 1991 13:04:39 -0500
From: Craig Neidorf <knight@EFF.ORG>
Subject: File 2--How The Government Broke The Law And Went Unpunished
JUSTICE DENIED
How The Government Broke The Law And Went Unpunished
by Craig Neidorf
kl@stormking.com
BACKGROUND:
On January 18, 1990, Craig Neidorf, a 20-year-old college junior and
editor of an electronic newsletter, was visited by Agents Tim Foley
and Barbara Golden of the United States Secret Service (acting on
behalf of William Cook, an assistant U.S. Attorney in the Northern
District of Illinois, Eastern Division), and Reed Newlin, an agent of
Southwestern Bell security of Missouri, acting under color of law in
conjunction with the U.S. Secret Service. Neidorf was questioned as a
criminal suspect and eventually charged in a multi-count indictment
with violations of the Computer Fraud & Abuse Act, the Interstate
Transportation of Stolen Property Act, and the Wire Fraud Act, all
because of his involvement as editor of a newsletter that disseminated
to the general public from his bedroom at the Zeta Beta Tau fraternity
house in Columbia, Missouri. All such charges were subsequently
dismissed by the U.S. Attorney's Office after a week of trial.
On January 19, 1990, the above named agents returned to Craig
Neidorf's fraternity house accompanied by a uniformed officer of the
University of Missouri Police Department. They produced and executed
a search warrant that empowered them to seize all materials relating
to Neidorf's newsletter, specifically computer hardware, work product
of the newsletter, and documentary materials of the newsletter.
These actions by the various law enforcement authorities constitute an
actionable offense in violation of the Privacy Protection Act of 1980.
__________
TO THE READER:
During the summer of 1990, I wrote the following review of how the
Privacy Protection Act of 1980 could have been applied to the above
described incident. After several months of trying to find a way to
file a claim, I have finally come to realize that the goal I seek is
unreachable because I do not possess the financial resources to hire
legal counsel and no law firm or organization capable of handling the
case will agree to take it on a contingency basis. Furthermore, as I
read the law, the statute of limitations on this type of action is two
years and January 19, 1992 is rapidly approaching. Because of reality
superceding idealism, I have decided instead to present my case to
you, the public, in the hopes that perhaps something good results from
people learning the truth, despite that those truly guilty will not be
punished.
I will attempt to lay out and describe the details, ramifications, and
importance of these events as they relate to the Privacy Protection
Act of 1980 and as a convenience, I will be referring to myself in the
third person and narrating from an advocate's point of view.
I will be citing without quotation directly from the Legislative
History of the Act and the Act itself as found in P.L. 96-440, pages
3950-3976 and Title 42, Chapter 21A, Sections 2000aa-2000aa-7.
__________
*** What Does The Privacy Protection Act of 1980 Do?
Part A of S. 1790 provides broad protections against searches for
documentary materials which are in the possession of those engaged in
First Amendment activities. When the materials sought consist of work
product, a general no search rule applies. When the materials sought
constitute documentary materials other than work product, a
subpoena-first rule is generally applicable. The title applies to
state, local, and federal law enforcement officers. Because
disseminating information regularly affects interstate commerce,
congressional authority to regulate state and local enforcement in
this statute is based on the commerce clause <as found in> United
States Constitution, Article I, Section 8.
*** What Are The Unlawful Acts?
Unlawful acts under section 101 involve searches and seizures
performed only by governmental officials, not private citizens, and
conducted "in connection with the investigation or prosecution of a
criminal offense."
It could be argued that Southwestern Bell is also guilty of violating
the Act because of Reed Newlin, a security person from Southwestern
Bell, who acted under color of law alongside the law enforcement
agents in performing the physical search of Neidorf's room. Newlin
himself did enter Neidorf's room and physically handle his computer
equipment (ex. going through Neidorf's dresser drawers and pulling out
an Apple 1200 baud modem).
*** What Does the Privacy Protection Act Protect?
The phrase "in connection with a purpose to disseminate to the public
... a form of public communication" reaches not only to materials
which are to be disseminated to the public or which contain
information that is to be incorporated in a form of public
communication, but also materials which are gathered in the course of
preparing such a publication. For example, a reporter may prepare an
article which his editor decides should not be published; nonetheless,
the reporter's interview notes and draft of the article would remain
protected by the statute. Similarly, all of an author's research
notes would be protected, although only part of the research was
ultimately included in the publishing product.
In order to qualify for the statute's protections, the materials must
be possessed in connection with a purpose of disseminating some form
of public communication. The term "form of public communication" is
designed to have a broad meaning. The fact that a local newspaper,
for example, has a small circulation does not preclude application of
the statute to searches of the files on the newspaper.
*** What Is Work Product?
In section 107(b), Work Product is defined as to encompass the
materials whose very creation arises out of a purpose to convey
information to the public. They may be created by the person in
possession of the materials, or by another person in anticipation of
public communication.
An example of what this means would show that financial records of a
business which are held by a member of the press are not work product
inasmuch as they are not created in connection with plans to "to
communicate to the public." But, a report prepared by a member of the
press based on those financial records would constitute work product,
as would such a report prepared by a whistle-blower who intended that
the contents of the report be made public.
*** How Can A Law Enforcement Agent Determine What Is Work Product?
In the interests of allowing for some objective measure for judgment
by the Office, the Committee (Congress) has provided that the
work-product must be possessed by someone "reasonably believed" to
have a purpose to communicate to the public.
*** Exceptions That Allow Law Enforcement Officers To Use A Search
Warrant To Seize Work Product Instead Of A Subpoena
There are two exceptions, but neither exception applies in this
situation.
(1). The Suspect Exception allows a search warrant to be used on a
person who is not an innocent third party, but rather an actual
suspect. Neidorf was indeed a suspect of a criminal investigation,
but there is an exception to this exception.
The suspect exception may not be invoked if the only offense of which
the possessor is suspected is the receipt, possession, communication,
or withholding of the materials or the information contained therein.
The purpose of this provision is to prevent possible abuse by law
enforcement authorities. For example, without this provision, if a
reporter had knowingly received a stolen corporate report, the suspect
exception could be invoked because the reporter might be said to be
guilty of a crime of receipt of stolen property. To permit a search
under such circumstances might unduly broaden the suspect exception.
In other words, law enforcement agents could simply charge the
journalist with possession or receipt of stolen goods, general very
broad offenses, and proceed to seize the desired materials because he
was a suspect in that basically contrived crime. The Department of
Justice has felt that this is not good law enforcement policy.
Please Note: The above description very closely resembles the
scenario that occurred in the Neidorf case if you insert "911
document" in place of "stolen corporate report."
The suspect exception is retained in cases where the receipt,
possession, or communications of materials constitutes an offense
under the existing language of espionage laws or related statutes
concerning restricted data.
Because the suspect exception may not be invoked if the only offense
of which the possessor is suspected is the receipt, possession,
communication, or withholding of the materials or the information
contained therein, this exception is not applicable.
(2) The second exception allows a lawful search warrant if there is
reason to believe that the immediate seizure of the materials are
necessary to prevent death of serious bodily injury. This is clearly
not applicable to this case.
*** What Are Documentary Materials?
Section 107(a) defines documentary materials as to encompass the
variety of materials upon which information is recorded. Included
within the definition are not only written and printed materials such
as reports, records, and interviews, but also films, photographs, tape
recordings, and videotapes.
Not included in this definition are contraband or the direct fruits of
a crime, or the things or property designed or intended for use in the
offense, or have been used as a means of committing the offense.
Examples listed include; money, guns, weapons, and narcotics.
*** Exceptions That Allow Law Enforcement Officers To Use A Search
Warrant To Seize Work Product Instead Of A Subpoena
There are four exceptions. The first two are the same as those seen
above in reference to seizure of work product. Since they have
already been addressed, I will now focus on the two remaining
exceptions.
(3) An otherwise lawful search <is permitted> for non-work product
documentary materials if there is reason to believe that the notice
provided by a subpoena duces tecum would result in the destruction,
alteration, or concealment of the materials.
Agent Tim Foley's own testimony at the July 1990 criminal trial of
Craig Neidorf describes the interview and the actions taken by Neidorf
prior to obtaining the warrant. This same testimony will clearly show
that there would be no reason to believe that any evidence would have
been tampered with or destroyed. Indeed, Neidorf cooperated fully
from the beginning of the investigation, turning over several
documents and providing information to the agents prior to the search.
This exception is therefore not applicable.
(4) If after a proceeding resulting in a court order directing
compliance with a subpoena duces tecum, the possessor of the materials
still refuses to produce the materials sought, a search warrant may be
obtained. This exception is clearly not applicable because a subpoena
was never sought in the first place.
__________
I believe that a careful inspection of the affidavit used to obtain
the search warrant, the items specified for seizure in the actual
warrant, and the testimony of Agent Tim Foley of the U.S. Secret
Service in the criminal trial "United States v. Craig Neidorf" will
clearly demonstrate that the Secret Service, the U.S. Attorney's
Office, and potentially others (i.e. University of Missouri Police
Department and Southwestern Bell) are guilty of violating the Privacy
Protection Act of 1980 as described above.
__________
*** What Are The Remedies?
Section 106(a) provides a civil cause of action for damages for
violations of the Act. Such an action may be brought by any person
aggrieved by a violation of the statute.
When a government until is liable under this Act for a violation of
this statute committed by one of its officers of employees, it may not
assert as a defense to the action brought against it the immunity of
the officer committing the offense or the good faith belief of the
officer in the lawfulness of his conduct. The traditional doctrine of
judicial immunity is preserved and available to the government entity.
In the past, the good faith defense has often precluded the recovery
for unlawful searches and seizures. Prohibiting the use of this
defense when the government unit is the defendant in a suit brought
under this statute is not only a fair means of assuring compensation
for damages resulting from unlawful governmental searches, it will
also enhance the deterrent effect of the statute.
The good faith defense can be applied only in situations where the
offender had reason to believe that the immediate seizure of materials
was necessary to prevent the death of, or serious bodily injury to, a
human being. This is not applicable.
*** What Types Of Damages Could Be Collected In A Lawsuit?
Section 106(e) describes that a plaintiff bringing an action under
this section on the statute may recover actual damages resulting from
a violation of the provision of the Act, but that in any event he is
entitled to recover liquidated damages of not less than $1,000. The
provision for a minimum amount of liquidated damages is essential
because it often will be difficult for a plaintiff to show more than
nominal or actual damages.
Punitive damages may also be awarded if warranted, as well as
attorney's fees and litigation costs. It is appropriate that the
governmental unit be liable for punitive damages.
OTHER REMARKS TO THE READER:
In this type of case, the main goal is probably punitive damages. A
message needs to be sent that violations of privacy and the law must
be prevented and no one is above the law (least of all those charged
with the duty of enforcing it).
My reseach indicates that although there are probably many cases,
there are only two cases on the books where the Privacy Protection Act
of 1980 has been used in a civil lawsuit. Neither case is on point.
The current litigation by the Electronic Frontier Foundation in the
Steve Jackson Games case also addresses the Act, but its facts are
different in that the SJG case refers to hardcopy publishing using
computers whereas a Neidorf case would have addressed electronic
publications specifically.
The Neidorf case is supported by strong evidence and the legislative
history of the Act shows this case to be exactly the type of which the
Act was designed to combat. A message needs to be sent that the law
is meant to be obeyed, not just law about computers, but law in
general.
Clearly, establishing rights for an electronic publication is another
step closer to a guaranteed right of free electronic speech. In this
day and age, WE DARE NOT GIVE UP THAT RIGHT!
------------------------------
Date:
From: mcmullen@well.sf.ca.us
Subject: File 3--Federal Seizure of "Hacker" Equipment" (Newsbytes Reprint)
FEDERAL SEIZURE OF "HACKER" EQUIPMENT 12/16/91
NEW YORK, NEW YORK, U.S.A., 1991 DEC 16 (NB) -- Newsbytes has learned
that a joint Unites States Secret Service / Federal Bureau of
Investigation (FBI) team has executed search warrants at the homes of
so-called "hackers" at various locations across the country and seized
computer equipment.
It is Newsbytes information that warrants were executed on Friday,
February 6th in various places including New York City, Pennsylvania
and the state of Washington. According to informed sources, the
warrants were executed pursuant to investigations of violations of
Title 18 of the federal statutes, sections 1029 & 1030 (Computer Fraud
and Abuse Act, 1343 (Wire Fraud) and 2511 (Wiretapping).
Law enforcement officials contacted by Newsbytes, while acknowledging
the warrant execution, refused to comment on what was called "an
on-going investigation." One source told Newsbytes that the affidavits
underlying the search warrants have been sealed due to the on-going
nature of the investigation."
He added "There was obviously enough in the affidavits to convince
judges that there was probable cause that evidence of a crime would be
found if the search warrants were issued."
The source also said that he would expect a statement to be issued by
the Secret Service/FBI team "somewhere after the first of the year."
(Barbara E. McMullen & John F. McMullen/19911216)
------------------------------
Date: Wed, 18 Dec 91 11:47:09 CST
From: knute!canary!chris@UUNET.UU.NET(Chris Johnson)
Subject: File 4--Re: FBI vs. Kiddie Porn (CuD 3.44)
Brief comments on: "FBI Investigates Computerized Child Pornography"
In the referenced article, the following statement was made:
"The FBI said computer bulletin boards are often used by child
porno-graphers, but for communication purposes only, not for the
actual transmission of the illegal material."
My feeling is that child pornography is probably one of the biggest
straw men in this day and age. It's bigger than communists in the
closet, so to speak. Why do I say this? We all probably read enough
media to see references to child pornography at least several times a
month. There's certainly a lot of hysteria and what sounds like a lot
of law enforcement activity in the area.
Yet I've never seen any, nor do I know anyone who has seen any. Not
that I'm a collector of pornography by any means. I guess I sort of
always believed that it must be a Real Big Problem or I wouldn't be
hearing about it so much. Then I report an investigative article.
The writers actually looked into the reality. Guess what? They
couldn't find any either. In fact, the only so-called purveyors they
could find were law enforcement sting operations!
The upshot was this: more child pornography is advertised and
distributed by law enforcement people trying to catch other
pornographers and child molesters than by anyone else, by several
orders of magnitude it appears.
A lot of this seems to be a left over from the Meese commission and it
seems the real idea is to censor through intimidation and out-right
harassment of anything outside Meese's and others puritanical,
up-tight, right wing beliefs. The spectre of "child pornographers" by
the thousands is a plenty good smoke screen to hide censorship
activities, and* garner lots of public support form concerned parents
at the same time. And even your politicians can jump on the platform
of "doing something good for the American family" by supporting it.
On the whole, I can't prove there isn't child pornographers using
BBS's, but I rather doubt it's a pressing problem. I'd rather the FBI
find a real problem to pursue, like, bribery among government
officials.
------------------------------
Date: Thu, 19 Dec 91 16:28:58 pst
From: well!tomwhite@APPLE.COM(Tom White)
Subject: File 5--Re: Whole Earth Review Questions Technology
For Immediate Release: December 16,1991
CONTACT: Tom White (415) 332-1716: E-mail:tomwhite@well.sf.ca.us
WHOLE EARTH REVIEW to Readers:
Question Technology (while we still have the chance)
Sausalito, CA -- The Winter 1991 issue of WHOLE EARTH REVIEW, the
"Access to Tools" quarterly supplement to the WHOLE EARTH CATALOG,
questions the political, economic, social and physical effects
technology has on our lives. WHOLE EARTH REVIEW also questions its
fundamental assumption that providing
access to tools is a good and noble enterprise.
Is technological innovation invariably beneficial? Do we control
new technologies or do they control us? Will books and libraries
become obsolete? These are some of the questions that authors in this
special issue attempt to answer. Editor-in-Chief Howard Rheingold
writes in the introduction: "Perhaps our readers will be inspired to
create new tools for thinking about tools."
Among the authors showcased are Jerry Mander, whose book "In
the Absence of the Sacred" is excerpted at length in the lead article;
Howard Levine, former director of the National Science Foundation's
Public Understanding of Science Program; Langdon Winner, a political
theorist and author; Patricia Glass Schuman, president of the American
Library Association and of Neal-Schuman Publishers; Linda Garcia, a
project director and senior analyst at the Office of Technology
Assessment; Gary T. Marx; Ivan Illich; Amory and Hunter Lovins of the
Rocky Mountain Institute.
For the past two decades WHOLE EARTH REVIEW has provided its
readers "access to tools" -- practical information about technologies
ranging from manual post-hole diggers to virtual-computer systems.
Subscription price is $27 for four issues, add $6 foreign. No advertising
accepted. On newsstands and bookstore magazine shelves now.
Copyright 1991, POINT. Permission granted to redistribute freely.
Whole Earth Review, PO Box 38, Sausalito, CA 94966
------------------------------
Date: Tue, 7 Jan 92 23:44:19 -0800
From: Jon Pugh <jpugh@APPLE.COM>
Subject: File 6--Law Enforcement, the Government & You
I would like to point out one thing in defense of the "zealous" people
involved in law enforcement efforts that have been discussed recently.
These are people who have accepted the job of tracking down criminals,
and that's what they do. Just as we live computers, or whatever, they
live law enforcement. It is important for them to remember that not
everyone is guilty, just as it is important for us to remember that
they are simply _looking_ for criminals, so they tend to focus on that
goal. If you were assigned to track down computer criminals and you
didn't know a bit from a scuzzy disk controller, where would you start
looking? On bulletin boards and at computer club meetings, of course.
The citizenry needs to remind the authorities that not everyone is a
criminal and that we _are_ in America (where the Constitution can be
construed by some to say that it is better to let a guilty man go than
to punish an innocent one).
On a different subject, I firmly believe in accountability of the
government. If these allegations connecting the October Surprise to
the Inslaw software case are even remotely true then the truth
definitely MUST be known, regardless of whether we have to wake Ron up
or take the President down. Arguments of the type "We must protect
the image of the Presidency" are bogus. The President is a man, like
us. Prone to the same failings as us, only more so because of his
power. We have already seen how the pressure and power affected
Richard Nixon. Personally, I do not believe that the president was to
blame in Ron's case, unless it was simply through negligence. There
are many career officials assisting the president and others, and it
may be time for a purge. These people seem to have formed their own
underground organization, which ostensibly seems to be intended to
protect and promote a Republican president. Oliver North was willing
to take the fall for the presidency, but has now recanted. What does
this say about the way these people treat each other?
There is really only one thing I can do though, and I encourage others
to do the same thing. Ask questions and talk about this. Make sure
that everyone you talk to knows about the Inslaw case and the the
October Surprise. Tell them that nothing is proved, but much is
implied. Tell them to ask questions and tell _their_ friends. All we
can do is pay attention and make sure that _they_ can't slip one past
us. Of course I would be very willing to help anyone who _can_ do
something directly, but I don't really want to end up slashed to death
in a bathtub. That's what the allegations are in the Inslaw case, and
if only for that reason we must all obey the song which still rings
true:
Stop, hey, what's that sound? Everybody look what's going down.
------------------------------
------------------------------
End of Computer Underground Digest #4.01
************************************
Computer underground Digest Wed, Jan 15, 1992 Volume 4 : Issue 02
Moderators: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
CONTENTS, #4.02 ( Jan 15, 1992)
File 1--Re: Whole Earth Review Questions Technology
File 2--Craig's submission in #4.01
File 3--Subscribing to PHRACK
File 4--Report: 8th Chaos Computer Congress
File 5--Net "do-it-yourself" political activity (NEWSBYTES Reprint)
File 6--Political Organizing at the Individual Level
File 7--*DRAFT* "Guaranteeing Constitutional Freedoms"
File 8--The Compuserve Case (Reprint from EFF Vol 2, #3)
File 9--Senate Introduces Two FOIA Bills, S. 1929 & S. 1940
Issues of CuD can be found in the Usenet alt.society.cu-digest news
group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG,
and DL0 and DL12 of TELECOM, on Genie, on the PC-EXEC BBS at (414)
789-4210, and by anonymous ftp from ftp.cs.widener.edu (147.31.254.132),
chsun1.spc.uchicago.edu, and ftp.ee.mu.oz.au. To use the U. of
Chicago email server, send mail with the subject "help" (without the
quotes) to archive-server@chsun1.spc.uchicago.edu.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to the
Computer Underground. Articles are preferred to short responses.
Please avoid quoting previous posts unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Thu, 09 Jan 92 15:54:48 -0600
From: Neil W Rickert <rickert@CS.NIU.EDU>
Subject: File 1--Re: Whole Earth Review Questions Technology
In Cu Digest, #4.01 Tom White writes:
> Is technological innovation invariably beneficial? Do we control
>new technologies or do they control us?
This reminds me of the comments I occasionally have been heard to
make, with tongue only very slightly in cheek:
In the old days, before Xerox became a household word, everyone
participating in an important meeting would be given a copy of the
documentation. Attached was a check sheet. He/she would read the
documentation, cross his/her name off the check sheet, and pass the
documents onto the next person listed.
Today, everybody has an individual copy. There is not so much of a
rush to read it. Thus everyone can put off reading it until the last
minute or a little later, come to the meeting, and an important issue
is voted on without one participant having read it, or having the
courage to admit to not having read it.
+++++++++++
In the old days it was very costly to revise a draft, since the whole
thing had to be redone from the start, with the possibility of new
errors being introduced. As a result many letters and memos were
sent out with minor errors, because it was just not worth the trouble
of correcting them.
Today, with word processing, editing a memo or letter is much
simpler. As a result, drafts are revised ad infinitum. The total
number of man (and woman) hours spend on the document may be three or
more times as much as before. And the result - a few less minor
typos, but no improvement in the essential meaningfulness and
readability of the document.
+++++++++++
To top it off, there are probably thousands of MIPS (million
instructions per second) of computing power dedicated to the sole
purpose of printing address labels on junk mail, much of which will
finish up in land fills without having been read.
------------------------------
Date: Sat, 11 Jan 92 0:23:33 EST
From: tadvocate@anonymous.com
Subject: File 2--Craig's submission in #4.01
Reply to: File 2--How The Government Broke The Law And Went Unpunished
> JUSTICE DENIED
>
> How The Government Broke The Law And Went Unpunished
>
> by Craig Neidorf
> kl@stormking.com
>
>
> TO THE READER:
>
> During the summer of 1990, I wrote the following review of how the
> Privacy Protection Act of 1980 could have been applied to the above
> described incident. After several months of trying to find a way to
> file a claim, I have finally come to realize that the goal I seek is
> unreachable because I do not possess the financial resources to hire
> legal counsel and no law firm or organization capable of handling the
> case will agree to take it on a contingency basis. Furthermore, as I
> Protection Act of 1980 as described above.
>
> ********** Stuff Deleted***********
>
> *** What Are The Remedies?
>
> Section 106(a) provides a civil cause of action for damages for
> violations of the Act. Such an action may be brought by any person
> aggrieved by a violation of the statute.
>
> WE DARE NOT GIVE UP THAT RIGHT!
Craig, stop complaining. You are going to law school. File a pro se
action against the government. File it and ask some of your
professors to help you out. You'll learn more practical law then a
thousand class hours.
If we dare not give up our rights, then we dare not stop.
The Advocate.
[ This information published so that all members of the community can
know that they do not need to depend on lawyers to protect our rights.
The day an american may not protect his rights without a lawyer, is
the day his rights have died.]
PS For those interested. The supreme court is deciding a case where
a man was convicted of receiving child pornography only after being
targeted for 2 years in a blizzard of letters by undercover operators
into buying it by mail. The supreme court will try to determine what
limits the government may not violate in enticing people into breaking
the law.
------------------------------
Date: Tue, 14 Jan 92 17:44:09 EST
From: Storm King ListServ Account <server@STORMKING.COM>
Subject: File 3--Subscribing to PHRACK
We here at phrack have been getting mail bouncing all over the place
due to people writing PHRACK@STOMKING.COM the correct contact for
phrack is at PHRACKSUB@STORMKING.COM. Please correct this!
These days people must do the following to get on the phrack mailing
list.
The distribution of Phrack is now being performed by the software
called Listserv. All individuals on the Phrack Mailing List prior to
your receipt of this letter have been deleted from the list.
If you would like to re-subscribe to Phrack Inc. please follow these
instructions:
1. Send a piece of electronic mail to "LISTSERV@STORMKING.COM". The mail
must be sent from the account where you wish Phrack to be delivered.
2. Leave the "Subject:" field of that letter empty.
3. The first line of your mail message should read:
SUBSCRIBE PHRACK <your name here>
4. DO NOT leave your address in the name field!
(This field is for PHRACK STAFF use only, so please use a full name)
Once you receive the confirmation message, you will then be added to
the Phrack Mailing List. If you do not receive this message within 48
hours, send another message. If you STILL do not receive a message,
please contact
"SERVER@STORMKING.COM".
You will receive future mailings from "PHRACK@STORMKING.COM".
If there are any problems with this procedure, please contact
"SERVER@STORMKING.COM" with a detailed message.
Sincerly,
The Phrack Staff
------------------------------
Date: Tue, 14 Jan 92 12:15 MST
From: Moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 4--Report: 8th Chaos Computer Congress
((For those who do not receive either RISKS-L or TELECOM Digest,
we reprint the following form TELECOM Digest, Vol 13 #35 (14 Jan '92)).
***********************************************
Date: Tue, 14 Jan 1992 06:33:50 PST
From: Eric_Florack.Wbst311@xerox.com
Subject: Report: 8th Chaos Computer Congress
The following message was copied from RISKS-L. Of particular interest
to TELECOM reader will be where the writer speaks of HACKTIC. That
such gatherings are becoming more sparsely populated is a positive
step. But is it, perhaps, time for people such as the UN , or perhaps
the ITU, to invoke sanctions against countries that allow such groups
to thrive? ( Comments are my own ... I don't expect anyone else to
have the guts to agree with me.) (Grin)
-=-=-=--=-=-=
Date: 9 Jan 92 16:37 +0100
From: Klaus Brunnstein <brunnstein@rz.informatik.uni-hamburg.dbp.de>
Subject: Chaos Congress 91 Report
Report: 8th Chaos Computer Congress
On occasion of the 10th anniversary of its foundation, Chaos Computer
Club (CCC) organised its 8th Congress in Hamburg (Dec.27-29, 1991). To
more than 400 participants (largest participation ever, with growing
number of students rather than teen-age scholars), a rich diversity of
PC and network related themes was offered, with significantly less
sessions than before devoted to critical themes, such as phreaking,
hacking or malware construction. Changes in the European hacker scene
became evident as only few people from Netherlands (see: Hacktick) and
Italy had come to this former hackers' Mecca. Consequently, Congress
news are only documented in German. As CCC's founding members develop
in age and experience, reflection of CCC's role and growing diversity
(and sometimes visible alienity between leading members) of opinions
indicates that teen-age CCC may produce less spectacular events than
ever before.
This year's dominating theme covered presentations of communication
techniques for PCs, Ataris, Amigas and Unix, the development of a
local net (mousenet.txt: 6.9 kByte) as well as description of regional
(e.g. CCC's ZERBERUS; zerberus.txt: 3.9 kByte) and international
networks (internet.txt: 5.4 kBytes), including a survey (netzwerk.txt:
53.9 kByte). In comparison, CCC'90 documents are more detailed on
architectures while sessions and demonstrations in CCC'91 (in "Hacker
Center" and other rooms) were more concerned with practical navigation
in such nets.
Phreaking was covered by the Dutch group HACKTIC which updated its
CCC'90 presentation of how to "minimize expenditures for telephone
conversations" by using "blue" boxes (simulating specific sounds used
in phone systems to transmit switching commands) and "red" boxes
(using telecom-internal commands for testing purposes), and describing
available software and recent events. Detailed information on
phreaking methods in specific countries and bugs in some telecom
systems were discussed (phreaking.txt: 7.3 kByte). More information
(in Dutch) was available, including charts of electronic circuits, in
several volumes of Dutch "HACKTIC: Tidschrift voor Techno-Anarchisten"
(=news for techno-anarchists).
Remark #1: recent events (e.g. "Gulf hacks") and material presen-
ted on Chaos Congress '91 indicate that Netherland emerges as a new
European center of malicious attacks on systems and networks. Among
other potentially harmful information, HACKTIC #14/15 publishes code
of computer viruses (a BAT-virus which does not work properly;
"world's shortest virus" of 110 bytes, a primitive non-resident virus
significantly longer than the shortest resident Bulgarian virus: 94
Bytes). While many errors in the analysis show that the authors lack
deeper insight into malware technologies (which may change), their
criminal energy in publishing such code evidently is related to the
fact that Netherland has no adequate computer crime legislation. In
contrast, the advent of German computer crime legislation (1989) may
be one reason for CCC's less devotion to potentially harmful themes.
Remark #2: While few Netherland universities devote research and
teaching to in/security, Delft university at least offers introductory
courses into data protection (an issue of large public interest in NL)
and security. Professors Herschberg and Aalders also analyse the
"robustness" of networks and systems, in the sense that students may
try to access connected systems if the addressed organisations agree.
According to Prof. Aalders (in a recent telephone conversation), they
never encourage students to attack systems but they also do not punish
students who report on such attacks which they undertook on their own.
(Herschberg and Alpers deliberately have no email connection.)
Different from recent years, a seminar on Computer viruses (presented
by Morton Swimmer of Virus Test Center, Univ. Hamburg) as deliberately
devoted to disseminate non-destructive information (avoiding any
presentation of virus programming). A survey of legal aspects of
inadequate software quality (including viruses and program errors) was
presented by lawyer Freiherr von Gravenreuth (fehlvir.txt: 5.6 kByte).
Some public attention was drawn to the fact that the "city-call"
telephone system radio-transmits information essentially as ASCII. A
demonstration proved that such transmitted texts may easily be
intercepted, analysed and even manipulated on a PC. CCC publicly
warned that "profiles" of such texts (and those addressed) may easily
be collected, and asked Telecom to inform users about this insecurity
(radioarm.txt: 1.6 kByte); German Telecom did not follow this advice.
Besides discussions of emerging voice mailboxes (voicebox.txt: 2.8
kBytes), an interesting session presented a C64-based chipcard
analysis systems (chipcard.txt: 3.3 kBytes). Two students have built
a simple mechanism to analyse (from systematic IO analysis) the
protocol of a German telephone card communicating with the public
telephone box; they described, in some detail (including an
elctronmicroscopic photo) the architecture and the system behaviour,
including 100 bytes of communication data stored (for each call, for
80 days!) in a central German Telecom computer. Asked for legal
implications of their work, they argued that they just wanted to
understand this technology, and they were not aware of any legal
constraint. They have not analysed possibilities to reload the
telephone account (which is generally possible, due to the
architecture), and they didnot analyse architectures or procedures of
other chipcards (bank cards etc).
Following CCC's (10-year old charta), essential discussions were
devoted to social themes. The "Feminine computer handling" workshop
deliberately excluded men (about 25 women participating), to avoid
last year's experience of male dominancy in related discussions
(femin.txt: 4.2 kBytes). A session (mainly attended by informatics
students) was devoted to "Informatics and Ethics" (ethik.txt: 3.7
kByte), introducing the international state-of-discussion, and
discussing the value of professional standards in the German case.
A discussion about "techno-terrorism" became somewhat symptomatic for
CCC's actual state. While external participants (von Gravenreuth,
Brunnstein) were invited to this theme, CCC-internal controversies
presented the panel discussion under the technical title "definition
questions". While one fraction (Wernery, Wieckmann/terror.txt: 7.2
kByte) wanted to discuss possibilities, examples and dangers of
techno-terrorism openly, others (CCC "ol'man" Wau Holland) wanted to
generally define "terrorism" somehow academically, and some undertook
to describe "government repression" as some sort of terrorism. In the
controversial debate (wau_ter.txt: 9.7 kByte), few examples of
technoterrorism (WANK worm, development of virus techniques for
economic competition and warfare) were given.
More texts are available on: new German games in Multi-User
Domain/Cyberspace (mud.txt: 3.8 kByte), and Wernery's "Btx
documentation" (btx.txt: 6.2 kByte); not all topics have been
reported. All German texts are available from the author (in
self-extracting file: ccc91.exe, about 90 kByte), or from CCC (e-mail:
SYSOP@CHAOS-HH.ZER, fax: +49-40-4917689).
------------------------------
Date: Wed, 15 Jan 1992 11:45:54 GMT
From: John F. McMullen (mcmullen@well.sf.ca.us)
Subject: File 5--Net "do-it-yourself" political activity (NEWSBYTES Reprint)
Warren Announces Do-It-Yourself "NET" Political Activity 1/13/92
WOODSIDE, CALIFORNIA, U.S.A., 1992 JAN 13 (NB) -- Jim Warren, founder
of InfoWorld and the West Coast Computer Faire, has announced a plan
under which US taxpayers may let their legislators know their desire
for expenditure of tax revenues.
In a statement posted of the Whole Earth 'Lectronic Link (WELL),
Warren outlined a proposal under which taxpayers would fill out a form
that specifies the desires of the taxpayer for the uses of her/his tax
payment. The form will then be sent to the taxpayer's elected
representatives. Warren said "As we approach tax-day, it emphasizes
that we again worked more than a third of last year for the
government and politicians. This year, let's tell them how WE want
them to use the hard-earned money they take from us. When we send in
our taxes, let's also send copies of this to our current and
potential elected representatives, especially to this year's political
candidates. (Let's not blame the IRS; they're just doing what our
elected representatives tell them to do.) Please feel free to copy
this to friends, neighbors, customers, business associates and
company and community bulletin boards."
The form, designed by Warren, provides spaces for the taxpayer to fill
in dollar and percentage figures for the expenditure of the funds.
Warren also committed, if taxpayers send copies of the forms to him,
to publish summary reports reflecting the desires of the aggregate of
the reporting taxpayers. Warren's form follows:
To: ______________________________
______________________________
______________________________
______________________________
TAX ALLOCATION INSTRUCTIONS FROM A VOTER
Here are the taxes that I know you are taking from my work last
year, and here is how I want you to use them. (For other projects
that you or your campaign donors desire, please depend on the
hidden taxes that I cannot easily identify.)
This is a very serious matter to me, even though this note is a
form. Please respond and tell me how much of our earnings you, as
our elected representative, want to take in taxes, and how much you
want to spend in each budget-area. Please send me _____ copies of
your response for my friends, neighbors and business associates.
(And, a lack of response will be noted as a response.)
How to use MY taxes: Federal allocations: Fiscal-1992 Federal Budget
1. % $ 18.0% $ 290,820M National Defense
2. % $ 2.2% 35,679M International Affairs
3. % $ 1.2% 18,934M Science, Space and Technology
4. % $ 0.3% 4,129M Energy
5. % $ 1.2% 19,708M Natural Resources and Environment
6. % $ 1.2% 20,219M Agriculture
7. % $ 6.5% 105,780M Commerce and Housing Credit
8. % $ 2.1% 34,312M Transportation
9. % $ 0.4% 5,768M Community & Regional Development
10. % $ 2.9% 46,934M Education,Employment, Soc.Services
11. % $ 5.0% 81,300M Health
12. % $ 7.0% 113,811M Medicare
13. % $ 13.8% 222,691M Income Security
14. % $ 21.7% 351,109M Social Security
15. % $ 2.1% 33,380M Veterans' Benefits and Services
16. % $ 0.9% 14,842M Administration of Justice
17. % $ 0.8% 12,688M General Government
18. 12.7% $ 12.7% 206,343M Net Interest
19. % $ <not an expense> deficit reduction
20. % $ 0.0% 0 tax reduction/refund/rebate to me
------ --------- ------ -----------
100.0% $ 100.0% $1,618,447M my taxes & your FY-1992 budget
Thanking you for your attention to this constituent request, I
remain,
From:______________________________
______________________________
______________________________
______________________________
Warren told Newsbytes that, following his posting, MicroTimes editor
Mary Eisenhart told him that he can include a copy of the form in an
up-coping column in that 200,000 circulation publication.
Warren also stated that any forms sent to him for summarization will
be held in the strictest confidence and not shown to others. He said
"I must hold them for the possibility that anyone doubts that the
basis for our published summary actually existed."
Warren also commented to Newsbytes on the potential of network
mobilization, saying "We have in the computer network the largest
circulation publication in the nation and it is free for the logon
cost. This is the beginning of the implementation of effective
electronic citizenship.
Warren said that at least 2 other electronic political projects are
planned for 1992.
(Barbara E. McMullen & John F. McMullen/Press Contact: Jim Warren,
415-851-2814 (fax); jwarren@autodesk.com (e-mail)/19920113)
------------------------------
Date: Tue, 14 Jan 92 18:45:21 EST
From: Jim Warren (jwarren@well.sf.ca.us)
Subject: File 6--Political Organizing at the Individual Level
Once every four years, with less opportunity each two years -- i.e.,
each election year -- citizen-groups have a brief-but-major
window-of-opportunity to obtain government by and for the People. We
rarely use it effectively.
Civil liberties in the electronic frontier simply cannot wait until
1996. By then, it may be too late to protect online rights, freedom
and privacy.
We need to act now.
We *can* act. And we *can* be effective:
1. Meet with candidates.
Do this in their offices, preferably, as a group of no more than 2-4
articulate, presentable spokespeople. It helps if you have formal
backing of a group, but it is certainly not necessary. What is
greatly persuasive to candidates is whether you are likely to sway a
group of voters.
2. Be informative.
Plan a careful, logical, brief oral presentation of our concerns.
Back it up with a 2-10 page summary of major points, positions and
requests. Supporting newspaper articles are particularly helpful.
3. Seek explicit committments.
*Every* successful politician has mastered the art of *sounding*
sincerely interested and supportive without making committments. Make
specific requests for specific action within a specific time-frame.
Request it in the form of an official policy- or position-statement
issued by the candidate, "so you can then publicize their position
throughout your group." (Verbal assurances in private meetings are
unreliable.) If they seem disinclined, politely indicate that you
will, regretfully, have to report that non-action or lack of explicit
commitment must be viewed as non-support, potentially even opposition,
on these time-sensitive issues. Don't expect somethin' for nothin'.
If they seem inclined to commit --at a minimum, they will sound
sincerely concerned -- they will want to know what support you will
offer. Expect them to ask for it and/or for your
formal endorsement. Perhaps the best response to this is to say you
will vigorously circulate details of their committments throughout
your group.
4. Indicate the group to whom you will report.
Long ago, when I last checked, the WELL had about 4,500 users. BMUG
has ?? Brian Reid's latest estimates are that USENET had about
1,913,000 users on about 40,000 hosts. There are probably around 15
million users on non-BBS computer networks in the U.S., public and
private. The Internet has about 5,000 networks with around a million
hosts and anywhere from 5 to 10 million users. The Fidonet BBS-net
probably has around 2 million users (I've asked
And, there's your own internal net at work or school. Can you post
personal notes on it? Are you a BBS sysop or host administrator with
authority to post a logon notice seen by everyone? Seems like every user
ought to know who is willing to protect their online freedom and privacy.
I phrased this in the second person -- "you" do it -- but, jus' for the
record: I'm personally pursuing this with various federal and state
candidates on the San Francisco Peninsula. I walk it like I talk it. :-)
------------------------------
Date: Tue, 14 Jan 92 18:45:21 EST
From: Jim Warren (jwarren@well.sf.ca.us)
Subject: File 7--*DRAFT* "Guaranteeing Constitutional Freedoms"
*This is a **draft***. (I am working on additional phrasing
regarding computerized access to computerized legislation-in-progress,
so we may be citizens effectly informed of the legislative process. I
also have some thoughts about enhancing citizen's access to their
personal information that is collected and shared by government
agencies.
If you wish a copy of the final version for your own modification,
use and/or personal or group political action, please e-mail your
request to:
jwarren@well.sf.ca.us --or-- jwarren@autodesk.com .
*************************
GUARANTEEING CONSTITUTIONAL FREEDOMS INTO THE 21st CENTURY
Harvard Law Professor Laurence H. Tribe, one of the nation's leading
Constitutional scholars, views technological threats to our
constitutional freedoms and rights as so serious that, for the first
time in his career, he has proposed a Constitutional Amendment:
"This Constitution's protections for the freedoms of speech, press,
petition and assembly, and its protections against unreasonable
searches and seizures and the deprivation of life, liberty or property
without due process of law, should be construed as fully applicable
without regard to generated, stored, altered, transmitted or
controlled."
Until and unless the unlikely event that such an Amendment is
adopted, legislation and regulation are the only alternatives to
assure modern protection of citizens against modern technological
threats against their constitutional rights and freedoms.
PERSONAL COMMITMENT TO ACTION
PREFACE: It has been over two centuries since our Constitution and
Bill of Rights were adopted. The great technological change in the
interum --especially in computing, telecommunications and electronics
-- now poses a clear and present danger to the rights and protections
guaranteed in those great documents. Therefore:
will author or coauthor legislation reflecting the following
specifics, and I will actively support and testify in favor of any
similar legislation as may be introduced by others. Further, I will
actively seek to have included in such legislation, explicit personal
civil and/or criminal penalties against any agent, employee or
official of the government who violates any of these statutes. And
finally, I will keep all citizens who express interest in legislative
progress on these matters fully and timely informed.
The protections guaranteed in the Constitution and its Amendments
shall be fully applicable regardless of the current technology of the
time. In particular:
SPEECH: Freedom of speech shall be equally protected, whether by
voice or written as in the 18th Century, or by electronic transmission
or computer communication as in the 20th Century and thereafter.
PRESS: Freedom of the press shall be equally protected, whether by
print as in the 18th Century, or by computer distribution of
information, as in the 20th Century and thereafter.
ASSEMBLY: Freedom of assembly shall be equally protected, whether
by face-to-face meeting as in the 18th Century, or by computer-based
conference as in the 20th Century and thereafter. The right to hold
confidential meetings shall be equally protected, whether they be by
personal meeting in private chambers, or by computer-based private
conferences.
SELF-PROTECTION: The right of the people to keep and use computers
and communications equipment and connections shall not be abridged by
the government.
SEARCH & SEIZURE: The right of the people to be secure in their
papers and effects, against unreasonable searches and seizures, shall
be fully applicable to their electronic mail, computerized information
and personal computer systems.
WARRANTS: No warrants for search or seizure shall issue for
computerized information, but upon probable cause, supported by oath
or affirmation, and particularly describing the computer system to be
searched and the specific information to be seized.
SECURE INFORMATION VAULTS: Just as search and seizure of letters in
a post-office, and papers in a bank-vault lock-box, and surveillance
of a telephone conversations by wire-tap each require a separate
warrant for each postal address, lock-box and telephone line, so also
shall a separate warrant be required for electronic mail or other
computer files of each suspect, when stored in a computer facility
shared by others, and such files stored in a shared facility by or for
a citizen who is neither named in a warrant nor associated with a
suspect so-named, may not be used against that citizen, if seized or
discovered during legal search of or for files of a suspect.
SELF-INCRIMINATION: No person shall be compelled in any civil or
criminal case to be a witness against himself or herself, nor be
compelled to translate or decode computerized information that may be
so incriminating.
PRIVATE PROPERTY: Private property shall not be taken for public use
without just compensation, nor shall it be used nor sold by the
government for less than fair market value, in which case all such
proceeds shall promptly derive singularly to its owner prior to
government seizure.
SPEEDY RELEASE: Anyone not accused of a crime shall enjoy the right
to a speedy release and return of all of their property in undamaged
form, as may be seized under any warrant, particularly including their
computerized information.
_________________________ title/office/office sought
_________________________ address
_________________________
_________________________
_________________________ campaign-office voice-phone number
_________________________ campaign-office electronic-mail address
------------------------------
Date: Tue, 14 Jan 92 17:44:09 EST
From: Eff@org
Subject: File 8--The Compuserve Case (Reprint from EFF Vol 2, #3)
THE COMPUSERVE CASE:
A STEP FORWARD IN FIRST AMENDMENT PROTECTION FOR ONLINE SERVICES.
By Mike Godwin (mnemonic@eff.org)
By now you may have heard about the summary-judgment decision in
Cubby, Inc. v. CompuServe, a libel case. What you may not know is why
the decision is such an important one. By holding that CompuServe
should not be liable for defamation posted by a third-party user, the
court in this case correctly analyzed the First Amendment needs of
most online services. And because it's the first decision to deal
directly with these issues, this case may turn out to be a model for
future decisions in other courts.
The full name of the case, which was decided in the Southern District
of New York, is Cubby Inc. v. CompuServe. Basically, CompuServe
contracted with a third party for that user to conduct a
special-interest forum on CompuServe. The plaintiff claimed that
defamatory material about its business was posted a user in that
forum, and sued both the forum host and CompuServe. CompuServe moved
for, and received, summary judgment in its favor.
Judge Leisure held in his opinion that CompuServe is less like a
publisher than like a bookstore owner or book distributor. First
Amendment law allows publishers to be liable for defamation, but not
bookstore owners, because holding the latter liable would create a
burden on bookstore owners to review every book they carry for
defamatory material. This burden would "chill" the distribution of
books (not to mention causing some people to get out of the bookstore
business) and thus would come into serious conflict with the First
Amendment.
So, although we often talk about BBSs as having the rights of
publishers and publications, this case hits on an important
distinction. How are publishers different from bookstore owners?
Because we expect a publisher (or its agents) to review everything
prior to publication. But we *don't* expect bookstore owners to review
everything prior to sale. Similarly, in the CompuServe case, as in
any case involving an online service in which users freely post
messages for the public (this excludes Prodigy), we wouldn't expect
the online-communications service provider to read everything posted
*before* allowing it to appear.
It is worth noting that the Supreme Court case on which Judge Leisure
relies is Smith v. California--an obscenity case, not a defamation
case. Smith is the Supreme Court case in which the notion first
appears that it is generally unconstitutional to hold bookstore owners
liable for content. So, if Smith v. California applies in a
online-service or BBS defamation case, it certainly ought to apply in
an obscenity case as well.
Thus, Cubby, Inc. v. CompuServe sheds light not only on defamation law
as applied in this new medium but on obscenity law as well. This
decision should do much to clarify to concerned sysops what their
obligations and liabilities are under the law.
+++++++++++++++++++++++++++++++
Highlights of the CompuServe decision (selected by Danny Weitzner):
"CompuServe's CIS [CS Information Service] product is in essence an
electronic, for-profit library that carries a vast number of
publications and collects usage and membership fees from its subscribers
in return for access to the publications. CompuServe and companies like
it are at the forefront of the information industry revolution. High
technology has markedly increased the speed with which information is
gathered and processed; it is now possible for an individual with a
personal computer, modem, and telephone line to have instantaneous
access to thousands of news publications from across the United States
and around the world. While CompuServe may decline to carry a given
publication altogether, in reality, once it does decide to carry a given
publication, it will have little or no editorial control over that
publication's contents. This is especially so when CompuServe carries
the publication as part of a forum that is managed by a company
unrelated to CompuServe. "... CompuServe has no more editorial control
over ... [the publication in question] ... than does a public library,
book store, or newsstand, and it would be no more feasible for
CompuServe to examine every publication it carries for potentially
defamatory statements than it would for any other distributor to do so."
"...Given the relevant First Amendment considerations, the appropriate
standard of liability to be applied to CompuServe is whether it knew or
had reason to know of the allegedly defamatory Rumorville statements."
Cubby, Inc. v. CompuServe, Inc. (90 Civ. 6571, SDNY)
------------------------------
Date: Thu, 09 Jan 92 15:54:48 -0600
From: CuD Moderators (tk0jut2@mvs.cso.niu.edu)
Subject: File 9--Senate Introduces Two FOIA Bills, S. 1929 & S. 1940
The latest (Vol. 16, #4, Dec., 1991) issue of _First Principles_
reports on the status of two Freedom of Information Act (FOIA) bills
introduced in the Senate in late 1991. The proposed amendments would
make it easier for citizens to obtain information, but more
importantly, would expand the availability of information in electronic
form. The following is abstracted from the article, "Senate
Introduces New FOIA Bills" (pp 6, 9), by Gary M. Stern.
Senator Patrick Leahy (D-VT) introduced two bills to amend the
Freedom of Information Act: S. 1939, the "Freedom of Information
Improvement Act of 1991," and S. 1940, the "Electronic Freedom of
Information Improvement Act of 1991 (cosponsored by Hank Brown
(R-CO)). The latter bill, in particular, presents the best
opportunity in many years to enact significant FOIA reforms.
S. 1940 would require the government to respond to FOIA requests
in electronic form as well as on paper. Section 4 of the bill
states that "(a)n agency shall provide records in any form in
which such records are maintained by that agency as requested by
any person. (C)An agency shall make resonable efforts to provide
records in an electronic form requested by any person, even where
such records are not usually maintained in such form." Section 3
of the bill would make the Federal Register accessible electronically
and would require each government agency to publish an index of
all information retrievable in electronic form, to describe all
databases used by the agency, and to list all statutes that the
agency uses to withhold information under exemption (b)(3).
In addition, S. 1940 would:
1) Address the problem of delays in responding to FOIA requests
2) Require the agency to notify the requester of "the total number
of denied records and paes considered by the agency
to have been responsive to the request."
S. 1939 would:
1) Narrow the scope of exemptions
2) Broaden the fee waiver and fee reduction requirements
3) Narrow the exemption concerning law enforcement records
4) Narrow the exemption to protect financial information
The Senate Judiciary Subcommittee on Technology and the Law plans
to hold hearings on the bills in March, 1992. The ACLU/CNNS is
organizing a lobbying coalition in support of both of these
bills. FOr more information, please call Gary Stern at
202-675-2327.
_First Principles_ is published by the Center for National Security
Studies, 122 Maryland Avenue, NE, Washington, DC 20002.
Subscriptions are $15/year (and $10 for students). Sample copies
are available on request.
------------------------------
End of Computer Underground Digest #4.02
************************************
Computer underground Digest Fri, Jan 24, 1992 Volume 4 : Issue 03
Moderators: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
CONTENTS, #4.03 ( Jan 24, 1992)
Subject: File 1--INDEX TO CuD, VOLUME 3
Issues of CuD can be found in the Usenet alt.society.cu-digest news
group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG,
and DL0 and DL12 of TELECOM, on Genie, on the PC-EXEC BBS at (414)
789-4210, and by anonymous ftp from ftp.cs.widener.edu (147.31.254.132),
chsun1.spc.uchicago.edu, and ftp.ee.mu.oz.au. To use the U. of
Chicago email server, send mail with the subject "help" (without the
quotes) to archive-server@chsun1.spc.uchicago.edu.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to the
Computer Underground. Articles are preferred to short responses.
Please avoid quoting previous posts unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Thu, 23 Jan 92 18:32:10
From: Moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 1--INDEX TO CuD, VOLUME 3
Volume 3, Issue #3.00 (January 6, 1991)
CuD #3.00: File 1 of 6: Moderator's corner
CuD #3.00: File 2 of 6: From the Mailbag
CuD #3.00: File 3 of 6: Gender-Neutral Language
CuD #3.00: File 4 of 6: Sexism and the CU
CuD #3.00: File 5 of 6: Security on the Net
CuD #3.00: File 6 of 6: The CU in the News
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Volume 3, Issue #3.01 (January 12, 1991)
SPECIAL ISSUE: RESPONSES TO CU/SEXISM ARTICLES
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Volume 3, Issue #3.02 (January 16, 1991)
SPECIAL ISSUE: SECRET SERVICE STING BOARD AND INFORMANT
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Volume 3, Issue #3.03 (January 22, 1991)
CuD #3.03: File 1 of 4: Moderator's corner
CuD #3.03: File 2 of 4: From the Mailbag
CuD #3.03: File 3 of 4: CU-Related Bibliography
CuD #3.03: File 4 of 4: The CU in the News
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Volume 3, Issue #3.04 (January 28, 1991)
CuD #3.04, File 1 of 4: Moderator's corner
CuD #3.04, File 2 of 4: From the Mailbag
CuD #3.04, File 3 of 4: The Politics of the ECPA of 1986
CuD #3.04, File 4 of 4: The CU in the News
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Volume 3, Issue #3.05 (February 9, 1991)
CuD #3.05, File 1 of 8: Moderator's corner
CuD #3.05: File 2 of 8: From the Mailbag
CuD #3.05: File 3 of 8: Arrest of Phiber Optik
CuD #3.05: File 4 of 8: The Dictator--My Thoughts
CuD #3.05: File 5 of 8: Chaos Computer Conference (Reprint)
CuD #3.05: File 6 of 8: The Feds hit Ham Packet BBS Ops.
CuD #3.05: File 7 of 8: Review--Exporting the First Amndmnt
CuD #3.05: File 8 of 8: The CU in the News
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Volume 3, Issue #3.06 (February 23, 1991)
CuD #3.06, File 1 of 6: Moderator's corner
CuD #3.06: File 2 of 6: From the Mailbag
CuD #3.06: File 3 of 6: CuD Archive Server
CuD #3.06: File 4 of 6: No Felony Charges against Phiber O.
CuD #3.06: File 5 of 6: The FBI Comes Rapping.....
CuD #3.06: File 6 of 6: Some Thoughts on Gov't Actions
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Volume 3, Issue #3.07 (March 2, 1991)
CuD #3.07, File 1 of 6: Moderator's corner
CuD #3.07: File 2 of 6: From the Mailbag
CuD #3.07: File 3 of 6: CuD Index for Volume Two
CuD #3.07: File 4 of 6: EFF Job Announcement
CuD #3.07: File 5 of 6: Computers in the Movies
CuD #3.07: File 6 of 6: The CU in the News
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Volume 3, Issue #3.08 (March 12, 1991)
CuD #3.08, File 1 of 6: Moderator's corner
CuD #3.08: File 2 of 6: From the Mailbag
CuD #3.08: File 3 of 6: "Hollywood Hacker" Info Wanted
CuD #3.08: File 4 of 6: What the EFF's Been Doing
CuD #3.08: File 5 of 6: Book Review: Computer Ethics
CuD #3.08: File 6 of 6: The CU in the News
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Volume 3, Issue #3.09 (March 19, 1991)
CuD #3.09, File 1 of 2: Hollywood Hacker or Media Hype?
CuD #3.09: File 2 of 2: Computers & First Amendment
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Volume 3, Issue #3.10 (March 28, 1991)
CuD #3.10--File 1 of 5: From the Mailbag
CuD #3.10--File 2 of 5: The Hollywood Hacker, Part II
CuD #3.10--File 3 of 5: AP Story on Len Rose
CuD #3.10--File 4 of 5: Washington Post Story on Len Rose
CuD #3.10--File 5 of 5: Len Rose and the Washington Post
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Volume 3, Issue #3.11 (April 4, 1991)
CuD #3.11: File 1 of 5: Moderators' Corner
CuD #3.11: File 2 of 5: From the Mailbag
CuD #3.11: File 3 of 5: Sundevil Arrest Announced
CuD #3.11: File 4 of 5: Chicago Press Release on Len Rose
CuD #3.11: File 5 of 5: Letter to AT&T Cancelling Service
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Volume 3, Issue #3.12 (April 15, 1991)
CuD #3.12: File 1 of 4: From the Moderators
CuD #3.12: File 2 of 4: From the Mailbag
CuD #3.12: File 3 of 4: Responses to Business Week Article
CuD #3.12: File 4 of 4: Using the CuD mailserver
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Volume 3, Issue #3.13 (April 21, 1991)
CuD #3.13: File 1 of 4: From the Mailbag
CuD #3.13: File 2 of 4: Response to Len Rose Article (1)
CuD #3.13: File 3 of 4: Response to Len Rose Article (2)
CuD #3.13: File 4 of 4: The CU in the News
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Volume 3, Issue #3.14 (April 26, 1991)
CuD #3.14: File 1 of 6: Moderators Corner
CuD #3.14: File 2 of 6: Comments on Len Rose Articles
CuD #3.14: File 3 of 6: Moving toward Common Ground?
CuD #3.14: File 4 of 6: CERT Advisory
CuD #3.14: File 5 of 6: Fox and the Hollywood Hacker
CuD #3.14: File 6 of 6: MONDO -- Great new 'Zine!
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Volume 3, Issue #3.15 (May 2, 1991)
CuD #3.15: File 1 of 3: Moderators Corner
CuD #3.15: File 2 of 3: The CU in the News
CuD #3.15: File 3 of 3: EFF/SJG SUE COOK, FOLEY ET. AL.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Volume 3, Issue #3.16 (May 9, 1991)
CuD #3.16: File 1 of 6: Moderators Corner
CuD #3.16: File 2 of 6: Is Prodigy Snooping?
CuD #3.16: File 3 of 6: Prodigy under Fire
CuD #3.16: File 4 of 6: Assorted Comments on Prodigy
CuD #3.16: File 5 of 6: Prodigy's response to Stage.dat File
CuD #3.16: File 6 of 6: A Few Observations on Prodigy
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Volume 3, Issue #3.17 (May 17, 1991)
CuD #3.17: File 1 of 5: Moderators Corner
CuD #3.17: File 2 of 5: Media Comment on Riggs Sentencing
CuD #3.17: File 3 of 5: Exhibits from Riggs' Sentencing
CuD #3.17: File 4 of 5: Exhibit A from Memorandum
CuD #3.17: File 5 of 5: EXHIBIT E from Memorandum
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Volume 3, Issue #3.18 (May 28, 1991)
SPECIAL ISSUE: GENIE ON-LINE CONFERENCE: FREE SPEECH AND PRIVACY
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Volume 3, Issue #3.19 (June 4, 1991)
CONTENTS THIS ISSUE:
File 1: Moderator's Corner
File 2: From the Mailbag
File 3: Thrifty-Tel--Victim or Victimizer?
File 4: The CU in the News
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Volume 3, Issue #3.20 (June 10, 1991)
CONTENTS THIS ISSUE:
File 1: Moderator's Corner
File 2: From the Mailbag
File 3: Bay Area Archive Site
File 4: Top Ten Fallacies about SJG Raid
File 5: Hacking and Hackers: The Rise, Stagnation, and Renaissance
File 6: EFFector Online 1.07: S.266 Loses First Round
File 7: How to get WATCH.EXE
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Volume 3, Issue #3.21 (June 17, 1991)
CONTENTS THIS ISSUE:
File 1: Moderator's Corner
File 2: From the Mailbag
File 3: Review of Gary Marx's UNDERCOVER
File 4: Review of PROTECTORS OF PRIVILEGE
File 5: Review of THE INFORMATION WEB
File 6: Hollywood Hacker Sentenced
File 7: Len Rose Sentenced (Reprint from Newsbytes)
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Volume 3, Issue #3.22 (June 21, 1991)
CONTENTS THIS ISSUE:
File 1: Moderators' Corner
File 2: From the Mailbag
File 3: Punishment and Control: Reply to Gene Spafford
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Volume 3, Issue #3.24 (July 3, 1991)
CONTENTS THIS ISSUE:
File 1: From the Mailbag (Response to "Cyberpunk" definition)
File 2: Bill Vajk, Len Rose, Gene Spafford
File 3: Comsec Security Press Release
File 4: Comments on ComSec Data Security
File 5: Police Confiscations and Police Profit
File 6: House Crime Bill (1400) and its Threat to Modemers
File 7: Law Panel Recommends Computer Search Procedures
File 8: The CU in the News (data erasing; cellular fraud)
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Volume 3, Issue #3.23 (June 27, 1991)
CONTENTS THIS ISSUE:
File 1: From the Mailbag (Response to Dalton; Hacker Definitions)
File 2: Warrants issued for Indiana and Michigan "Hackers"
File 3: More on Thrifty-Tel
File 4: The CU in the News (Thackeray; Cellular Fraud; Privacy)
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Computer Underground Digest--Sat Jul 13 01:10:10 CDT 1991 (Vol #3.25)
Moderators: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Today's Contents:
Moderators' Corner
Spaf's Response to Bill Vajk
Comments to Bill Vajk's posting in CuD #3.22 (T. Klotzbach)
LOD Members for Comsec Computer Security (News Reprint)
Alcor Email (ECPA) Case Settled (Keith Henson)
NIST announces public-key digital signature standard (gnu)
Secret Service Pays Hacker Call (Reprint from Newsbytes)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Computer Underground Digest--Thu Jul 18 17:22:30 CDT 1991 (Vol #3.26)
Moderators: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Contents, #3.26 (June 18, 1991)
File 1: Moderators' Corner
File 2: The Vajk-Spaf-Leichter dialogue continues......
File 3: The TERMINUS of Len Rose
File 4: "Computer Crime" paper by Brian Peretti available
File 5: Doc Savage Sentenced (NEWSBYTES Reprint)
File 6: CompuServe Responds to Policy and Operations Questions
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Computer Underground Digest--Sat July 27 19:39:41 CDT 1991 (Vol #3.27)
Moderators: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Contents, #3.27 (July 27, 1991)
Subject: File 1-- Response to "The Terminus of Len Rose"(1)
Subject: File 2-- Response to "The Terminus of Len Rose"(2)
Subject: File 3-- Response to Neidorf's "Terminus of Len Rose"(3)
Subject: File 4-- chinet review
Subject: File 5-- Comsec Data Security Article Corrections
Subject: File 6-- Crypto-conference statement
Subject: File 7-- Reasonable laws on computer crime
Subject: File 8-- re: Bill Vajk's latest comments
Subject: File 9--Chaos Computer Club archives at titania.mathematik.uni-ulm.de
Subject: File 10--Late reply to Dutch Crackers article (CUD3.19)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Computer Underground Digest--Thu Aug 1, 1991 (Vol #3.28)
>> SPECIAL ISSUE: RESPONSE TO FORESTER ARTICLE <<
Moderators: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Contents, #3.28 (August 1, 1991)
Subject: File 1--SPECIAL ISSUE: THE TOM FORESTER ARTICLE
Subject: File 2--CuD Review of _Computer Ethics_ (Reprint)
Subject: File 3--Re: Hackers - Clamp Down NOW!
Subject: File 4--Reply to Tom Forester Article
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Computer Underground Digest--Thu Aug 9, 1991 (Vol #3.29)
Moderators: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
CONTENTS, #3.29 (AUGUST 9, 1991)
Subject: File 1--Moderators' Corner
Subject: File 2--Say Goodbye to FOIA?
Subject: File 3--Hackers Challenged to Break In
Subject: File 4--Reciprocity in Cyberspace, by Robert Jacobson
Subject: File 5--text of chron-spacemail
Subject: File 6--Reply to Gene Spafford
Subject: File 7--Estimates on virus activity
Subject: File 8--Research Analysis
Subject: File 9--comp.patents, misc.legal.computing and misc.int-property
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Computer Underground Digest--Fri Aug 16, 1991 (Vol #3.30)
Moderators: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
#3.30 (AUGUST 16, 1991)
File 1--Review: PRACTICAL UNIX SECURITY (Garfinkel and Spafford)
File 2--Review of "Practical Unix Security" (Garfinkel & Spafford).
File 3--Cyberspace and the Legal Matrix: Laws or Confusion? (Reprint)
File 4--Mystery Lurks In The Death of INSLAW Reporter
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Computer Underground Digest--Fri Aug 23, 1991 (Vol #3.31)
Moderators: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
CONTENTS, #3.31 (AUGUST 23, 1991)
File 1--Moderators' Corner: Blurbs
File 2--Request info on suggestions for a class
File 3--New BBS for CuD back issues and other services
File 4--Moderators' Corner: Blurbs
File 5--BOARDWATCH Magazine
File 6--NREN Boondoggle?
File 7--Inslaw Death Investigation Continues (NEWSBYTES REPRINT)
File 8--Memes, Gurus, and Viruses
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Computer Underground Digest--Fri Sept 8, 1991 (Vol #3.32)
Moderators: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
-> SPECIAL ISSUE: REVIEW OF _CYBERPUNK_ <-
CONTENTS, #3.32 (September 8, 1991)
File 1--CYBERPUNK Review
File 2--Review of _CYBERPUNK_
File 3--_CYBERPUNK_ Review
File 4--Newsweek review CYBERPUNK
File 5--Review of _CYBERPUNK_
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Computer Underground Digest--Fri Sept 14, 1991 (Vol #3.33)
Moderators: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
CONTENTS, #3.33 ( September 14, 1991)
File 1--Moderators' Corner
File 2--Clarification of "Boycott" Comment
File 3--How BellSouth Calculated $79,000
File 4--Houston Chronicle spacemail follow
File 5--More on Casolaro (INSLAW) Suicide (Mary McGrory reprint)
File 6--"Freaker's Bureau Incorporated" (FBI)
File 7--Review of Site Security Handbook (by Dark Adept)
File 8--Complain to Journalists
File 9--Spaf's Response to Reviews of _Unix Security_
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Computer Underground Digest--Tue, Sept 25, 1991 (Vol #3.34)
Moderators: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
CONTENTS, #3.34 ( September 25, 1991)
File 1--Moderators' Corner
File 2--WANTED: TARGETS OF OPERATION SUN DEVIL
File 3--BBS Services Fight NY "Download" Tax (Newsbytes Reprint)
File 4--New York Tax Law and Commentary by Tony Mack
File 5--Confusion Reigns on NY Download" Tax (Newsbytes Reprint)
File 6--Confusion unfolds on NY "Download" Tax (Newsbytes Reprint)
File 7--Clarification of NY BBS Law
File 8--Summary of Significance of NY "BBS Download Tax" (reprint)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Computer Underground Digest--Fri, Oct 4, 1991 (Vol #3.35)
Moderators: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
CONTENTS, #3.35 ( October 4, 1991)
Subject: File 1--Moderators' Corner
Subject: File 2--Cyperpunk Author Responds to Mitnick Charges
Subject: File 3--Computer Security Basics review
Subject: File 4--Steam age cyberpunk
Subject: File 5--Errata to "Practical Unix Security"
Subject: File 6--Living with the Law -- A view from Finland
Subject: File 7--Let's Get It Right.
Subject: File 8--"Phone Gall" (AT&T sues users)(Infoworld reprint)
Subject: File 9--Announcement
Subject: File 10--Cyberspace Conference in Montreal
Subject: File 11--Conference Info and Press Releases
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Computer Underground Digest--Sat, Oct 12, 1991 (Vol #3.36)
Moderators: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
CONTENTS, #3.36 ( October 12, 1991)
Subject: File 1-- Intro to Biblio and Resources Moderators' Corner
Subject: File 2-- General CU-Related Bibliography
Subject: File 3-- Dissertations and Theses
Subject: File 4-- General On-Line and Print Resources
Subject: File 5-- Misc. Books for Fun Reading
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Computer underground Digest Sat, Oct 19, 1991 Volume 3 : Issue 37
Moderators: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
**** SPECIAL ISSUE: "GERALDO AND THE MAD HACKERS'S KEY PARTY" ****
CONTENTS, #3.37 ( October 19, 1991)
File 1: Summary of Geraldo's _Now it can be Told_
File 2: Excerpts from "Mad Hacker's Key Party"
File 3: Review_of_Now_It_Can_Be_Told_
File 4: Geraldo Rivera show on "Hacking"
File 5: The_RISKS_of_Geraldo
File 6: 2600 Magazine Exposes Security Holes (NEWSBYTE reprint)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Computer underground Digest Sun, Oct 27, 1991 Volume 3 : Issue 38
Moderators: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
CONTENTS, #3.38 ( October 27, 1991)
File 1: Geraldo's _Now it can be Told_ Revisited
File 2: Comment on the Geraldo Show
File 3: A Guest's-eye view of the Geraldo Show
File 4: Second Thoughts about the "Ingraham Massacre"
File 5: Response to CuD #3.37's "Mad Hacker" Issue
File 6: Release of Informatik #1
File 7: Second Annual XMASCON
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
CONTENTS, #3.39 ( November 3, 1991)
File 1: Moderator's Corner--Brendan Kehoe's FTP information
File 2: The Secret Service and Protection of Privacy
File 3: Re: Response to Bill Vajk's FOIA Piece
File 4: Letters from Prison: Installment #1
File 5: Diehard 2 And Hacking
File 6: Re: CuD - Now It Can Be Told
File 7: Is the Government creating malign hackers?
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
CONTENTS, #3.40 ( November 10, 1991)
File 1: Rhetoric and CuD
File 2: Re: Comments on J Thomas's Ingraham post in CuD #3.38
File 3: Response to Ingraham Criticisms
File 4: Draft of BBS warnings to Law Enforcement Agents
File 5: CU Bibliography Update
File 6: Senate Bill 516 : Electronic Privacy in the Workplace
File 7: Letter from Prison (part 2 of 2)
File 8: "Password violations helped Hill hacker"
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
CONTENTS, #3.41 ( November 16, 1991)
Bill Cook's opening statement in Neidorf/PHRACK trial
...and more!
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
CONTENTS, #3.42 ( November 30, 1991)
File 1--Moderators' Corner
File 2--CPSR FOIAs Secret Service
File 3--Responses to CPSR (Reprinted from Telecom Digest)
File 4--Why Covert Surveillance is Wrong
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
CONTENTS, #3.43 ( Dec 8, 1991)
File 1--Moderators' Corner
File 2--You can help build the National Public Network. Here's how.
File 3--#3.41--Bill Cook's opening statement in the Neidorf trial
File 4-- Two Juveniles arrested in BBS Extortion case
File 5--Law Enforcement and Rights
File 6--Townson's reply to Neidorf (in Cu Digest, #3.42)
File 7--"High-Tech Watergate" (Inslaw reprint by E. Richardson)
File 8--Software Piracy
File 9--Hacker Convicted
File 10--"Teens Tapped Computers of U.S. Military"
File 11--Canada: Police Seize BBS, Software Piracy Charges Expected 11/25/91
File 12--Here's something you might find of interest
File 13--24 Year Old Cracks NASA
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
CONTENTS, #3.44 ( Dec 17, 1991)
File 1: Jyrkis Posting
File 2: Re: Canada: Police Seize BBS, Software Piracy Charges Expected
File 3: FBI vs Kiddie Porn
File 4: "Getting what he Deserved?" (Reprint from Effector 2.02)
File 5--A book worth adding to your CuD list ...
File 6: E-mail privacy bibliography
File 7: Second CFP Conference
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
** END CuD INDEX VOLUME 3 **
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
------------------------------
End of Computer Underground Digest #4.03
************************************
Computer underground Digest Fri, Jan 29, 1992 Volume 4 : Issue 04
Moderators: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Associate Moderator: Etiam Shrdlu
CONTENTS, #4.04 ( Jan 29, 1992)
File 1: Media Watch (Moderators)
File 2: User Bill of Rights Introduced
File 3: The Casolaro Murder--The Feds' Theft of Inslaw Software
File 4: PRA and Owens Bill
File 5: EFF on PRA/Owen bills
File 6: PRA/Owens Bill (response to EFF response)
File 7: Re: CuD 402--Law Enforcement, the Government & You
File 8: The Harsh Reality of Life
File 9: Len Rose seeks Unix work upon release
Issues of CuD can be found in the Usenet alt.society.cu-digest news
group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG,
and DL0 and DL12 of TELECOM, on Genie, on the PC-EXEC BBS at (414)
789-4210, and by anonymous ftp from ftp.cs.widener.edu (147.31.254.132),
chsun1.spc.uchicago.edu, and ftp.ee.mu.oz.au. To use the U. of
Chicago email server, send mail with the subject "help" (without the
quotes) to archive-server@chsun1.spc.uchicago.edu.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to the
Computer Underground. Articles are preferred to short responses.
Please avoid quoting previous posts unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Thu, 27 Jan 92 18:32:10
From: Moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 1--Media Watch (Moderators)
BOARDWATCH: The Jan/Feb issue of _Boardwatch_ technical information of
interest to BBS hobbyists and modemers with legal news and general
information useful to students of cyberspace. For law buffs, three
stories (Virginia telecom vs. Virginia BBSs, the American On-Line
pornography case, and Lance Rose's piece on Whistleblowers' BBS)
provide a concise summaries of legal issues. The issue also includes
a BBS listing of boards in Denver and in what used to be East Germany.
Although $36 a year for 12 issues, it's a great bargain and an
invaluable resource. For info, contact jrickard@boardwatch.com
PHRACK: The latest (Jan '92) "Diet Phrack" (#36) is out, and is the
best issue since Knight Lightning left two years ago. The issue can
be obtained from the CuD ftp archive site (see header, above) or by
contacting the PHRACK editors directly (see CuD #4.02 for details).
Table of Contents for Phrack 36:
1. Introduction to Diet Phrack (Phrack 36) by Compaq Disk and Dr. Dude
2. Diet Phrack Loopback by Phrack Staff
3. In Living Computer starring Knight Lightning
4. The History ah MOD by Wing Ding
5. *ELITE* Access by Dead Lord and Lord Digital (Lords Anonymous!)
6. The Legion of Doom & The Occult by Legion of Doom and Demon Seed Elite
7. Searching for speciAl acceSs agentS by Dr. Dude
8. Phreaks in Verse II by Homey the Hacker
9. Real Cyberpunks by The Men from Mongo
10. Elite World News by Dr. Dude
11. Elite World News by Dr. Dude
------------------------------
Date: Mon, 27 Jan 1992 11:07:44 -0500
From: Craig Neidorf <knight@EFF.ORG>
Subject: File 2--User Bill of Rights Introduced
USER "BILL OF RIGHTS" INTRODUCED January 23, 1992
TAMPA, FLORIDA.-- .The North American Directory Forum (NADF)
introduced a "User Bill of Rights" to address security and privacy
issues regarding entries and listings concerning its proposed
cooperative public directory service. NADF members also approved
continuing efforts on an experimental publish directory pilot at their
eighth quarterly meeting.
The "User Bill of Rights" addresses the concerns of the individual
user or the user's agent, and is in response to issues brought to the
attention of the NADF.
Final plans were completed for the X.500 directory pilot scheduled to
begin in the first quarter of this year. The pilot will be used by
the NADF to validate its technical agreements for providing a publish
directory service in North America. The agreements have been recorded
in standing documents and include the services that will be provided,
the directory schema and information sharing required to unify the
directory. It will test the operation of X.500 in a large-scale,
multi-vendor environment.
All NADF members are participating in the pilot. The members are
AT&T, Bell Atlantic, BellSouth Advanced Networks, Bellcore
representing US West, BT North America, GE Information Services, IBM,
Infonet, MCI Communications Corp., Pacific Bell, Performance Systems
International, US Postal Service and Ziff Communications Co. Joining
the NADF at this meeting are Canada Post Corporation and DirectoryNet,
Inc.
The NADF was founded in 1990 with the goal of bringing together major
messaging providers in the U.S. and Canada to establish a public
directory service based on X.500, the CCITT recommendation for a
global directory service. The forum meets quarterly in a
collaborative effort to address operational, commercial and technical
issues involved in implementing a North American directory with the
objective of expediting the industry's transition to a global X.500
directory.
This quarter's meeting was hosted by the IBM Information Network,
IBM's value-added services network that provides networking,
messaging, capacity and consulting services.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
USER BILL OF RIGHTS (for entries and listings in the Public Directory)
The mission of the North American Directory Forum is to provide
interconnected electronic directories which empower users with
unprecedented access to public information. To address significant
security and privacy issues, the North American Directory Forum
introduces the following "User Bill of Rights" for entries in the
Public Directory. As a user, you have:
I. The right not to be listed.
II. The right to have you or your agent informed when your entry is created.
III. The right to examine your entry.
IV. The right to correct inaccurate information in your entry.
V. The right to remove specific information from your entry.
VI. The right to be assured that your listing in the Public Directory will
comply with US or Canadian law regulating privacy or access information.
VII. The right to expect timely fulfillment of these rights.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scope of Intent - User Bill of Rights
The North American Directory Forum is a collection of service
providers that plan to offer a cooperative directory service in North
America. This is achieved by interconnecting electronic directories
using a set of internationally developed standards known as the CCITT
X.500 series.
In this context, the "Directory" represents the collection of
electronic directories administered by both service providers and
private operators. When an entry containing information about a user
is listed in the Directory, that information can be accessed unless
restricted by security and privacy controls.
A portion of the Directory -- The Public Directory -- contains
information for public dissemination. In contrast, other portions of
the Directory may contain information not intended for public access.
A user or user's agent may elect to list information in the Public
Directory, a private directory, or some combination. For example, a
user might publicly list a telephone number or an electronic mail
address, and might designate other information for specific private
use.
The User Bill of Rights pertains to the Public Directory.
Source: NADF, January 1992
------------------------------
Date: Thu, 16 Jan 1992 21:29:00 LCL
From: sender@garbled.by.new.batch.program
Subject: File 3--The Casolaro Murder--The Feds' Theft of Inslaw Software
((Moderators' note: The following excerpts from a WBAI-FM interview
were sent to us by a reader whose header was maliciously garbled by an
experimental editing program. Our new associate moderator, Etiam
Shrdlu, assumes full responsibility and apologizes. The poster
indicated that the interview originally appeared on Activist-L bitnet
hotline. Background information on the Inslaw case, in which the U.S.
government is suspected by some of conspiring to steal software and
cover up its theft, see CuDs 3.30, 3.31, and 3.33)).
+++++++++++++++++++++++++++++++++++++++++++++++++++=
The following interview was broadcast over Pacifica Radio Network station
WBAI-FM
505 Eighth Ave., 19th Fl.
New York, NY 10018 (212) 279-0707
on September 29, 1991.
* * * * * * * * * * * * * * * * *
SAMORI MARKSMAN:
We go to our next guest, Harry Martin, who is the publisher of
the Napa Sentinel [Napa, California] and who has been doing an
extraordinary amount of investigatory work around the Inslaw affair.
We will begin by welcoming Harry Martin back to WBAI. Good morning.
Just to let you know that I'm in the studio with Paul DeRienzo.
.....
[deleted some previously discussed information]
HARRY MARTIN:
The person who is awaiting criminal prosecution is Michael
Riconosciuto, of course. But mind you, he was not arrested at the time
he made the deposition. He gave a deposition to Congress, and he
indicated to the committee that if he went ahead and testified --as he
did -- therefore, he would be subject to arrest within a short period
of time. Within seven days he was arrested! But Ari Ben-Menashe is
certainly not under any criminal arrest. He is a member of the Israeli
Mossad [intelligence agency]. And the other people who have come
forward and testified to these various things are not in jail. Michael
Riconosciuto is a man who has signed an affidavit, and yes, he is in
jail awaiting criminal charges of supposedly owning a methamphetamine
lab in Pearce Conty, Washington. However, after he was arrested --
while I was on a Seattle radio show, I was on hold and the news came
on -- there were three methamphetamine labs broken up in Pearce
County, Washington, not associated with him whatsoever. And it would
lead to the suspicion that perhaps they were all connected to one
thing and had nothing to do with Michael, but they decided to hang one
on him right after his testimony.
PAUL DeRIENZO:
Why don't you give us some background on who Ari Ben-Menashe is,
because his name has come up on a number of different issues.
HARRY MARTIN:
His name has turned up on the October Surprise and everything else.
He is a member of the Mossad and he apparently indicates that he is a
witness to the exchange of the PROMIS software to the Iraqis in
Santiago, Chile. Now there was also a British Air Force officer who
was a witness to that thing, supposedly, and he was hung. And they
declared that to be suicide. That was in Chile. Ben-Menashe has come
forward on a lot of things, but you have to understand that the
Israelis, at the present time, are also very irritated with the Bush
Administration. And you cannot be sure how much information and
disinformation is being passed around.
PAUL DeRIENZO:
How about Mr. Riconosciuto? We discussed the legal problems he got
himself in after he spoke out. But what is his history?
HARRY MARTIN:
He's a very brilliant computer scientist. He has worked inside the CIA
for a long time. And nobody can deny this fact. Nobody is challenging
that particular role. He was the man who had the access keys to almost
any computer situation: monies, who's who and everything else. He's
very dangerous in the aspect that he has all that knowledge of the key
players in many, many things. And, of course, his affidavit stated
that he converted the PROMIS software using the Cabazon Indian
reservation, in Indio, California to do this. And Dr. Earl Brian was
very much involved there. That place was also used for the manufacture
of biological warfare and chemical warfare to be used by the Contras
in Nicaragua. Testimony has come forward from many people that that
whole Indian tribe and those people running it are shown by the
California Department of Justice to have Mafia and CIA ties. This is
a documented situation. But jurisdiction becomes a problem because it
is an independent Indian nation.
.....
PAUL DeRIENZO:
We have reports that have come out in COMPUTERWORLD and other sources
based on these statements made by Mr. Ben-Menashe and Mr. Riconosciuto
that Robert McFarlane, who was the former National Security Advisor,
was involved in giving the Israeli Government copies of this software.
Bill Hamilton says that he found out, quite by accident, that Canada
was using it widely; that the Royal Canadian Mounted Police were using
it in their intelligence facilities.
.....
Now, what was the role of the Indian reservation?
HARRY MARTIN:
Well, there are several Indian reservations that are being used by the
Wackenhut Corporation and intelligence agencies to do things like
manufacture equipment or ..... They can skip a lot of corners because
these nations are technically independent. For instance, one
reservation is in New Mexico, but it also goes across the Mexican
border. Therefore, it becomes an open corridor where you don't use
customs or anything because part of your properties are in one country
and part is in another. And they have used these Indian tribes for
everything from the manufacture of weapons to the software situation,
opening up gambling casinos. And understand, a lot of the money
involved in the savings and loan scandal came from the Bureau of
Indian Affairs. The Bureau of Indian Affairs puts out money to be
invested on short-term notices, and this is how a lot of the savings
and loans that went down started up. And that's where a lot of their
money came from.
There could be a lot of inter-ties in there. It is so complex, and of
course, Danny Casolaro referred to it as "the Octopus". You can
understand why now, because it gets into .... You see, the trouble is,
you can't isolate Inslaw by itself. Inslaw by itself is just a minor
thing compared with the overall package. The total corruption that
seems to have played around --Iran/Contra gets involved, and the
October Surprise gets involved. There are just so many players that
keep coming across each other, and it's a really massive story. I
don't know anybody who is going to get the whole picture.
........
PAUL DeRIENZO:
What I'm trying to get at are the connections that might lead to
an investigation, or try to force an investigation into these
things because it seems that when you have a reporter who is
found dead under mysterious circumstances, by anybody's definition,
it deserves being looked into further rather than a simple ruling
that this was a suicide because .....
HARRY MARTIN:
You have to understand now, Inslaw was sort of on the back burner of
the public limelight. In other words, I'm getting letters now from
your program last week in which people say they haven't heard too
much about this thing on the East Coast. Originally, Inslaw was
carried by the Washington Times, the St. Louis Post-Dispatch and
ourselves. And we're the only three newspapers in the whole nation
giving any credence or concentration to it.
PAUL DeRIENZO:
Actually, Barron's also.
HARRY MARTIN:
The Sam Nunn Committee got nowhere because the Justice Department
refused to turn over any records whatsoever. And Jack Brooks's
Committee, which is in our Congress, has already had some hearings
and some of the testimony is from Judge Bason and so forth. But
again, the Justice Department is stonewalling it in refusing to
give documentation up. And, of course, my question is: Who's in
control, the Congress or the Justice Department? The thing is
that the death of Danny Casolaro has opened this to the fact that
you're seeing more and more questions asking: What is this Inslaw
case? And that in itself is going to open up more questions into
other things. See, if they open up the Inslaw case, it's just
going to be the tip of the iceberg, and they may find a lot of
other things involved and interconnected. Perhaps Danny's death
is going to give more impetus to the Brooks Committee. It's
certainly beginning to wake up the national media which really
slept on this thing. These things take time. Look how long it took
Watergate. And Iran/Contra really never got anywhere.
SAMORI MARKSMAN:
We want to let our listeners know that we are speaking with
Harry Martin who is the publisher of the Napa Sentinel, and as
you've been hearing, we're focusing on a rather intriguing story --
which involves some major players in the political affairs of
this society -- but which isn't receiving the kind of attention
that the issue deserves. We here at WBAI are attempting to do so
today and we will continue to do so.
.....
Paul, I want to ask Harry to go back to a point which he alluded
to earlier. We had been talking about the breadth of this issue,
that it's not simply the disappearance of Danny, that there are
many others who have been killed in similarly mysterious
circumstances, although some perhaps less mysteriously than others.
Could you discuss that again for us, Harry Martin, and show what
was a common thread linking these various deaths?
HARRY MARTIN:
Well, much of the common thread is Danny Casolaro himself. We have
Standorf, who worked for a secret [government] communications
division outside of Washington [D.C.]. He was funneling documents
to Danny at all times, and he was found beaten to death in his car
at National Airport in Washington. And of course, Danny indicated
that his sources had [since] dried up. Apparently, they had set up
a thing in the Hilton Hotel, in room 900, in which they had
high-speed equipment, and they were duplicating everything as
quickly as possible to get them back in [returned to] the files.
Then of course, we have Mr. Ng who was in Guatemala. He worked
for the Financial Times of London. He was working on this case,
but he was also working on the Wackenhut Corporation and following
a key witness to the murders of some Cabazon Indians. And he was
found shot to death in Guatemala.
And then, of course, Michael Riconosciuto's attorney -- Eiselman,
I think it is. I don't have my notes in front of me -- from
Philadelphia, was en route to pick up material proving that
Riconosciuto was, in fact, telling the truth. And he was found
shot to death.
All these things, with the exception of Standorf, were written off
as suicides. And Michael May, who we wrote of as being tied into
that, and who had had communications with Casolaro .... and also,
he was the man who supposedly filtered the forty million dollars
to the Iranians as the down payment on the "October Surprise" --
we wrote about him on a Friday in June, and on a Wednesday in
San Francisco he was found dead. They said it was a heart attack.
Later on, the autopsy revealed that it was polypharmaceuticals
that were in his system, and it was not a heart attack.
Michael Riconosciuto's arrest, of course .... It would take me
forever to explain them all, but that gives you a synopsis of
some of the things that have happened to people associated with
that particular case.
PAUL DeRIENZO:
Let's concentrate on one of the more outrageous of these murders.
And that, besides Casolaro's death (many people, including
Bill Hamilton call that a murder) ....
HARRY MARTIN:
We refer to them as deaths. We're not taking the total line yet
that they were murders.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
PAUL DeRIENZO:
There is conflict on these [deaths], but they are very suspicious.
One actual murder that nobody will deny was that of Mr. Alvarez,
the crusading member of the Cabazon Indians who opposed the ....
HARRY MARTIN:
Absolutely! And he was shot with two other people, execution style.
Jimmy Hughes was a man who worked for Wackenhut and who was the
bag-man to bring the money over [to pay for the contract murders
of Fred Alvarez and company]. And he has testified to the
Riverside County [California] District Attorney's office. He is
now in hiding in Guatemala, of course. That's where Mr. Ng
was down to see him. He also carried a lot of other information
which was extremely damaging. We were able to talk to people who
helped him escape, because he came up this way at first, and now
he's down in Guatemala. The Indian situation itself is its own
scandal. Then there's the Wackenhut Corporation, and you get
into Inslaw .... Like I say, its just so wide you would need a
massive computer just to do a chart.
PAUL DeRIENZO:
Can we focus now on Alvarez? Can you tell us that story?
HARRY MARTIN:
Alvarez was basically the head of the Cabazon Indians, and when
Wackenhut and Dr. Brian and people came in to take over and create
the gambling parlors and to convert the Inslaw software and to
manufacture chemical warfare weapons and so forth, he protested.
He wanted control of the Indian tribe back. And he was summarily
executed. The money came from the people who were running that,
according to the testimony of Jimmy Hughes, which is on file with
the State of California in the Riverside County D.A.'s office.
Incidentally now, after all these years they have finally reopened
that case in Riverside because of the publicity associated with
the Inslaw case.
PAUL DeRIENZO:
At first, there was a grand jury investigation and there were no
indictments or suspects mentioned in that first investigation.
HARRY MARTIN:
And yet, Hughes testified to names, places, events, everything.
PAUL DeRIENZO:
Mr. John P. Nichols, who was at that time the head of the tribe
and who now is an advisor to the Cabazon Indians, said that the
death of Mr. Alvarez and two non-Indian companions, who were found
shot to death with him, had nothing to do with what's going on in
the Cabazon reservation.
HARRY MARTIN:
Yet, Jimmy Hughes has testified to the Riverside people that
John Nichols is the one who gave him the money to deliver to the
hit-man in Palm Springs. Also, Mr. John Nichols was later on
convicted for murder-for-hire and his sons are now technically
running the tribe.
PAUL DeRIENZO:
He was actually convicted rather than charged? I heard he was
brought up on charges. But he was actually convicted of that?
HARRY MARTIN:
Absolutely.
PAUL DeRIENZO:
But Mr. Nichols seems to have a tremendous amount of support.
>From what I understand, he's getting a lot of support from
liberal figures such as James Aboureszk, the former senator from
South Dakota.
HARRY MARTIN:
You have to understand, Mr. Nichols, by his own boasting and
through other publications, indicates that he was involved in
the assassination of [democratically elected President of Chile,
Salvador] Allende, and he was involved in the attempted
assassination of [Cuban Premier Fidel] Castro. His links as a
C.I.A. contractor -- his links with the Mafia are well documented
with the State of California. Therefore, obviously he's going to
get some support from groups that are probably within that channel.
.....
SAMORI MARKSMAN:
Harry Martin, we'd like to thank you very much for joining us
again here on WBAI. Any closing points that you would like to make?
HARRY MARTIN:
Well, just that Danny's concept of an "Octopus" .... you can see
exactly what he was talking about. The tentacles went everywhere,
and he seemed to be on the verge of breaking a lot of that
information. And then all of his records, everything disappeared.
And he died. To say that a journalist would commit suicide when
he's on the verge of breaking a big story is ludicrous because
anybody knowing a journalist knows that once they are on a drive,
neither food nor anything else matters but to get that story
across. He was very close to it, and you don't cash in the chips
on the verge of winning the jackpot.
SAMORI MARKSMAN:
So true. Harry Martin, publisher of the Napa [California] Sentinel,
thank you very much for joining us here on WBAI, non-commercial,
listener-sponsored Pacifica Radio at 99.5 FM in New York.
------------------------------
Date: Sun, 26 Jan 1992 11:44:21 CST
From: Cayman Zahn <CZA@CAMP1.SYSONE.COM>
Subject: File 4--PRA and Owens Bill
((Your readers might be interested in the following that came
across the nets))
++++ Original Message ++++
>Date: Thu, 23 Jan 1992 16:23:42 EST
>From: James P Love<LOVE@PUCC.BITNET>
>Subject: PRA and Owens Bill
A number of persons have asked me how the Owens Bill (HR 3459) and the
Paperwork Reduction Act (PRA) relate to each other. From our point of
view, they represent competing approaches to federal information
policy. Not only do these bills accomplish different things, but it
is highly unlikely that both bills will be acted on by Congress.
THE PRA
The sections of the PRA that deal with the dissemination of government
information largely reflect IIA's vision of federal information
policy.
1. Agency mandates to disseminate information are qualified by the
existence of private sector "equivalent" products and services.
2. The law limits agency prices for information "products," which
vendors buy, but not "services," which would include such things
as online access to government information systems.
3. While the PRA would benefit data users and vendors by prohibiting
royalties on government information, it may also prohibit
agencies from limiting the prices vendors charge for access to
services such as CENDATA or the FEC database.
4. The PRA only requires public notice when agencies start or
terminate "significant" new information products and services.
These are when privatization issues are important. There are no
provisions for public notice to review an existing policy to see
if it is adequate in light of changing technologies, or to raise
hundreds of user concerns over things like standards for file
formats, query command structures, user interfaces, indexes or
other important features of information dissemination programs.
5. The PRA strengthens OMB's role in setting federal information
policy. OMB has a long record of promoting the privatization of
federal information resources.
THE OWENS BILL
The Owens bill was drafted from the point of view of data users.
1. Agency have an unambiguous mandate to disseminate information
using modern technologies. Not only is the intent as expressed
in the findings quite good, but the bill specifically mentions
such things as the use of national computer networks.
2. Agency prices are limited for goods _and_ services.
3. The Owens bill bans agency royalties or fees for the
redissemination of information, but it doesn't place other
restrictions on federal agencies.
4. The public notice sections of the Owens bill are extensive, and
they address, on an annual basis, issues such as standards for
file formats, query command structures, user interfaces, and
indexes, as well as agency product lines, prices, outlets, and a
number of other things.
5. OMB will be constrained by the Owens bill, since the bill
carefully sets out agency mandates to disseminate information,
but OMB isn't given powers to make federal information policy.
NIST and NARA are asked to become more involved in federal
information policy.
POLITICS OF THE TWO BILLS
1. IIA wants a bill that addresses the pricing of government
information. Vendors are disturbed by the recent attempts to
place royalties on the redisseminate of ocean tariff information.
Both bills would address this issue.
2. The IIA has told its membership that the Owens bill is consistent
with IIA principles.
3. The PRA probably can't pass without the support of the library
community.
4. IIA is asking the library community to cut a deal on the PRA.
5. The PRA is a political tar baby, because it gets into many
unrelated subjects, such as OMB's authority to review agency
regulations before they are published, or the authority of
agencies to require firms to disclose health warnings to third
parties. The heavy hitters in those disputes don't care about
the information dissemination parts of the bill, and federal
information policy ends up being lost in the public debates.
We have opposed the passage of the PRA and we have supported the
passage of the Owens bill. We don't think OMB has much to recommend
it as a maker of federal information policy. If you disagree, ask
yourself this questions: Who else in the federal government would
want OMB to set policy? Do education groups want OMB to set education
policy? Do scientists want OMB to set science policy? OMB is
primarily staffed by accounting and management types who have little
background or commitment to the development and use information
resources or technologies. Why put them in the drivers seat?
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
James Love, Director VOICE: 609-683-0534
Taxpayer Assets Project FAX: 202-234-5176
7-Z Magie, Faculty Road bitnet: Love@pucc.bitnet
Princeton, NJ 08540 internet: Love@pucc.princeton.edu
------------------------------
Date: Sat, 25 Jan 1992 15:29:46 EST
From: Bennett Crook <BCROOK@WAYNEST1.BITNET>
Subject: File 5--EFF on PRA/Owen bills
++++++++++++++++++++++++++++Original message++++++++++++++++++++++++++++
The Electronic Frontier Foundation strongly disagrees with the Jamie
Love/Taxpayer Assets project interpretation of the Paperwork Reduction
Act Information Dissemination Sections. We support PRA. It is not
perfect legislation but it embodies postive obligation of goverment
agencies to disseminate public information in all formats and supports
a diversity of information sources.
Make no mistake. The TAP/Love Approach sometimes appears to envision
the government as the sole producer of government information.This is
inconsistent with free flow of information, diversity of sources for
government originated information.We dont want goverment to monopolize
info as we do not want private sector to do the same.
EFF, ACLU, OMB Watch, support PRA.
But we also support OWENS BILL!!!! Problem is that owens does little
except require agencies to report on dissemination activities. Good.
But also amends FOIA (Freedom of Info Act) which is fine but not easy
and cannot be considered independent of S 1939, Leahy (DVT, SEn) bill
to create Electronic Freedom of Information Act. PRA is in public
interest. Owens is in public interest. Electronic Foia in public
interest. Lets support them all.
J. Berman, EFF Wash Office Director.
------------------------------
Date: Tue, 28 Jan 1992 14:20:09 EST
From: James P Love <LOVE@PUCC.BITNET>
Subject: File 6--PRA/Owens Bill (response to EFF response)
++++++++++++++++++++++++++++Original message++++++++++++++++++++++++++++
January 27, 1992
Jerry Berman
Director, Washington Office,
EFF
666 Pennsylvania Avenue, SE
Suite 303
Washington, DC 20003
RE: PRA/Owens Bill
Dear Jerry:
Here are my suggestions regarding the principles that should
prevail in a PRA (and/or) Owens bill.
1. Agencies should have an unambiguous mandate to provide
access to federal information in a variety of formats and
modes. The agencies should make reasonable efforts to
respond to requests for access to data stored in electronic
formats. This should include requests that data be
disseminated in ways that make it convenient to receive and
use (i.e. floppy disks, CD-ROMs, standardized record
structures).
2. Agencies should have a clear mandate to provide online
access to government information, and to use computer
networks, such as the Internet, for dissemination.
3. Agencies should provide information products and services to
the federal depository library program.
4. The agency should provide access to underlying records of
databases, as well as to value added services, including
those that are developed for use by government employees.
5. The agency's mandate to disseminate information should not
evaporate simply because there are private sector
alternatives. (i.e. the PRA "check list").
6. The government should charge no more than the incremental
cost of dissemination for information products _and_
services.
7. Agencies should be encouraged to embrace standards for such
things as record formats and query commands.
8. The public should have frequent and regular opportunities to
review agency policies and practices and offer criticisms.
Agencies should be required to say what they have done about
those criticisms.
9. The legislation should not enhance OMB's role in setting
federal information policy. 11 years of ORIA work in this
area should be enough to convince anyone that OMB is a
terrible choice for this role.
10. The legislation should not become embroiled with battles
over OMB's powers to review federal regulations or the
federal government's authority to require firms to post
health and safety notices. These are important issues, but
when the legislation embraces these issues no one pays any
attention to the information dissemination issues. Federal
information policy is too important to be decided in an
environment where every move is determined by players who do
not care or know about information policy issues.
In my mind, the Owens bill addresses these issues better than the
PRA. Perhaps it is possible to incorporate features of the Owens
Bill in the PRA legislation, while avoiding the negative baggage
that the Paperwork Reduction Act carries with it. I'm not
convinced, but I have an open mind.
------------------------------
Date: 18 Jan 92 11:55:48 GMT
From: nick@KRALIZEC.ZETA.ORG.AU(Nick Andrew)
Subject: File 7--Re: Cud 402--Law Enforcement, the Government & You
Jon Pugh <jpugh@APPLE.COM> writes:
> If you were assigned to track down computer criminals and you
>didn't know a bit from a scuzzy disk controller, where would you start
>looking? On bulletin boards and at computer club meetings, of course.
The above statement presupposes that "where there are bulletin boards
and computer club meetings, there is computer crime". That may be true
in certain places, however for the general case it is certainly
incorrect.
If I might make an analogy, it is akin to the logic of saying "People
sometimes smoke Grass. Most people who smoke Grass drive cars.
Grass-smoking drivers often carry Grass in their cars. So therefore we
should search a lot of cars at random, in the hope of finding Grass
smokers."
The analogy leads to an undesirable situation - that of law officials
interfering with people going about their business and searching their
personal property without any suspicion of wrongdoing. They _hope_ to
find grass, and they know if they stop 1 car in X, they will find
some.
The situation with computer hobbyists is as undesirable. Nobody wants
law officials peeping into computer clubs trying to find a hint of
wrongdoing. The logic is backwards. Firstly find the wrongdoing - the
crack, or phreaking, then work towards the perpetrator. Not the other
way around.
------------------------------
Date: Sat, 25 Jan 1992 11:27:32 -0500
From: Craig Neidorf <kl@STORMKING.COM>
Subject: File 8--The Harsh Reality of Life
THE HARSH REALITY OF LIFE
by Craig Neidorf kl@stormking.com
January 18-19, 1992 marked the two-year anniversary of my visit from
and subsequent raid by the United States Secret Service, Southwestern
Bell Security, and the University of Missouri Police Department.
The publicity and attention that once surrounded United States v.
Craig Neidorf has long been over, and; for most people involved life
has returned to normal and those events are history.
Unfortunately things are not quite as simple for me.
After my trial concluded, I went back to school at the University of
Missouri, and hit the books hard. I earned a 4.0 (straight A average)
that semester, focusing on political science and pre-law courses. I
did almost as well the following spring and summer semesters. I
graduated on August 2, 1991.
However, my legal bills remained very high. In fact, my parents and I
still owe close to $50,000.
I have always been uncomfortable with the idea of actually making a
direct appeal to people to send donations in to my defense fund, but
over the last year and a half, my idealism about the future has faded
and been replaced with reality.
At the end of my trial, my legal fees totaled about $108,000 and this
figure does not include travel expenses in going back and forth to
Chicago from St. Louis and Columbia or any other related expenditures
that I had to make during that 7 month period.
- This figure does not include the money I lost by having to drop most
of my classes at the University of Missouri that semester because I
could not consistently attend class during my ordeal.
- This figure does not reflect the pain and suffering that my family
and I were put through by a malicious and ignorant prosecutor and
other similarly unpleasant people at Bellsouth, Illinois Bell,
Bellcore, and AT&T.
- This figure does not include the traumatic incidents of my
suspension from the Zeta Beta Tau fraternity or the threats of
expulsion I received from the Chancellor's office of the University
of Missouri.
- And finally this figure does not include the additional $900 I had
to spend to finally get my arrest records expunged. That fee could
and should have been avoided altogether except as with the trial,
William Cook (the assistant U.S. attorney) opposed my motion for
expungement and so several more motions and court appearances were
necessary for me to achieve victory.
The number one MYTH about my legal fees is that they were paid by the
Electronic Frontier Foundation. This is complete fiction. Although I
appeared to have been somewhat of a spokesperson and "poster-child"
for the EFF throughout 1990 and 1991, and despite what you may have
read anywhere else, there were no monetary contributions granted to me
by that organization. NONE. There was a private and very generous
donation made by Mitch Kapor personally, but this is separate from the
EFF.
EFF did pay for some legal motions to be filed in my case regarding
the First Amendment, but since these motions were denied, they
impacted only slightly on the outcome of my trial. The most
beneficial outcome of the EFF's involvement with my case was the
general increase in awareness in the community at large to the issues
my case presented.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Well more than a year has passed since the day my trial ended...
My entire life savings that I had stored for college and law school
was needed as a downpayment on my legal fees and my parents of course
had to give up most of their savings as well. A payment plan was
arranged over what looks to be a 10 year period. We had no choice,
but to accept that these were the cards life had dealt us and after
all things could be much worse. I have my health and my freedom (such
as it is) and such things are worth more than money.
However, I am a young person starting out in life. I have applied to
several law schools across the country, both public and private.
Unfortunately, after reviewing my financial options, I have discovered
that the expense of a legal education may now place it very far beyond
my means.
Like a very large number of Americans, the recession has hit home,
putting my father out of work and keeping my mother in a job beneath
her talents.
It seriously pains me to have to do this, but trust me when I tell you
that I've thought about this for a long time. I need YOUR HELP to get
my legal bills paid. I need to be able to live my life without this
debt hanging over my head. There are at least 343 people on the
Phrack emailing list alone: If each person only contributed $30 it
would save me over $10,000. You see helping me out is not beyond the
reach of our community if we all work together. Consider it an
investment in your future, because what happened to me can happen to
anyone and with a legal education I'll be back to return the favor.
If you find that you can afford to help me, you have my most sincere
thanks and appreciation. I know a lot of you are in tight financial
situations like me and can sympathize with what I am going through.
If you are unable to help me because you are having problems of your
own then you have my sympathy as well.
Please make checks or money orders payable to: Katten, Muchin, &
Zavis
Send them to: Sheldon Zenner
Katten, Muchin, & Zavis
525 West Monroe Street
Suite 1600
Chicago, Illinois 60606-3693
And do not forget to write my name in the memo section or enclose a
letter explaining what the check is for. If you neglect to do that,
KMZ will not credit my account for the amount of the check.
PS - I'd also appreciate any tips or leads on potential sources of
financial aid, grants, and scholarships available for an aspiring law
student.
------------------------------
From: anonymous@name.deleted
Subject: File 9--Len Rose seeks Unix work upon release
Date: 23 Jan 92 06:03:13 GMT
((Readers might be interested in the following posted on the nets
by Mark Hittinger--a.a.))
>From time to time I've corresponded with Len Rose, mostly trying to
get him through his bad times and to get him thinking about the future
in the right way.
Time does fly when you are having fun, even the time you make a plea
bargain for. It is time for Len to start thinking about employment so
I'm posting an "ad" that Len wrote. Len does not know where in the
"food chain" he may find himself, so the chance to obtain heavy Unix
time at a discount exists! Len will very much appreciate any leads or
offers. He's got two little ones at
home.
Unix work desired.
Systems administration or general consulting.
Will be released from Federal prison soon.
(See Computer Underground Digest Archives or the Electronic Frontier
Foundation Archives for more details).
Extensive experience: System V, AIX (RS/6000), SCO
Communications: TCP/IP, UUCP, ect.
'C' programming language.
Security auditing, general system administration.
Extensive 'anti-hacker' experience.
Extensive MS-DOS background.
Heavy hardware experience including installations from the ground up.
Willing to travel widely, relocation at your desire, including international.
Please send inquiries to:
Len Rose/27154-037
FPC Seymour Johnson AFB
Caller Box 8004, PMB 187
Goldsboro, NC 27531-8004
------------------------------
End of Computer Underground Digest #4.04
************************************
Computer underground Digest Wed, Feb 5, 1992 Volume 4 : Issue 05
Moderators: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Associate Moderator: Etaion Shrdlu
CONTENTS, #4.05 ( Feb 5, 1992)
File 1: US West / Oregon PUC Hearing Summary
File 2: US West / Oregon BBS Rate Case
Issues of CuD can be found in the Usenet alt.society.cu-digest news
group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG,
and DL0 and DL12 of TELECOM, on Genie, on the PC-EXEC BBS at (414)
789-4210, and by anonymous ftp from ftp.cs.widener.edu (147.31.254.132),
chsun1.spc.uchicago.edu, and ftp.ee.mu.oz.au. To use the U. of
Chicago email server, send mail with the subject "help" (without the
quotes) to archive-server@chsun1.spc.uchicago.edu.
NOTE: THE WIDENER SITE IS TEMPORARILY RE-ORGANIZING AND IS CURRENTLY
DIFFICULT TO ACCESS. FTP-ERS SHOULD USE THE ALTERNATE FTP SITES UNTIL
FURTHER NOTICE.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to the
Computer Underground. Articles are preferred to short responses.
Please avoid quoting previous posts unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: 29 Jan 92 19:13:44 CST
From: Telecom Digest Reprint (telecom@eecs.nwu.edu)
Subject: US West / Oregon PUC Hearing Summary
(Attempts by telecom companies to increase rates for BBSs by
classifying them as businesses continues to plague hobbyists. Most
states have multiple companies serving customers, so there is no
consistent policy within a given state. In Illinois, for example, GTE
(formerly Contel) has had a BBS-as-business policy for several years
but has never enforced it. Because GTE only recently took over Contel,
it is unclear how they will act in the future, but Contel
spokespersons indicated last summer that they only raised the issue if
somebody brought it to their attention, and no one could think of an
Illinois BBS that paid business rates. In the past year, other state
public utilities commissions (PUCs) have authorized telecos to charge
BBSs with business rates (eg, Indiana, Michigan), and the issue is
currently alive in Illinois.
The following summary of the Oregon Public Utility Commission hearings
addressing BBS rates is reprinted from Telecom Digest. Telecom Digest
is the best source for technical and other information on
telecommunications, and is accessible either through usenet
(comp.dcom.telecom) or from the TD mailing list (contact the
moderator, Pat Townson).
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
(Forwarded from Fidonet echo PNB-BELL)
Message #1241 "PNB.Bell"
Date: 29-Dec-91 10:53
This was posted by Bob Covington who was there:
NOTES ON PUC HEARING (Wagner vs. US West) - 12/10/91
REFERENCES:
ORS 759.210
Rules and Regulations Section 12 (Tariff Agreement)
Schedule 1-A
US West Interogatory Document
In attendance:
13 Portland Sysops
2 Salem Sysops
-Bob Covington
-Jeff Heistand
3 US West Representatives
-Mr. Holmes, Attorney
-Jeff Pennington, Regulatory Manager/PUC Liaison
Points raised by US West:
1. First Choice BBS has 618 users. Sysop does not personally
participate in all conferences (500+) nor read all messages, nor
correspond with all users. BBS is open to "all comers" and therefore
isn't for personal use or interest of the subscriber.
2. US West views BBS's as "Bulletin Board Services" and refers to
users as "customers."
3. Whether a BBS charges a subscription/membership fee or takes
donations isn't an issue for US West. A BBS is not residential under
the Tariff section saying "... or use of the service is not obviously
limited to domestic use." "Domestic use" may involve phone subscriber
and household members only. Allowing the public to use a BBS is
therefore not interpreted as "domestic use."
4. Residential rates are insufficient to recover costs of service.
Domestic rates are subsidized by 44% in an attempt to comply with
legislation calling for "universal service" (ie: access to phone
service to all citizens). Business rates are adjusted to recover full
costs of service. Residential rates (both measured and flat rate) are
discounted 44%.
5. BBS calling patterns meet the definitions for that associated with
business use. Rates are set based on volume, whether calls originate
or terminate at "premise" (phone location), and other factors. High
volumes of calls cost US West more to service than residential use.
Business rates are charged to United Way, Boy Scouts, churches and
others for similar non-residential use.
6. Asking for residential rates for a BBS is "asking all subscribers
to subsidize your hobby." It is unfair to ask "full cost recovery"
subscribers to subsidize residential BBS's.
7. End users (those calling BBS's with modems) are making personal
calls and are not affected by US West's position on BBS use. Calls
originate from the subscriber's phone when a BBS is called. But calls
terminate at the BBS phone. The number of terminating calls is a key
factor in determining rate charged.
8. Higher usage means higher costs for US West. Measured service
costs US West more to maintain than flat-rate service, due to the cost
of call counting equipment and billing on a per call basis.
9. BBS's "go beyond the definition of immediate household use."
They provide a service to the public at large without any
attendance or involvement of the [phone] subscriber.
10. US West does not see a need to establish other subscriber billing
levels since BBS use is clearly non-residential. Although they do
have a rate higher than residential but lower than business called
"Teen Link" which provides enhanced phone services.
11. Service costs decrease up to the previous number of installed
lines. The number of lines included in a "drop" is determined by
demographics, intended use, expected growth and other factors. Older
neighborhoods tend to have only two lines laid ... while newer larger
complexes have five lines standard. Once capacity is reached, US
West's costs increase to provide more lines, and at residential rates
these costs are not recoverable.
12. US West does not keep records of calls for flat-rate subscribers,
but does for metered-rate subscribers.
13. "BBS use is a new issue with US West." And they intend to make
adjustments to those subscribers pending the outcome of this case.
New subscriber installations for BBS use at this time are now charged
non-residential rates automatically if they are aware of such use.
14. BBS's provide an opportunity for business transactions through
"For Sale" conferences, or in messages. Unless sysops read all
messages and have policies prohibiting any advertising, marketing or
sales activities online ... then there is no guarantee that business
isn't being conducted.
15. If a caller is confronted with the name of the BBS rather than a
person's voice, then residential use is suspect. A BBS name, for this
purpose, is the same as a business name.
16. There is no truth in the idea that US West is trying to put BBS's
"out of business" or that they are in competition with any proposed
services they may offer. US West is interested in not allowing
residential BBS's to be subsidized when their use is non-residential.
Questions Raised by Hearings Officer:
1. Is the phone answered by person or by machine?
2. Does any advertising, small business marketing, or sales activity
ever take place on the BBS? (excepting the equivalent of "Nickle
Ads")
3. Are any fees of any kind collected? Are any donations or other
income received in connection with BBS operation?
4. Are business contacts or referrals ever made in relation to
operation of the BBS? Is there any contact with customers or
potential customers on the BBS?
5. Do shareware files downloaded from a BBS require payment? Are
shareware files on the BBS written by "amateurs" in their spare time,
or by professionals?
6. Do any of the echo conferences include advertisements for products
for sale, or does any ordering of products take place?
Timeline/Follow-ups:
Hearings Officer ordered transcript. Will be available in 3-4 weeks.
PUC staff will research whether any previous decision relating to this
case are on file.
Opening Briefs due no later than 1/14/91.
US West final written comments due by 1/24/91.
Additional public comment accepted for 30 days from date of hearing.
By Bob Covington
++++++++++++++++++++++++
And here is a post by Bob listing the part of the tariff agreement
which US West is basing their claims and case on:
On August 22, 1987, the following section of "Rule and Regulation 12"
applying to US West's Business and Residence Service was adopted as
PUC Order No. 5:
A. GENERAL
The applicability of business and residence rates is governed by
the actual or obvious use made of the service. The use which is
to be made of the service will be ascertained from the applicant
at the time of application for service.
1. Business rates apply at the following locations:
A. In offices, stores, factories and all other places
of a strictly business nature.
B. In boarding houses and rooming houses with more than
five rooms available for rent (except as noted under 2.)
colleges, clubs, lodges, schools, libraries, churches,
lobbies and halls of hotels, apartment buildings,
hospitals, and private and public institutions.
C. At any location when the listing of "office" is provided
or when any title indicating a trade, occupation or
profession is listed (except as modified under the
directory listing schedule) and at any location
classified under 2., regardless of the form of listing
when extension service is provided to a place not a
part of a domestic establishment.
D. At residence locations when the customer has no regular
business telephone service and the use of the service by
himself, members of his household, or his guests is for
the purpose of conducting a business, trade, or
profession, or whose use of the service is obviously not
confined to domestic use.
E. In general, at any place where the substantial use of the
service is occupational rather than domestic.
2. Residence rates apply in locations where customers reside
and whose substantial use of the service is domestic and not
for purposes of conducting business.
3. If it is found that a customer is using residence service
for business purposes, the Company will require the customer
to take business service, except in cases where the customer
use of the service is primarily for social or domestic
purposes. Customers moved from residential to business
service will be notified by the Company of their right of
appeal with the Public Utility Commission of Oregon.
Aside from the sexist language in Section D ("himself," "his"), US
West is clearly focusing (in this case at least) on proving that
because a sysop does not personally know, or have contact with all
callers to his/her BBS, that it is not "domestic use." And that it is
the electronic equivalent of the types of locations mentioned under
Section C if the BBS provides public access.
Of course, my reading of these same sections clearly tells me that a
residential BBS does NOT fall under any stretch of the "business"
definitions herein.
Just wanted to get these online for those interested.
Hope this helps anyone.
++
"Lightfinger" Rayek's Friendly Casino: 206/528-0948, Seattle, Washington.
------------------------------
Date: Thu, 30 Jan 92 09:55:46 PDT
From: lorbit!walter_s@UCBVAX.BERKELEY.EDU(Walter Scott)
Subject: US West / Oregon BBS Rate Case
SysOps in Oregon are facing what Texas SysOps faced and fought
not long ago -- rate hikes for BBS phone lines. The reasons for this
action seem similar to what many suspected of SouthWestern Bell in
1988. Like SWB at that time, US West is preparing to initiate its new
gateway in several cities -- Portland, Oregon included -- over the
next 2 or 3 years. These new "COMMUNITY LINK" gateways follow up 2
operational gateways in Omaha and Minneapolis. Could US West be
attempting to feather it's "Community Link" bed, and could the BBS
community of more than one state be at risk?
Last Fall, US West in Oregon notified SysOp Tony Wagner of First
Choice Communications that he would have to pay business rates on his
3 BBS phone lines. In a letter received from the company, Wagner was
informed that US West considers bulletin board systems a business, and
that their view is supported by Oregon tariffs covering business and
residential service. Wagner filed a complaint at the Oregon Public
Utility Commission in October, 1991 asking that US West be prevented
>from charging him business rates on his 3 BBS phone lines.
A hearing was held in December by the Oregon PUC to take
testimony on Wagner's complaint. US West presented testimony that
asserted BBS operation is not consistent with Oregon's tariff on
residential service. US West's witness, Jeff Pennington, focused on
tariff language that describes and ostensibly requires primarily
"domestic use" of a residential phone line.
On January 14, 1992, US West filed an opening brief in the Wagner
case (Oregon PUC Docket # UC-205). The brief amplifies on the concept
of domestic use of residential phone lines from US West's perspective.
In so doing, the brief clearly states that operation of a bulletin
board system is a business practice, and that it is irrelevant to
consider whether the SysOp receives any compensation from or for the
operation of his/her system. To support this notion, the brief makes
an analogy to United Way, who must pay business rates for phone lines
used by the organization. The brief continues with an analysis of
perceived intent of the tariff for residential service -- claiming
that use of of a domestic nature and of personal benefit to household
members and guests in residence are solely within the scope of
residential use of a phone line.
US West denies that there is any connection between charging
business rates on BBS phone lines in Oregon and the impending gateway
slated for Portland. The timing is enough to at least plant a seed of
doubt. There is also concern as to whether US West is poised to
attempt rate hikes in other states within the company's operational
sphere. It's important to appreciate what is happening in Oregon, and
what could happen elsewhere. For this reason, SysOps in US West
territory may wish to read the following text from the US West brief
mentioned above. This partial text of the brief excludes ONLY
footnotes and attached documents.
====================== TEXT BEGINS =====================
BEFORE THE PUBLIC UTILITY COMMISSION OF OREGON
UC-205
STUART ANTHONY WAGNER, )
) OPENING BRIEF OF
Complainant, ) US WEST COMMUNICATIONS, INC.
)
v. )
)
US WEST COMMUNICATIONS, INC. )
)
)
_____________________________)
I. INTRODUCTION
---------------
This proceeding is to determine whether U S West Communications,
Inc. (hereinafter "USWC") may charge its tariffed business rates for
telephone service that complainant Stuart Anthony Wagner uses solely
to provide bulletin board (hereinafter "BBS") services. USWC
respectfully requests this commission to determine that (1) q�Mr.
Wagner's BBS service is "not obviously confined to domestic use" of
USWC's network as that phrase is set forth in the company's tariff,
and (2) USWC may bill Mr. Wagner at its business rates for telephone
lines used in connection with his BBS services.
II. SUMMARY OF PROCEEDINGS
--------------------------
A. ELECTRONIC BULLETIN BOARDS DEFINED.
----------------------------------
Electronic BBSs are a network of personal computers that carry
typed information via the public switched telephone network. Users
access BBSs to transmit and receive messages on topics ranging from
restaurant reviews to adult entertainment. Systems are linked through
large networks such as FidoNet that permit communication among users
all over the World. Mr. Wagner testified that "about three thousand
systems are tied into mine alone, the FidoNet, which is a very small
network and that's just in the U.S. I think, without exception, BBS is
tied into every country in the World."
Mr. Wagner is a system operator for a BBS entitled "First Choice
Communications." Its stated purpose is to provide information that
helps subscribers "with understanding communications using modems and
BBS systems." In fact, users who access Mr. Wagner's system may
research, communicate and interact within 530 messages areas or
"conferences". These conferences cover a wide range of topics; for
example, "fight bell" links individuals wishing to discuss the bell
system and Saudi Net coordinated communication of the Persian Gulf
War. Mr. Wagner collects, stores and disseminates this information on
three "IBM CLONE" personal computers that he maintains at his Portland
residence.
B. HISTORY OF PROCEEDINGS.
----------------------
USWC currently charges Mr. Wagner its tariffed business rates for
the three telephone lines used to maintain his BBS. On October 21,
1991 Wagner filed his complaint with the Oregon Public Utility
Commission (PUC), appealing USWC's rate decision. Mr. Wagner contends
that because he accepts no money for access to First Choice
Communications, USWC must bill his three BBS lines at tariffed
"residence" rates. The PUC set hearing and took testimony on Mr.
Wagner's complaint on December 7, 1991.
III. ARGUMENTS
---------
A. USWC'S TARIFFS REQUIRE THAT BBS OPERATORS BE CHARGED
----------------------------------------------------
BUSINESS RATES.
--------------
USWC is compelled under its tariff to bill Mr. Wagner's three
First Choice Communications lines at business rates. Oregon Tariff
Rule and Regulation 12 (a) provides
The applicability of business and residence is
governed by the actual or obvious use made of the
service. The use which is to be made of the service
will be ascertained from the applicant at the time
of application for the service.
(1) Business rates apply at the following locations.
* * *
(d) At locations where the customer has no
regular business telephone service, and the
use of the service by himself, members of
his household, or his guests is for the
purpose of conducting a business, trade, or
profession, or whose use of the service is
obviously not confined to domestic use.
(e) In general, at any place where the
substantial use of the service is
occupational rather than domestic.
(2) Residence rates apply in locations where
customers reside and substantial use of the
service is domestic and not for the purpose of
conducting business.
(3) If it is found that a customer is using
residence service for business purposes, the
company will require the customer to take
business service, except in cases where the
customer use of the service is primarily for
social or domestic purposes. Customers moved
from residential to business service will be
notified by the company of their right of
appeal with the Public Utility Commission of
Oregon.
This case is one of first impression in Oregon.
USWC's witness, Mr. Jeff Pennington, testified on how USWC
determines whether a use is domestic for billing purposes.
What is anticipated by the company in the term
domestic use is that the use be confined to the
subscriber, his immediate family and members of
his household. In other words, a domestic setting.
This interpretation comports clearly with the ordinary dictionary
definition of the term "domestic": "belonging to the family, house or
household." WEBSTER'S ILLUSTRATED CONTEMPORARY DICTIONARY 211
(Encyclopedia Edition, 1984)
In contrast, Mr. Wagner's testimony clarifies that his BBS
services are not domestic in character. First, Mr. Wagner has
announced the availability of First Choice Communications to the
general community of users through USWC's network. He wants to "tell
people I have a BBS up and running and people start calling over a
period of time. It can get to be quite voluminous." Mr. Wagner's
active solicitation is clearly more akin to business rather than
domestic use.
Second, Mr. Wagner does not read all of the mail that passes
through his BBS; in fact, he has testified that it would be impossible
to do so. Mr. Wagner admits further that he has no personal interest
in all of the messages he carries and transmits, and that he has "no
doubt" that some users use the system as a marketing tool. This lack
of awareness of the information carried on his telephone lines
mitigates against his claim that his use is purely domestic.
Finally, Shareware, or commercial software that the creator or
programmer wishes to advertise for anyone who wishes to pay, is
available on most BBSs. Carrying products that people may purchase is
much more similar to business than domestic use. Whether or not users
actually purchase Shareware appears irrelevant; USWC is not required
to charge business rates only when product offerings are successful.
In sum, Mr. Wagner provides a service that he advertises as
openly available; he receives and transmits voluminous calls and
messages in which he takes no personal interest and which would be
impossible for him to read; he carries programmers who advertise
Shareware; and he admits there is no effective way to police whether
"millions of users" are offering services for money. USWC can only
conclude that Mr. Wagner's network use is not "obviously domestic,"
and must charge its business rates for Mr. Wagner's BBS lines.
Mr. Wagner states his case for residence rates by arguing that
he does not profit by or charge users for his services. That may be
true, but one can think of any number of entities properly charged
business rates, such as United Way, who can make that claim.
It is the nature of Mr. Wagner's operation as a service
advertised and provided to others, involving information in which he
takes no personal interest, transmitted for others' benefit, that
takes his activity out of any rational definition of domestic use.
B. MR. WAGNER'S POSITION UNDERCUTS THE PUC'S OBLIGATION TO
-------------------------------------------------------
SET RATES BASED PARTIALLY ON NETWORK USE.
----------------------------------------
Oregon telephone rates are classified as either
business or residence pursuant to ORS 759.210(1):
The commission shall provide for a comprehensive
classification of service for each
telecommunication utility and such classification
may take into account the quantity of use, the time
when used, the purpose for which used, the
existence of price competition or a service
alternative, the service being provided, the
conditions of service, and any other reasonable
consideration.
In view of this directive, residence rates are set with ordinary
residential consumers in mind. While this use admittedly varies from
household to household, (e.g., a household with two teenagers can be
expected to make greater use of the network than one of a two career
couple that is rarely home), residential pricing generally reflects a
use that is substantially less intense than that of a business. The
voluminous amount of information Mr. Wagner testified is carried
through the network both by callers dialing into his BBS and by
callers leaving information to be retrieved by others is clearly not
contemplated. Residence rates are therefore an improper vehicle for
recovering costs associated with Mr. Wagner's use of USWC's network.
C. BILLING MR. WAGNER'S BBS LINES AT BUSINESS RATES
------------------------------------------------
PROMOTES THE OREGON LEGISLATURE'S GOAL OF UNIVERSAL
---------------------------------------------------
TELEPHONE SERVICE.
-----------------
The Oregon Legislature's goal of universal telephone
service is furthered by USWC's decision to charge Mr.
Wagner business rates. ORS 759.015 provides:
The Legislative Assembly finds and declares that it
is the goal of the state of Oregon to secure and
maintain high-quality universal telecommunications
service at just and reasonable rates for all
classes of customers and to encourage innovation
within the industry by a balanced program of
regulation and competition. The commission shall
administer the statutes with respect to
telecommunications rates and services in accordance
with this policy.
To promote the Legislature's goal, basic residence service is
billed at artificially low levels and subsidized by other services. As
Mr. Pennington testified, that is so as many domestic users as
possible can participate in telecommunications.
USWC cannot provide unprofitable service to everyone however.
Thus, the definition of the "domestic use" that is entitled to
residential rates is properly construed as a somewhat limited
exception to USWC's general rate structure. There is no evidence that
the Legislature intended that BBS service providers should have their
hobbies subsidized by other ratepayers. By charging Mr. Wagner
business rates, moreover, USWC enhances its ability to provide
services to true residential users regardless of income level.
IV. CONCLUSION
----------
Oregon law mandates providing universal access for telephone
customers, with some correlation between the amount of expected use
and the prices to be charged. Residential rates are set with the
ordinary household in mind, and cover the expected domestic use of
that household. These rates are not set to cover incoming transmission
of information and outgoing transmission of information that is not
for the customer's own benefit. Mr. Wagner's service is basically a
"pass through" that allows considerable network use at subsidized
rates. Under these circumstances, Mr. Wagner's position that he is
entitled to residence rates is inconsistent with Oregon law and
policy. This commission should order that Mr. Wagner's BBS services
are not a domestic use and that Mr. Wagner must pay USWC's business
rates as appropriate under its tariff.
Dated this 13th day of January, 1992
---- -------
------------------------
Steven Holmes OF Attorneys
for US West Communications Inc.
================ TEXT ENDS ================================
A full copy of US West's opening brief may be obtained from the
Oregon PUC by calling the OPUC at 503-378-6678. Ask for Judith Legg
and tell her that you wish to have a copy of the opening brief from US
West in docket #UC-205. There will be a minimal charge for mailing
the document. Check before you make your request. Written comments
may be submitted to the hearing examiner in the Wagner case by Oregon
residents who have something relevant and in evidence to submit.
SysOps whose phone rates might be impacted if US West's arguments
prevail are prime candidates to submit comments. Take care to follow
PUC procedures to the letter in filing comments. Contact the Oregon
PUC at the number above for details on same.
Walter Scott
--
"Lightfinger" Rayek's Friendly Casino: 206/528-0948, Seattle, Washington.
------------------------------
End of Computer Underground Digest #4.05
************************************
Computer underground Digest Mon, Feb 10, 1992 Volume 4 : Issue 06
Moderators: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Associate Moderator: Etaion Shrdlu
CONTENTS, #4.06 ( Feb 10, 1992)
File 1: Bust of "NotSoHumble Babe" / USA
File 2: Keystone Stormtroopers
File 3: Fine for "Logic Bomber"
File 4: Re: Newsbytes on the Oregon BBS Rates Case
File 5: Calif. "Privacy [& Computer Crime] Act of 1992"
File 6: DIAC-92 Workshop Call for Paraticipation and Workshop Guidelines
Issues of CuD can be found in the Usenet alt.society.cu-digest news
group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG,
and DL0 and DL12 of TELECOM, on Genie, on the PC-EXEC BBS at (414)
789-4210, and by anonymous ftp from ftp.cs.widener.edu (147.31.254.132),
chsun1.spc.uchicago.edu, and ftp.ee.mu.oz.au. To use the U. of
Chicago email server, send mail with the subject "help" (without the
quotes) to archive-server@chsun1.spc.uchicago.edu.
NOTE: THE WIDENER SITE IS TEMPORARILY RE-ORGANIZING AND IS CURRENTLY
DIFFICULT TO ACCESS. FTP-ERS SHOULD USE THE ALTERNATE FTP SITES UNTIL
FURTHER NOTICE.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to the
Computer Underground. Articles are preferred to short responses.
Please avoid quoting previous posts unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: 8 Feb 92 17:31: 39 CST
From: Moderators (tk0jut2@mvs.niu.edu)
Subject: File 1--Bust of "NotSoHumble Babe" / USA
The recent busts of three persons in the Detroit and Los Angeles areas
for alleged carding, theft, software copyright violations and fraud
raise a number of issues of CU relevance. Because of misinformation
circulating on the nature of the case, we summarize what we know of it
below. "Amy" (handle: "NotSoHumble Babe") was busted on her birthday,
and is not untypical of many CU types, so we focus on her.
1. "Amy" was busted on Jan 30, in Farmington Hills (Mi), by local,
state, and federal agents. There were reportedly up to 20 agents.
The large number was because there were several from each
department, including the FBI, SecServ, Mi State police, and
others. They reportedly showed no warrant, but knocked on the door
and asked if they could come in. When "Amy" said "yes," they burst
(rather than calmly entered) with weapons, including
"semi-automatics." Her boyfriend was reportedly asleep, and the
agents awakened him with a gun to his head. The agent in charge
was Tony Alvarez of the Detroit SecServ.
2. There has been no indictment, but the agents indicated that charges
would include theft, fraud, and copyright violations. (software
piracy and carding). The initial figure given was a combined $20,00
for the three ("Amy," "Tom," and Mike").
3. All equipment was confiscated, included "every scrap of paper in
the house. She was informed that, whatever the outcome of the case,
she would not receive the equipment back and that it would be kept
for "internal use."
The above account differs dramatically from one given by "anonymous"
in "Phantasy #6," which was a diatribe against the three for
"ratting." However, the above account seems fairly reliable, judging
from a news account and a source close to the incident.
"Amy" is 27, and reported to be the head of USA (United Software
Alliance), which is considered by some to be the current top
"cracking" group in the country. If memory serves, "ENTERPRISE BBS"
was the USA homeboard. She was questioned for about 10 hours, and
"cooperated." She has, as of Saturday (Feb 9) *not* yet talked to an
attorney, although she was put in contact with one late Saturday. The
prosecutor in Oakland County is the same one who is prosecuting Dr.
Kavorkian (of "suicide machine" fame). He has a reputation as
excessively harsh, and his demeanor in television interviews does not
contradict this.
The other two defendants, "Mike/The Grim Reaper," and "Tom/Genesis"
are from the Detroit and Los Angeles areas.
What are the issues relevant for us?
My own radiclib concern is with over-criminalization created by
imposing a label onto a variety of disparate behaviors and then
invoking the full weight of the system against the label instead of
the behaviors. It is fully possible to oppose the behaviors while
recognizing that the current method of labelling, processing, and
punishment may not be wise. Len Rose provides an example of how
unacceptable but relatively benign behaviors lead to excessive
punishment. This, however, is a broader social issue of which
computer-related crimes is simply a symptom.
Of more direct relevance:
1) It appears that the continued use of massive force and weaponry
continues. We've discussed this before in alluding to cases in New
York, Illinois, Texas, and California. The video tape of the bust
of the "Hollywood Hacker" resembles a Miami Vice episode: A
middle-aged guy is confronted with an army of yelling weapons with
guns drawn charging through the door. Others on the board have
reported incidences of being met with a shotgun while stepping out
of the shower, a gun to the head while in bed, and (my favorite) a
15 year old kid busted while working on his computer and the
agent-in-charge put her gun to his head and reportedly said, "touch
that keyboard and die." The use of such force in this type of bust
is simply unacceptable because of the potential danger (especially
in multi-jurisdictional busts, which reduces the precision of
coordination) of accidental violence.
2. Until indictments and supporting evidence are made public, we
cannot be sure what the occured. But, it seems clear that, for
"Amy" at least, we are not dealing with a major felon. Carding is
obviously wrong, but I doubt that, in situations such as this,
heavy-duty felony charges are required to "teach a lesson," "set
an example," and re-channel behavior into more productive outlets.
3. We can continue to debate the legal and ethical implications of
software piracy. There is a continuum from useful and fully
justifiable "creative sharing" to heavy-duty predatory rip-off for
profit. This case seems to be the former rather than the latter.
There is no sound reason for treating extreme cases alike.
3. We should all be concerned about how LE frames and dramatizes such
cases for public consumption. The Farmington newspaper gave it
major coverage as a national crime of immense proportions. We
should all be concerned about how piracy cases are handled, because
even extreme cases have implications for minor ones. Does
possession of an unauthorized copy of Aldus Pagemaker and Harvard
Graphics, collective worth more than $1,000, really constitute a
major "theft"? We have seen from the cases of Len and Craig how
evaluation of a product is inflated to justify indictments that
look serious but in fact are not.
I'm not sure what purpose it serves to simply assert that people--even
if guilty of carding or piracy--should "get what's coming to them"
without reflecting on what it is they get and why. The issue isn't
one of coddling or protecting "criminals," but to examine more
carefully what kinds of computer-related crimes should be
criminalized, which should be torts, and which should be accepted as
minor nuisances and--if not ignored--at least not criminalized.
To give the dead horse one last kick: I am not arguing that we condone
behaviors. I am only suggesting that we reflect more carefully on how
we respond to such behaviors. I do not know the circumstances of "Tom"
and "Mike," but "Amy's" case raises many issues we can address without
condoning the behavior.
------------------------------
Date: Mon, 20 Jan 92 07:56 EST
From: "Michael E. Marotta" <MERCURY@LCC.EDU>
Subject: File 2--Keystone Stormtroopers
GRID News. ISSN 1054-9315. vol 3 nu 3 January 19, 1992.
World GRID Association, P. O. Box 15061, Lansing, MI 48901 USA
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
(74 lines) SPA: Jackboot Fascists or Keystone Kops?
(C) 1992 by Michael E. Marotta
Suddenly the doors burst open! US marshals take the Acme Inc.,
employees by surprise!! "Nobody move! Keep your hands away from
those keyboards!" yells the copper. "Oh my gosh! It's the SPA!!"
"Quick stash the disks!!" This 50s cartoon is the cover story of
the June 17, 1991 issue of Information Week, "The Software
Police." Inside is the story of the Software Publishers Associa-
tion. There is nothing laughable about the $90,000 paid to SPA by
IPL, the $100,000 paid by Entrix, the $17,500 paid by Healthline,
the $350,000 paid by Parametrix. At SnapOn Tools, three US
Marshals and an SPAer spent two days going through every one of
280 PCs with their special audit package. Then the burden of proof
shifted to SnapOn to produce purchase orders, manuals, invoices
and asset tags.
"GOVERN-MENTALITY" The SPA claims a staff of 18 to 23 and a
budget of $3.8 million. I had to call three times to get the free
audit program, SPAudit. They also offer to sell a video "It's
Just Not Worth the Risk" for $10 but my three voicemail requests
(Nov, Dec 91 & Jan 92) for this tape were not answered.
+ People with govern-mentality are below norm and the program
SP+Audit underscores this fact.
+ First of all, the README file was created with WordPerfect 5.
Using LIST or TYPE gets you ascii garbage and uneven formating
am+id the text. If you want to view the README file, the
instructions tell you:
+ A) To display on screen type TYPE A:README:MORE
which is bad documentation and doesn't work. Hardcopy reveals the
same problems and when you get to the bottom of the page, you find
that the last few lines print over each other. Apparently, the
typist used the cursor keys to position the text, because it lacks
some necessary LFs (ascii 0A).
+ I created four dummy files 123.EXE, MSDOS.SYS, PROCOMM.EXE and
SK+.COM which are found in the PIF.TXT file of over 600 software
names. The files I created said:
"The problem of copyright looks somewhat different the moment one
accepts copying technology as uncontrollable." Michael Crichton.
+ Then I made more copies at lower directory levels. SPAudit
was indeed able to search down eight directory sublevels to find
copies. However, when I went to print these, the program produced
ascii garbage. It failed on
C:+\123\MIKE\ANOTHER\DEEPER\NEMO\PLUTO\CHIRON\DANTE\ORPHEUS being
unable to print beyond \NEMO.
+ Overall, the SPA proves itself unable to manage PC technology.
This lack of quality is not surprising. No matter how much you
pay for software, you know that the seller "makes no claim of
merchantability or fitness for a particular use..." and won't be
liable for "direct, indirect, special, incidental or consequential
damages arising out of the use or inability to use the software or
documentation." That is the disclaimer which comes with SPAudit.
+
"CATCH-22" Following SPAudit guidelines means that you can't
have more than one copy of a program on one computer. Also, all
oF the CARMEN SANDIEGO games run from CARMEN.EXE. The audit
thinks it is looking for EUROPE but will also trip on WORLD, and
TI+ME, etc., meaning that you can get busted for buying more than
one CARMEN, a catch-22.
+ Also, there should be some confusion over dBase, which is no
longer an Ashton-Tate but a Borland product. More importantly, US
District judge Terrence Hatter, Jr., ruled in late 1990 that the
copyright on dBase was voided by their not revealing that it is a
cl+one of a public domain program from JPL.
+ Again, consider the case of SnapOn Tools. The SPA used their
defective software to disrupt a business for two days -- and they
have the nerve to call other people pirates.
+
(GRID News is FREQable from 1:159/450, the Beam Rider BBS)
------------------------------
Date: 27 Jan 92 18:48:35 EST
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 3--Fine for "Logic Bomber"
"Logic Bomb Programmer Fined"
(Reprinted with permission from STReport 8.04 Jan 24, 1992)
Michael John Lauffenburger, a 31-year-old programmer formerly with
General Dynamics, pleaded guilty Nov. 4 to attempted computer
tampering. He has been fined $5,000, handed three years' probation
and was ordered to perform 200 hours of community service for
attempting to sabotage computers with a "logic bomb" that prosecutors
say could have erased national security data.
According to reports, Lauffenburger set up the logic bomb, then
resigned, intending to get hired on as high-priced consultant to help
reconstruct the data lost from the billion-dollar Atlas Missile Space
Program when the virus was unleashed. A co-worker accidentally
discovered the rogue program in early May. It had been set to go off
May 24. Investigators said at the time the bomb would have caused
about $100,000 in damage to computer systems at the Kearny Mesa
plant.
------------------------------
Date: Fri, 07 Feb 92 06:10:49 PST
From: walter@HALCYON.COM(Walter Scott)
Subject: File 4--Re: Newsbytes on the Oregon BBS Rates Case
On 2-5-92, reporter Dana Blankenhorn released a copyrighted exclusive
story for Wendy Wood's Newsbytes covering the Oregon BBS rates case.
What follows is an abstract of that story.
Blankenhorn writes: "US West has launched a campaign before the Oregon
Public Utility Commission which would force all bulletin board systems
(BBSs) in that state to pay business rates on their phone lines." The
Newsbytes exclusive also asserts that US West "wants the Oregon PUC to
reinterpret its tariff so as to define any phone not answered by a
human voice as a business line."
Blankenhorn quotes extensively from an apparent interview with SysOp
Stewart Anthony Wagner while summarizing the chronology of events in
the case. Some folks here might find the chronology and alleged facts
be a bit different from what has been reported in the past.
According to Blankenhorn, Portland, Oregon SysOp Tony Wagner attempted
to subscribe to extra phone lines so as to expand his BBS from 2 lines
to 4, as well as make arrangements for a TDD. It was at this point
Wagner was informed he would have to pay business rates on all lines
by US West. According to Blankenhorn, US West relented on the voice
and TDD lines while maintaining that the BBS lines would have to be
classified as business lines. Wagner filed what Blankenhorn calls an
"appeal" at the Oregon PUC "for the BBS".
Wagner is reported to have closed his BBS almost immediately because
he "can't afford it" at business rates, which blankenhorn states to be
around $50 (presumably per month) on each line. Before closing his
system, Wagner says he alerted regional SysOps via FidoNet to his
plight. Wagner points out that some SysOps chipped in to pay for a
lawyer. Blankenhorn quotes Wagner on a so-called "compromise proposal"
that "they (US West) come up with a residential data line rate, as an
alternate form of service." Wagner's proposal apparently included a
guarantee of data quality at a rate that Wagner seems to assess at
$5.00 above standard residential rates. Wagner asserts the proposal
was rejected.
Wagner's comments on the hearing display optimism as he offers the
thought that "the hearing went quite well. The tariff says a
residential line is for social or domestic purpose. They ignored the
social, they talked only about domestic. The BBS is as social as you
can get."
In a series of quotes from Wagner on what he believes US West is
doing, a grim picture is painted for more than BBS operators. For
example: Wagner states "there is no question they want to apply this
to all SysOps. Their position is that if it's not answered by a human
voice, it's a business. A fax machine is a business, to them. So's an
answering machine."
Wagner spoke of what he might consider a silver lining in his cloudy
future as a SysOp when he told Blankenhorn that publicity must be bad
for US West. He reinforces this idea by noting "one thing that hurt
them (US West) badly was that they picked on me. I'm very hard of
hearing. Most of my users are disabled. A large percentage of our
SysOps here are disabled. And Mr. Holmes (US West's attorney in the
Wagner case) was unprepared for that."
Blankenhorn talked with Judith Legg in the hearings section at the
Oregon Public Utility Commission concerning the Wagner Case. He
reports Legg told him "a hearing was held on the case in January, and
US West has already submitted a 17-page brief supporting its
position." Hearings Officer Simon Fitch was attributed as informing
Newsbytes that Wagner "has until March 3 to file his own brief, after
which reply briefs will be sought from both sides." Fitch is also
reported to have said a decision in the case is due in late March or
early April with final oversight from the Commissioners.
Attempts, by Blankenhorn, to contact attorney Steven Holmes at US West
were unsuccessful. Apparently, no one else in the company was
available for comment. Thus, the Newsbytes article contained no
synopsis of US West's side of the issues in the Wagner case.
Blankenhorn left the door open to a future update by noting
information requested from US West would be reported as soon as that
information is made available to Newsbytes.
So much for the abstract...
A FEW OBSERVATIONS: It seems that Blankenhorn must not have been able
to obtain a copy of US West's brief before going to press. Otherwise,
Blankenhorn would realize, and could have noted, that US West's
comments have no impact on FAX or answering machines. BBS operation in
general, and Wagner's BBS in specific, are the myopic focus of the
brief. Blankenhorn also could have asked about and cleared up what
appears to be a discrepancy between Wagner's apparent indication that
he was running his BBS on 2 phone lines at the time he requested new
lines, and the repeated references in the US West brief to Wagner's
"3" BBS phone lines. Finally, I called Judith Legg myself on 2-6-92
and asked her about the actual timing of the hearing. She informed me
that the hearing was indeed in December. In Blankenhorn's defense,
Legg admits that she was under the mistaken impression that the
hearing took place in January, and that this is probably what she told
Blankenhorn. A check of the Oregon PUC's computerized schedules was
necessary to clarify the actual hearing date.
Walter Scott
**
The 23:00 News and Mail Service - +1 206 292 9048 - Seattle, WA USA
PEP, V.32, V.42bis
+++ A Waffle Iron, Model 1.64 +++
------------------------------
Date: 22 Jan 92 19:12:22 CST
From: Jim Warren (jwarren@well.sf.ca.us)
Subject: File 5--Calif. "Privacy [& Computer Crime] Act of 1992"
The Chair of the California State Senate, Bill Lockyer, is
introducing what he calls "The Privacy Act of 1992." It addresses
computer *crime* in a robust manner, but appears to be less concerned
with some of the more major privacy issues (e.g. personal
data/profiles built & used by government and private corporations)
posed during public testimony in December. I scanned it in, OCRed
it, proofed it, and believe this is an accurate copy of the original
cover letter and content. The latter has already been sent to
Legislative Counsel (on 1/8/92).
Please upload it and circulate it to all others who might be
interested. Note: Many consider that computer legislation at the
state level in major, "bellweather" states may/can/will provide
models for other states and for eventual federal legislation. Thus,
this deserves *early* and widespread circulation, review and *public
comment*.
jim warren [chair, First Conference on Computers, Freedom & Privacy, 1991]
**********************************************************************
====== TEXT OF COVER-LETTER, RECEIVED JAN. 17, 1992 =====
California State Senate
Bill Lockyer, Tenth [California] Senatorial District
[Chairman, California State Senate Judiciary Committee]
Southern Alameda County
January 15, 1992
TO: Interested Parties
FROM: Ben Firschein, Senator Lockyer's Office
RE: Privacy legislation emerging from the interim hearing
We have drafted language reflecting some of the suggestions made at
the privacy hearing on December 10 [1991] and have sent it to
Legislative Counsel. It is likely that Senator Lockyer will
introduce the language as a bill when it comes back from Legislative
Counsel.
We welcome and encourage your suggestions, comments and proposed
amendments. This language should be viewed as an initial proposal,
and it is likely that it will be amended as it proceeds through the
legislature.
The bill as submitted to Legislative Counsel does the following:
1. Information obtained from driver's licenses: prohibit businesses
from selling or using for advertising purposes information obtained
from driver's licenses without the written consent of the consumer.
2. Automatic vehicle identification [AVI]: Require Caltrans to
provide an opportunity to pre-pay tolls and use the facility
anonymously.
3. Violation of privacy of employees: language has been drafted
based on the Connecticut statute that Justice Grodin discussed at the
hearing. The proposed language goes further than the Connecticut
statute in that it also extends to prospective employees.
4. Amend Penal Code Section 502 (computer crime statute) as
follows:
a) Extend existing law to allow recovery by any injured party,
not just the owner or lessee of the computer.
b) Allow recovery for any consequential or incidental damages,
not just for expenditures necessary to verify that a computer system
was or was not damaged.
c) Create civil penalty of $ 10,000 per injured party up to a
maximum of fifty thousand dollars for recklessly storing data in a
manner which enables a person to commit acts leading to a felony
conviction. Failure to report to law enforcement a previous
violation under the statute would be deemed to be possible evidence
of recklessness
d) Require that owner or lessee of computer report to law
enforcement any known violations of the statute involving his/her
system. Such reports required within 60 days after they become
known to owner or lessee.
Warrants for electronically stored materials: We are interested in
working with interested parties on some of the proposals made at the
hearing, for possible inclusion in the bill as amendments.
Please direct your comments to:
Ben Firschein
Administrative Assistant
Office of Senator Lockyer
Room 2032 State Capitol
Sacramento, CA 95814
(916) 445Q6671
========== END OF JAN.17 COVER LETTER ==========
<<BEWARE! The entry following this one is about 5 print-pages long
-- the full text of Sen. Lockyer's draft legislation that has already
been sent to Legislative Counsel for review, apparently the final
prerequisite to formal introduction.>>
====== TEXT OF LEGISLATION, RECEIVED JAN. 17, 1992 =====
[hand-written] The people of the State of California do enact as follows:
[hand-written] Section 1. This Act may be cited as the Privacy Act of 1992.
[hand-written] Section 2. Section 1799.4 is added to the Civil Code to
read:
1799.4. A business entity that obtains information from a consumer's
driver's license or identification card for its business records or for
other purposes shall not sell the information or use it to advertise goods
or services, without the written consent of the consumer.
[hand-written] Sent to Leg Counsel 1/8
[hand-written] Section 3. Section 502 of the Penal Code is amended to read:
502. (a) It is the intent of the Legislature in enacting this section to
expand the degree of protection afforded to individuals, businesses, and
governmental agencies from tampering, interference, damage, and
unauthorized access to lawfully created computer data and computer
systems. The Legislature finds and declares that the proliferation of
computer technology has resulted in a concomitant proliferation of computer
crime and other forms of unauthorized access to computers, computer
systems, and computer data.
The Legislature further finds and declares that protection of the
integrity of all types and forms of lawfully created computers, computer
systems, and computer data is vital to the protection of the privacy of
individuals as well as to the well-being of financial institutions,
business concerns, governmental agencies, and others within this state
that lawfully utilize those computers, computer systems, and data.
(b) For the purposes of this section, the following terms have the
following meanings:
(l) "Access" means to gain entry to, instruct, or communicate with the
logical, arithmetical, or memory function resources of a computer, computer
system, or computer network.
(2) "Computer network" means any system which provides communications
between one or more computer systems and input/output devices including,
but not limited to, display terminals and printers connected by
telecommunication facilities.
(3) "Computer program or software" means a set of instructions or
statements, and related data, that when executed in actual or modified
form, cause a computer, computer system, or computer network to perform
specified functions.
(4) "Computer services" includes, but is not limited to, computer time,
data processing, or storage functions, or other uses of a computer,
computer system, or computer network.
(5) "Computer system" means a device or collection of devices, including
support devices and excluding calculators which are not programmable and
capable of being used in conjunction with external files, one or more of
which contain computer programs, electronic instructions, input data, and
output data, that performs functions including, but not limited to, logic,
arithmetic, data storage and retrieval, communication, and control.
(6) "Data" means a representation of information, knowledge, facts,
concepts, computer software, computer programs or instructions. Data may
be in any form, in storage media, or as stored in the memory of the
computer or in transit or presented on a display device.
(7) "Supporting documentation" includes, but is not limited to, all
information, in any form, pertaining to the design, construction,
classification, implementation, use, or modification of a computer,
computer system, computer network, computer program, or computer software,
which information is not generally available to the public and is
necessary for the operation of a computer, computer system, computer
network, computer program, or computer software.
(8) "Injury" means any alteration, deletion, damage, or destruction of
a computer system, computer network, computer program, or data caused by
the access.
(9) "Victim expenditure" means any expenditure reasonably and necessarily
incurred by the owner or lessee to verify that a computer system, computer
network, computer program, or data was or was not altered, deleted,
damaged, or destroyed by the access.
(10) "Computer contaminant" means any set of computer instructions that
are designed to modify, damage, destroy, record, or transmit information
within a computer, computer system, or computer network without the intent
or permission of the owner of the information. They include, but are not
limited to, a group of computer instructions commonly called viruses or
worms, which are self-replicating or self-propagating and are designed to
contaminate other computer programs or computer data, consume computer
resources, modify, destroy, record, or transmit data, or in some other
fashion usurp the normal operation of the computer, computer system, or
computer network.
(c) Except as provided in subdivision (h), any person who commits any of
the following acts is guilty of a public offense:
(1) Knowingly accesses and without permission alters, damages, deletes,
destroys, or otherwise uses any data, computer, computer system, or
computer network in order to either (A) devise or execute any scheme or
artifice to defraud, deceive, or extort, or (B) wrongfully control or
obtain money, property, or data.
(2) Knowingly accesses and without permission takes, copies, or makes use
of any data from a computer, computer system, or computer network, or takes
or copies any supporting documentation, whether existing or residing
internal or external to a computer, computer system, or computer network.
(3) Knowingly and without permission uses or causes to be used computer
services.
(4) Knowingly accesses and without permission adds, alters, damages,
deletes, or destroys any data, computer software, or computer programs
which reside or exist internal or external to a computer, computer system,
or computer network.
(5) Knowingly and without permission disrupts or causes the disruption of
computer services or denies or causes the denial of computer services to an
authorized user of a computer, computer system, or computer network.
(6) Knowingly and without permission provides or assists in providing a
means of accessing a computer, computer system, or computer network in
violation of this section.
(7) Knowingly and without permission accesses or causes to be accessed
any computer, computer system, or computer network.
(8) Knowingly introduces any computer contaminant into any computer,
computer system, or computer network.
(d) (1) Any person who violates any of the provisions of paragraph (1),
(2), (4), or (5) of subdivision (c) is punishable by a fine not exceeding
ten thousand dollars ($10,000), or by imprisonment in the state prison for
16 months, or two or three years, or by both that fine and imprisonment, or
by a fine not exceeding five thousand dollars ($5,000), or by imprisonment
in the county jail not exceeding one year, or by both that fine and
imprisonment.
(2) Any person who violates paragraph (3) of subdivision (c) is
punishable as follows:
(A) For the first violation which does not result in injury, and where
the value of the computer services used does not exceed four hundred
dollars ($400), by a fine not exceeding five thousand dollars ($5,000), or
by imprisonment in the county jail not exceeding one year, or by both that
fine and imprisonment.
(B) For any violation which results in a victim expenditure in an amount
greater than five thousand dollars ($5,000) or in an injury, or if the
value of the computer services used exceeds four hundred dollars ($400), or
for any second or subsequent violation, by a fine not exceeding ten
thousand dollars ($10,000), or by imprisonment in the state prison for 16
months, or two or three years, or by both that fine and imprisonment, or by
a fine not exceeding five thousand dollars ($5,000), or by imprisonment in
the county jail not exceeding one year, or by both that fine and
imprisonment.
(3) Any person who violates paragraph (6), (7), or (8) of subdivision (c)
is punishable as follows:
(A) For a first violation which does not result in injury an infraction
punishable by a fine not exceeding two hundred fifty dollars ($250).
(B) For any violation which results in a victim expenditure in an amount
not greater than five thousand dollars ($5,000), or for a second or
subsequent violation, by a fine not exceeding five thousand dollars
($5,000), or by imprisonment in the county jail not exceeding one year, or
by both that fine and imprisonment.
(C) For any violation which results in a victim expenditure in an amount
greater than five thousand dollars ($5,000), by a fine not exceeding ten
thousand dollars ($10,000), or by imprisonment in the state prison for 16
months, or two or three years, or by both that fine and imprisonment, or
by a fine not exceeding five thousand dollars ($5,000), or by imprisonment
in the county jail not exceeding one year, or by both that fine and
imprisonment.
(e) (1) In addition to any other civil remedy available, any injured
party. including but not limited to the owner or lessee of the computer,
computer system, computer network, computer program, or data, may bring a
civil action against any person convicted under this section for
compensatory damages, including any consequential or incidental damages. In
the case of the owner or lessee of the computer, computer system, computer
network, computer program, or data. such damages may include. but are not
limited to. any expenditure reasonably.and necessarily incurred by the
owner or lessee to verify that a computer system, computer network,
computer program, or data was or was not altered, damaged, or deleted by
the access.
(2) Whoever recklessly stores or maintains data in a manner which enables
a person to commit acts leading to a felony ["a felony" hand-written]
conviction under this section shall be liable for a civil penalty of ten
thousand dollars ($ 10,000) per injured party, up to a maximum of fifty
thousand dollars ($ 50.000). Failure to report to law enforcement a
previous violation under subsection (f) may constitute evidence of
recklessness.
(3) For the purposes of actions authorized by this subdivision, the
conduct of an unemancipated minor shall be imputed to the parent or legal
guardian having control or custody of the minor, pursuant to the provisions
of Section 1714.1 of the Civil Code.
(4) In any action brought pursuant to this subdivision the court may
award reasonable attorney's fees to a prevailing party.
(5) A community college, state university, or academic institution
accredited in this state is required to include computer-related crimes as
a specific violation of college or university student conduct policies and
regulations that may subject a student to disciplinary sanctions up to and
including dismissal from the academic institution. This paragraph shall
not apply to the University of California unless the Board of Regents
adopts a resolution to that effect.
(f) The owner or lesee of any computer, computer system, computer network,
computer program, or data shall report to law enforcement any known
violations of this section involving the owner or lesee's computer,
computer system, computer network, computer program, or data. Such reports
shall be made within 60 days after they become known to the owner or lesee.
(g) This section shall not be construed to preclude the applicability of
any other provision of the criminal law of this state which applies or may
apply to any transaction, nor shall it make illegal any employee labor
relations activities that are within the scope and protection of state or
federal labor laws.
(h) Any computer, computer system, computer network, or any software or
data, owned by the defendant, which is used during the commission of any
public offense described in subdivision (c) or any computer, owned by the
defendant, which is used as a repository for the storage of software or
data illegally obtained in violation of subdivision (c) shall be subject
to forfeiture, as specified in Section 502.01.
(i) (1) Subdivision (c) does not apply to any person who accesses his or
her employer's computer system, computer network, computer program, or
data when acting within the scope of his or her lawful employment.
(2) Paragraph (3) of subdivision (c) does not apply to any employee who
accesses or uses his or her employer's computer system, computer network,
computer program, or data when acting outside the scope of his or her
lawful employment, so long as the employee's activities do not cause an
injury, as defined in paragraph (8) of subdivision of (b), to the employer
or another, or so long as the value of supplies and computer services, as
defined in paragraph (4) of subdivision (b), which are used do not exceed
an accumulated total of one hundred dollars ($100).
(j) No activity exempted from prosecution under paragraph (2) of
subdivision (h) which incidentally violates paragraph (2), (4), or (7) of
subdivision (c) shall be prosecuted under those paragraphs.
(k) For purposes of bringing a civil or a criminal action under this
section, a person who causes, by any means, the access of a computer,
computer system, or computer network in one jurisdiction from another
jurisdiction is deemed to have personally accessed the computer, computer
system, or computer network in each jurisdiction.
(l) In determining the terms and conditions applicable to a person
convicted of a violation of this section the court shall consider the
following:
(1) The court shall consider prohibitions on access to and use of
computers.
(2) Except as otherwise required by law, the court shall consider
alternate sentencing, including community service, if the defendant shows
remorse and recognition of the wrongdoing, and an inclination not to repeat
the offense
[hand-written] Section 4. Section 12940.3 is added to the Government Code
to read:
(a) Any employer, including the state and any instrumentality or political
subdivision thereof, shall be liable to an employee or prospective
employee for damages caused by either of the following:
(1) subjecting the employee to discipline or discharge on account of the
exercise by such employee of rights guaranteed by Section l of Article I
of the California Constitution, provided such activity does not
substantially interfere with the employee's bona fide job performance or
working relationship with the employer.
(2) Denying employment to a prospective employee on account of the
prospective employee's exercise of rights guaranteed by Section 1 of
Article I of the California Constitution.
(b) The damages awarded under this Section may include punitive damages,
and reasonable attorney's fees as part of the costs of any such action for
damages. If the court decides that such action for damages was brought
without substantial justification, the court may award costs and reasonable
attorney's fees to the employer.
[hand-written] Section 5. Section 27565 of the Streets and Highways Code
is amended to read:
27565. Automatic vehicle identification systems for toll collection
(a) The Department of Transportation in cooperation with the district and
all known entities planning to implement a toll facility in this state
shall develop and adopt functional specifications and standards for an
automatic vehicle identification system, in compliance with the following
objectives:
(1) In order to be detected, the driver shall not be required to reduce
speed below the applicable speed for the type of facility being used.
(2) The vehicle owner shall not be required to purchase or install more
than one device to use on all toll facilities, but may be required to have
a separate account or financial arrangement for the use of these facilities.
(3) The facility operators shall have the ability to select from different
manufacturers and vendors. The specifications and standards shall encourage
multiple bidders and shall not have the effect of limiting the facilIty
operators to choosing a system which is able to be supplied by only one or
vendor.
(b) The vehicle owner shall have the choice of pre-paying tolls, or being
billed after using the facility. If the vehicle owner pre-pays tolls:
(1) The facility or the Department shall issue an account number to the
vehicle owner. The account number shall not be derived from the vehicle
owner's name, address, social security number, or driver's license number,
or the vehicle's license number, vehicle identification number, or
registration.
(2) Once an account has been established and an account number has been
given to the vehicle owner, neither the facility nor the Department shall
keep any record of the vehicle owner's name, address, social security
number or driver's license number, or the vehicle's license number.
vehicle identification number, or registration.
(3) The vehicle owner may make additional pre-payments by specifying the
account number and furnishing payment.
(c) Any automatic vehicle identification system purchased or installed
after January 1, 1991, shall comply with the specifications and standards
adopted pursuant to subdivision (a).
(d) Any automatic vehicle identification system purchased or installed
after January 1, 1993. shall comply with the specifications and standards
adopted pursuant to subdivisions (a) and (b).
====== END OF LEGISLATION DRAFT ======
[Note: The preceeding is the end-result of the draft-text. Some of the
document had apparently-old wording with strike-thru lines; some of it was
underlined, apparently indicating newly-added wording. Since there is no
universally-accepted protocol for representing such "exotic" text-forms in
the Barren ASCII Wasteland, the preceeding text does not reflect strike-thrus
not underlines in the original text. Also, the preceeding reflects
the paragraph-indenting and paranthesized section-labeling, as
received. It is left as "an exercise for the reader" to figure out
its rationale.
--jim ]
The vast majority of us would readily state that we, personally,
"store and maintain data." To the extent that we do so on a shared
host, it seems like it could be applied to us, *as individuals*.
Unless, perhaps, we stored it in encrypted form or made other
provable efforts to protect it while it's stored on a shared system.
Please note that this scenario equally applies to folks working on
LAN systems at a company.
Is this, perhaps, "overly-broad legislation"?
------------------------------
Date: Wed, 22 Jan 1992 13:59:44 CST
From: douglas%atc.boeing.com@UMCVMB.MISSOURI.EDU
Subject: File 6--DIAC-92 Workshop Call for Paraticipation and Workshop Guideline
s
Directions and Implications of Advanced Computing
DIAC-92
Berkeley, California May 3, 1992
Call for Workshop Proposals and
Workshop Proposal Guidelines
[Due Date Extended]
DIAC-92 is a two-day symposium in which the the social implications of
computing are explored. The first day (May 2, 1992) will consist of
presentations. The second day will consist of a wide variety of
workshops. These guidelines describe the intent for the workshops and the
manner in which they are proposed. They are meant to augment and
supercede the information found in the Call for Papers and Participation.
The workshops are meant to be more informal than the presented papers of
the previous day. For this reason the format for the proposals is
expected to vary. Nevertheless there are some guidelines that we can
offer that will help ensure a succesful workshop.
The proposal should include the title, author's name, affiliation, and
electronic mail address at the beginning. All workshop proposals will be
included in the proceedings. The workshop proposal should be 1 - 8 pages
in length. The desired range of attendees (smallest number - largest
number) should be included. All workshops will be two hours in length with
a short break 1/2 way through. It is possible to schedule two related
workshops back to back, say "Introduction to Something" and "Advanced
Something". If this is the case please submit two separate proposals but
state that they are related.
There are four major concerns for the workshops which should be
addressed in the proposal.
1. Intellectual Content
The intellectual content of the workshop should be made clear.
What is the focus on the workshop? What are the relevant social
issues? What relevant research exists already on the topic? Who
is the intended audience? The topic should have a qualitative
computing element in it.
2. Structure
There should be some structure to the workshop. It can be quite
loose and flexible but it shouldn't be completely open. The
amount of structure will vary according to the topic at hand, the
intended goals, the personalities of the audience and the organizers,
etc. The proposal should describe the structure of the
workshop.
3. Interactivity
The workshop should be interactive. The workshop should be
designed in such a way to promote meaningful interaction between
the organizer or organizers and the attendees. Because there is
group interaction it is hoped that more points will be raised,
more issues considered, and deeper analysis performed. The
methods of interaction should be described in the proposal.
4. Product or action oriented
Ideally the workshop should result in some product or plan for
action. Although this aspect is not critical, the program
committee feels that this is quite important and we hope that
workshop organizers will think in these terms and strive to
promote an appropriate outcome. Possible "deliverables" are
described below.
Possible Output From a DIAC-92 Workshop
+ Statements or press releases
+ Bibliography on subject matter
+ Electronic distribution list on the subject
+ Ideas for a follow up meeting, workshop, or conference
+ List of possible projects on the subject
+ Writeup of meeting for electronic or print dissemination
+ A project proposal
+ A panel discussion proposal
+ A grant proposal
+ An experiment
+ A working agreement -- e.g. to connect two networks, to share
data, to begin a study, to write an article, to build software
jointly, etc.
+ A videotape of some or all of a workshop
+ A brainstormed list of viewpoints, a "semantic network" of the
issues
+ A list of hypotheses
+ Any plan to continue discussion on the topic
Please send proposal (four copies) to Doug Schuler, 2202 N. 41st St,
Seattle, WA, 98103. Proposals are due by March 1, 1992. Proposals
will be reviewed by the program committee. Acceptance or rejection
notices will be mailed by April 1, 1992. We plan to incorporate
workshop proposals into the proceedings. Please contact us if you
have any questions or comments.
Doug Schuler, 206-865-3832 (work), 206-632-1659 (home),
dschuler@june.cs.washington.edu
The program committee includes David Bellin (consultant), Eric Gutstein (U.
WI), Batya Friedman (Mills College), Jonathan Jacky (U. WA), Deborah
Johnson (Rensselaer Polytechnic Inst.), Richard Ladner (U. WA), Dianne
Martin (George Washington U.), Judith Perrolle (Northeastern U.) Marc
Rotenberg (CPSR), Douglas Schuler (Boeing Computer Services), Barbara
Simons (IBM), Lucy Suchman (Xerox), Karen Wieckert (U. CA. Irvine), and
Terry Winograd, (Stanford).
Sponsored by Computer Professionals for Social Responsibility
P.O. Box 717
Palo Alto, CA 94301
DIAC-92 is co-sponsored by the American Association for Artificial
Intelligence, and the Boston Computer Society Social Impact Group, in
cooperation with ACM SIGCHI and ACM SIGCAS.
------------------------------
End of Computer Underground Digest #4.06
************************************
Computer underground Digest Mon, Feb 17, 1992 Volume 4 : Issue 07
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Associate Editor: Etaion Shrdlu
CONTENTS, #4.07 ( Feb 17, 1992)
File 1--Craig Neidorf's Status
File 2--Sheldon Zenner's opening statement in the Neidorf Trial
Issues of CuD can be found in the Usenet alt.society.cu-digest news
group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG,
and DL0 and DL12 of TELECOM, on Genie, on the PC-EXEC BBS at (414)
789-4210, and by anonymous ftp from ftp.cs.widener.edu (147.31.254.132),
chsun1.spc.uchicago.edu, and ftp.ee.mu.oz.au. To use the U. of
Chicago email server, send mail with the subject "help" (without the
quotes) to archive-server@chsun1.spc.uchicago.edu.
NOTE: THE WIDENER SITE IS TEMPORARILY RE-ORGANIZING AND IS CURRENTLY
DIFFICULT TO ACCESS. FTP-ERS SHOULD USE THE ALTERNATE FTP SITES UNTIL
FURTHER NOTICE.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to the
Computer Underground. Articles are preferred to short responses.
Please avoid quoting previous posts unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Sun, 16 Feb 92 19:54:59 PST
From: Moderators (tk0jut2@mvs.niu.edu)
Subject: File 1--Craig Neidorf's Status
When Federal prosecutor Bill Cook dropped felony charges against Craig
Neidorf in June, 1990, because the government had no case, many
considered it a victory for Craig. For new-comers unfamiliar with the
case, Craig was co-editor of PHRACK magazine, and published documents
that BellSouth and the Secret Service initially claimed were stolen,
worth in excess of $78,000, and were part of a national Legion of Doom
conspiracy that included a scheme to tamper with the E-911 system.
The charges were without substance, and when it became obvious that
the alleged stolen proprietary documents were available to the general
public for under $14, the case was dropped before the prosecution
completed presenting its case. It appeared that Craig had won. "The
system works," some claimed.
It was a Pyrrhic victory. Craig was absolved legally, but the costs of
defending himself were catastrophic. We argued then (and nothing has
changed our minds) that the system did not work. Craig should never
have gone to trial in the first place, and the methods used by the
government were considered inappropriate, federal and private
participants involved in that case are defendants in litigation
challenging their procedures in a related case, and the costs of
Craig's defense to himself and his family, including defense fees, a
disrupted life, and the agony of being stigmatized and demeaned on
national television by Geraldo Rivera and Don Ingraham last year are
part of the costs of the government's actions. Ironically, if the
principle of honor were not so important, Craig arguably would have
been better off to plead guilty rather than defend his honor. It would
have saved him time, money, and bother. When the costs of pleading
guilty to crimes of which one is innocent becomes the best way of
avoiding devastating consequences, we cannot agree that they system
"works." Craig continues to face the consequences of Bill Cook's
action. Bill Cook, whose actions strike us as less than honorable and
many judge as the mark of either an incompetent or a mean-spirited cynic,
has been "rewarded" with a position in private practice (Willian,
Brinks, Olds, Hofer, Gilson & Lione, Ltd., in Chicago).
Craig will eventually graduate from law school, and his experiences
should make him a fine, competent attorney. Unfortunately, the
expenses incurred in his defense, over $100,000, are far beyond his
ability to easily repay. The Electronic Frontier Foundation helped
defray some of the expenses and also provided some legal assistance
that kept the legal bills lower. Unfortunately, there is the
perception that EFF paid for Craig's defense. Although their
contributions were generous and invaluable, Craig was left with a
massive bill, not readily repaid by a 22 year old young man who is
trying to continue his education.
Craig's situation is not simply his own personal problem. He took
considerable risks, for which he incurred massive debt, to defend the
principles in which many of us believe. We are all indebted to him for
his courage, for his concern for justice instead of expediency, and
for the way in which he helped focus the Constitutional and other
issues of cyberspace.
Craig needs our help in defraying the costs of a battle from which we
all benefited. Even $5 would help. Just a 29 cent stamp and a $5
check. That strikes us as a very small gesture on our part to
demonstrate recognition of his sacrifice. And the 3 minutes it would
take to address the check and send it to his attorney:
Katten, Muchin, & Zavis
525 West Monroe Street
Suite 1600
Chicago, Illinois 60606-3693
And do not forget to write Craig's name in the memo section or enclose a
letter explaining what the check is for. If you neglect to do that,
KMZ will not credit his account for the amount of the check.
We printed Bill Cook's opening statement to Craig's June, 1990,
trial. As promised, here is Sheldon Zenner's opening comments.
------------------------------
Date: Sun, 16 Feb 92 19:54:59 PST
From: Moderators (tk0jut2@mvs.niu.edu)
Subject: File 2--Sheldon Zenner's opening statement in the Neidorf Trial
((Opening comments of Sheldon Zenner in U.S. v. Neidorf, June, 1990))
_OPENING STATEMENT ON BEHALF OF THE DEFENDANT_
MR ZENNER: What I would have written on there if I could is
something I got in a fortune cookie that said:
"To remember is to understand".
I have never forgotten that. To remember what it was to be a
struggling lawyer makes a good judge. To remember what it was to be a
student makes a good teacher. To remember what it was to be a child
makes a good parent.
Every night when I get home from work, if I get home early
enough, I take my son for a walk. He puts his hand in mine. We take a
walk to a place called Lighthouse Park. And in Lighthouse Park, he
looks at all the things, and he asks questions. He asks questions
about everything. He wants to know what everything means, what it
does. If it's dark, he wants to know how a lightning bug makes light.
He wants to know how you get up to the lighthouse. He's inquisitive.
It's a wonderful trait. It's a trait we lose as we grow up, I'm
afraid. It's a trait we should value. And it's a trait that being a
parent brings back. You get to watch life through the eyes of a child.
And kids love adventure, especially young boys. They call
them "bad guys". They have a fascination for bad guys and adventure.
When
I tell my son a "good-night" story, it's got to be cowboys, or
pirates, or, nowadays, Teenage Mutant Ninja Turtles. They're
adventuresome.
And sometimes I tell him about when I was a boy and when I
grew up, some of the heroes I had, not Teenage Mutant Ninja Turtles,
but maybe, you know, Superman, Magnificent Seven, or something like
that. And he looks at me...he can't believe that I was a kid once.
(Laughter) And I tell him about the bag (sic) guys, bad guys on my
block, the cool guys, guys who might break into a garage without
permission to ride somebody's bike and then put it back. Or who might
climb over a locked fence to get apples off somebody's tree. I
remember those guys. I thought that what they were doing was pretty
cool. When you're a kid, that's how you think. I ended up not doing
that stuff, probably because my parents had conveyed a strong sense of
right and wrong, and a strong sense of property and, "Somebody else's
property isn't your property". My father also conveyed a strong sense
of a strap that he used occasionally. That helped me remember right
>from wrong. (Laughter) But I still thought that what those other guys
on the block did was pretty cool. And sometimes I'd even say that I
had done them, "Yeh, I climbed over, and I got something last night,
too. You weren't around". It wasn't true. They knew it; I knew it.
But I wanted to be one of them. I wasn't. And I tell my son those
stories, and he can't believe it. His eyes, you know, get big.
And this was all brought back to me a number of months ago
when another father walked into my office with the hand of his son
clasped for support and protection. His son had a terrible problem.
His son is Craig Neidorf. And they came to me for legal
representation. They needed help, and they had decided to put his life
in my hands.
And now, ladies and gentlemen, Craig and I have made a
similar serious choice. We have put it in your hands...not at your
request I know.
Mr. Cook has told you that this case involves 911 systems,
and computer technology, and ESS switches, and all of that stuff. And
he's not wrong. He's right about that. You are going to hear a lot of
testimony about that stuff.
But what this case is really about is this young man, and
what he did, and what he knew, and what he believed. Because at the
end of this trial, you're not going to go back into the jury room and
talk about whether the ESS system is guilty or not guilty, or whether
the computer system runs this way, or a bulletin board is that. You
have got to decide HIS future. That's what the case is about.
Let me tell you what I expect the evidence to show about
what Craig Neidorf did and did not do. If you listened carefully to
what Mr. Cook said, you probably realized that Craig Neidorf did not
steal the E911 text file. Mr. Riggs did that. Mr. Riggs is the
government's witness in this case. He has cut a deal with the
government. It is as if Mr. Riggs is sitting at the counsel table.
MR. COOK: Objection, your Honor.
THE COURT: That objection will be sustained. Leave that argument
for the final argument.
MR. ZENNER: Certainly, your honor.
Mr. Riggs will be one of the witnesses testifying on behalf
of the government.
You will also learn that Mr. Neidorf never broke into any
computer system. He never stole any file. He never profited in any way
>from any of this. What Mr. Neidorf did was publish a computer
newsletter called PHRACK.
If you listened carefully, and I know you did, to Mr. Cook,
you may have noticed that Mr. Cook said that the three hacker
witnesses the government will be calling were members of an
organization called the Legion of Doom. Actually, it comes from a
Saturday morning cartoon. I think they're the counterpart to the
Superheroes if I've got it right, 7:30 Saturday morning. They're the
bad guys.
You might have heard if you listened carefully, that Mr Cook
did not say that Mr. Neidorf is a member of the Legion of Doom because
the evidence will show that he is not. He never was. They wouldn't
even let him in if he wanted to get in. He wasn't a hacker. He didn't
break into systems. He wasn't a computer guy in fact. He was a
publisher of a newsletter called PHRACK, often a juvenile newsletter,
often a newsletter that contained articles that you may well not
like, and I don't like. But that's all he was.
That is what the evidence will show in this case.
What you will learn is about Craig Neidorf and what he did.
And I've got the job of telling you about it. Let me reintroduce
myself. My name is Sheldon Zenner. I represent Craig.
Craig grew up in St. Louis with his mother, and father and
sister. He went to public schools. He did well in school, played
sports.
At around fourth grade, he had a friend named Randy
Tischler. You will hear that name again and again. They've been
friends for a long time. Randy's parents got him a computer. Craig
used to run over to Randy's house to play with the computer. He and
Randy knew this was an Atari videogame. They played videogames. He got
pretty good at it, and liked the computer and kept using it.
High school comes. Around his freshman year, Craig's parents
had a divorce. It was a little bit ugly, as most divorces are. And his
mom gets Craig a computer, too, to give him something to latch onto in
a hard time. He starts using the computer. He gets pretty good at it.
Not long thereafter, he gets what is called a modem. You have heard
this already. A lot of you people understand computers a little better
than I do. I have learned that a modem is something that connects
computers. It's a telephone line. It allows computers to talk. If you
are sitting at your little terminal, you can put something on the
screen, it goes over a telephone line like a phone call, comes down,
goes up, and it is rally just a kind of computer phone call. You don't
hear the voices. It is not voice
activated. It is just there at the terminal.
So he got a modem, and he learned how to use it. He learned
how to communicate. He learned about the billboard which you will hear
about. He learned another thing. He learned that one of the cool
things about using these computers and the modem is that a lot of
people on them, especially kids, use nicknames, cool nicknames. Craig
picked up a nickname. He became Knight Lightning. K-n-i-g-h-t. He was
14 when he became Knight Lightning. He picked it up from the cartoon.
Oh, there was a TV show, Knight Rider. You might remember it. I think
it talked, as I remember. It had a big computer. That was the "knight"
part I think.
And what was so wonderful about that as a 14-year old is you
could sit there and you could be whoever you wanted to be on the
computer. Nobody knows what you look like. They don't know if you're
fat or short, or acne'd or scared to talk to girls. You are
whoever you put down there. Craig became Knight Lightning at 14. And
he used his name, Knight Lightning, when he used the computer. That's
all Knight Lightning is.
At 16, he started a computer newsletter called PHRACK. You
are going to hear a lot about PHRACK. PHRACK, spelled P-h-r-a-c-k.
Why the "p-h"? In the mind of a 16-year old, because it was supposed
to deal with phone freaks and hackers, phone freaks being people who
are interested in electronic communication, and hackers being defined
a little differently than Mr. Cook and probably most of his Bell
witnesses will define it, but the way you will see the
dictionary defines it is:
"People interested in computers. People with a strong
interest in computers and seeing how they work".
So you take people interested in telephone communications, and hackers
are interested in computers, put the names together, "phone freaks"
and "hackers" and you have PHRACK. Not ingenious, but 16. And he
started PHRACK, and it was a publication that targeted those kinds of
people.
And PHRACK, just so you understand when I say "publication",
PHRACK never shows up on paper like the magazines that the judge asked
you about before. It's just all computer generated. He sits at his
little computer terminal. Somebody sends him an article, or file, or
something. He types it up. Puts PHRACK on the heading of it. Puts the
person's hacker handle, which is the phrase these guys used for their,
you know, names, like Knight Lightning, on the file, and he transmits
it through E-mail, as it is called, electronic mail, which is just
computer mail, to whoever is on the mailing list. That's PHRACK. That
is what it was, a computer newsletter. Craig and his old friend,
Randy, were the coeditors.
They went off to college together. They become college
roommates. They continued to edit PHRACK. They were budding computer
journalists, not hackers, computer journalists. And they were proud of
what they were doing, maybe wrongly, but they were.
And PHRACK began to develop a reputation. Well, it developed
a reputation of like, I don't know if you remember
back to those, if you are old enough, in the '60s, underground
newspapers. There were a lot of underground newspapers. Some of them
became full-blown real newspapers years later. Like ROLLING STONE
Magazine started out as an underground newspaper. REAL CUTTING EDGE,
some very rude stuff in it. The READER Magazine here in Chicago used
to be an underground newspaper.
That is what PHRACK was to the computer newsletter world. It
was like an underground computer newsletter. And so it had a lot of
the same characteristics that the underground press had. First of
all, nobody is charged. It is free. You don't have to pay to get an
issue of PHRACK. It is just going out free. Nobody gets paid to write
any articles in PHRACK. If you have an article, you send it in.
Everything is free. Everything is done on a shoestring. they don't
come out, first of all, every month. They come out when anybody sends
any articles in. When somebody sends an article in, there's an issue
of PHRACK. That is how it worked. Written primarily by kids with views
that were pretty juvenile, much of it terrible, downright offensive.
Much of the time, those articles he didn't write, but he was the
publisher, or coeditor, or something. So he is being held in the
prosecution responsible for what other people wrote. You'll see that.
The one thing that this newsletter PHRACK had in common with all
the other newsletters I'm talking about is this: Craig believed that
it was protected by the First Amendment, perhaps wrongly, maybe,
indeed, wrong, but that was his belief. That is no
different than any other publication.
In fact, Craig knew from classes he took in college a fair
amount about the First Amendment because as I told you Craig was not a
computer-computer-computer guy. His classes weren't: Introduction to
Computers, Secondary Introduction to Computers, and Introduction to
the Computer Investigators. No offense to those who took those
classes. He was a Political Science major. He still is. In pre-law. So
he took classes in American Government and Politics. He took classes
in Constitutional Law. He took a class in Civil Rights. He took a
class in Civil Liberties. He took a class in The Sixties. He even
thought of teaching the class. But those were the kinds of classes
that he was taking. That was his interest.
He was a a budding journalist. His goal was the free exchange
of information, not a budding hacker. And you will learn that within
the hacker community, that is, within the community of the kinds of
people that the government is going to call to the stand, Mr. Riggs,
Mr. Darden, and Mr. Grant, Craig was never accepted as one of the
group because he wasn't a hacker. He was a journalist. In fact, what
he was, he was a guy who wrote about hackers.
I have got to show you something. It will just take me a
second. I apologize.
(Chart) I don't know if you can see this. I hope you can.
Robert Riggs is going to be their witness. He is the guy who broke in
and got the 911. In July of 1989, the Secret Service went to
Robert Riggs and confronted him about what he had done, and obtained
>from him a fully statement about his illegal activities. They asked
Mr. Riggs about all the hackers he knew, what they had done, who he
had traded passwords and information with, and he told them. He had
been deeply involved. He told them how he traded passwords with Grant
and Darden, the other guys. He gave them lots of information for
hours.
At the end of his debriefing by the Secret Service, the
agents asked him about Knight Lightning. That's what he said about
Knight Lightning:
"Knight Lightning is a guy who wrote PHRACK World News.
His name is Craig, but he doesn't do any hacking."
That's all he had to say about him. And it's true. What he said that
first time was exactly right. That's who Craig was.
Within PHRACK, the part of PHRACK that was Craig--other
people might send files or articles and he published them under those
other people's names or handles--Craig's thing was something called
PHRACK World News which was to write about all the things that were
happening in the electronic communication and hacker community. He
would get clippings from people, and he would put them in and tell
people what was going on across the country in that community. That
was PHRACK World News. It had nothing to do with passing off access
codes, or passwords, or anything like that.
But one of the things that was going on in that community
around this time was the emergence of illegal hackers, okay, the
kinds of hackers that Mr. Cook was referring to, people who had no
respect for property lines, people who broke into other systems or
computers and copied things or took things, like the guys on my block
who would break into a garage to ride a bike that somebody else had
and then put it back.
And those hackers, their interest was as much in kind of
showing the world how good they were, how tough they were, how much
they could show up the establishment system, show that they could get
through security, and things like that. But they had become big news.
Police were starting to arrest some of them. Undercover security
people had begun to infiltrate some of those organizations. And
Craig, who was not a hacker, but a publisher, wrote about it. It was
his beat, and he wrote about it from the perspective of his readers,
the computer kids primarily who make up the hacking community. Those
weren't the only ones who were his readers, but they were a lot of
them.
In around the summer of '87, because of some of the
arrests, that group drew inward and kind of disbanded, and PHRACK
disbanded. There was another reason. Craig was going off to college in
'87, and he wanted to get ready for it. So for a year between the
summer of 1987 and the summer of 1988, no PHRACK. No great loss to the
world. Journalism did not weep bitter tears because PHRACK was down
for a year. But there was no PHRACK until the summer of the next year
because even though maybe the world at large didn't weep for PHRACK,
it had become part of Craig's identity. It made him
important. It made him different. It gave him another world to be a
part of. He wasn't just one of thousands of college students at the
University of Missouri. He was special. He was somebody when he was
Knight Lightning.
So he decided to bring back PHRACK. The way he did it was he
put out an announcement:
"PHRACK...return. Compiled by Knight
Lightning. Written by Knight Lightning.
Edited by Knight Lightning."
Knight Lightning was coming back big time into the journalism world of
PHRACK. He announced it in his computer newsletter of July of '87.
(Chart) And what's interesting, kind of, about that is that
that announcement is the first charge against Craig. In Count One
here, Craig is not a defendant. It's Riggs who is a defendant.
Count Two is the first one where Craig is a defendant. He
announced in his newsletter his return. And to hype it, which is what
he wanted to do, because he wanted to be important again, he announced
a summer convention and called it:
"SummerCon '88".
He decided to hold it in St. Louis because that's where he lived, and
to try to hype it some more and to get people interested in it, he
gave a name to all of this. He called it:
"The Phoenix Project".
taken from "Lethal Weapon", one point in the movie. Two main
characters talk about things that happened back in Vietnam when they
were there. One says to the other:
"Were you in the Phoenix Project?"
"Yeah".
That's where the name comes from.
And all that the Phoenix Project is, and you will see it
because you will see that issue of PHRACK, is an announcement of a
summer convention. The return of Knight Lightning. The return of
Phrack. And the announcement of a summer convention. And let me
read to you and quote what was said in that. This is the Phoenix
Project.
"The new age is here, and with the use
of every LEGAL..."
and "legal was all caps.
"...means available, the youth of today
will be able to teach the youth of
tomorrow. SummerCon '88 is a celebration
of a new beginning. No one is
directly excluded from the festivities.
The practice of passing illegal information
is not..."
and I will repeat "not".
"...a part of this convention.
"Any security consultants or members of
law enforcement agencies who wish to
attend should contact the organizing
committee as soon as possible to obtain
an invitation to the actual convention
itself."
And what is most remarkable is that that statement, that announcement,
requiring and demanding only legal acts at that convention, the
government says that's a crime. That's what Count Two is. They
say that's a crime.
Let me change the scene. July '88, SummerCon going on in St.
Louis. So hundreds of miles away in Atlanta, Georgia, months before
SummerCon, before the announcement of the Phoenix Project, Robert
Riggs has decided to nose around in BellSouth's computer. And, again,
he's just sitting in his room at his terminal. He doesn't physically
go to BellSouth's computer. He noses around their files looking for
access codes and looking for passwords that he can share with his
Legion of Doomster friends, because that's who he shares that stuff
with, certainly not with Craig. Craig doesn't do any hacking. He just
does PHRACK World News.
As he is wandering through the files of BellSouth, he sees
this 911 text file which is fancy terminology for a document. It's a
document. He sees it. And he decides, "Well, it could be interesting".
So he what is called downloads, which just means he gets a copy.
Mr. Cook refers to stealing it. There is an important
distinction. He doesn't steal it. BellSouth still has it. They have it
to this day. They have had it for the last two years. He didn't
"take" it from BellSouth. He copied it...without permission...and
downloaded it. Because once he looked at it and realized, "Well, this
isn't a password, this isn't an access code. This isn't something
good that my Legion of Doom guys would like. This is just some
bureaucratic document", he throws it, in effect, into a storage
facility. What I mean by that is that he shoots it to a computer
bulletin board that he was on called Jolnet as Mr. Cook has described
to you, and he stores it, in effect, on his account at the computer
bulletin board in Jolnet. He just throws it there. And it is there on
the bulletin board open, available, accessible by others. Anybody can
read it. And it's there. And it's there for a long time before he
bothers to do anything with it.
In fact, Bell Security finds out that it's there. Bell
Security finds out it's there before Craig ever finds out about it,
before Craig ever receives it. Bell Security knew where it was, had a
copy of it. And it was so meaningless, it was so innocuous, it was so
"not secret" and so nondangerous that they just let it sit there.
MR. COOK: I object, your Honor. This is an argument instead
of an opening statement.
THE COURT: Yes, only what you expect the evidence to show in
the case. Leave the final argument for the proper time.
MR. ZENNER: Thank you, Judge.
THE COURT: Thank you.
MR. ZENNER: That is what I expect the evidence to show, and
you will have a few witnesses and you will see the documents to prove
it. You will se that it sat there unattended for months, and that Bell
let it sit there.
When Riggs finally got around to it, he thought, "Well, I've
got nothing better to do with this thing, so I'll send it to Craig,
and maybe he can put it in PHRACK". And that is what he does.
He sends it to Craig. And Craig edits it, and he puts it in PHRACK.
Now, this document that Mr. Cook just referred to as a road
map to a life line, you're going to see this document. Let me read
you this document so you see how dangerous it is.
"When a contract for an E911 system has
been signed, it is the responsibility of
Network Marketing to establish an
implementation/cutover committee..."
MR. COOK: Objection. Objection. This is an argument again.
The jury is going to have the document in its entirety.
THE COURT: Is this document going in evidence?
MR. COOK: The document will be going in evidence.
THE COURT: You may proceed, Mr. Zenner.
MR. ZENNER: Thank you.
"...to establish and implementation/cutover
committee which should include a representative
from the SSC/MAC. Duties of the E911
implementation team include coordination of
all phases of the E911 system deployment
and the formation of an ongoing E911
maintenance subcommittee.
"In accordance with the basic SSC/MAC
strategy for provisioning, the SSC/MAC will
be over-all control office for all Node to
PSAP circuits and other services for this
customer.
"Training must be scheduled for all SSC/MAC
involved personnel during the preservice
stage of the project".
I could go on. You will have the document. If you read it in its
entirety without falling asleep, I will be surprised. It is a
bureaucratic document about administrative procedures. That's all it
is.
When Rober Riggs breaks into the computer in BellSouth and
copies the document without permission, Craig Neidorf knows nothing
about it. He participates in no way in the theft, and not a single
witness from the government will tell you otherwise.
In September or so of 1988, Robert Riggs, who is the
coschemer supposedly with Craig--and, by the way, Craig Neidorf has
never met him in person. Craig has never seen Robert Riggs, wouldn't
know him if he were sitting her in this courtroom--Robert Riggs starts
communicating with Craig. They had been on a bulletin board together
back a couple of years earlier when they were in high school. Riggs
started communicating with him, asking questions. And Craig is trying
to build a network of people again who could be subscribers or on the
mailing list of PHRACK, people in the hacking community. And they
exchange names of people and they exchange information. Craig tells
Riggs, "I'm in college". And, you know, you get that E-mail
communication. Those are crimes. Count Three, Count Four. The
government says those are crimes.
And then when Riggs shoots the 911 article to Craig through
the Jolnet system, Craig never having seen it, not knowing what's in
it, not knowing whether it has a proprietary tag or not, when Craig
opens his mail, in effect, and sees it, that's a crime. And it's a
crime, the way they have charged it here, not to Riggs, who stole it
and sent it, they've charged Craig with the crime. He received it; he
opened his mail.
The reason that it's sent to Craig is that Craig and
PHRACK can only exist if people send him articles. And if nobody
sends him anything, then there's no PHRACK. So he is constantly
bugging people to send him something, send him articles, "Send me
articles," Send me articles," Send me something," because if people
don't send him articles, no PHRACK; no PHRACK, no Knight Lightning,
just one of thousands of faceless college students. So, "Send me
stuff". And he is constantly asking most everybody to send him stuff,
and he bugs Riggs to send him stuff too.
But I suggest to you ladies and gentlemen, the evidence will
show, and Mr. Riggs, I suspect, will testify, that Craig Neidorf never
told him to steal anything, never asked him to steal anything, never
suggested to him to him (sic) to break into a computer. All Craig did
was say, "Send me an article," "Send me something". "If you got a
file, send me an article". Okay? "I want to put our PHRACK". That's
it.
The budding publisher was looking for articles. When he saw
the 911 article, it had a stamp, the stamp that Mr. Cook refers to as
a proprietary stamp. I'm not sure that's entirely right. What it said
was:
"This document should not be disseminated
outside of BellSouth without the written
permission of BellSouth."
Okay. So maybe BellSouth employees have got to get written
permission if they want to disseminate it. He wasn't a BellSouth
employee. He had gotten it for publication in his newsletter. And
it reminded im of another article that he had put in PHRACK, which
was, again, just a bell document that he had gotten when he took a
tour of Southwestern Bell's Telephone facilities with Randy Tischler
and Randy's dad, and they had given him a document about how those
switching systems worked or how one of the things worked. Craig
published that in PHRACK. Now, that didn't have a stamp, but it read
like the same kind of document that he was seeing here. And he thinks,
"Oh, this is probably the same kind of Bell document here," and it had
"Southern Bell" all over it, so he knew it was from Southern Bell. But
he thinks, "Perhaps maybe they didn't take the stamp off that. Maybe
they should have". And when he sends it back to Riggs to show him how
he had edited it, he leaves the proprietary part in it. He leaves
that, you know:
"Don't distribute it outside BellSouth
without written permission".
He leaves that in there. He could have just deleted it, you know,
hit the delete button on the computer, and it's gone. He leaves it
in. He thinks there is nothing wrong with it. And that's when he
puts:
"(Whoops!)"
in parentheses, as if to say, "Ah, they forgot to take that out, those
Bell people". No big deal.
He sends it to Riggs. Riggs looks at it and says, "No, take
that out". Craig decides, "Okay, I'll edit it. I'll take it out". He
edits the thing, and he publishes it in PHRACK. And that's that.
That's the crime. That's why we're here.
Ten counts...eleven counts. Ho many have we got? Ten
against him. The first one is against riggs. That's all it
is...publication in PHRACK.
Not much happens a long time later...except remember Mr.
Cook told you about this AT&T source code Trojan horse thing? It
sounded like a serious thing. Craig got that. Somebody sent it to him.
Again, somebody shoots him an article, a guy named Len Rose. He sends
him this AT&T thing.
But in contrast to the E911 document, this AT&T thing has a
copyright stamp, not just on the front, but on every page or
thereabouts, "Copyright". Okay? And then some serious language--I
don't have it memorized--showing that this is a serious document,
okay, all that. Now, what does Craig do with that one? He sends a
message to a guy at Bellcore, somebody in security at Bell, and says,
"What should I do about this? It has got a 'copyright' on it, and it
was submitted to me to publish in PHRACK. You know, can I publish it
or can't I? Give me some legal advice". What's wrong with that? And he
never did publish it, and that is what the evidence will show.
Time passes...lots of time. All the time, Bell knows about
this 911 article sitting around. Finally, in January, 1990, almost a
year since it has been sitting there with Bell knowing about it, they
do something. They contact the Secret Service or Secret Service
contacts them or whatever. They decide, "We had better do something
about this secret document being available to the public." They go
after Craig. They go to his frat dorm at the University of Missouri.
Two Secret Service agents, a Southwestern Bell police
officer and a security officer from the University of Missouri
converge upon Craig in his dorm, and for four hours they interrogate
him...four hours. They start asking him questions about this
publication of his. And they read him his rights. They do all of the
right things. And he talked to them. He's a guy who's taken
Constitutional Law, and he's taken Judicial Process, he's taken
American Government and Politics. He knows he has got a right to a
lawyer. He knows he doesn't have to say anything. He talks to them and
he explains. And they say:
"Do you publish PHRACK?"
He said:
"Yes."
They say: "Did you publish this article?"
and show him the article?
He said:
"Yes."
"Who did you get it from?"
and he tells them:
"The Prophet"
which is the name that Riggs goes by.
He tells them. They have questions...he answers. They
ask for documents:
"Show me. Have you got copies of PHRACK?""
He goes up to his room and brings back file folders. Okay.
Nice organized three-ring file folders of PHRACK.
"Here, take them. Take them,
Mr. Agent. What else to you want?
"We want a phone list. We want a mailing
list of all your people on your mailing
list."
"No problem."
And he goes to his room and gets the mailing list.
"What else do you want?
Whatever they asked for, he gave them. For four hours, he talked to
them. And for four hours, or thereabouts, he kept denying that he knew
that this thing was stolen when he had gotten it, the 911. And the
agents kept pushing him on it. That seemed to be their point: To get
him to agree with them that he knew it was stolen. And they pushed him
on it. But, eventually, at the end, eventually, he thought, "Well, I
don't know that there is anything wrong with what I've done".
MR. COOK: I'm going to object, Judge. He's going into the area of
argument again. I object on that basis.
THE COURT: You expect the evidence to show that?
MR. ZENNER: I expect the evidence to show that at the conclusion
of that time, the agents had Mr. Neidorf write a statement, and it is
part his words and part the agents' words, but they have it done in
Mr. Neidorf's handwriting, in Craig's handwriting. And here's what
they get him to write:
"In the back of my mind, I guess I knew
the file was stolen and probably
shouldn't be in my possession. I just
never really thought about it and never
once believed the information could be
used to hurt anyone. I thought it was a
Freedom of Information situation, and by
deleting enough of the file, no one could
use what was left to bring forth any harm
or damage.
"Randy and I never meant to hurt anyone or
cause them trouble. We always believed
the newsletter was legal and covered under
Freedom of Information.
"I am willing to cooperate."
and cooperate he did. He gave them everything they asked for.
Then they wanted him to place a call to Randy, his oldest
friend, to tell Randy that they were there, and to have him come over
and cooperate, too. And he agreed to do that. He called Randy. Randy
wasn't home. Not his fault. And finally the agents leave.
He hadn't broken into any system. He hadn't stolen anything.
He hadn't profited from the publication in anyway. He wasn't even a
hacker, the evidence will show. He was just the publisher of PHRACK.
And he believed that the First Amendment, or, as he put it, Freedom of
Information protected publishers of information. He didn't think he
had done anything wrong. He didn't think he had deceived anybody. But
it wasn't enough.
Inspite of his offers to cooperate, the Secret Service came
back the next day with a search warrant this time, went through all
his drawers, went through is closets, looking for something, looking
for passwords or something. They never found any.
Craig again cooperated. They take more stuff. He thinks, "It's
over". It's not. They tell him when they leave his room, the Secret
Service agents tell him, this is a Friday afternoon, they tell him:
"Craig, either you will call Assistant United
States Attorney William Cook on Monday
or you're getting indicted on Tuesday."
Well, he gets himself a lawyer in St. Louis, a guy named
Arthur Margoulis, a former FBI agent. And they decide, "We'll send
Craig to meet with this Mr. Cook and to meet with the Secret Service
and try to explain all of this."
And, indeed, on Monday, the following Monday, up Craig
comes. No immunity letters, nothing. He just comes up, and for hours,
he answers questions posed to him by the Secret Service.
They ask him about other publications. They ask him about
subscribers. They ask him about everything in the world they can think
of to ask him for hours and hours, and he answers their questions.
They never asked him that Monday about the 911 file. They
never asked him about what the Phoenix Project is. They never asked
him any of that stuff. But he answers their questions. And he goes
home and he thinks, "I've done it. I have at least explained this, and
maybe this nightmare will end".
A week later he is indicted. That's how we got here. The
government said they would get back to him, and they did...they
indicted him. And that's where Craig stands today...indicted, on
trial, with his fate in your hands.
The evidence will show, ladies and gentlemen, he didn't
steal the 911 article, he didn't break into any computer system, he
didn't "screw around" with any computers. He was not a member of the
Legion of Doom. He was not a trespasser. He was not even a hacker. He
was a publisher of a juvenile computer newsletter named PHRACK, and he
believed in the First Amendment. Nineteen-year old Craig Neidorf did
nothing wrong. He believed he had done nothing illegal. He published a
document. He opened his mail. He believed in the First Amendment.
The only crime on that list of the government was on Count
One, crime committed by Robert Riggs who broke into the computer
system, who will be testifying on behalf of the government. That's the
only crime you'll hear about.
To remember is to understand. To remember what it's like to
be 14, or 15, or 16, or 17, or 18, or 19. To remember what it's like
to do some stupid things. But stupid things, doing stupid things isn't
illegal...and a good thing for all of us, I suspect.
People make mistakes. It is possible that Craig Neidorf made
a mistake about the First Amendment and its protection of him if he
had stolen information in PHRACK. In fact, I expect the judge will
instruct you at the appropriate time that the First Amendment does not
protect that kind of conduct. And Craig was wrong about that. He made
a mistake. What you will learn through this case is that lots of
people make mistakes. You will learn that Mr. Foley
trying to do his job, trying to do the best job he can, has made a
number of mistakes. You will learn that the Bell employees, trying to
do the best job they can, have made a number of mistakes. Take a look
at this (chart). Neidorf, N-e-i-d-o-r-f. Niedorf, N-i-e-d-o-r-f.
N-i-e-d-o-r-f. He spells it N-e-i-d-o-r-f. He pronounces it "Ny-dorf",
not "Ne-dorf". They made mistakes. Big deal! It doesn't make the
chart wrong. But they made mistakes.
When Mr. Cook makes a mistake, it's okay. When Mr. Foley
makes a mistake, it's okay. And when Bell people make a mistake and let
the thing sit there for a year unattended, it's okay. But when this
young man makes a mistake, he's indicted, he's on trial today before
you, and it's not funny.
Mr. Cook told you riddles. I have no stomach for riddles. I
have no stomach for jokes about this. This is a serious thing, as serious
a thing as can happen to anyone.
At the end of this case, we can only pray that you will find
that the things that Craig Neidorf did were no crime. And when you
hear the evidence and you go back to the jury room, you will return a
verdict. When you come back here and the foreperson, whoever it is who
delivers that verdict, says the words, they will be the most important
words that young man has ever heard in his life or is likely to ever
hear again. God willing, when the foreperson says those words, he will
be able to leave this courtroom with his hand in his parent's hand.
Thank you.
THE COURT: Thank you, Mr. Zenner.
Ladies and gentlemen, we're going to break for lunch. I will
ask you to return at one o'clock. Have a nice luncheon, and see you
back here then.
------------------------------
End of Computer Underground Digest #4.07
************************************
Computer underground Digest Fri, Feb 21, 1992 Volume 4 : Issue 08
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Associate Editor: Etaion Shrdlu
CONTENTS, #4.08 ( Feb 21, 1992)
File 1--"Computer down-underground Digest (CDUGD)
File 2--CuD articles on Craig Neidorf's legal expenses
File 3--Update Of Info. In 2/5/92 Newsbytes Article On BBS Phone Rates
File 4--FULL TEXT: Calif. data-priv/comp.crime bill
Issues of CuD can be found in the Usenet alt.society.cu-digest news
group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG,
and DL0 and DL12 of TELECOM, on Genie, on the PC-EXEC BBS at (414)
789-4210, and by anonymous ftp from ftp.cs.widener.edu (147.31.254.132),
chsun1.spc.uchicago.edu, and ftp.ee.mu.oz.au. To use the U. of
Chicago email server, send mail with the subject "help" (without the
quotes) to archive-server@chsun1.spc.uchicago.edu.
NOTE: THE WIDENER SITE IS TEMPORARILY RE-ORGANIZING AND IS CURRENTLY
DIFFICULT TO ACCESS. FTP-ERS SHOULD USE THE ALTERNATE FTP SITES UNTIL
FURTHER NOTICE.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to the
Computer Underground. Articles are preferred to short responses.
Please avoid quoting previous posts unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Sun Feb 16 08:28:41 1992 GMT
From: aaron@NACJACK.GEN.NZ
Subject: "Computer down-underground Digest" (CDUGD)
Hello from New Zealand! A few friends and I are starting up an
electronic publication similar to CuD to be called 'Computer - Down -
Under Ground Digest' (CDUGD). Its content will be similar to that of CuD,
but it will mainly deal with computing issues in New Zealand.
Since there has been some interest from outside of New Zealand, CDUGD
will be available for reading on the alt.hackers Usenet newsgroup.
Please send any suggestions/comments to: aaron@nacjack.gen.nz
Aaron Schiff
Editor, CDUGD
((Moderators' note: Aaron asked if we minded the similarity between
the title of his project and CuD. We have no objections, and wish him
well in his endeavor)).
------------------------------
Date: Tue, 18 Feb 92 22:13:31 EST
From: Keith Moore <moore@CS.UTK.EDU>
Subject: CuD articles on Craig Neidorf's legal expenses
I have read repeated pleas on various networked discussion groups for
readers to help defray Craig's legal expenses. While I sympathize
with his position and am in fact willing to help, I'm sure many of the
readers would like to know what all of that money was spent for. I
want to help Craig, but I don't like the idea of giving over money to
lawyers. The high price of legal help is arguably as much of the
problem as the reckless disregard for law and due process demonstrated
by the government.
Also, why are we asked to send money directly to the law firm that
defended Craig, and not to Craig himself?
I'm sure I'm not the only one among your readership with these kinds
of questions, and would appreciate it if you could address them in a
future issue of CuD. Perhaps the computer underground, realizing how
much we are at the mercy of both lawyers and the government, would
find it in its interest to act to curtail their powers.
------------------------------
Date: Wed, 12 Feb 92 11:10:29 PDT
From: lorbit!walter_s@UCBVAX.BERKELEY.EDU(Walter Scott)
Subject: Update Of Info. In 2/5/92 Newsbytes Article On BBS Phone Rates
If you do not recall, or are otherwise unaware, there is a
complaint (docket #UC-205) filed before the Oregon Public Utility
Commission intended to prevent US West from reclassifying BBS phone
lines to business rates. SysOp Tony Wagner filed the complaint back in
October. On 2/5/92, Dana Blankenhorn of Newsbytes Magazine released a
story, subsequently published in Newsbytes, that covered the Wagner
complaint. What follows is my own efforts to update Blankenhorn's
information. Herein, find corrections of some items reported by
Blankenhorn or simply left out of his article.
Over the weekend of 2/8/92, I managed to conduct a short interview
with Tony Wagner of Portland, Oregon and First Choice Communications
BBS. I learned that Wagner's BBS is still online. This is contrary to
my understanding of the 2/5/92 Newsbytes story by Dana Blankenhorn.
Wagner's BBS is available at:
503-297-0278
503-297-0279
503-297-0343 [RESTRICTED ACCESS]
Wagner mentions his dispute with US West in bulletin #1 on his
system. Here is full text of that bulletin.
======================= TEXT BEGINS ===============================
Well The U.S. West phone company has decided that ALL
Phone lines that have modems on them Should be classed
As Business Lines..
I have run a FREE Bulletin Board System for years out
of my own pocket with out ever asking users to help
pay the Cost of running the system..
This will have to change if U.S. West has their way
So please leave me mail as to how you feel about this
better yet Call the Phone Company and tell them how you
feel..
If this happens I will do something like a Pay system
that will cost around $1.00-3.00 Per hour depending
on what parts of the BBS you want to use The Advantage
to you will be unlimited Time on NO Time Limits If it
get to busy I will add more lines Wildcat can handle
250 Lines :-)
I may then even add a bunch of Doors with Games Etc.
========================== TEXT ENDS ==============================
Wagner's legal expenses were not dealt with in the manner implied
by Newsbytes on 2/5/92. Although an investigation of Wagner's
"Pacific Northwest Phone's" conference (the location on Wagner's system
of the FidoNet PNWBELL echo) would indicate that the subject of others
chipping in to pay for legal services was broached, Wagner informed me
that no group of SysOps or users ever paid for, or attempted to pay
Richard Samuels (Wagner's original attorney).
Richard Samuels withdrew from Wagner's complaint filing at the
Oregon Public Utility Commission shortly before a December 10 hearing
date. Wagner represented himself at that hearing.
The "Pacific Northwest Phone's" conference on First Choice
Communications additionally reveals an important item of interest. It
is apparent that US West and SouthWestern Bell are sharing information
about disputes with BBS operators in their respective operating
jurisdictions. Such is illustrated in the following message pulled from
the "Pacific Northwest Phone's" conference on First Choice Communications.
=========================== TEXT BEGINS ==============================
From : SCOTT LENT Number : 223 of 241
To : ALL Date : 01/10/92 11:56am
Subject : a note Reference : NONE
Read : [N/A] Private : NO
Conf : 505 - Pacific Northwest Phone's
That may or may not be of interest to those of you serviced by US West:
A group of sysops in Missouri met with representatives from Southwestern Bell
on 01/07/92 in St. Louis for the second in a series of negotiations. At the
meeting, William Bailey, District Manager-Rate Administration, divulged that
he had been in contact with "someone from US West," and that their
conversation included discussion of their respective telephone tariffs.
Specifically, he made reference to your (Oregon's) tariff wording that
refers to "domestic use."
This information is two-fold. First, you now know that your RBOC people are
in contact with others about tariff wording. Secondly, your RBOC people are
aware that other RBOCs are negotiating with their consumers over regulations
that affect the modeming community.
Scott
--- DB B1056/004017
* Origin: GKCSA-the ultimate bal...er...Bell buster (1:280/310)
=========================== TEXT ENDS =================================
Wagner has retained attorney Kevin Myles to represent him in his
complaint case at the Oregon Public Utility Commission. Myles has until
March 3, 1992 to file a brief. A round of reply briefs, from the
opposing parties in the complaint, is also possible.
Walter Scott
--
"Lightfinger" Rayek's Friendly Casino: 206/528-0948, Seattle, Washington.
------------------------------
Date: Mon, 17 Feb 92 19:19:18 PST
From: autodesk!megalon!jwarren@FERNWOOD.MPK.CA.US(Jim Warren)
Subject: FULL TEXT: Calif. data-priv/comp.crime bill
This includes the full text of legislation that was introduced Feb.
10th in the California State Senate by a senior member of that body,
the Chair of the Senate Judiciary Committee, Senator Bill Lockyer of
Southern Alameda County. This copy of the bill plus staff background
comments is being uploaded within days of its availability in Senate
offices.
SB1447 TOPICS
Sec.1: "Privacy Act of 1992", Senate Bill 1447 (Lockyer, Privacy)
Sec.2: Driver's licenses: Use of human-readable and magstripe information
Sec.3: Privacy: Rights of employees and prospective employees
Sec.4: Computer crime laws: Modifications
Sec.5: Automatic vehicle identification [AVI] systems: Control of uses
CONTENTS OF THIS MESSAGE [words/chars]
Introductory comments and details of notation conventions [757/5191]
Reformatted verbatim text of the Feb. 10th bill [3227/21285]
Background notes prepared by Sen. Lockyer's assistant [2465/15546]
If printed, this would take approximately 12 pages.
REPORTEDLY A LEGISLATIVE "FIRST"
This effort in "electronic democracy" may be the first time that state
legislation has been distributed online, for access by the general public,
at the same time it becomes available to legislators and their staff.
A senior member of the Senate computer system's technical staff reportedly
said they have never-before down-loaded a machine-readable copy of initial
legislation onto a personal computer for redistribution on public computer
networks.
Furthermore, Sen. Lockyer's Legislative Assistant responsible for the bill
said he knows of no prior instance where legislative staff have gone online
on public nets to seek citizen input and discussion about new legislation.
SOURCES OF ORIGINAL DOCUMENTS & INFORMATION
Mr. Ben Firschein is the Legislative Assistant to Sen. Lockyer who is
handling this bill:
Office of Senator Bill Lockyer
Room 2032, State Capitol
Sacramento CA 95814
Mr. Firschein/916-445-6671, main number/916-445-5957, email/**
Formatted, binary, machine-readable versions of this text will be
available on the WELL, the Whole Earth 'Lectronic Link. The WELL is a public
teleconferencing system located in Sausalito, California, accessible via the
Internet; voice/415-332-4335, 2400-baud data/7-E-1/415-332-6106. For read-
only access instructions, SEND A REQUEST TO: jwarren@well.sf.ca.us.
** -- Mr. Firschein will be online on the WELL within a week or so. You may
request his email address, also, from jwarren@well.sf.ca.us.
There will be four read-only files:
A. The original file that was down-loaded from the Senate's legislative
computer system in WordPerfect format on a PC-compatible diskette.
B. The above file, converted to a Word-5.0 Macintosh format, with
pagination approximating the printed copies of the bill available from the
legislative offices.
C. Background information, explanations and mention of some alternatives,
prepared by Mr. Firschein, in original WordPerfect format for PC-compatibles.
D. That backgrounder file, converted to Word-5.0 Macintosh format.
REPRESENTING LEGISLATION-IN-PROGRESS: A NOTATION PROBLEM
In the California Senate, printed legislation-in-progress uses the
following conventions:
When stating new legislation, *plain-text* states PROPOSED law.
When *amending* current law, *plain-text* states the CURRENT law, and
*strike-thru text* indicates current law to be deleted while *underscored* or
*italicized* text represents wording to be added to those current statutes.
Deletions and additions represented by strike-thru and underlining or italics
*amend* current law.
But, the basic ASCII character-set -- and a great many older terminals and
computer printers -- have no strike-thru, italics or underlining. So, here
is how that unavailable notation is represented in this document:
[[ annotation ]] -- explanatory comments by "uploader" Jim Warren
all capitals -- originally bold-face text; no legislative meaning
Unless stated as amending current law:
plain-text -- text of new legislation, proposed to be new law
When stated as amending current law:
plain-text -- text of current law to remain unchanged
<< strikethru >> -- text in current law, proposed for deletion
{{ underscore }} -- text proposed to be added to current law.
THE BEGINNING ...
The introduction of this legislation in the Senate is the beginning of
a lengthy process or review and revision by amendment, prior to its possible
passage into law.
Please send your comments and suggestions about the legislation -- and
about the Senate staff's active cooperation in making it publicly available,
online -- to Mr. Firschein and Sen. Lockyer.
--Jim Warren, 345 Swett Rd., Woodside CA 94062; voice/415-851-7075,
fax/415-851-2814, email/jwarren@well.sf.ca.us -or- jwarren@autodesk.com
[ for identification purposes, only: contributing editor, MicroTimes;
Chair, First Conference on Computers, Freedom & Privacy (March, 1991);
and member, Board of Directors, Autodesk, Inc.; blah blah blah ]
===================== verbatim text of the legislation =====================
"THE PRIVACY ACT OF 1992" -- CALIFORNIA STATE SENATE BILL No. 1447
Introduced by Senator Lockyer
February 10, 1992
An act to add Section 1799.4 to the Civil Code, to add Section 2805 to the
Labor Code, to amend Section 502 of the Penal Code, and to amend Section
27565 of the Streets and Highways Code, relating to privacy.
LEGISLATIVE COUNSEL'S DIGEST
[[**** The Legislative Counsel's Digest is NOT part of the bill. It is
only a summary prepared by the legislature's legal counsel. ****]]
SB 1447, as introduced, Lockyer. Privacy.
(1) Existing law prohibits the disclosure of specified information by
business entities which perform bookkeeping services and by persons providing
video cassette sales or rental services.
This bill would provide that a business entity that obtains information
from a consumer's driver's license or identification card shall not sell the
information or use it to advertise goods or services, without consent.
(2) Existing law prohibits employers from making or enforcing rules or
policies forbidding or preventing employees from engaging or participating in
politics, and from controlling the political activities or affiliations of
employees.
This bill would provide that any employer shall be liable to an employee
or prospective employee for damages caused by subjecting the employee to
discipline or discharge, or denying employment to a prospective employee, on
account of the exercise by that person of privacy rights guaranteed by the
California Constitution.
(3) Existing law sets forth definitions and penalties for specified
computer-related crimes.
This bill would require the owner or lessee of any computer, computer
system, computer network, computer program, or data, as specified, to report
to a local law enforcement agency any known violations of the provisions
described above. The bill would also provide that any person who recklessly
stores or maintains data in a manner which enables a person to commit acts
leading to a felony conviction under the provisions described above, shall be
liable to each injured party for a specified civil penalty. The bill would
make related changes.
(4) Existing law requires the Department of Transportation to develop and
adopt functional specifications and standards for an automatic vehicle
identification system to be used in toll facilities, as specified.
This bill would provide that a vehicle owner shall have the choice of
being billed after using the facility, or of prepaying tolls, in which case
the department or any privately owned entity operating a toll facility shall
issue an account number to the vehicle owner which is not derived from the
vehicle owner's name, address, social security number, or specified other
sources, and would prohibit the keeping of any record of this information.
Vote: majority. Appropriation: no. Fiscal committee: yes.
State-mandated local program: no.
THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:
SECTION 1. This act shall be known and may be cited as the Privacy Act of
1992.
SEC. 2. Section 1799.4 is added to the Civil Code, to read:
1799.4. A business entity that obtains information from a consumer's
driver's license or identification card for its business records or for other
purposes shall not sell the information or use it to advertise goods or
services, without the written consent of the consumer.
SEC. 3. Section 2805 is added to the Labor Code, to read:
2805. (a) Any employer, including any state or local governmental entity
or instrumentality thereof, shall be liable to an employee or prospective
employee for damages caused by either of the following:
(1) Subjecting the employee to discipline or discharge on account of the
exercise by the employee of privacy rights guaranteed by Section 1 of Article
I of the California Constitution, provided the activity does not
substantially interfere with the employee's bona fide job performance or
working relationship with the employer.
(2) Denying employment to a prospective employee on account of the
prospective employee's exercise of privacy rights guaranteed by Section 1 of
Article I of the California Constitution.
(b) Damages awarded pursuant to this section may include punitive damages,
and reasonable attorney's fees as part of the costs of the action. If the
court decides that an action for damages was brought without substantial
justification, the court may award costs and reasonable attorney's fees to
the employer.
SEC. 4. Section 502 of the Penal Code is amended to read:
[[**** Note that this would AMEND current law. ****]]
502. (a) It is the intent of the Legislature in enacting this section to
expand the degree of protection afforded to individuals, businesses, and
governmental agencies from tampering, interference, damage, and unauthorized
access to lawfully created computer data and computer systems. The
Legislature finds and declares that the proliferation of computer technology
has resulted in a concomitant proliferation of computer crime and other forms
of unauthorized access to computers, computer systems, and computer data.
The Legislature further finds and declares that protection of the
integrity of all types and forms of lawfully created computers, computer
systems, and computer data is vital to the protection of the privacy of
individuals as well as to the well-being of financial institutions, business
concerns, governmental agencies, and others within this state that lawfully
utilize those computers, computer systems, and data.
(b) For the purposes of this section, the following terms have the
following meanings:
(1) "Access" means to gain entry to, instruct, or communicate with the
logical, arithmetical, or memory function resources of a computer, computer
system, or computer network.
(2) "Computer network" means any system which provides communications
between one or more computer systems and input/output devices including, but
not limited to, display terminals and printers connected by telecommunication
facilities.
(3) "Computer program or software" means a set of instructions or
statements, and related data, that when executed in actual or modified form,
cause a computer, computer system, or computer network to perform specified
functions.
(4) "Computer services" includes, but is not limited to, computer time,
data processing, or storage functions, or other uses of a computer, computer
system, or computer network.
(5) "Computer system" means a device or collection of devices, including
support devices and excluding calculators which are not programmable and
capable of being used in conjunction with external files, one or more of
which contain computer programs, electronic instructions, input data, and
output data, that performs functions including, but not limited to, logic,
arithmetic, data storage and retrieval, communication, and control.
(6) "Data" means a representation of information, knowledge, facts,
concepts, computer software, computer programs or instructions. Data may be
in any form, in storage media, or as stored in the memory of the computer or
in transit or presented on a display device.
(7) "Supporting documentation" includes, but is not limited to, all
information, in any form, pertaining to the design, construction,
classification, implementation, use, or modification of a computer, computer
system, computer network, computer program, or computer software, which
information is not generally available to the public and is necessary for the
operation of a computer, computer system, computer network, computer program,
or computer software.
(8) "Injury" means any alteration, deletion, damage, or destruction of a
computer system, computer network, computer program, or data caused by the
access.
(9) "Victim expenditure" means any expenditure reasonably and necessarily
incurred by the owner or lessee to verify that a computer system, computer
network, computer program, or data was or was not altered, deleted, damaged,
or destroyed by the access.
(10) "Computer contaminant" means any set of computer instructions that
are designed to modify, damage, destroy, record, or transmit information
within a computer, computer system, or computer network without the intent or
permission of the owner of the information. They include, but are not
limited to, a group of computer instructions commonly called viruses or
worms, which are self-replicating or self-propagating and are designed to
contaminate other computer programs or computer data, consume computer
resources, modify, destroy, record, or transmit data, or in some other
fashion usurp the normal operation of the computer, computer system, or
computer network.
(c) Except as provided in subdivision (h), any person who commits any of
the following acts is guilty of a public offense:
(1) Knowingly accesses and without permission alters, damages, deletes,
destroys, or otherwise uses any data, computer, computer system, or computer
network in order to either (A) devise or execute any scheme or artifice to
defraud, deceive, or extort, or (B) wrongfully control or obtain money,
property, or data.
(2) Knowingly accesses and without permission takes, copies, or makes use
of any data from a computer, computer system, or computer network, or takes
or copies any supporting documentation, whether existing or residing internal
or external to a computer, computer system, or computer network.
(3) Knowingly and without permission uses or causes to be used computer
services.
(4) Knowingly accesses and without permission adds, alters, damages,
deletes, or destroys any data, computer software, or computer programs which
reside or exist internal or external to a computer, computer system, or
computer network.
(5) Knowingly and without permission disrupts or causes the disruption of
computer services or denies or causes the denial of computer services to an
authorized user of a computer, computer system, or computer network.
(6) Knowingly and without permission provides or assists in providing a
means of accessing a computer, computer system, or computer network in
violation of this section.
(7) Knowingly and without permission accesses or causes to be accessed any
computer, computer system, or computer network.
(8) Knowingly introduces any computer contaminant into any computer,
computer system, or computer network.
(d) (1) Any person who violates any of the provisions of paragraph (1),
(2), (4), or (5) of subdivision (c) is punishable by a fine not exceeding ten
thousand dollars ($10,000), or by imprisonment in the state prison for 16
months, or two or three years, or by both that fine and imprisonment, or by a
fine not exceeding five thousand dollars ($5,000), or by imprisonment in the
county jail not exceeding one year, or by both that fine and imprisonment.
(2) Any person who violates paragraph (3) of subdivision (c) is punishable
as follows:
(A) For the first violation which does not result in injury, and where the
value of the computer services used does not exceed four hundred dollars
($400), by a fine not exceeding five thousand dollars ($5,000), or by
imprisonment in the county jail not exceeding one year, or by both that fine
and imprisonment.
(B) For any violation which results in a victim expenditure in an amount
greater than five thousand dollars ($5,000) or in an injury, or if the value
of the computer services used exceeds four hundred dollars ($400), or for any
second or subsequent violation, by a fine not exceeding ten thousand dollars
($10,000), or by imprisonment in the state prison for 16 months, or two or
three years, or by both that fine and imprisonment, or by a fine not
exceeding five thousand dollars ($5,000), or by imprisonment in the county
jail not exceeding one year, or by both that fine and imprisonment.
(3) Any person who violates paragraph (6), (7), or (8) of subdivision (c)
is punishable as follows:
(A) For a first violation which does not result in injury, an infraction
punishable by a fine not exceeding two hundred fifty dollars ($250).
(B) For any violation which results in a victim expenditure in an amount
not greater than five thousand dollars ($5,000), or for a second or
subsequent violation, by a fine not exceeding five thousand dollars ($5,000),
or by imprisonment in the county jail not exceeding one year, or by both that
fine and imprisonment.
(C) For any violation which results in a victim expenditure in an amount
greater than five thousand dollars ($5,000), by a fine not exceeding ten
thousand dollars ($10,000), or by imprisonment in the state prison for 16
months, or two or three years, or by both that fine and imprisonment, or by a
fine not exceeding five thousand dollars ($5,000), or by imprisonment in the
county jail not exceeding one year, or by both that fine and imprisonment.
[[**** Use of << STRIKETHRU >> and {{ UNDERSCORE }} begins, hereafter. ****]]
(e) (1) In addition to any other civil remedy available, {{ any injured
party, including but not limited to }} the owner or lessee of the
computer, computer system, computer network, computer program, or data may
bring a civil action against any person convicted under this section for
compensatory damages, including {{ consequential or incidental damages. In
the case of the owner or lessee of the computer, computer system, computer
network, computer program, or data, damages may include, but are not limited
to,}} any expenditure reasonably and necessarily incurred by the owner or
lessee to verify that a computer system, computer network, computer program,
or data was or was not altered, damaged, or deleted by the access. << For >>
[[**** Yes, that was a struck-thru "For" ending that paragraph. ****]]
{{ (2) Any person who recklessly stores or maintains data in a manner
which enables a person to commit acts leading to a felony conviction under
this section shall be liable to each injured party for a civil penalty of ten
thousand dollars ($10,000), up to a maximum of fifty thousand dollars
($50,000). Failure to report a previous violation of this section to a local
law enforcement agency pursuant to subdivision (f) may constitute evidence of
recklessness }}
{{ (3) For }} the purposes of actions authorized by this subdivision, the
conduct of an unemancipated minor shall be imputed to the parent or legal
guardian having control or custody of the minor, pursuant to the provisions
of Section 1714.1 of the Civil Code.
<< (2) >>
{{ (4) }} In any action brought pursuant to this subdivision the court may
award reasonable attorney's fees to a prevailing party.
<< (3) >>
{{ (5) }} A community college, state university, or academic institution
accredited in this state is required to include computer-related crimes as a
specific violation of college or university student conduct policies and
regulations that may subject a student to disciplinary sanctions up to and
including dismissal from the academic institution. This paragraph shall not
apply to the University of California unless the Board of Regents adopts a
resolution to that effect.
(f) {{ The owner or lessee of any computer, computer system, computer
network, computer program, or data shall report to a local law enforcement
agency, including the police, sheriff, or district attorney, any known
violations of this section involving the owner or lessee's computer, computer
system, computer network, computer program, or data. The reports shall be
made within 60 days after the violations become known to the owner or
lessee. }}
{{ (g) }} This section shall not be construed to preclude the
applicability of any other provision of the criminal law of this state which
applies or may apply to any transaction, nor shall it make illegal any
employee labor relations activities that are within the scope and protection
of state or federal labor laws.
<< (g) >>
{{ (h) }} Any computer, computer system, computer network, or any software
or data, owned by the defendant, which is used during the commission of any
public offense described in subdivision (c) or any computer, owned by the
defendant, which is used as a repository for the storage of software or data
illegally obtained in violation of subdivision (c) shall be subject to
forfeiture, as specified in Section 502.01.
<< (h) >>
{{ (i) }} (1) Subdivision (c) does not apply to any person who accesses
his or her employer's computer system, computer network, computer program, or
data when acting within the scope of his or her lawful employment.
(2) Paragraph (3) of subdivision (c) does not apply to any employee who
accesses or uses his or her employer's computer system, computer network,
computer program, or data when acting outside the scope of his or her lawful
employment, so long as the employee's activities do not cause an injury, as
defined in paragraph (8) of subdivision (b), to the employer or another, or
so long as the value of supplies and computer services, as defined in
paragraph (4) of subdivision (b), which are used do not exceed an accumulated
total of one hundred dollars ($100).
<< (i) >>
{{ (j) }} No activity exempted from prosecution under paragraph (2) of
subdivision << (h) >> {{ (i) }} which incidentally violates paragraph (2),
(4), or (7) of subdivision (c) shall be prosecuted under those paragraphs.
<< (j) >>
{{ (k) }} For purposes of bringing a civil or a criminal action under this
section, a person who causes, by any means, the access of a computer,
computer system, or computer network in one jurisdiction from another
jurisdiction is deemed to have personally accessed the computer, computer
system, or computer network in each jurisdiction.
<< (k) >>
{{ (l) }} In determining the terms and conditions applicable to a person
convicted of a violation of this section the court shall consider the
following:
(1) The court shall consider prohibitions on access to and use of
computers.
(2) Except as otherwise required by law, the court shall consider
alternate sentencing, including community service, if the defendant shows
remorse and recognition of the wrongdoing, and an inclination not to repeat
the offense.
SEC. 5. Section 27565 of the Streets and Highways Code is amended to read:
[[** NOTE: This is another amendment, with strikethrus and underscores. **]]
27565. (a) The Department of Transportation, in cooperation with the
district and all known entities planning to implement a toll facility in this
state, shall develop and adopt functional specifications and standards for an
automatic vehicle identification system, in compliance with the following
objectives:
(1) In order to be detected, the driver shall not be required to reduce
speed below the applicable speed for the type of facility being used.
(2) The vehicle owner shall not be required to purchase or install more
than one device to use on all toll facilities, but may be required to have a
separate account or financial arrangement for the use of these facilities.
(3) The facility operators shall have the ability to select from different
manufacturers and vendors. The specifications and standards shall encourage
multiple bidders, and shall not have the effect of limiting the facility
operators to choosing a system which is able to be supplied by only one
manufacturer or vendor.
(b) {{ The vehicle owner shall have the choice of prepaying tolls, or
being billed after using the facility. If the vehicle owner prepays tolls:
(1) The department or any privately owned entity operating a toll facility
shall issue an account number to the vehicle owner. The account number shall
not be derived from the vehicle owner's name, address, social security
number, or driver's license number, or the vehicle's license number, vehicle
identification number, or registration.
(2) Once an account has been established and an account number has been
given to the vehicle owner, neither the department nor the privately owned
facility shall keep any record of the vehicle owner's name, address, social
security number, or driver's license number, or the vehicle's license number,
vehicle identification number, or registration.
(3) The vehicle owner may make additional prepayments by specifying the
account number and furnishing payment. }}
{{ (c) }} Any automatic vehicle identification system purchased or
installed after January 1, 1991, shall comply with the specifications and
standards adopted pursuant to subdivision (a).
{{ (d) Any automatic vehicle identification system purchased or installed
after January 1, 1993, shall comply with the specifications and standards
adopted pursuant to subdivisions (a) and (b). }}
[[**** END OF SB 1447, DATED FEBRUARY 10, 1992 ****]]
=============== background comments by legislative assistant ===============
[[**** In this section, since underlining is for emphasis, only, and has no
legal meaning, I changed Mr. Firschein's underlined text to all-caps. ****]]
California State Senate
Bill Lockyer
Tenth Senatorial District
Southern Alameda County
State Capitol
Sacramento, California 95814
(916)445-6671
TO: Interested parties
FROM: Ben Firschein, Senator Lockyer's Office
DATE: February 14, 1992
RE: BACKGROUND INFORMATION ON SB 1447 (LOCKYER, PRIVACY)
You should have received a copy of SB 1447 (Lockyer, Privacy) in the mail
recently. Senator Lockyer introduced the bill in an effort to address some
of the concerns raised at the privacy hearing on December 10, 1991.
This memorandum is intended to explain the intent of the various sections
of the bill, but it is not a committee analysis.
(A committee analysis will be forthcoming at a later date, when the bill
is set for a hearing). We welcome suggestions as to how to clarify the
language of the bill, or otherwise improve the bill.
SECTION 1: CITATION
The bill may be cited as the "Privacy Act of 1992"
SECTION 2: INFORMATION OBTAINED FROM DRIVER'S LICENSES
This section requires the written consent of a consumer for a business
entity to (1) sell information obtained from the consumer's driver's license
or (2) use such information to advertise goods or services.
The section is intended to cover instances where a consumer presents a
driver's license or identification card for identification purposes during a
business transaction. The section is not intended to prevent businesses from
using driver's license information for business record-keeping, or for other
purposes related to the transaction (i.e. authorizing a transaction).
The section is not intended to change existing law with respect to the
ability of businesses to obtain driver's license information from other
sources (such as DMV records).
The need for this section is heightened by the new "magstripe" drivers
license developed by the Department of Motor Vehicles. This license has a
magnetic stripe on the back which contains much of the information on the
front of the license. The stripe will enable a business entity to store
information contained on a driver's license simply by scanning the card
through a reader.
A publication by the Department of Motor Vehicles dated May 1991
("Department of Motor Vehicles Magnetic Stripe Drivers License/Identification
Card") states that "using point of sale (POS) readers and printers, the
business community can electronically record the DL [driver's license] /ID
number on receipts and business records." The publication notes that
"magnetic stripe readers are readily available, relatively low in cost, and
are already available in many retail outlets."
However, a merchant might access much more than the driver's license/ID
number; the publication notes that "readers have been produced, and market
available readers can be modified that will read the three tracks of
information contained on the California card." According to the publication,
the tracks contain information such as license type, name, address, sex,
hair-color, eye-color, height, weight, restrictions, issue date.
SECTION 3:
DEPRIVATION OF THE RIGHT TO PRIVACY OF EMPLOYEES OR PROSPECTIVE EMPLOYEES
This section provides that an employer shall be liable to an employee or
prospective employee for damages caused by subjecting an employee to
discipline or discharge or denying employment to a prospective employee, on
account of the exercise by that person of privacy rights guaranteed by the
California Constitution.
This section is modeled after Connecticut Labor Code Section 31-51q. The
Lockyer bill goes further than the Connecticut statute in that it applies to
prospective as well as current employees.
The bill would allow punitive damages and reasonable attorney's fees to be
awarded pursuant to Section 3 (page 3 lines 10-12).
The bill would specify that if the court decides that an action for
damages was brought by an employee or a prospective employee without
"substantial justification," the court may award costs and reasonable
attorney's fees to the employer (page 3, lines 12-15).
As with the Connecticut statute, an employee's cause of action would only
exist if the activity for which the employee was disciplined or discharged
did not "substantially interfere with the employee's bona fide job
performance or working relationship with the employer." (Page 3, lines 4-5).
POSSIBLE AMENDMENT: The language in the bill covering prospective
employees (page 3, lines 6-9) omits the "substantial interference" language
contained in the section covering existing employees. Perhaps the bill
should specify that a prospective employee lacks a cause of action if the
prospective employer has a compelling business interest in rejecting someone
because they engaged in certain acts (even though those acts were protected
by the constitutional right to privacy).
Such an amendment would be consistent with cases such SOROKA V. DAYTON
HUDSON CORPORATION, 91 Daily Journal D.A.R. 13204 (1st Appellate District).
The court in SOROKA found that a psychological screening test administered to
Target Store security officer applicants violated the applicants' state
constitutional right to privacy when it inquired about their religious
beliefs and sexual orientation, because there was no compelling need for the
test.
POSSIBLE AMENDMENT # 2: One of the participants in the privacy hearing
suggests language making it clear that the rights and remedies set forth in
the section are not exclusive and do not pre-empt or limit any other
available remedy.
POTENTIAL ARGUMENTS AGAINST THIS SECTION: Some may argue that in light of
cases such as Soroka, this statute is unnecessary, because these rights are
already set forth in existing case law.
They may also point out that the California Supreme Court held in WHITE V.
DAVIS that the right to privacy is self-executing, meaning that every
Californian has standing to sue directly under Article I, Section I of the
California Constitution for a privacy violation. WHITE V. DAVIS (1975) 13
Cal.3d 757, 775. Given that the right to privacy is self-executing, why is a
statute needed?
The answer is that case law is in a state of flux, and there is no
guarantee that future courts will construe Article I in such a liberal
fashion. Also, the bill is an improvement over existing case law in that it
specifically lists the types of damages that may be awarded, including
punitive damages, and reasonable attorney's fees.
SECTION 4. COMPUTER CRIMES
Jim Warren (one of the witnesses at the hearing) posted the Leg Counsel
draft of the bill on one of the networks and showed me some of the responses.
This section generated most of the comments, some of which were quite vocal.
First a word of caution to those uninitiated in the ways of the
Legislature: MOST OF THE LANGUAGE IN THIS SECTION IS EXISTING LAW. Our
proposed additions are contained in language that is in italics or
underlined. IF IT IS NOT IN ITALICS OR UNDERLINES, IT IS EXISTING LAW.
PROPOSED ADDITION #1 (page 7, line 25): Extend the existing computer crime
statute [Penal Code Section 502] to allow civil recovery by any injured party
against someone convicted under Section 502 of breaking into a computer. (The
existing law just allows recovery by the owner or lessee of a computer
system). For example, if someone is convicted under Section 502 of breaking
into TRW's computers and altering credit records, the existing statute would
allow TRW to recover against the hacker in a civil suit, but the statute
would not allow someone whose credit history was injured by the hacker to sue
the hacker under statute.
PROPOSED ADDITION #2 (page 7, lines 30-33): Extend Penal Code Section 502
to allow civil recovery against a convicted hacker for more than just the
cost of expenditures necessary to verify that a computer system was or was
not altered, damaged, or deleted by the access. The proposed language would
allow civil recovery for ALL CONSEQUENTIAL OR INCIDENTAL DAMAGES resulting
from the intrusion.
PROPOSED ADDITION #3 (page 7, lines 38-40 & page 8, lines 1-6): Create a
cause of action against those who "recklessly store or maintain data in a
manner which enables a person to commit acts leading to a felony conviction
under this section."
The section is intended to address the situation where someone stores
information (e.g. credit data) in a manner which easily allows unauthorized
access, and the person who is able to access the information as a result of
the lack of safeguards injures a third party (e.g. a creditor, or a person
whose credit history is altered).
The source of the section is the case of PEOPLE V. GENTRY 234 Cal.App.3d
131 (1991). In that case, a hacker figured out that if he queried the credit
databases of TRW, CBI, or Trans Union, about a nonexistent person, each
system would create a new file for that non-existent person. The non-
existent person would have an exemplary credit history, because there was no
negative credit information in the new file. The hacker in the GENTRY case
went into the business of rehabilitating people's credit history by having
them change their name, and then creating credit files on these "new" people.
The court stated in a footnote "we do not address the potential liability
to innocent third parties who might be harmed by this feature of the software
program. Although Gentry found a weakness in the program and exploited it,
responsibility should not rest solely with the felon. Credit reporting
companies should recognize that this flaw is needlessly risky and remedy it."
(GENTRY, page 135, footnote 3).
POTENTIAL CONCERNS: some people who have seen the bill worry that section
4 would apply to someone (e.g. a computer bulletin board operator) who stores
information on a computer about how to commit a crime (e.g. information about
how to break into a computer, or how to build a bomb)
The section is intended to be limited to reckless storage of data in a
manner which enables a person to commit acts LEADING TO A FELONY CONVICTION
UNDER SECTION 503 (not other types of criminal acts). "Reckless storage" is
intended to mean maintaining a system that lacks appropriate security
safeguards; it is not intended to include storing information about how to
commit crimes. Hopefully any potential ambiguities can be clarified through
amendments.
PROPOSED ADDITION #4: The bill requires the reporting to local law
enforcement of violations of the computer crime statute (Penal Code Section
503) within 60 days after such violations become known to the owner or lessee
of a computer system (page 8, lines 26-34). The bill states that "failure to
report a previous violation of this section to a local law enforcement
agency...may constitute evidence of [reckless storage of data]."
This is intended to ensure that people report such crimes to law
enforcement. There are anecdotal reports that some of these crimes are not
being reported because people are concerned about bad publicity resulting
from reports that their systems were broken into.
POSSIBLE AMENDMENT: it has been suggested that the reporting requirement
be limited to certain types of systems, or to a certain level of monetary
loss. Objections have been raised that the bill would apply equally to
someone who operates a home computer and to a business that operates a large
mainframe. One could argue that the reporting requirement is more essential
where a computer owner has a fiduciary or quasi-fiduciary duty to the people
whose records are stored on the system (e.g. accounting or credit records).
An accountant's or a credit company's failure to report a computer break-in
is more serious than a computer game bulletin board operator's failure to
report a break in.
One possible objection to restricting the reporting requirement to a
certain level of financial loss is that financial loss is hard to quantify.
However, Section 503 already uses amount of financial loss to determine
the type of criminal penalty to apply, so one could argue that amount of
monetary loss could similarly be used as an indication of the need to
report.
SECTION 5. AUTOMATIC VEHICLE IDENTIFICATION SYSTEMS
Existing law directs Caltrans to develop specifications for automatic
vehicle tracking systems for toll facilities, such as those on bridges
(Streets and Highways Code 27565). People will soon be able have a device
installed in their car which allows them to drive through a toll facility
without stopping. The device will send a signal to a computer, which will
keep track of their use of the facility. At the end of the month, they will
get a bill. Presumably there will continue to be booths that people can drive
through and pay cash.
At the December 10 privacy hearing, concern was expressed that the device
offers potential for abuse. For example, if you know a particular vehicle is
driving through the facility, why not program the system to:
1. Stop all people with outstanding warrants
2. Stop all people who have not paid their vehicle registration
3. Compile lists of all people who drove through the facility during a
given month and sell the lists to the private sector.
One could argue that uses 1 and 2 are legitimate uses of this technology,
because people who have broken the law should expect to come into contact
with the police when they drive on public roads and highways. But one could
also argue that people have an expectation of privacy when they drive and are
not breaking the law at the time they are stopped (e.g. they are not
speeding, driving under the influence, or otherwise doing anything to attract
the attention of the police).
Use # 3 is harder to justify. Why should people have to reveal their
personal lives to the private sector in order to use a device that will speed
up their commute?
WHAT THE BILL DOES: The bill allows people the option of prepaying their
tolls, and then using the facility anonymously. People would continue to have
the option of being billed, rather than prepaying tolls.
Under the bill, people who prepaid their tolls would be given an
identification number unrelated to the vehicle owner's name, address, social
security number, or driver's license number, or the vehicle's license number,
vehicle identification number, or registration (page 10, lines 34-40). When
they drive through the facility, the facility would look at their account,
and let them through if there was still money in the account.
The bill provides that once a numbered account has been established,
neither Caltrans nor a private facility shall keep any record of the vehicle
owner's name, address, social security number, or driver's license number, or
the vehicle's license number, vehicle identification number, or registration
(Page 11, lines 1-7).
The user could make additional prepayments under the bill by specifying
the account number and furnishing payment (Page 11, lines 8-10).
[[**** END OF MR. FIRSCHEIN'S BACKGROUNDER ON SB 1447 OF FEB. 14, 1992 ****]]
==================================
[[**** Both of these documents were edited by word-processor, rather than
by retyping most of the text. I believe it is faithful to the original.
Any errors are mine; not those of Mr. Firschein nor Sen. Lockyer.
--Jim Warren ****]]
------------------------------
End of Computer Underground Digest #4.08
************************************
Computer underground Digest Fri, Feb 28, 1992 Volume 4 : Issue 09
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Associate Editor: Etaion Shrdlu
CONTENTS, #4.09 (Feb 28, 1992)
File 1: Message related to craig's problem (RE to CuD 4.08)
File 2: Legal Costs, Attys, and why $60 doesn't go far
File 3: Response to Craig Neidorf's Legal Expenditures
File 4: TV station and BBS registration
File 5: Review of INTERTEK MAGAZINE (Newsbytes Reprint)
File 6: Bury Usenet (Intertek Reprint)
File 7: Mitch Kapor Response to "Bury Usenet" (Intertek Reprint)
File 8: A Comment on Amateur Action BBS
File 9: 'Michelangelo' Scare (Washington Post abstract)
Issues of CuD can be found in the Usenet alt.society.cu-digest news
group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG,
and DL0 and DL12 of TELECOM, on Genie, on the PC-EXEC BBS at (414)
789-4210, and by anonymous ftp from ftp.cs.widener.edu (147.31.254.132),
chsun1.spc.uchicago.edu, and ftp.ee.mu.oz.au. To use the U. of
Chicago email server, send mail with the subject "help" (without the
quotes) to archive-server@chsun1.spc.uchicago.edu.
NOTE: THE WIDENER SITE IS TEMPORARILY RE-ORGANIZING AND IS CURRENTLY
DIFFICULT TO ACCESS. FTP-ERS SHOULD USE THE ALTERNATE FTP SITES UNTIL
FURTHER NOTICE.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to the
Computer Underground. Articles are preferred to short responses.
Please avoid quoting previous posts unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Mon, 17 Feb 92 22:25:07 -0500
From: an288@CLEVELAND.FREENET.EDU(Mark Hittinger)
Subject: File 1--Message related to craig's problem (RE to CuD 4.08)
A poster in CuD 4.08 wrote:
>Craig needs our help in defraying the costs of a battle from which we
>all benefited. Even $5 would help. Just a 29 cent stamp and a $5
>check.
Mine is on its way. Thanks to the CuD guys for making us aware of
this. Those of us that can (and would) help can't unless we are made
aware of the need. Many of us are older and draw good incomes from
the cyberchaos. Lets not call it cyberspace yet!
Debates over issues and principles are fine but they need to occur
after the practical matters of life are dealt with. In our less than
ideal world we still need to get the rent paid (and even the lawyers'
fees *DAMN*). I have been somewhat disillusioned by the activities of
various new frontier organizations. Lets fix the practical matters
first in real time and then debate the principles later in virtual
time.
> ... Ironically, if the
>principle of honor were not so important, Craig arguably would have
>been better off to plead guilty rather than defend his honor. It would
>have saved him time, money, and bother. When the costs of pleading
>guilty to crimes of which one is innocent becomes the best way of
>avoiding devastating consequences, we cannot agree that the system
>"works."
Lets not forget than Len Rose caved in and took the plea bargain
route. We can argue about what he did or didn't do, but he still
needs to get his rent paid, feed his kids, and rebuild his life when
he gets out (soon).
I'm sure that there will be similar needs in the upcoming cases that
have been discussed in recent CuD articles. I wish that it was as
easy to send a $5 check as it is to argue - but I know that it is not.
------------------------------
Date: Thu, 20 Feb 1992 11:25:31 -0500
From: Craig Neidorf <knight@EFF.ORG>
Subject: File 2--Legal Costs, Attys, and why $60 doesn't go far
The readers should remember that my case was one of first instance.
In most court cases, the law or precedent is much more clear and
understood. Usually cases that go to court deal a lot with
determining the facts instead of determining the law.
Katten, Muchin, & Zavis bills Sheldon Zenner's time at $210/hour. In
addition to Zenner, they had Ken Kliebard (an associate) and two law
students working on my case over a 7 month period.
There were multiple court appearances including two arraignments and
the submission of all sorts of motions (for discovery, for release of
beneficial evidence, for all sorts of things).
There were all sorts of meetings -- with the government and with our
witnesses. There were flights to Atlanta to have meetings with Robert
Riggs and to St. Louis to meet with me (for a while I was not allowed
to leave the State other than for court appearances). There was a lot
of time spent in finding experts, interviewing them, and then learning
from what they had to say.
There was a vast abundance of evidence that had to be read, cataloged,
and understood (stacks of email printouts, Phrack issues, other
similar publications, and magazines about the telephone industry). My
attorneys had to learn about computers and Unix systems).
The fact that they first indicted me on one set of charges and then
turned around and re-indicted me on another set of charges added a lot
more time and money to my expenses. Every item of evidence that the
government photocopied for us cost tons of money (since they bill
photocopies at a very high rate (like $.15 per copy) and there were
thousands of pages.
The main problem was that the government had brought me up on charges
that had never been used before in a computer case like this one.
That meant there had to be a lot more research than perhaps would have
been ordinarily needed.
Finally there was the actual five full days of trial. This does not
imply the hours of 9 to 5, it was more like 5 am to 11pm. Hours like
these were not uncommon for Zenner during the entire 7 month period.
The bottom line here is that I am a bit outraged by the questions
posed by Mr. Moore of where the money was spent. I happen to know
that certain steps were taken to keep my bill a lot lower than it
might have been. I have learned for example that by referring a lot
of the work to the summer associates, KMZ was able to bill those hours
at a considerably lower rate. Furthermore, experts like John Nagle
and Dorothy Denning refused to accept payment for their testimony.
Ordinarially, expert witnesses like them would receive several
thousand dollars each + expenses in return for their testimony.
Don't you think my family and I scrutinized the bill ourselves to find
some errors that would bring the total down?
Finally, I feel that I received the absolute finest representation and
counseling from Sheldon Zenner. The legal expenses were checked and
re-checked by us and by him. I consider him a true friend and I trust
him without any hesitation or doubts whatsoever.
I'd rather checks be sent to Zenner because:
A. I don't want the money being sent to my name because I don't want a
stream of deposits in my bank accounts to irk IRS or anybody else.
B. I'd rather not net-broadcast my home address.
C. I tend to move around a lot since I live in rented housing and the
US Post Office is not the greatest at forwarding mail. The KMZ
address is the most reliable.
Mr. Moore writes that "The high price of legal help is arguably as
much of the problem as the reckless disregard for law and due process
demonstrated by the government." I don't disagree, but don't make me
responsible for the flaws in the system. Letters like yours victimize
me all over again.
Craig Neidorf
ps- The net total of donations based on my most recent public notice
stands at $60. $10 from one person, $20 from one person, and $30 from
one person. All of whom were people I generally knew before and were
not really among the 26,000 readers of CUD. People talk a good game,
but the money is not where their mouths are. The grand total of
donations received overall since day one (and excluding Kapor)
doesn't even hit the $1,000 mark.
------------------------------
Date: Mon, 24 Feb 1992 16:47:38 -0500
From: Mike Godwin <mnemonic@EFF.ORG>
Subject: File 3--Response to Craig Neidorf's Legal Expenditures
In article <1992Feb21.083926.16788@chinacat.unicom.com> Keith Moore
writes:
>I have read repeated pleas on various networked discussion groups for
>readers to help defray Craig's legal expenses. While I sympathize
>with his position and am in fact willing to help, I'm sure many of the
>readers would like to know what all of that money was spent for. I
>want to help Craig, but I don't like the idea of giving over money to
>lawyers. The high price of legal help is arguably as much of the
>problem as the reckless disregard for law and due process demonstrated
>by the government.
Most of the cost of Craig's defense is attributed to preparation for
trial. This means researching the law relevant to the charges,
understanding the evidence, and finding out what the government's
witnesses are likely to say as well as preparing your own witnesses.
I cannot dispute that legal help is costly. But it seems to me that a
failure to help Craig because legal help is costly promotes any
lowering of the cost of legal help. It does, however, increase the
personal burden on Craig.
It is a fact that when one sets out to fight the federal government in
court, legal expenses tend to skyrocket. But this is not Craig's
fault.
>Also, why are we asked to send money directly to the law firm that
>defended Craig, and not to Craig himself?
Because that's where the money is owed. If the money were solicited
for Craig himself, countless net.critics would be calling it a scam on
Craig's part, and they'd be demanding guarantees that the money go to
his legal bills. One of the things that becomes apparent when you
spend enough time on the Net is that some people will be critical of
you no matter what you do.
>Perhaps the computer underground, realizing how
>much we are at the mercy of both lawyers and the government, would
>find it in its interest to act to curtail their powers.
It is certainly in everybody's interest to lower the cost of legal
representation. It is unclear to me how failing to help Craig Neidorf
does this. Do you really suppose that defense lawyers will watch Craig
go bankrupt and conclude "Ah, well, guess we set our fees too high"?
Isn't it asking a lot of Craig that he go bankrupt in order to
articulate your criticism of the legal system?
I believe there are plenty of reasons to be critical of the system,
but it seems heartless to me to ask Craig to bear the burden while we
sit back and pontificate about it. That's why I contributed money to
Craig's legal expenses, and I hope you do too.
------------------------------
Date: Thu, 30 Jan 92 3:32:05 CST
From: bei@DOGFACE.AUSTIN.TX.US(Bob Izenberg)
Subject: File 4--TV station and BBS registration
Here's something that you might find interesting... from
misc.legal.computing. I've enclosed (most of) my reply to the
article's author.
Bob
[ start ]
A local television reporter did a report on the 10pm news about
teenagers getting access to adult .gif files on computer bulletin
boards.
He explains how many sites with adult gifs require proof-of-age (e.g.,
copies of driver's license) for registration, but some merely print a
"you must be over 21 to register" message before on-line registration.
No problem, except he then claims you can lie and still become
registered -- which he proceeds to do on camera.
Isn't this a violation of Federal law regarding computer access? The
sysop of the BBS clearly requested identifying information, as is his
right before granting system access, which the reporter deliberately
refused to provide yet accepted system access?
This TV station is getting a bad reputation for overzealous reporters--
a few years ago one star reporter actually paid for pit-bull fights
that she subsequently reported on. She was ultimately fired from the
station and charged with a felony.
I don't expect things to go this far in this situation -- but neither
do I want to sit by as the TV station implies it's okay to lie during
on-line registration for BBSes.
Any comments or suggestions?
BTW, the reporter was Jim Benemann of KCNC in Denver. I can post the
Station Manager's name if other people wish to contact the station.
Bear Giles
bear@fsl.noaa.gov
[ and my reply: ]
>To: bear@spike.ucar.edu
>Subject: Re: Stupid TV reporter tricks
In article <15091@ncar.ucar.edu> you write:
>Any comments or suggestions?
Work with the station on producing an editorial. Ask them what
criteria they use to authenticate news sources, and what their policy
is on providing air time to an individual who is immediately or
eventually proven to have faked their identity. Mention that access
rules for on-line systems, large or small, are often more strict than
those legally required of adult magazines: A signed statement that
you're over a certain age. The system's owner was complying with a
tradition of law that applies to similar adult-oriented media. The
question of whether the reporter's misrepresentation of their
identity, which treads close to the phone company's definition of
fraud, was justified is one that the station's news management is
invited to discuss publicly. After all, they were presented with a
policy for authentication that matches legal proof employed by related
media, and they bypassed it. If the station's position is that people
must be honest for a system of age-oriented access restriction to
work, they're right. If the station insists on providing a clear
example of how to defeat the owner's intent to comply with the law, it
is hardly the system owner that is in the wrong. Take the editorial
to competing stations if you need to. Of course, this is a lot of
swimming upstream for people to do, and there may be a better way that
I haven't thought of... In any case, I'm interested in hearing what,
if anything, comes of this.
------------------------------
From: John F. McMullen (mcmullen@well.sf.ca.us)
Date: Mon, 17 Feb 1992 10:39:11 PST
Subject: File 5--Review of INTERTEK MAGAZINE (Newsbytes Reprint)
REVIEW OF: Intertek
From: Intertek, 325 Elwood Beach #3, Goleta, CA 93117; Telephone:
805 685-6557; Online - steve@cs.ucsb.edu
Price: Current issue (Volume 3.3) ---- $4.00; Back issues (Volumes
3.1 & 3.2) - $5.00 ea; Subscription (4 issues) - $14,00
PUMA Rating 3.6 on a scale 1=lowest to 4=highest
Reviewed by Newsbytes by Barbara E. McMullen & John F. McMullen
Summary: Intertek is a semi-annual magazine that explores the social,
legal, ethical and technological issues confronting those in the on-line
community..
======
REVIEW
======
Intertek is a surprisingly professional semi-annual glossy magazine
dealing with issues relating to telecommunications, computer crime
and first amendment concerns. We say "surprisingly professional"
because the editor and publisher, Steve Steinberg, is still an
undergraduate at the University of California, Santa Barbara. The
current issue, Volume 3.3 - Winter 1992, is, in our judgement, of a
quality that one would expect to find in a more commercial
publication.
While the publication has developed a following among those lucky
enough to know of its existence (generally those who have already
been actively interested in the issues dealt with by Intertek), it
does not have the widespread newsstand distribution that it deserves
--although Steinberg informed us that it is distributed in Europe and
should be appearing domestically in Tower Books locations. The only
way, however, at this time to be sure of obtaining a copy is to
subscribe ($14 for 2 years - 4 issues).
After reading every available Intertek (Volumes 3.1, 3.2, & 3.3), we
think that Steinberg has hit on a extremely good pattern in his
production of the publication:
- each issue is narrowly focused on a specific topic (3.1 - "The Hacker
Issue"; 3.2 - "The Ethics Issue"; 3.3 - "Virtual Communities").
- Steinberg has attracted a well-known group of experts who also have
a fine command of language and style top either write specifically
for Intertek or to allow republication of previously material that is
germane to the topic under discussion. The three issues mentioned
include pieces by (or interviews with) John Perry Barlow, Bruce
Sterling, Brenda Laurel, Mitch Kapor, Peter Denning, Katie Hafner,
John Quarterman, Gail Thackeray, John Markoff, and Gordon Meyer. Each
of these writers bring a perspective to the topic that is both well
thought out and well presented.
- Steinberg himself writes well. He is also skillful enough as an
editor to put together pieces on provocative topics with responses
from knowledgeable individuals on the same topic -- a superior
method in our judgement than publishing the piece in one issue and
the responses in subsequent one, particular when speaking of a
semi-annual publication. An example of this technique is found in
the current issue where Steinberg has written a piece entitled "Bury
Usenet" and packaged it with responses from Mitch Kapor, Electronic
Frontier Foundation co-founder; John S. Quarterman, author of The
Matrix (Digital Press) and publisher of the Matrix News; Peter J.
Denning, computer science chair at George Mason University and
former president of the ACM; and Bruce Sterling, journalist author.
Other articles in the Winter 1992 issue include "Electropolis:
Communication and Community on Internet Relay Chat" by Elizabeth
M. Reid; "Social Organization of the Computer Underground" by
Gordon R. Meyer; "Real World Kerberos: Authentication and Privacy
on a Physically Insecure Network"; and "Mudding: Social Phenomena
in Text-Based Virtual Realities" by Pavel Curtis.
There is also a 3 page section entitled "Newsflash" that does, despite
the difficulties of providing real news in a semi-annual publication,
contain some interesting items that we had not seen elsewhere.
The centerfold of the publication presents a snapshot of both stock
prices in the technology industries and prices of hardware, new and
used. Although the information is dated (almost 2 months old when
we got it), it is presented nicely with graphs and charts and is
accompanied by a short piece by New York Times technology writer
John Markoff. While this two-page section presents nothing that is
really new, Markoff's piece is well-done, the display is attractive and
there are certainly worse things that can be put in a centerfold.
If you have any interest in acquiring a greater understanding of the
issues surrounding global telecommunications (and, in our
judgement, everyone should have such interest - particularly
Newsbytes readers!), Intertek is worth your investment. It is lively,
informative, and well-written. In short, buy the magazine!
============
PUMA RATINGS
============
PERFORMANCE/PRICE: 4. Intertek sets out to fill a niche not found in
other publications relating to on-line life. Not as folksy as Boardwatch or
as "techie" as 2600, Intertek deals with issues normally only discussed at
conferences like CFP-1 or on an on-line service such as the WELL. In our
judgement, it fulfills its mission well. At $14, for people with these
interests, it's a bargain.
USEFULNESS: 4. In an informal survey that we did with a number of
readers, the only complaints that we heard were that it should have more
pages or come out more often. That seems to be heady praise from a
demanding group.
MANUAL: N/A
AVAILABILITY: 3. Tough to get if you don't subscribe. You won't find
Intertek in your local B. Dalton or Walden sitting next to Computer
Shopper or Byte. Although the problem is easy to solve by subscribing,
many won't because they haven't actually seen a copy .. and they'll be
missing out on a good thing.
(Barbara E. McMullen & John F. McMullen/19920218)
------------------------------
Date: Sat, 15 Feb 92 17:33:29 PST
From: G.Steinberg <steve@CS.UCSB.EDU>
Subject: File 6--Bury Usenet (Intertek Reprint)
(Reprinted from _Intertek_, Winter (Vol 3.3), Winter, 1992. Pp 1-3.)
Bury USENET by Steve Steinberg
The concept of USENET, a global electronic bulletin board on which any
person can post messages on topics ranging from nanotechnology to
weightlifting and reach other interested people, sounds terrific. It
seems like a step towards the magical future which we are all brought
up to believe is right around the corner; the future of Hugo Gernsback
in which the entire bustling globe is united in productivity and
prosperity. But, just as genetic engineering and nuclear power have
turned out to cause more problems than they solve, we now see that
USENET improves productivity and our quality of life about as much as
TV does. True, there are thousands of people who enjoy reading
USENET, just as there are millions who enjoy watching TV; however this
is not proof of the quaility of the medium but instead is indicative
of the lack of alternatives. It is therefore important to understand
why USENET fails as a medium so that we can avoid further blunders in
this direction.
The three general uses that a medium such as USENET should facilitate
are: directed information seeking, browsing, and collaboration.
Directed information seeking is when someone is trying to find out a
specific piece of information. Browsing is an exploratory
information-seeking strategy that is used when the problem is
ill-defined or when the user simply wants to become more familiar with
an area of knowledge. Lastly, collaboration, for the purposes of this
paper, refers to a group of people sharing what they know and posing
questions to each other about a particular subject so as to increase
the knowledge and ability of everyone involved.
USENET fails at all of these uses, and we can lump the reasons for the
failures into three main categories: USENET's asynchronous nature, its
small bandwidth, and the large amount of noise.
By asynchronous nature I simply mean that communications on USENET is
not in real time as it is with a telephone but instead is more like
conventional mail. Being asynchronous is not a problem with mail
because we communicate with relatively few people, so there are only a
small number of letters we need to remember and keep track of.
However, when we read hundreds of different messages by different
people on different subjects, we quickly get lost and forget what the
status is of all the various topic threads. A technique people use on
USENET to minimize the drawbacks of asynchronous communications is to
begin each message with the relevant portion of the message to which
they are replying. This repetition helps to some degree however each
message will still only contain some subset of the previous messages
(depending on which earlier messages caught the current writer's
attention) and so does not give a complete picture of what has been
determined on a particular topic. The asynchronous nature of USENET
makes collaboration very difficult. A topic will often start with a
question and then receive several messages in reply, each of which in
turn will spawn several replies. The topic will then quickly
degenerate into discussions of trivial points and multiple digressions
leaving the poster of the original question, and other readers, more
confused than helped. It is the sheer size of USENET, where a topic
thread can last for thousands of messages and many months, that makes
this problem so intractable.
In these post-MTV proto-multimedia days the idea of people writing to
each other seems almost quaint. Indeed one often hears professional
writers lament that the death of writing has occurred now that the
telephone has supplanted the letter. Hence, it might seem at first
blush that USENET is a good thing and will cause the rebirth of the
written letter. Unfortunately, as someone who has waded through tens
of thousands of USENET messages, I can say with some certitude that
this rebirth has not occurred, nor does it appear likely. To write
clearly and concisely requires skill as well as time. Because most
people lack one or the other of these requirements, messages posted to
USENET are usually confusingly worded, difficult to read, and prone to
misinterpretation. This is what I was referring to when I said in the
beginning that one of the fundamental problems with USENET is its
small bandwidth. When we express our feelings on a subject or explain
a detailed technical matter, we usually use many cues and tools in
order to make ourselves understood. These include tone of voice, body
language, and pictures or diagrams. When we try instead to compress
our thoughts into 80-column ASCII, we leave behind many of the
nuances. This makes any use of USENET--whether it be searching or
collaborating--difficult since we often do not understand what a
message is really trying to say.
One solution to the problem of small bandwidth that seems likely to
catch on in a big way soon (it already has to some degree) is to allow
graphics to be viewed over USENET. This would allow a user to include
a drawn or digitized picture inside the message he or she posts.
Multimedia messages seem like a good idea, and you can easily imagine
the good uses possible such as diagrams to clearly indicate how
something works. However, I have no doubts, based on how people have
used USENET so far, that the main results would be an outbreak of
pornography and a rash of garish signatures.
Reading USENET is like drinking from a firehose, you'll get very wet
but you probably will still be thirsty. The problem is that there are
thousands of messages posted each day, but only a few of these will be
of interest to any one reader. Searching through this haystack of
messages is a tedious and laborious task with no sure method of
success. Many people end up spending (some would say wasting) several
hours a day reading USENET in order to find the few items of interest
and importance to them. What further complicates the task of searching
for information, making it near impossible as well as unpleasant, is
the huge amount of noise -- lengthy messages which say nothing useful,
messages that are personal attacks on someone, and messages that are
plain wrong.
Anyone with access to a UNIX machine that has a USENET feed can post a
message on any subject, no matter how unqualified the author may be.
The result is usually chaotic and unenlightening. Even when the poster
is humble enough to prefix his or her message with "I'm no lawyer
/scientist /doctor but...", a clear signal that we may save time and
skip this message, we only continue on to ten more messages by other
unqualified people berating the first poster for inaccuracies. The
dichotomy which is being exposed here is between a medium which
informs and a medium for general discussion. If we think USENET should
be the former, then there is no place for messages by unqualified
people. If USENET should be for discussion, then indeed anyone should
be allowed to offer their opinion. Unfortunately USENET isn't very
good at this either due to the phenomena known as "flaming" in which
users attack other persons' views far more quickly and violently than
would occur with any other medium. Because users are safely hidden
behind their terminal, and can not see who they are talking to,
standard social customs concerning conversation do not seem to apply.
The result is that even the most innocent comment can provoke typed
vitriol from someone who feels offended. Flaming is undoubtedly the
most virulent form of noise, and there is nothing more unpleasant than
having to wade through messages of infantile bickering. So, although
USENET tries to be both a medium for informing as well as discussion,
it succeeds at neither.
The concept of a moderated newsgroup is a simple solution to the noise
problem, but it leads to a problem of a different kind. In a
moderated newsgroup a user sends messages to the person in charge of
the newsgroup, and this moderator then picks only the messages he or
she feels are relevant. Sometimes this works well as in the often
cited example of Peter Neumann's RISK digest. However, there is the
insidious danger of moderator bias. The specter of this problem has
risen in conjunction with the TELECOM digest which is moderated by the
rather opinionated Patrick Townsend. Whether Townsend actually censors
messages he disagrees with is not important. The perception--and the
possibility--are there.
To summarize, USENET's asynchronous nature makes collaboration
difficult, its small bandwidth makes messages difficult to understand
and easy to misinterpret, and the high amount of noise makes searching
for interesting messages time consuming and unpleasant.
I wish I could end by presenting five easy steps to improve USENET.
Unfortunately, the only ones which seem feasible, such as news readers
which use artificial intelligence techniques to filter out noise, are
merely stopgap measures which do not address all of the fundamental
problems. Before we can fix USENET we must first understand how we
learn and how groups work together. Until this has been determined our
tools are as likely to hinder our productivity as they are to help us.
As has been amply demonstrated by television over the last fifty
years, some mediums, no matter how much of a good idea they may seem,
just don't work. I hope we quickly learn to see USENET as a noble but
failed experiment so that we can research other directions in order to
find new mediums that really do enhance our communications and our
quality of life.
------------------------------
Date: Sat, 15 Feb 92 17:33:29 PST
From: Mitch Kapor <mkapor@well.sf.ca.us>
Subject: File 7--Mitch Kapor Response to "Bury Usenet" (Intertek Reprint)
Somewhere between the intimacy of island universe conferencing systems
like the WELL (an electronic bulletin board in California) and the
anarchic ocean of USENET lies the future of computer conferencing.
USENET's problems are legion and unlikely to go away. What may succeed
are new generations of software and conferencing systems built upon
the lessons and experience, both positive and negative, of a
multiplicity of existing systems.
The WELL works much better than USENET as a source of informed
discourse for several reasons:
o It's hosted on a single system, avoiding the lag of distributed
systems.
o People pay to be there. This weeds out the single largest source
of noise.
o Conferences are all hosted, which acts as a loose control
mechanism.
o The management of the system realizes it's running a digital
gathering place.
The WELL has problems too. It's insular, its user interface is nothing
to be proud of and its telecommunications access cost is excessive if
you don't live in the Bay Area.
If these problems were addressed, there's no reason in principle why
the example of the WELL couldn't be more widely applied. It wouldn't
be USENET, but maybe that's OK.
I envision a system which is on the Internet and thus reachable from
anywhere on the Internet, a system which has a graphical user
interface (in addition to whatever the hardcore users want), whose
conferences are hosted, and which charges a nominal--say a dollar an
hour--usage charge. This software may have many separate
instantiations, in different locations, serving different needs and
interests.
In fact, this is a brief sketch of a design idea for a development
project we hope to begin within the Electronic Frontier Foundation
(EFF) in 1992.
Mitch Kapor
EFF co-founder
------------------------------
Date: Mon, 24 Feb 1992 11:31:22 PST
From: Ann O'Nonymous <baybridg@vesuvios.edu>
Subject: File 8--A Comment on Amateur Action BBS
Bob Thomas has been having trouble with his kids. They are
experiencing emotional and behavior problems they've never had before.
The police officers they had learned in school to trust came to their
house one morning and unceremoniously took away their computer. The
police were rude. They offered no explanation for why they took the
kids' games and schoolwork. The half-dozen plain-clothes cops were not
related to Officer Friendly, and the children were confused,
frightened, and hurt. These police weren't THEIR friends!
So was Bob Thomas. He ran AMATEUR ACTION BBS in San Jose, Calif.,
which specialized in adult gif files. Local police (no federal agents)
burst in at 7:30 a.m. on Monday, January 20 with a search warrant
alleging grand theft, trafficking in obscene material, and child
pornography. Bob doesn't recall if the officers had their guns drawn.
The affidavit supporting the warrant is sealed, so the justification
for the raid may never be known. Bob was stunned by the accusations,
and he and his family watched in horror as the police carted away his
486, three 386s, videos, and all the tools he needed to run his two
electronics businesses and BBS business. The police also took all
hardcopy business records and other materials.
The raid resulted in seizure of over $30,000 worth of equipment. Bob
estimated that he also lost over $15,000 in lost business revenue and
legal fees. He also missed a major trade show. His children lost
their innocence. Society lost another round in the battle to maintain
a semblance of civil liberties in cyberspace.
Bob's attorney communicated with EFF and the officers were made aware
of federal and other laws relating to seizure. No charges have been
filed, and there is no indication that any will be. When I spoke with
Bob on February 24, he was expecting the return of most, hopefully
all, of the equipment by that evening, or within a day or two. He has
no explanation for why the police raided him, but suspected it might
be connected to the problems of America Online, which faced a similar
investigation.
Amateur Action (408-263-3393) specialized in adult gif files (over
4,600) using amateur rather than commercial models. Bob also used it
to distribute adult videos. There were no action or other files. It
was simply an adult BBS with a modest message base. Bob has
established a reputation for aggressively attempting to keep children
off his adult BBS, and we have neither heard nor seen any evidence
that his board contained child pornography. The different levels of
access cost from $29 to $69 a year.
Amateur Action is back up, running Wildcat. The $69 annual rate will
earn you a meg-a-day download privilege with no upload obligation.
A Visa/Mastercard sub gives immediate access.
Unless evidence appears to the contrary, this is another instance of
police mishandling a seizure, confiscating first and asking questions
later, and not being quite sure of what they're doing. What do Steve
Jackson, Bob Thomas, and deja vous have in common?
------------------------------
Date: Tue, 18 Feb 92 15:36:33 EST
From: "garbled header" <eaten.by.our@program>
Subject: File 9--'Michelangelo' Scare (Washington Post abstract)
"'Michelangelo' Scare Stirs Fears About Computer Viruses"
Author: John Burgess
Source: Washington Post, Feb 17, 1992, p. A1
A new and unusually destructive type of computer "virus" -- a
software program that enters a computer surreptitiously and destroys
data there en masse -- has reignited concern over these electronic
saboteurs.
Security experts have dubbed the virus "Michelangelo," because after
entering a computer it lies dormant until March 6, the Italian
Renaissance artist's birthday. Then it springs to life and wipes out
data stored on the computer's memory disk.
In November, a copy of Michelangelo turned up at the Gaithersburg
offices of the National Institute of Standards and Technology, hiding
on the data disk of a computer that had been returned after being on
loan to another federal agency.
Using special software, institute technicians found the virus and
removed it after receiving a tip from the other agency. That agency
had found the virus on its computers and warned the institute to
make sure its computers hadn't been infected too.
Michelangelo got national attention last month after Leading Edge
Products Inc., a manufacturer of personal computers compatible with
those of International Business Machines Corp., confirmed that it had
shipped about 500 machines that contained the virus. The manufacturer
sent customers special software designed to neutralize it.
Because the triggering date lies in the future, no one is known to
have lost data due to the virus, which was created by an unknown
programmer and has spread from computer to computer through the
exchange of infected floppy disks.
But security experts, using special software that scans computer
disks to detect viruses, have been finding copies of Michelangelo
since last summer and removing them before they activate.
It remains unclear whether large numbers of computers contain
undetected copies of the virus, though estimates of millions of
machines have been published in the news media. Michelangelo affects
only IBM-compatible personal computers, but there are about 60
million of these in existence.
Past scares about viruses often have proven to be overblown. But due
to Michelangelo's unusually destructive nature, as well as the
potential presence of other viruses, some computer experts are
suggesting that personal computer users take no chances over getting
caught by a virus.
"When it hits, it's dramatic," said Lance Hoffman, a professor of
computer science at George Washington University.
Computer users can protect themselves by making additional electronic
copies of information they cannot afford to lose, by reducing the
exchange of floppy disks and the transmission of software over phone
lines, and by obtaining special software that detects viruses.
Viruses are a surprise byproduct of the computer age. Complex sets
of computer instructions, they are usually written by anonymous
programmers as pranks, or in the case of Michelangelo, in a deliberate
effort to destroy the information of people the programmer has never
met.
Fighting the virus writers is a coalition of software companies,
academics, researchers and users of personal computers. The two play
a constant cat-and-mouse game -- virus writers sometimes send their
creations to the experts as a challenge.
If an infected floppy disk is put into a computer, the virus orders
the machine to copy it onto any other disk that the computer
contains, generally without the operator knowing that this is taking
place. Or a virus may enter a computer when its operator receives
infected software programs from a computer "bulletin board" reached
by phone.
Many viruses are considered benign, doing little more than flashing
whimsical messages on the screen or playing a tune. But others, like
Michelangelo, are engineered to seek out stored data and destroy it,
sometimes on a specific date.
That can be devastating. Companies might lose all of their account
records, for instance, or an author using a home computer might lose
the entire manuscript of a novel.
To dissect Michelangelo and find out how it works, security experts
have deliberately introduced the virus into test computers and
advanced their internal clocks to March 6 to trigger the virus.
Michelangelo-infected machines that are not functioning on March 6
will not activate the virus, according to experts. By the same
token, the virus can be kept dormant by shifting the clock on the
machine so that it never reads March 6.
Computer experts agree that getting hit by a virus -- more than
1,000 types have been identified over the years -- can be devastating
as society progressively puts more and more reliance on computers.
But there is continuing debate as to how prevalent the programs really
are.
"I'm finding virus catastrophes everywhere," said Martin Tibor, a
data recovery consultant in San Rafael, Calif., whose repeated calls
to the media after the Leading Edge incident helped publicize
Michelangelo. "These things are replicating like crazy."
David Stang, director of research at the National Computer Security
Association, offers a more conservative assessment. While stressing
the danger of viruses, he puts the probability of a virus residing in
a given computer at a large company at about 1 in 1,000.
Michelangelo constitutes a tiny fraction of those viruses, he said.
The National Institute of Standards and Technology has 5,000 personal
computers and has detected about one to three viruses a month since
last summer.
In contrast, Total Control Inc., an Alexandria computer security
firm, said that about 70 percent of the 300 personal computers at one
unnamed federal agency have been found to have Michelangelo.
San Jose research firm Dataquest Inc. surveyed 600 large U.S.
companies late last year and found that 63 percent had found a virus
on at least one company computer. However, it noted that these
companies often operated hundreds of computers.
Antiviral software has created a thriving new niche for the personal
computer software industry. Such products can be purchased in
software stores or obtained for free or at a nominal cost through
on-line computer networks.
Antiviral software is not foolproof, however. "You can't write a
generic program that detects every virus, " said Hoffman, noting that
new strains are always appearing.
Some computer users suggest that the antiviral software companies
want to stoke fear to build a market for their products.
Consultant Tibor conceded that the calls he made to the media about
Michelangelo were in part motivated by hopes of bringing business his
way -- it in fact brought in only one client, he said. But his main
motivation, Tibor said, was to get the word out about a serious
computer danger.
"I see the victims of viruses all the time," he said. He calls viruses
"the digital equivalent of germ warfare."�
------------------------------
------------------------------
End of Computer Underground Digest #4.09
************************************
Computer underground Digest Fri, Mar 6, 1992 Volume 4 : Issue 10
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Associate Editor: Etaion Shrdlu
CONTENTS, #4.10 (Mar 6, 1992)
File 1--Re: "Bury Usenet" (CuD 4.09)
File 2--Re: "Bury Usenet" - Opinionated, and Proud of It
File 3--Reply to: Opinionated, and Proud of It
File 4--Apology to Craig Neidorf
File 5--Re: Stupid Reporter Tricks (CuD, 4.09)
File 6--Amateur Action BBS bust account from NixPix
File 7--Two Cornell Students Charged in Virus Attacks (NEWSBYTES Reprint)
Issues of CuD can be found in the Usenet alt.society.cu-digest news
group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG,
and DL0 and DL12 of TELECOM, on Genie, on the PC-EXEC BBS at (414)
789-4210, and by anonymous ftp from ftp.cs.widener.edu (147.31.254.132),
chsun1.spc.uchicago.edu, and ftp.ee.mu.oz.au. To use the U. of
Chicago email server, send mail with the subject "help" (without the
quotes) to archive-server@chsun1.spc.uchicago.edu.
NOTE: THE WIDENER SITE IS TEMPORARILY RE-ORGANIZING AND IS CURRENTLY
DIFFICULT TO ACCESS. FTP-ERS SHOULD USE THE ALTERNATE FTP SITES UNTIL
FURTHER NOTICE.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to the
Computer Underground. Articles are preferred to short responses.
Please avoid quoting previous posts unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Wed Mar 4 22:07:34 1992
From: sanio@NETMBX.NETMBX.DE(Erhard Sanio)
Subject: File 1--Re: "Bury Usenet" (CuD 4.09)
>Computer underground Digest Fri, Feb 28, 1992 Volume 4 : Issue 09
Why (and how) bury Usenet?
++++++++++++++++++++++++++
In a provocative essay, Steve Weinberg states that USENET under his
opinion has failed its goals and "does improve our productivity and
our quality of life about as much as TV does". He describes USENET as
"a noble but failed experiment" and suggests to abandon it and
research other directions in order to improve communications and
quality of life.
As a preliminary remark, it is either hard or barbaric to bury
something or somebody unless he/she/it is dead. And, before discussing
the justification of the criticism on how USENET works and how far it
fulfills its goals, it is necessary to state that USENET is not only
up and alive, but enjoys steady, merely explosive growth from its
modest beginnings (in North Carolina many years ago, more exactly, in
1978) until now. According to recent readership statistics, about 73
million articles are read per month by 2.1 million readers, while the
number of articles read is increasing by 2 million and and the number
of readers by 135.000 every month during the last 6 months. Granted,
quantity does not indicate all, at least it demonstrates the
popularity and lasting interest of the USENET community in the medium.
One may assert that the same holds true for other phenomena of modern
civilization which are likely to unfold unwanted side-effects anyway
while not or poorly fulfilling the goals they were designed for, such
as cars, TV, drugs etc. . That would mean a slight shift of the
discussion: which goals was USENET designed to fulfill, which ends
does it serve in reality, which harmful unwanted effects does it
possibly produce, which are the reasons for its still growing
popularity, and finally, what sentence should be judged on it and who
can or should execute it in case that the sentence is death?
1. Goals of USENET
Clearly, computer-based communication on a world-wide scale is the primary
goal of USENET, no matter whether one likes to characterize it as a confe-
rencing system or whatever.
That means, it should be easy to access, and the flow of information should
reach the audience within an acceptable time, where "acceptable" clearly
depends on the technological possibilities along with some cost considera-
tions. The medium should be - at least to the widest amount possible - inde-
pentent of hardware, operating systems, and transportation media.
One might tend to believe that the statements above are trivial and tailored
to what USENET - different from several other conferencing systems - is
indeed able to do. But in fact, they are some of the factors for the
popularity and the distribution of the medium, but on the other hand
clearly some of the reasons for its flaws, which shall not be denied.
Steve defines "three general uses" such a system should fulfill otherwise
he is willing to condemn and discard it.
Those are:
- directed information seeking
- browsing
- collaboration .
On a general level, USENET fulfills the first of them simply by its hierar-
chical organization. Newsgroups spawn and die according to the need felt
by the community of users and are automatically propagated (Again, that
is nothing trivial - there are different strategies in other systems
mostly based on central organization, personally, I don't feel them
superior under any aspect). When traffic and variety of subjects are
felt to exceed some limit, groups are broken down into subgroups. And
to a considerably high amount, the discipline advised rather than imposed
is held by the majority of users. It is not very likely to find a contribu-
tion to C programming in alt.sex.bondage or an article dealing with abortion
in comp.lang.c .
A lot of general information is held in a set of regularly reposted
articles, lots of them of much higher quality than most one can
expect from average magazines no matter whether computer magazines
or general ones.
Browsing may be hard in high-traffic boards, especially when the subject
information is poor or dated during a longer-lasting discussion thread.
Most newsreaders offer some possibilities of pattern-matching, either
over header-lines such as subject, summary, keywords, and references
alone or over the full text, additionally. The ease of use of those
features may be questioned, sometimes even the usefulness. But not
only that the above is a challenge for designers of newsreading software
rather than a general weakness of the medium, it is at least inappropriate
to deny the presence of information browsing tools which often supersede
what e.g. some mainframe databases offer.
Collaboration, finally, is hard to define in this context. Steve describes
it (for the purposes of his essay) referring "to a group of people sharing
what they know and posing questions to each other .. so as to increase the
knowledge and ability of everyone involved." To deny that the above takes
place among the USENET community sounds odd to me and contradicts my
personal experience. Sure, there is some point in criticising that it
is sometimes hard to achieve, especially on high-traffic subjects. Anyway,
a fair amount of what I know about networking, several aspects of the US
cultural and political life, and several other topics of personal interest
I owe to the "collaboration" of a large number of members of the USENET
community, where it would have been hard, in several cases impossible for
me to obtain the information from other sources.
Often, the public discussion on the USENET is accompanied by private email
exchange, that kind of privately pursueing more off-topic aspects is suppor-
ted by newsreading software and encouraged by experienced users, especially
those performing voluntary and gratuitous administrative work.
2. Flaws of USENET
Defending the abilities and the use of the medium in general should not
seduce to discarding the whole of the criticism as pointless and unfounded.
Steve indeed hits some valid points of resentment while he sometimes, under
my opinion, tends to exaggerate and partially raises claims not in order
to get them fixed, but to back his preoccupation towards condemnation of
the medium. Complaints refer to:
- the asynchronous nature of USENET, which makes it hard to keep track of
a particular discussion
- poor language abilities and rude language of the posters
- "low bandwidth", meaning messages in 80-column ASCII opposed to multi-
media communication
- lack of qualification of the contributors, thus abundance of noise and
polemics
- risks of censorship in moderated groups .
The problem of the asynchronous nature of the net is indeed present, but
highly improved during the last years. Caused by an increasing number of
internet connections and other high speed links, the average time of dis-
tribution has decreased significantly. As an inhabitant of the borderlands
of net civilization, I enjoyed the meantime of an article to reach the
majority of the USENET community to come down from a bit less than a
week to much less than a day in average during the last 4 years. Much
more mutual patience was necessary (and not always achieved) to cope
with redundance, misunderstandings etc. due to dated comments on dated
articles. Therefore, the need of including major parts of the messages
referred to has decreased, too (though not all posters have understood
the technique of reasonable quoting, sure). Asynchronity is a general
property of any kind of communication which is not just on-line, and
to discard computer conferencing just because it is asynchronous (and
will always be) is incomprehensible.
That asynchronous nature is part of the strength of the system as well.
Reasonable contributors have the opportunity to obtain information,
think about, eventually do some additional research, and then respond.
Such a procedure is likely to contribute to the quality of a response
compared to one given immediately under pressure of realtime communi-
cation.
Steve's comments on poor mastership of written language sound a bit
arrogant and elitist to me. While it is true that many messages are
carelessly written, some even practise excessive use of rudeness,
four-letter-words etc., this is not true for a big quantity of polite,
reasonable, and qualified contributions. One should as well take in
account that a good engineer and programmer ought not necessarily
be an ingenious writer and master of orthography and grammar, further
that a growing number of authors aren't native English speakers and
writers (like me, btw.). The overwhelming majority of USENET readers
and authors still comes from tightly computer-related areas such as
CS departments of universities, computer and software business etc.,
I'll come back to that aspect below.
That 80-column ASCII should be a considerable drawback for worldwide
communication is beyond my experience and my understanding. Most of
the information I obtained during my life in the fields of science
and engineering was in that format, more or less. It is perfectly
possible to communicate that way, humans did that for millennia and
distributed the base of knowledge thereby.
That multimedial tools might improve comfort, ease of use etc., is
self-evident, though doubts are allowed that contents and quality
of information exchanged depend on. Steve started his polemics with
some comments on TV, clearly a multimedial means of distribution
of information, according to his own words it did n o t contribute
to more productivity and quality of life (the advertising industries
might contradict), thus it is hard to see that "low bandwidth" is a
valid complaint.
Recently, the simple and universal format of the informations exchanged
allows fast worldwide distribution with minimum hardware requirements
for the end users.
Therefore, I widely fail to see "the problem of low bandwidth". Clearly,
additional exchange of graphical information may be useful and helpful,
sometimes, but not on cost of propagation.
Concerning Steve's accusation that in case of spreading distribution of
graphical information "the main results would be an outbreak of pornography
and a rash of garish signatures" I see some reason to feel myself as well
as the whole of the USENET community insulted in a primitive and disgusting
way.
Steve should know how incredibly low the share of erotic material, only
a small part of that real pornography, in the USENET distribution is,
though tabloid journalism as well as fundamentalist and some feminist
fanatics use to assert the contrary stubbornly ignoring any counterproof.
Joining that crowd - even indirectly - is bad style and bad habit.
Last and best founded complaint is that about a rather high amount of noise,
the presence of lots of irrelevant and unqualified statements. Clearly there
are lots of messages of questionable relevance, style and quality which make
reading hard and time-consuming. Anyway, it is not just to characterize the
whole or even the majority of contributions to USENET that way.
Both quality and noise/signal ratio are highly dependant on traffic and
topic of the given group as well as on the structure of the audience. In
groups frequently accessed by newcomers, noise is often produced by lack
of experience with the unwritten and written rules of the net. Under the
circumstances of fast growth, that kind of noise is merely inevitable and
the additional educational effort should be tolerated (and mostly is) by
the more experienced part of the USENET community.
In political groups, people frequently tend to loose temper and there are
some who love to incite polemics or bore the rest by preaching on their
beloved subject of faith, conviction or ideological preoccupation.
It is true that the freedom and anarchic character of USENET makes it hard
to lock out rowdies, clowns or unqualified people. Sure, "Anyone with access
to a UNIX machine" (btw. not only a UNIX machine but every machine with access
to the UUCP, the internet or similar domains and the according software)
"can post a message .., no matter how unqualified the author may be".
But the above sounds arrogant and elitist to me. Providing a worldwide,
open forum for exchange of opinions and informations is a primary goal
of the USENET which it fulfills fairly well and I fail to see how
- without damaging that worldwide forum of free speech - "unqualified
authors" should be sorted out. Though I would not characterize USENET
as a democracy (because many decisions depend on the benevolent autocracy
of computer owners and system administrators), it at least provides equal
rights of publication and access for everybody (unless the sysadmin decides
otherwise) thus faces similar problems democracy faces, where the right of
free speech and the value of the vote do not depend on externally imposed
quality considerations.
Right, there is a problem in a medium which provides both information and
discussion at the same time, as well as there are some people who constantly
and malevolently violate the rules by rudity, fanaticism or tasteless comments.
Anyway, the assertion that USENET generally fails to provide both information
and discussion is far from truth. In fact, there is a considerable difference
in quality as well as noise/signal ratio between the technical, scientific
and scholarly groups on the one and the general chatting and raving groups
about sensible topics of dissent in the political, social and cultural fields
on the other hand.
One should take in account that the wast majority of the USENET community is
young and stems from the several fields of computing. It will be hard to find
a skilled lawyer or sociologist on the net, while it will be easy to find a
considerable number of computer experts. Thus, the technical groups are still
the best qualified ones. I often experienced that once a number of experienced
people were present in some group of a given topic, the noise was considerably
calming down. Most of the people are neither rude nor malevolent nor willing
to appreciate those attitudes. Anyway, when looking out for reliable informa-
tion on scholarly resp. scientific level, the university library is still
the best place to look for, while at least for me is true that I obtained
a lot of valuable hints and references from discussions on the USENET.
Reducing noise is generally easy: most of the worst flames and off-topic
messages stem from a small number of people of questionable psychic stability
or missionaries resp. fanatics of any conviction, religion, or ideology.
Newsreader software provides powerful tools to exclude messages of worth-
less contents or from well-known clowns, beneath that, lots of noise take
place in groups where not much else can be expected - the usual rule is
"if you can't stand the heat, leave the kitchen".
3. The popularity of USENET
Generalizing accusations of the net have a long tradition and the imminent
death of USENET has been predicted more often than the end of the world.
Irrespectively of the above, the net has gone on growing and winning popula-
rity. With all its flaws, it has already become a part of modern culture
which cannot be ignored. Frequently it has become a target of attacks and
concerns of people who felt some reason to contain free worldwide flow of
information, be it muslim fundamentalists objecting the propagation of
Salman Rushdie's "Satanic Verses", be it feminist PorNo activists (latest
some weeks ago in Germany), religious fundamentalists or others.
Clearly, the USENET is not a fine and elitist forum of academic discourse,
though it holds aspects of that in its more calm and remote places. Its
2000 groups hierarchy, often locally connected and gatewayed with national
hierarchies or regional mailbox systems, has become some sort of roaring
microcosmos of ideas, informations, chatting and raving. It is some sort
of a virtual metropolis, not a decent village or upperclass suburbia Steve
seems to dream from.
As with real big cities, there is always presence of mud, crime, trouble
and discomfort, lots of chaos and problems overdue to be fixed. There will
always be people leaving in anger and frustration, but also new ones empha-
tically rushing in and those staying in peace with the trouble and in love
to the system as a whole despite its flaws.
Nobody is forced to use the system, everybody might and should work to find
improvements, even new and better solutions. USENET is clearly not the last
word in computer conferencing - I doubt a bit it's computer conferencing
at all. For a long time, USENET is here to stay, and it has opened an
amount of worldwide communication which adds a new quality to world
culture, possibly not at the top end, but at least in a way similar like
cinema, (yes!) TV, pop music, comics, etc. did and do - and those also
fuelled the warnings and mockings of cultural pessimists in the past.
Those who like modern culture as it is are entitled to enjoy it.
++++++++
Dr. Erhard Sanio UNIX(tm) Systems Programmer/Consultant
Tempelhofer Damm 194 D+1000 Berlin 42 sanio@netmbx.in+berlin.de
------------------------------
Date: Sat, 29 Feb 1992 01:49:04 -0600
From: TELECOM Moderator <telecom@DELTA.EECS.NWU.EDU>
Subject: File 2--Re: "Bury Usenet" - Opinionated, and Proud of It
Steve Steinberg <steve@cs.ucsb.edu> rants about the 'insidious
problem of moderator bias' at TELECOM Digest ...
> However, there is the insidious danger of moderator bias.
Oh wow! A real danger, huh? With newsgroups a dime a dozen, and anyone
able to start a mailing list by simply doing so; an alt newsgroup by
declaring it exists and a Usenet group with slightly more effort
involved in a discussion and voting period, where is the 'insidious'
danger in a private mailing list (which is what TELECOM Digest is)
that you happen to have a personal grudge and bias about? That it
happens to be distributed to Usenet as comp.dcom.telecom is
coincidental to its real purpose. Why do you think alt.dcom.telecom
was started? It is intended for people who don't want to post in a
moderated group. Is that so difficult (even for you) to understand?
The readers of the two groups (comp.dcom.telecom and alt.dcom.telecom)
are virtually the same -- only the writers and articles differ.
> The specter of this problem has risen in conjunction with the TELECOM
> digest which is moderated by the rather opinionated Patrick Townsend.
I quite agree with the sentiments of Oscar Wilde when he pointed out
that he did not care what the newspapers said about him as long as
they spelled his name correctly. Obviously you know all about TELECOM
Digest; you've read it at great length; you've studied back issues in
the Archives, all the numerous files there, etc ... at least I assume
this to be the case since you deign to speak critically of it ... so
how come you missed something as obvious as 'Townson' which appears in
the masthead of every issue?
And having opinions on topics is a mortal sin, is it? I suspect in
your life that is true, but not in mine. My opinions may be correct,
they may be incorrect, they may be open to a variety of interpretations,
but I do think for myself ... try it sometime, see if you get a high
like I do thinking for yourself, deciding what you believe and
defending your beliefs. I find independent thought quite addictive.
> Whether Townsend actually censors messages he disagrees with is not
> important.
Of course it is important! It is the crux of your whole complaint. How
could you say something like this if you actually read the Digest for
any period of time?
> The perception -- and the possibility -- are there.
How could there be such a perception by any reasonable person (I am
not granting you that status) who actually READS the Digest? How could
I sit here and distribute as many issues of the Digest as I do and
still manage to censor anyone? If anything, I am told by a large
number of readers I am too lenient in what I publish. They'd prefer to
get five or ten messages daily instead of the forty to fifty I send
out. But I can't do that and still feel good about TELECOM Digest. If
I get a big overflow of messages on a topic, then the readers are
going to get a larger than average mailing. I have to do it that way
in order to reflect as nearly as possible what people are writing
about, and find room somehow for the writers.
If anything, I dare say I publish a lot more (in terms of numbers of
messages and varieties of thought) in TELECOM Digest than most other
moderators. Does PGN, who you praise as such a fine addition to the
net print anywhere close to what all he receives? Please note I am
not commenting on his work. I am commenting on what you said.
You know, I think your problem is -- and if you were intellectually
honest about it you would have said it yourself -- is you do not like
my stance on many issues.
For example, I think Caller-ID is a great service. I think most
privacy issues are overblown and a figment in the imagination of the
person complaining. I think in most instances of a dispute between a
telephone utility and a subscriber, the telephone utility is correct
and the subscriber is wrong. I have a lot of opinions -- which I do
not hesitate to express freely -- that you probably don't like at all.
I do not like phreaks or hackers (in the perjorative use of the term).
I think they should be treated as criminals rather than folk heroes.
The difference between you and I is I say what I think, while you
mince around and whine about people who are opinionated. I suppose
while I am opinionated, you are a font of wisdom, eh? In the future
at least try to be more original in your complaints, and try saying
what you *really think* instead of playing word games. Who knows, if
you have something to actually say -- that is, an opinion of your own
on something -- I might even print it in TELECOM Digest, a courtesy I
would be surprised to see reciprocated in any publication under your
control.
Opinionated, and proud of it!
Patrick Townson
------------------------------
Date: Sat, 29 Feb 92 09:44:34 PST
From: G.Steinberg <steve@CS.UCSB.EDU>
Subject: File 3--Reply to: Opinionated, and Proud of It
Townson makes a number of good points in his reply, unfortunately few
of them are germane to my argument against USENET. First, lets look
again at what I said without it being broken up into pieces:
"However, there is the insidious danger of moderator bias. The
specter of this problem has risen in conjunction with the
TELECOM digest which is moderated by the rather opinionated
Patrick Townsend (sic). Whether Townsend actually censors
messages he disagrees with is not important. The perception
--and possibility-- are there."
Townson gives five arguments against the above, none of which are on
target. This is because the above paragraph must be interpreted within
the context of my argument against Usenet which goes, partially, as
follows:
a) If anyone can post to a newsgroup, there is a lot of noise.
b) If the newsgroup has a moderator, noise can be reduced.
c) A moderators opinions could color the content of the digest.
d) If the goal of USENET is to provide information than we want as
little bias as possible.
e) Therefore moderated newsgroups are not a good idea.
Townson's arguments are as follows:
1: There is no danger because an alternate group with no moderator can
be easily formed.
This is completely orthogonal to my article on USENET. Sure, we can
start an alternate group, but this just brings us back the noise
problem and we will be no closer to a more effective USENET.
2: I do not know enough about TELECOM digest.
I read the TELECOM digest daily for a period of about six months, and
occasionally since then. This was enough time for me to learn two
things: Townson has strong opinions about some TELECOM issues and that
some people felt that these opinions colored the content of the
digest. Townson does not attempt to refute either of these points.
These are the only points that I need for my argument.
The fact that I misspelled his name is inexcusable.
3: It is good to have opinions, I should try it sometime.
I found it rather ironic to be accused of not having opinions on a
topic when clearly Townson is attacking me because of my opinions! I
quite agree it is good to have opinions, in fact I believe we all have
opinions. It is because of this that I think moderated newsgroups are
problematic.
4: Townson does not actually censor messages.
There is no way for me to know this. I have seen posts by several
people who have claimed that their messages are routinely ignored due
solely to the opinions in the messages. True or not, my argument does
not rest on Townson's actual censoring. If a moderator can censor, and
many people think he is, then the newsgroup is surely less trustworthy
than an unmoderated one.
5: My comments were motivated by dislike for Townson's opinions.
I merely used Townson's newsgroup because his moderation has become
the most controversial. I don't think Townson would disagree with
this. I certainly could have used CuD as my example, and pointed out
that many people believe that the anti-hacker viewpoint is censored
from the digest, but this perception is held by fewer people.
In short, your response is highly defensive against a perceived
personal attack when in fact I am attacking moderated newsgroups in
general. Rewrite your response so it is more thoughtful and I would be
pleased to print it in Intertek.
Steve Steinberg
------------------------------
Date: Thu, 05 Mar 92 00:33:51 EST
From: Keith Moore <moore@CS.UTK.EDU>
Subject: File 4--Apology to Craig Neidorf
I would like to publicly apologize for any offense to Craig Neidorf
that resulted from my CuD article of a few weeks ago.
In all honesty, I intended the "article" as a private message to the
editors of CuD, but neglected to include text to that effect in my
mail message.
I do appreciate the thoughtful responses from Craig and Mike Godwin
regarding the nature of the legal expenses.
I never meant to suggest that Craig was in any way "at fault" for the
cost of his defense, nor to discourage people from donating money to
offset his expenses.
((Moderators' note: And we apologize to Keith for printing what he
intended as a private note. We generally consider informational or
reasonable opinion pieces as submissions unless the author states
otherwise. Keith's point raised the legitimate and very real concern,
alluded to by the post of Mike Godwin and demonstrated by Craig's
explanation of legal expenditures, of the costs of "justice:" Those
with resources to fight questionable searches, seizures, or charges
are better-able to challenge the injustice than those who lack the
resources. It if frightening that, for Craig, the cost of justice was
in six figures. To our minds, Keith's post underscored the importance
of reconizing that--for better or worse--justice is not cheap. We
thank Keith, Craig, and Mike for underscoring the importance of
helping defray legal expenses.
It is *VERY IMPORTANT* that contributors remember to make checks
payable to the law firm of Katten, Muchin and Zavis, and *NOT* to
Sheldon Zenner or Craig. KMZ is a firm of over 300 attorneys and
hundreds of additional staff. At least a couple of people have sent
letters and checks to Katten, Muchin, and Zavis, but they did not send
them to Sheldon Zenner's attention or to Sheldon at KMZ. This makes
it very difficult for proper bookkeeping, and a check or two may have
been lost. People who don't receive a written thank you from Sheldon
Zenner are people whose checks never made it to Craig's account for
one reason or another.
Checks must be made payable to Katten, Muchin, and Zavis.
The checks must be sent to:
Sheldon Zenner
Katten, Muchin, & Zavis
525 West Monroe Street
Suite 1600
Chicago, IL 60606-3693
Add a note specifying that the check is for the Craig Neidorf
case, and write his name in the "memo" section.
------------------------------
Date: Tue, 3 Mar 92 02:47:16 MST
From: mbarry@ISIS.CS.DU.EDU.CS.DU.EDU(Marshall Barry)
Subject: File 5--Re: Stupid Reporter Tricks (CuD, 4.09)
((In response to "Stupid Reporter Tricks, File #6/CuD 4.09)):
Part of the problem in this case is that "Bear" didn't bother to
give ALL of the information.
Having worked with Mr. Benemann on the story (and, in case it
matters, having him at least "validate" that the information presented
was accurate), there is more to this than was stated in the original
text...
So, if you feel it is apropos, I enclose *MY* Reply to "Bear"...
=============
REPLY:
From: Marshall Barry
Organization: IBECC, A Colorado Non-Profit Organization
>A local television reporter did a report on the 10pm news about
>teenagers getting access to adult .gif files on computer bulletin
>boards.
>
>He explains how many sites with adult gifs require proof-of-age
>(e.g., copies of driver's license) for registration, but some
>merely print a "you must be over 21 to register" message before
>on-line registration.
>
>No problem, except he then claims you can lie and still become
>registered -- which he proceeds to do on camera.
So?
He was making a valid point - that is, that ANYONE can lie... And the
system he "lied" to asked for a Callback via a Callback Verification
program. So, even though the "SysOp" had an invalid name and address,
s/he/it had a valid telephone number.
The point being made is that the PARTICULAR SysOp was doing an
insufficient amount of verification. It is not enough to just call
back (automatically) and use that as validation for being an adult, is
it?
>Isn't this a violation of Federal law regarding computer access?
It could be. Of course, the SysOp is also not requesting a valid ID,
just something which could be verified. The telephone number is
valid, and as Kaizoku [Mb's note: Kaizoku was a "cracker" who agreed
to be interviewed via modem... at the end of the interview, she
apparently grabbed Mr. Benemann's home phone, address, etc. from the
phone company and played it back to him - when he verified that it
was, indeed him, she then promised to NOT turn off his utilities and
forward his mail...] pointed out, graphically, it's almost trivial to
acquire "reverse" information.
Still, Federal law can only be invoked when access is across state
lines. Colorado law is, at best, vague.
The media, btw, enjoys a great deal of latitude in this case, as they
are covering news and not actually delivering or revealing information
which is acquired.
Finally, by law, you may use any name you wish so long as there is not
an attempt to defraud. Merely using an assumed name, especially when
dealing with "adult material" is not a crime.
>The sysop of the BBS clearly requested identifying information,
>as is his right before granting system access, which the reporter
>deliberately refused to provide yet accepted system access?
Bah! Humbug.
>This TV station is getting a bad reputation for overzealous reporters --
>a few years ago one star reporter actually paid for pit-bull fights
>that she subsequently reported on. She was ultimately fired from the
>station and charged with a felony.
So, because of Wendy, anyone who does an expose is guilty of
over-zealous reporting?
Give me a break.
Jim Benemann worked very hard to not present all BBSes in an
"evil" light. If you noticed, (and since you're local, I can
provide you with a tape, to refresh your memory), he said that
most systems were positive, most systems were no longer easy for
children (the important issue, not the "content" of the material)
to acquire access. In fact, what he said (for the most part) was
more than just a little positive.
What is it that you are REALLY complaining about?
That he gave an "assumed name and address"?
Ever call a 900 number?
Did you give YOUR real name?
>I don't expect things to go this far in this situation -- but neither
>do I want to sit by as the TV station implies it's okay to lie during
>on-line registration for BBSes.
Oh, come on.
You log onto every BBS with your real name, address and telephone
number, before you even see if it's the kind of system you'd want to
give such information to?
Sorry - I can't buy that.
>Any comments or suggestions?
You've seen 'em.
I worked (one of many) with Jim Benemann on the story.
I can show you what "reputable" news teams (including KABC in LA)
do with these stories.
I can show you videotape of "ads" for BBSes running on the screen
while the voice-over says "these networks are homes to pedophiles,
drug users and phone phreaks"... which (of course) has nothing to
do with the "ads" on the screen.
They (KCNC) even checked the information before airing it, and you
can be sure that the SysOp of the "cracked" system is improving his
security now... and not letting a call-back verifier program
determine that someone is "over 18".
>BTW, the reporter was Jim Benemann of KCNC in Denver.I can post
>the Station Manager's name if other people wish to contact the station.
So, what you want people to do is to call and complain about some
of the least negative reporting we've gotten in the last 10 years.
Great.
// Mb //
<mbarry@nyx.cs.du.edu> is also <Marshall.Barry@f169.n104.z1.FidoNet.Org>
"If you're going to (mis)quote me, at least Spell my Name CORRECTLY!"
Data: (303) 657-0126 +&+ (303) 426-1942 3/12/2400 baud
Snail Mail: P.O. Box 486, Louisville, CO 80027-0486
------------------------------
From: bei@DOGFACE.AUSTIN.TX.US(Bob Izenberg)
Subject: File 6--Amateur Action BBS bust account from NixPix
Date: Sun, 1 Mar 92 12:03:05 CST
((CuD Editor's Note - The following was written by the sysop of "NixPix BBS"
in Aspen, Colorado, after a telephone interview with
Bob Thomas, sysop of "Amateur Action")).
The Amateur Action BBS Seige of '92 (02/29/92)
(From a first-hand 'interview' with Nick)
Cuzz there are so many false rumors circulating re this 'incident',
I called Bob to get the straight story. Here 'tis!
On Jan 20, 1992 at 7:30 AM, five armed San Jose Policemen stormed
the house of Bob and Carleen Thomas, bearing a search warrant. The
affidavit that permitted the search is still sealed, and a mystery to
Bob, so he knows only what he could be searched for. No charges were
pressed against him.
The Search Warrant said:
CA Penal Code section 311.2 (bringing of obscene matter into or
distributing within state. And Penal code 311.11 (Possession or
control of matter depicting sexual conduct of person under age of 14 .
And Penal code 484-487.1 (Grand Theft- permits cops to take stolen
goods if any are found).
The entire family was in bed. The police charged into the
frightened 11 & 14 yr old boys rooms... Their parents were impounded
in their dining room as the gang took apart the BBS system and
ransacked the house. Looking the protesting boys in the eye, they
even grabbed their game computer.
They were clearly after the computers, pictures, video tapes,
machines. It was also clear they did not find what they were 'looking
for'.. They carted off all computers, scanners, video gear, blank
tapes.. The UPS and printer were too heavy!!! No explanation has been
given for their seizing Bob's wifes underwear, purses, and shoes.... 5
1/2 hours of humiliation.. They also took Bob's business papers and
effectively closed his Mom & Pop business. His battle costs have
exceeded $15K!
Bob hired an attorney and he got in touch with the Electronic
Frontier Foundation (an organization specifically set up to protect
our rights to privacy of information).. The Police had clearly broken
the strict Fedral electronics privacy act.. This requires a SEPARATE
Email search warrant for EACH Email recipient, or a $1000 damages can
be levied PER addressee! And, damages can be recovered from
individuals, state, and city. Thus, the San Jose police carelessly
(wantonly?) broke federal laws.
Before unsealing Bob's stuff, they agreed to only review GIFS,
tapes, photos and to leave the records alone. After they began
(finally) to actually look at their cache, the cops returned Bob's
gear and stated that he had 'NOTHING ILLEGAL' in his posession! All
the material in Bob's fine Amateur collection (save some great
old-time 60's and 70's sexual memorabilia) is comparable to similar
but slicker professional material obtainable from local Adult
bookstores.
What perpetuated this obnoxious and frightening attack on the AA
BBS? It is still a secretive mystery. Bob does NOT know who his
accuser is. I recall that as an UN-AMERICAN act! But, he hunches it is
related to a bizarre local male adult who posed as a 14 year old on
America On-Line and entrapped others to send him sexy stuff of 14
year olds. When he got some, he turned in America on Line. The reason
Bob suspects him is that he lives only a few miles from AA in Fremont,
and is clearly in the lunatic fringe.
So, kiddies.. Be aware that as the WAR on drugs backs down in
defeat the troops and philosophies are going to be used to make WAR on
sex for pleasure.. And the spectre of 'KIDDIE PORN' is so odious to
many Americans, that self defense will bankrupt many harmless people.
We in the Adult BBS community are lucky to have such a brave Sysop
as Bob Thomas.. And lucky that reason and law worked THIS time!
Send Bob a lil help ($. I did, and I am stingy!) And join AA BBS at
408/263-3393 100% DST!.
Nick , Horny Pixop and founder of NixPix.
------------------------------
From: John F. McMullen (mcmullen@well.sf.ca.us)
Subject: File 7--Two Cornell Students Charged in Virus Attacks (NEWSBYTES Reprin
t)
>From today's Newsbytes - from another writer. Note that, despite the
wire services use of the word, "Hacker" never appears in Grant's story.
Do I hear the cheers???
=======================================================================
****Two Cornell Students Charged In Virus Attacks
ITHACA, NEW YORK, U.S.A., 1992 Feb 26 (NB) -- Charges have been laid
against two Cornell University students accused of planting a virus
that locked up Apple Macintosh computers at Cornell, at Stanford
University in California, and in Japan.
David S. Blumenthal and Mark Andrew Pilgrim, both aged 19, were
charged in Ithaca City Court with one count each of second-degree
computer tampering, a Class A misdemeanor. The investigation is
continuing and additional charges are likely to be laid, said Cornell
University spokeswoman Linda Grace-Kobas. Both students spent the
night in jail before being released on bail February 25, Grace-Kobas
added.
The MBDFA virus apparently was launched Feb. 14 in three Macintosh
computer games: Obnoxious Tetris, Tetriscycle, and Ten Tile Puzzle.
Apparently, Grace-Kobas told Newsbytes, a computer at Cornell was used
to upload the virus to the SUMEX-AIM computer archive at Stanford
University and an archive in Osaka, Japan.
MBDFA is a worm, a type of computer virus that distributes itself in
multiple copies within a system or into connected systems. MBDFA
modifies systems software and applications programs and sometimes
results in computer crashes, university officials reported.
Reports of the MBDFA virus have been received from across the United
States and from around the world, including the United Kingdom, a
statement from the university said.
(Grant Buckler/19920226/Press Contact: Linda Kobas, Cornell
University, 607-255-2000)
------------------------------
End of Computer Underground Digest #4.10
************************************
Computer underground Digest Tue, Mar 10, 1992 Volume 4 : Issue 11
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Associate Editor: Etaion Shrdlu
CONTENTS, #4.11 (Mar 10, 1992)
File 1--Net Resources
File 2--Readers Reply: "Bury Usenet"
File 3--Readers Reply: Apology to Craig Neidorf (CuD #4.10)
File 4--F.B.I. and Digital Communications Amendment (NYT synopsis)
File 5--F.B.I.' Proposed Digital Communications Legislation
File 6--CPSR Response to FBI Proposal
File 7--"Real Hackers?" Comparing the old and the new (DFP Reprint)
File 8--BBSes and Telco Rates
File 9--HACKING grounds for dismissal
File 10--Updated Info on 2nd Annual Int'l BBSing & Elec. Comm Conf.
Issues of CuD can be found in the Usenet alt.society.cu-digest news
group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG,
and DL0 and DL12 of TELECOM, on Genie, on the PC-EXEC BBS at (414)
789-4210, and by anonymous ftp from ftp.cs.widener.edu (147.31.254.132),
chsun1.spc.uchicago.edu, and ftp.ee.mu.oz.au. To use the U. of
Chicago email server, send mail with the subject "help" (without the
quotes) to archive-server@chsun1.spc.uchicago.edu.
European distributor: ComNet in Luxembourg BBS (++352) 466893.
NOTE: THE WIDENER SITE IS TEMPORARILY RE-ORGANIZING AND IS CURRENTLY
DIFFICULT TO ACCESS. FTP-ERS SHOULD USE THE ALTERNATE FTP SITES UNTIL
FURTHER NOTICE.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to the
Computer Underground. Articles are preferred to short responses.
Please avoid quoting previous posts unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Mon, 9 Mar 92 19:58:41 CST
From: Moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 1--Net Resources
Frank Klaess, sysop of ComNet in Luxembourg, is providing CuDs and
other text files on ComNet Luxembourg BBS. ComNet is a two-line,
14,400 board and the phone number is: (++352) 466893.
ComNet is not yet accessible through internet, but Frank can be
reached on PC-Exec BBS in Milwaukee (414) 789-4352.
+++++++
The Well, perhaps the best system in the country, is now accessible
through ftp (192.132.30.2). The initial sign-up is nominal, and usage
fees are more than reasonable ($10 a month and $2 an hour). There are
thousands of discussion topics, conferences on almost every issue
conceivable, and there are a number of services and features that make
it a valuable investment. Cybernauts would find the Hacking, EFF
(Electronic Frontier Foundation) and CPSR (Computer Professionals for
Social Responsibility) conferences especially interesting.
------------------------------
Date: 8 Mar 92 13:53:33 CST (Sun)
From: peter@TARONGA.COM(Peter da Silva)
Subject: File 2--Readers Reply: "Bury Usenet"
Building a new net with a wider bandwidth and tighter controls, as
Steve seems to want, is a SMOP. Write the software, build your Usenet
II, and if it's really that far superior then it will supplant Usenet
I.
People are always coming up with improvements they'd like to the basic
Usenet model, but none seem willing to put their money where their
mouth is. Come on, Steve. You can use the existing transport
mechanism, even. Just a new newsreader or two and you're in business!
------------------------------
Date: Sun, 8 Mar 92 13:55:28 EST
From: The Advocate <unixville@matrix.uunet.uu.net>
Subject: File 3--Readers Reply: Apology to Craig Neidorf (CuD #4.10)
A poster in CuD 4.10 writes:
> I never meant to suggest that Craig was in any way "at fault" for the
> cost of his defense, nor to discourage people from donating money to
> offset his expenses.
I was just wondering, did craig ever consider getting a public
defender? After all, he was above 18, he was an independent student.
I think he could have qualified, with a little finagling. A lot of
them are damn good.
I think I had disconnected, during the arrest periods, due to work
loads or i would have suggested it. HAve to admit, it would have been
nice to put the tab on uncle sam. and federal PDs are 1000 fold
better then local ones.
((Moderators' note: Craig's initial attorney seemed unfamiliar with
the issues his case raised. The Advocate is correct in observing
that many public defenders are competent, idealistic, and hard
working. Unfortunately, the issues raised in this case were beyond
the resources and expertise of most public defenders and required
some specialized skills.
In Chicago, the jurisdiction of Craig's trial, Federal public
defenders are appointed only if the defendant can demonstrate
financial need, and Craig, at best, probably would not have qualified.
Public defense attorneys appointed by the presiding judge from a pro
bono list, and while, through luck if the draw, it is possible to
obtain some of the best legal counsel in the country, it is just as
likely that he would be appointed one who neither was familiar with
nor willing to take on the line of defense ultimately used.
Unfortunately, our system of justice requires investment of resources
before the wheels turn properly.))
------------------------------
Date: Mon, 9 Mar 92 01:32:06 EST
From: Cy Burway <finder@canfield.com>
Subject: File 4--F.B.I. and Digital Communications Amendment (NYT synopsis)
As Technology Makes Wiretaps More Difficult, F.B.I. Seeks Help
(From: New York Times, March 8, 1992: p. I-12)
By Anthony Ramirez
The Department of Justice says that advanced telephone equipment in
wide use around the nation is making it difficult for law-enforcement
agencies to wiretap the phone calls of suspected criminals.
The Government proposed legislation Friday requiring the nation's
telephone companies to give law-enforcement agencies technical help
with their eavesdropping. Privacy advocates criticized the proposal as
unclear and open to abuse.
In the past, the Federal Bureau of Investigation and other agencies
could simply attach alligator clips and a wiretap device to the line
hanging from a telephone pole. Law-enforcement agents could clearly
hear the conversations. That is still true of telephone lines carrying
analog transmissions, the electronic signals used by the first
telephones in which sounds correspond proportionally to voltage.
But such telephone lines are being steadily replaced by high-speed,
high-capacity lines using digital signals. On a digital line, F.B.I.
agents would hear only computer code or perhaps nothing at all because
some digital transmissions are over fiber-optic lines that convert the
signals to pulses of light.
In addition, court-authorized wiretaps are narrowly written. They
restrict the surveillance to particular parties and particular topics
of conversation over a limited time on a specific telephone or group
of telephones. That was relatively easy with analog signals. The
F.B.I. either intercepted the call or had the phone company re-route
it to an F.B.I. location, said William A. Bayse, the assistant
director in the technical services division of the F.B.I.
But tapping a high-capacity line could allow access to thousands of
conversations. Finding the conversation of suspected criminals, for
example, in a complex "bit stream" would be impossible without the aid
of phone company technicians.
There are at least 140 million telephone lines in the country and more
than half are served in some way by digital equipment, according to
the United States Telephone Association, a trade group. The major
arteries and blood vessels of the telecommunications network are
already digital. And the greatest part of the system, the capillaries
of the network linking central telephone offices to residences and
businesses, will be digital by the mid-1990s.
Thousand Wiretaps
The F.B.I. said there were 1,083 court-authorized wiretaps--both new
and continuing--by Federal, state, and local law-enforcement
authorities in 1990, the latest year for which data are available.
Janlori Goldman, director of the privacy and technology project for the
American Civil Liberties Union, said she had been studying the
development of the F.B.I. proposal for several months.
"We are not saying that this is not a problem that shouldn't be
fixed," she said, "but we are concerned that the proposal may be
overbroad and runs the risk that more information than is legally
authorized will flow to the F.B.I.
In a news conference in Washington on Friday, the F.B.I. said it was
seeking only to "preserve the status quo" with its proposal so that
it could maintain the surveillance power authorized by a 1968 Federal
law, the Omnibus Crime Control and Safe Streets Act. The proposal,
which is lacking in many details is also designed to benefit state and
local authorities.
Under the proposed law, the Federal Communications Commission would
issue regulations to telephone companies like the GTE Corporation and
the regional Bell telephone companies, requiring the "modification" of
phone systems "if those systems impede the Government's ability to
conduct lawful electronic surveillance."
In particular, the proposal mentions "providers of electronic
communications services and private branch exchange operators,"
potentially meaning all residences and all businesses with telephone
equipment.
Frocene Adams, a security official with US West in Denver is the
chairman of Telecommunications Security Association, which served as
the liaison between the industry and the F.B.I. "We don't know the
extent of the changes required under the proposal," she said, but
emphasized that no telephone company would do the actual wiretapping
or other surveillance.
Computer software and some hardware might have to be changed, Ms. Adams
aid, but this could apply to new equipment and mean relatively few
changes for old equipment.
------------------------------
Date: Mon, 9 Mar 92 19:58:41 CST
From: Jim Thomas <tk0jut2@mvs.cso.niu.edu>
Subject: File 5--F.B.I.' Proposed Digital Communications Legislation
Increasingly sophisticated technology available to the average citizen
undeniably makes it more difficult for law enforcement to pursue
legitimate investigations. When technology expands faster than
society's capacity to examine the social, ethical, or legal
implications of the changes, two potential problems emgerge: Laws
that correspond to technological advances do not change, leaving law
enforcement either handicapped or forced to implement illicit means in
investigations, or laws change in ways that potentially intrude on
civil liberties by reducing Constitutional protections. The trick is
to find a happy medium.
The legislation proposed by the U.S. Government reflects an attempt to
bring current Federal legislation in line with technology. In
principle, this is wise. In practice, questions arise that should be
addressed in order to assure that the proposed legislation allows law
enforcement to pursue its legitimate ends while simultaneously
protecting the interests of citizens.
The proposed legislation has not yet been submitted to Congress, and
our understanding is that there is as yet no draft of the proposed
changes. CPSR, EFF, the ACLU, and other groups appear to be actively
involved in assuring that the language and implications of the final
document will be carefully examined prior to submission.
As we understand the proposed legislation, it would make it easier for
investigators to conduct *legal* surveillance of digital, broad-band,
communications by implementing technology that targets a specific user
rather than an entire stream of users. To do this, telecommunications
systems would require modification that would be implemented by the
phone companies and would include changes in user devices.
Among the questions the proposed legislation raises are:
1. Who would bear the costs of the modifications? Should costs be
passed on to end telecommunications users?
2. How would the modifications change the requirements for obtaining
warrants?
3. What potential abuses might arise from the modifications?
4. What unanticipated advantages or social benefits might emerge?
5. How might the concept of "good faith" be interpreted when
non-targeted information is obtained?
6. How would the proposed legislation dovetail into recent U.S.
Supreme Court decisions that expand the search powers of law
enforcement?
7. What concepts or definitions of "telecommunications" and other
terms would be established? How far would the scope of the legislation
extend? Would it include data lines if it were suspected that the
target were transferring an unlicensed version of Word Perfect? Among
the "evidence" used to justify the seizure of Steve Jackson Games, the
Secret Service claimed that the simple description of Kermit as a
7-bit protocol used to transfer data between mainframes and PCs was
evidence of a conspiracy. Would this allow monitoring of all Kermit
up/downloads by Steve Jackson employees?
There are many other questions to be addressed, but the ultimate one
remains: What is the best language that would protect both law
enforcements' ability to carry out its function while preserving
Constitutional rights? The recent history of some law enforcement
officials, particularly in the Secret Service and a few local
jurisdictions, indicates that the question is more than a
philosophical debate. The consequences of ill-considered language for
all involved require careful consideration of balance.
The following is the press release proposing the legislation:
+++++
U.S. Department of Justice
Federal Bureau of Investigation
Office of the Director Washington, D.C. 20535
March 6, 1992
STATEMENT BY FBI DIRECTOR WILLIAM S. SESSIONS
CONCERNING PROPOSED DIGITAL COMMUNICATIONS LEGISLATION
Law enforcement's continued ability to conduct court-authorized
electronic surveillances is one of the most critical issues facing law
enforcement today. However, recent telecommunications systems
improvements have outpaced the government's ability to technologically
continue this highly successful, and lawful technique.
Consequently, the U.S. Government has proposed legislation requiring
the telecommunications industry to ensure that its advanced digital
telephone systems accommodate the legitimate needs of federal, state,
and local law enforcement.
Specifically, this legislation seeks to preserve the status quo of an
extraordinarily efficient and effective technique utilized by law
enforcement to conduct court-authorized electronic surveillances, as
authorized by Congress in Title III of the Omnibus Crime Control and
Safe Streets Act of 1968. The approach suggested in the legislation
represents by far the least costly alternative and is the only certain
method of addressing the issue.
Without an ultimate solution, terrorists, violent criminals,
kidnappers, drug cartels, and other criminal organizations will be
able to carry out their illegal activities using the
telecommunications system without detection. This proposal is critical
to the safety of the American people and to the law enforcement
officers who must daily enforce the laws of this country.
The Legislative proposal is not solely a law enforcement proposal but
is a result of a cooperative effort by Administration and Congressional
leaders, telecommunications industry executives and law enforcement.
------------------------------
Date: Tue, 10 Mar 1992 17:47:59 -0500
From: dbanisar@washofc.cpsr.org
Subject: File 6--CPSR Response to FBI Proposal
CPSR letter on FBI Proposal
CPSR and several other organizations sent the following letter to
Senator Patrick Leahy regarding the FBI's recent proposal to undertake
wire surveillance in the digital network.
If you also believe that the FBI's proposal requires further study at
a public hearing, contact Senator Hollings at the Senate Committee on
Commerce. The phone number is 202/224-9340.
Dave Banisar,
CPSR Washington Office
====================================================
March 9, 1992
Chairman Patrick Leahy
Senate Subcommittee on Law and Technology
Committee on the Judiciary
United States Senate
Washington, DC 20510
Dear Senator Leahy,
We are writing to you to express our continuing interest in
communications privacy and cryptography policy. We are associated
with leading computer an telecommunication firms, privacy, civil
liberties, and public interest organizations, as well as research
institutions and universities. We share common concern that all
policies regarding communications privacy and cryptography should be
discussed at a public hearing where interested parties are provided an
opportunity to comment or to submit testimony.
Last year we wrote to you to express our opposition to a Justice
Department sponsored provision in the Omnibus Crime Bill, S. 266,
which would have encouraged telecommunications carriers to provide a
decrypted version of privacy-enhanced communications. This provision
would have encouraged the creation of "trap doors" in communication
networks. It was our assessment that such a proposal would have
undermined the security, reliability, and privacy of computer
communications.
At that time, you had also convened a Task Force on Privacy and
Technology which looked at a number of communication privacy issues
including S. 266. The Task Force determined that it was necessary to
develop a full record on the need for the proposal before the Senate
acted on the resolution.
Thanks to your efforts, the proposal was withdrawn.
We also wish to express our appreciation for your decision to
raise the issue of cryptography policy with Attorney General Barr at
his confirmation hearing last year. We are pleased that the Attorney
General agreed that such matters should properly be brought before
your Subcommittee for consideration.
We write to you now to ask that you contact the Attorney General
and seek assurance that no further action on that provision, or a
similar proposal, will be undertaken until a public hearing is
scheduled. We believe that it is important to notify the Attorney
General at this point because of the current attempt by the
administration to amend the Federal Communications Commission
Reauthorization Act with provisions similar to those contained in S.
266.
We will be pleased to provide assistance to you and your staff.
Sincerely yours,
Marc Rotenberg,
Computer Professionals for Social Responsibility
David Peyton,
ITAA
Ira Rubenstein,
Microsoft
Jerry Berman,
Electronic Frontier Foundation
Mike Cavanagh
Electronic Mail Association
Martina Bradford,
AT&T
Evan Hendricks,
US Privacy Council
Professor Dorothy Denning,
Georgetown University
Professor Lance Hoffman,
George Washington University
Robert L. Park,
American Physical Society
Janlori Goldman,
American Civil Liberties Union
Whitfield Diffie, Sun Microsystems
John Podesta,
Podesta and Associates
Kenneth Wasch,
Software Publishers Association
John Perry Barlow,
Contributing Editor, Communications of the ACM
David Johnson,
Wilmer, Cutler & Pickering
cc: Senator Joseph R. Biden, Jr
Senator Hank Brown
Senator Ernest F. Hollings
Senator Arlen Specter
Senator Strom Thurmond
Representative Don Edwards
Attorney General Barr
Chairman Sikes, FCC
------------------------------
Date: Mon, 2 Mar 92 18:52:34 CST
From: Digital Free Press <max%underg@uunet.uu.net>
Subject: File 7--"Real Hackers?" Comparing the old and the new (DFP Reprint)
((Moderators' note: The following article is reprinted from the
Digital Free Press. DFP and the Underground Computing Foundation BBS
are useful sources for material on the Computer Underground. The DFP
can be contacted at: max%underg@uunet.uu.net))
Real Hackers?
There is a lot of talk these days about how the word 'hacker' has
been redefined by the press. The theory is that the old hackers, as
portrayed in Steven Levy's excellent book _Hackers: Heroes of the
Computer Revolution_, were good and pure and this breed of hacker
dramatized in the press is some new evil non-hacker terrorist. This is
nonsense.
According to the book, the hacker ethic(paraphrased) is as
follows:
1. Access to computers should be unlimited and total.
2. All information should be free.
3. Mistrust Authority - Promote Decentralization.
4. Hackers should be judged by their hacking.
5. You can create art and beauty on a computer.
6. Computers can change your life for the better.
In pursuit of the hacker ethic these heroes performed various acts
that would not be looked upon favorably in today's anti-hacker
society:
Used Equipment Without Authorization (Page 20)
++++++++++++++++++++++++++++++++++++++++++++++
"So, without any authorization whatsoever, that is what Peter
Sampson set out to do, along with a few friends of his from an
MIT organization with a special interest in model railroading. It
was a casual, unthinking step into a science-fiction future, but
that was typical of the way that an odd subculture was pulling
itself up by its bootstraps and growing to underground
prominence-to become a culture that would be the impolite,
unsanctioned soul of computerdom. It was among the first computer
hacker escapades of the Tech Model Railroad Club, or TMRC."
Phone Phreaked (Page 92)
++++++++++++++++++++++++
"He had programed some appropriate tones to come out of the
speaker and into the open receiver of the campus phone that sat
in the Kluge room. These tones made the phone system come to
attention, so to speak, and dance."
Modified Equipment Without Authorization (Page 96)
++++++++++++++++++++++++++++++++++++++++++++++++++
"Nelson thought that adding an 'add to memory' instruction
would improve the machine. It would take _months_, perhaps, to go
through channels to do it, and if he did it himself he would
learn something about the way the world worked. So one night
Stewart Nelson spontaneously convened the Midnight Computer
Wiring Society."
Circumvented Password Systems (Page 417)
++++++++++++++++++++++++++++++++++++++++
"Stallman broke the computer's encryption code and was able to get
to the protected file which held people's passwords. He started
sending people messages which would appear on screen when they
logged onto the system:
'I see you chose the password [such and such]. I suggest that
you switch to the password "carriage return. "It's much
easier to type, and also it stands up to the principle that
there should be no passwords.'
'Eventually I got to the point where a fifth of all the users on
the machine had the Empty String password.' RMS later boasted.
Then the computer science laboratory installed a more
sophisticated password system on its other computer. This one was
not so easy for Stallman to crack. But Stallman was able to study
the encryption program, and as he later said, 'I discovered
changing one word in that program would cause it to print out
your password on the system console as part of the message that
you were logging in.' Since the 'system console' was visible to
anyone walking by, and its messages could easily be accessed by
any terminal, or even printed out in hard copy, Stallman's change
allowed any password to be routinely disseminated by anyone who
cared to know it. He thought the result 'amusing.'
Certainly these hackers were not anarchists who wanted only to
destroy. They had a personal code of ethics, the hacker ethic to base
their behavior on. In fact the modern hacker has his/her ethics
intact. Compare the above hacker ethic with the hacker ethic found in
_Out of the Inner Circle_ by Bill 'The Cracker' Landreth, a teenager
arrested by the FBI (Page 18,60):
1. Never delete any information you can not easily restore.
2. Never leave any names on a computer.
3. Always try to obtain your own information.
The common denominator to these ethics systems are the respect for
technology, and the personal growth through free access and freedom of
information. Certainly the attitude towards private property is the same.
Accessing and using equipment that you do not own is okay as long as
you do not prevent those who own it from using it, or damage anything.
With respect to the hacker ethic the hackers mentioned in
_Cyberpunk: Outlaws and Hackers on the Computer Frontier_ by Katie
Hafner and John Markoff were in fact good hackers. If free access, and
free information were the law of the land would Kevin Mitnick have
gone to jail? I do not think so. Sure he got the source code for VMS,
but is there any evidence that he used this information for personal
gain, or did he simply use the information to improve his
understanding of the VMS operating system?
Robert T. Morris's worm program was a clever hack. Of course he
'gronked' it by programming the replication rate much too fast, but
still there is no evidence that he had any intention of doing harm to
the system. It was simply a computer experiment. Who owns the
Internet? Is it some mysterious 'them' or is it our net? If it is out
net, then we should be able to try some stuff on it, and to heck with
'them' if they can't take a joke.
Of course the German hackers are a different story. What they got
in trouble for was espionage, and not hacking, which is a breach of
faith, and is hacking for personal gain. However selling Minix to the
KGB almost makes it forgivable...
It is my contention that hackers did not change. Society changed,
and it changed for the worse. The environment the early hackers were
working in correctly viewed these activities as the desire to utilize
technology in a personal way. By definition hackers believe in the
free access to computers and to the freedom of information. If you do
not believe in these principles you are not a hacker, no matter how
technologically capable you are. You are probable just a tool for the
greed society. Current bad mouthing of hackers is simply snobbery.
Rather than cracking down on the modern hacker, we should reinforce
the hacker ethic, a code of conduct not based upon greed and lust for
the almighty dollar, but instead for personal growth through the free
access of computers and information, and a respect for technology.
It is the humane thing to do.
------------------------------
Date: Sun, 8 Mar 92 03:21 EST
From: "Michael E. Marotta" <MERCURY@LCC.EDU>
Subject: File 8--BBSes and Telco Rates
GRID News. ISSN 1054-9315. vol 3 nu 5 March 7, 1992.
World GRID Association, P. O. Box 15061, Lansing, MI 48901 USA
------------------------------------------------------------------
(54 lines) Say YES! to Business Rates
(C) 1992 by Michael E. Marotta
BBS sysops in Oregon are fighting a telco policy to charge busi-
ness rates for any phone with a fax or modem attached. BBS users
know of similar telco policies from Kansas City, New York,
Illinois, Indiana, Michigan and Texas over the last two years.
Actually, there are at least two ways to view the situation.
(1) THE HOME DATA CENTER In an information society, every home
must be an information center. We have telephones and televisions,
books, newspapers and magazines, computers, copiers, faxen, cable
TV, VCRs, camcorders and answering machines. There is a view,
wrongly held by sysops, that they "provide a service to many
users." EVERY BBS USER IS A SYSOP. Whether you go to them or they
go to you, data travels from home to home.
(2) THE HOME TREASURY In a commercial society every home
must be a business. We all buy and sell. Most of us buy and sell
labor. (Anyone can build a car; most people choose not to.) In
addition, people everywhere and Americans especially buy and sell
housewares, nutritional supplements, baseball cards, comic books,
automobiles and very many other goods. We routinely trade
childcare, bookkeeping and computer programming services. Your
checkbook is your general ledger.
In 1892, "no one" had an adding machine or typewriter in their
home. In 1942, dishwashers were found only in restaurants. Should
your phone rate depend on whether or not you have a dishwasher or
adding machine in your home? If yours should not, then why should
General Motors'?
Karl Marx's "Communist Manifesto" mandated public schools as a
prerequisite to socialism. It is no accident that schools
supported by tax dollars justify many marxist assertions. Among
these is the myth that "businesses" are "rich" and can afford
higher phone rates, while "workers" are "poor" and deserve a
subsidy for the "right" to a phone.
Another fallacy of marxism is that telephones are a "public
utility" that must be regulated or owned by the state.
Judging by other markets, if you let anyone become a phone company
you will find that those who use more service will pay more in
toto less per call. A user's or provider's race, sex, sources of
income, height or weight will be equally irrelevant. Those who
are good at providing information and carrier services will
prosper and the others will become telco hobbyists.
------------------------------
Date: Fri, 6 Mar 1992 19:55:42 GMT
From: NEELY_MP@DARWIN.NTU.EDU.AU(Mark P. Neely, Northern Territory
Subject: File 9--HACKING grounds for dismissal
A recent article in the _Solicitors Journal_ (Sept. 1991, p.1008-10)
posed the question as to whether the unauthorised access to a
Company's computer was grounds for dismissal of an employee. It was
written by Geoff Holgate, and the following is based on it.
The issue came before the court English Employment Appeals Tribunal
(EAT) and is reported in Denco Ltd. v. Joinson [1991] 1 Weekly Law
Reports 330.
The employee, Michael Joinson, worked as a sheet metal worker for
Denco Ltd. which manufactured air drying and air conditioning
equiptment. In 1988 Denco installed a computer which had a number of
VDU terminals attached to it. The computer was also used by another
company, Intek, which operated out of the same premises. Denco's
policy was to encourage its employees to use the terminal even though
their jobs didn't strictly require it.
The computer, via a series of menus, provided information relating to
the part-icular department within the company.
To gain access to a particular menu (or sub-menu) the user was
required to enter a user identity code and password. The password was
changed every week. The purpose of the passworded system was that the
information was provided on a 'need to know' basis, and only those
authorised to access a particular menu were entitled to use it.
The system's history file (which recorded every stroke entered on
every terminal on the system) revealed an unauthorised access to
certain of Intek's records on the system. This access was traced to
Joinson (who admitted the unauthorised access). He had used the
password of the daughter of a fellow employee who was an Intek
trainee.
Joinson was a member of the Amalgamated Engineering Union. Indeed, he
was chairperson of a joint committee representing the AEU and other
unions.
Denco alleged that Joinson had used the identity code and password to
obtain information which would be of use to him in his trade union
activities, such use being hostile to the company. Joinson claimed
that his access to the unauthorised information was accidental.
He was summarily dismissed for gross misconduct. Joinson complained he
had been unfairly dismissed.
The Employment Appeal Tribunal (hearing an appeal by Denco against an
industrial tribunal which found in favour of Joinson) held that
"if an employee deliberately used an unauthorised password in order
to enter, or attempt to enter, a computer known to obtain information
to which he was not entitled, then that of itself was gross misconduct
which prima facie would attract summary dismissal..."
[quote from article, p.1009, not judgement]
However the EAT then went on to limit their decision by emphaising that
"there may be some exceptional circumstances in which such a response
might be held ule".
[quote from case in article, p.1009]
The tribunal reasoned that as maintenance of the integrity of
information stored on an employer's computer was important, it was in
the best interests of management to make it "abundantly clear" that
interference with its integrity would result in severe penalty.
Any comments from the floor?
------------------------------
Date: Tue, 3 Mar 92 02:49:54 MST
From: mbarry@ISIS.CS.DU.EDU.CS.DU.EDU(Marshall Barry)
Subject: File 10--Updated Info on 2nd Annual Int'l BBSing & Elec. Comm Conf.
FOR IMMEDIATE RELEASE
Contact: Terry Travis or Michelle Weisblat
IBECC
A Non-Profit Educational, Literary, and Scientific Society
P.O. Box 486
Louisville, CO 80027-0486
Presents
The 1992 International BBSing and Electronic Communications Conference
(303) 426-1847 [VOICE]
(303) 429-0449 [Fax]
(303) 426-1866 [DATA/BBS]
E-Mail: IBECC@f69.n104.z1.FidoNet.Org
What is IBECC '92?
------------------
IBECC '92 is the SECOND ANNUAL International BBSing and Electronic
Communications Conference.
It will be held AUGUST 13-16, 1992 in Denver, Colorado. This year's
theme is "Socially Responsible Computing."
--------------
Special Guests
--------------
DR. JERRY POURNELLE, Ph.D. - Computer Columnist and Editor (Byte),
Author (Science Fact and Fiction), Lecturer, Consultant on the Impact
of High Technology on Society, Chairman of the Citizen's Advisory
Council on National Space Policy, and Outspoken Social Critic -
Speaking on "Socially Responsible Computing", the future of
communications and technology in an electronic world, as well as his
own views on the society of tomorrow.
LARRY NIVEN - Futurist, Hugo Award-Winning Author, Designer of Worlds,
Supporter of Space Conquest - Speaking on the future of networks as
personal interfaces, reality overtaking fantasy, and living with
computers when you really don't want to.
DAVID HUGHES, SR. - Architect of Big Sky Telegraph (the Montana
Electronic School House), Consultant, Mover and Shaker, President of
Old Colorado City Communications, U.S. Military (ret) - Speaking on
NREN, the SuperComputer Highway, and education through computers and
networking.
Attending IBECC '92
-------------------
IBECC '92 is an intensive THREE-DAY conference. Sessions planned
include: "Introduction to BBSing" (What is a BBS, and How Do I Use
It?), "BBSes and the Law" (The Legal Rights and Responsibilities of
BBS Operators and Users), "Safe Computing" (The Detection and
Prevention of Computer Infection), "Rumor Control 1992" (Knowing the
Difference Between Fact and Fiction, and Taking Action Where Needed),
"Why Kelly CAN Read" (An Exploration into Education and the Computer),
"NREN" (The National SuperComputer Highway and How it Will Affect Us
All), "Staying Alive" (BBSing, Electronic Communication and the
Homebound / Physically Challenged), and "Security? What's That?" (The
What, Why, and How of Keeping Your Data and Information Safe).
Should you attend? If you have an interest in electronic
communications, bulletin boards, telecommuting, security or safe
computing, yes. If you would like to understand what a "hacker" is,
and is not, and what you can do to protect your electronic privacy,
yes. If your children make more use of your modem or computer than you
do, yes. In fact, unless you have absolutely no interest in using
your computer for interacting with the world, you should be there!
So that the conference will retain its personal and informal
atmosphere, attendance at IBECC '92 is strictly limited.
What Is IBECC?
--------------
IBECC is a Non-Profit Educational, Scientific, Literary and Charitable
Society (IRS 501(c)(3) applied for). Incorporated in Colorado,
IBECC's purposes include the promotion of national and international
electronic communications, the advancement of telecommunications and
teleconferencing, the improvement of communications between electronic
networks, education in the uses, requirements, and security of online
services, and general support of the electronic community.
A non-profit organization, IBECC is much MORE than just another `trade
show' -- it is a year-round clearing house for ideas, news, and
relevant information. IBECC represents the interests and concerns of
not only the professional, but the hobbyist and home user as well.
IBECC is primarily Volunteer-Run. Membership (currently $25.00/year
individual, $100.00/year corporate) pays for the IBECC Newsletter and
electronic Bulletin Board System (BBS), telephones, support and
information services, etc. - not salaries. The founders of IBECC, who
are all handicapped, are extensively involved in computer networks and
electronic communications, and also run several BBSes in the Denver
area.
----------------------------------------
IBECC '92 Membership & Hotel Information
----------------------------------------
(All Rates are in U.S. Dollars)
VIP (Includes IBECC Membership and VIP Suite)
SPECIAL RATE THROUGH MARCH 8, 1992: $80.00
March 9, 1992 through June 15, 1992: $125.00
June 16, 1992 through July 31, 1992: $175.00
August 1, 1992 and at the door (if available): $200.00
Spouse/Significant Other, with VIP Member: $9.69
Children (Under 14), with VIP Member: FREE
Call or Write for Other Rates
(Conference Only, Handicapped, etc)
Conference Location
-------------------
The conference will be held in the SAME HOTEL AS LAST YEAR:
Sheraton Denver West Hotel & Convention Center
360 Union Boulevard, Lakewood, CO 80228
(800) LAKEWOOD or (303) 987-2000
Rates
-----
$62.00 (+ tax) Single or Double
Please Mention IBECC for this DISCOUNTED RATE!
Special Rates on Hospitality and Sleeping Suites
may be Arranged through IBECC
----------------------------------
VENDORS, DEALERS, and DISTRIBUTORS
----------------------------------
Dealer and Vendor Booths and Tables Available
at VERY Competitive Rates
Please Call or Write for Information and Rates
IBECC - Now, More than Ever, Your Connection to the WORLD!
IBECC BBS: (303) 426-1866 (3/12/24/96/14.4 v.32bis/v.42/HST)
IBECC VOICE INFORMATION: (303) 426-1847 (Mon-Sat, 9AM-7PM, MST)
IBECC Mailing Address: P.O. Box 486, Louisville, CO 80027-0486
------------------------------
End of Computer Underground Digest #4.11
************************************
Computer underground Digest Fri, Mar 13, 1992 Volume 4 : Issue 11
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Associate Editor: Etaion Shrdlu
CONTENTS, #4.12 (Mar 13, 1992)
File 1--Correction on THE WELL Access
File 2--Readers Reply: "Bury Usenet" (CuD, #4.09)
File 3--Readers Reply: Sidetracked--Yet Another Usenet Problem (4.09)
File 4--CUD Archives Have Moved
File 5--The FBI initiative
File 6--Sun Devil FOIA Ruling (CPSR suit)
Issues of CuD can be found in the Usenet alt.society.cu-digest news
group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG,
and DL0 and DL12 of TELECOM, on Genie, on the PC-EXEC BBS at (414)
789-4210, and by anonymous ftp from ftp.cs.widener.edu (147.31.254.132),
chsun1.spc.uchicago.edu, and ftp.ee.mu.oz.au. To use the U. of
Chicago email server, send mail with the subject "help" (without the
quotes) to archive-server@chsun1.spc.uchicago.edu.
European distributor: ComNet in Luxembourg BBS (++352) 466893.
NOTE: THE WIDENER SITE IS TEMPORARILY RE-ORGANIZING AND IS CURRENTLY
DIFFICULT TO ACCESS. FTP-ERS SHOULD USE THE ALTERNATE FTP SITES UNTIL
FURTHER NOTICE.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Fri, 13 Mar 92 11:15:16 CST
From: Moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 1--Correction on THE WELL Access
We inadvertently reported in #4.11 that The Well (Whole Earth
'Lectronic Link) in Sausalito, Calif., was available through ftp.
This is not correct. The Well is accessible through TELNET
(192.132.30.2). We are told that it can also be reached through
well.sf.ca.us, although this address doesn't seem to work on some
systems.
It remains correct that The Well is perhaps the best system in the
country, if not the world. It is inexpensive, rich in diversity and
content, and intellectually stimulating. The voice phone for those
wanting more information: (415) 332-4335 (9 am to 5 pm PST).
------------------------------
Date: Wed, 11 Mar 92 11:38:55 PST
Subject: File 2--Readers Reply: "Bury Usenet" (CuD, #4.09)
From: Steve Elias <eli@CISCO.COM>
As the one who created alt.dcom.telecom after one of my
"disagreements" with Patrick regarding the telecom digest, I've got
three things to say:
1 -- Patrick decided not to post some articles I submitted, but mostly
those that had quotes from an anonymous source inside US Sprint.
Other articles i submitted, without anonymous sources, he did usually
post.
2 -- I also agree with nearly everything Steve Steinberg wrote in his
"Bury Usenet" article. I think usenet usually sucks wind, hence i
*usually* ;) decline to participate in the net. But don't allege that
the net should be completely "abolished" or "buried". I have mostly
"buried usenet" from my own point of view, because the benefits to me
are not worth any effort and time i might put into posting articles,
and the real-life penalties for stating controversial views can be
substantial.
3 -- gnu not usenet.
------------------------------
Date: Tue, 10 Mar 1992 23:46:05 GMT
From: tom_limoncelli@WARREN.MENTORG.COM(Tom Limoncelli)
Subject: File 3--Readers Reply: Sidetracked--Yet Another Usenet Problem (4.09)
One of the big problems I've always found with Usenet is the fact
that a good, productive discussion can be side tracked by any user
that wants to. Or, more usually, a person can unintentionally do so.
For example, the discussion of "Bury Usenet" has now been side-tracked
and is a debate over whether or not the Telcom Digest moderator is
biased.
For example, the countless discussions on many newsgroups where one or
two grammar (or spelling) queens will kill a productive thread by
pointing out typos.
[I'm trying not to add to the problem here, so let me bring it directly
back to "Bury Usenet"]
Solutions have been attempted: Moderated newsgroups, which many people
have problems with; and "experts only" newsgroup, which doesn't stop
people from asking how to delete a file called "-f" on a Unix system.
Neither works as well as some would wish.
The one solution that works is to avoid (uhhh, should I say "bury")
Usenet and use a standard mailing list. There are a few really high-
quality mailing lists out there that don't get advertised. One is
for system administrators that use NNTP, rather than users. It avoids
unwanted conversation because it's hidden from people that shouldn't
know about it. Another example is the problem that all of the activism
forums on the net are bombarded with pro/con arguments rather than
discussions that aid the activist's work itself. Recently there have
been two mailing lists created where the topic is not "Who's right?"
but "We're pooling resources, giving advice, and helping each other."
I hate to say it, but if the quality of either of those mailing lists
drops too much, I will create a new mailing list under a new and more
secret name and start over.
Given a topic you can create two forums. One talks about the topic,
one has a goal of achieving that topic. The problem with Usenet is
that all newsgroups are created to be the later, but turn into (or
users later assume it is) the former. The written proposal for
soc.motss dictates that it is for gay, lesbian and bisexual Usenet
members to discuss gay, lesbian and bisexual life AND it explicitly
prohibits discussions about if homosexuality/bisexuality is right or
wrong. Amazingly enough, homophobes post enough messages each day to
make the newsgroup useless to many people.
Future directions:
Sometimes I think that I'd be willing to pay for a service where I could
explain my likes and dislikes and they would pre-scan netnews for me
and mark anything I would find interesting; I could skip all the rest.
This might be worth-while for certain ultra-high volume newsgroups.
Then I think that it might be better to pay some highly trained
individual to go through my newsfeed as it arrives and add a new
header to each message that would list five to a hundred and five
keywords from the official Library of Congress keywords list [i.e.
synonyms are removed; you don't look in the card catalog under "Movies",
you look under "Films"] so that a killfile would have a better fighting
chance.
Then I start to think about the first mailing list I was ever on. Our
VAX at school wasn't on any networks yet, but someone in a silly mood
created the "SMC" mailing list and started sending people joking
invitations saying that they were invited to her "Secret Mail Club."
Maybe the SMC was going in the right direction the whole time.
------------------------------
Date: Wed, 11 Mar 1992 22:08:07 -0500
From: Brendan Kehoe <brendan@EFF.ORG>
Subject: File 4--CUD Archives Have Moved
The Computer Underground Digest archives have moved! For a number of
reasons, including decreasing disk space, the archives at Widener have
found a new home at the Electronic Frontier Foundation.
Everything looks the same, and over a dozen new items are available,
including Phrack 37. FTP to ftp.eff.org (presently with the IP
address of 192.88.144.4, but keep in the habit of using the name), and
go to the directory pub/cud.
My thanks to the folks at the EFF for their aid & assistance.
A copy of the present Index appears below. Please send offers of
submissions (not the submissions themselves) to cudarch@eff.org.
Thanks,
Brendan
++
Computer Underground Digest Archives
====================================
Last updated: 03/11/92
To subscribe to the Computer Underground Digest, write to
TK0JUT2@NIU.BITNET. See the bottom of this file for information on
submitting to the archives.
The archives on ftp.eff.org are now the main CuD archives. Two
shadow sites are being maintained:
* chsun1.spc.uchicago.edu in the directory pub/cud
* ftp.ee.mu.oz.au in the directory pub/text/CuD
If you're in Australia please go to your nearby site. If you're in
Japan, England, or Germany, and would be willing to maintain a mirror
of these archives (~13Mb of space), please write cudarch@eff.org.
An email server is available at
archive-server@chsun1.spc.uchicago.edu.
See the file "uncompressing" for info on how to uncompress files with
a ".Z" extension.
File Description
---- -----------
alcor/* Files on the Alcor Cryonics email privacy suit.
ane/* Anarchy & Explosives Digest, #1-7.
ati/* The Activist Times Incorporated files, #1-57.
Files #4 and #9 are missing. [ They supposedly don't exist. ]
Contact gzero@tronsbox.xei.com for info on
future issues.
bootlegger/* Issues 6 and 7 of the Bootlegger misc. info collections.
ccc/* Stuff from titania.mathematik.uni-ulm.de:/info/CCC. See
the file LIES_MICH [README in German] for info on specific
files. Also included are things from the CCC Congress.
chalisti/* The Chalisti German Newsletter, #1-12,14-17. [ They're in
German. Some ambitious and talented linguicist care to
translate 'em? ]
cpi/* Corrupted Programming International Newsletter #1-2.
cud/* The Computer Underground Digest, #1.00 - 4.11.
Also: Indices to Volumes 1, 2 and 3; Niedorf Flash.
Contact tk0jut2@niu.bitnet for a subscription.
fbi/* Freaker's Bureau Inc newsletter, #1.1-1.2.
dfp/* Digital Free Press, #1.1-1.2.
inform/* Informatik #1-2.
law/<state> Current computer crime laws are online for:
AL, AK, AZ, CA, CO, CT, DE, FL, GA, HI, IA, ID, IL,
IN, MD, MN, NC, NJ, NM, NY, OR, TX, VT, VA, WA, WI,
and WV.
(Everyone [law students especially] is encouraged to send
along other statutes...we want to build this area up to
[hopefully] a full set.)
Still needed: AR, DC, KS, KY, ME, MI, MO, MS, MT, ND,
NH, NV, OK, RI, SC, SD, TN, UT, WY
law/<country> Current computer crime laws are online for:
The United States (federal code), Canada, Ghana, and
Great Britain.
law/bill.s.618 Senate bill 618, addressing registration of encryption keys
with the government.
law/hr3515 House of Rep bill 3515, Telecommunications Law
law/improve Improvement of Information Access bill
law/monitoring Senate bill 516; concerning abuses of electronic monitoring
in the workplace.
law/us.e-privacy
Title 18, relating to computer crime & email privacy.
law/scourt-bios Biographies of the Superme Court Justices.
lod/* The LOD/H Technical Journals, #1-4.
misc/anarch.man Manual of the Anarchist, volume 1.
misc/basic1.net Basic Networking (old Telenet lore)
misc/cdc-100.Z The "Cult of the Dead Cow", #100.
misc/china-2.3 CHiNA Educational InfoFile Series II, #3.
misc/codaphone Coda-Phones (about message-taking machines)
misc/codehack What to Look For in a Code Hacking Program
misc/cyberspace-1.1
The Cyberspace Chronicle
misc/defense Defense Data Network Blues by "Harry Hackalot"
misc/elektrix-001
ELEKTRIX Issue 1.
misc/fbi-1.1 The Freakers Bureau Incorporated newsletter. Vol 1 No 1.
misc/globe-1.x The Globe Trotter, issues 1.1-1.3.
misc/hnet.1 H-Net Digest, #1. (Started June 1990) (None since)
misc/hun-1.2 Hackers Unlimited Magazine, Vol 1 Issue 2.
misc/kcah.1,2 Kcah Vol 1-2.
misc/phreak1.bok
(Another) Phreaker's Handbook
misc/ppa.2 Phreakers/Hackers/Anarchists Newsletter Vol 1 #2.
misc/rrg.1 Rebels' Riting Guild #1.
misc/tph-1 The Phreaker's Handbook, #1.
misc/watch* See CuD 3.19 for more info.
narc/* The Nuclear Anarchists/Phreakers/Hackers Digest, #1-10.
networks/* Acceptable Use Policies for a number of networks.
See networks/Index for more information.
nfx/* The New Fone Express #1-3.
nia/* The Network Information Access Newsletter, #1-73.
Contact elisem@nuchat.sccsi.com for more information
about NIA.
nsa/* National Security Anarchists #1.1-1.4.
papers/baudy.world
Appears in F. Schmalleger's "Computers In Criminal Justice"
``The Baudy World of the Byte Bandit: A Postmodernist
Interpretation of the Computer Underground''
by Gordon Meyer and Jim Thomas
papers/bbs.and.the.law.Z
%%The Electronic Pamphlet--Computer Bulletin Boards and the Law
by Michael H. Riddle
papers/bbs.defamation
Defamation Liability of Computerized Bulletin Board
Operators and Problems of Proof
by John R. Kahn
papers/biblio A bibliography of CU-related news articles.
by Bob Krause
papers/candp "Story" of sorts describing a view on the world in which
we live.
``Crime and Puzzlement''
by John Barlow (an EFF founder)
papers/civil.disobedience
"Civil Disobedience" by Henry David Thoreau.
papers/closing.the.net
"Closing The Net" by Greg Costikyan. Reproduced from
_Reason_ magazine with permission.
papers/company-email
Formulating a Company Policy on Access to and Disclosure of
Electronic Mail on Company Computer Systems
by David R. Johnson and John Podesta for the
Electronic Mail Association
papers/computer.crime
Computer Crime: Current Practices, Problems and
Proposed Solutions
by Brian J. Peretti
papers/const.in.cyberspace
Laurence Tribe's keynote address at the first Conference
on Computers, Freedom, & Privacy. "The Constitution in
Cyberspace"
papers/crime.puzzle
The 2600 Magazine article about Crime & Puzzlement.
papers/cyberspace
Cyberspace and the Legal Matrix: Laws or Confusion?
by Lance Rose
papers/denning Paper presented to 13th Nat'l Comp Security Conf
``Concerning Hackers Who Break into Computer Systems''
by Dorothy E Denning.
papers/dennis.hayes
About Dennis Hayes' arrest & conviction for copyright
violation.
papers/ecpa.layman
The Electronic Communications Privacy Act of 1986: A Layman's
View
by Michael H. Riddle
papers/edwards_letter
A letter from the Director of the Secret Service to US
Rep. Don Edwards, D-California, in response to questions
raised by Edwards' Subcommittee. This copy came from
Computer Professionals for Social Responsibility in
Washington, D.C.
papers/electropolis
Electropolis: Communication & Community on Internet Relay Chat
by Elizabeth M. Reid
papers/fbi.systems
A description of how information's stored on the FBI's
computer systems.
papers/fyi.8 Network Working Group Site Security Handbook
papers/gao-report
US General Accounting Office report intended as a feeler
to see if future electronic releases are of interest.
papers/email_privacy
Article on the rights of email privacy.
by Ruel T. Hernandez
papers/intro Intro to the Computer Underground, by "The Bandit"
papers/len.rose A compilation of information on Len Rose's situation.
papers/len.rose.news
News articles on Len Rose.
papers/lod_ss.Z The Secret Service, UUCP, and the Legion of Doom
by Kevin Mullet
papers/memetics Memetics: The Nascent Science of Ideas and Their Transmission
by J. Peter Vajk
papers/meyer Masters Thesis:
The Social Organization of the Computer Underground
by Gordon Meyer
papers/morris.appeal
Robert Morris's appeal.
papers/netproposition
An FYI about the proposed NREN setup.
papers/privacy ``Computer Privacy vs First and Fourth Amendment Rights''
by Michael S. Borella
papers/riggs.brief
EFF Amicus Brief in the U.S. v. Riggs case challenging
computer-use prohibition in "hacker" defendant's sentencing
papers/riggs_comment.Z
United States v. Riggs: Jacking Into the Net With the
Illinois District Court
Article for the Rutgers Computer & Technology Law Journal,
by Jay Wood.
papers/rights-of-expr
Rights of Expression in Cyberspace
by R. E. Baird
papers/ripco-warrant
The search warrant for the Ripco BBS.
papers/rivera A transcript of Geraldo Rivera's ``Now It Can Be Told: Mad
Hackers' Key Party''.
papers/sj-resp Steve Jackson's response to the charges against him, denouncing
the government's actions.
papers/sundevil A collection of information on Operation SunDevil by
the Epic nonprofit publishing project. Everything you
wanted to know but could never find.
papers/sysops What Files are Legal for Distribution on a BBS?
by Bob Mahoney, sysop of Exec-PC
papers/theft.of.software
Article by William Cook, US Attorney in the Neidorf trial.
phantasy/* Phantasy Newsletter, Issues 1-7 (volumes 1 through 3).
phrack/* PHRACK Magazine, #1-37.
Also an Index to the Phracks.
Contact phracksub@stormking.com for information about future
issues.
phun/* PHun Magazine, #1-5.
pirate/* Pirate Magazine, #1-5.
ppp/* P... Phield Phreakers Newsletter #1.
schools/* The policies of a number of schools.
See schools/Index for a full list & description of these.
sulaw/* The law archives from Sydney University (sulaw.law.su.oz.au).
synd/* The Syndicate Reports, #1-17, 20. [ If you have #18-20, please
send them in! We can't find them. ]
tap/* The TAP Magazine Online, #1.
wview/* The World View, #1.5-1.10, 2.0-2.2.
Any requests for files to be added to the archives should be sent via
email to cudarch@eff.org, cudarch@chsun1.uchicago.edu,
cudarch@ee.mu.oz.au, or TK0JUT2@NIU.BITNET.
------------------------------
Date: Wed, 11 Mar 92 10:23:23 PDT
From: Mike Godwin <mnemonic@WELL.SF.CA.US>
Subject: File 5--The FBI initiative
102nd Congress
2nd Session
Amendment No.
Offered by M.
1. SEC. 1. FINDINGS AND PURPOSES
2. (a) The Congress finds:
3. (1) that telecommunications systems and networks are often
4 used in the furtherance of criminal activities including
5 organized crime, racketeering, extortion, kidnapping, espionage,
6 terrorism, and trafficking in illegal drugs; and
7 (2 ) that recent and continuing advances in
8 telecommunications technology, and the introduction of new
9 technologies and transmission modes by the telecommunications
10 industry, have made it increasingly difficult for government
11 agencies to implement lawful orders or authorizations to
12 intercept communications and thus threaten the ability of such
13 agencies effectively to enforce the laws and protect the national
14 security; and
15 (3) without the assistance and cooperation of providers of
16 electronic communication services and private branch exchange
17 operators, the introduction of new technologies and transmission
18 modes into telecommunications systems witout consideration and
19 accommodation of the need of government agencies lawfully to
20 intercept communications, would impede the ability of such
21 agencies effectively to carry out their responsibilities.
22
1 The purpose of this Act are:
2 (1) to clarify the duty of providers of electronic
3 communication services and private branch exchange operators to
4 provide such assistance as necessary to ensure the ability of
5 government agencies to implement lawful orders or authorizations
6 to intercept communications; and
7 (2) to ensure that the Federal Communications Commission,
8 in the setting of standards affecting providers of electronic
9 communication services or private branch exchange operators, will
10 accommodate the need of government agencies lawfully to intercept
11 communications.
12 SEC. 2. Title II of the Communications Act of 1934 is amended
13 by adding at the end thereof the following new sections:
14 "Sec__. GOVERNMENT REQUIREMENTS
15 "(a) The Federal Communications Commission shall,
16 within 120 days after enactment of this Act, issue such
17 regulations as are necessary to ensure that the government
18 can intercept communications when such interception is
19 otherwise lawfully authorized
20 "(b) The regulations issued by the commission shall:
21 "(1) establish standards and specifications for
22 telecommunications equipment and technology employed by
23 providers of electronic communication services or
24 private branch exchange operators as may be necessary
25 to maintain the ability of the government to lawfully
26 intercept communication
1 "(2) require that any telecommunications
2 equipment or technology which impedes the ability of
3 the government to lawfully intercept communications and
4 and which has been introduced into a telecommunications
5 system by providers of electronic communication
6 services or private branch exchange operators shall not
7 expanded so as to further impede such utility until
8 that telecommunications equipment or technology is
9 brought into compliance with the requirements set forth
10 in regulations issued by the Commission;
11 "(3) require that modifications which are
12 necessary to be made to existing telecommunications
13 equipment or technology to eliminate impediments to the
14 ability of the government to lawfully intercept
15 communications shall be implemented by such providers
16 of electronic communication services and private branch
17 exchange operators within 180 days of issuance of such
18 regulations; and
19 "(4) prohibit the use by electronic communication
20 service providers and private branch exchange operators
21 of any telecommunications equipment or technoloqy which
22 does not comply with the regulations issued under this
23 section after the 180th day following the issuance of
24 such regulations.
25 "(c) For the purposes of administering and enforcing
26 the provisions of this section and the regulations
1 prescribed hereunder, the Commission shall have the same
2 authority, power, and functions with respect to providers of
3 electronic communication services or private branch exchange
4 operators as the Commission has in administering and
5 enforcing the provisions of this title with respect to any
6 common carrier otherwise subject to Commission jurisdiction.
7 Any violation of this section by any provider of electronic
8 communication service or any private branch exchange
9 operator shall be subject to the same remedies, penalties,
10 and procedures as are applicable to a violation of this
11 chapter by a common carrier otherwise subject to Commission
12 jurisdiction, except as otherwise specified in subsection
13 (d).
14 "(d) In addition to any enforcement authorities vested
15 in the Commission under this title, the Attorney General may
16 apply to the appropriate United States District Court for a
17 restraining order or injunction against any provider of
18 electronic communication service or private branch exchange
19 operator based upon a failure to comply with the provisions
20 of this section or regulations prescribed hereunder.
21 "(e) Any person who willfully violates any provision
22 of the regulations issued by the Commission pursuant to
23 subjection (a) of this section shall be subject to a civil
24 penalty of $10,000 per day for each day in violation.
25 "(f) To the extent consistent with the setting or
26 implementation of just and reasonable rates, charges and
1 classifications, the Commission shall authorize the
2 compensation of any electronic communication service
3 providers or other entities whose rates or charges are
4 subject to its jurisdiction for the reasonable costs
5 associated with such modifications of existing
6 telecommunications equipment or technology, or with the
7 development or procurement, and the installation of such
8 telecommunications equipment or technology as is necessary
9 to carry out the purposes of this Act, through appropriate
10 adjustments to such rates and charges.
11 "(g) The Attorney General shall advise the Commission
12 within 30 days after the date of enactment of this Act, and
13 periodically thereafter, as necessary, of the specific needs
14 and performance requirements to ensure the continued ability
15 of the government to lawfully intercept communications
16 transmitted by or through the electronic communication
17 services and private branch exchanges introduced, operated,
18 sold or leased in the United States.
l9 "(h) Notwithstanding section 552b of Title 5, United
20 States Code or any other provision of law, the Attorney
21 General or his designee may direct that any Commission
22 proceeding concerning regulations, standards or
23 registrations issued or to be issued under the authority of
24 this section shall be closed to the public.
25 "(i) Definitions -- As used in this section --
1 "(l) 'provider of electronic communication
2 service' or 'private branch exchange operator' means
3 any service which provides to users thereof the ability
4 to send or receive wire, oral or electronic
5 communications, as those terms are defined in
6 subsections 2510(1) and 2510(12) of Title 18, United
7 States Code;
8 "(2) 'communication' means any wire or electronic
9 communication, as defined in subsection 2510(1) and
10 2510 (12), of Title 18, United States Code;
11 "(3) 'impede' means to prevent, hinder or impair
12 the government's ability to intercept a communication
13 in the same form as transmitted;
14 "(4) 'intercept' shall have the same meaning
l5 set forth in section 2510 (4) of Title 18, United States
16 Code;
17 "(5) 'government' means the Government of the
18 United States and any agency or instrumentality
19 thereof, any state or political subdivision thereof,
20 and the District of Columbia, and Commonwealth of Puerto
21 Rico; and
22 "(6) 'telecommunications equipment or technology'
23 means any equipment or technology, used or to be used
24 by any providers of electronic communication services
25 or private branch exchange operators, which is for the
1 transmission or recept of wire, oral or electronic
2 communications."
3 SEC 3. Section 510, Title V, P.L. 97-259 is amended deleting the
4 phrase "section 301 or 302a" and substituting the phrase "section
5 301, 302a, or ____.
DIGITAL TELEPHONY AMENDMENT
(report language)
Significant changes are being made in the systems by which
communications services are provided. Digital technologies,
fiber optics, and other telecommunications transmission
technologies are coming into widespread use. These changes
in communications systems and technologies make it increasingly
difficult for government agencies to implement lawful orders or
authorizations to intercept communications in order to enforce
the laws and protect the national security.
With the assistance of providers of electronic communication
services, these technological advances need not impede
the ability of government agencies to carry out their
responsibilities. This bill would direct the Federal
Communications Commission (FCC) to issue standards ensuring
that communications systems and service providers continue
to accommodate lawful government communications intercepts.
The regulations are not intended to cover federal government
communications systems. Procedure already exist by which
the Federal Bureau of Investigation amy obtain federal agency
cooperation in implementing lawful orders or authorizations
applicable to such systems. Further, there would be no
obligation on the part of the service providers or any other party
to ensure access to the plain text of encrypted or other encoded
material, but rather only to the communication in whatever form
it is transmitted. It is thus the intent and purpose of the
bill only to maintain the government's current communications
interception capability where properly ordered or authorized.
No expansion of that authority is sought.
ANALYSIS
Subsection 2(a) and (b) would require the Federal Communications
Commission (FCC) to issue any regulations deemed necessary to
ensure that telecommunications equipment and technology used
by providers of electronic communications services or private branch
exchange operators will permit the government to intercept
communications when such interception is lawfully authorized.
The regulations would also require that equipment or technologies
currently used by such providers or operators that impede this
ability until brought into compliance with the regulations.
Compliance with FCC regulations issued under this section would
be required within 180 days of their issuance.
Subsection 2(c) provides that the Commission's authority to
implement and enforce the provisions of this section are the same
as those it has with respect to common carriers subject to its
jurisdiction.
Subsection 2(d) would give the Attorney General the authority to
request injunctive relief against non-complying service providers
or private branch exchange operators.
Subsection 2(e) provides civil penalty authority for willful
violations of the regulations of up to $10,000 per day for each
violation.
Subsection 2(f) would permit the FCC to provide rate relief to
service providers subject to its rate-setting jurisdiction for
the costs associated with modifying equipment or technologies to
carry out the purposes of the bill.
Subsections 2(g), (h), and (i) require the Attorney General
to advise the Commission regarding the specific needs and
performance criteria required to maintain government intercept
capabilities, require the FCC to ensure that the standards and
specifications it promulgates may be implemented on a royalty-
free basis, and authorize the Attorney General to require that
particular Commission rulemaking proceedings to implement the Act
be closed to the public.
Subsection 2(j) provides definitions for key terms used in this
section.
------------------------------
Date: 12 Mar 92 22:28:35 EST
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 6--Sun Devil FOIA Ruling (CPSR suit)
U.S.. District Judge Thomas Hogan today upheld the decision of the
Secret Service to withhold from public disclosure search warrant
materials associated with the agency's controversial Operation Sun
Devil investigation. Ruling from the bench in a Freedom of
Information Act lawsuit filed in Washington by Computer Professionals
for Social Responsibility (CPSR), the judge accepted the government's
contention that release of the requested documents would interfere
with the Secret Service's ongoing investigation of alleged computer
crime.
CPSR had argued that disclosure of the documents -- search warrant
applications, executed warrants and inventories of seized property --
would not hamper legitimate law enforcement interests. The Sun Devil
raids were conducted in May 1990 in 13 cities across the country and
have not, to date, resulted in any indictments. Similar documents are
routinely available from judicial clerks' offices and are considered
to be public records.
While noting that the government has not alleged a conspiracy in the
Sun Devil investigation, the judge ruled that the requested documents,
when viewed in the aggregate, might reveal heretofore undisclosed
aspects of the investigation and hamper the government's efforts.
Such a "compilation" of information, according to the judge, would be
likely to interfere with the investigation -- the standard the
government must meet to justify the withholding of law enforcement
records under the FOIA.
CPSR plans to appeal the ruling to the U.S. Court of Appeals for the
District of Columbia.
David L. Sobel,
CPSR Legal Counsel
dsobel@washofc.cpsr.org
------------------------------
End of Computer Underground Digest #3.25
************************************
Computer underground Digest Tue Mar 17, 1992 Volume 4 : Issue 13
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Associate Editor: Etaion Shrdlu
CONTENTS, #4.13 (Mar 17, 1992)
File 1--Some questions for the more informed....
File 2--Letters from Prison-Len Rose's final installment
File 3--Standing Up to Stop the Bells
File 4--Whistleblowers computer bulletin board extremely successful
Issues of CuD can be found in the Usenet alt.society.cu-digest news
group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG,
and DL0 and DL12 of TELECOM, on Genie, on the PC-EXEC BBS at (414)
789-4210, and by anonymous ftp from ftp.eff.org (192.88.144.4),
chsun1.spc.uchicago.edu, and ftp.ee.mu.oz.au. To use the U. of
Chicago email server, send mail with the subject "help" (without the
quotes) to archive-server@chsun1.spc.uchicago.edu.
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Fri, 13 Mar 1992 17:31 EDT
From: "Led Go, You are hurding by node - The Elephants Child"@UNKNOWN.DOMAIN
Subject: File 1--Some questions for the more informed....
I've just finished reading Shockwave Rider, and am currently starting
to read Hackers. Does anyone have a single favorite reference, or
suggestion, I'm somewhat curious about the comment of borrowing from
the old hippies, in Shockwave Rider. There obviously may be some
socio-psychological type references that may be there somewhere. Does
anybody have any idea what Brunner was refering to there? It is an
obscure mention towards the very end of the book, where the discussion
of the far reaching web of the Precipice population, and its models
for survival. I myself, was growing up during the last years of the so
called hippie decade, so don't have much grasp on the time period.
Second:
After reading the rules of the Hacker Ethic, as outlined by Levy in
'Hackers', I have the following comment;
I agree that information should be freely available, but feel
somewhat that if I dig up the information, that anyone who wants it
from me should be willing to freely pay what I freely ask for in
exchange. They also have the right to not buy the information from me,
but to look for another broker. I also have that same right when I'm
looking for information. I'm strongly into capitolism, and thus am not
at all sure I like the Hacker Ethic as described by Levy about the
info should be free rule.
Replies, comments, accusations, etc. may be sent to
Atkinson@gems.vcu.edu.
------------------------------
Date: Wed Mar 4 18:17:21 1992
From: lenrose@ouddahere.com
Subject: File 2--Letters from Prison-Len Rose's final installment
((Moderators' note: Len Rose was incarcerated for unauthorized
possession of UNIX sourcecode, and has nearly completed his term in
federal prison in North Carolina. For those interested in the
background to this case, in which Len was considered by many to be a
victim of over-zealous prosecution and sentencing, a complete history,
including usenet posts, news articles, search and seizure warrant,
indictment, and other information is available in the Len.Rose file in
the CuD ftp archives. Len will return to Chicago on March 23, and
would appreciate any employment leads. Those wishing to contact him
may do so through CuD until he has a permanent address)).
++++++++++++
Greetings from Prison!
It has been a long time coming, but it looks like I will be leaving
here March 23, 1992. I never thought I would make it. I owe my survival
to a few people out there on the Net, and I will never forget what
they have done for me and my family. I have been able to keep myself
informed, reading CuD and occasional articles from the Net that have been
sent to me.
I am looking forward to working again, and perhaps with a lot of hard
work and diligence, I can once again own a home and work for myself. I
have been assigned to a halfway house in Chicago, and hope to obtain
some employment in the city (at least for 2 months). If I do not or
cannot otain work, they may not let me leave the halfway house on
weekends (to be with my family). So, if I have to, I will work at
McDonalds or clean floors.
I have no equipment left, so one of my first priorities will be
obtaining some. Hopefully, I will be able to purchase a used Unix
system and a decent modem. I will then be able to write code and work
on projects for clients. I have a lot to do and very little time to
accomplish it.
I also have much to be thankful for, and have a very good attitude
now. When I was going through the worst of it,I felt like it was
the end of the world, but now I know that it's only a temporary
setback. I have so much to be grateful for, and, thanks to the people
who have stood by me, I will be able to end up just as if it never
happened.
Nowadays, I am bouncing off the walls in anticipation of seeing my
wife and kids again. I haven't been able to see them while
incarcerated, because they couldn't afford to visit North Carolina
from Chicago, and I was never able to obtain a transfer to a closer
prison. However, I guess it will make the reunion that much sweeter.
Anyone who says that absence makes the heart row fonder is crazy. It
is the worst torture that can be conceived.
My leg has mended well enough to permit me to work at just about
anything. I usually walk 3 to 4 miles a day here trying to strengthen
it. Although I have nothing else to do but read and perhaps tutor
people who cannot read, I have managed to pass the time. That has been
my worst enemy here lately--boredom. Loneliness for the people I love
has been a major enemy from the beginning.
I hope to obtain an account on a system that is on the Internet so I
can re-establish some contacts. Once I am able to buy some used Unix
equipment, I will re-establish netsys.com and become a network site
again. I have so many things to do.
Obviously my family will be my primary concern. They are currently
receiving some public assistance, and let me tell you, no one can
survive on welfare. If not for a few people who cared, they would be
living on the street. I am no longer bitter. I have learned that there
are some decent folk who care, and all of ou who've helped me are
really something special. I just wanted you to know that. Most of you
read CuD, so if I never have the chance to speak to you, please
consider this a sincere thank you for what you've done.
Let's hear it for 1992. I have been dreaming of this moment for so
long, and I am anxious to begin my life again. Although I have two
months in a halfway house and then a three year probation to get
through, I know that I will be unstoppable. If I am left alone, and
am able to show the powers-that-be that I only wish to live my life, I
now that I will again be a success. Family and happiness are the only
things that matter. (And Unix too ((sigh)).
Well, if anyone has a job that I can do, I'd be very grateful. I like
to work hard and will do it right. I have a lot of catching up to do,
but feel sure that I can do so in a prompt manner.
Oh well. I have rambled enough. I look forward to meeting you all
again on the Net. Who knows? Maybe I will become famous for something
other than this....I certainly hope so.
Len Rose
------------------------------
Date: Fri, 13 Mar 1992 13:31:44 -0500
From: Craig Neidorf <kl@stormking.com>
Subject: File 3--Standing Up to Stop the Bells
Did you hear about 1-800-54-Privacy? Did you decide to call? I did
and the following is the information I received a few weeks later. It
outlines some of the serious ramifications of what is going to happen
if we do not actively support Congressional bills S 2112 and HR 3515.
The information comes from the American Newspaper Publisher's
Association (ANPA). Keep in mind, they have a vested financial
interest in information services as do many others, and in many ways,
the newspaper industry can be and has been just as dishonest and
deceptive as the Regional Bell Operating Companies. However, in this
particular situation, the ANPA has the right idea and does a pretty
good job in explaining why we need to act now and act fast.
You know who I am, and what I've been through. My experiences have
given me a unique perspective and insight into the methods and goals
of the Regional Bell Operating Companies. They are inherently
deceptive and if given even the slightest chance, they will screw the
consumer and engage in anti-competitive market practices.
Additionally, their tactics threaten our personal privacy as well.
The RBOCs must be stopped before its too late.
Craig Neidorf
kl@stormking.com
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
1-800-54-Privacy
444 N. Michigan Avenue
Suite 900
Chicago, Illinois 60611
February 14, 1992
Dear Consumer:
If you're like many people, you may have been hesitant about leaving
your name and address on our 1-800-54-PRIVACY phone line.
Why?
Quite simply, no one wants to give out information about themselves
without knowing exactly how that information is going to be used.
But the truth is, you reveal information about yourself EACH AND EVERY
TIME YOU PICK UP THE PHONE. By tracking who you call, how often you
call and how long each conversation lasts, the seven regional Bell
telephone companies have the capability to learn and know more about
you than even the IRS.
In fact, with modern computer technology, there is practically no
limit to what the Bells can learn about your personal life every time
you pick up the phone. And there is virtually no limit -- only one's
imagination -- to the ways they can take advantage of all the
information they glean.
Of course its one thing to have the capability to do this snooping.
It's another thing to have the incentive to actually do it.
Until October 7, 1991, the incentive just didn't exist for the Bells.
Prior to this date, the vast electronic networks of the Bell
monopolies were just neutral carriers of phone messages, data, and
other companies' fax, audiotex, and videotex services.
For example, when you last called a 1-900 or 1-800 line to get the
latest stock quotes, sports scores, or headlines, your local phone
company served simply as the pipeline for moving the billions of
electrons in your call. The company that provided you with the
information over the phone line was not -- and by law, could not be --
the phone company.
And that's the way things had been since 1984, when U.S. District
Court Judge Harold Greene issued his now-famous decree breaking up the
AT&T monopoly and spinning off control of local phone service to seven
regional Bell companies.
In the decree, the Court expressly prohibited the individual Bells
from entering three businesses -- cable TV, telephone manufacturing,
and electronic information services.
Why?
After presiding over the lengthy AT&T anti-trust case and being
exposed to hundreds upon hundreds of monopolistic abuses by AT&T,
Judge Greene's Court was firmly convinced that, if allowed to enter
any of these three current areas, the Bells would undoubtedly engage
in the same monopolistic behavior that characterized their former
parent.
In other words, while cutting off the hydra-like AT&T head, Judge
Greene was fearful that, given too much leeway, AT&T's seven so-called
"Baby Bell" off-spring might become equal or worse monsters
themselves.
>From day one, however, the Bells undertook a long-term, multi-million
dollar lobbying campaign to fight Judge Greene's ruling and try to
convince the Justice Department, the higher courts, and even the U.S.
Congress that they should be permitted to enter the content end of the
information service business.
And, so, on October 7, 1991, after years of heavy lobbying, a higher
court came through for the Bells and practically ordered Judge Greene
to overturn his 1984 decree and open up the information services
industry to the Bells.
In the 71-page ruling, a very reluctant Judge Greene devoted
two-thirds of his decision to explaining why allowing the Bells to
sell information services was bad for consumers and bad for America.
For example, he went to great length to discount the Bells' claim
that, once given the green light, they would be better able to serve
the public than the thousands of already existing electronic
information services. To quote from his decision.
"In the first place, the contention that it will take the
Regional Companies (the Bells) to provide better information
services to the American public can only be described as
preposterous."
Judge Green also wrote:
"Moreover, the Court considers the claim that the Regional
Companies' entry into information services would usher in an era
of sophisticated information services available to all as so much
hype."
His decision also contains a warning regarding the prices consumers will be
forced to pay for Bell-provided services:
"The Regional Companies would be able to raise price by increasing
their competitors' costs, and they could raise such costs by virtue
of the dependence of their rivals' information services on local
network access."
Finally, here's what Judge Greene had to say about his court's
decision and the public good:
"Were the Court free to exercise its own judgment, it would
conclude without hesitation that removal of the information
services restriction is incompatible with the decree and the
public interest."
If Judge Greene's warnings as well as his profound reluctance to issue
this ruling scare you, they should.
That's because the newly freed Bells now have the incentive, which
they never had before, to engage in the anti-competitive,
anti-consumer practices that Judge Greene feared.
Besides using your calling records to sell you information services
they think you're predisposed to buy, the Bell's may well try to
auction off your phone records to the highest bidder.
As a result, anyone who ever uses a phone could well be a potential
victim of the Bell's abuse.
Consider the simple act of making a telephone call to an auto repair
shop to schedule body work or a tune-up. By knowing that you made
that call, your phone company might conclude that you're in the market
for a new car and sell your name to local car dealers.
Another example. Think about calling a real estate broker for
information on mortgage rates. Knowing you must be in the market for
a house, the Bells could sell your name to other brokers. Or they
could try to sell you their own electronic mortgage rate service.
Now let's say you and your spouse are having some problems and one of
you calls a marriage counselor. Tipped off by information purchased
from the phone company, a divorce lawyer shows up on your doorstep the
next morning.
Finally, think about calling your favorite weather service hotline --
a competitor to the weather service operated by your local phone
company. By keeping track of people who use its competitor's service,
the phone company might just try to get you to buy its weather service
instead.
Far-fetched? Not at all.
Nefarious? You bet.
That doesn't mean that, starting tomorrow, your phone company is going
to start tracking who you call, how long your calls last, and who
calls you. However, they could do it if that wanted to. And, based
on past experience, some of them probably will do so at one point or
another.
That's because the protest of gaining an unfair edge over the
competition --companies that have no choice but to depend upon the
Bells wires -- is just too tantalizing a temptation for the Bells to
ignore.
As you might expect, the Bells claim that these fears are totally
unfounded and that strict regulations are in place to prevent them
from abusing your telephone privacy.
However, there simply aren't enough regulators in the world to control
the monopolistic tendencies and practices of the Bells. Every single
one of the seven Bells has already abused its position as a regulated
monopoly. There is no reason to believe they won't in the future.
For example, the Georgia Public Service Commission recently found that
BellSouth had abused its monopoly position in promoting its MemoryCall
voice mail system. Apparently, operators would try to sell MemoryCall
when customers called to arrange for hook-up to competitors'
voice-mail services. Likewise, while on service calls, BellSouth
repair personnel would try to sell MemoryCall to people using
competitors' systems. BellSouth even used competitors' orders for
network features as sales leads to steal customers.
In February 1991, US West admitted it had violated the law by
providing prohibited information services, by designing and selling
telecommunications equipment and by discriminating against a
competitor. The Justice Department imposed a $10 million fine -- 10
times larger than the largest fine imposed in any previous anti-trust
division contempt case.
In February 1990, the Federal Communications Commission found that one
of Nynex's subsidiaries systematically overcharged another Nynex
company $118 million for goods and services and passed that extra cost
on to ratepayers.
The abuses go on and on.
In this brave new world, however, it's just not consumers who will
suffer. Besides invading your privacy, the Bells could abuse their
position as monopolies to destroy the wide range of useful information
services already available
Right now, there are some 12,000 information services providing
valuable news, information, and entertainment to millions of
consumers. Every one of these services depends on lines owned and
controlled by Bell monopolies.
This makes fair competition with the Bells impossible.
It would be like saying that Domino's Pizzas could only be delivered
by Pizza Hut.
It would be like asking a rival to deliver a love note to your
sweetheart.
It would be a disaster.
If the Bells aren't stopped, they will make it difficult -- if not
impossible -- for competitors to use Bell wires to enter your home.
They could deny competitors the latest technological advances and
delay the introduction of new features. They could even undercut
competitor's prices by inflating local phone bills to finance the cost
of their own new information services.
In the end, the Bells could drive other information services out of
business, thereby dictating every bit of information you receive and
depriving the American public out of the diversity of information
sources it deserves and that our form of government demands.
Can something be done to stop the Bells?
Yes, absolutely.
You can take several immediate steps to register your views on this
issue. Those steps are described in the attached "Action Guidelines"
sheet. Please act right away.
In the meantime on behalf of our growing coalition of consumer groups,
information services providers, and newspapers, thank you for your
interest in
this important issue.
Sincerely,
Cathleen Black
President and Chief Executive Officer
American Newspaper Publishers Association
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ACTION GUIDELINES
Something is very wrong when a monopoly is put into the position where
it can abuse your privacy, drive competitors from the market, and even
force you, the captive telephone ratepayer, to subsidize the costs of
new information services ventures.
Can something be done to stop this potential abuse?
Absolutely.
WHAT YOU CAN DO. The first step is to call or write your local
telephone company to assert your right to privacy.
The second step is to write your U.S. Representative and U.S. Senators
and urge them to support House bill 3515 and Senate bill 2112.
Since the purpose of both HR 3515 and S 2112 is to prevent the Bells
from abusing their monopoly position, not to prevent legitimate
competition, the Bells would be free to sell information services in
any area of the country where they do not have a monopoly -- in other
words, 6/7 of the country.
However, the bills would delay entry of the Bell companies into the
information services industry in their own regions until they no
longer held a monopoly over local phone service. As soon as consumers
were offered a real choice in local phone service -- whether it be
cellular phones, satellite communications, or other new technology --
the Bells would be free to offer any information services they wanted.
Both bills are fair to everyone. They protect consumer privacy and
ensure that the thriving information services industry will remain
competitive.
Quick action is need to pass these bills. A hand-written letter
stating your views is the most effective way of reaching elected
officials. It is proof positive that you are deeply concerned about
the issue.
POINTS TO MAKE IN YOUR LETTER
You may wish to use some or all of the following points:
A phone call should be a personal and private thing -- not a
sales marketing tool for the phone company.
The Bells should not be allowed to take unfair advantage of
information they can obtain about you by virtue of owning and
controlling the wires that come into homes.
The Bells must not be allowed to abuse their position as
monopolies to drive existing information services out of
business.
The Bells should not be permitted to engage in activities that
would deprive Americans of the information diversity they deserve
and that our form of government demands.
The Bells should not be permitted to finance information services
ventures by inflating the phone bills of captive telephone
ratepayers.
AFTER YOU'VE WRITTEN YOUR LETTER
After you've written your letter or made your phone call, please send
us a letter and tell us. By sending us your name and address, you'll
receive occasional updates on the massive effort underway to prevent
the Bells from invading your privacy and turning into the monopolistic
monsters that Judge Greene warned about.
There's one more thing you can do. Please ask your friends,
relatives, neighbors, and co-workers to urge their U.S.
Representatives and Senators to support HR 3515 and S 2112. We need
everyone's help if we're going to stop the Bells.
1-800-54-PRIVACY
444 N. Michigan Avenue
Suite #900
Chicago, Illinois 60611
------------------------------
Date: Fri, 6 Mar 92 15:29 GMT
From: Jean-Bernard Condat <0005013469@MCIMAIL.COM>
Subject: File 4--Whistleblowers computer bulletin board extremely successful
Whistleblowers computer bulletin board extremely successful
Whistle-blowers may now anonymously report government fraud, waste,
and abuse via computer to the House Government Operations subcommittee
on Government Information, Justice, and Agriculture. The number for
the computer system, which will accept files and messages, is (202)
225-5527. Aliases are permitted.
The Truelson' PhD published in 1986, draws upon the theoretical
framework of systemic corruption--an organized conspiracy to suppress
revelation of corrupt practices--to propose a retaliation model to
account for organizational retaliation against whistleblowers with
legitimate protests. This study is one basis of this uncredible
bulletin board.
House Government Information Subcommittee's whistleblower computer
BBS has been "tremendously successful" and has generated about "50
substantive leads" in its two months of operation, Subcommittee Chief
Counsel Robert Gellman said. Board has received 700-800 calls, many
from curious browsers who want to see what's available and others who
want to discuss policy
matters.
But Gellman said board was designed solely to allow whistle-blowers to
post private notes to alert Subcommittee to instances of waste, fraud and
abuse, so there isn't much for anyone else to see. There are no files
available to download or bulletin to read, as there are on most bulletin
boards. Gellman said message senders often don't use their real names,
and Subcommittee staff has used electronic mail feature to send message
back asking for more information.
REFERENCES
1. Food Chemical News, December 16, 1991, ISSN 0015-6337;
2. Judith Anne Truelson, "Blowing the Whistle on systemic Corruption,"
University of Southern California (Los Angeles, CA), 1986;
3. Communications Daily, February 13, 1992, ISSN 0277-0679.
++++ (A SAMPLE) ++++
ON-LINE SEARCHING
Welcome to
THE FEDERAL WHISTLEBLOWER BBS
This bulletin board exists to help the United States Congress identify
waste, fraud, and abuse in the federal government. You are invited to
leave messages or upload files that relate to this purpose. There are no
public files or public messages on this board.
Your SYSOP is Congressman Bob Wise from West Virginia.
The CONTENTS of all communications are confidential and not accessible to
other users. However, the name you use to sign on may be visible to
other users. If this is a concern, please use a pseudonym to protect
your identity.
What is your FIRST name (pseudonyms okay)? JONES JOHN
Checking Users...
User not found
Are you 'JONES JOHN' ([Y],N)? Y
What is your STATE (any entry acceptable)? LYON IN FRANCE
Welcome to the FEDERAL WHISTLEBLOWER BULLETIN BOARD.
This Board is operated by an investigative subcommittee in the U.S. House
of Representatives.
Your SYSOP is Congressman Bob Wise from West Virginia.
GROUND RULES:
1. There are NO public files and NO public messages on this board.
If you are looking for downloads, games, etc., you won't find them here.
2. If you have a concern about protecting your identity, please use
a pseudonym. Because of software limitations, the name you use to sign
on with may become known to others. You may leave your real name in the
contents of a message, but this is not required. THE CONTENTS OF
MESSAGES CAN ONLY BE READ BY THE SYSOP. Messages cannot be read by any
other user. Use the Comment command to leave messages to the Sysop.
JONES JOHN from LYON IN FRANCE
C)hange FIRST name (pseudonyms okay)/LAST name (pseudonyms okay)/STATE (any
ent
ry acceptable), D)isconnect, [R]egister? R
Enter PASSWORD you'll use to logon again (dots echo)? ....
Re-Enter password for Verification (dots echo)? ....
Please REMEMBER your password
Welcome to RBBS-PC, Condat. You have 60 mins for this session.
Logging JONES JOHN
RBBS-PC 17.3C Node 1, operating at 1200 BAUD,N,8,1
+--------------------------------------------------+
| Welcome to the FEDERAL WHISTLEBLOWER BBS |
+--------------------------------------------------+
Your SYSOP is Congressman Bob Wise
BBS Phone: (202) 225-5527
REMINDERS:
1) Remember your password. If you forget it, you can't read
your mail and we can't contact you.
2) Use mixed case in messages. ALL UPPER CASE IS HARD TO READ.
3) If you upload a file, please leave a message so we know who
provided it. If you don't, the upload will not be acknowledged.
This is NOT a requirement. Anonymous uploads are acceptable.
4) Callers may be deleted after 30 days. If this happens to you,
just register again. It only takes a second.
Checking messages in MAIN..
Sorry, JONES, No NEW mail for you
RBBS-PC 17.3C Node 1
Caller # 1279 # active msgs: 74 Next msg # 539
------*>>> RBBS-PC MAIN MENU <<<*------
----- MAIL ---------- SYSTEM ---------- UTILITIES ------ ELSEWHERE ---
[R]ead Mail to Me [B]ulletins [H]elp (or ?) [F]iles
[C]omment to SYSOP [I]nitial Welcome [X]pert on/off [G]oodbye
[Q]uit
[U]tilities
*----------------------------------------------------------------
Current time: 09:38 AM Minutes remaining: 58 Security: 5
*----------------------------------------------------------------
MAIN: 58 min left
MAIN command <?,B,C,F,G,H,I,K,Q,R,U,X>? B
* Ctrl-K(^K) / ^X aborts. ^S suspends ^Q resumes *
======[ WHISTLEBLOWER BBS Bulletin Menu ]=======
Bulletin Description
*----- -------------------------------------
1 Description and Purpose of this Board
2 Upload and Download Policies (NO DOWNLOADS!)
3 Operating Policies
4 How to Blow the Whistle
Read what bulletin(s), L)ist, S)ince, N)ews ([ENTER] = none)? 3
* Ctrl-K(^K) / ^X aborts. ^S suspends ^Q resumes *
THE WHISTLEBLOWER BBS: OPERATING POLICIES
1. The highest priority on this bulletin board is protecting the
confidentiality of callers. A caller concerned about confidentiality
should use a pseudonym.
2. There is no Caller-ID service on the bulletin board's incoming
line. Incoming calls are not traced. Each caller must consider the
possibility that a call to this board is being recorded or traced at the
source of the call.
3. The Whistleblower BBS is operated by an investigative subcommittee
in the United States House of Representatives. The purpose of the board is
to assist the Congress in identifying waste, fraud, and abuse in federal
agencies, programs, contracts, and grants. No action will be taken on any
information that does not further this purpose.
4. A higher priority will be assigned to matters that involve large
amounts of federal funds or that affect health or safety. Other matters
may be pursued to the extent permitted by available resources.
5. We cannot provide any type of general assistance to callers. The
board should not be used for any political purpose or to lobby Congress on
legislative or policy matters.
6. Messages that relate to the purpose of the board will be
acknowledged. A caller who provides an investigative lead is encouraged to
call back in the event more information is required. Messages that do not
relate to the purpose of the board may not be acknowledged. Most messages
will be erased after they are read.
7. General information about investigations that result from
activities on the Whistleblower BBS may be made public, although no
information specifically identifying an individual caller will be released.
Publicity for the board will help to accomplish its purpose. However, a
caller will not necessarily be informed about the details of any
investigation that results from his or her message.
8. Information obtained on the Whistleblower BBS may be shared with
other congressional investigators, agency Inspectors General, and the
General Accounting Office (the audit arm of Congress). INFORMATION THAT
SPECIFICALLY IDENTIFIES CALLERS WILL NOT BE SHARED. Callers should
identify any special confidentiality concerns or expressly state if they
need to place any specific restrictions on the use of the information that
they provide. Information will not be shared if a caller specifically
requests.
9. Casual visitors to the board may be deleted from the user base at
any time. If you call a second time and find that you are not recognized,
just re-register. It only takes a few seconds. Users not engaged in
current discussions may also be deleted as a security precaution.
10. Text files may be uploaded, preferably in ASCII format. Word
Perfect format is a second choice. Files may be compressed using standard
compression programs. Files other than text files will be immediately
deleted.
11. If you attempt to use a common pseudonym (e.g., John Doe), you may
find that it is already in use. When you first enter a name not in use,
you will receive a message about the board. If you enter a name that is
known to the board, you will be asked for a password. If this happens, you
must hang up, call again, and use a different name. Anyone reading this
has already solved the problem. This paragraph is included as an
explanation.
* Ctrl-K(^K) / ^X aborts. ^S suspends ^Q resumes *
======[ WHISTLEBLOWER BBS Bulletin Menu ]=======
Bulletin Description
*----- -------------------------------------
1 Description and Purpose of this Board
2 Upload and Download Policies (NO DOWNLOADS!)
3 Operating Policies
4 How to Blow the Whistle
Read what bulletin(s), L)ist, S)ince, N)ews ([ENTER] = none)? 4
* Ctrl-K(^K) / ^X aborts. ^S suspends ^Q resumes *
THE WHISTLEBLOWER BBS
How to Blow the Whistle on Fraud, Waste, and Abuse
1. You do NOT have to give your name or identify yourself in any way.
But you should call again after you have left a message. Use the same name
you used the first time and see if there is an answer for you. Use the
READ MAIL TO ME command. This permits continuing communications so that we
can ask you for more information or clarification. Allow a few days for
your message to be read.
2. Remember that we are more interested in conduct involving
SIGNIFICANT amounts of federal funds or MAJOR instances of wrongdoing. We
have limited resources, and we are less likely to investigate minor
matters. When in doubt, we encourage you to report the matter and let us
decide.
3. Provide enough information so we can find and investigate the
objectionable activity. Whenever possible, tell us WHO, WHAT, WHERE, WHEN,
WHY, and HOW. Be as specific as possible.
4. WHO: Identify the agency, office, program, contract, or grant:
Vague: ABC Department
Okay: ABC Department, Z Bureau
Good: ABC Department, Z Bureau, Denver Office
Better: ABC Department, Z Bureau, Denver Office, Contract
Number 123-456 dated 2/1/89
5. WHAT: Describe the conduct:
Vague: Wasted Money
Okay: Bought unnecessary computers
Good: Bought 200 Personal Computers to use funds at the
end of the fiscal year
Better: John Smith authorized the purchase of 200 unneeded
PCs under contract 123-456 on 9/30/91 to avoid
returning excess funds to the Treasury
6. WHERE: State where the activity occurred:
Vague: Unnecessary travel
Okay: Trips to Los Angeles
Good: Trips from Headquarters to Los Angeles
Better: John Smith authorized travel for himself from
Chicago to Los Angeles every Friday before the
UCLA football team played a game at home so he
could watch the game
7. WHEN: Provide all relevant dates:
Vague: Last year
Okay: 1990
Good: Starting in May 1990
Better: Began on May 5, 1990, continued every other week
until December 14, 1991
8. WHY and HOW: Explain the conduct involved:
Vague: Broke the law
Okay: Did not follow procurement rules
Good: Failed to obtain sole-source contracting authority
Better: Procured 1000 buses from ABC Corp. under contract
number 123-456, on 5/1/90, under a sole source
contract that was not approved by the contracting
officer.
* Ctrl-K(^K) / ^X aborts. ^S suspends ^Q resumes *
======[ WHISTLEBLOWER BBS Bulletin Menu ]=======
Bulletin Description
*----- -------------------------------------
1 Description and Purpose of this Board
2 Upload and Download Policies (NO DOWNLOADS!)
3 Operating Policies
4 How to Blow the Whistle
Read what bulletin(s), L)ist, S)ince, N)ews ([ENTER] = none)?
------*>>> RBBS-PC MAIN MENU <<<*------
*-- MAIL ---------- SYSTEM ---------- UTILITIES ------ ELSEWHERE ---
[R]ead Mail to Me [B]ulletins [H]elp (or ?) [F]iles
[C]omment to SYSOP [I]nitial Welcome [X]pert on/off [G]oodbye
[Q]uit
[U]tilities
*------------------------------------------------------------------
Current time: 09:41 AM Minutes remaining: 55 Security: 5
*------------------------------------------------------------------
MAIN: 55 min left
MAIN command <?,B,C,F,G,H,I,K,Q,R,U,X>? C
Type comment 60 lines max (Press [ENTER] to quit)
[----------------------------------------------------------------------]
1: Hallo!
2: I am a French journalist and will be very please to receive a press
3: information on this curious BBS.
4: My e-mail address is MCI Mail #501-3469 or DialMail #24064
5: Don't hesitate to contact me.
6: Jean-Bernard Condat
7: CCCF, B.P. 8005, 69351 Lyon Cedex 08, France (Fax.: +33 1 47877070)
8:
A)bort, C)ontinue adding, D)elete lines, E)dit a line
I)nsert lines, L)ist, M)argin change, R)evise subj, S)ave msg, ?)help
Edit Sub-function <A,C,D,E,I,L,M,R,S,?>? s
Adding new msg # 539.
Receiver will be notified of new mail
------*>>> RBBS-PC MAIN MENU <<<*------
*-- MAIL ---------- SYSTEM ---------- UTILITIES ------ ELSEWHERE ---
[R]ead Mail to Me [B]ulletins [H]elp (or ?) [F]iles
[C]omment to SYSOP [I]nitial Welcome [X]pert on/off [G]oodbye
[Q]uit
[U]tilities
*----------------------------------------------------------------
Current time: 09:43 AM Minutes remaining: 53 Security: 5
*-----------------------------------------------------------------
MAIN: 53 min left
MAIN command <?,B,C,F,G,H,I,K,Q,R,U,X>? g
Log off (Y,[N])? y
Now: 03-06-1992 at 09:43:54
On for 7 mins, 5 secs
60 min left for next call today
JONES, Thanks and please call again!
------------------------------
End of Computer Underground Digest #4.13
************************************
Computer underground Digest Tue Mar 23, 1992 Volume 4 : Issue 14
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Associate Editor: Etaion Shrdlu
CONTENTS, #4.14 (Mar 23, 1992)
File 1--Alternative To The Well
File 2--Reader's Reply: Craig's Legal Fees
File 3--EFF Announces Pioneer Award Winners
File 4--Readers' Reply: "Bury Usenet?" (CuD #4.10)
File 5--More on the Internet Debate
File 6--Abstract: What Scholars Want & Need from Electronic Journals
File 7--Cyberspace Candidate for Congress
File 8--BloomBecker's Legal Guidelines at CV&SC Conference (reprint)
File 9--NASA hacker sentenced (Reprint from RISKS DIGEST #13.29)
Issues of CuD can be found in the Usenet alt.society.cu-digest news
group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG,
and DL0 and DL12 of TELECOM, on Genie, on the PC-EXEC BBS at (414)
789-4210, and by anonymous ftp from ftp.eff.org (192.88.144.4),
chsun1.spc.uchicago.edu, and ftp.ee.mu.oz.au. To use the U. of
Chicago email server, send mail with the subject "help" (without the
quotes) to archive-server@chsun1.spc.uchicago.edu.
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Tue, 17 Mar 92 13:23:31 EST
From: mpd@ANOMALY.SBS.COM(Michael P. Deignan)
Subject: File 1-- Alternative To The Well
There is another system on the internet - The InteleCom DataForum - at
192.67.241.11, which gives access to anyone for only $10 a month,
unlimited time. No flat-rate/hourly charge combo. Very affordable for
a college student who doesn't have USENET at his/her local school, or
needs an alternative login from a terminal server, etc.
------------------------------
Date: Sun, 22 Mar 1992 14:10:14 GMT
From: NEELY_MP@DARWIN.NTU.EDU.AU(Mark P. Neely, Northern Territory
Subject: File 2-- Craigs' legal fees
Keith Moore <moore@CS.UTK.EDU> writes:
>Also, why are we asked to send money directly to the law firm that
>defended Craig, and not to Craig himself?
I should imagine that this arrangement is set up (a) because it is
administratively convenient, and (b) so as to avoid the allegations
that Craig is feathering his own nest.
All monies received from, or on behalf of, clients must be placed into
that client's trust account. This is the account into which a lawyer
must place monies received in advance from his/her client for
safekeeping until a bill is rendered to the client. The purpose of
such an arrangement is so that the lawyer has some form of guarantee
that he will get paid (at least to the extent that he has money on
trust).
Secondly, if the money were to be sent directly to Craig, there would
no doubt be the cynical few who would raise (quite correctly I'd
imagine) the problem of how we can guarantee that _all_ the money
donated will be used for his trial defence.
I hope this clears up some of the mystery.
Mark Neely neely_mp@darwin.ntu.edu.au
PS-- I am in no way connected with Craig or his cause!
------------------------------
Date: Tue, 17 Mar 1992 11:04:45 -0500
From: Craig Neidorf <knight@EFF.ORG>
Subject: File 3-- EFF Announces Pioneer Award Winners
++++ Text of original message ++++
>Date: Mon, 16 Mar 1992 18:49:32 -0500
>To: eff-board, eff-staff
>From: van (Gerard Van der Leun)
>Subject: EFF Announces Pioneer Award Winners
>
>
>FOR IMMEDIATE RELEASE
>
>
>
>ENGELBART, KAHN, WARREN, JENNINGS AND SMERECZYNSKI
>NAMED AS FIRST WINNERS OF THE ELECTRONIC FRONTIER FOUNDATION'S PIONEER
>AWARDS
>
>Cambridge March 16,1992
>
>
>The Electronic Frontier Foundation (EFF) today announced the five
>winners of the first annual EFF Pioneer Awards for substantial
>contributions to the field of computer based communications. The
>winners are: Douglas C. Engelbart of Fremont, California; Robert Kahn of
>Reston, Virginia; Jim Warren of Woodside, California; Tom Jennings of
>San Francisco, California; and Andrzej Smereczynski of Warsaw, Poland.
>
>The winners will be presented with their awards at a ceremony open to
>the public this Thursday, March 19, at L'Enfant Plaza Hotel in
>Washington, DC, beginning at 5:15 PM. Most winners are expected to be
>present to accept the awards in person. The ceremony is part of this
>week's Second Conference on Computers, Freedom and Privacy that is
>taking place at L'Enfant Plaza Hotel in D.C.
>
>Mitchell Kapor, President of the EFF, said today that: "We've created
>the Pioneer Awards in order to recognize and honor individuals who have
>made ground-breaking contributions to the technology and culture of
>digital networks and communities."
>
>Nominations for the Pioneer Awards were carried out over national and
>international computer-communication systems from November, 1991 to
>February 1992. Several hundred nominations were received by the
>Electronic Frontier Foundation, and the final winners were selected by a
>panel of six judges.
>
>The criteria for the Pioneer Awards was that the person or organization
>nominated had to have made a substantial contribution to the health,
>growth, accessibility, or freedom of computer-based communications.
>
> The Pioneer Winners
>
>Douglas Engelbart is one of the original moving forces in the personal
>computer revolution who is responsible for many ubiquitous features of
>today's computers such as the mouse, the technique of windowing, display
>editing, hypermedia, groupware and many other inventions and
>innovations. He holds more than 20 patents and is widely-recognized in
>his field as one of our era's true visionaries.
>
>Robert Kahn was an early advocate and prime mover in the creation of
>ARPANET which was the precursor of today's Internet. Since the late 60's
>and early 70's Mr. Kahn has constantly promoted and tirelessly pursued
>innovation and heightened connectivity in the world's computer networks.
>
>Tom Jennings started the Fidonet international network. Today it is a
>linked network of amateur electronic bulletin board systems (BBSs) with
>more than 10,000 nodes worldwide and it is still growing. He contributed
>to the technical backbone of this system by writing the FIDO BBS program
>as well as to the culture of the net by pushing for development and
>expansion since the early days of BBSing. He is currently editor of
>FidoNews, the network's electronic newsletter.
>
>Jim Warren has been active in electronic networking for many years.
>Most recently he has organized the First Computers, Freedom and Privacy
>Conference, set-p the first online public dialogue link with the
>California legislature, and has been instrumental is assuring that
>rights common to older mediums and technologies are extended to computer
>networking.
>
>Andrzej Smereczynski is the Administrator of the PLEARN node of the
>Internet and responsible for the extension of the Internet into Poland
>and other east European countries. He is the person directly
>responsible for setting up the first connection to the West in post-
>Communist Middle Europe. A network "guru", Mr. Smereczynski has worked
>selflessly and tirelessly to extend the technology of networking as well
>as its implicit freedoms to Poland and neighboring countries.
>
>This year's judges for the Pioneer Awards were: Dave Farber of the
>University of Pennsylvania Computer Science Department; Howard
>Rheingold, editor of The Whole Earth Review; Vint Cerf, head of CNRI;
>Professor Dorothy Denning Chair of George Washington University's
>Computer Science Department; Esther Dyson, editor of Release 1.0, Steve
>Cisler of Apple Computer, and John Gilmore of Cygnus Support.
>
>For more information contact:
>Gerard Van der Leun
>Director of Communications
>Electronic Frontier Foundation
>155 Second Street
>Cambridge, MA 02141
>(617) 864-0665
>Internet: van@eff.org
>
>Gerard Van der Leun
>Communications Director EFF
>van@eff.org
------------------------------
Date: Fri, 13 Mar 92 16:51:24 EST
From: Wes Morgan <morgan@ENGR.UKY.EDU>
Subject: File 4-- Readers' Reply: "Bury Usenet?" (CuD #4.10)
(In response to "Bury Usenet," in CuD #4.10):
I would like to address a point which neither Steinberg nor Sanio
mentioned; the "variety" factor.
I certainly agree with Steinberg's implied position that television
is a vast wasteland. However, there are still many portions of the
television medium which provide useful, informative services. The
obvious example for US viewers is PBS, which consistently airs in-
tellectually stimulating and through-provoking programs. For those
of us served by cable television, the Discovery Channel, CNBC, C-SPAN,
and Lifetime Medical Television are additional examples of "quality TV",
in my opinion.
With Usenet, we can find parallels for both "Three's Company" and
the Discovery Channel. Can Steinberg deny the beneficial aspects of
newsgroups such as comp.sys.sun.*, comp.unix.admin, or comp.lang.c?
While there are certainly newsgroups which have degenerated into
digital shouting matches, there is still a wide variety of rational,
informative discussion in Usenet.
Steinberg mentions the lack of "collaboration" among Usenet participants.
As rebuttal to that statement, I offer the dozens of situations/problems
for which I have found solutions/resolutions via Usenet newsgroups. I
have been made aware of countless bugs, security holes, and "lurking"
problems through Usenet.
I've also participated in several beta tests of software through Usenet;
I've reviewed papers and policies, received bug reports on my own code,
and shared my own experiences with hundreds of Usenet readers.
>He describes USENET as
>"a noble but failed experiment" and suggests to abandon it and
>research other directions in order to improve communications and
>quality of life.
Is the television or print media in danger of abandonment? I don't
think so. It still serves a large group of people, whose needs and
wants lie in almost every part of the intellectual spectrum.
>Browsing may be hard in high-traffic boards, especially when the subject
>information is poor or dated during a longer-lasting discussion thread.
I'd point out that finding something decent on the television may be
equally difficult; the routine location of a "quality" program on the
radio is almost impossible. Of course, we all develop our own personal
"schedule" of quality television and radio programs; I'm sure that each
of us could easily rattle off the time slots of those programs which we
find appealing.
We may examine several copies of a given magazine, evaluating its
relevance to, and addressing of, our needs or preferences. If a
particular magazine doesn't appeal to us, we cancel that subscription
(or stop borrowing it from a library or friend). I'm sure that each
of us could easily rattle off the names of those magazines which we
find appealing.
An identical "scheduling" occurs among Usenet readers. As we participate
in Usenet, we naturally dismiss those newsgroups which we find unappealing;
the Usenet "subscription" mechanism implements this quite well. At one
time or another, I have read every newsgroup carried by my site; over the
years, that huge list has been "pared down" to those 250 newsgroups which
appeal to me. I would assume that every Usenet reader does the same; I
don't believe that anyone could read *every* newsgroup.
Given this personal "scheduling", what is the difference between Usenet and
any other medium?
>- "low bandwidth", meaning messages in 80-column ASCII opposed to multi-
> media communication
This is an almost necessary limitation of the medium. Sites participating
in Usenet run the gamut of computing systems; almost every type of computer
system is represented in Usenet. While there are Crays and Suns on the net,
there are also AT&T 3b1s, PCs, Macintoshes, Primes, and even (I believe) a
Tandy Color Computer or two. Many Usenet sites cannot support multimedia;
should those sites be excluded? Should Steinberg deprive himself of a sub-
stantial audience by submitting his articles in multimedia format?
>Steve's comments on poor mastership of written language sound a bit
>arrogant and elitist to me.
They certainly do. Does Steinberg wish to replace newsgroup moderators with
"grammar police"?
{sarcasm++;}
Shall we accept the _MLA Handbook_ as the sole authority for Usenet style?
Perhaps we should adopt "The Elements of Style" or the GPO Style Manual as
our Writs of Common Wisdom. As an alternative, we may simply require a cer-
tain score on the _Usenet Qualification Examination_. Of course, all pros-
pective Usenet articles must be properly justified and proofread.
{sarcasm--;}
Usenet works; it may have a few worn springs in its digital suspension,
and some of its passengers may be a bit rowdy, but it stills takes more
people from point A to point B than any current alternatives.
Moving on to Steinberg's comments on moderated newsgroups.......
>> However, there is the insidious danger of moderator bias.
Does the same danger exist in the television or print media?
Does the same danger exist when you submit a book to a publisher?
Does the same danger exist when you submit a paper to a journal?
This "insidious danger" (as Steinberg so hyperbolically phrases it) is
a natural, necessary part of the moderation/editing process. How can
it be a "danger" when all participants in the process know that certain
editorial standards are being applied?
Most newspapers reserve the right to edit Letters to the Editor; why
doesn't anyone complain about that? Newspapers do not print every
letter they receive; why don't we hear a great hue and cry about that
'bias'? I believe that this behavior continues, unassailed, because
all parties involved understand that it is part of the natural pro-
cess.
>> Whether Townsend actually censors messages he disagrees with is not
>> important.
Actually, Patrick is *incapable* of "censoring" messages with which he
disagrees. He may choose not to include your article in his digest;
that's his right/obligation as the editor/moderator. However, he is
NOT censoring you; you may still distribute that article far and wide,
through several different media. He has no means by which he can pre-
vent you from doing this. Therefore, he is not censoring you; he is
merely preventing you from using HIS service to disseminate your infor-
mation and/or opinions. This is NOT censorship; it is management. While
Random House may not accept your book for publication, do they prevent
you from securing the services of Bantam Books as your publisher? I don't
think so. Why, then, is Patrick's parallel action assailed as "censorship"?
>> The perception -- and the possibility -- are there.
That perception, and its related possibility, are present in every form
of mass media. That possibility applies to _Newsweek_, _Southern Living_,
_Byte_ and _The Edmonton Herald-News_ equally. How do you propose to
eliminate this possibility in every form of mass communication? More
importantly, why should an electronic journal be held to a different
standard than its hardcopy counterparts?
>>1: There is no danger because an alternate group with no moderator can
>>be easily formed.
>
>This is completely orthogonal to my article on USENET. Sure, we can
>start an alternate group, but this just brings us back the noise
>problem and we will be no closer to a more effective USENET.
Why is this orthogonal? You have now argued, in successive articles,
that both unmoderated and moderated newsgroups are inefficient; how,
then, shall we meet your goal of a clean, efficient electronic mass
medium?
>If a moderator can censor, and
>many people think he is, then the newsgroup is surely less trustworthy
>than an unmoderated one.
Let me ask you this: do you base your entire opinion on one source of
information? I read national, regional, and local newspapers; I have
found that each provides a different viewpoint on the same issues. In
Usenet, I read both info.academic-freedom and alt.comp.acad-freedom.talk;
I have found that each provides a different viewpoint on the same issues,
since one is moderated and the other is free of moderation.
>I merely used Townson's newsgroup because his moderation has become
>the most controversial. I don't think Townson would disagree with
>this. I certainly could have used CuD as my example, and pointed out
>that many people believe that the anti-hacker viewpoint is censored
>from the digest, but this perception is held by fewer people.
This perception may exist, but both mailing lists are experiencing
sustained growth. Could it be that people accept a certain bias or
influence in a given medium, just as we do with our daily newspaper
or television news broadcast?
------------------------------
Date: Sat, 21 Mar 92 00:14:54 CST
From: William Vajk (igloo) <learn@CS.UCHICAGO.EDU>
Subject: File 5-- More on the Internet Debate
The following article just appeared in comp.society. I feel it
represents, by its mere presence, the proper challenge to the Intertek
nonsense. The author, Steinberg, clearly sets out to stir debate, and
does that adequately, though I saw nothing which is not a compilation
restatement of discussions which have been on the net for years. The
article I read in CuD 4.09 falls short of being "professional" by that
mystical inch that's as good as a mile. I understand McMullen's
charitable review a kindness to help inspire a young man to continue
and therein to progress.
Collaborations on a professional level abound as a direct consequence
of usenet and the internet. There are many undocumented private
mailing lists serving scientific and technical interests.
Article follows:
======================================================================
From: harnad@Princeton.EDU (Stevan Harnad)
Newsgroups: comp.society
Subject: File 6-- Abstract: What Scholars Want & Need from Electronic Journals
Message-ID: <9203192256.AA06649@clarity.Princeton.EDU>
Date: 19 Mar 92 22:56:44 GMT
Sender: socicom@auvm.american.edu
Lines: 109
Abstract of paper to be presented at ASIS 1992 SESSIONS ON
"FULL-TEXT ELECTRONIC ACCESS TO PERIODICALS," sponsored by the
ASIS Special Interest Group on Library Automation and
Networking (SIG/LAN) and the Association of Research Libraries
(ARL) at the 55th ASIS Annual Meeting, Pittsburgh Hilton,
Pittsburgh, Pennsylvania, October 26-29, 1992. Session II.
Full-Text Electronic Access to Periodicals: Strategies for
Implementation
WHAT SCHOLARS WANT AND NEED FROM ELECTRONIC JOURNALS
Stevan Harnad
For scholars and scientists, paper is not an end but a means. It has
served us well for several millennia, but it would have been surprising
indeed if this man-made medium had turned out to be optimal for all
time. In reality, paper has always had one notable drawback. Although
it allowed us to encode, preserve and share ideas and findings
incomparably more effectively than we could ever have done orally, its
tempo was always lamentably slower than the oral interactions to which
the speed of thought seems organically adapted. Electronic journals
have now made it possible for scholarly publication to escape this
rate-limiting constraint of the paper medium, allowing scholarly
communication to become much more rapid, global and interactive than
ever before. It is important that we not allow the realization
of the new medium's revolutionary potential to be retarded by clinging
superstitiously to familiar but incidental features of the paper
medium.
It is also useful to remind ourselves now and again why scholars and
scientists do what they do, rather than going straight into the junk
bond market: They presumably want to contribute to mankind's cumulative
knowledge. They have to make a living too, of course, but if doing that
as comfortably and prosperously as possible were their primary motive
they could surely find better ways. Prestige no doubt matters too, but
here again there are less rigorous roads one might have taken than
that of learned inquiry. So scholars publish not primarily to pad
their CVs or to earn royalties on their words, but to inform their peers
of their findings, and to be informed by them in turn, in that
collaborative, interactive spiral whereby mankind's knowledge
increases. My own estimate is that the new medium has the potential to
extend individual scholars' intellectual life-lines (i.e., the
size of their lifelong contribution) by an order of magnitude.
What scholars accordingly need is electronic journals that provide:
(1) rapid, expert peer-review, (2) rapid copy-editing, proofing and
publication of accepted articles, (3) rapid, interactive, peer
commentary, and (4) a permanent, universally accessible, searchable and
retrievable electronic archive. Ideally, the true costs of providing
these services should be subsidized by Universities, Learned Societies,
Libraries and the Government, but if they must be passed on to the
"scholar-consumer," let us make sure that they are only the real costs,
and not further unnecessary ones arising from emulating inessential
features of the old medium. PSYCOLOQUY, an peer-reviewed electronic
journal sponsored by the American Psychological Association and
co-edited and archived at Princeton and Rutgers Universities, is
attempting to provide a model for future scholarly electronic
periodicals of this kind.
REFERENCES
Garfield, E. (1991) Electronic journals and skywriting: A complementary
medium for scientific communication? Current Contents 45: 9-11,
November 11 1991
Harnad, S. (1979) Creative disagreement. The Sciences 19: 18 - 20.
Harnad, S. (ed.) (1982) Peer commentary on peer review: A case study in
scientific quality control, New York: Cambridge University Press.
Harnad, S. (1984) Commentaries, opinions and the growth of scientific
knowledge. American Psychologist 39: 1497 - 1498.
Harnad, S. (1985) Rational disagreement in peer review. Science,
Technology and Human Values 10: 55 - 62.
Harnad, S. (1986) Policing the Paper Chase. (Review of S. Lock, A
difficult balance: Peer review in biomedical publication.)
Nature 322: 24 - 5.
Harnad, S. (1990) Scholarly Skywriting and the Prepublication Continuum
of Scientific Inquiry. Invited Commentary on: William Gardner: The
Electronic Archive: Scientific Publishing for the 90s Psychological
Science 1: 342 - 343 (reprinted in Current Contents 45: 9-13, November
11 1991).
Harnad, S. (1991) Post-Gutenberg Galaxy: The Fourth Revolution in the
Means of Production of Knowledge. Public-Access Computer Systems Review
2 (1): 39 - 53 (also reprinted in PACS Annual Review Volume 2
1992; and in R. D. Mason (ed.) Computer Conferencing: The Last Word. Beach
Holme Publishers, 1992; and in A. L. Okerson (ed.) Directory of
Electronic Journals, Newsletters, and Academic Discussion Lists, 2nd
edition. Washington, DC, Association of Research Libraries, Office of
Scientific & Academic Publishing, 1992).
Harnad, S. (1992) Interactive Publication: Extending the
American Physical Society's Discipline-Specific Model for Electronic
Publishing. Serials Review, Special Issue on Economics Models for
Electronic Publishing (in press)
Katz, W. (1991) The ten best magazines of 1990.
Library Journal 116: 48 - 51.
Mahoney, M.J. (1985) Open Exchange and Epistemic Progress.
American Psychologist 40: 29 - 39.
Wilson, D. L. (1991) Testing time for electronic journals.
Chronicle of Higher Education September 11 1991: A24 - A25.
------------------------------
Date: Tue, 10 Mar 92 15:32:53 PST
From: tenney@NETCOM.COM(Glenn S. Tenney)
Subject: File 7-- Cyberspace Candidate for Congress
The following is my online announcement of my candidacy to the U.S.
House of Representatives followed by a copy of my platform and a brief
bio. I also have available a copy of the press release I sent out on
Business Wire. A photograph is also available. Please email or call
if you want more info.
Equally, if you don't want me to email you again as my campaign
progresses, please let me know.
Since it is my intention to serve as an online representative, I felt
that you would find this interesting...
Yes, I would be most appreciative of any and all legal campaign
donations except from Political Action Committees. If you aren't sure
what is and isn't an allowable donation, just let me know...
Glenn Tenney For Congress
2111 Ensenada Way
San Mateo, CA 94403
Voice or Fax: (415) 574-2931
+++++++++++++++++cut here for online announcement of my candidacy
MARCH 6, 1992, SAN MATEO, CALIFORNIA: Progress begins with
initiative, a coming together of a vision and the will to accomplish
great things. Silicon Valley entrepreneurs know this very well. For
too long, career politicians have laid barriers in the way of people
working to build a humane, viable future with the tools that
technology has given them. When the people have asked for widespread
access to telecommunications, computing power, and education,
old-school politicians have pointed to the necessity for defense
spending instead of making investments in the future. That's why I'm
announcing my candidacy for the U.S. House of Representatives in the
reapportioned twelfth Congressional District of California. My
district covers most of the area from San Mateo up to Golden Gate Park
in San Francisco. As a Democrat, I will be challenging our twelve
year incumbent in the June Primary.
A few weeks ago I asked Congressman Tom Lantos' staff how he voted
last year. Their initial response was to hand me the glossy
advertising brochure that our tax dollars paid for. When pressed to
find out how he voted, or didn't vote, I was ushered into their
library, shown to the Congressional Record, and told to look it up
myself day by day. This is how my representative, from one of the
most technologically advanced districts, brings information to his
constituents. Career politicians have remained dedicated to high
defense spending while the real tools needed for worldwide economic
competition are lying dormant. We need to encourage the young,
trained minds of our country, and to provide the communications power
to unleash that talent.
Every day we are faced with non-technical problems such as health
insurance, jobs, and our economy, but I feel very strongly that our
country needs to look at the future of technology: how it can be used
or abused, and how it is abusing all of us. Technology is advancing
far faster than our laws can cope, which raises many legal,
sociological, ethical, and constitutional questions. Answering these
questions requires both an understanding of the technology and actual
experiences with the technology.
Our greatest resources for the future are our children and our world.
Our country needs to take a proactive role in producing the best
educated future generation that we can, as well as having a place for
that generation to live and be productive. We need to find innovative
and creative ways to put technology to work for our future rather than
putting up legislative roadblocks to the future. Providing the
information and education we and our children need to be competitive
in the future is coupled to our economy. We can't be productive
today, nor can our children compete in the future, without information
and education. We must plan for the twenty-first century today.
We are faced with a society of economic haves and have-nots. Most of
us actively involved with technology and information access know that
information is power. We are fast becoming a nation of information
"knows" and "know-nots", and those who do not have the information
will be in an even more devastating position than those who are just
economically disadvantaged. Our government itself works to keep
information unavailable to us. We need to bring information to the
people, and get information from the people to our elected officials.
This will help bring the power back to the people. You can be an
elected official without being a career politician, but you can't
legislate technological issues unless you understand the technology.
We need elected officials who are online and accessible, and with whom
information flows -- to them and from them as a dialogue.
One of the problems of our political system is that it takes money to
win. Too often these funds come from Political Action Committees.
The traditional view has been that campaign funding is spent to "get
the message out". The online community finally has a chance to use
this new medium to not only get a message out, but to discuss the
issues without spending obscene amounts of money. Let's use my
campaign as a demonstration of the power of online politics. Pass
this release and my platform on to your friends and colleagues, and
around your town. Even though California's twelfth Congressional
District covers the area from San Mateo up to Golden Gate Park in San
Francisco, these issues need to be discussed online and in the media
nationwide. We of the online community are currently an
under-represented constituency. Let's change that. Let's get
Congress online.
Even an online campaign isn't free. Network etiquette precludes me
from asking for campaign contributions, but please do contact me
directly:
Paid for by the Glenn Tenney for Congress Campaign Committee
2111 Ensenada Way
San Mateo, CA 94403
Voice/Fax: (415) 574-2931
tenney@netcom.com or Compuserve: 70641,23
(also MCI Mail, America Online, and others)
--30--
+++++++++++++++++cut here for a copy of my platform
Congressional Candidate Glenn Tenney's Platform For Our Future
MARCH 6, 1992, SAN MATEO, CALIFORNIA: Most candidates look like
every other candidate on most issues. I am differentiated on
high-tech issues. Here's how I feel about a few traditional and
technological issues:
* We need to be competitive in the "global village" world
economy, to focus on America without being protectionist. Education
and information are keys to achieving these goals.
* Our country, from the top down, needs to look years into the
future instead of just months. Our country and our businesses also
need to understand that our people are our major asset for the future.
We must rescue our environment to have a future.
* Being in business for myself, not being wealthy, and having
raised five boys means that my wife and I live the health care problem
daily. A tax credit next year doesnUt help us pay our insurance
premium next month, let alone help us find insurance. Our country
must commit to defining and providing a minimal level of health care
to everyone.
* When my wife and I decided to become parents we fortunately
had access to all the information and options, and had the right to a
choice. I am pro-family and pro-choice.
* Recent events in what was the Soviet Union offers us the
opportunity of our lifetime to take dramatic steps towards world
peace, and a true peace-time economy. We must significantly reduce
our defense budget while helping defense businesses and their workers
transition to non-defense ventures. Our country's enormous supply of
talent currently committed to defense-related projects can be put to
effective and innovative use in solving many other problems. We can
do this and maintain defensive strength.
* We must encourage businesses to invest in our future both by
reducing long term capital gains taxes (for capital that is actually a
long term investment in our future) and providing tax incentives for
research and development. Having participated in chip designs, and
seeing how biotechnology is progressing, I know that many innovations
require a large long-term capital investment.
* There are tremendous changes waiting to happen if only we can
provide high-speed computer and data networks between our
universities, public schools (K-12) and homes. We need to take steps
to wire our country for Integrated Services Digital Network (ISDN) or
'fiber to the home.' Affordable ubiquitous networked computing will
have an effect that can hardly be imagined by those outside of the
field.
* Most people get their news from television. About two-thirds
of our homes receive that news on cable TV, yet only a small number of
companies choose what channels are available. Cable TV affords us
many advantages, yet like all technologies it is a double edged sword.
We need policies that better deal with these "monopolies", and which
provide for true competition.
* Technology is encroaching more and more into our everyday
life, and abusing our privacy along the way. These issues hit all of
us when applying for credit, going to the doctor, applying for a job,
and even when making an 800 toll-free phone call. For example, there
are companies providing computers to doctors' offices in exchange for
access to all of their records. These problems are affecting
everyone, and are not esoteric technological issues. I am committed
to protecting our privacy at home and on the job.
* The computer networks criss-crossing our country are the
highways of tomorrow. These networks are an 'online electronic
frontier' connecting such diverse groups as a Native American Tribal
school with an M.I.T. mathematics class. The electronic frontier is a
new publishing medium, and a new 'place' of assembly raising many
issues of privacy and rights of free speech. Online we can achieve
what political consultants want: a way to get a message to many
people. A key element of being online is that the people can also get
their message TO their representatives. This technology affords us
the opportunity to discuss issues with our representatives.
* We need ready access to information, especially flowing to and
from our government at all levels. Information is power, and we the
people must recapture the power that should be ours.
Paid for by the Glenn Tenney for Congress Campaign Committee
2111 Ensenada Way
San Mateo, CA 94403
Voice/Fax: (415) 574-2931
tenney@netcom.com or Compuserve: 70641,23
(also MCI Mail, America Online, and others)
--30--
++++++++++++++++++++++ cut here for a copy of my brief bio
Congressional Candidate Glenn Tenney Talks a Bit About Himself
MARCH 6, 1992, SAN MATEO, CALIFORNIA: I've never had a desire to be a
career politician. Apparently, few politicians in recent times have
carried a vision to Washington. That's why I have decided to act on
my vision of our country's future in the twenty-first century by
working with you, as your representative in Washington.
My vision sees an information revolution that has already started and
will be as dramatic as was the industrial revolution. We need
legislators who can truly understand future technologies and how to
use them to our advantage instead of having the technologies abuse us.
I take our future and my campaign seriously. I am compelled to help
prepare our country for the next century even if that means becoming
an elected official and putting my career on hold.
I've been professionally involved in various aspects of technologies
(software and hardware) having begun operating system and compiler
design some 28 years ago, even before graduating high school. I've
been "online" since then, being "hand's on" with technology having
designed and implemented many small and large systems as well as
having programmed on dozens of systems. I've also researched and
written about technology, and about people's fears of technology.
I've been self-employed (or a "high-tech entrepreneur", depending on
how you want to view it) since I formed my own company in 1974. Since
then I've been involved in a few Silicon Valley high-tech startups
including the very beginning of the personal computer industry, as
well as chip designs and a few others.
My company has been a "mom and pop" venture since Susan and I were
married in 1976. I have two children and three step-children. I grew
up in the Chicago area and moved to San Mateo county in 1972, raising
our children in San Mateo since 1976. I turned 43 years old the day
after I announced my candidacy.
The following are some important aspects of who I am...
BA in Management (with honors), Saint Mary's College of California.
Senior Member of the Institute for Electrical and Electronic Engineers
(IEEE), and member of the IEEE Computer Society.
Participating Member, IEEE USA Intellectual Property Committee
(dealing with employed inventors rights, and copyright/patent issues
and legislation).
Member of the Association for Computing Machinery (ACM).
Chairperson and Organizer of The Hackers Conference (an annual
International high-tech conference) since it was originated by Stewart
Brand of The Whole Earth Catalog.
Member of the program and organizing committee of the first Conference
on Computers, Freedom and Privacy held last year.
Former Member of the Board of Trustees, Peninsula Temple Beth El.
Licensed Amateur Radio Operator (a "ham", callsign AA6ER).
Licensed Private Pilot (single engine land, instrument rated).
I've also been President of a variety of local computer and amateur
radio groups, and I am still involved with these groups and many other
organizations.
Paid for by the Glenn Tenney for Congress Campaign Committee
2111 Ensenada Way
San Mateo, CA 94403
Voice/Fax: (415) 574-2931
tenney@netcom.com or Compuserve: 70641,23
(also MCI Mail, America Online, and others)
------------------------------
Date: 21 Mar 92 18:21:11 EST
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 8-- BloomBecker's Legal Guidelines at CV&SC Conference (reprint)
J.J. Buck BloomBecker, the director of the National Center for Computer
Crime, called for the adoption of a new nationwide set of legal guide-
lines concerning computer crime. BloomBecker, speaking at the 5th annual
Computer Virus & Security Conference, proposed 5 points:
1. The creation of a $200 crime law deductible. Damages incurred below
that figure would not be the subject of criminal action.
2. The creation of a civil course of action for inadequate computer
security
3. The making of reckless computing a felony. "Reckless computing" is
classified as anything which could potentially cause damage.
4. The making a careless computing a misdemeanor.
5. The enactment of greater protection against unreasonable search and
seizure.
Bloombecker's recommendations and supporting statements were the subject
of much conversation at his conference session. Donald Delaney, New York
State Police Senior Investigator, decried the setting of a deductible
for computer crime, pointing out that in the struggle against cellular
phone call-selling operations, it is often an arrest for a single call
under $200 that shuts down an on-going multi-thousand dollar fraud
operation.
(reprinted from ST REPORT #8.12 3/20/92 with permission)
------------------------------
Date: Tue, 17 Mar 1992 13:05:09 -0700
From: Bear Giles <bear@tigger.cs.colorado.edu>
Subject: File 9-- NASA hacker sentenced (Reprint from RISKS DIGEST #13.29)
>From the 17 March 1992 _Rocky Mountain News_:
Hacker ordered to get mental help (Reuter)
A computer hacker who pleaded guilty Monday to breaking into NASA
computer systems as ordered to undergo mental health treatment and not
use computers without permission from a probation officer. Richard
Wittman, 24, of Lakewood [Colorado] was sentenced to three years
probation by Denver U.S. District Judge Sherman Finesilver in a rare
prosecution for breaking into a computer system. Wittman pleaded
guilty last fall to one count of breaking into a National Aeronautics
and Space Administration computer. Prosecutors said Wittman had spent
four years trying to get into computer systems. In a plea bargain,
Wittman admitted gaining access to NASA's computer via a malfunction
in a bulletin board service.
------------------------------
End of Computer Underground Digest #4.14
************************************
Computer underground Digest Sun Mar 29, 1992 Volume 4 : Issue .15
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Associate Editor: Etaion Shrdlu
Arcmeisters: Brian Kehoe and Bob Kusumoto
CONTENTS, #4.15 (Mar 29, 1992)
File 1--Reader Reply--Don't "Say YES! to Business Rates." (CuD 4.11)
File 2--Information wanted on Censorship in Cyberspace
File 3--Reader Reply Cybernetic Candidate (CuD #4.14)
File 4--"Sun Devil" becomes new SJG Game
File 5--Electronic FOIA/April 2 hearing
File 6--Penn. Supreme Ct. Bars Call
File 7--Pedophilia, Computers and Children
File 8--CFP-2: Sterling Speaks For "The Unspeakable" (NEWSBYTES reprint)
File 9--CFP-2 Features Role-Playing FBI Scenario (NEWSBYTES reprint)
File 10--Electronic CivLib - model candidate's statement & ideas
Issues of CuD can be found in the Usenet alt.society.cu-digest news
group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG,
and DL0 and DL12 of TELECOM, on Genie, on the PC-EXEC BBS at (414)
789-4210, and by anonymous ftp from ftp.eff.org (192.88.144.4),
chsun1.spc.uchicago.edu, and ftp.ee.mu.oz.au. To use the U. of
Chicago email server, send mail with the subject "help" (without the
quotes) to archive-server@chsun1.spc.uchicago.edu.
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Tue, 24 Mar 1992 11:19:17 EST
From: "Charles Purwin, Systems, purwinc@woods.ulowell.edu"@UNKNOWN.DOMAIN
Subject: File 1--Reader Reply--Don't "Say YES! to Business Rates." (CuD 4.11)
I have to object to Michael E. Marotta's article in CUD #4.11, where
he seems to take the stand that BBS's operators should pay business
lines.
His two views are both limited in scope and understanding of the issue
at hand. Some of the items he speaks about in his "Home Data Center"
are not really the informational tools he alludes them to actually be.
Camcorders nor copiers are informational tools, they can be viewed as
tools for capture and duplication of information but are not in
themselves informational tools. TV's are at best a nominal
information distributer, the tripe heavily outweighs the 6 o'clock
news. Books, magazines and newspapers definitely are decent ways to
get across information, but tend to be found densely in a home than a
TV. Again in the same paragraph he states that "EVERY BBS USER IS A
SYSOP." Now I don't know if Mr. Marotta has ever seen or used a BBS,
but that statement leads me to believe that he has not. I associate
with BBS operators and I see first hand the work and time they put in
to keep a BBS running. If every user was a sysop then we would truely
either have a few excellent bbs's or many that are simply run to the
verge of anarchy. No average user, excluding obviously other sysops,
can be alluded to being a sysop that is impossible. It is true that
data travels from home to home, but what is voice? Last time I looked
it is data also.
In his following statements on "The Home Treasury", Mr. Marotta feels
that "anyone can build a car; most people choose not to." PLEASE! I
know many people that would not have a clue on how to put two pieces
of wood together, never mind a car. That type of senseless comparison
is not endearing to anyone. I think most people know that your
checkbook is your general ledger that is usually a common thing. I
don't see what a dishwasher or adding machine have to do with your
phone rate! There is no comparision here. The basis for a phone rate
should lie more so in the fact it being either commercial/private
/public/non-profit and not if you have a dishwasher.
Well most businesses can afford a commercial phone number. But they
are in the market to make money, where as a BBS IS NOT. Now I know
there are exceptions to the rule, BUT 90% do not ask for money up
front as a requirement, as a business would do. They just ask that
you help them if you can, a donation or whatever you want to call it.
I can't make heads or tails of the last paragraph, I guess my english
is just not refined enough. In closing, BBS operators do not deserve
to be charged commercial rates, because in fact they are not a
business in the classical sense. Now I see no reason that the telco
could not come to an agreement on a rate that would reflect the usage
a line would be getting because of BBS usage.
------------------------------
Date: Sun, 22 Mar 92 13:16 EST
From: "Michael E. Marotta" <MERCURY@LCC.EDU>
Subject: File 2--Information wanted on Censorship in Cyberspace
I have been hired to write an article about the control of information
in cyberspace. We all know that Fidonet moderators and sysops devote
their OWN resources for us to use. There is no question about the
"right" of the sysop or moderator to delete messages and users. The
practice of censorship is nonetheless newsworthy.
If YOU have experienced censorship on Fidonet or Usenet, or Prodigy or
CompuServe, or another BBS or network, I am interested in learning
about your story. If you can supply downloads of actual encounters,
so much the better.
If you have ever been censored, send me physical world mail about the
event.
Michael E. Marotta
5751 Richwood #34
Lansing, Mich. 48911
USA
------------------------------
Date: Thu, 26 Mar 92 14:34:54 EST
From: Stephen Dennett <sdennett@SALES.STERN.NYU.EDU>
Subject: File 3--Reader Reply--Cybernetic Candidate (CuD #4.14)
> A few weeks ago I asked Congressman Tom Lantos' staff how he voted
> last year. Their initial response was to hand me the glossy
> advertising brochure that our tax dollars paid for. When pressed to
> find out how he voted, or didn't vote, I was ushered into their
> library, shown to the Congressional Record, and told to look it up
> myself day by day.
The PRODIGY service has a database with the voting records of all
current candidates available online (done with the League of Women
voters or some such group). You might want to contact them about
getting listed (they list candidates with no records also).
------------------------------
Date: Wed, 25 Mar 92 11:00:38 -0600
From: sjackson@TIC.COM(Steve Jackson)
Subject: File 4--"Sun Devil" becomes new SJG Game
In 1990, the Secret Service raided Steve Jackson Games when a "hacker
hunt" went out of control. Loss of our computers and unfinished game
manuscripts almost put this company out of business.
It's been two years. We're back on our feet. And ever since the raid,
fans have been asking "When are you going to make a game out of it?"
Okay. We give up. Here it is.
In HACKER, players compete to invade the most computer systems. The
more systems you crack, the more you learn, and the easier the next
target is. You can find back doors and secret phone lines, and even
crash the systems your rivals are using. But be careful. There's a
Secret Service Raid with your name on it if you make too many enemies.
Designed by Steve Jackson, the game was based on the award-winning
ILLUMINATI. To win at HACKER requires guile and diplomacy. You must
trade favors with your fellow hackers - and get more than you give
away. But jealous rivals will try to bust you. Three busts and you're
out of the game. More than one player can win, but shared victories
are not easy!
HACKER is for 3-6 players. Playing time is under an hour for the short
game and about 2 hours for the regular game. Components include a rule
book, 110 cards, marker chips, 6 console units, system upgrades, Bust
markers and Net Ninja marker, two dice and a ziplock bag.
Hacker begins shipping March 30, and has a suggested retail price of
$19.95.
------------------------------
Date: Fri, 13 Mar 1992 13:06:33 CST
Sender: Activists Mailing List <ACTIV-L@UMCVMB.BITNET>
From: James P Love <LOVE@PUCC.BITNET>
Subject: File 5-- Electronic FOIA/April 2 hearing
On April 2, 1992 the Senate Subcommittee on Technology and the Law
will hold a public hearing on S. 1940, Senator Leahy's "Electronic
Freedom of Information Improvement Act of 1991." This important
legislation addresses the issue of the availability of electronic
records under the Freedom of Information Act.
A number of persons have asked how Senator Leahy's Electronic FOIA
bill (S. 1940) relates to Representative Owens' Improvement of
Information Access Act (IIA Act, HR 3459), which also amends the
Freedom of Information Act. The _short_ answer is that S. 1940 would
strengthen the public's rights to receive electronic records that are
subject to a FOIA request, while the Owens bill would enhance access
by improving the scope and performance of agency information products
and services. The principal opposition to the Leahy bill comes from
federal agencies who do not like FOIA responsiblities, while the
principal opposition to the Owens bill comes from commercial data
vendors who don't want new government information products and
services. We plan to provide a more detailed discussion of the two
bills in a few days.
Senator Leahy wants to use the April 2, 1992 hearing to develop a
record of the problems the public has in receiving electronic records
from agencies. We are preparing a statement which will address
several issues, including, among other things:
- the Federal Reserve Bank's use of NTIS to sell the
electronic copy of its bank call reports for $500 a tape,
rather than releasing the information under a FOIA request
for the cost of copying the information,
- the SEC/Mead contract that will prevent the electronic copy
of EDGAR database from being available under FOIA, and
- the Department of Justice/WESTLAW contract which prevents
the public from obtaining large portions of the JURIS
database under FOIA.
We would be very interested in learning about _ANY_ problems people
have had receiving electronic records under FOIA.
For more information about S. 1940 or the April 2, 1992 hearing,
contact Cathy Russell, Counsel to the Subcomittee, at 202-224-3406, or
write to her at 815 Senate Hart Building, Washington, DC 20510.
------------------------------
Date: Mon, 23 Mar 1992 15:49:09 EDT
From: Dave Banisar <banisar@WASHOFC.CPSR.ORG>
Subject: File 6--Penn. Supreme Ct. Bars Call
Penn. Supreme Ct. Bars Caller Id
From: March 23, 1992 Comm. Daily
PA. SUPREME COURT THROWS OUT UNBLOCKED CALLER ID
Pa. state Supreme Court last week upheld lower court rulings that
unblocked Caller ID service would violate state wiretap laws, but
left open significant question whether any form of blocking would
satisfy legal requirements. March 18 decision by Judge Nicholas
Papadakos for 7-member court said service violated state law "because
it is being used for unlimited purposes without the 'consent' of each
of the users of the telephone service." PUC had approved service in
1989 without blocking, and was challenged in court by then-Consumer
Advocate David Barasch. Bell of Pa. had argued that Caller ID was
legal trap-and-trace device operated by telephone company, but Barasch
and others had said that 2 traps were being used -- one by telephone
company, which may be exempt from law, and one by customer's Caller
ID device. Court ruled state wiretapping law requires that "consent
to any form of interception must be obtained from all parties."
Ruling didn't reach questions whether Caller ID was constitutional,
or what forms of blocking would suffice to meet state requirements. In
oral argument, telephone company changed its policy and said it would
offer per-call blocking. Bell of Pa. spokesman Saul Kohler said that
ruling "clears the way for Caller ID to be offered" with per-call
blocking, and that company was pleased service wasn't found to be
unconstitutional. There's no timetable for proposing service, he said.
But Irwin Popowski, who succeeded Barasch as Consumer Advocate, said
it's open question whether per-call blocking is adequate. Popowski
wouldn't say what blocking standard his office would support, but
noted that trend of regulatory decisions around country lately has
been to include per-line blocking in mix of services. There's "real
question" whether per-line blocking should be offered, he said.
PUC Vice Chmn. Joseph Rhodes, who wrote 1978 privacy law while in
legislature, said it's possible that any new Bell proposal could lead
to another 3 years of litigation. He called decision "triumph for
privacy," and said Bell statement claiming victory was "an absurd
attempt to distort what the Supreme Court decided." Rhodes called on
Bell to confer with Caller ID opponents to try to find solution, and
for company to put more emphasis on Call Trace.
------------------------------
Date: Wed, 25 Mar 1992 15:44:51 EST
From: anonymous@cont.edu
Subject: File 7--Pedophilia, Computers and Children
====
NEWS RELEASE Immediate 3/18/92
PEDOPHILIA, COMPUTERS AND CHILDREN
If you have children in your home and a home computer complete with a
telephone modum, you [sic] child is in potential danger of coming in
contact with deviate and dangerous criminals.
Using the computer modum [sic], these unsavory individuals can
communicate directly with your child without your knowledge. Just as
importantly, you should be concerned if your child has a friendship
with other youth who have access to this equipment in an unsupervised
environment.
Using a computer and a modum your child can readily access community
"bulletin boards" and receive sexually explicit and graphic material
from total strangers who can converse with your children, individuals
you quite probably wouldn't even talk with.
The concern becomes more poignant when stated otherwise; would you let
a child molester, murderer, convicted criminal into your home to meet
alone with your child?
According to Fresno Police Detective Frank Clark "your child can be in
real danger from pedophiles, rapists, satanic cultists and other
criminals knows to be actively engaged in computer conversation.
Unwittingly, naive children with a natural curiosity can be victimized;
emerging healthy sexual feelings of a child can be subverted into a
twisted unnatural fetish affecting youth during a vulnerable time in
their lives."
It is anticipated that parents, when armed with knowledge this
activity exists and awareness that encounters with such deviate
individuals results in emotional and psychological damage to their
child, will take appropriate measures to eliminate the possibility of
strangers interacting with their children via a computer.
A news conference is scheduled for 10 a.m., Thursday, March 19, 1992
at Fresno Police Department, Headquarters. The conference, presided
over by Detective Frank Clark, will be held in the Library located on
the second floor.
For Further Information: P.I.O. Ron Hults (209) 498-4568
------------------------------
Date: Tue, Mar 24, '92 22:15:21 PST
From: John F. McMullen <mcmullen@well.sf.ca.us>
Subject: File 8-- CFP-2: Sterling Speaks For "The Unspeakable" (NEWSBYTES)
WASHINGTON, D.C., U.S.A., 1992 MAR 25(NB) -- Bruce Sterling, the
prime luncheon speaker at the 2nd Annual Conference On Computers
Freedom & Privacy (CFP-2), fulfilled his program billing as "Speaking
for the Unspeakable" by taking on three separate persona and
delivering what might have been their messages.
Sterling, best known as a science fiction writer, spoke for three
characters, a "a malicious hacker", a Latin American police official
and a Hong Kong businessman, who were, in his words, "too venal,
violent, treacherous, power-mad, suspicious, or mean-spirited to
receive (or accept) an invitation to attend."
Sterling began his speech by introducing himself and then saying "When
the CFP committee asked me if I might recommend someone to speak here
at CFP-2, I had an immediate candidate. I thought it would be great if
we could all hear from a guy who's been known as Sergei. Sergei was
the KGB agent runner for the Chaos Computer Club group who broke into
Cliff Stoll's computer in the famous Cuckoo's Egg case. Now Sergei is
described as a stocky bearded Russian espionage professional in his
mid-40's. He's married, has kids and his hobby is fishing, in more
senses than one, apparently. Sergei used to operate out of East
Berlin, and, as far as I personally know, Sergei's operation was the
world's first and only actual no-kidding, real-life case of
international computer espionage, So I figured -- why not send Yelsin
a fax and offer Sergei some hard currency; things are pretty lean over
at KGB First Directorate these days. CFP could have flown this guy in
from Moscow on a travel scholarship and I'm sure that a speech from
Sergei would be far more interesting than anything I'm likely to offer
here. My proposal wasn't taken up and instead I was asked to speak
here myself. Too bad! "This struck me as rather a bad precedent for
CFP which has struggled hard to maintain a broad universality of
taste. Whereas you're apparently willing to tolerate science fiction
writers but already certain members of the computer community, KGB
agents, are being quietly placed beyond the pale. But you know, ladies
and gentlemen, just because you ignore someone, doesn't mean that
person ceases to exist -- and you've not converted someone's beliefs
merely because you won't listen. But instead of Comrade Sergei, here I
am -- and I am a science fiction writer and, because of that, I
rejoice in a complete lack of any kind of creditability!
"Today I hope to make the best of that anomalous position. Like other
kinds of court jesters, science fiction writers are sometimes allowed
to speak certain kinds of unspeakable truth, if only an apparent
parody or metaphor. So today, ladies and gentlemen, I will exercise my
inalienable civil rights as a science fiction writer to speak up on
behalf of the excluded and the incredible. In fact, I plan to abuse my
talents as a writer of fiction to actually recreate some of these
excluded, incredible unspeakable people for you and to have them
address you today. I want these people, three of them, to each briefly
address this group just as if they were legitimately invited here and
just as if they could truly speak their mind right here in public
without being arrested."
Sterling then went on to assure the crowd that he was not speaking his
personal conviction, only those of his characters, and warned the
group that some of the material might be offensive. He then launched
into the delivery of his characters' speeches -- speeches which had
the hacker talking about real damage - "the derailing of trains"; the
Latin police official, a friend and admirer of Noriega, discussing the
proper way of dealing with hackers; and the businessman explaining
way, in the age of high speed copiers, laser printers and diskette
copying devices, the US copyright laws are irrelevant.
Often intercepted by laughter and applause, Sterling received a
standing ovation at the conclusion of the speech. Computer Press
Association newsletter editor Barbara McMullen was overhead telling
Sterling that he had replaced "Alan Kay as her favorite luncheon
speaker." while conference chair Lance Hoffman, who had received an
advance copy of the speech a few weeks before, described the speech as
"incredible and tremendous".
Sterling, relaxing after the talk with a glass of Jack Daniels, told
Newsbytes that the speech had been fun but a strain, adding "Next time
they'll really have to get Sergei. I'm going back to fiction."
Sterling's non-fiction work on computer crime, "The Hacker Crackdown"
is due out from Bantam in the fall and an audio tape of the CFP-2
speech is available from Audio Archives. He is the author of "Islands
In The Net" and is the co-author, with William Gibson, of the
presently best-selling "The Difference Engine".
John F. McMullen/Press Contact: Audio Archives, 818 957-0874/19920325)
------------------------------
Date: Tue, Mar 24, '92 22:15:34 PST
From: John F. McMullen <mcmullen@well.sf.ca.us>
Subject: File 9--CFP-2 Features Role-Playing FBI Scenario (NEWSBYTES REPRINT)
WASHINGTON, D.C., U.S.A., 1992 MAR 25(NB) -- As part of the
"Birds-of-a-Feather" (BOF) sessions featured at the 2nd Conference on
Computers, Freedom & Privacy (CFP-2), FBI agent J. Michael Gibbons,
acting as a live gamemaster, orchestrated the play-acting of an
investigation by federal agents into allegations of computer intrusion
and criminal activity. The scenario, set up by Gibbons to show the
difficulties faced by investigators in balancing the conducting of an
investigation with a protection of the rights of the individual under
investigation, was acted out with non-law enforcement officials cast
in the role of investigators; New York State Police Senior
Investigator Donald Delaney as "Doctor Doom", the suspected ringleader
of the computer criminals; Newsbytes New York Bureau Chief John
McMullen as a magistrate responsible for considering the
investigators' request for a search warrant; and author Bruce Sterling
as a neighbor and possible cohort of Doctor Doom.
Gibbons, in His role of Gamemaster, regularly intercepted the action
to involve the audience in a discussion of what the appropriate next
step in the scenario would be -- "Do you visit the suspect or get a
search warrant or visit his school or employer to obtain more
information?; Do you take books in the search and seizure?, printers?,
monitors?, etc." During the discussion with the audience, points of
law were clarified by Mike Godwin, Electronic Frontier Foundation
in-house counsel, and Alameda County Assistant District Attorney
Donald Ingraham.
The role-playing session immediately followed a BOF panel, "Hackers:
Why Don't They Understand" which attempted to present a hacker view of
on-line ethics. The panel, moderated by McMullen, was composed of
Steve Levy, MacWorld columnist and author of "Hackers"; Dorothy
Denning, Chair of Computer Science at Georgetown University; Glenn
Tenney, California Congressional Candidate and chair of the annual
"Hacker's Conference"; Craig Neidorf, defendant in a controversial
case involving the electronic publishing of a stolen document;
"Dispater", the publisher of the electronic publication "Phrack";
Emmanuel Goldstein, editor and publisher of "2600: The Hacker
Quarterly", and hacker "Phiber Optik".
During the panel discussion, Levy, Denning and Tenney discussed the
roots of the activities that we now refer to as hacking, Goldstein and
Dispater described what they understood as hacking and asked for an
end to what they see as overreaction by the law enforcement community,
Neidorf discussed the case which, although dropped by the government,
has left him over $50,000 in debt; and Phiber Optik described the
details of two searches and seizures of his computer equipment and his
1991 arrest by Delaney.
In Neidorf's talk, he called attention to the methods used in valuing
the stolen document that he published as $78,000. He said that it came
out after the trial that the $78,000 included the full value of the
laser printer on which it was printed, the cost of the word processing
system used in its production and the cost of the workstation on which
it was entered. Neidorf's claims were substantiated by EFF counsel
Godwin, whose filing of a motion in the Steve Jackson cases caused the
release of papers including the one referred to by Neidorf. Godwin
also pointed out that it was the disclosure by interested party John
Nagle that the document, valued at $78,000, was obtainable in a book
priced at under $20.00 that led to the dropping of the charges by the
US Attorney's office.
SRI security consultant Donn Parker, one of the many in the audience
to participate, admonished Phiber and other hackers to use their
demonstrated talents constructively and to complete an education that
will prepare them for employment in the computer industry. Another
audience member, Charles Conn, described his feeling of exhilaration
when, as a 12-year old, he "hacked" into a computer at a local
Kentucky Fried Chicken. Conn said "It was wonderful. It was like a
drug. I just wanted to explore more and more."
Parker later told Newsbytes that he thought that it was a mistake to
put hackers such as Phiber Optic and those like Craig Neidorf who
glorify hackers on a panel. Parker said "Putting them on a panel
glorifies them to other hackers and makes the problem worse."
The Birds-of-a-Feather sessions were designed to provide an
opportunity for discussions of topics that were not a part of the
formal CFP-2 program.
(Barbara E. McMullen/Press Contact: Dianne Martin, The George
Washington University, 202-994-8238/19920325)
------------------------------
Date: Thu, 26 Mar 92 18:05:58 -0800
From: Jim Warren <jwarren@WELL.SF.CA.US>
Subject: File 10--Electronic CivLib - model candidate's statement & ideas
This concerns practical efforts to assure that traditional
constitutional rights and protections remain clearly guaranteed, even
in the context of modern technology -- in the "Information Age" and
across the "Electronic Frontier."
For this 1992 election-year, the following offers possible models
for do-it-yourself citizen-based political action. Please "copy, post
and circulate" this 3-part document wherever and to whomever you wish.
Please feel free to modify Parts 2 and 3 however you wish -- over your
own signature. After all, freedom always *has* been a do-it-yourself
project.
This introduction is PART-1 of three parts.
PART-2 provides a model cover-letter & facts you might use:
1. First, it *briefly* mentions the electronic civil liberties issues.
2. Its next part is intended to get the attention of a candidate and/or
their campaign staff by illustrating cheap, effective net communications.
3. The next part illustrates that a great number of people (candidate-
translation: "voters") are involved.
4. *Very important*: It outlines our ability to communicate with masses
of people/voters -- at little or no cost.
5. Equally important -- it requests *specific commitment to act* from a
candidate.
6. It offers a matching commitment to publicize their position.
PART-3 is a model candidate's statement committing to specific action.
Note: All successful politicians have mastered the art of
*sounding* like they are supportive of the hundreds or thousands of
causes and pleas that are urged upon them. Good-sounding,
vaguely-supportive statements are worth virtually nothing. Anything
less than their issuing a public position statement committing to
explicit action must be considered as meaningless.
Election season is the one time when we have our best chance at
efficient and effective citizen action. All it takes is time and effort.
(And, I walk it like I talk it -- I have forwarded customized versions of
the cover-letter and model-statement to several state and federal candidates
-- all of whom are seeking re-election or election to higher office.)
I would be happy to help others working on these issues, time permitting.
The more people who send this cover letter and model statement to
candidates -- and phone campaign headquarters and ask questions at
candidates' forums; the more sensitized they will become to this
constituency and these fundamental issues of a free society.
Speak and write, now; speak and write, often.
"The price of freedom ..."
--Jim Warren, Electronic Civil Liberties Initiative,
345 Swett Road, Woodside CA 94062; fax/415-851-2814
email/ jwarren@well.sf.ca.us
[ For identification purposes only: organizer/chair of First Conference on
Computers, Freedom & Privacy (1991), first-year recipient of Electronic
Frontier Foundation Pioneer Award (1992), MicroTimes contributing editor &
columnist, Autodesk Board of Directors member, founding of InfoWorld,
founding editor of Dr. Dobb's Journal, past chair of ACM, SIGMICRO and
SIGPLAN chapters, etc., blah blah blah. ]
=============== PART-2, MODEL COVER-LETTER TO CANDIDATE(S) ================
Dear [candidate],
A growing percentage of the 12-16 million people who are "online" --
using networked computers -- are expressing increasing concern about
protecting traditional civil liberties and personal privacy in the
"Information Age." (People are "coming online" at a rate much faster than
the explosive growth of personal computing since they began in the mid-'70s.)
As we use networked computers for electronic-mail, teleconferencing
and information exchange, they are reporting rapidly-increasing threats to
electronic "speech," "press," "assembly," personal security and privacy.
For instance: In 1990, a single notice sent out across computer
nets prompted 30,000 complaints about Lotus Corporation's plans to
sell personal data on 20-million consumers. Lotus quickly withdrew
their "Marketplace" product before sales ever began.
Or: In Spring, 1991, a single message sent into the computer nets
prompted thousands of complaints to Senators Biden and DeConcini. It
concerned legislation they had introduced, reportedly requested by the
FBI via Senator Thurmond, that would have crippled secure voice and
data communications for U.S. citizens and business. The Senators
withdrew the proposal with three weeks of the net-circulated note.
How many voters are involved?
Almost all users are adults. Most are well-educated. Most have
upscale incomes. Most have significant discretion for spending and
contributions.
Recent published research indicates there are about 14.2-million
people sharing 1.3-million "host" computers on the "Internet." This
includes about 960,000 people using more than 12,000 home/personal
computers as shared BBSs -- networked electronic "bulletin board
systems." These offer free or almost-free teleconferencing and
electronic-mail. [Matrix News, Feb., 1992, 1120 S. Capitol-of-Texas
Hwy., Bldg. 2-300, Austin, TX 78746.]
(In addition, there are also the commercial systems such as
CompuServe, Prodigy, GEnie and MCImail -- but they have only several
million users and are very costly in comparison to the much larger
Internet computer matrix.) Mass-discussions of freedom and privacy
concerns are escalating.
Almost-instant mass-circulated online "newspapers" and "news-groups"
plus numerous popular teleconferences increasingly carry reports of
electronic civil-liberties and privacy concerns. Credit-data abuses,
covert employer surveillance, corporate espionage, seizure of
electronic publications, searches of entire electronic post offices,
and government opposition to secure communications are greatly
escalating these concerns.
These issues are rapidly penetrating the public press and
television. Example: The First Conference on Computers, Freedom and
Privacy (1991), prompted well in excess of 80 pages of press,
including the New York Times, Los Angeles Times, Wall Street Journal
Time Magazine, Business Week, Scientific American, Germany's Der
Spiegel, etc.. [For copies, contact CFP#1 chair, Jim Warren, 345
Swett Road, Woodside CA 94062; 415-851-7075.]
Functionally-free, almost-instantaneous mass communication is
available.
It is trivial for anyone to "broadcast" comments or information
across the nets to thousands of people, almost immediately and for
free or perhaps costing $15-$20/month. Over a million people read
news-groups in USENET, which is just one of thousands of electronic
"newspapers."
And, system-owners and system-operators -- those often most-deeply
concerned about these civil liberties, privacy and content-liability issues
-- can have every user of their system receive whatever message they choose,
perhaps only once, or perhaps every time each person logs-in. Without cost.
Various of these "sysops" are agreeing to inform every one of their users --
often numbering in the thousands -- about candidates who commit to act to
protect civil liberties and privacy against new, technology-based threats.
We ask for your commitment.
A number of people who are well-known across this huge network are
asking candidates to commit to specific action, to make clear that
constitutional protections unquestionably apply across this new
"electronic frontier." We ask that you issue a formal position
statement, committing to act on these matters. (We recognize that an
informal statement of general principles is of minimal value without
specifics or commitment to action.)
We ask that you commit to protecting Constitutional freedoms,
regardless of technology. Enclosed is a "model" that you might use as
a starting point. (It illustrates some of the issues that many people
feel are most important.)
Commitment is reciprocal. If you commit to act, we will promptly
broadcast it far and wide across this massive, high-speed network.
And, if your opponent(s) avoid explicit commitment -- by specific
refusal or simply by inaction -- we will publicize that with equal
vigor.
Additionally, some of us are prepared to assist committed
candidates to publicize/discuss all of their positions and issues (not
just these online issues) via this free, fast, pervasive mass-medium.
And finally, candidates who address these issues first can
generate notice in the public press and television -- especially re
protecting freedom of speech, press, assembly and personal privacy.
Numerous reporters have covered these issues, to say nothing of the
300-400 computer trade periodicals. Some of us have lists of lay and
trade reporters interested in these issues and would be happy to
assist in publicizing your commitment.
I appreciate your attention to these comments and requests, and look
forward to your timely reply.
<<signature & affiliation, if any>>
=================== PART-3, MODEL CANDIDATE'S STATEMENT ====================
Guaranteeing Constitutional Freedoms into the 21st Century
Preface
Harvard Law Professor Laurence H. Tribe, one of the nation's
leading Constitutional scholars, views technological threats to our
traditional constitutional freedoms and protections as so serious that --
for the first time in his career -- he has proposed a Constitutional
Amendment:
"This Constitution's protections for the freedoms of speech, press,
petition and assembly, and its protections against unreasonable searches and
seizures and the deprivation of life, liberty or property without due
process of law, should be construed as fully applicable without regard to
the technological method or medium through which information content is
generated, stored, altered, transmitted or controlled."
-- First Conf. on Computers, Freedom & Privacy, 3/27/91, Burlingame CA
In the absence of such a constitutional clarification, legislation
and regulation are the only alternatives to assure that citizens are
protected from technological threats against their constitutional
rights and freedoms.
Candidate's Commitment to Action
(model statement)
Preface: It has been over two centuries since our Constitution and Bill
of Rights were adopted. The great technological changes in the interim --
especially in computing, telecommunications and electronics -- now pose a
clear and present danger to the rights and protections guaranteed in those
great documents. Therefore:
Commitment: In the first legislative session after I am
[re]elected, I will author or co-author legislation reflecting the
following specifics, and I will actively support and testify in favor
of any similar legislation as may be introduced by others. Further, I
will actively seek to include in such legislation, explicit personal
civil and/or criminal penalties against any agent, employee or
official of the government who violates any of these statutes. And
finally, I will keep all citizens who express interest in legislative
progress on these matters fully and timely informed.
The protections guaranteed in the Constitution and its Amendments
shall be fully applicable regardless of the current technology of the
time. This particularly includes, but is not limited to:
Speech: Freedom of speech shall be equally protected, whether by
voice or in written form as in the 18th Century, or by electronic
transmission or computer communication as in the 20th Century and
thereafter.
Press: Freedom of the press shall be equally protected, whether
its information is distributed by print as in the 18th Century, or by
networked computers or other electronic forms, as in the 20th Century
and thereafter. Liability for content: Just as a printer is not
liable for content of leaflets printed for a customer, so also shall
the owner or operator of a computer or electronic or
telecommunications facility be held harmless for the content of
information distributed by users of that facility, except as
the owner or operator may, by contract, control information content.
Those who author statements and those who have contractual authority
to control content shall be the parties singularly responsible for
such content.
Assembly: Freedom of assembly shall be equally protected, whether
by face-to-face meeting as in the 18th Century, or by computer-based
electronic-conference or other teleconference as in the 20th Century
and thereafter. The right to hold confidential meetings shall be
equally protected, whether they be by personal meeting in private
chambers, or by computer-assisted or electronic-based means.
Self-defense: The right of the people to keep and use computers
and communications connections shall not be abridged by the
government.
Search & seizure: The right of the people to be secure in their
papers and effects, against unreasonable searches and seizures, shall
be fully applicable to their electronic mail, computerized information
and personal computer systems.
Warrants: No warrants for search or seizure shall issue for
computerized information, but upon probable cause, supported by oath
or affirmation, and particularly describing the computer system to be
searched and the specific information to be seized.
Secure information vaults: Just as search and seizure of letters in a
post-office, and papers in a bank-vault lock-box, and surveillance of
telephone conversations by wire-tap, each require a separate warrant
for each postal address, lock-box and telephone line, so also shall a
separate warrant be required for each electronic-mail address and/or
computer files of each suspect, when stored in a computer facility or
archive shared by others. And further, computer files stored in a
shared facility or archive by or for a citizen who is neither named in
a warrant nor associated with a suspect so-named, may not be used
against that un-named citizen, if seized or discovered during legal
search of or for files of a suspect.
Self-incrimination: No person shall be compelled in any civil or
criminal case to be a witness against himself or herself, nor be
compelled to provide information retained only in their mind, nor
otherwise be compelled to assist the translation or decoding of
information that he or she believes may be self-incriminating.
Property: Private property shall not be taken for public use
without just compensation, nor shall such property be used nor sold by
any government agency for less than fair market value, in which case
all such proceeds shall promptly derive singularly to its last owner
prior to government seizure.
Speedy release: Anyone not accused of a crime shall enjoy the
right to a speedy release and return of all of their property, as may
be seized under any warrant, particularly including their computerized
information. The government shall be fully liable for any damage
befalling property or information they have seized.
[signed] _______________________ ______________ [date] _________________
_________________________ [please print or type]
_________________________ title / current office / office sought
_________________________ address
_________________________
_________________________
_________________________ campaign-office voice-phone number
_________________________ campaign-office fax number
_________________________ campaign-office electronic-mail address
[ Additional copies of this model candidate's position commitment are
available from: Jim Warren, Electronic Civil Liberties Initiative,
345 Swett Road, Woodside CA 94062; (415)851-7075, fax/(415)851-2814;
electronic-mail/ jwarren@autodesk.com -or-
jwarren@well.sf.ca.us . 3/26/92
For identification purposes, only, Warren was the Chair of the First
Conference on Computers, Freedom & Privacy held in March, 1991, is a
Contributing Editor for MicroTimes and is a member of the Board of Directors
of Autodesk, one of the nation's half-dozen largest software companies.]
------------------------------
End of Computer Underground Digest #4.15
************************************
Computer underground Digest Sun Apr 5, 1992 Volume 4 : Issue .16
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Associate Editor: Etaion Shrdlu
Arcmeisters: Brendan Kehoe and Bob Kusumoto
CONTENTS, #4.16 (Apr 5, 1992)
File 1--Article on Software Patents
File 2--Why form is as important as content
File 3--The FBI Needs Industry's Help--OpEd in NYT
File 4--ACLU's Janlori Goldman's Reply to FBI Proposal (Risks Reprint)
Issues of CuD can be found in the Usenet alt.society.cu-digest news
group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG,
and DL0 and DL12 of TELECOM, on Genie, on the PC-EXEC BBS at (414)
789-4210, and by anonymous ftp from ftp.eff.org (192.88.144.4),
chsun1.spc.uchicago.edu, and ftp.ee.mu.oz.au. To use the U. of
Chicago email server, send mail with the subject "help" (without the
quotes) to archive-server@chsun1.spc.uchicago.edu.
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Sat, 28 Mar 92 17:35:31 CST
From: Net Wrider <nwrider@uanonymous.uunet.uu.net>
Subject: File 1--Article on Software Patents
The following is available by anonymous FTP from prep.ai.mit.edu
in the pub/lpf directory.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This article by Brian Kahin appears in the April 1990 issue of
Technology Review (Building W59, MIT, Cambridge MA 02139,
(617)253-8250). It may be copied for noncommercial purposes
provided that it is copied, along with this statement and the bio
at the end of the article, without any modification whatsoever.
(Copyright (C) 1990 by Brian Kahin)
The Software Patent Crisis
An explosion of patents on software processes may radically
change the programming industry--and our concept of human
expression in the computer age.
Last August, Refac International, Ltd., sued six major spreadsheet
publishers, including Lotus, Microsoft, and Ashton-Tate, claiming they
had infringed on U.S. Patent No. 4,398,249. The patent deals with a
technique called "natural order recalc," a common feature of
spreadsheet programs that allows a change in one calculation to
reverberate throughout a document. Refac itself does not have a
spreadsheet program and is not even in the software industry. Its
business is acquiring, licensing, and litigating patents.
Within the last few years, software developers have been surprised to
learn that hundreds, even thousands, of patents have been awarded for
programming processes ranging from sequences of machine instructions
to features of the user interface. Many of the patents cover
processes that seem conventional or obvious, and developers now fear
that any of the thousands of individual processes in their programs
may be subject to patent-infringement claims.
The Refac suit demonstrates the vulnerability of the industry to such
claims. Patent no. 4,398,249 was applied for in 1970, granted in
1983, and only recently acquired by Refac. In the meantime, software
developers have been busily creating spreadsheets and other new
products unmindful of patents. The industry accepted copyright and
trade secret as adequate protection for its products, and most
programmers assumed that patents were not generally available for
software.
Never before has an industry in which copyright was widely established
suddenly been subjected to patenting. As it is, only a few companies
that create microcomputer software have the resources to try to defend
against patent infringement claims. Most small firms will be forced
to pay license fees rather than contest the claims, even though many
software patents may not stand up in court.
In the long run, the costs of doing business in a patent environment
will radically restructure the industry. Many small companies will
fold under the costs of licensing, avoiding patent infringement, and
pursuing patents defensively. The individual software entrepreneur
and inventor may all but disappear. There will be fewer publishers
and fewer products, and the price of software will rise to reflect the
costs.
Especially disturbing is that the broad claims of many recent software
patents appear to establish monopolies on the automation of such
common functions as generating footnotes and comparing documents.
Some claims even cover processes for presenting and communicating
information, raising troubling questions about the effect of patents
on the future of computer-mediated expression.
Patent vs. Copyright
Software patents, like all patents, give an inventor the right to
exclude all others from making, selling, or using an invention for 17
years. In return, the patentee discloses his or her "best method" of
implementing the invention, thereby relinquishing trade secrets that
might otherwise be enforced forever (like the formula for Coca-Cola).
To obtain a patent, an applicant must convince Patent Office examiners
that the invention would not be obvious to a "person of ordinary skill
in the art" who is familiar with all the "prior art," which includes
previous patents and publications. In contrast, copyright inheres in
books, poems, music, and other works of authorship, including computer
programs, from the moment they are created. Registering one's work
with the Copyright Office is a simple, inexpensive procedure that has
important benefits (it is a precondition for filing suit, for
example), but the copyright itself is automatic when the work is fixed
on paper or on disk.
Copyright and patent protect different things. Copyright
protects expression but not underlying ideas. Patents protect
useful processes, machines, and compositions of matter.
Traditionally "processes" have included methods of physically
transforming materials but not business methods or mental steps.
Thus, computer programs fall somewhere between the traditional
territories of copyright and patent.
>From the 1960s to the early 1980s, the Patent Office and the
courts grappled with the question of whether algorithms--the
elemental processes on which computer programs are built--are
patentable as either processes or machines. Early on, the
Patent Office granted some patents for processes built into
computer hardware that today would be contained in software, but
it was reluctant to grant patents for programs per se. As the
1966 Report of the President's Commission on the Patent System
pointed out, the Patent Office had no system for classifying
programs. The report also noted that even if this were remedied,
the volume of programs being created was so enormous that
reliable searches of "prior art" would not be feasible or
economical.
However, the Court of Customs and Patent Appeals (CCPA)
maintained that computer programs were patentable and overturned
numerous Patent Office decisions denying patentability. The
Supreme Court vindicated the Patent Office in two decisions,
Gottschalk v. Benson (1972) and Parker v. Flook (1978), holding
that mathematical algorithms were not patentable subject matter.
Still, the CCPA continued to uphold patentability in other cases.
Finally, in Diamond v. Diehr (1981), a sharply divided Supreme
Court upheld the patentability of a process for curing rubber
that included a computer program. The majority concluded that
programs that did not preempt all uses of a computer algorithm
could be patented--at least when used in a traditional process
for physically transforming materials.
That case has been the Supreme Court's last word on the subject.
But despite the narrowness of the ruling, the Patent Office
underwent a radical change of heart. Until very recently, there
were no reported appeals of adverse Patent Office decisions,
leading observers to conclude that the office was eventually
granting almost all applications for software patents. Although
articles began appearing in legal periodicals a few years ago
noting that patents were being routinely granted for many
software processes, not until 1988 did the industry realize that
the rules were changing, or had already changed, in the middle of
the game. By the spring of 1989, the patents that entered the
pipeline after Diamond v. Diehr were starting to flow out in
significant numbers--by one count, nearly 200 in the first four
months of that year.
Processing Problems
Unfortunately, the Patent Office classification system remains
unchanged, and the volume of software being created has grown
exponentially. This makes searching for prior art--processes
already in public use--time-consuming and expensive.
The search is extraordinarily difficult because the field's
printed literature is thin and unorganized. Software documents
its own design, in contrast to physical processes, which require
written documentation. Also, software is usually distributed
without source code under licenses that forbid reverse
engineering. This may amount to suppressing or concealing the
invention and therefore prevent the program from qualifying as
prior art. The search for prior art may require securing oral
testimony from people who developed software at universities many
years ago, an expensive proposition.
Many programmers suspect that patent examiners lack knowledge of
the field, especially since the Patent Office does not accept
computer science as a qualifying degree for patent practice (it
accepts degrees in electrical engineering). Moreover, attracting
and holding individuals with expertise in a field like software,
where industry demand is high, is not easy for a government
agency. Less qualified examiners create problems because they
naturally have a lower standard in determining the hypothetical
"person having ordinary skill in the art," and are thus more apt
to grant patents for obvious processes. Since the examination
process is conducted ex parte (as a private matter between the
Patent Office and the applicant), less qualified personnel are
also more likely to be influenced by sophisticated patent
attorneys and the apparent expertise of the applicant.
The quality of software patents being awarded has aroused
concern even among patent lawyers and other advocates of the new
regime. But it will be left to firms being sued for infringement
to prove that a process should not have been patented because it
was obvious in view of the prior art. Meanwhile, software
patents stand as intimidating weapons for those who hold them.
Restructuring the Industry
Perhaps because of some of these problems, applications for
software patents take an average of 32 months to be approved and
published. That's significantly longer than the overall average
of 20 months, and a very long time given the short product cycles
of the software business.
Unlike copyright, independent creation is irrelevant to patent
infringement. Every developer is charged with knowledge of all
patents. Even if someone is not aware of a patent, he or she can
still infringe against it. Furthermore, patent applications and
the examination process are confidential, so there are ordinarily
several years of patents in the pipeline that no search will
reveal. Although no infringement occurs until the patent issues,
an inventor may find that a newly awarded patent covers a feature
he or she has already incorporated and marketed in a finished
product. While this is a problem for the patent system as a
whole, it is intolerable for software developers because of the
industry's rapid pace of innovation and long patent-processing
period.
The problem is compounded by the fact that a modern software
package may contain thousands of separately patentable processes,
each of which adds to the risk of infringing patents that are
already in the pipeline. Since software functions are
interdependent and must be carefully integrated, developers can
find it difficult to excise a process built into the original
program.
The patent system exacts a high penalty in an industry as
decentralized as software. Programming requires no special
materials, facilities, or tools: to design software is to build
it. Because barriers to entry are low, the industry attracts
many small players, including hundreds of thousands of
individuals who work as consultants or short-term employees.
Rather than a handful of competitors working on the same problem,
there are likely to be dozens, hundreds, even thousands. Since
under the patent system one winner takes all, many
others--including developers without lawyers--are deprived of
the fruits of their independent labor and investments.
Patent proponents argue that this uninhibited duplication of
effort wastes resources. But the "waste" could be cut only by
reducing the number of players and slowing the pace of
development to fit the cycles of the patent system. The result
would be a handful of giants competing on a global scale, bidding
for the ideas and loyalty of inventive individuals.
However, many programmers believe that there are diseconomies of
scale in software development--that the best programs are
authored rather than assembled. The success of Visicalc, Lotus
1-2-3, WordPerfect, and other classic programs testifies to the
genius of individuals and small teams. Certainly there has been
no evidence that they need more incentives. Quite the contrary,
the freewheeling U.S. software industry has been a model of
creative enterprise.
A Costly System
Even software developers and publishers who do not wish to patent
their products must bear the costs of operating under a patent
system. While these costs may initially come out of the software
industry's operating margins, in the long run, they will be borne
by users.
At the first level is the expense of analyzing prior art to avoid
patent infringement. A precautionary search and report by
outside patent counsel can run about $2,000--that's per process,
not per program.
Next are the direct costs of the patent monopoly--the license
fees that must be paid to patent holders. If the patent holder
refuses to license at a reasonable fee, developers must design
around the patent, if that is possible. Otherwise, they must
reconceive or even abandon the product.
The third set of costs are those incurred in filing for patents.
Searching for prior art, plus preparing, filing, negotiating, and
maintaining a patent, can total $10,000 to $25,000, not including
internal staff time. Seeking foreign patents can make the bill
substantially higher.
The notoriously high costs of patent litigation must be borne by
both sides. Just the discovery phase of a lawsuit is likely to
cost each side a minimum of $150,000, and a full trial can cost
each from $250,000 to millions. Again, these figures do not
include internal staff time, which could easily double the real
cost. While a small patent holder may be able to secure a law
firm on a contingency basis or sell an interest in the patent to
speculators, the defendant has no such options.
Litigation also involves the possibility and further expense of
an appeal. All appealed patent cases now go directly to the
Court of Appeals for the Federal Circuit (CAFC, successor to the
CCPA), where panels in patent cases are usually led by patent
lawyers turned judges. Whereas patents once fared poorly on
appeal, the CAFC has found patents to be both valid and infringed
in over 60 percent of the cases that have come before it. The
CAFC has greatly strengthened the presumption of patent validity
and upheld royalties ranging from 5 to 33 percent.
While a large software company may be able to absorb these costs,
they will disproportionately burden smaller companies. The first
to suffer will be independent developers who cannot afford to
market their own products. These developers typically receive
royalties of 10 to 15 percent from publishers who serve as their
distributors. Such modest margins, out of which developers must
recoup their own costs, would be wiped out by the need to pay
royalties to a few patent holders.
The high costs of a patent environment give patentees
considerable leverage over small firms who will, as a practical
necessity, pay a license fee rather than contest a dubious claim.
To establish credibility, the patentee will settle for small fees
from the initial licensees. The patent holder can then move on
to confront other small firms, pointing to such licensings as
acknowledgments of the patent's validity and power. This tactic
has a snowballing effect that can give the patent holder the
momentum and resources to take on larger companies.
Cross-licensing--where firms secure patents to trade for the
right to other patents--seems to work reasonably well in many
industries and has been touted as the answer to these problems.
However, cross-licensing is of little value to smaller companies,
which have little to bring to the table. And cross-licensing may
prove of limited value even to large companies, since it does not
protect against companies like Refac that have no interest in
producing software and therefore no need to cross-license.
Of course, the power that software patents afford may induce some
venture capitalists to invest in them. But investing in software
patents is one thing; investing in robust, complex products for a
mass market is another.
In fact, software publishers hold very few patents. The vast
majority are held by large hardware companies, computer
manufacturers that have in-house patent counsel and considerable
experience in patenting and cross-licensing. Nearly 40 percent
of the software patents that the U.S. Patent and Trademark Office
now issues go to Japanese hardware companies. It is quite
possible that the separate software publishing industry may cease
to exist as companies find that they need the patent portfolios
and legal resources that the hardware giants can provide. The
result will be a loss of diversity in software products, reduced
competition, and, many believe, a less productive software
industry.
Protecting Ideas and Information
A deeper, more disturbing problem in patenting programs was
barely evident before computers became ubiquitous personal tools
and software became infinitely versatile. More than a
"universal machine," the computer has developed into a medium for
human expression and a mediator of human experience. Software is
designed to satisfy specific needs for shaping and delivering
information. Thus, what is increasingly at stake in software
patents is the generation and flow of information. This becomes
more threatening when the claims in a patent extend far beyond
the disclosed means of implementation to cover general ideas.
Broad patent claims covering abstract processes are not limited
to software, or even to computer hardware. Consider patent no.
4,170,832, granted in 1979 for an "interactive teaching machine."
The patent discloses a clumsy-looking combined videotape deck and
television with a set of push buttons.
The patent includes a process claim for a procedure commonly used
in interactive video: showing an introductory video segment,
presenting the viewer with a limited number of choices,
registering the viewer's decision, and then revealing the likely
outcome of that decision. The disclosed machine, which was never
marketed, contributes nothing to the public domain: it simply
reveals one person's way of implementing a basic instructional
technique.
In a notorious 1983 case, a federal district court upheld the
patentability of Merrill Lynch's Cash Management Account system,
a procedure for moving investment funds among different types of
accounts. Acknowledging that the system--essentially a method of
doing business--would not be patentable if executed with pencil
and paper, the court nevertheless upheld the patent because it
made use of a computer.
The Patent Office has taken this principle one step further.
Besides granting monopolies on new procedures such as the Cash
Management Account system, the office is also awarding patents
merely for automating familiar processes such as generating
footnotes (patent no. 4,648,067) and comparing documents (patent
no. 4,807,182). But software developers have been routinely
automating such common office functions, bookkeeping procedures,
learning strategies, and modes of human interaction for years.
The principle that patents are granted to induce inventors to
disclose trade secrets has no relevance here. These processes
are part of everyday life, and can and should be computerized in
a number of ways.
What's more, information per se is traditionally the substance
and territory of copyright. The intelligent ordering of
information is the very heart of grammar, rhetoric, and graphic
design.
Why should information be subject to the pervasive restraints of
patent simply because it is interactive rather than linear?
Should human expression that is assembled, communicated, or
assimilated with the aid of a computer be restrained by patents?
If the computer is seen as an extension of the human mind rather
than vice versa, the answer is no.
Changing Patent Policy
Software developers who understand the impact of patents are
demoralized. Lawyers assure them that patents are here to stay,
and that programmers must seek new patents to protect against
other patents. These lawyers point to the growing torrent of
software patents, the presumption of patent validity, and the
fervidly pro-patent record of the Court of Appeals for the
Federal Circuit. Smaller companies that cannot afford this
advice can only hope that companies with deeper pockets will
afford more visible and attractive targets for patent holders
bringing suit.
But the narrowness of the Supreme Court decision in Diamond v.
Diehr remains. The Court never explicitly rejected the
traditional doctrines against the patentability of mental steps
and business methods, doctrines that may yet defeat many of the
patents that have issued. If the hue and cry grows, Congress
could amend the Patent Act to make it clear that the scope of
patenting is still limited to physical processes.
The software industry was not broke, but it is in the process of
being "fixed." The question is whether the fixing will be done
by the gush of awards from private proceedings in the Patent
Office--or by a public decision about whether software patents
serve "to promote the Progress of Science and useful Arts," as
the Constitution requires.
+++++++++++++++
Brian Kahin is an attorney specializing in information technology
and policy. An adjunct research fellow in the Science,
Technology and Public Policy Program at Harvard University's
Kennedy School of Government, he was formerly affiliated with the
MIT Research Program on Communications Policy and the MIT
Communications Forum. He is a graduate of Harvard College and
Harvard Law School.
------------------------------
Date: Thu, 26 Mar 92 11:20:08 EST
From: ulowell!p30.f30.n231.z1.fidonet.org!Dave.Appel%harvard@HARVUNXW.BITNET
Subject: File 2--Why form is as important as content
I'd like to pass a message on to authors who write for electronic
newsletters: If you make your article easy to read, you will get
more people to read it.
I've been reading electronic news in the form of computer
bulletin boards and electronic newsletters since 1986. At first
I mainly saw technical and hobbyist communication, but BBS and
Usenet readership has changed. Your communications can no longer
be directed solely to tech-weenies and computer-nerds. You must
include a wide cross section of non-technical society as well.
Your audience is wider than you think. For example, I get CUD
from a BBS with a Usenet feed, and then distribute it to 4 other
bulletin boards in town. When I see something very important,
I'll post a message in the city-wide echo conference (25 BBSs)
referring people to an article in CUD###.ZIP on such-an-such BBS.
And, I know other folks in other cities do this too.
QUESTION:
What can you do to get more people to read what you write?
ANSWER:
****----> MAKE IT EASIER TO READ <----****
QUESTION:
How do you make it easier to read?
ANSWER:
Form, format (pretty-printing and line length), good
sentence structure, short well-constructed paragraphs,
correct grammar, correct spelling, syntax ... all those
things that made you hate your high school sophomore
English teacher.
Yes, this stuff does make an article easier to read. And, an
article that is easy to read has a better chance of being read.
One key segment of your audience consists of people, such as
executives or other non-technicals, who won't read "news" on a
monitor or VDT. (Believe it or not, there are a lot of people
who don't work in front of a computer screen.) These people need
to see a hard copy.
Therefore, your article not only has to look good on the screen,
it also has to look good on *PAPER* without reformatting. (You
might come back and say "research has shown that X percent
of readers read it online." But 100 minus X percent don't. And
VIPs, the ones you want to convince and motivate the most, don't.
To those people hard copy is not only easier but carries more
impact than the ethereal electronic version.)
Additionally, those who read the hardcopy version probably don't
have access to e-mail to easily respond to surveys about how and
where they read it. There is a vast silent readership out there.
And the better your article looks on paper, the larger that
readership will be.
Here we go.
LINE LENGTH:
Long lines are harder to read than short lines. Just because you
have 80 columns on the screen doesn't mean that line length has
to extend that far. Printed magazines usually have three columns
per page, sometimes more, always at least two.
I suggest a maximum of 65 characters for line length. It's
easier to read on the screen, and will give a print-out big 1"
margins when printed on standard 8.5" x 11" paper in a standard
pica (10 pitch, 12 point) font. BIG margins make it easier to
read.
Magazine editors have a formula for determining the optimum line
length:
O = lca x 1.5
Mn = O - 25%
Mx = O + 50%
Where O= optimum line length and lca = lower case alphabet length.
In essence, this formula says that a the best length for a line
is one and one half times the length of all of the lower case
letters printed next to each other, give 50% or take 25%.
Example:
I see your article online. I like it, believe it, and want to
act on it. You've convinced me. But I'm staff, not management.
I have to make a hard copy of your article, or the whole
newsletter, and present it to management. Anyone who has
presented reports to management knows that looks count.
But I can't just shoot it out to the printer in a nice 11 or 12
point font and maintain decent margins. I have to remove the
hard carriage returns, but not all of them, to reformat
paragraphs. Headers, quotes, tables, outlines, and indented
paragraphs need the hard returns left in. So neither standard
search-and-replace nor conversion programs will work 100%. It's
a hand job. Now it's going to take me 15 to 20 minutes in a
word-processor before I can print it out and hand it to my boss.
Multiply that by the 100 or 1000 people around the world who
might want to show your important article to their boss.
SENTENCE LENGTH:
Sentence length needs to be varied similar to how a story-teller
or a comedian varies the pace. This keeps the audience or reader
from getting bored. If all the sentences are of equal length it
gets rhythmic and monotonous. Very long sentences are hard to
understand.
PARAGRAPH LENGTH:
Long paragraphs make a page look gray, and make it harder to
read. Long paragraphs are visually unpleasant. White space is
needed to break it up.
A paragraph should contain just one thought and be small enough
to be easily understood. If your thought takes too long to
explain, break it up into smaller pieces. More complex material
needs shorter elements to be easily understood. Paragraph length
affects the eye-strain, attention span and fatigue level of your
reader, which in turn affects whether he will finish reading it.
ORGANIZATION:
Good organization can be summarized in three easy steps:
1) Thesis
2) Body
3) Conclusion
Tell the reader what you're going to tell him. Expound upon it
and make your points. Then recap what you said. The reader
should not have to read three or four paragraphs down to find out
what you are writing about. Most people just read the first
paragraph to find out if they want to read the rest of article.
If you don't hook them in the first paragraph, you've lost them.
SPELLING, GRAMMAR, ETC:
Just between us, I don't care if you make typos. You don't care
if I make typos. However, errors stick out like a sore thumb to
scholars, businessmen and management types.
Spelling and obvious grammar or usage errors give the
impression that you aren't serious about what you are writing.
Such errors indicate that you didn't take the time to give your
piece a professional appearance. These errors give people who
don't know you the impression that you aren't as intelligent as
you really are.
Besides, a four star restaurant does not serve haute cuisine on
paper plates. You don't package a diamond ring in an old cigar
box. If your piece is important, you need to make it look
important.
HOW TO DO IT:
First, check your work yourself, keeping in mind the above
suggested guidelines. Proof it two or three times, then run it
through spelling and grammar checkers if possible.
If your piece is very important, ask a friend to look it over.
If your piece is of the utmost importance, ask someone with
professional editing or proofreading experience to look it over.
Even professional writers admit that proofing and final editing
one's work is best done by someone else. Other people can point
out things in your writing that you don't see.
Most spelling and grammar checkers don't point out such usage
errors as "there" instead of "their" or "they're." It takes
careful proofreading two or three times.
An occasional comma splice or run-on sentence will not bother
most readers. But complicated, poorly constructed, or hard to
understand sentences will have the reader shaking his head
wondering what you meant.
If you don't have friends or associates who are good at
proofreading and editing, you can try professional services.
Many editors, proofreaders, typesetters, etc. have started their
own desktop publishing businesses. Even if all you need is
electronic editing, not hardcopy output, those people can help
you polish your work. This will help you get your points across,
and even increase the number of people who read your article.
One such business in Indianapolis is The Electronic Editor BBS at
(317)293-8395, 293-1863 voice. They allow you to upload your raw
copy in practically any format and from any word processor.
Making files "sysop only" insures privacy. Encryption with
PKZIP's password facility prior to upload can guarantee privacy.
Their editors make the edited version of your file available in
encrypted format for download or mail the file back to you on
diskette. Hardcopy laser printer output is optional.
CONCLUSION:
I think that many of the issues discussed in electronic
newsletters such as CUD are important. I'd like to see those
issues taken to the power holders, the movers and shakers, the
corporate executives and the middle managers who run the
institutions in our society.
I see many articles that might be described as diamonds in the
rough. Polishing your articles and formatting them nicely will
go a long way towards:
- increasing your readership
- reaching the important people
- assisting your current readership in re-distributing your
work beyond the electronic community.
You may send comments, questions, flames, to:
Fidonet: Dave Appel @ 1:231/30
RIME: Dave Appel -> IBMNET
Internet: Dave.Appel@f30.n231.z1.fidonet.org
------------------------------
Date: Fri, 27 Mar 92 8:01:39 EST
From: Lance J. Hoffman <hoffman@seas.gwu.edu>
Subject: File 3--FBI OpEd in NYT (Risks Digest Reprint, #3.31)
The debate on (son of) S. 266 and on whether and how to "dumb down"
computer technology to satisfy law enforcement needs is joined in The
New York Times of Friday, March 27, 1992 with articles by William
Sessions, FBI director, and Janlori Goldman, director of the privacy
and technology project of the American
Civil Liberties Union. RISKS readers with an interest (or stake)
should read these articles carefully, and consider responding with
letters to the editor of the New York Times of their own if they have
anything to add. If the technical community wishes to be heard, it
should speak up now. (Letters to their congressional representatives
may not hurt either ;-) ).
Lance Hoffman
Department of Electrical Engineering and Computer Science, The George
Washington University, Washington, D. C. 20052 (202) 994-4955
++++++++++++++++++++++++++++++
>Date: Fri, 27 Mar 92 07:54:31 CST
>From: ks@stat.tamu.edu (Kurt F. Sauer)
>Subject: The FBI Needs Industry's Help--OpEd in NYT
FBI Director William Sessions wrote an interesting op-ed piece in
today's New York Times (Vol. CXLI, No. 48,918, Fri., Mar. 27, 1992, p.
A15) dealing with the problems which federal law enforcement expects
to encounter when placing court-ordered wiretaps on data circuits.
When I read between the lines, it sounds as if Mr. Sessions doesn't
want us to use data security which employs end-to-end encryption;
perhaps other RISKS-DIGEST readers will draw different conclusions.
[Under the rubric "Dialogue/High-Tech Wiretaps"]
Keeping an Ear on Crime: The F.B.I. Needs Industry's Help
By William S. Sessions
Advances in telecommunications technology promise to deprive
Federal, state and local law enforcement officers and the public of
the incalculable benefits that can be obtained only by
court-authorized wire-tapping.
Wiretapping is one of the most effective means of combating drug
trafficking, organized crime, kidnapping and corruption in government.
The Federal Bureau of Investigation does not want the new digital
technology that is spreading across America to impair this crucial
law-enforcement technique. Thus, after consulting with the
telecommunications industry, members of Congress and executive branch
agencies, the Justice Department has proposed legislation that is
intended to preserve the ability of law enforcement officers to
intercept conversations of people engaged in serious crimes.
This bill is consistent with legislation passed in 1968 after
Congress debated the constitutional problem posed by the Government's
need to address both serious criminal conduct and the individual's
right to privacy. Congress struck a balance by passing the Omnibus
Crime Control and Safe Streets Act.
That law and later amendments created the meticulous procedure by
which law enforcement officers obtain judicial authorization for
electronic surveillance. Wiretaps can be used to address only the
most serious criminal, sometimes violent, threats facing society.
Only when a judge is satisfied that all statutory safeguards have been
met and all other reasonable investigative steps have failed or will
likely fail, are taps permitted.
Digital technology makes possible the simultaneous transmission
of multiple conversations and other data over the same lines. The
problem is that voice transmission will soon be replaced by an
endless, inseparable stream of electronic emissions, making it
virtually impossible to capture criminal conversations.
The Federal Bureau of Investigation is not complaining. As the
telecommunications industry develops digital technology, new services
such as Caller ID are becoming available to business and private
customers. The new technology already has provided benefits for the
F.B.I.--for example, it helped solve the bombing of Pan Am Flight 103.
But if digital technology is fully introduced with insufficient
attention to public safety, the effectiveness of law enforcement
officers will be greatly impaired.
As society and technology evolve, so do government's needs and
responsibilities. And, yes, the burden of helping to safeguard the
public often falls on those who make profits from regulated goods and
services. It is reasonable for the telecommunications industry to
come to the aid of law enforcement. The proposed legislation relies
on it to find technical solutions that are cost effective while
permitting the development of its technology. Surely it can do both
in a way that insures its competitiveness.
Indisputably, there will be financial costs associated with
whatever technical solutions the private sector might develop. These
costs cannot be measured only in dollars; consider the price society
would pay if the ability to solve complex crimes were thwarted by an
end to wiretapping. In a recent large-scale military-procurement
fraud case-- which was successful because of wiretaps--the fines,
restitutions, forfeitures and savings to taxpayers exceeded $500
million.
The cost to telecommunications companies would not be so
substantial as to outweigh the consequences of an inability of law
enforcement to act. But if nothing is done soon, as technology
advances and the digital systems become more widespread, the cost of
addressing the issue down the road will undoubtedly increase
dramatically.
The proposed legislation does not expand the authority of the
F.B.I. or any other criminal justice agency. It simply preserves
what Congress authorized in 1968--nothing more.
In recent years, Congress has expanded the Federal criminal
activities for which wiretapping may be obtained. As in 1968, it must
decide if law enforcement should have this invaluable tool available.
I am confident that congress will again support law enforcement by
approving the necessary legislation.
------------------------------
Date: Tue, 31 Mar 92 18:23:41 PST
From: central office <9958@service.com
Subject: File 4--ACLU's Janlori Goldman's Reply to FBI Proposal (Risks Reprint)
>Date: Mon, 30 Mar 92 20:40:26 EST
>From: "Daniel B. Dobkin" <dbd@ans.net>
>Subject: Dumbing down the FBI
Lance Hoffman's posting on Friday mentioned the New York Times Op-Ed
dialogue between FBI Director William Sessions and Janlori Goldman,
director of the ACLU Privacy and Technology Project. Kurt Sauer
posted Director Session's article; at the risk of preaching to the
choir, herewith is Ms. Goldman's reply.
Keeping an Ear on Crime: Why Cater To Luddites?
By Janlori Goldman
The Federal Bureau of Investigation says advances in the
telecommunications industry are likely to make it difficult to use its
old-fashioned wiretapping techniques to listen in on telephone
conversations. The F.B.I.'s solution, in legislation the Justice
Department is asking Congress to pass, is to force the
telecommunications and computer industries to redesign their
modernized systems to accommodate the bureau's needs. Unfairly, the
F.B.I. wants consumers to pay for it through rate increases and higher
equipment costs. The telecommunications and computer industries both
oppose a bill that would mandate such sweeping regulations.
The proposal makes the bureau look like Luddites, the 19th century
English weavers who smashed new machines that they claimed put them
out of work. Instead of keeping up with new developments, the F.B.I.
wants to freeze progress.
It is wrongheaded and dangerous to require the industry to put
surveillance first by slowing innovation and retarding efficiency. How
can the F.B.I. justify this policy at home while the White House is
wringing its hands over U.S. competitiveness in the international
market?
The F.B.I. fears that new digital technology will make it difficult,
even impossible, to listen in on conversations by using traditional
wiretapping equipment. The new technology converts voices and data
into electronic blips and reconverts the blips into voices and data
near the receiving end on high-speed fiberoptic lines.
The bureau overstates its concern. The telecommunications industry
says it is not aware of a single instance in which the F.B.I. has been
unable to tap a line because of the widespread new technology. Even
the Director, William S. Sessions, admitted in a Congressional
hearing last week that no warrant has been issued that could not be
executed.
At issue is the F.B.I.'s ability to wiretap in the future. But the
answer is not a legislative fix that freezes technology. The F.B.I. is
not only asking the industry to dumb down existing software, it wants
to prohibit it from developing new technologies that might interfere
with the Government's ability to intercept various oral and electronic
communications. The proposed restrictions not only cover phone
companies but also on-line computer services (such as as Prodigy and
Compuserve), electronic mail systems and bulletin boards, and
switchboards.
The F.B.I. says its proposal only seeks to preserve its legal
authority to wiretap. Actually, it wants to expand the power of the
Federal Communications Commission, which regulates the
telecommunications industry, to make the F.B.I.'s needs a priority in
designing new technologies. In its legislation, the Government
threatens to impose a $10,000-a-day fine on companies that develop
technologies that exceed the F.B.I.'s technical competence. The
F.B.I. has it backward. If the Government wants to engage in
surveillance, it must bear the burden of keeping pace with new
developments. Last year, Congress appropriated $80 million for a
five-year F.B.I. research effort focused on telecommunications
advances.
There is a serious risk that rollbacks in advances may make
telecommunications networks more vulnerable to unauthorized intrusion.
One of the industry's main goals is to design secure systems that
thwart illegal interception of electronic funds transfers, proprietary
information and other sensitive data.
The F.B.I. is not the only agency trying to block progress. The
National Security Agency has tried to put a cap on the private
development of technology in encryption, the electronic encoding of
data to guard against unauthorized use.
As the private sector develops more effective encryption codes to
protect information in its data bases, the N.S.A. worries that it may
have trouble breaking such codes in its intelligence gathering
overseas. The agency is denying export licenses for certain encryption
codes, thus inhibiting the private sector's development and use of the
technology. Congress should defeat the proposal. Otherwise, we may be
prohibited from erecting sturdy buildings if the thick walls prevent
an F.B.I. agent from eavesdropping on a conversation through a cup
pressed to a wall.
------------------------------
End of Computer Underground Digest #4.16
************************************
Computer underground Digest Sun Apr 12, 1992 Volume 4 : Issue 17
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Associate Editor: Etaion Shrdlu, Jr.
Arcmeisters: Brendan Kehoe and Bob Kusumoto
CONTENTS, #4.17 (Apr 12, 1992)
**CONT'
Issues of CuD can be found in the Usenet alt.society.cu-digest news
group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG,
and DL0 and DL12 of TELECOM, on Genie, on the PC-EXEC BBS at (414)
789-4210, and by anonymous ftp from ftp.eff.org (192.88.144.4),
chsun1.spc.uchicago.edu, and ftp.ee.mu.oz.au. To use the U. of
Chicago email server, send mail with the subject "help" (without the
quotes) to archive-server@chsun1.spc.uchicago.edu.
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Mon, 06 Apr 92 10:18:49 EST
From: "John F. McMullen (at Marist)" <KNXD%MARISTB.BITNET@CUNYVM.CUNY.EDU>
Subject: Panel Discussion on Computer Crime & First Amendment
There will be a 2-hour panel discussion on "Computer Crime & First
Amendment Concerns" at 10:30AM on Sunday, April 12th at the 17th
annual Trenton Computer Festival (TCF'92). I will moderate the panel
which will be composed of Donald Delaney, New York State Police Senior
Investigator responsible for computer crime and telecommunications
fraud; Mike Godwin, in-house counsel, Electronic Frontier Foundation
(EFF); Emmanuel Goldstein, editor & publisher - "2600:The Hacker
Quarterly; and Phiber Optik, well-know hacker (previously arrested by
Delaney).
TCF is the oldest computer festival/show in the world, preceding even
the legendary "West Coast Computer Faire". It is held on Saturday &
Sunday, April 11 & 12th at Mercer County College, outside of Trenton,
NJ It will contain over 170 commercial exhibits, the largest computer
flea market on the East Coast (8 acres) and 2 days of seminars, talks
and panel discussions. The keynote speaker (Saturday - 3:00PM) is Paul
Grayson, CEO of Micrografx.
The New York Amateur Computer Club (NYACC), on of the festival's
co-sponsors, is providing bus service from New York City to and from
TCF. A bus leaves 11th Street and 6th Avenue at 8:00AM on Saturday and
8:30 on Sunday (The Sunday bus originates in Long Island). For
details, call Lewis Tanner (212 928-0577 between 7&9PM).
------------------------------
Date: Mon, 30 Mar 92 09:29:10 EST
From: 34AEJ7D@CMUVM.BITNET
Subject: Bogus News Release - Computers and Children
The "News Release" in the latest CUD looks entirely bogus to me.
It is unlikely that ANY group would release a legitimate
news release anonymously,e.g., even terrorist groups like the ALF,
PLO and IRA issue their news releases under thier own banner. Anything
less defeats the entire purpose and propaganda objective of making such
a "release" at all.
So what is the purpose of this release? Perhaps it is a "prank"
perpetrated by someone who gained access to someone else's account
carelessly left logged in. Perhaps it is an attempt at harassment of
the person mentioned at the bottom of the release, akin to the "send
Mr. X 10 copies of the encyclopedia" tactic some Usenetters favor when
miffed. Or perhaps it is a lead in to a pitch for a donation to a
"cause".
Whatever the case, as published it is highly suspect, IMHO.
------------------------------
Date: Wed, 8 Apr 92 22:31:01 CST
From: Jim Thomas <jthomas@well.sf.ca.us>
Subject: Addendum to "News Release - Computers and Children"
In mid-March, Ron Hults, of the Fresno (Calif.) police Public
Information Office, released a press release announcing a news
conference to be held on March 19. The above poster, as have many
others, found the press release, which dramatized a BBS link to
pedophilia and other extreme activity, sufficiently incredible to
doubt its authenticity. The press release indicated that it was the
product of the Fresno Police Department's PIO. The release generated
passionate discussion on comp.org.eff.talk as a reflection of "the
ignorance of law enforcement." In this case, however, Fresno police
seem to themselves have become victims of their own writer's
sensationalism.
Detective Frank Clark, who held the news conference advertised by the
release, intended only to present a summary of the possible forms of
computer abuse to which children are vulnerable. These ranged across
the gamut of activities, from the most benign to the most extreme.
Detective Clark indicated that the extreme sex offenses to which the
release referred constituted about 3 minutes of a 45 minute
presentation. The PIO office, as well as the media covering the news
conference, focused on the extreme sex-related incidents and ignored
the rest. Detective Clark indicated that his purpose was to remind
parents of the importance of familiarizing themselves with their
children's computer activity. He also used the conference to raise the
issue of computer courtesy and ethics, and to identify local resources
(schools, classes, and other forums) available for obtaining further
information about computer use. The release and subsequent coverage
downplayed this.
He did not write the release and was unable to review the final text.
He was quite unhappy with it, and recognizes (and apologized for) the
offense it caused some people. He was quite explicit that, while
opposing the use of computers to prey on others, he nonetheless shares
many of the concerns about protection of civil and Constitutional
rights.
The problem with the Fresno PIO press release, as with similar media
coverage, is the tendency of writers to find the dramatic angle and
ignore the real issues. Perhaps we should all begin to more
aggressively contact publishers and other media personnel to educate
them on the issues when we find such gross distortion.
------------------------------
From: Net Wrider <nwrider@uanonymous.uunet.uu.net>
Date: Thu, 9 Apr 1992 9:00:25 EDT
Subject: "Hacker "Profiles" May Curb Computer Frauds"
Hacker 'Profiles' May Curb Computer Frauds
Source: THE INDEPENDENT March 21, 1992, Saturday (p. 6)
By SUSAN WATTS, Technology Correspondent
THE Federal Bureau of Investigation is dealing with computer hackers
as it would rapists and murderers - by building "profiles" of their
actions.
Its computer researchers have discovered that, in the same way that
other offenders often favour the same weapons, materials or times of
day to perpetrate their crimes, hackers prefer to use trusted
routines to enter computer systems, and follow familiar paths once
inside. These patterns can prove a rich source of information for
detectives.
The FBI is developing a modified version of detection software from
SRI International - an American technology research organization.
Teresa Lunt, a senior computer scientist at SRI, said hackers would
think twice about breaking into systems if they knew computer
security specialists were building a profile of them. At the very
least, they would have to constantly change their hacking methods. Ms
Lunt, who is is seeking partners in Britain to help develop a
commercial version of the software, believes hackers share with
psychotic criminals a desire to leave their hallmark.
"Every hacker goes through a process peculiar to themselves that is
almost a signature to their work," she said. "The FBI has printed out
long lists of the commands hackers use when they break in. Hackers
are surprisingly consistent in the commands and options they use. They
will often go through the same routines. Once they are in they will
have a quick look around the network to see who else is logged on,
then they might try to find a list of passwords."
SRI"s software, the development of which is sponsored by the US
Defense Department, is "intelligent" - it sits on a network of
computers and watches how it is used. The software employs
statistical analysis to determine what constitutes normal usage of the
network, and sets off a warning if an individual or the network
behaves abnormally.
A more sophisticated version of the program can adapt itself daily to
accommodate deviations in the "normal" behaviour of people on the
network. It might, for example, keep track of the number of temporary
files created, or how often people collect data from an outside source
or send out information.
The program could even spot quirks in behaviour that companies were
not expecting to find.
The idea is that organizations that rely on sensitive information,
such as banks or government departments, will be able to spot
anomalies via their computers. They might pick up money being
laundered through accounts, if a small company or individual carries
out an unusually large transaction.
------------------------------
From: David Sobel <dsobel@WASHOFC.CPSR.ORG>
Date: Tue, 7 Apr 1992 15:37:37 EDT
Subject: CPSR FOIAs FBI
CPSR FOIAs FBI
In response to the FBI's recent proposal that digital communications
networks be configured so as to more easily facilitate electronic
surveillance, Computer Professionals for Social Responsibility (CPSR)
has filed a request under the
Freedom of Information Act (FOIA) seeking:
copies of all records regarding the Bureau's
decision to seek new legislative authority for wire
surveillance in the digital communications network.
And following published reports that the FBI is developing a "hacker
profile," CPSR has also requested:
copies of all records regarding the Bureau's
creation of a "profile" of computer "hackers" or
others who seek unauthorized access to computer
systems. This request includes, but is not limited
to, information concerning the FBI's relationship with
SRI International and its use of SRI software.
We will post the results of these requests ... but it could be a while.
David Sobel
CPSR Legal Counsel
dsobel@washofc.cpsr.org
------------------------------
Date: Sun, 12 Apr 92 14:52:02 CDT
From: <wt.70317@linknet.uunet.uu.net>
Subject: FBI Wants to Tap Phone Firms to Eavesdrop (Reprint)
"FBI Wants to Tap Phone Firms for New Eavesdropping Devices"
Source: Chicago Tribune, April 12, 1992 (Sect. 7: 9b)
NEW YORK (Reuters)--The FBI wants the nations telephone companies to
stop rolling out advanced digital phone systems that stymie the
agency's practice of listening in on criminal conversations.
At stake is the future of the wiretap, one of the bureau's most
effective investigative tools, which is getting harder to engineer as
phone systems grow more complex.
The Federal Bureau of Investigation says modern telephone networks,
which rely on digital and fiber-optic systems, are making it difficult
to eavesdrop on phone calls in criminal investigations.
So the bureau has drafted legislation that would require phone
companies to stop deploying digital technology until they can come up
with a way for the bureau to preserve the wiretap.
For regional and long-distance phone companies that have spent
billions of dollars to upgrade systems and galvanize the U.S. lead in
telecommunications, the FBI proposals are late at best and
anti-competitive at worst.
"It is late...this stuff is already out there," said Ken Pitt, a chief
spokesman for Bell Atlantic Corp., one of seven regional telephone
companies, known as the Baby Bells, formed by the breakup of American
Telephone & Telegraph Co.
AT&T and the Baby Bells, as represented by the U.S. Telephone
Association, oppose the draft bill as written.
Researcher Douglas Conn, associate director of Columbia University's
Institute for Tele-Information, said the dispute could threaten the
U.S. position in global communications.
"It is a very, very touch and difficult issue. On the one side is the
very real concern of the FBI. On the other are the telephone companies
and organizations that support using an advanced telecommunications
network to compete internationally," Conn said.
But the FBI is pressing forward.
FBI Director William Sessions recently wrote a column for the New York
Times about the potential threat to the effectiveness of law
enforcement.
"Wiretapping is one of the most effective means of combating drug
trafficking, organized crime, kidnaping and corruption in government,"
Sessions wrote in the column, which was published last month.
"The Federal Bureau of Investigation does not want the new digital
technology that is spreading across America to impair this crucial
law-enforcement technique."
The FBI says it uses telephone wiretaps in just 1 percent of its
investigations and only with a court warrant. But those cases tend to
be major ones involving organized crime and drug traffickers.
By law, telephone companies are required to assist the FBI in
court-approved wiretapping.
But company officials say they are baffled that the FBI, long known for
inventing ingenious investigative tools, expects them to develop the
wiretap technology.
The Federal Communications Commission, which regulates
telecommunications, is also worried about the proposed legislation.
"Our most overriding concern is the potential negative impact this
could have on the development of the telecommunications
infrastructure," said James Spurlock, a top FCC official.
"There are real public policy questions here."
FCC Chairman Alfred Sikes wants U.S. phone companies to speed up their
use of digital systems and fiber optics to compete with technologies
surfacing in Japan, France and Germany.
Regional phone companies are on the threshold of deploying digital
equipment in the local service loops that take in residential
customers, the same leg of the service that the FBI uses in
wiretapping.
But with the coming installation of Integrated Services Digital
Network systems into homes and residences, conventional wiretapping
devices may produce little more than an incomprehensible jumble of
sound.
James Kallstrom, chief of the FBI's engineering and technical services
division, says the bureau proposal would mean only one more
requirement among hundreds that phone companies write into their
systems.
"We are looking for them to take in our requirements as they take in
hundreds of other requirements when they design these things," he
said.
"The have hundreds of internal design requirements to account for
billing and routing and new services. This would be another."
Kallstrom also disputed the argument that the FBI's proposals would
impede technological development or impose big costs, saying changes
could be designed into software or manufactured into switches.
Officials from BellSouth Corp., Bell Atlantic, Nynex Corp., among
other Baby Bells, as well as telecommunications companies American
Telephone & Telegraph Co. and GTE Corp., have met with FBI technicians
at an FBI training center to hammer out the problem.
"These meetings are better refining the issue" and easing some of the
adversity, said BellSouth spokesman Bill McCloskey. But the session
resolved little.
------------------------------
Date: Thu, 9 Apr 92 21:17:54 PDT
From: jwarren@AUTODESK.COM(Jim Warren)
Subject: POSSIBLE INTEREST: Electr.CivLib - model candidate's statement & ideas
Hi,
This concerns practical efforts to assure that traditional
constitutional rights and protections remain clearly guaranteed, even in
the context of modern technology -- in the "Information Age" and across
the "Electronic Frontier."
For this 1992 election-year, the following offers possible models for
do-it-yourself citizen-based political action. Please "copy, post and
circulate" this 3-part document wherever and to whomever you wish. Please
feel free to modify Parts 2 and 3 however you wish -- over your own signature.
After all, freedom always *has* been a
do-it-yourself project.
This introduction is PART-1 of three parts.
PART-2 provides a model cover-letter & facts you might use:
1. First, it *briefly* mentions the electronic civil liberties issues.
2. Its next part is intended to get the attention of a candidate and/or
their campaign staff by illustrating cheap, effective net communications.
3. The next part illustrates that a great number of people (candidate-
translation: "voters") are involved.
4. *Very important*: It outlines our ability to communicate with masses
of people/voters -- at little or no cost.
5. Equally important -- it requests *specific commitment to act* from a
candidate.
6. It offers a matching commitment to publicize their position.
PART-3 is a model candidate's statement committing to specific action.
Note: All successful politicians have mastered the art of *sounding* like
they are supportive of the hundreds or thousands of causes and pleas that
are urged upon them. Good-sounding, vaguely-supportive statements are worth
virtually nothing. Anything less than their issuing a public position
statement committing to explicit action must be considered as meaningless.
Election season is the one time when we have our best chance at
efficient and effective citizen action. All it takes is time and effort.
(And, I walk it like I talk it -- I have forwarded customized versions of
the cover-letter and model-statement to several state and federal candidates
-- all of whom are seeking re-election or election to higher office.)
I would be happy to help others working on these issues, time permitting.
The more people who send this cover letter and model statement to
candidates -- and phone campaign headquarters and ask questions at
candidates' forums; the more sensitized they will become to this
constituency and these fundamental issues of a free society.
Speak and write, now; speak and write, often.
"The price of freedom ..."
--Jim Warren, Electronic Civil Liberties Initiative,
345 Swett Road, Woodside CA 94062; fax/415-851-2814
email/ jwarren@well.sf.ca.us
[ For identification purposes only: organizer/chair of First Conference on
Computers, Freedom & Privacy (1991), first-year recipient of Electronic
Frontier Foundation Pioneer Award (1992), MicroTimes contributing editor &
columnist, Autodesk Board of Directors member, founding of InfoWorld,
founding editor of Dr. Dobb's Journal, past chair of ACM, SIGMICRO and
SIGPLAN chapters, etc., blah blah blah. ]
=============== PART-2, MODEL COVER-LETTER TO CANDIDATE(S) ================
Dear [candidate],
A growing percentage of the 12-16 million people who are "online" --
using networked computers -- are expressing increasing concern about
protecting traditional civil liberties and personal privacy in the
"Information Age." (People are "coming online" at a rate much faster than
the explosive growth of personal computing in the past fifteen years.)
As they use networked computers for electronic-mail, teleconferencing,
information exchange and personal records, they are reporting increasing
threats to electronic "speech," "press," "assembly" and personal privacy.
Electronic messages can have massive, persuasive impact.
For instance: In 1990, a single notice sent out across computer nets
prompted 30,000 complaints about Lotus Corporation's plans to sell personal
data on 20-million consumers. Lotus quickly withdrew their "Marketplace"
product before sales ever began.
Or: In Spring, 1991, a single message sent into the computer nets
prompted thousands of complaints to Senators Biden and DeConcini. It
concerned legislation they had introduced, reportedly requested by the FBI
via Senator Thurmond, that would have crippled secure voice and data
communications for U.S. citizens and business. The Senators withdrew the
proposal with three weeks of the net-circulated note.
Who and how many are interested?
Almost all users are adults. Most are well-educated. Most have upscale
incomes. Most have significant discretion for spending and contributions.
Recent published research indicates there are about 14.2-million people
sharing 1.3-million "host" computers on the "Internet" network. This
includes about 960,000 people using 12,000+ home/personal computers as shared
BBSs -- networked electronic "bulletin board systems." These offer free or
almost-free teleconferencing and electronic-mail. [Matrix News, Feb., 1992,
1120 S. Capitol-of-Texas Hwy., Bldg. 2-300, Austin, TX 78746.]
(In addition, there are also the commercial systems such as CompuServe,
Prodigy, GEnie and MCImail -- but they have only several million users and
are costly in comparison to the much larger Internet computer matrix.)
Mass-discussions of freedom and privacy concerns are escalating.
Almost-instant mass-circulated online "newspapers" and "news-groups,"
plus numerous popular teleconferences, increasingly carry reports of
electronic civil-liberties and privacy concerns. Credit-data abuses,
covert employer surveillance, corporate espionage, seizure of electronic
publications, searches of entire electronic post offices, and government
opposition to secure communications are greatly escalating these concerns.
These issues are rapidly penetrating the public press and television.
Example: The First Conference on Computers, Freedom and Privacy (1991),
prompted well in excess of 80 pages of press, including the New York Times,
Los Angeles Times, Wall Street Journal, Time Magazine, Business Week,
Scientific American, Germany's Der Spiegel, etc.. [For copies, contact
CFP#1 chair, Jim Warren, 345 Swett Road, Woodside CA 94062; 415-851-7075.]
Functionally-free, almost-instantaneous mass communication is available.
It is trivial for anyone to "broadcast" comments or information across
the nets to thousands of people, almost immediately and for free or perhaps
costing $15-$20/month. Over a million people read news-groups in USENET,
which is just one of thousands of electronic "newspapers."
And, system-owners and system-operators -- those often most-deeply
concerned about these civil liberties, privacy and content-liability issues
-- can have every user of their system receive whatever message they choose,
perhaps only once, or perhaps every time each person logs-in. Without cost.
Various of these "sysops" are agreeing to inform every one of their users --
often numbering in the thousands -- about candidates who commit to act to
protect civil liberties and privacy against new, technology-based threats.
We ask for your commitment.
A number of people who are well-known across this huge network are
asking candidates to commit to specific action, to make clear that
constitutional protections unquestionably apply across this new "electronic
frontier." We ask that you issue a formal position statement, committing to
act on these matters. (We recognize that an informal statement of general
principles is of minimal value without specifics or commitment to action.)
We ask that you commit to protecting Constitutional freedoms, regardless
of technology. Enclosed is a "model" that you might use as a starting point.
(It illustrates some of the issues that many people feel are most important.)
Commitment is reciprocal.
If you commit to act, we will promptly broadcast it far and wide across
this massive, high-speed network. And, if your opponent(s) who receive this
request, avoid explicit commitment -- by inaction, ambiguous statement or by
specific refusal -- we will publicize that with equal vigor.
Additionally, some of us are prepared to assist committed candidates to
publicize/discuss all of their positions and issues -- not just these online
issues -- via this free, fast, pervasive mass-medium.
And finally, candidates who address these issues first can generate
notice in the public press and television -- especially re protecting freedom
of speech, press, assembly and personal privacy. Numerous reporters have
shown active interest in these issues, to say nothing of 300-400 computer
trade periodicals. Some of us have lists of lay and trade reporters
interested in these issues and would be happy to assist your p.r. staff
in publicizing your commitment.
I appreciate your attention to these comments and requests, and look
forward to your timely reply.
<<signature & affiliation, if any>>
=================== PART-3, MODEL CANDIDATE'S STATEMENT ====================
Guaranteeing Constitutional Freedoms into the 21st Century
Preface
Harvard Law Professor Laurence H. Tribe, one of the nation's
leading Constitutional scholars, views technological threats to our
traditional constitutional freedoms and protections as so serious that --
for the first time in his career -- he has proposed a Constitutional
Amendment:
"This Constitution's protections for the freedoms of speech, press,
petition and assembly, and its protections against unreasonable searches and
seizures and the deprivation of life, liberty or property without due
process of law, should be construed as fully applicable without regard to
the technological method or medium through which information content is
generated, stored, altered, transmitted or controlled."
-- First Conf. on Computers, Freedom & Privacy, 3/27/91, Burlingame CA
In the absence of such a constitutional clarification, legislation and
regulation are the only alternatives to assure that citizens are protected
from technological threats against their constitutional rights and freedoms.
Candidate's Commitment to Action
(model statement)
Preface: It has been over two centuries since our Constitution and Bill
of Rights were adopted. The great technological changes in the interim --
especially in computing, telecommunications and electronics -- now pose a
clear and present danger to the rights and protections guaranteed in those
great documents. Therefore:
Commitment: In the first legislative session after I am [re]elected, I
will author or co-author legislation reflecting the following specifics, and
I will actively support and testify in favor of any similar legislation as
may be introduced by others. Further, I will actively seek to include in
such legislation, explicit personal civil and/or criminal penalties against
any agent, employee or official of the government who violates any of these
statutes. And finally, I will keep all citizens who express interest in
legislative progress on these matters fully and timely informed.
The protections guaranteed in the Constitution and its Amendments shall
be fully applicable regardless of the current technology of the time. This
particularly includes, but is not limited to:
Speech: Freedom of speech shall be equally protected, whether by voice
or in written form as in the 18th Century, or by electronic transmission or
computer communication as in the 20th Century and thereafter.
Press: Freedom of the press shall be equally protected, whether its
information is distributed by print as in the 18th Century, or by networked
computers or other electronic forms, as in the 20th Century and thereafter.
Liability for content: Just as a printer is not liable for content of
leaflets printed for a customer, so also shall the owner or operator of a
computer or electronic or telecommunications facility be held harmless for
the content of information distributed by users of that facility, except as
the owner or operator may, by contract, control information content. Those
who author statements and those who have contractual authority to control
content shall be the parties singularly responsible for such content.
Assembly: Freedom of assembly shall be equally protected, whether by
face-to-face meeting as in the 18th Century, or by computer-based electronic-
conference or other teleconference as in the 20th Century and thereafter.
The right to hold confidential meetings shall be equally protected, whether
they be by personal meeting in private chambers, or by computer-assisted or
electronic-based means.
Self-defense: The right of the people to keep and use computers and
communications connections shall not be abridged by the government.
Search & seizure: The right of the people to be secure in their papers
and effects, against unreasonable searches and seizures, shall be fully
applicable to their electronic mail, computerized information and personal
computer systems.
Warrants: No warrants for search or seizure shall issue for computerized
information, but upon probable cause, supported by oath or affirmation, and
particularly describing the computer system to be searched and the specific
information to be seized.
Secure information vaults: Just as search and seizure of letters in a post-
office, and papers in a bank-vault lock-box, and surveillance of telephone
conversations by wire-tap, each require a separate warrant for each postal
address, lock-box and telephone line, so also shall a separate warrant be
required for each electronic-mail address and/or computer files of each
suspect, when stored in a computer facility or archive shared by others.
And further, computer files stored in a shared facility or archive by or for
a citizen who is neither named in a warrant nor associated with a suspect
so-named, may not be used against that un-named citizen, if seized or
discovered during legal search of or for files of a suspect.
Self-incrimination: No person shall be compelled in any civil or
criminal case to be a witness against himself or herself, nor be compelled
to provide information retained only in their mind, nor otherwise be
compelled to assist the translation or decoding of information that he or
she believes may be self-incriminating.
Property: Private property shall not be taken for public use without
just compensation, nor shall such property be used nor sold by any
government agency for less than fair market value, in which case all such
proceeds shall promptly derive singularly to its last owner prior to
government seizure.
Speedy release: Anyone not accused of a crime shall enjoy the right to
a speedy release and return of all of their property, as may be seized
under any warrant, particularly including their computerized information.
The government shall be fully liable for any damage befalling property or
information they have seized.
[signed] _____________________________________ [date] _________________
_________________________ [please print or type]
_________________________ title / current office / office sought
_________________________ address
_________________________
_________________________
_________________________ campaign-office voice-phone number
_________________________ campaign-office fax number
_________________________ campaign-office electronic-mail address
[ Additional copies of this model candidate's position commitment are
available from:
Jim Warren, Electronic Civil Liberties Initiative,
345 Swett Road, Woodside CA 94062; (415)851-7075, fax/(415)851-2814;
electronic-mail/ jwarren@autodesk.com -or- jwarren@well.sf.ca.us . 4/4/92
For identification purposes, only: Warren was the Chair of the First
Conference on Computers, Freedom & Privacy held in March, 1991, a recipient
in 1992 of one of the Electronic Frontier Foundation's first Pioneer Awards,
is a Contributing Editor and "futures" columnist for MicroTimes, a member of
the Board of Directors of Autodesk (one of the nation's half-dozen largest
software companies), founded several trade periodicals, and is a writer
and entrepreneur, well-known across the computer industry. ]
------------------------------
Date: Sun, 12 Apr 92 12:12:32 CDT
From: Moderators <tk0jut1@mvs.cso.niu.edu>
Subject: JIM WARREN nominated to the Consumers Union Board of Dirs
The Consumer Union has recently nominated JIM WARREN as a candidate
for election to their Board of Directors. Jim is one of 13 candidates
for six seats on the Board. Candidates are elected by CONSUMER
REPORTS subscribers, who are receiving their ballots this month.
CuD readers who subscribe to CONSUMER REPORTS should be especially
interested in Jim's nomination and consider him as one of their six
choices for several reasons:
For years, Jim has been a leader in fighting for inexpensive access to
computer technology and on-line services. He has also been a primary
figure in addressing broader consumer issues, such as consumer rights,
credit reporting, and consumer tracking.
Jim is a recipient of the Electronic Frontier Foundation's PIONEER
award for his sustained contributions to the computer community. In
summarizing Jim's accomplishments, Mitch Kapor wrote:
Jim Warren has been active in electronic networking for many
years. Most recently he has organized the First Computers,
Freedom and Privacy Conference, set-p the first online
public dialogue link with the California legislature, and
has been instrumental is assuring that rights common to
older mediums and technologies are extended to computer
networking.
Jim's knowledge of and commitment to the issues of consumer rights
would make him a valuable addition to the CU Board. If you subscribe
to Consumer Reports (or know anybody who does), think about asking
them to vote for JIM WARREN as a way of expanding cyberspace
representation where it can have an impact.
------------------------------
Date: 03 Feb 92 17:33:41 EST
From: The Mad Poet <71110.4334@COMPUSERVE.COM>
Subject: MONDO 2000 poem
DOES SHE DO THE VULCAN MIND MELD ON THE FIRST DATE?
By Nick Herbert
From MONDO 2000, the magazine for cyberspace
I want your bra size, baby,
Fax number, E-mail address,
Modem com code, ID,
Phone machine access.
Give me your thumb print, password,
Blood type and credit check;
Give me your antibody spectrum,
Your immune response spec.
Let's break bread together, baby,
Exchange cryptographic primes;
Let's link up our parallel ports;
And go on-line in real-time.
Let's indulge in covalent bondage;
Let's communicate in C.
Let's merge our energy bodies
And bob in the quantum sea.
I wanna swim in your gene pool, mama;
Snort your pheromones up close range;
Tune in your neurotransmitters,
Introduce you to Doctor Strange.
I wanna surf in your quantum potentia;
Mess with your thermostat;
Wanna tour your molecular orbits;
Wanna feed your Schrodinger cat.
Let's surgically merge our organs;
Our kidneys, our lungs and our hearts;
Let's read physics journals together
And laugh at the dirty parts.
Let's Bell-connect our bellies
With some quantum-adhesive glue;
Let's do new stuff to each other
That Newton never knew.
I wanna feel your viscosity, honey,
Melt my rheological mind;
Let your female force-field vortex
Deform my male spacetime.
------------------------------
End of Computer Underground Digest #3.25
************************************
Computer underground Digest Sun Apr 19, 1992 Volume 4 : Issue 18
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Associate Editor: Etaion Shrdlu, Jr.
Arcmeisters: Brendan Kehoe and Bob Kusumoto
CONTENTS, #4.18 (Apr 19, 1992)
File 1--The Good, the Bad, and Ugly Facts
File 2--"Internet tapped for global virtual publishing enterprise"
File 3--Medical Data Base (WSJ)
File 4--re California drug forfeiture increases
File 5--First Amendment semi-void in electronic frontier ??
File 6--Summary of 2nd Conference on Computers, Freedom, Privacy
File 7--SUMMARY AND UPDATE: alt.* Removal at UNL
File 8--Those Evil Hackers (San Jose Busts AP Reprint)
File 9--Nationwide Web of Criminal Hackers Charged (NEWSBYTES)
File 10--"Hacker Ring Broken Up" (NYT)
Issues of CuD can be found in the Usenet alt.society.cu-digest news
group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG,
and DL0 and DL12 of TELECOM, on Genie, on the PC-EXEC BBS at (414)
789-4210, and by anonymous ftp from ftp.eff.org (192.88.144.4),
chsun1.spc.uchicago.edu, and ftp.ee.mu.oz.au. To use the U. of
Chicago email server, send mail with the subject "help" (without the
quotes) to archive-server@chsun1.spc.uchicago.edu.
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Fri, 17 Apr 92 15:07:13 EDT
From: Jerry Leichter <leichter@LRW.COM>
Subject: File 1--The Good, the Bad, and Ugly Facts
CuD 4.11 contains a reprint of a DFP article by one
"max%underg@uunet.uu.net". The article makes two broad sets of points:
1. There is no real difference between the "good" hackers of yore
and the "bad" hackers of today. His quotes from Levy's
"Hackers: Heroes of the Computer Revolution" demonstrate
that these heroes were involved in such things as password
cracking, phone phreaking, and so on.
2. "Information" and "computers" should be free, hackers are just
trying to learn, there is nothing wrong with learning.
Point 2 I don't want to get into; it's old, tired, and if you don't
recognize it for its moral bankruptcy by this time, nothing I can say
will change your mind.
Point 1 I agree with. I was there, and I saw it happen. In fact, I
was involved in it. I broke into my share of systems, used resources
without paying for them, caused accidental system crashes that
disrupted people's work, and so on. (I never did get involved with
phone phreaking. I was one of many who dug up the Bell System
Technical Journal article that gave you all the information you needed
to build a blue box, and I knew the technical details of several other
tricks - but I thought that phreaking was theft even in the early
'70's.)
Max ends by saying:
It is my contention that hackers did not change. Society
changed, and it changed for the worse. The environment the early
hackers were working in correctly viewed these activities as the
desire to utilize technology in a personal way....
In a way he is correct. (The rest of the paragraph continues with the
usual pseudo-socialist twaddle about the evils of the profit motive,
elitism, snobbery, and such, but we'll ignore that.)
Moral decisions are not made in a vacuum. Nor, in a decent society,
are laws chosen without a social and moral context.
When the first "airplane hackers" began working on their devices, they
were free to do essentially as they pleased. If they crashed and
killed themselves well, that was too bad for them. If their planes
worked - so much the better.
After it became possible to build working airplanes, there followed a
period in which anyone could build one and fly anywhere he liked. But
in the long run that became untenable. An increasing number of planes
became too much of a hazard, to each other and to uninvolved people on
the ground. Further, people came to rely on air transport;
interference with it came to be unacceptable. If you want to fly
today, you must get a license. You must work within a whole set of
regulations, regulations that may be inconvenient for *you*, but
that's really too bad: You don't live alone, you live in a society
that is entitled, in fact *required*, to protect its members.
The same goes for many other technologies, ranging from automobiles to
radio transmitters. Think about all the regulations governing your
use of an automobile - not just the requirement that you be licensed,
that you be insured (in most states), that you follow various rules of
the road, but even that you have pollution control equipment that, for
you personally, adds nothing but extra cost.
Max seems to have no understanding of history, of how things change
over time. He has no vision of the world that the early hackers were
operating in. The computers they were hacking at were not being used
for critical things. They were almost entirely at universities, being
used for research. It's hard to imagine, with the reliable machines
of today, but a system in those days that ran for 24 hours without a
crash was doing very well. Yes, crashes caused by hackers were an
inconvenience - but people expected crashes anyway, so they planned
for them.
Disks were small, expensive, and given to head crashes. Few people
stored permanent data on them. There was little of interest to be
found by browsing on most systems, and certainly nothing sensitive.
Systems were stand-alone islands. There was no Internet; there were
few dialins. Systems actually doing significant work, systems
containing sensitive data - business and government systems - were
locked in rooms with no external access. No one thought about hacking
these because no one could get to them.
Even in those times, what I and others did was at best ethically
questionable. None of the people I hacked with ever doubted that;
none of us doubted that if we got caught, we could get into trouble.
As it happened, I was never caught - but several of my friends were.
Their accounts were terminated, which could be a major inconvenience,
as they had actual work to do on those systems. And in those days,
running off to the local Sears and buying a PC was not an option.
Let's not put halos on hackers past. The times were different; the
systems were different. The social scale was different: The hackers
Levy celebrates were operating within communities of at most a few
tens of people, most of whom knew each other. Today's hacker works in
an Internet community numbering in the tens of thousands. It's much
easier to trust people you know or "might easily know". Besides,
within those communities, even the people were different: Systems were
not being used by non-technical people. Much of what we know now -
about how to build secure systems, about the existence of deliberately
destructive programmers - we didn't know then. The same actions we
might have applauded in "the golden age" would draw only opprobrium
today.
This is not just a matter of *technological* change, nor is it a matter
of society becoming less understanding: Even if the only thing that
had happened between 1970 and today were that *the same* computers had
been duplicated and had become widely used for important things, the
argument would have remained the same.
The following is broad generalization, but I don't think it's
completely out of line. Today's college kids are caught in a time of
diminished expectations. Whatever the actual *realities*, they must
certainly look back at the romanticized '60's and '70's they hear
about as a time of free sex without worry, wild parties with free
consumption of drugs or alcohol, revolution and hope and grass in the
air, and so on. They've been led to expect that they will start their
lives at an economic level comparable to what their parents have
today, but they also see that for many of them that will prove
impossible to accomplish. The dissonance is painful; the feeling that
somehow they've been cheated out of something they are due must be
profound.
Hacking, in the broad sense, has always provided an escape from the
harsh realities of the outside world, escape to a world that seems
manageable, a world in which the hacker could imagine himself superior
to the "establishment" which everywhere else imposes controls on him.
The '60's-style language, the pseudo-socialism, the utopian views of the
world as an information-based commune within which greed and hate and
the profit motive would all fade away, all this in the language of the
cracker apologists is a clear echo of the rhetoric of the '60's.
That's where those dreams spring from. America is no longer to be
"greened"; it's to be "fibered" and "digitized". Timothy Leary no
longer needs to preach dropping out through acid; he can now preach
dropping out to virtual reality. There really isn't all that much of
a difference.
I'm sorry Max and his friends missed out on those wild and wooly
times; they seem to come along every forty or fifty years or so, so
perhaps their (our) children will see them again. I'm sorry that
it must seem unfair and "elitist" to him that things we could get away
with in those days bring severe punishment today. But history marches
on; all of us, individually and collectively, must grow up.
------------------------------
Date: Mon, 13 Apr 92 1:55:34 EDT
From: <Michael.Rosen@LAMBADA.OIT.UNC.EDU>
Subject: File 2--"Internet tapped for global virtual publishing enterprise"
Computerworld, 3/23/92, p.?
By Gary H. Anthes, CW Staff
"At negligible cost, in the span of a few weeks, an entirely virtual
global publishing network involving nearly 150 correspondents has been
assembled," Anthony M. Rutkowski, editor in chief of the _Internet
Society News_, wrote in the first issue of the magazine, which was
recently published.
The cover of the slick, 50-page publication asks, "Where in the world
is the Internet?" The answer is nearly everywhere -- in 107 countries
from Afghanistan to Zimbabwe. The 150 correspondents who make up the
virtual publishing enterprise are similarly dispersed. "We have
people in virtually every corner of the globe. We even have an
Antarctica correspondent," Rutkowski said.
The nonprofit Internet Society was formed last year to foster the
evolution of the Internet, to educate users and to provide a forum for
user collaboration. The quarterly news magazine offers information
about Internet technology, growth of the Internet and related private
networks and activities of the society and its members.
A slippery concept
Rutkowski, an Internet Society trustee and director of technology
assessment at Sprint International in Reston, Va., said he started
planning the magazine last August but ran into a conceptual challenge
right away. "We wanted to provide a very timely snapshot of the
Internet and the Internet community. But what is the Internet?
That's what's difficult. It's so heterogeneous, almost amorphous."
Rutkowski and two co-editors decided to define the Internet broadly
and include representatives from many countries and interest groups.
The correspondents come from telecommunications and publishing
companies, academia and legal and public policy interests, he said.
Topics include Internet activities by region, application and user
groups, technology, Internet administration and operations, public
policy and law.
Concept development, coordination, information transfer and editing
for the magazine were all done over the Internet. "Such a
[publishing] network in many respects equals the complexity of those
of Reuters or _Time_ magazine," Rutkowski said. "The ability to do
this with relative ease across the entire globe is a profound
statement."
A subject-matter outline and a list of correspondents was turned into
a "mail exploder," an electronic-mail list in which any person on the
list can broadcast mail to the entire list by sending mail to one
address. A second Internet address was established for receipt of
articles by the three editors and a third was established as a
repository of finished material.
The mailboxes are on a computer at the Corporation for National
Research Initiatives in Reston, Va.
Articles were sent in by E-mail from around the world, and when all
had been edited, Rutkowski pulled up the whole mass for final
formatting via Microsoft Corp.'s Word for Windows. Then it was output
on a laser printer and sent to a commercial printer.
Circulation: 4 million
Rutkowski said the magazine will be published quarterly and will soon
be available electronically to any of the Internet's 4 million users.
He said later this year the society will also publish a journal
containing more analytical articles, "archival-quality" pieces about
the Internet.
Editors and correspondents of the _Internet Society News_ will have
their work cut out for them as they try to keep up with Internet
growth.
An article in the magazine predicted there will be between 29 million
and 45 million computers on local-area networks in the U.S. in 1995.
++++++++++++++++++++++++++++++++++++=
Long reach
The Internet extends
to thousands of computers
around the world
Internet Society
* 1000 individual members
* 24 corporate members
Internet
* 770,000 computer hosts attached
* 4 million-plus users
* 7,000 operational networks,
30,000 registered networks.
* 107 countries served
Source: The Internet Society CW Chart: Janell Genovese
***
[No e-mail addresses were mentioned in the letter; do you have any
knowledge of the addresses of anyone involved in this publication?]
------------------------------
Date: 16 Apr 92 20:38:51 EDT
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 3--Medical Data Base (WSJ)
IBM LINK TO PHYSICIAN COMPUTER NETWORK RAISES SOME QUESTIONS
(paraphrased from th Wall Street Journal, 2/27/92)
Unknown to the patients, every week or two a company dials into
physicians' PCs and fishes out all their confidential files. With
plans to reach 15,000 physicians within the next four years, the
company, Physician Computer Network Inc., thinks its swelling database
of patient records could become a commercial treasure. Fears about
the sale of medical records are causing some physicians and
pharmacists to resist the collectors' surveillance efforts. Others
are pushing for legislation, noting that privacy law covers videotape
rentals and cable-TV selections, but not most medical records.
Physicians Computer Network has an impressive list of investors.
Among them is IBM, which owns a 23% stake. Another holder, with 4.7%
stake, is Macmillan Inc., part of the Maxwell electronic-information
conglomerate.
------------------------------
Date: Sun, 19 Apr 92 18:42:40 PDT
From: jwarren@AUTODESK.COM(Jim Warren)
Subject: File 4--re California drug forfeiture increases
>From autodesk!hibbert%xanadu.com Sun Apr 19 18:35:39 1992
>To: cpsr-civilLiberties@Pa.dec.com, cpsr-activists@csli.stanford.edu
>Subject: hearing on forfeiture laws in CA Senate Judiciary Committee
The California Senate Judiciary Committee is holding hearings on
Tuesday on proposed legislation to strengthen the state's drug asset
forfeiture law. I hope the civil liberties connection in this issue
is clear. The computer connection (why I think it's reasonable to
talk about this on a CPSR list) is that similar laws have been used to
justify the seizure of the assets of accused computer crackers. There
is so little control of the use of these laws, and it's proven so hard
to get property back in every particular case in which they were used,
that I believe the laws should be fought every time they come up.
According to yesterday's (Saturday, April 18) San Jose Mercury News,
Senate Minority Leader Ken Maddy, (R) Fresno, introduced a bill that
would repeal the 1994 expiration date of California's drug asset
forfeiture law. State Attorney General Dan Lungren was quoted as
urging the legislature to pass the bill.
Forfeiture laws are an affront to our constitutional guarantees
against being deprived of our property without due process of law.
The forfeiture laws allow law enforcement agents to confiscate any
property of an accused person and use it until and unless the accused
can *prove* that it wasn't purchased with illegally obtained money.
Does it make sense for CPSR to speak out against forfeiture laws in
general? I think it's possible to take a position against this bill
by saying that forfeiture laws are bad in general, without talking
about drug laws or the drug war. Is that enough to allow us to take a
position on this bill, considering the arguments that came up when we
were talking about Les' proposed Employer code of ethics?
------------------------------
Date: Sun, 19 Apr 92 18:58:22 PDT
From: jwarren@AUTODESK.COM(Jim Warren)
Subject: File 5--First Amendment semi-void in electronic frontier ??
IS POLITICAL SPEECH, PRESS & ASSEMBLY PERMITTED IN THE ELECTRONIC FRONTIER?
There is no purpose for which the freedoms of speech, press and
assembly are more essential than for unfettered participation in the
political process. Yet, such personal freedoms -- permitted in 18th
Century voice, paper and face-to-face form -- may be severely
suppressed in electronic form.
Although *personal* computer-based speech, press and assembly
by employees, students and others is generally permitted in
companies, schools and organizations, within reasonable limits
of time and place, some folks say they must be monitored, accounted
for, evaluated and reported -- or suppressed and prohibited --
when they contain *personal* political expression or advocate
political support or opposition for candidates or ballot issues.
There are experienced net-users who are political candidates who say this.
THE PROBLEM
Most folks access the nets via company, school or institutional computer accou
nts. Many are permitted to use that access for
personal email, personal messages broadcast to email-alias lists and personal pa
rticipation in public and private teleconferences --
provided they do so without adversely impacting their work or official basis for
having their account.
But:
Federal and state regulations governing political campaign disclosures
require that "contributions-in-kind" for or against candidates and
ballot measures be accounted for and their value reported, just like
cash donations. Contributions-in-kind include such things as postage,
office space, printing, loans of furniture, office machines, etc.
They also include use of telephones, faxes, computers, computer
supplies, computer services, etc.
Furthermore, donations by corporations are often restricted or
prohibited. Most nonprofit organizations, including educational
institutions, are entirely prohibited from making political donations
-- or even lobbying for or against legislation (freedom is forfeited
for tax perks).
OVERT CORPORATE SUPPORT IS CLEARLY REGULATED
If a corporation overtly underwrites political action by
intentionally providing labor, staff, facilities, equipment or
services to support or oppose a political campaign, then the
fair-market value ot those services or facilities must clearly be
reported as an in-kind contribution.
(Such regulations appear to be much less enforced against unions and
schools, and appear to be not-at-all enforced against churches or
synagogues, regardless of how sectarian their political efforts may
be.)
THE 21st CENTURY QUESTION
Is *personal* electronic political speech, press and assembly protected at
work or school -- or is it a corporate or institutional political donation?
PERSONAL POLITICAL SPEECH APPEARS PERMISSIBLE -- BY VOICE
Within reasonable limits on time and place, citizens are not
*legally* prohibited from discussing politics with their office
associates, or in the company or school or church hallway, or in the
cafeteria or employee lounge, or in telephone conversations with
callers and professional associates with whom they have a personal
relationship as well as business association. (Note: This concerns
*legal* restrictions; *not* the issue of whether political discussions
are *wise* in a business, school or church setting.)
PERSONAL POLITICAL PRESS APPEARS PERMISSIBLE -- BY PAPER
It is also common for employees, students and teachers to use
*authorized* access to printers and copiers, to create and copy
*personal* leaflets about political issues and activities that they
hand to friends and post on company, school, church and synagogue
bulletin boards. When they do so within the institutional limits
placed on their general personal use of equipment and bulletin boards,
the use has almost-certainly never been reported as an institutional
contribution-in-kind.
PERSONAL POLITICAL ASSEMBLY APPEARS PERMISSIBLE -- FACE-TO-FACE
It is common for corporations, schools, unions, religious
institutions, etc., to permit their their cafeterias, lounges, union
halls, meeting rooms and parking lots to be used for candidate
presentations, campaign debates and meet-the-candidate(s) receptions
-- as well as for both public and internal meetings to hear
presentations by incumbent elected represenatives and/or by leaders of
various community, legislative and regulatory groups.
Participants are rarely charged for such use (except by sites that
routinely derive revenue from renting meeting space), and the value
of the meeting facility is rarely reported as an in-kind contribution to
the speaker(s). In fact, it is considered to be "good institutional
citizenship" for organizations to provide their facilities for meetings
between citizens and their current and potential elected and appointed
representatives.
CAN CORPORATIONS AND SCHOOLS ABSOLUTELY PROHIBIT POLITICAL SPEECH?
Now, consider those workplaces and educational institutions that permit
*personal* conversation, usually within reasonable limits on time and place.
And recognize that such personal speech may be one-to-one or within formal
or informal personal groups, e.g. a lunch group in the cafeteria.
When such personal speech and personal assembly *is* permitted:
* Must those companies and institutions then prohibit all *personal*
employee or student conversation that has political content?
* Must they prohibit all *personal* advocacy of political positions?
* Must they prohibit all *personal* advocacy for or against candidates?
* And if they don't prohibit it, must they monitor it and report it?
****************************************************************************
* If corporations and schools can not or should not suppress all on-site *
* personal speech and association having political content -- but must *
* report all in-kind donations -- then how shall they evaluate the desks, *
* offices, hallways, cafeterias, lounges, phones, phone bills, computers, *
* and bulletin boards where personal political speech, personal political *
* "press"/notices and personal political assembly occurs? And, how shall *
* they monitor such speech. press and assembly, so as to identify which *
* campaign is receiving how much value in in-kind contributions? *
****************************************************************************
AND, WHY SHOULD *ELECTRONIC* SPEECH AND *ELECTRONIC* ASSEMBLY BE DIFFERENT?
When *personal* conversation and personal political expression is
permitted by voice or telephone in workplace, union hall or school,
why should personal political speech be prohibited when it by
electronic mail?
When *personal* notices and copying and personal political leaflets
are permitted if they are on paper and/or posted on wall-mounted
bulletin boards, why should such personal political press be
prohibited when it is by electronic origin and distribution?
When *personal* meetings and personal political discussion in groups
is permitted if it is face-to-face in the cafeteria, lounge or parking
lot of school or workplace, why should personal assembly with others
be prohibited when it is by electronic newsgroups or teleconferences?
****************************************************************************
* TO THE EXTENT THAT employees and students, within their institutions, *
* are permitted freedom of personal political expression by voice and in *
* writing, and freedom of personal political association by face-to-face *
* meeting, why should personal political speech, press or assembly be *
* suppressed -- or monitored and reported -- merely when it is electronic? *
------------------------------
Date: Fri, 17 Apr 92 21:19:52 CST
From: jdavis@well.sf.ca.us
Subject: File 6--Summary of 2nd Conference on Computers, Freedom, Privacy
Source: CPSR/Berkeley Newsletter (Second Quarter, 1992)
THE 2ND CONFERENCE ON COMPUTERS, FREEDOM AND PRIVACY: A REPORT
By Steve Cisler
[Editors Note: The following are selected excerpts from an online
report. The complete report may be found on the Internet in
ftp.apple.com in the alug directory; or on the Well in the cfp
conference.]
The Second Conference on Computers, Freedom, and Privacy, March 18-20,
1992. Washington,D.C.was sponsored by the Association for Computing
Machinery and thirteen co-sponsors including the American Library
Association and a wide variety of advocacy groups.
The diversity of the attendees, the scope of the topics covered, and
the dynamism of the organized and informal sessions brought a
perspective I had lost in endless conferences devoted only to library,
information, and network issues. I can now view the narrower topics of
concern to me as a librarian in new ways, and for that it was one of
the best conferences I have attended. There does exist a danger of
these issues being re-hashed each year with the usual suspects invited
each time to be panelists, so I urge you, the readers, to become
involved and bring your own experiences to the next conference in 1993
in the San Franciso Bay Area.
Keynote: Al Neuharth, The Freedom Forum and founder of USA Today,
speaking on "Freedom in cyberspace: new wine in old flasks." First
amendment freedoms are for everyone. Newspaper publishers should not
relegate anyone to 2d class citizens to the back of the bus. The
passion for privacy may make our democracy falter. Publishing of
disinformation is the biggest danger, not info-glut. Comments on
American Newspaper Publishers Assn to keep RBOCs out of information
business: Free press clause does not only apply to newspapers. Telcos
have first amendment rights too. "ANPA is spitting into the winds of
change", and some newspaper publishers are not happy with this stance,
so there is a lot of turmoil. People should get their news when, how
and where they want it: on screen or tossed on the front porch.
Who Logs On?: Al Koeppe of New Jersey Bell outlined the many new
services being rolled out in NJ at the same time they are maintaining
low basic rates. In 1992 there will be narrowband digital service for
low quality video conferencing. 1994 wideband digital service. video
on demand, entertainment libraries and distance learning applications.
He predicted a 99% penetration by 1999. with complete fiber by 2010.
This will be a public network not a private one. It will still be a
common carrier. This is a very aggressive and optimistic plan, an
important one for all of us to watch. Lucky said he had never seen a
study that shows video on demand services can be competitive with
video store prices. The big question remains: how does a business
based on low-bandwidth voice services charge for broadband services?
It remains a paradox. Discussion during Q&A: "A lot of the last hour
has been discussing how to make the services better for the elite, but
it does not seem very democratic. people don't even have touch tone,
let alone computers or ISDN." NREN was characterized as gigabits to
the elite to kilobits to the masses. "Don't expect anything for the
next three years on telecomm issues from Congress."
Computers in the Workplace: Elysium or Panopticon: Because computer
technology provides new opportunities for employee surveillance, what
rights to privacy does the employee have? Alan Westin, Columbia
University, outlined some interesting trends in the 90s where
employers have moved into a new intervention in the activities and
private lives of employees. There is a liability against bad hiring.
Forced adoption of drug testing (with public support). They want to
select employees on the basis of health costs and liability, so there
is a desire to control employees on and off the job.
Who Holds the Keys?: In a sense the cryptography session was one of
the most difficult to follow, yet the outlines of a very large
battlefield came into view by the end of the session. The two sides
are personal privacy and national security. Should the government be
allowed to restrict the use of cryptography? (Only weakened schemes
are allowed to be legally exported.) What legal protections should
exist for enciphered communications?
Public Policy for the 21st Century: "How will information
technologies alter work, wealth, value, political boundaries?... What
will the world be like in a decade or two?... What public policies now
exist that may pull the opposite direction from the economic momentum
and will lead to social tension and breakage if not addressed
properly?"
Mitchell Kapor: He sees digital media as the printing press of the
21st century. The WELL and others make us realize we are not
prisoners of geography, so our religious, hobby, or academic interests
can be shared by the enabling technologies of computers. "Individuals
flourish from mass society with this technology" Openness, freedom,
inclusiveness will help us make a society that will please our
children and grandchildren.
Simon Davies, Privacy International: "There is possibly a good future,
but it's in the hands of greedy men. I see a world with 15 billion
beings scrambling for life, with new frontiers stopping good things.
14 billion [will be] very pissed off, and our wonderful informational
community (the other billion) becomes the beast... If we recognize the
apocalypse now we can work with the forces."
------------------------------
Date: Fri, 17 Apr 92 16:31:12 CST
From: mike.riddle@inns.omahug.org@ivgate.omahug.org
Subject: File 7--SUMMARY AND UPDATE: alt.* Removal at UNL
As of April 17, 1992, when I write this summary and update, the noise
on the nets has abated somewhat. But those readers of the CuD who
have access to Usenet news have almost certainly seen and remember the
brouhaha over the deletion of the alt.* hierarchy at the University of
Nebraska. The following is the story, as I understand it, pieced
together from several sources and personal inquiries. It is only as
accurate as the information I was able to obtain, and if anyone has
corrections or additions, please submit them to the CuD.
The furor started on March 2nd, 1992, when the alt.* hierarchy was
eliminated by the UNL Computing Resource Center (CRC). The
termination was so abrupt that some downstream sites did not know in
advance, and had to immediately scramble for alternate feeds. The
decision was supposedly resource-based, and supported by a February
27th recommendation by the UNL Academic Senate Computational Services
and Facilities Committee. Almost immediately, however, it became
obvious that content-control had played a major part. Leo Chouinard,
the "Academic Senate representative on the Computational Committee"
[sic], reportedly said the committee discussed several considerations
before making a decision about the alt groups, including possible
violations of state pornography laws and concerns about computer
resources being used for non-educational purposes.
The memorandum announcing the termination read as follows:
CRC Policy on Providing Information Resources
2/27/92
The Computing Resource Center provides information resources to
the UNL community in support of the University's mission of
research, instruction, and service. These resources commonly take
the form of databases, archives, and bulletin boards. The
Computing Resource Center makes available those information
resources that are requested by faculty at UNL and approved by
the Computing Resource Center in consultation the Academic Senate
Computational Committee as useful in supporting the University's
mission.
If a user desires information resources not provided by the
Computing Resource Center, they are free to acquire that
information elsewhere, subject only to the requirements of the
information provider, relevant federal and state laws, and
applicable University policies.
Adopted UNL Academic Senate, 2/27/92
The UNL Academic Senate Computational Services and Facilities
Committee is chaired by Professor (of English) Les Whipp. He told me
that, in hindsight, he felt his committee did not have all the facts
before them when they concurred in the CRC recommendation that the
following Usenet newsfeeds (and only these newsgroups) be made
available: bionet, bit, biz, ci, comp, general, gnu, misc, news, rec,
sci, soc, talk, unix-pc, unl, and vmsnet. In particular, he was not
aware of the connotations of censorship that could (and did) become
attached to the wholesale removal of the alt.* hierarchy, and as of
the date I talked with him, felt that someone at the CRC had a hidden
agenda to remove certain "objectionable" groups. Professor Whipp did
not claim to be expert on the management of hardware resources, and
sounded disturbed that a decision officially based on "limited
resources" was so open to question on its basis. (The debate about
the percentage, cost, etc., of carrying the alt.* groups went on at
length in comp.org.eff.talk and other newsgroups. It is not my
purpose to reiterate that discussion).
Mr. Kent Landfield (kent@imd.sterling.com), a UNL alumnus, systems
manager at a major software contractor, and moderator of
comp.sources.misc, posted a thoughtful "Open Letter to UNL CRC"
regarding the alt.* group removal. As a result of my own feelings,
and encouraged by Mr. Landfield's letter, I contacted several
individuals at UNL. Acting at approximately the same time, a number
of UNL students formed the "Nebraska Students for Electronic Freedom
(NUSEF)." The thrust of our comments was if resources were at issue,
tell us what was needed and we would lobby to get them. If content
was actually at issue, admit it openly, apply generally accepted
educational/library standards, and bring back at least those alt.*
groups with recognized value.
As a result of the lobbying efforts, including telephone call from
Mike Godwin at the Cambridge office of the Electronic Frontier
Foundation, the involvement of librarians both knowledgeable
regarding computer services and resource allocation and selection
criteria, and the general education several of the faculty
participants received during the discussions, the UNL Academic
Senate Executive Committee, meeting on April 6th, voted to request
restoration of the majority of the alt.* groups. Their minutes
reflect:
7.0 ALT Network Disconnect
Wise and McShane indicated they had been contacted
regarding CRC discontinuing the ALT network because of
the potential for transmitting erotic pictures via the
network. Users have indicated these pictures can be
blocked under copyright law restrictions and the general
network be continued.
The committee requested the ALT network be added back
with the designated restrictions.
When I discussed the committee recommendation with one of its members,
I came away with the feeling that the digitized pictures would be
removed due to copyright concerns, and that the rest of the group
would be evaluated using American Library Association criteria (as
often advocated and explained by Carl Kadie, kadie@cs.uiuc.edu).
I also came away with the feeling that similar decisions will, in the
future, be conducted substantially more in the open. To use a trite
saying, "time will tell."
In Nebraska we are still waiting and watching for the return of the
alt.* groups, will work to obtain legislative support if additional
resources are in fact needed, and will continue to support resource
allocation decisions based on academic criteria, as opposed to
censorship.
------------------------------
Date: 18 Apr 92 19:34:30 EDT
From: Net Wrider <nwrider@uanonymous.uunet.uu.net>
Subject: File 8--Those Evil Hackers (San Jose Busts AP Reprint)
Just FYI, here's more hyperbole from the Associated Press, this time
courtesy of the local cops in San Diego and the ignorance of the
San Diego Times-Union:
=====================================================================
R,A,7 - AM-COMPUTERHACKERS, 04-17 0481 -
AM-Computer Hackers,0448
Police Uncover Nationwide Fraud Ring Of Computer Hackers
SAN DIEGO (AP) _ Authorities say they've cracked a nationwide
electronic network of young computer hackers who were able to make
fraudulent credit card purchases and break into confidential credit
rating files.
"These kids can get any information they want on you _ period," San
Diego police Detective Dennis Sadler said. "We didn't believe it until
it was demonstrated to us."
The investigation has led to two arrests in Ohio and seizures of
computers and related material in New York City, the Philadelphia area
and Seattle, Sadler said. But those cases are just an offshoot of the
main investigation, he said.
He refused to discuss details, saying an investigation is continuing
and scores of arrests are pending nationwide.
Members of the informal underground network know how to break computer
security codes, make charges on other people's cards and create credit
card accounts, said Sadler.
"There's one kid who bragged about using the same credit card number
for eight months," he said.
As many as 1,000 hackers nationwide have shared such information for
at least four years. Sadler estimated that illegal credit card charges
could total millions of dollars.
Fraudulent credit card charges typically are made by computer
criminals who illegally gather detailed information from computerized
accounts on file at credit reporting agencies, banks and other
businesses.
The hackers also have learned how to break personal security codes for
automatic teller machines, Sadler said, and can obtain telephone
access codes to make long-distance calls without paying.
A crucial break in the case occurred in late March when an
out-of-state hacker was picked up in San Diego and agreed to cooperate
with local police and the FBI, Sadler told The San Diego Union-Tribune
in a story published Friday.
At least part of the investigation is focusing on information that
hackers obtained illegally from computers at Equifax Credit
Information Services, an Atlanta-based credit reporting agency that
provides information to lenders.
"We're still in the process of investigating, and we're working very
closely with San Diego police," company spokeswoman Tina Black said.
Equifax, one of the nation's three largest credit bureaus, has a
database of about 170 million credit files.
The company suffered no financial losses itself and is notifying the
few consumers whose accounts were compromised, Black said.
MasterCard International reported $381 million in losses from credit
card fraud worldwide in 1991, said Warner Brown, MasterCard's director
of security and fraud control.
Visa International's losses amounted to $259 million in 1989, about
one-tenth of 1 percent of Visa's worldwide sales volumes, spokesman
Gregory Holmes said.
------------------------------
Date: Sun, 19 Apr 92 15:17:00 PDT
From: John F. McMullen (mcmullen@well.sf.ca.us)
Subject: File 9--Nationwide Web of Criminal Hackers Charged (NEWSBYTES)
Nationwide Web Of Computer Criminal Hackers Charged 4/20/92
SAN DIEGO, CALIFORNIA, U.S.A., 1992 APR 20 (NB) -- .According to a San
Diego Union-Tribune report, San Diego police have uncovered "an
electronic web of young computer hackers who use high-tech methods to
make fraudulent credit card charges and carry out other activities."
The Friday, April 17th story by Bruce V. Bigelow and Dwight C.
Daniels. quotes San Diego police detective Dennis Sadler as saying
that this informal underground network has been trading information
"to further their political careers." He said that the hackers know
how to break how to break computer security codes, create credit card
accounts, and make fraudulent credit card purchases. Sadler estimated
that as many as 1,000 hard-core hackers across the United States have
shared this data although he said that it's unclear how many have
actually used the information to commit crimes.
Sadler added that he estimated that illegal charges to credit cards
could total millions of dollars.
While the police department did not release details to support the
allegations, saying that the investigation is continuing, Sadler did
say that cooperation from an "out-of-state hacker", picked up in San
Diego, provided important information to the police and the FBI.
Although police would not release the identity of this individual or
his present where abouts, information gather by Newsbytes from sources
within the hacker community identifies the so-called hacker as
"Multiplexer", a resident of Long Island, NY, who, according to
sources, arrived in San Diego on a airline flight with passage
obtained by means of a fraudulent credit card purchase. The San Diego
police, apparently aware of his arrival, allegedly met him at the
airport and took him into custody. The same sources say that,
following his cooperation, Multiplexer was allowed to return to his
Long Island home.
The Union-Tribune article linked the San Diego investigation to recent
federal search and seizures in the New York, Philadelphia and Seattle
areas. Subjects of those searches have denied to Newsbytes any
knowledge of Multiplexer, illegal credit card usage or other illegal
activities alleged in the Union-Tribune story. Additionally, law
enforcement officials familiar with on-going investigations have been
unwilling to comment, citing possible future involvement with the San
Diego case.
The article also compared the present investigation to Operation Sun
Devil, a federal investigation into similar activities that resulted
in a massive search and seizure operation in May 1990. Although
individuals have been sentenced in Arizona and California on Sun Devil
related charges, civil liberties groups, such as the Computer
Professionals for Social Responsibility, have been critical about the
low number of criminal convictions resulting from such a large
operation.
(Barbara E. McMullen & John F. McMullen//19920420)
------------------------------
Date: Mon, 20 Apr 92 0:35:50 CDT
From: Net Wrider <nwrider@uanonymous.uunet.uu.net>
Subject: File 10--"Hacker Ring Broken Up" (NYT)
"A Nationwide Computer-Fraud Ring Run by Young Hackers Is Broken Up"
SAN DIEGO, April 18 (AP) -- The authorities say they have cracked a
nationwide network of young computer hackers who were able to break
into the electronic files of at least one credit-rating company and
make fraudulent credit-card purchases that may have run into the
millions of dollars.
For the last four years or more, as many as 1,000 members of the
informal underground network have shared information about how to
break computer security codes, make charges on other people's credit
cards and create credit card accounts, said Dennis Sadler, a detective
with the San Diego police, whose officers stumbled upon the network
last month while investigating a local case of credit-card fraud.
The hackers also learned how to break personal security codes for
automated bank teller machines, Mr. Sadler said, and obtained
telephone access codes to make long distance calls without paying.
"These kids can get any information they want on you -- period," Mr.
Sadler told the San Diego Union-Tribune, which first reported on the
ring of hackers in an article on Friday. "We didn't believe it until
it was demonstrated to us."
The investigation has led to two arrests in Ohio and to the seizure of
computers and related material in New York City, the Philadelphia area
and Seattle, Mr. Sadler said. But he described those cases as merely
off-shoots of the main investigation, which he refused to discuss in
detail, saying that the inquiry was continuing and that scores of
arrests were pending around the country.
Computer criminals typically make fraudulent credit-card purchases by
gathering detailed information from the electronic files of credit
reporting agencies, banks and other businesses. MasterCard
International reported $381 million in losses from credit-card fraud
around the world last year, and Visa International says its fraud
losses amounted to $259 million in 1989, about 0.1 percent of its
worldwide sales.
At least part of the investigation here is focusing on information
that the hackers obtained illegally from computers at Equifax Credit
Information Services, an Atlanta-based credit-reporting agency.
Tina Black, a spokeswoman for the company, said, "We're still in the
process of investigating, and we're working very closely with San
Diego police."
Equifax, one of the nation's three largest credit bureaus, has a data
base of about 170 million credit files, but Ms. Black said fewer than
25 files had been compromised.
------------------------------
End of Computer Underground Digest #4.18
************************************
Computer underground Digest Sat Apr 25, 1992 Volume 4 : Issue 19
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Associate Editor: Etaion Shrdlu, Jr.
Arcmeisters: Brendan Kehoe and Bob Kusumoto
CONTENTS, #4.19 (Apr 25, 1992)
File 1--Hacking, Then and Now
File 2--Text of Sun Devil ruling
File 3--Ralph Nader/Cable TV/Information Networks (corrected)
File 4--Battle over Landsat/Public Domain (fr: Corp. Crime Rept)
File 5--Internet Society News
Issues of CuD can be found in the Usenet alt.society.cu-digest news
group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG,
and DL0 and DL12 of TELECOM, on Genie, on the PC-EXEC BBS at (414)
789-4210, and by anonymous ftp from ftp.eff.org (192.88.144.4),
chsun1.spc.uchicago.edu, and ftp.ee.mu.oz.au. To use the U. of
Chicago email server, send mail with the subject "help" (without the
quotes) to archive-server@chsun1.spc.uchicago.edu.
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Fri, 24 Apr 92 19:01:13 CDT
From: Jim Thomas <tk0jut2@mvs.cso.niu.edu>
Subject: File 1--Hacking, Then and Now
In CuD 4.18, Jerry Leichter raises several points for discussion.
Each reveals the rapid changes that continue to occur both in computer
technology and computer culture. Jerry writes:
2. "Information" and "computers" should be free, hackers are
just trying to learn, there is nothing wrong with learning.
Point 2 I don't want to get into; it's old, tired, and if you
don't recognize it for its moral bankruptcy by this time, nothing
I can say will change your mind.
I doubt that Jerry means to imply that the debates over the
accessibility of information are morally bankrupt or that the goal of
learning through "hacking" is improper. Rather, the cynical use of
the rhetoric of freedom by many "wannabe cybernauts" to justify
intrusion or blatant predatory behavior distorts the original
meaning of the term used by the early hackers. The original hackers
found the challenge of the new machine intriguing. Few resources were
available for exploring its limits other than hands-on
trial-and-error, and there were no ethical or legal models to guide
the initial exploration. Two decades ago, control over the new
technology appeared limited to a relatively small elite who, if
unchecked, would amass what some considered unacceptable power over
the dissemination and use of computer technology and use. Things
change. This raises Jerry's second point: Whatever one may think of
hacking activity, its meaning is not the same in 1992 as it was even
as recently as the late-1980s. Bob Bickford's definition of hacking as
"the joy of exceeding limitations" is no longer the current dominating
ethos of too many of those who have assumed the "hacker" mantle. The
label has become a romanticized activity for teenagers and others who
see password cracking, simple computer intrusion for its own sake,
numbers-running, and credit card fraud as ends in themselves.
Like the counter-culture of the sixties, the "hacker culture" emerged
quickly, shaped a new generation of youth exploring beyond the
confines of conventional culture, and then disintegrated under the
excesses of those who adopted the trappings while losing sight of the
core of the new cultural message. Like the counter-culture, the ease
of access into "hacking, the romanticized media depictions, the focus of
newcomers on the fun to the exclusion of corresponding
responsibilities, and the critical mass of exploiters able to
manipulate for their own ends fed the darkside of the culture.
All meanings occur in a broader context, and the context of hacking
has changed. Social changes in the past decade have led to changes in
the definition of "hacking" and in the corresponding ethos and
culture. The increased learning curve required to master contemporary
computers, the proliferation of networks to share information, and the
ease of distribution of software have reduced much of the incentive
for many amateur hackers to invest the time and effort in moving
beyond all but the simplest of technological skill. As a consequence,
there has emerged a fairly large core of newcomers who lack both the
skill and the ethos that guided earlier hackers, and who define the
enterprise simplistically.
The attraction of original phreaking and hacking and its attendant
lifestyle appear to center on three fundamental characteristics: The
quest for knowledge, the belief in a higher ideological purpose of
opposition to potentially dangerous technological control, and the
enjoyment of risk-taking. In a sense, CU participants consciously
created dissonance as a means of creating social meaning in what is
perceived as an increasingly meaningless world. In some ways, the
original CU represents a reaction against contemporary culture by
offering an ironic response to the primacy of a master technocratic
language, the incursion of computers into realms once considered
private, the politics of techno-society, and the sanctity of
established civil and state authority. But, the abuses of this ethos
have changed the culture dramatically. Consider two fairly typical
posts from two defunct self-styled "hacker" boards in the early 1990s:
Well, instead of leaving codes, could you leave us
"uninformed" people with a few 800 dialups and formats? I
don't need codes, I just want dialups! Is that so much to
ask? I would be willing to trade CC's {credit cards} for
dialups. Lemme know..
or:
Tell ya what. I will exchange any amount of credit cards
for a code or two. You name the credit limit you want on
the credit card and I will get it for you. I do this cause
I to janitorial work at night INSIDE the bank when no one is
there..... heheheheheh
Unfortunately, this is the "hacking" that the public and LE officials
dramatize, but it is simply an infantile form of social predation.
There is no adventure, no passion for learning, and no innocence
reflected in today's CU culture. Jerry is, therefore correct: Times
have changed. If Altamont symbolized the death the counter-culture,
Cliff Stoll's _The Cuckoo's Egg_ symbolizes the end of the "golden age
of hacking." culture and those who participate in it have lost their
innocence.
Baudrillard observed that our private sphere now ceases to be the
stage where the drama of subjects at odds with their objects and with
their image is played out, and we no longer exist as playwrites or
actors, but as terminals of multiple networks. The public space of
the social arena is reduced to the private space of the computer desk,
which in turn creates a new semi-public, but restricted, public realm
to which dissonance seekers retreat. To participate in the computer
underground once was to engage in what Baudrillard describes as
"private telematics," in which individuals, to extend Baudrillard's
fantasy metaphor, are transported from their mundane computer system
to the controls of a hypothetical machine, isolated in a position of
perfect sovereignty, at an infinite distance from the original
universe. There, identity is created through symbolic strategies and
collective beliefs. Sadly, this generally is no longer the case for
most young computerists. Times have changed. Very few who currently
attempt to justify the "right to hack" as a form of social rebellion
recognize--let alone engage in--the tedious struggles of others (such
as EFF or CPSR) that would civilize the Electronic Frontier. In the
battle to expand civil liberties to cyberspace, contemporary "hackers"
have not only *not* been part of the solution, they have become part
of the problem.
------------------------------
Date: Fri, 24 Apr 1992 17:22:24 EDT
From: David Sobel <dsobel@WASHOFC.CPSR.ORG>
Subject: File 2--Text of Sun Devil ruling
Text of Sun Devil ruling
On March 12, 1992, the U.S. District Court for the District of
Columbia issued its ruling in the Freedom of Information Act case
brought by Computer Professionals for Social Responsibility (CPSR)
seeking disclosure of the Operation Sun Devil search warrant materials.
The Court ruled that the Secret Service may withhold the material from
public disclosure on the ground that release of the information would
impede the government's ongoing investigation. On April 22, CPSR filed
an appeal of that ruling.
The Court's oral ruling, which was delivered from the bench, has now
been transcribed and is set forth below.
David Sobel
Legal Counsel
CPSR Washington Office
* * * * *
THE COURT: The Court's going to issue its ruling, bench ruling
at this time, which will be its opinion in this case in the
summary judgment motions. The defendants moved for summary
judgment in this FOIA case, and the plaintiffs originally sought
discovery under 56(f) to obtain information concerning sealing
orders covering certain of the documents at issue in this action.
January 16 of this year, I denied the plaintiff's
motion that defendants were not relying upon the sealing orders
and that the Morgan case was inapposite, although it had been
discussed originally at some other status calls before this
Court.
In this FOIA case, the Computer Professionals for
Social Responsibility seek these agency records regarding what's
called Operation Sun Devil from the Secret Service, which is
concededly a criminal investigation that is still ongoing
involving information compiled for law enforcement purposes that
was, involved alleged computer fraud which began back in May of
1990.
The Secret Service has refused to release the search
warrants and the applications for the search warrants, the
executed warrants, as well as the applications for the inventory
lists except as to one Bruce Esquibel, known as Dr. Ripco, who
had agreed to have his information released. But as to the
remaining 25 -- there were 26 search warrants -- the government
has refused to release them, relying upon FOIA exemptions 7(A),
(C), and (D) under the statute.
The Court's going to grant the summary judgment for
the defendant for the following reasons: There's no, as I said,
dispute as to whether or not this information has been compiled
for law enforcement purposes, which covers -- is covered by
exemption 7. 7 says, however, "only to the extent that the
production of such law enforcement records or information (A)
could reasonably be expected to interfere with enforcement
proceedings" and then "(C) could reasonably be expected to
constitute an unwarranted invasion of personal privacy, [or] (D)
could reasonably be expected to disclose the identity of a
confidential source," et cetera.
From the Court's view, (A) is the crucial issue in the
case and whether or not this would be unwarranted interference
with an ongoing investigation by ordering the Secret Service to
produce all the records regarding the 25 search warrants. The
Secret Service represented as of today, apparently, one
individual has pled guilty by way of information, but there have
been no indictments, but that Operation Sun Devil continues,
obviously, then as an ongoing investigation.
The deputy director of the Secret Service by
affidavit has stated the evidence in these materials consists of
facts that have been gathered against various individuals,
information provided by confidential sources, and affidavits
establishing probable cause for search of the individual
residences or businesses.
He argues that any release of this overall
information in one package, as opposed to someone finding out an
individual search warrant from the individual court, would give
this access to the evidence and strategy as being used by the
government in this law enforcement proceeding, that this would
show the focus, overall focus and the approach and the limits of
the government's case, it could have a chilling effect on the
witnesses and constitute potential interference with those
witnesses by revealing them, and it would give the ability to
those who are under investigation, who may not know the scope and
the nature of the overall approach of the government, to
construct defenses and interfere, obviously, with the ongoing
proceedings that they may have, that is, their ongoing
investigation.
The issue really is whether the government has shown
that by the affidavit of Caputo and the other facts in the
record. Obviously, the Caputo affidavit is tailored to meet the
law, NLRB v. Robbins Tire & Rubber is one of them, 437 U.S. 214,
241, where Congress intended to prevent such interference with
law enforcement proceedings as giving a person greater access to
the government's case than it ordinarily would have, or Hatcher
v. U.S. Postal Service, which is an F. Supp. case here, 566 F.
Supp. 331, 333, where it's not necessary to show under exemption
7 the interference with law enforcement proceedings is likely to
occur if the documents are disclosed. It's enough that there's a
generic showing that disclosure of particular kinds of records
would generally interfere with enforcement proceedings.
The defendant -- excuse me, the plaintiff has
asserted first, that because they're routinely available around
the country and rarely filed under seal, and secondly, because
some are filed under seal, that they should be producible by the
federal government, using a dual argument. One is that if
they're already public, then they can't claim there can be any
harm done by producing them now, and secondly, if they're under
seal, they have to go through a Morgan process before they can
rely upon them as being under seal and not producing them under
the law of this circuit.
The plaintiffs have basically argued that it's a
circuitous argument advanced by the defendants that these
documents, but for the seals, would be produced, and that they
really, that's what they're relying upon. The Court does not see
the government's, or defendants' argument in that light or the
affidavits that have been filed in this case.
First, it seems to me that because some of the
information may be available after diligent research around the
country and some others may be under seal that could be made
public by petition or by the government going through the Morgan
exercise doesn't seem to the Court therefore the government has
no justification for saying that they can't produce these records
because they could interfere with ongoing criminal proceedings,
and that is because this would be the only place you could get
probably a total overall picture of the government's concerted
effort in this investigation.
The government obviously has a concerted effort.
Whether it's a conspiracy or not and they're related, the
government executed these warrants all basically at the same time
and place in an overall organized plan in May of 1990. They
executed 26 search warrants. It was a concentrated, obviously
carefully orchestrated effort to move on several fronts at one
time all across the country and not separate, distinct,
individual cases coming over a period of years against various
individuals. It was obviously an approach the government had
designed and planned as part of their criminal investigation,
which is still ongoing and has now resulted apparently in at
least one guilty plea.
So I don't think the availability merely on the case-
by-case basis, potentially available, meets the same as having
the compilation of all the information the Secret Service can
provide in toto in a package which could allow one to see the
limits and the scope and the nature of their investigation
overall and give them a much better picture. It's the old saw of
the seeing a tree or seeing the whole forest basically and having
perspective.
The second really part of the argument by the plaintiff
is that if the Esquibel search can be released without harm to
the ongoing investigation, it could release the other
investigation without great damage to its work. Again, however,
it seems to me the warrant in the Esquibel case was released upon
his agreement and request and waiver of his rights, that that is
an individual, one individual out of 26, and it seems to me very
different from exposing the entire investigative plan that may
well be exposed by providing all of the documents that relate to
the 25 other searches.
The Secret Service has in its affidavits set forth
fairly clearly that they have gone through the three-fold process
to provide appropriate exemption under 7(A). Under Bevis v.
Department of State, 801 F.2d 1386, the court ruled that it must,
the government, first define its categories functionally; second,
it must conduct a document-by-document review in order to assign
documents to the proper category; and finally, it must explain to
the court how the release of each category would interfere with
enforcement proceedings.
And under our Crooker v. Bureau of Alcohol, Tobacco and
Firearms, 789 F.2d 64, this circuit held that the agency must
provide this court with enough information to allow it to trace
any rational link between the nature of the documents and the
alleged likely interference.
The Secret Service herein has set forth the
following: Information is in three general categories: gathered
against particular individuals, provided by confidential sources,
and the information for the probable cause of the search of the
individual residences, referring to Caputo declaration. This
information could be used to avoid prosecution by those who are
targets by giving, one, advanced knowledge of the information
would enable a suspect to inhibit additional investigation, to
destroy undiscovered evidence, to mold defenses to meet the
contours of the government's case. Additionally, the release of
the information concerning confidential informants and evidence
in the possession of the government could lead to attempts at
intimidation, fabrication of evidence, and perhaps alibis
tailored to rebut the specifics of the government's cases.
It seems to the Court that there is a rational link
between the nature of the documents that have been discussed and
the alleged likely interference. I don't have to say that it's
beyond a reasonable doubt that this interference could occur, but
it is likely that it could occur.
The overall release of these records, in the Court's
view the government has established, meets the exemption of 7(A),
that it would show an interference with enforcement proceedings
is likely to occur if the documents are disclosed, again giving
them the entire total package of the government's approach in
this case, which is still an ongoing criminal investigation and
apparently is still active, it is not dormant, and nothing has
happened in two years. It is, rather, apparently, according to
the government's most recent evidence, has resulted in at least
one guilty plea.
Additional exemptions relied upon by the government,
7(C) and 7(D), it's not necessary for the Court to address, but I
would just note for the record in case of further review of this,
the exemption for disclosure under 7(C) as to unwarranted
invasion of personal privacy, it seems to the Court that there's
obviously a cognizable interest in the privacy of anyone's
involvement in a law enforcement investigation. No one wants to
be publicized that they may be the subject of some investigation.
They want their participation to remain secret.
And the plaintiffs have not, do not seek the
identification of these individuals. The interest really at
stake is their privacy interest, where they could be exposed by
the publication of these affidavits, with their names redacted,
and whether or not any other information contained in there would
also have to be redacted.
If we look at the Esquibel affidavit that came in
supporting the search of his home and business, you'll see there
are numerous other computer hackers and, presumably, legitimate
computer users referred to, and that would be presumably the same
in the other affidavits for the other search warrants.
Therefore, there would have to be much redacting, if anything
could be produced in the other affidavits and the other search
warrants for the publication of these individuals who are named,
none of who have been indicted apparently, and obviously their
interest in, privacy interest should be protected. What
information could be redacted and what could be released remains
to be seen, but I'll just note for the record it seems to the
Court that there would be little that can be produced based upon
the Esquibel affidavit at least, but that is a concern to the
Court, although I don't think it's a total bar to the production
under exemption 7(C).
I think 7(D) is under the same formula, that is, could
reasonably be expected to disclose the identity of confidential
sources by the publication of these records. Again, obviously
there could be redaction. Again, there would have to be some
type of review to see whether redaction can be meaningful or not
and anything could be produced. The government's view is it
could not, but again, I don't think there's been any attempt yet
made to produce anything under that exemption, because the 7(A)
exemption is being relied primarily upon. I would note again
there would have to be redactions, and whether anything of
substance could be produced would have to be seen at a later
hearing if this matter goes forward.
So I'm going to rule primarily basically on the 7(A)
exemption that the production of these documents overall, without
relying on the sealing or not and without accepting the
circuitous argument that the plaintiff asserts the defendant is
engaged in, I think the defendant has not and has elected to
stand and fall on exemption 7(A) as applying because of the
entire documentation being produced at one time and one place
could reasonably be expected to constitute an unwarranted,
constitute an interference with the enforcement proceedings that
are ongoing.
So for those reasons, I'll grant the motion for summary
judgment of the defendant, and I'll issue an order incorporating
by reference this bench opinion.
------------------------------
Date: Thu, 23 Apr 92 16:52 GMT
From: "Essential Information, Inc." <0002633455@MCIMAIL.COM>
Subject: File 3--Ralph Nader/Cable TV/Information Networks (corrected)
"Ralph Nader/Cable TV/Information Networks"
From: Ralph Nader, Washington, DC
Date: April 16, 1992
Summary: Your help is needed to secure an amendment to pending
cable television legislation. The amendment would
create a mechanism to organize local Cable Consumer
Action Groups (CCAGs) to represent the interests of
consumers directly before regulatory and legislative
bodies. This proposal is an innovative way to create
countervailing power to some of the large corporate
interests that control our information infrastructure,
and it is a model that is highly relevant for users of
voice and data network services. Readers are asked to
sign a letter to Congress supporting this amendment.
Action is needed very soon. Respond to Jim Donahue,
Teledemocracy Project (Internet:
0002633455@mcimail.com)
Dear citizen:
As you may know, congress is currently considering cable
television legislation. Every television consumer should be
concerned about the outcome of this legislation, and particularly
citizens who are concerned about the future of information
technologies. The current fiasco with the cable industry is an
important example of the management of information technologies
for the benefit of a few corporate monopolists at the expense of
the many. Today nearly all americans are confronted with a
monopoly provider of cable video signals, who not only has total
control over what you can receive, but also what you pay.
Over the next 15 years we will see a rapid convergence of
information technologies. Soon it will be possible to transmit
voice, data, and video signals over the same fiber optic
telecommunications infrastructure. The fight over who will
control the content of information that flows over that
infrastructure, and how it will be priced, will define who can
send and who can receive information in digital form. As the use
of modern technologies increasingly makes it easier to meter the
consumption of information products and services, the gaps
between the information rich and information poor will continue
to grow.
The current battle over the regulation of the cable television
industry is an important step in a more general battle over the
control of our information infrastructure. This is a battle over
power and wealth, and also over democratic values, competition,
and enlightenment. Will we harness our great new information
technologies to promote a diversity of sources of information, or
will these technologies be used primarily as vehicles for
narrowly focused commercial interests, exercising monopoly power?
CABLE CONSUMER ACTION GROUPS (CCAG) AS COUNTERVAILING POWER
A number of consumer groups have asked Congress to adopt an
innovative proposal to help cable television subscribers organize
to represent their interests. Notices describing local Cable
Consumer Action Groups (CCAGs), which would be independent and
democratically controlled local organizations, would be placed in
the cable companies billings. The notices describe the purposes
and goals of the group and solicit funds for membership. The CCAG
would be required to reimburse the cable company for the
incremental costs of inserting the notice in the bill, so the
cost would not be a burden to the cable company or its
subscribers. These local subscriber consumer groups would then
monitor the policies and practices of the cable company, and
represent consumer interests in regulatory and legislative
proceedings and with the cable companies directly.
The cable industry is extremely active politically, contributing
millions of dollars to candidates for political office and
spending millions more in lobbying activities before legislative
and regulatory bodies. In the absence of something like the
CCAG, important public policy issues are debated in an extremely
unbalanced way. The CCAG is a modest but important step in
addressing a very corrupt system that regularly tramples on the
rights and interests of consumers.
Among the groups that have endorsed this proposal are:
Center for Media Education
Consumer Federation of America
New York City Commissioner of Consumer Affairs
Public Citizen
Teledemocracy Project
U.S. Public Interest Research Group
HAS IT BEEN TRIED BEFORE?
This proposal is based on the highly successful Citizen Utility
Board (CUB) model, which has represented ratepayers in several
states. The most successful CUB, in Illinois, has 170,000
members; its advocacy has saved consumers some $2 billion over
the past several years. Other CUBs exist in Wisconsin, Oregon
and San Diego. We want to see this innovation used nation wide
in the cable television industry. (Of course, it may well be a
model that has applications to other telecommunications issues.)
WHAT YOU CAN DO
The CCAG proposal was included in H.R. 4850, but was deleted by a
voice vote (in contrast to a recorded vote) in the House
Subcommittee on Telecommunications and Finance. The bill is now
in the full Energy and Commerce Committee, where committee
supporters will seek to restore the provision through an
amendment. We are asking you to send us an email message giving
permission to use your name in a letter to Congress supporting
this amendment. If you are willing to do so send the following
information to the Teledemocracy Project (internet:
0002633455@mcimail.com, or fax 202-234-5176).
Name:
Title: (optional)
Affiliation: (optional)
Address:
City and State: (important, for obvious reasons)
telephone: (for verification)
email address: optional
Thank you very much for your help on this.
Sincerely,
Ralph Nader
A copy of the letter follows:
-------------------------------------------------------------
LETTER
Chairman Edward Markey
Subcommittee on Telecommunications and Finance
Committee on Energy and Commerce
Washington, D.C. 20515
Dear Chairman Markey:
We are writing to support your "consumer representation"
amendment to H.R. 4850, the cable re-regulation bill. It is
imperative that new cable legislation provide a mechanism that
gives consumers a stronger voice in regulatory and legislative
debates. This amendment is ideal because it brings citizens into
the regulatory process at no cost to the government or the cable
industry.
Who in Congress can deny the unfairness of a system where the
owners of cable monopolies can use subscriber revenues for
lobbying purposes while consumers are left powerless and
unrepresented? This is only a small step toward curbing the
monopolistic power of the cable television industry. We urge the
House Energy and Commerce Committee to include your consumer
representation amendment in the cable bill.
Sincerely,
------------------------
For more information, contact:
Jim Donahue
Teledemocracy Project
voice: 202/387-8030
fax: 202/234-5176
Internet: 0002633455@mcimail.com
For a an email copy of the amendment contact Jim Donahue
(internet: 0002633455@mcimail.com).
------------------------------
Date: Mon, 20 Apr 1992 10:36:58 CDT
From: James P Love <LOVE@PUCC.BITNET>
Subject: File 4--Battle over Landsat/Public Domain (fr: Corp. Crime Rept)
++++++++++++++++++++++++++++Original message++++++++++++++++++++++++++++
Reprinted with permission from Corporate Crime Reporter.
[Corporate Crime Reporter is published by American Communications and
Publishing Co., Inc. 48 times a year. ISSN Number: 0897-4101.
Principal Editorial Offices: 1322 18th St, N.W., Washington, D.C. 20036.
Telephone: (202) 429-6928. Editor: Russell Mokhiber.]
Vol 6, No. 15, April 13, 1992.
STATES, ENVIRONMENTALISTS LAUNCH CAMPAIGN TO RETURN LANDSAT TO
PUBLIC DOMAIN. "A NASTY FIGHT IS BREWING"
A loose coalition of state officials and environmentalists has formed
to challenge the 1984 decision by the federal government to privatize
Landsat, the first satellite dedicated to the environment.
In a letter last month to Congressman James Scheuer (D-New York),
Chairman of the Subcommittee on the Environment of the House Science,
Space and Technology Committee, a number of environmental groups,
including Greenpeace, Sierra Club and the Environmental Defense Fund,
called for a "clean break with the patently unsuccessful `experiment
in commercialization'."
Landsat was first launched in 1972. Until 1984, the satellite was in
the public domain. State governments, environmental groups, and
universities used the data for a range of purposes, including
environmental management and enforcement of environmental laws.
In 1984, the Reagan Administration "commercialized" the satellite,
taking it out of the public's hands, and giving the data rights to a
private company owned by General Electric and Hughes, to sell on the
commercial market.
The coalition of users and environmental groups fighting to return
Landsat to the public domain argue that the "experiment in
commercialization" has been disastrous. High prices have dramatically
reduced the availability of the data to researchers, academics, and
conservationists. Images that once cost under $100 have now soared to
$4,500 per scene.
"At a time when destruction of tropical forests is recognized as an
international calamity, the Landsat sensors are infrequently even
turned on over the most threatened regions," the environmentalists
argued. "Those who need remote sensing most, namely conservationists
and third world natural resource agencies, are able to afford it
least."
Congressman George Brown (D-California) has introduced legislation
(H.R. 3614) that would take back some public control over the data
base. But the environmental groups are not happy with H.R. 3614. They
charge that H.R. 3614 sets up "a complicated system of partial
commercialization."
"It seems to us much better to simply eliminate `commercialization' as
rapidly as possible under existing contracts," they write.
In the letter to Scheuer, the groups argue for a return to the policy
in effect before 1984, thus making data available "to all who request
it at marginal cost of copying and distribution."
Hill staffers close to the impending battle predicted a bitter fight.
"A nasty fight is brewing," said one. "There are some former NASA
scientists who are hell-bent on returning Landsat into the public
fold. They believe that there is something wrong with commercializing
publicly funded data about the environment at prices only industry can
afford. And on the other hand, the big aerospace firms know how to
play hardball. GE and Hughes are not going to roll over and play
dead."
------------------------------
Date: Tue, 21 Apr 92 19:34:20 EDT
From: "Ofer Inbar" <cos@CHAOS.CS.BRANDEIS.EDU>
Subject: File 5--Internet Society News
In Cu Digest 4.18, Michael Rosen wrote:
> "At negligible cost, in the span of a few weeks, an entirely virtual
> global publishing network involving nearly 150 correspondents has been
> assembled," Anthony M. Rutkowski, editor in chief of the _Internet
> Society News_, wrote in the first issue of the magazine, which was
> recently published.
> [No e-mail addresses were mentioned in the letter; do you have any
> knowledge of the addresses of anyone involved in this publication?]
>From the inside front cover of the Internet Society News Vol 1 No 1:
Editor-in-Chief: Anthony-Michael Rutkowsky <amr@nri.reston.va.us>
<amr@media-lab.media.mit.edu> <amr@cernvax.cern.ch>
Associate Editor: Joyce K. Reynolds <jkrey@nri.reston.va.us>
Editorial Advisory Board:
Brian Carpenter <brian@cernvax.cern.ch>
Christian Huitema <huitema@mirsa.inria.fr>
Ole Jacobson <ole@csli.stanford.edu>
Carl Malamud <carl@malamud.com>
Joyce Reynolds <jkrey@nri.reston.va.us>
Mike Roberts <roberts@educom.edu>
Anthony Rutkowski <amr@nri.reston.va.us>
Mike Schwartz <schwartz@latour.colorado.edu>
Bernard Stockman <boss@sunet.se>
Internet Society Board of Trustees:
Hideo Aiso <aiso@sfc.keio.ac.jp>
Charles Brownstein <cbrownst@note.nsf.gov>
Vint Cerf <vcerf@nri.reston.va.us>
Lyman Chapin <lyman@bbn.com>
Ira Fuchs <fuchs@pucc.princeton.edu>
Frode Greisen <neufrode%neuvm1.bitnet@searn.sunet.se>
Juergen Harms <harms@cui.unige.ch>
Geoff Huston <g.huston@aarnet.edu.au>
Robert Kahn <rkahn@nri.reston.va.us>
Tomaz Kalin <kalin@ijs.ac.mail.yu>
Kenneth King <kmk@educom.edu>
Lawrence Landweber <lhl@cs.wisc.edu>
Anthony Rutkowski <amr@nri.reston.va.us> [temporary]
------------------------------
End of Computer Underground Digest #4.19
************************************
Computer underground Digest Sat May 2, 1992 Volume 4 : Issue 20
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Associate Editor: Etaion Shrdlu, Jr.
Arcmeisters: Brendan Kehoe and Bob Kusumoto
CONTENTS, #4.20 (May 2, 1992)
File 1--COCOT Scam or Simple Exploitation?
File 2--Pres. Candidates ONLINE (Perot, Bush, Clinton, Brown, etc.)
File 3--Ross Perot for President BBS
File 4--FBI attempting to use mailing lists for Investigations
File 5--Society and Tech Online
Issues of CuD can be found in the Usenet alt.society.cu-digest news
group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG,
and DL0 and DL12 of TELECOM, on Genie, on the PC-EXEC BBS at (414)
789-4210, and by anonymous ftp from ftp.eff.org (192.88.144.4),
chsun1.spc.uchicago.edu, and ftp.ee.mu.oz.au. To use the U. of
Chicago email server, send mail with the subject "help" (without the
quotes) to archive-server@chsun1.spc.uchicago.edu.
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Fri, 24 Apr 92 19:01:13 CDT
From: Jim Thomas <tk0jut2@mvs.cso.niu.edu>
Subject: File 1--COCOT Scam or Simple Exploitation?
Telephones and long distance service are crucial to modemers, and most
of us have become accustomed to the abuses of providers, especially
COCOTS and smaller long distance carriers. COCOTs, Customer-Owned
Coin-Operated telephones, are bad enough when they rip-off the general
public, but when they exploit a captive population, they can be
unethical, perhaps illegal. The scenario of one example of COCOT abuse
and a high-rate long distance carrier illustrate the problem.
A caller (C), recently released from a federal prison, was sent to the
Salvation Army Freedom Center (SAFC) (a community corrections center
at 105 S. Ashland in Chicago) to serve out the final months of his
sentence. He made two collect calls to a friend (JT) on March 24
(10.20 pm) and March 31 (9.29 pm). Believing these were routine
calls, JT accepted them. The two calls were for $10.40 (for 20
minutes) and $5.23 (for five minutes). Neither charge includes taxes.
The phone at the SAFC is a COCOT, and the long distance carrier is
U.S. Long Distance.
When prisoners are released from the custody of a prison to a
community center, they normally immediately call their family and
close friends to assure them they are fine and to provide a new
address and other information. Released prisoners are generally not
likely to have long distance credit cards or to be consumer-literate
on the nuances of long distance billing. Newly released prisoners
rarely have sufficient financial resources, and in Illinois, most come
from low-income backgrounds. Consequently, excessive phone costs are
being imposed on those least-able to afford it. The SAFC is taking
advantage of the importance of communication with the outside and with
the lack of consumer literacy to exploit ex-offenders and their
families. Their stated purpose to "help" prisoners is not served by
these excessive rates of which the SAFC receives a substantial
flat-rate portion and perhaps an additional percentage.
Whatever the ethics of the SAFC COCOT, it seems aided by apparently
deceptive practices of the long distance company, USLD, which may
be illegal.
JT received his March telephone bill from GTE, his local carrier. He
noticed that the charges were billed by Zeroplus dialing, a billing
agent that handles calls for a number of long distance carriers. He
called his local GTE representatives to complain, and was told by two
supervisors that GTE could do nothing, that they only collected the
fees *for* other carriers, and that consumers should be consumer
literate and be aware of who the long distance carrier is *before*
accepting a call. They indicated that customers should also inquire
about the toll charges before accepting. Even when raising the issue
of possible fraud, GTE personal were indifferent. Although
acknowledging that they received "many" complaints, they emphasized
that it was the consumers' responsibility to educate themselves.
JT obtained the number for USLD's customer service, which turned out
also to be Zeroplus Dialing. So, he called Zeroplus to further
investigate the charges. Zeroplus indicated that they, too, were
merely a billing agent (as well as customer service representatives),
and that the carrier was U.S. Long Distance (USLD) out of San Antonio,
Texas. They indicated that they were powerless to adjust a billing
and suggested calling USLD directly. They also indicated that GTE was
able to adjust billings. GTE vehemently denied this, but a return
call to Zeroplus prompted two supervisors to check, and they indicated
that, according to their contract, GTE personnel were mistaken.
(Another call to GTE to ask for an explanation in the discrepancy
between the claims led to another denial.
A call to USLD was initially less than satisfactory. A representative
there indicated that they had nothing to do with the billing. They
only set the rates, and JT must take billing problems up with
Zeroplus. JT again called Zeroplus, who indicated that USLD's claim was
nonsense, and USLD was the only company who could provide information
about the bill, the COCOT, and handle the complaint. The information
about billing procedures provided by supervisors seems confusing. As
near as JT could determine from the conflicting information provided,
USLD claimed only to set rates, not involve itself with billing or
rate adjustment. Zeroplus Dialing claimed only to process and collect
the charges, not adjust billing. GTE claimed only to serve as billing
agent, and claimed to have no authority to adjust billing. Each
organization referred JT to the others.
Neither USLD nor Zeroplus were willing or able to provide information
about the identity of the COCOT or the location of the telephone,
although GTE was able to identify the location (but not the owner) in
about 60 seconds. According to C, the caller, there was no information
on the telephone itself identifying it as a COCOT, and the only marker
on it was a sticker that indicated a repair number, but no
other identifying information.
JT's recollection was that when he accepted the calls in March, the
long distance operator *did not* identify with a company, but said
only: "Long distance operator with a collect call from C. Will you
accept it?" This seemed to be a normal inquiry and was sufficiently
close to the "AT&T long-distance" format that the call was
unquestioned. But, because of time that had elapsed, it was possible
that JT's recollection of the March calls was flawed. To be sure, JT
arranged for C to call several times in late evening of April 24. C
made three collect calls to JT with the following results. The ensuing
dialogue was written as it transpired and was heard by both JT and C:
Call 1, about 11:30 pm -- The phone rang:
JT: Hello?
Op1: long distance operator with a collect call from C.
Will you accept?
JT: Which long distance operator?
Op1: This is the long distance operator.
JT: I mean, which long distance company are you the long distance
operator for?
Op1: U.S. Long Distance.
JT: How much will accepting the call cost?
Op1: What?
JT: How much will it cost me to accept these charges? What are
your rates?
Op1: I don't know. I'll have to connect you to my supervisor.
The operator then disconnected, although in talking with his
supervisor later, the disconnection seemed a legitimate accident. On
disconnect, C immediately called back.
Call 2 -- This call came through an automated voice message system in
which a pre-recorded male operator's voice announced that a company
called "American" had a long distance call from (pause for caller to
identify himself). The pre-recorded voice then continued: Dial 5 to
reject the call, 0 to accept, otherwise stay on the line. Believing
that "stay on the line" meant that a live operator would answer, JT
stayed on the line, but the original message repeated several times.
Wondering if dialing a 9 would connect to a live operator, JT dialed
9. Whether through inadvertent dialing or through the system's failure
to recognize the 9, the call went through as "accepted." Both JT and
C immediately disconnected. The GTE supervisors' earlier advice to
inquire about LD tolls is rather difficult when it is not possible to
speak with an operator. Legal? Apparently. Shady? Deceptively so! On
disconnect, C called JT a third and final time.
Call 3, about 11:50:
JT: Hello?
Op2: Long distance operator with a collect call from C. Will you
accept the call?
JT: Which long distance company are you with?
Op2: U.S. Long Distance.
JT: How much will the call cost if I accept?
Op2: What?
JT: What are your rates? Will this be expensive?
Op2: I don't know. Just a minute, I'll have to check with my
supervisor.
(placed on hold for about 15 seconds)
Op2: The first eight minutes will be $7.46, and 42 cents for each
additional minute. Do you accept the call?
JT: What if we only talk for five minutes?
Op2: It's a flat rate.....do you accept the call or not?
JT: Even for a short call?
Op2: (pause) The first minute would be $5.92. Do you accept
the call?
JT: Just a minute, I'm calculating....
A little over a minute of discussion interspersed with the operator's
insistance that JT make a decision on accepting, even though it was
made clear that he was calculating, created pressure to accept, so JT
asked to speak to a supervisor. The operator said "just a moment,"
and disconnected him. However, the phone rang about 30 seconds later,
and the USLD supervisor was on the line apologizing for both accidental
disconnects. The supervisor was helpful and courteous, and not
unsympathetic to the situation. She discussed the billing policies and
the USLD system for about 20 minutes. However, she indicated that the
USLD policy was to indicate immediately that the call was from U.S.
Long Distance when the operator connected with the charged party, and
seemed concerned that their operators failed to do so.
What is to be made of this?
1. USLD's DECEPTION: The failure of multiple operators to immediately
identify themselves and their company when connecting with the party
called may or may not be intentional, but the result is deceptive.
Whatever the stated policy of USLD, there is unequivocal evidence that
their operators, either by informal norm or by tacit operator
procedures, violate what all supervisors indicated to be a legal
requirement to self-identify when connecting with customers. The
introductory words ("long distance operator with a collect call
from...") are said quickly and are glossed over, and normally the
party called doesn't listen with sufficient care to determine that
"long distance operator" isn't preceded with a company name. The
focus is generally on *who* is making the call, not with the need to
pay cautious attention to a quickly-spoken carrier name (or whether
the name is spoken at all). Further, the dialogue reveals that the
initial words were "Long distance operator" and not "This is the long
distance operator," which removes the second or so that listeners
require to get their audio bearings that an extra word or two would
provide. If AT&T's claim to be *THE* long distance company has merit,
then one would normally associate the initial words "long distance
operator with a collect call from..." with an established company.
Whatever the motivation, USLD's operators seem to employ a deceptive
method by which a small long distance carrier that charges
exceptionally high rates can confuse and mislead a customer.
2. GTE'S "RESPONSIBILITY:" GTE distanced itself from what it agreed
can be abusive practices of those for whom it serves as a billing
agent: a) It claimed "nothing can be done" because it's only the
billing agent; b) It claimed that abusive policies of others are
unfortunate, but not their problem--it's the fault of deregulation
(akin to saying people don't rip-off people, opportunities do); c) It
"blamed the victim" by saying that it is consumers' responsibility to
be consumer-literate. Let's look at this rationale:
a) NOTHING CAN BE DONE: If an LD carrier for whom GTE is a billing
agent is alleged to engage in deceptive practices in violation of
either law or policy, GTE is under no obligation to treat that carrier
"neutrally" as GTE personnel claim. If they uncritically accept the
responsibility of collecting for any company that repeatedly engages
in deceptive practices, then it effectively acts in collusion with the
offender. One would hope for a more ethical response from an
enterprise such as GTE that claims to be a staunchly reputable
company. If they are actually saying they can do nothing in the face
of alleged deception other than shrug their shoulders and collect
their cut, then they promote deceptive practices. Even a sympathetic
"we'll look into it" response would be better than blowing off the
complaining customer with a "tough luck kid, ya shoulda knowed better"
attitude.
b) DEREGULATION'S THE PROBLEM: Telling a ripped-off customer that
it's deregulation, not peoples' behaviors, that cause problem is
akin to the Secret Service telling BellSouth that the Legion of Doom
wasn't guilty of breaking into their computers--it was the
computer's weak security that was at fault. Len Rose, Craig Neidorf,
and Shadowhawk learned that this line of reasoning has little currency
when a teleco alleges victimization. Unethical behaviors are the
problem, not deregulation. For GTE to use this excuse to distance
themselves from their obligation to assure that they do not promote
rip-off by serving as a collection agent for those ripping-off is
merely another form of denying both the problem and their obligation
to investigate complaints for which there is evidence of deception.
Instead of aligning themselves with an ethical position, GTE aligns
with the problem.
c) THE CUSTOMER SHOULD KNOW BETTER: Should consumers be
consumer-literate? Absolutely! Is it possible to be consumer literate
in this situation? No way! The problems of collecting information
after the problem occured were difficult, and JT still lacks answers
to the questions he posed to over a dozen teleco personnel in as many
day-time, full-rate long distance calls. Consider just a few of the
problems in becoming "consumer literate:"
When a long distance carrier is less than forthcoming about its
identity when connecting with a collect call, and when it's initial
spiel to a customer gives the impression that it is a familiar,
common, company rather than one that charges high rates, consumers are
put at a disadvantage. When asked about billing costs, operators do
not have this information readily available, and one operator
(operator 2) gave rates different from those given by a
supervisor--the operator gave inaccurate information. Further, when
an *automated* system connects with a consumer, there is no
opportunity to investigate the rate structure. If there is no obvious
way to connect with on-line personnel, it is impossible to
self-inform.
The multi-tiered billing structure and, in this instance, the initial
unwillingness of each company to accept responsiblity for the billing
policy creates further difficulties in obtaining information. Queries
to operators and supervisors on a number of basic issues led to "I
don't know," "We don't have that information," or "we can't give that
information out." It is unreasonable to expect the average consumer to
be functionally literate when there are so many barriers to obtaining
information. Ironically, a GTE supervisor who strongly argued that
consumers should familiarize themselves with teleco policies gave out
significant erroneous information: JT asked whether there were some
higher authority than this supervisor to whom he could appeal in
discussing the problem. She claimed unequivocally and absolutely that
she was the ultimate arbiter, and there was no one higher.
Subsequence calls indicated she was in error. Although she did not
intend to deceive and simply coded the question in a limited way
(despite multiple rephrasings), she nonetheless misinformed. Her
information would lead one to believe that there were no other channels
to be pursued at GTE, which would deter most customers from additinal
inquiry. Further, either GTE personnel or Zeroplus personnel were in
substantial error when identifying GTE's contractual ability to
adjust charges. If teleco supervisors and managers cannot sort out
fundamental responsibilities, how can consumers be expected to be
"consumer literate?" Although the GTE supervisor was otherwise
cordial, her error provides a significant example of the distorted
information given to consumers even when they try to inform
themselves.
3. THE ETHICS OF THE SALVATION ARMY FREEDOM CENTER: The SAFC should
be held to account for exploiting those people it ostensibly is
contracted to serve. The SAFC reportedly receives a portion of the
initial connect charge in two separate categories. One figure was
$1.40, and the other $1.75. The USLD personnel providing these figures
did not know if they were combined or if the SAFC receives an
additional percentage of the toll over the initial connect charge.
Whatever the details, the SAFC is being compensated by people who can
ill-afford such exorbitant rates. It is not clear whether there are
COCOTS for personnel who are not recently released prisoners in the
area of the facilities for employees or "civilians." Nor is it known
whether coin-operated phones elsewhere in the facilities have carriers
with more traditinal rates. SAFC personnel with whom JT spoke
claimed to have no knowledge of the telephone policies, who was in
charge, who collected the money, or who made the decisions for
selecting specific carriers. Whatever the reasons, the SAFC is
engaging in a practice that questions both their integrity and their
stated purpose of facilitating ex-offenders' return to society.
4. WHAT IS THE CUSTOMER'S RESPONSIBILITY? Judging from this incident,
it is impossible for consumers to inform themselves of the nuances of
teleco policies. It is not that there are too many separate policies
created by deregulation (as GTE personnel and others claimed). Rather,
there are too many teleco-created obstacles to obtaining information
and too many levels for the intrusion of misinformation, some given
intentionally, some inadvertently. In a sad and rather ironic way, the
consistent misinformation or deception of telecos partially supports
the contention of phreaks and hackers that unauthorized intrusions
into industry computers are necessary to help provide information on
corporations that seem unaccountable for their actions.
The telephone has long been a semi-friendly device that we come to
accept as part of everyday life. Most consumers do not expect
answering a ringing telephone to be an occasion for potential rip-off
by telecos that claim to serve, rather than abuse, us. Unfortunately,
given the behavior of those acting on behalf of some telephone
companies, the telephone is becoming a potential enemy and instrument
of abuse. Rather than serving as an instrument that brings people
closer, the actions of telephone abusers, including teleco personnel,
are making us more distrustful.
WHAT IS TO BE DONE? Readers of Pat Townson's TELECOM DIGEST
continually identify teleco abuses and relate how they can be resisted
(Telecom Digest is available on usenet). In cases such as this,
several responses might be useful. First, those receiving collect
calls should question the operator to determine the identity of the
carrier if not initially given. Parties should also request a
detailed rate structure that includes the cost of the initial
connection, the cost-per-minute, and any additional charges. Second,
when alleging abuses, filing complaints with appropriate agencies,
such as the state's public utilities/commerce commission, is crucial
to bring to legislators' attention the problems of COCOTS,
questionable carrier practices, and other issues. Third, letters to
the telecos involved, legislators, and others also increases the
visibility of the problem. Finally, if otherwise legitimate
organizations, such as the SAFC, are utilizing carriers or COCOTS that
abuse public trust, the matter should be brought to their attention.
If they are under contract to another organization, as the SAFC is to
the Illinois Department of Corrections, then the contracting
organization should also be notified. It also is often possible to
involve watchdog or consumer advocacy groups (in Illinois, Citizen's
Utility Board and others) to provide suggestions for responding.
When telecos challenge the ethics and social competency of hackers,
they claim to hold the moral highground and object to what they
perceive as predatory behavior when their own ox is gored. When their
own practices are challenged, they are far less willing to apply the
same standards of behavior to themselves that they expect from others.
Like Woody Guthrie said, "Some rob ya with a six-gun, some with
a fountain pen."
------------------------------
Date: Thu, 30 Apr 92 22:58:58 PDT
From: jwarren@AUTODESK.COM(Jim Warren)
Subject: File 2--Pres. Candidates ONLINE (Perot, Bush, Clinton, Brown, etc.)
Please copy, post & circulate
It's time to have an ONLINE presidential debate/forum.
Here is the message I just faxed and snailmailed to the indicated
presidential candidates.
** Please send your own request (feel free to modify this one if you wish).**
** If they get enough requests, they will be pressured to participate. **
** (When you send a request to them, please send a note of it to me.) **
Greetings,
We invite you to join an ONLINE presidential candidates' forum.
Ross Perot has proposed using "electronic town-hall meetings" to
allow citizens to participate in their/our government.
Jerry Brown has reaped national headlines from "going online" on a
small computer network (GEnie) to discuss his candidacy with a
national audience.
George Bush signed legislation last year, to greatly enhance the
nation's "electronic highway system" that already connects 1.3-million
computers.
There are about 8- to 15-million people who are "online" -- using
computer-teleconferencing and electronic-mail services across this
cooperative web of computers called the "Internet." Several million
people regularly read news and participate in public discussions using
this network.
Perot and Brown have shown that they know how to use these "electronic
highways" to share their views with those whom they propose to
represent. We ask you to do the same.
We ask you to make your views available to 8- to 15-million people.
You can do so, at little or no cost to you or to your audience.
Here's how:
1. You will "speak" by electronically "posting" your remarks on the
network within a one-week period -- at any time and place that is
convenient for you, night or day, using any normal telephone. [also,
please see item 9, below]
2. You will post (1) position-statements and comments on issues of
interest to you, similar to"opening remarks" in a face-to-face debate,
and (2) your responses to questions from reporters selected by the
nation's leading news media.
3. The reporters will be chosen by daily newspapers with at least
250,000 circulation, plus recognized national news-magazines, plus the
national television networks. These organizations will be invited to
select one of their editorial/news staff to pose questions to you
throughout the one-week period. Reporters will be encouraged to pose
follow-up questions and to post special note if a candidate fails to
respond to a question by the end of the week's forum.
4. Both the candidates and the reporters will be encouraged to
consult with others in drafting their questions, responses and
comments. The number of questions per reporter will be limited by
agreement among that group.
5. For each question or comment, reporters will be limited to
10-lines x 80-characters/line. Each of your responses will be limited
to 40-lines x 80-characters/line. There will be separate facilities
provided where you can post more extended comments and
position-papers, if you wish to do so.
6. All participants will agree that their questions, responses and
comments are to be in the public domain and may be copied without
further permission.
7. The participating reporters will agree to accept electronic-mail
from anyone wishing to send it to them during the one-week period, and
their electronic addresses will be attached to each of their
questions. Thus, everyone else online will be able to suggest
questions and offer additional information and comments to the
reporters.
8. In parallel with this debate/forum where participation will be
limited to presidential candidates and the questioning reporters,
there will also be a nationwide public forum in which everyone online
may discuss the questions, your responses and the issues that are
raised -- via an established system for such discussion already in use
by several million people.
9. We will schedule this forum as soon as one or more major
national candidates agree. It will take place regardless of whether
all candidates choose to participate.
10. There will be no cost to your campaign -- assuming that your
campaign has access to a personal-computer with a telephone-modem and
can find someone you trust* who can operate it and is familiar with
how to use the network.
* - If you cannot locate a computer person, we will be happy to
distribute a request for volunteers across the network for you.
A copy of this has been faxed and mailed to other candidates as noted,
below. Copies have also been posted to numerous online newsletters
and newsgroups, and e-mailed to numerous leaders across the network.
You may be somewhat-able to gauge likely-interest in this proposal by
the number of similar requests you receive in the next several weeks,
by phone-call, fax and "snailmail."
I would be happy to discuss this with you or your staff, and look
forward to your timely reply -- which will also be promptly publicized
across the nets.
I remain, Sincerely,
/s/ Jim Warren
Electronic Civil Liberties Initiative
345 Swett Road
Woodside CA 94062
415-851-7075; fax/415-851-2814; e-mail/jwarren@well.sf.ca.us
[ And, for identification purposes only: founder, InfoWorld newspaper;
Contributing Editor & "futures" columnist, MicroTimes (~200,000 circulation);
organizer & Chair, First Conference on Computers, Freedom & Privacy (1991); a
recipient, first Pioneer Awards (1992), Electronic Frontier Foundation;
founding host, PBS television's "Computer Chronicles" series; founding
President, Microcomputer Industry Trade Association; member, Board of
Directors, Autodesk, Inc.; etc. ]
cc:
H. Ross Perot, P.O.Box 517010, 12377 Merit Dr.#1100, Dallas TX 75251-7010
attn: Sharon Holman or Tom Luce, unofficial campaign honcho/a
national/800-685-7777; in Texas/214-419-5000; fax/800-925-1300
Jerry Brown, 2121 Cloverfield Blvd.#120, Santa Monica CA 90404-5277
attn: Jodie Evans, campaign manager
national/800-426-1112; in California/310-449-1992; fax/310-449-1903
George Bush, 1030 15th St. NW, Washington DC 20005
attn: Robert Mosbacher, campaign manager
national/202-336-7080; [no 800-number]; fax/202-336-7117
Bill Clinton, P.O.Box 615, 1220 W. 3rd St., Little Rock AR 72201
attn: Dave Wilhelm & Jeff Eller, campaign manager & campaign spokesperson
national/501-372-1992; [no 800-number]; fax/501-372-2292
[Send other copies to the presidential candidates of *your* choice.]
------------------------------
Date: Fri, 1 May 92 16:21:33 CDT
From: Moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 3--Ross Perot for President BBS
One candidate who has gone on-line is H. Ross Perot, independent
candidate for President. This month's (May, 1992) issue of BOARDWATCH
MAGAZINE (for information, contact Jack Rickard at:
jrickard@teal.csn.org). as a lengthy article on Perot and his "new
vision" for an electronic democracy. BOARDWATCH reports that Dave
Hughes, sysop of the former Rogers Bar BBS in Colorado Springs,
established the Ross Perot for President BBS as a way of an
"electronic town hall." The number is: (719) 632-3391. Below are
selected excerpts of what you see when you log in:
**********
atdt 1 719 632 3391
RINGING
CONNECT 2400/NONE
Welcome to the H. Ross Perot
Support BBS of Old Colo City
THE ELECTRONIC BACK ROOM
AT ROGERS BAR!
First Name? jim
Last Name? thomas
Calling from (City,State)? DeKalb, IL
TBBS Welcomes JIM THOMAS
Calling From DEKALB, IL
Is this correct? Y
<A>VIDTEX <B>TRS-80 1/3 <C>VT-52 <D>ATARI <E>H19/H89/Z19
<F>IBM PC <G>Televid 925 <H>VT-100
Enter letter of your terminal, <CR> if not listed: F
Terminal Profile Set to:
ANSI codes Allowed
IBM Graphics Allowed
Upper/Lower Case
Line Feeds Needed
0 Nulls after each <CR>
Do you wish to modify this? N
Please Enter a 1-8 character Password to be used for future logons. This
password may have any printable characters you wish. Lower case is considered
different from upper case and imbedded blanks are legal. REMEMBER THIS
PASSWORD. You will need it to log on again.
Your password? xxxxxxxxx
Re-enter New password to verify: xxxxxxxxx
You are caller number 467
You are authorized 30 mins this call
Searching Message Base ...
You have no personal messages waiting.
******************************
** Online for H. Ross Perot **
******************************
<P>urpose of this BBS
<C>olorado Campaign Information
<M>essage Boards Where You Can Start A Topic
<R>ead All Messages all Boards Now
<I>nformation about Perot
<F>iles - Upload, Download or Read Longer Documents
<W>ho are last 127 Callers?
<T>echnical Matters
Command: p
Type P to Pause, S to Stop listing
This BBS is put up to help those interested in the
H. Ross Perot potential Presidential Candidacy:
(1) Find out legal requirements for signing petitions
in Colorado
(2) Find out where/who/when you can sign
(3) Learn more about Perot and his views
(4) Locate other interested supporters
(5) Register to help out
(6) Discuss Perot and the Campaign BBS style
(This BBS operates courtesy of Dave Hughes, from the premises
of Old Colorado City Communications, 2502 West Colo Ave, #203
Colorado Springs, CO 80904. 719-632-4848 voice. It uses the
phone line 719-632-3391 which, since 1980 has been used
effectively to conduct 'online politics' from Rogers Bar.)
Command: i
Information About The Candidate
(1) Brief Biography
(2) What people say about him
(3) Other Published Sources
(-)Previous Menu
(0)Top Level Menu
(G)oodbye...Log off
Command: r
Type P to pause, S to stop, N to skip to next msg
<F>orward or <R>everse Multiple
<N>ew Messages
<M>arked Messages
<S>elective Retrieval
<I>ndividual Message(s)
<A>bort Retrieve
Which One? N
Pause after each msg(Y/N)? Y
Command: d
Type P to Pause, S to Stop listing
Recent Uploads to the System:
SPEECH1 7040 Perot Speech before National Press Club
LIMBAUG1 3308 Rush Limbaugh's Reaction on Compuserve
WELL0325 12868 Heavy Discussion on the 'Well' (Calif)
BOOKS 373 List of Books about Perot
INSIGHT 6912 A Reporters View of Perot in his element
OFFICE 1939 Colorado Springs Office Organized
BIO 5888 Biography of Perot
USATODAY 2638 Extracts of Perot Views on Issues
TRIGGER 13274 Debate on Perot's 'Trigger Happy' potential
NATPRESS 41088 Full Text National Press Club Speech
CONTACTS 5893 Perot Organizers in Other States
IDEAS91 7266 1991 Ideas and Positions taken by Perot
WELL0418 11400 Well discussion of 'responsibility'
THE-DEFICIT 3982 Key Issue # 1 - The Deficit
EDITORLTR 2515 Letter to Editor, local CS paper
HELP 0 new jersey
UFOBBS.TXT 308 PHOENIX LIBERATOR EXCITING NEW NATL UFO BBS (
<D>ownload, <P>rotocol, <E>xamine, <N>ew, <L>ist, or <H>elp
**********
The idea of a board that serves as a community forum and a place for
obtaining speeches and other documents pertaining to candidates for
political office is nifty. As Jim Warren (above) suggests, politicians
should be persuaded to move into the 21st century and contribute to the
development of cyberspace.
------------------------------
From: Dave Banisar <banisar@WASHOFC.CPSR.ORG>
Date: Tue, 28 Apr 1992 21:49:11 EDT
Subject: File 4--FBI attempting to use mailing lists for Investigations
Source: Computer Privacy Digest and Risks 13.54
FBI attempting to use mailing lists for investigation
The 20 April 1992 issue of DM News, a direct marketing trade
publication, reports that within the past two weeks, Metromail and
Donnelly Marketing (two of the very largest mailing list companies)
were approached by the FBI which is seeking mailing lists for use in
investigations. Other mailing list firms also received feelers
according to the story. "Neither of the identified firms would discuss
details, but one source familiar with the effort said the FBI
apparently is seeking access to a compiled consumer database for
investigatory uses."
"The FBI agents showed 'detailed awareness' of the products they were
seeking, and claimed to have already worked with several mailing list
companies, according to the source."
Metromail, according to the article, has been supplying the FBI with
its MetroNet address lookup service for two years. The FBI said that
the database is used to confirm addresses of people the FBI needs to
locate for an interview.
This marks the first time since the IRS tried to buy mailing lists in
1984 that a government agency has attempted to use mailing lists for
enforcement purposes.
In a separate but related story in the April 24 issue of the Friday
Report, a direct marketing newsletter, the RBOC's are teaming up with
other firms to develop white page directories on CD-ROM. For example,
US West has a joint venture with PhoneDisc USA of Marblehead, Ma. The
article states that the company offers lists failing mailing list
enhancements to law enforcement agencies. [NOTE: an enhanced list
means the names and addresses were matched with a marketing database
and additional demographic information was added to the list from the
marketing database].
Mary Culnan, School of Business Administration, Georgetown University
MCULNAN@GUVAX.GEORGETOWN.EDU
------------------------------
Date: 29 Apr 92 18:41:02 EDT
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 5--Society and Tech Online
GEnie's Public Forum*NonProfit Connection area (home of CuD back
issues on GEnie) has announced a series of online conferences on
Technology and Society.
For CuD readers that may be GEnie users, here's the schedule of
events....
ward Rheingold -- Virtual Reality
------------------------------------------
When Grateful Dead guitarist Jerry Garcia experienced virtual
reality, he said, "They made LSD illegal. I wonder what they are
going to do about this stuff."
With a head-mounted display and sensors monitoring body movement,
people are already walking through computer-simulated buildings
before construction and firing weapons from remote tanks. What
will the future look like? What decisions should we make now,
before the full impact of virtual reality?
Howard wrote _Virtual Reality_, edits _The Whole Earth Review_
and consults with the US Congress Office of Technology
Assessment. He has written for such publications as _The New
York Times_, _Esquire_, _Playboy_ and _Omni_. His other
(excellent!) books include _Tools for Thought_ and _Excursions to
the Far Side of the Mind._
May 10: Steve Cisler -- Public Access to Information
----------------------------------------------------
Steve, an expert on national information issues from Apple Computer,
will join a discussion of public access to information and public
control over high-speed data highways.
May 24: Katie Hafner -- Social Consequences of Computer Networks
-----------------------------------------------------------------
Co-author of _Cyberpunk: Outlaws and Hackers on the Computer Frontier_,
Katie will talk with us about the communities that have grown up around
computer networks.
May 31: Jerry Berman -- Free Speech Online
-------------------------------------------
Founder of the ACLU Privacy and Technology Project and now director
of the Washington, DC, office of the Electronic Frontier Foundation,
Jerry will join our discussion about who controls the content of
electronic communication and the systems through which it travels.
All conferences will begin at 9pm EDT in the PF*NPC conference
area.
If the issues and discussions raised by the conferences warrant,
future issues of CuD may contain summaries or excerpts from these
conferences as appropriate.
------------------------------
End of Computer Underground Digest #4.20
************************************
Computer underground Digest Sun May 10, 1992 Volume 4 : Issue 21
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Associate Editor: Etaion Shrdlu, Jr.
Arcmeisters: Brendan Kehoe and Bob Kusumoto
CONTENTS, #4.21 (May 10, 1992)
File 1--Police PR meets style v. substance
File 2--BloomBecker's 5 points for crime policy
File 3--The Forgotten Victims of the "Bill Cook" Raids
File 4--A Forgotten Victim of the 1990 Raids
File 5--Pay Craig's Legal Fees For 29 Cents?
File 6--Online Debate Article
File 7--Two Cornell Students Indicted in Virus Case
Issues of CuD can be found in the Usenet alt.society.cu-digest news
group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG,
and DL0 and DL12 of TELECOM, on Genie in the PF*NPC RT libraries, on
the PC-EXEC BBS at (414) 789-4210, and by anonymous ftp from
ftp.eff.org (192.88.144.4), chsun1.spc.uchicago.edu, and
ftp.ee.mu.oz.au. To use the U. of Chicago email server, send mail
with the subject "help" (without the quotes) to
archive-server@chsun1.spc.uchicago.edu. European distributor: ComNet
in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Sat, 2 May 1992 18:18 CDT
From: <BOEHLEFELD@WISCSSC.BITNET>
Subject: File 1-- Police PR meets style v. substance
A late response, but regarding the discussion of the Fresno police
press release (discussed in Cu Digest, #4.18):
I don't have a scientific sample, but I've looked at information from
a variety of police/law enforcement agencies for several years as
a journalist. I have only known one PIO who has had journalism
training before entering law enforcement, and her time on the PIO
desk was limited. Many of the releases I saw over the years included
misspellings, grammatical and other errors. (So, too, did many of
the police reports I have looked at over the years.) I have seen
similar releases about LSD being circulated on stickers with cartoon
characters, and about 'unsavory strangers' lurking in communities.
The sensationalism of the writing concerned me far more than the
minor details of spelling or apparent lack of letterhead. I have
a computer, I have a modem, I have children and I have an acquaintance
who claims to run an x-rated bbs. I also manage to keep these elements
of my life separated. But, if we acknowledge that the computer literacy
of various members of our society ranges from none to much, and that
many of us, likely, fall somewhere in between, I'm afraid hype of
the kind this press release generates will not do much in ensuring
that the potential benefits of personal electronic media will accrue
to all of us. It seems fear tactics generate fear, not understanding.
Sensationalism is not produced by 'the media' alone.
I think your response, which included reports of conversations
you apparently had with Fresno police personnel, put the actual
event in better perspective.
I'm not suggesting that every police department needs to hire a
public relations specialist (though friends in PR probably would),
but each of us who writes for public consumption would do well to
consider how we get attention for an issue we believe is important.
(The other recent post about preparing material for posting had
some good advice.)
In other words: If you want to be believed, keep it simple. Keep
it straight.
------------------------------
Date: Mon, 4 May 1992 8:50:01 GMT
From: NEELY_MP@DARWIN.NTU.EDU.AU(Mark P. Neely, Northern Territory
Subject: File 2--BloomBecker's 5 points for crime policy
In response to: CuD 4.14 BloomBecker's Legal Guidelines at CV&SC Conference
BloomBecker's 5 points for a nationwide set of legal guidelines for
computer crime are fundamentally flawed!
> 1. The creation of a $200 crime law deductible. Damages incurred below
> that figure would not be the subject of criminal action.
"Damages" would presumably include the $$$ spent in wages for someone
to inspect the system for maliciously inserted code. It would not be
hard at all to run up a wages bill in excess of $200 in doing so.
Ergo, _all_ computer intrusions would be the subject of criminal
action.
One alternative is to set a realistically higher damages threshold for
criminal proceedings, and allow the "victim" to seek a civil remedy
against the alleged intruder.
> 2. The creation of a civil course of action for inadequate computer
> security
This sounds, at first sight, quite fair. For instance, here in Darwin
Australia, I can be given a ticket for failing to lock my car doors!
This measure was introduced in an effort to raise public awareness of
escalating car thefts, and to promote public responsibility for
prevention (which is always better than any cure :)
But it is difficult to see how such a measure can be justly applied to
computer security. My primary problem is the phrase "inadequate
computer security". Locking my car door takes a bit of forethought
and a second or two upon my exiting the vehicle. "Locking" a computer
system would require considerable administration time and money.
I would also assume that the "inadequacy" of the security is to be
measured in light of the data/system to be protected? Is the civil
penalty to be applied to government and quasi-government systems?
Are personal computer operators/ BBS SysOps to be made subject to such
a requirement?
> 3. The making of reckless computing a felony. "Reckless computing" is
> classified as anything which could potentially cause damage.
Weird... Ctrl-C'ing at the right time could "potentially cause damage"
by crashing the host machine. Causing a conflict of 2 TSR's at your
end (thereby causing your machine to lock up) necessitating a reboot
(and hence dropping the connection) could "potentially cause damage"
to the host system.
Sorry..."reckless" as opposed to "intentional" conduct should NOT be
the subject of criminal actions unless there is good grounds for doing
so.
Recklessness in, for example, the area of driving a motor vehicle may
justifiably be the subject of legal sanctions - but only because of
the danger to life that it causes. I don't think there is an analogous
justification in the area of computer misuse!
> 4. The making a careless computing a misdemeanor.
How do you distinguish "careless" and "reckless"? Does not "careless"
computing have "the potential to cause damage"?
> 5. The enactment of greater protection against unreasonable search and
> seizure.
Now that is something I would support.
------------------------------
Date: Sun, 3 May 92 23:45 CDT
From: uucp@DOGFACE.AUSTIN.TX.US
Subject: File 3--The Forgotten Victims of the "Bill Cook" Raids
A little over two years ago, there was much in Texas that caught the
interest of law enforcement personnel concentrating on computer crime.
Two investigations in other parts of the country focused attention on
individuals in the Austin and Dallas areas, the most well-known of
whom is Steve Jackson, the owner of an Austin-based game publishing
company.
In July of 1989, Secret Service agents were examining electronic mail
records of a privately-owned computer system in Illinois owned by Rich
Andrews. Those records, which contained the computer equivalent of a
list of all mail sent through a particular post office, showed that a
copy of a newsletter called "Phrack" had been sent to Loyd
Blankenship, the managing editor at Steve Jackson Games, Loyd
Blankenship, in late February of 1989. It had also been sent to
thousands of others, but none of them were working on a book that, the
Secret Service agents felt, romanticized computer crime.
The editor of the Phrack newsletter, a pre-law student at the
University of Missouri/Columbia by the name of Craig Neidorf, made the
activities of the telephone underground the focus of his publication.
He gave space to individuals fascinated with the telephones in their
lives, and with the technology that connected them. As phone company
technology grew to depend upon computers, so did those who read the
Bell Labs technical journals as if they were the sports page. The
pages of Phrack came to include technical discussions of computer
security issues.
Mr. Neidorf, thought the Illinois Secret Service and the Illinois U.S.
Attorney-General's office, was up to no good. There was no difference
in their minds between writing about the computer underground and
participating in it. In the last days of January, 1990, Secret
Service agent Timothy Foley conducted a formal interview with Mr.
Neidorf in his college frat house. According to an affidavit sworn to
by Agent Foley, the two discussed the author of an article in Phrack
that contained a modified version of an element from an AT&T computer
operating system. The article was penned (under a pseudonym) by
Leonard Rose, Jr., a computer consultant who lived in Maryland at the
time, the affidavit said.
Mr. Rose was not unknown to computer professionals and enthusiasts in
Texas and around the country. His electronic mail and telephone
records were enough to shift the Secret Service's interest to Texas.
What follows is an informal chronology of the events between January
of 1990 and today. It is incomplete, partly out of consideration for
the wishes and privacy of some of the people with whom I spoke, and
partly because of the troubled calm that people have felt after the
departure of the current masters of Operation SunDevil.
1/90: Bell Communications Research security manager Henry M.
Kluepfel dials into Loyd Blankenship's home BBS, the Phoenix
Project, under his real name. By mid-February, he has seen
and read an issue of Phrack on the system, copied a list of
the system's users who might have read the newsletter, and
called the Secret Service. According to Agent Foley's
affidavits, what Kluepfel saw there was a threat to the
business of Kluepfel's employer and other telephone
companies.
2/90: Search warrants are given for the residences of Bob Izenberg
(2/20), Loyd Blankenship (2/28) and Chris Goggans (2/28),
and at the office of Steve Jackson Games (2/28). The SJG
warrant is unsigned; the other warrants are signed by U.S.
Magistrate Stephen H. Capelle on the day that they're
served. Although the warrant specifies that only computer
equipment and media may be seized as evidence, Secret
Service interest goes farther afield. Several videotapes of
public access programs are seized from one residence. Three
hours after the raid at another, Secret Service agents have
called Austin computer store owner Rick Wallingford at home,
to verify that he sold a pinball machine to one of the
warrant subjects. Prior to executing the warrants, Secret
Service agents have gone to security personnel at the
University of Texas to discuss the individuals, and to
obtain driver's license information and physical
descriptions. A subpoena is served at the University to
obtain access to Chris Goggans' computer records. Public
access computers attctc/killer (run by AT&T) and
elephant/puzzle (run by Izenberg) cease operation. The
former, which Secret Service agents claimed to have run "to
monitor the hacker community" was closed by AT&T order. The
latter was closed when the machine was seized under warrant.
The Steve Jackson Games "Illuminati" BBS goes down when it
is seized as evidence.
3/90: Semi-public access computer rpp386, in service since
September of 1987, drops most user accounts and connections
to other computers. Said its owner, John Haugh, "The
investigation with SunDevil was starting to get too close.
I knew Bill Kennedy, Bob Izenberg and Charlie Boykin. It
seemed reasonable that my system would come under
investigation." It didn't, and Mr. Haugh said that he has
never been contacted by any law enforcement officials with
regards to these matters.
4/90: Newsweek article "The Hacker Dragnet" by John Schwartz
discusses the Steve Jackson Games raid, among other issues.
6/90: Steve Jackson is told by the Secret Service that his seized
property can be picked up. Some of it is damaged, and one
hard disk, some hardware and assorted papers are not
returned.
9/90: Houston Chronicle article "War on Computer Crime Waged With
Search, Seizure" by Joe Abernathy discusses Steve Jackson
Games and Operation SunDevil. Agent Foley, on the phone in
Chicago, refuses return of property seized from Izenberg
residence.
1/91: Bill Kennedy gets a phone call from the Secret Service about
his knowledge of Len Rose. He is told that he's not under
investigation, and the Baltimore, Maryland Federal
prosecutor confirms this.
4/91: Byte magazine columnist Jerry Pournelle gives his
hall-of-shame "Onion of the Year" award to Agent Foley,
saying, "Mr. Foley's actions in Austin, Texas, regarding
Steve Jackson Games not only exceeded his authority, but
weren't even half competently done."
5/91: Steve Jackson Games and the Electronic Frontiers Foundation
file a civil suit against the Secret Service agents,
Bellcore technical personnel and others for damages.
9/91: U.S. Magistrate Capelle grants Izenberg's motion to unseal
the affidavit in support of search warrant filed by Agent
Foley on behalf of the Secret Service.
Now: The Steve Jackson Games suit presumably continues. The
Secret Service claims, in court documents, that all
investigations which have not resulted in indictments are
still in progress.
WHO'S WHO
LOYD BLANKENSHIP: (aka The Mentor): Handed unsigned search warrant in
Austin, TX on 3/1/90, pursuant to which the feds seized $10K of
computer equipment. To this date, none of the equipment has been
returned, and no charges or indictments have been made. Still works
for Steve Jackson Games (who is in the middle of suing the government
thanks to the EFF!). Now runs a usenet node out of his house
(loydb@fnordbox.uucp).
CHRIS GOGGANS: Former employee of Steve Jackson Games. Unavailable
for comment.
JOHN HAUGH: Computer consultant in Austin, TX. Owner/operator of
rpp386 semi-public computer system. On computer
criminals: "These are the people that are making it
hard for us...Forcing the government to be
investigating people in the first place."
BOB IZENBERG: Former operator of public access Unix site "elephant".
Handed search warrant in Austin, TX on 2/20/90. U.S.
inventory of seized property: minimum $34,000, give or take
a $900 hammer. Court motion to unseal affidavit for search
warrant granted early 9/91. No charges or indictments.
Property not returned, pursuant to "ongoing investigation."
Runs public access usenet site "dogface" at home.
BILL KENNEDY: Computer consultant in Pipe Creek, TX. Contacted by
Secret Service agents over the phone at a friend's home. (It is a
subject for speculation how it was known that he was at this
particular friend's house. Monitoring of phone activity at Kennedy's
home might have given this information.) During the half hour
conversation, he was told that he was not under investigation, and was
asked about his association with other individuals under scrutiny. A
copy of a note which stated that he was not under investigation was
faxed to him. Subsequent phone conversation with the Baltimore
Federal prosecutor confirmed this. After Len Rose pled guilty,
Kennedy was told that he would be flown to Baltimore to testify, but
never was called upon to do so. He called the Baltimore Federal
prosecutor back at this point and was told that they "were through
with him." Of the investigation,
and of former Chicago prosecutor William Cook, Kennedy said, "They may
not have had enough live sacrifices to suit them... Cook was on a
witch hunt: If they didn't have anything, they'd make some."
As mentioned earlier, there are names and events left unmentioned at
individual request. It is difficult to convey the frustration, anger
at various individuals, and desire to put it all behind that the named
and un-named individuals with whom I spoke have expressed. As one
said, "The emotional toll was pretty steep." But, hey, aren't we all
safer? Wasn't it all worth it?
------------------------------
Date: Sat, 2 May, 1992 21:19:04 CDT
From: anonymous@unixville.edu
Subject: File 4--A Forgotten Victim of the 1990 Raids
One victim of the January, 1990 raids, has preferred to remain out of
the public eye and has successfully kept a low profile. We'll call
him "Joe." Joe ran Jolnet, a Unix public access BBS in Lockport,
Illinois, about 30 miles southwest of Chicago across the river from
Joliet. Joe reportedly discovered files on his system containing E911
information purloined from BellSouth's computers by Legion of Doom
member Robert Riggs (who used the handle "Robert Johnson"). Joe
reported their existence to whom he believed to be the proper telecom
authorities, which included providing access to Jolnet for Bellcore's
Henry Kluepfel. They took no immediate action. Joe cooperated with
the authorities, but ultimately had his equipment confiscated anyway.
The files Riggs obtained were related to BellSouth's E911 system, and
from Jolnet he sent parts of them to others. Since 1988, the Secret
Service had been investigating "computer intrusions," particularly a
few Legion of Doom members. The arrest and indictment of Riggs led
them to Craig Neidorf, who published a portion of the edited E911
maintenance files in Phrack 24 under the sig of "The Eavesdropper." In
January 18, 1990, The Secret Service and security personnel from
Southwestern Bell and Bellcore found the Phrack file and a password
cracking program called login.c among Craig Neidorf's posessions. They
traced the login.c program back to Len Rose, and on February 1, 1990,
they searched his premises in Maryland, where they found unauthorized
Unix sourcecode in his possession. Not realizing how ballistic the
Secret Service and AT&T would go over possession of unlicensed
software, and threatened with major felony charges of transporting
stolen property across state lines (18 USC 2314) and wire fraud (18
USC 1030(a)(6), Len indicated that he sent a copy of the program to
Joe.
The next day (February 2), Secret Service Special Agent Barbara Golden
obtained a warrant to search Joe's house under 18 USC 2314 and 18 USC
1030(a)(6). They would look for disks, documents, and anything else
that seemed computer-related. Secret Service agents and various
security officials wasted little time in trooping out to Joe's brown
ranch house with the yellow trim. On February 3, they struck. Marty
Flynn of AT&T Corporate Information Security valued the software Joe
was suspected to have (which included UNIX SVR 3.1 and 3.2, and
Starland 3.0 Network Software) at over $250,000. Flynn checked AT&T
records and informed the agents that Joe held only a limited $100
"Tool Chest" agreement. Joe's previous cooperation with Kluepfel for
over a year was forgotten. Joe was raided and he lost much of his
equipment, even though he was never indicted.
Joe's fall from grace--from cooperative citizen to victim--was another
in the list of disrupted lives caused by the Secret Service and
others. Those who were indicted paid a heavy price, but the
victimization of those who are unindicted must not be forgotten.
The Players:
Joe, at last report, was employed, relatively happy, and just wanted
to be left alone. He still did not have his equipment returned, and
was not trying to get it.
Craig Neidorf has graduated from the University of Missouri and plans
to go to law school.
Len Rose is completing the last few weeks of a one-year sentence in a
community release center in Chicago.
Robert Riggs was released from prison in 1991 and periodically appears
at conferences.
Henry Kluepfel, former Assistant U.S. Attorney William J. Cook, and
Secret Service Special Agents Timothy Foley and Barbara Golden are
defendants in a civil sought brought against them for reckless
behavior in the subsequent raid on Steve Jackson Games.
------------------------------
Date: Fri, 8 May 1992 15:27:50 -0500
From: Moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 5--Pay Craig's Legal Fees For 29 Cents?
Craig Neidorf's legal fees, incurred from his defense against felony
charges in the "PHRACK" case, remain high. He is paying them off
bit-by-bit, but the process is slow.
For new readers, Craig was indicted by the U.S. Government on charges
of wire fraud and theft as the result of publishing what federal
prosecutor William J. Cook erroneously believed to be proprietary
information. Because of the efforts of John Nagle, Sheldon Zenner
(Craig's attorney) was able to show that the information published in
Phrack was available in public documents for about $12.95 (see Bob
Izenberg's post, above). The prosecution dropped the case even before
it finished presenting it. Craig's "victory" exacted an emotional and
financial toll. His legal expenses were in excess of $100,000 even
after generous help from supporters.
Craig's case represented a landmark in the relationship of cyperspace
and the law. It marked the beginning of the Electronic Frontier
Foundation and Cud; it created an awareness of the need to fight for
the same Constitutional protections in the electronic frontier as
exist in more conventional realms; it stimulated involvement of a
number of socially conscious persons from a broad spectrum of
professions (e.g., Mitch Kapor, Dorothy Denning, Jim Warren, John
Perry Barlow, Marc Rotenberg); it challenged (and reduced) what some
saw as the abuse of power by law enforcement agents and prosecutors in
pursuing "computer crime"; and it led to open public debates about
over both the freedoms and the responsibilities of the new electronic
world.
Craig was initially tempted to accept a plea-bargain. In some ways,
this would have been more beneficial: He would have lower legal fees
and it would not have been as disruptive to his life. He chose to
fight on principle, and we have all benefited from his choice.
We can *ALL* help Craig for only a few minutes and a 29 cent stamp.
Craig as been nominated for a Playboy Foundation award worth $5,000
toward his legal fees. The award is for those who have contributed to
protecting First Amendment rights, and Craig's contributions to
stimulating public awareness of and action on such rights in
cyberspace is undeniably significant. Here's the blurb for the award:
PLAYBOY FOUNDATION OPENS NOMINATIONS FOR 1992 HUGH M.
HEFNER FIRST AMENDMENT AWARDS
"Established in 1979 by the Playboy Foundation to celebrate the
25th Anniversary of Playboy Magazine, the awards program is
designed to educate the public about First Amendment issues and
to honor individuals who have made significant contributions to
enhance and protect First Amendment rights of Americans."
Readers are encouraged to send a letter in support of Craig Neidorf's
nomination to:
Jill Chukerman or Kris Farley
Playboy Foundation
680 North Lake Shore Drive
Chicago, IL 60611
(312)751-8000
NOTE: THE DEADLINE FOR LETTERS IS MAY 22 !! The winners will be
announced in September. Below is a rough draft of our own letter:
+++ cut here +++
9 May, 1992
Jill Chukerman or Kris Farley
Playboy Foundation
680 North Lake Shore Drive
Chicago, IL 60611
Dear Persons:
I am writing in support of Craig Neidorf's nomination for the Playboy
Foundation's "Hugh M. Hefner First Amendment Award." Craig's
contributions to enhance Constitutional protections of the First
Amendment have been unique and substantial. At extreme personal cost,
he chose to fight for a Constitutional principle he believed in, which
ultimately led to an awareness by others of the need to protect the
rights of electronic media.
While in highschool, Craig founded an electronic newsletter called
PHRACK that was available to the public by means of a computer and a
telephone modem. PHRACK published a variety of articles and news
blurbs, authored by others, on computer culture. In 1989 (Craig was
now a senior at the University of Missouri), PHRACK published a
document that BellSouth (a regional Bell telephone company) asserted
was "proprietary," and its publication, it argued, indicated theft and
wire fraud. In early 1990, the U.S. Secret Service acted on these
allegations. Craig was tried in July, 1990. The defense demonstrated
that the material published in PHRACK was available to the general
public for about $12.95, and the prosecution dropped the case.
Although he "won," the victory disrupted his academic performance
and resulted in over $100,000 in defense fees.
Craig could have accepted the advice of his friends, who argued that
it would be both cheaper and less traumatic to accept a plea bargain
than to fight his case in federal court. However, Craig recognized
that there were a number of principles involved. He was especially
concerned that a large corporation, aided by seemingly over-zealous
law enforcement personnel, could produce a "chilling effect" on the
rights to expression by intimidating and punishing those who published
material it did not like. Craig chose to fight.
Craig's choice had substantial consequences. His case generated
considerable interest among users of electronic media, and it seemed
to many that Craig was being victimized unjustly for publishing in
electronic form the type of material that would have been accepted in
a more conventional paper format. In fighting for the principle of
freedom of speech, Craig stimulated others to organize and participate
in protecting and enhancing Constitutional liberties in the electronic
frontier. Craig is a courageous pioneer who put principle before
personal expediency. If not for his willingness to resist encroachment
on First Amendment freedoms, there would not be the current interest
in organizing to protect them in the electronic media.
Craig intends to enter law school and pursue his interest in civil
liberties. His actions exemplify the spirit of the Award making him a
most-deserving candidate, hope that you share the views of myself and
others that he would be a worthy recipient.
If I can provide any further information, do not hesitate to contact
me.
Sincerely,
Jim Thomas
Professor, Sociology/Criminal Justice
Northern Illinois University
DeKalb, IL 60115
------------------------------
Date: Wed, 6 May 92 15:50:12 CDT
From: Joe.Abernathy@HOUSTON.CHRON.COM(Joe Abernathy)
Subject: File 6--Online Debate Article
This article appeared in the Washington report of the Sunday, May 3,
Houston Chronicle. Please send feedback and further developments to
Joe.Abernathy@houston.chron.com (800) 735-3820
Hungry candidates might share a byte
Computer-based electronic communities emerge as political constituency
By JOE ABERNATHY
Copyright 1992, Houston Chronicle
A leading figure in computer communications is issuing a challenge
this weekend for the major presidential candi dates to participate in
the first national online political debate.
And a spokesman for at least one presidential hopeful - Democratic
front-runner Bill Clinton - said the candidate likely would accept the
invitation.
A spokeswoman for President Bush's campaign said no decisions will be
made about any debates until after the primary season. Bush is
expected to clinch the GOP nomination in state conventions this
weekend in Maine and Wyoming.
"But depending upon how it's organized, as we get closer to the
general election, it may be something we will consider,'' said Darcy
Campbell, the Bush spokeswoman.
The debate would be a milestone in a year marked by firsts for a
nascent electronic democracy movement.
Empowered by the ability to quickly reach an audience estimated at 8
million to 15 million people, at little cost, organizers of this new
political community envision the debate as a way to bring the major
presidential candidates and media into potential personal contact with
every citizen who owns a computer and a modem - the device that lets
computers communicate via phone lines.
Online activist Jim Warren's proposal for the debate is being
distributed to the campaigns of Clinton, Bush and the other most
prominent candidate - prospective independent H. Ross Perot, as well
as to Democrat Jerry Brown, Republican Patrick Buchanan and
Libertarian Andre Marrou.
It calls for a panel of three reporters from major media outlets to
communicate online with each candidate over the course of a week in a
moderated newsgroup - an electronic roundtable set up for the purpose.
A parallel, unmoderated newsgroup would allow direct discussion of the
issues by everyone online, while the journalists on the panel would be
required to accept proposed questions from the online audience. Jeff
Eller, campaign spokesman for Clinton, the governor of Arkansas, said
Clinton likely would participate.
"I don't think that would be a problem at all,'' he said, adding that
the campaign already has placed position papers and other information
online. "Anything that brings more people into the system is a great
idea.''
The Perot campaign did not respond to an interview request.
The debate proposal is the latest development in a series of events
drawing attention to the emergence of computer-based electronic
communities as a political constituency.
Notably, a proposal by Perot to organize electronic town meetings has
set fire to an online grass roots movement to put him on the ballot as
an independent. Democratic candidate Jerry Brown already has gone
online for direct electronic give-and-take with potential supporters.
In California and Alabama, a number of major candidates have signed
agreements to enact legislation to protect civil liberties such as
free speech and privacy regardless of whether they are exercised on
paper, on computer networks, or in media yet to be envisioned.
"This is the first time that 8 to 15 million people have been online
out of all of history, and that suddenly provides a critical mass for
political action,'' said Warren. "That provides an interesting
constituency.
"Secondly, the candidates who have any awareness of modern technology
realize that this is an essentially free opportunity to reach millions
of voters, in a manner unrestricted by cost or sound bite editing or
interviewers' reinterpretations.''
Warren is a member of the board of directors of the software firm
Autodesk; a columnist for MicroTimes; the founder of the Infoworld
newspaper; founding host of the PBS series Computer Chronicles; and
organizer of the First Conference on Computers, Freedom & Privacy, a
seminal event in giving shape to the online political community.
"National online interaction between citizens and their
representatives by far will provide the most efficient and effective
means of having legitimate representation and active citizen
participation in the governmental process,'' he said, adding that this
gives rise to a number of interesting considerations.
"A large percentage of the people who are online are well educated,
affluent citizens who are often leaders within their communities. I
think there are too many people online for government to successfully
suppress what is developing, this communication mechanism that is
developing so rapidly.
"One of its major advantages for legitimate candidates is that
communications have to be long on information and short on useless
emotional content ... which undoubtedly horrifies some politicians.''
Soaring sales of personal computers are likely to strengthen the new
online electorate. Analysts say that 7 million personal computers were
sold last year, bringing the number of home users to 20 million - plus
60 million in business.
As many as 15 million people are linked on the global Internet
computer network, with the number growing. The commercial service
Prodigy now claims 1.5 million users, while CompuServe claims to reach
980,000, and GEnie around 600,000.
Users of smaller scale community bulletin board systems represent a
potentially even larger group, although it's hard to say where one
begins and the next ends. Boardwatch magazine, which loosely monitors
the field, estimates that there are several tens of thousands of such
BBSs around the country. Each of them allows from a handful to several
hundred personal computer users to call in and trade messages,
computer software, and other information.
Current issues often are hot topics, the most recent example being the
Rodney King verdict in Los Angeles, which is prominent in online
conversation just as it is dominating national news.
In Washington, the chairman of the House Administrative Committee
recently said that all House members will have, by next year, full
interactive access to users of the Internet computer network, which is
quickly eclipsing the academic and military worlds that gave birth to
it.
While the new online electorate is likely to bring change, it is not
supplanting traditional methods. Instead, computer-based conferencing
is adding a new dimension to the traditional process by which a grass
roots candidate is drafted.
Perot, who has not yet himself been spotted online, has become a
beneficiary, as services such as the Whole Earth 'Lectronic Link
(WELL) in San Francisco, the commercial Prodigy information service,
and a "Perot for President'' bulletin board communicate strategy and
rally potential supporters.
As the best known computer link of writers, thinkers and activists,
the WELL has become the online focus of the intellectual issues raised
by the Perot movement.
But the Prodigy service, with its broader presence among non-experts,
has become the battle front, as Perot support ers frantically trade
information on efforts to get his name placed on the ballots of all 50
states.
One typical message recently posted to a Prodigy confer ence promoted
a Perot rally in Houston.
In Colorado, meanwhile, the new "Online for H. Ross Perot'' bulletin
board may offer a measure of the breadth of support.
"I want to send you $5,'' wrote Marjorie Darling, who is described as
"about 80'' and got involved through Senior Net, an activity organized
by Dave Hughes, an online activist who runs the Perot board.
"We hear the third candidate has only been a spoiler' and can never,
or has never made it running for president,'' wrote Darling. "But none
of those has been 'Ross Perot, Business Man.'
"You can make it!''
------------------------------
Date: 10 May 92 20:49:04 EDT
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 7--Two Cornell Students Indicted in Virus Case
TWO AT CORNELL INDICTED IN VIRUS CASE
Two Cornell University students now have been indicted for felonies in
connection with the computer virus case that came to light last
February at the Ithaca, N.Y., university.
David Blumenthal and Mark Pilgrim are accused of embedding a virus in
three Apple Macintosh computer games that were sent from Cornell's
computer center to an archive at Stanford University. Authorities say
from there, the games were duplicated and wound up in computers across
the U.S., Japan and Great Britain.
Blumenthal, 20, and Pilgrim, 19, who, in convicted, face a maximum
four years in prison, were arrested in February on misdemeanor
charges, which were increased to felonies because the virus is
believed to have caused more than $1,000 in damage, said county
District Attorney George Dentes.
Reprinted from A NETWORKER'S JOURNAL May 8, 1992
------------------------------
End of Computer Underground Digest #4.21
************************************
Computer underground Digest Sun May 17, 1992 Volume 4 : Issue 22
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Associate Editor: Etaion Shrdlu, Jr.
Arcmeisters: Brendan Kehoe and Bob Kusumoto
CONTENTS, #4.22 (May 17, 1992)
File 1--Some Corrections to '90 Bust Story in CuD 4.21
File 2--The Defense of Entrapment (Reprint)
File 3--COCOTS and the Salvation Army (Follow-up)
File 4--Chaos Computer Club France's hackers bibliography
Issues of CuD can be found in the Usenet alt.society.cu-digest news
group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG,
and DL0 and DL12 of TELECOM, on Genie in the PF*NPC RT libraries, on
the PC-EXEC BBS at (414) 789-4210, and by anonymous ftp from
ftp.eff.org (192.88.144.4), chsun1.spc.uchicago.edu, and
ftp.ee.mu.oz.au. To use the U. of Chicago email server, send mail
with the subject "help" (without the quotes) to
archive-server@chsun1.spc.uchicago.edu. European distributor: ComNet
in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Tue, 12 May 92 01:14:12 CST
From: anonymous@anon.edu
Subject: File 1--Some Corrections to '90 Bust Story in CuD 4.21
The following clarifications should be noted in reference to the
article in Cu Digest, #4.21, in the Steve Jackson Games section:
>In July of 1989, Secret Service agents were examining electronic
>mail records of a privately-owned computer system in Illinois
>owned by Rich Andrews. Those records, which contained the
>computer equivalent of a list of all mail sent through a
>particular post office, showed that a copy of a newsletter called
>"Phrack" had been sent to Loyd Blankenship, the managing editor
>at Steve Jackson Games, Loyd Blankenship, in late February of
>1989.
Actually, the records showed that Loyd Blankenship *sent* a copy of
Phrack 24 to someone on Jolnet. He received his own copy directly
>from Craig. The source was not Jolnet.
>1/90: Bell Communications Research security manager Henry M.
>Kluepfel dials into Loyd Blankenship's home BBS, the Phoenix
>Project, under his real name.
Mr. Kluepfel was never on Phoenix Project under his real name,
according to userlogs from the day the system was taken down. He
certainly would have been *welcome* on -- The Phoenix Project had
several phone security officers and law enforcement agents already.
CuD moderators reportedly possess userlogs from TPP during its
history and can verify that there is no "Kluepfel" among the users on
any of those logs.
>2/90: Search warrants are given for the residences of Bob Izenberg
>(2/20), Loyd Blankenship (2/28) and Chris Goggans (2/28), and at
>the office of Steve Jackson Games (2/28). The SJG warrant is
>unsigned; the other warrants are signed by U.S. Magistrate
>Stephen H. Capelle on the day that they're served.
Bob Izenberg was raided in 2/90. Goggans, Loyd Blankenship and SJG
were raided in 3/90. The warrant for Loyd was also unsigned, as was
(if previous reports are correct) the warrant for Chris.
>Three hours after the raid at another, Secret Service agents have
>called Austin computer store owner Rick Wallingford at home, to
>verify that he sold a pinball machine to one of the warrant
>subjects.
It was a PacMan machine.
>CHRIS GOGGANS: Former employee of Steve Jackson Games.
>Unavailable for comment.
Chris Goggans was never an employee of Steve Jackson Games.
These may seem trivial corrections, but because of the rumors and
inaccurate information about the case and its particulars, we should
assure that even minor details are correct.
------------------------------
Date: 10 May 92 20:48:10 EDT
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 2--The Defense of Entrapment (Reprint)
The Defense of Entrapment
As it Applies to Bulletin Board System Operators
By Randy B. Singer, Esq.
For now, it is unclear how the law applies to protect speech
communicated through electronic bulletin boards. There are hundreds,
maybe thousands, of enthusiast-run bulletin boards across the country
provided for the free use of the public to exchange ideas and publicly
distributable software. The system operators of these bulletin boards
are providing a wonderful public service, out of the goodness of their
hearts, usually for no monetary gain (in fact, often at a considerable
loss). These sysops cannot afford to fall into a gray area of the law
and find themselves having to defend an expensive criminal suit or
having to do without their computer equipment because it has been
confiscated by the police as evidence.
Running a public bulletin board can expose a system operator (sysop)
to all sorts of legal problems that have yet to be adequately defined.
For instance: What happens if one user posts slanderous/libelous
information about another user? Is the sysop liable? Is a bulletin
board more like a newspaper in this regard or is it more like a
meeting hall? What happens if a user uploads something clearly
illegal, like child pornography, which other users download before the
sysop has a chance to review the material? Is the sysop liable? What
is the liability of the sysop if he runs a bulletin board in his/her
back room and he/she almost never monitors the activity on it? Is the
sysop required to constantly monitor the goings-on on their board to
prevent illegal activity?
It is therefore understandable that sysops have tried to protect
themselves legally the best that they have known how. Unfortunately,
there has been a lot of misinformation spread about what the law is
and how it pertains to the community of bulletin board users and
operators. Hopefully this text file will clear up one of the most
common legal misconceptions that is going around.
I have often seen posts that evidence a complete misunderstanding of
what constitutes the defense of entrapment. As an attorney I would
like to explain this law and its application, especially as it
pertains to electronic bulletin board operators.
Entrapment is a complete defense to a crime that a person has been
charged with. It varies in how it is interpreted in each state, and on
the federal level, but generally it is as I have defined it here.
Entrapment only exists when the crime involved is the creative product
of the police. (That is, the idea to commit this crime came from a
police officer, or an agent of the police. The alleged criminal never
would have thought of committing this crime if it hadn't been
suggested to him by the police, or if the means to commit the crime
had not been offered to the alleged criminal by the police.) AND the
accused was not otherwise predisposed to commit the crime involved.
(That is, the accused probably wouldn't have committed this or any
other similar crime if the police had never been involved.) BOTH
elements must exist for the defense of entrapment to apply.
For instance: When John DeLorean, owner of the (then about to fail)
DeLorean Motor Company, was arrested and tried for selling cocaine, he
was found not guilty by reason of the defense of entrapment because,
the jury determined, the police took advantage of the fact that his
failing company made him a desperate individual. The police sent in an
undercover officer to offer him a bag of cocaine to sell to raise
money to save his company. The entire idea for the crime came from the
police; they provided the instrumentality (the coke); and John
DeLorean probably would never in his life have sold drugs to anybody
if the police hadn't shown up to offer him the drugs to sell at the
exact right time.
The reason for the law is obvious: we don't want the police setting up
desperate people to get busted just because those people are
unfortunate enough to find themselves in desperate situations. In
fact, we don't want the cops to set up any law abiding citizens, even
if they are not desperate. Tempting people who would not ordinarily
commit a crime is not what we want police officers to do.
Now that you have the definition of entrapment, let's talk about what
entrapment is NOT. I've read a lot of posts from people on boards who
think that entrapment exists when a police officer goes undercover and
does not reveal his true identity when asked. This is NOT covered by
the defense of entrapment per se. The defense of entrapment does NOT
require a police officer to reveal himself when asked. Going
undercover is something that the police do all the time, and there is
nothing that prohibits them from doing so.
If you are predisposed to commit a crime (e.g., you are already
engaged in illegal activity before an undercover police officer comes
on the scene), and an undercover police officer simply gathers
evidence to convict you, the defense of entrapment does not apply.
So, for instance, if an undercover police officer logs onto a bulletin
board and lies and says that he/she is not a police officer when
asked, and he/she finds illegal material or goings-on on this bulletin
board, then whatever he/she collects and produces against the system
operator as evidence towards a criminal conviction is not precluded
>from being used against the sysop in court. At least it is not
excluded by the defense of entrapment, because in this instance the
defense of entrapment does not apply. The police officer is allowed to
act undercover, and the illegal acts were not the creative product of
the police.
Also remember that the defense of entrapment is a COMPLETE defense.
So it does not act to exclude evidence, but rather it acts towards one
of three things: having a grand jury find that there is not sufficient
evidence that a conviction could be obtained to proceed to a criminal
trial against the sysop; having the case dismissed before trial; or a
finding of 'not guilty' after a criminal trial.
The defense of entrapment also doesn't necessarily apply if the police
officer simply asks the system operator to do something illegal and he
does it. In this case the district attorney would argue that the sysop
was predisposed to commit the illegal act, especially if the illegal
act was already going on in one form or another on the board. For
instance, if the police officer asks the sysop to download to him some
commercial software, the defense of entrapment will not apply if there
is already commercial software available in the files section of the
bulletin board.
What would probably be required for the defense of entrapment to apply
would be for the police officer to have enticed or misled the system
operator into doing the illegal act, and it would have had to have
been an illegal act that wasn't already going on on this bulletin
board. This MAY allow the use of the defense of entrapment. I say
"may" because it depends on the facts in each individual situation to
see how closely they meet the requirements for the defense of
entrapment to apply. You may surmise from my reticence to commit to
saying that the defense of entrapment definitely WOULD apply that the
defense of entrapment is not a defense that I recommend that you rely
on.
I've seen some bulletin boards say something to this effect in their
logon screen: "Access restricted. Police officers must identify
themselves, and are forbidden from gaining entry to this bulletin
board." This type of message not only does not protect a bulletin
board from the police (assuming that there is something that might be
interpreted as illegal going on on this board), but it actually alerts
any police officer who may casually log on to this board to
immediately suspect the worst about this board and its system
operator. There is nothing that I know of that would keep an agent of
the police from lying about his/her status and logging on as a new
user and gathering evidence to use against the sysop. In fact, I'm
not sure, but I would not be surprised to find in the current legal
climate that such a logon message is enough evidence to get a search
warrant to seize the computer equipment of the system operator of this
bulletin board to search for evidence of illegal activity!
At some future date I hope to write a file that will detail how sysops
can protect themselves from legal liability. (That is, by avoiding
participating in arguably illegal activity, and by avoiding liability
for the uncontrollable illegal acts of others. I have no interest in
telling sysops how to engage in illegal acts and not get caught.) But
for now, I hope that this file will give sysops a better understanding
of the law and how one aspect of it applies to them.
Disclaimer: The information provided in this document is not to be
considered legal advice that you can rely upon. This information is
provided solely for the purpose of making you aware of the issues and
should be utilized solely as a starting point to decide which issues
you must research to determine your particular legal status, exposure,
and requirements, and to help you to intelligently consult with an
attorney. No warrantees, express or implied, are provided in
connection with the information provided in this document. This
document is provided as is, and the reader uses the information
provided here at their own risk.
(Sorry for the necessity of covering my behind! Just remember, you get
what you pay for, so I cannot guarantee anything I have written here.
If you want legal advice that you can take to the bank, you should
hire an attorney. Besides, just like everyone these days, we need the
work!)
About the Author:
Randy B. Singer is an attorney in the San Francisco bay area. He does
business law, personal injury, computer law, and Macintosh consulting. He
also gives seminars at the Apple offices in downtown San Francisco for
attorneys and others who are interested in learning about the Macintosh
computer. He can be reached at 788-21st Avenue, San Francisco, CA 94121;
(415) 668-5445.
Copyright (C) 1992 Randy B. Singer. All rights reserved. This document
may be freely distributed as long as it is not for monetary gain or as
part of any package for sale. This work may not be modified in any way,
condensed, quoted, abstracted or incorporated into any other work, without
the author's express written permission.
This reprint taken from ST Report #8.19, used with permission
------------------------------
Date: Fri, 15 May 92 16:41:38 CST
From: moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 3--COCOTS and the Salvation Army (Follow-up)
In Cu Digest 4.20, we related the problems of a COCOT (Coin-operated,
Customer-owned Telephone) installed at the Salvation Army Freedom
Center in Chicago. In brief, The SAFC, a community release center for
recently-released state and federal prisoners, had installed COCOTS
that were charging prisoners, who generally come from low-income
populations, significantly higher rates than conventional carriers.
The COCOTS utilize long distance carriers that are demonstrably not in
compliance with federal law (PL 101-435). In the next issue, we will
provide a follow-up to the lack of responsiveness of the carriers
(U.S. Long Distance) and the billing agents (Zeroplus Dialing and
GTE). This note summarizes the response of the Salvation Army, which
was the only organization that took the problem seriously and acted
upon it.
When we summarized events in 4.20, we had been unable to obtain
consistent information from the telecos because of multiple layers of
billing accountability and significant contradictions in information
that we were given. We were also, at that time, unable to reach
anybody at the SAFC who could provide us with information. So, we
expressed our frustration by raising questions that we would have
asked SAFC officials. Since then, we have talked with several SAFC
personnel, and without exception they were deeply concerned about the
problem. They had received numerous complaints from ex-offender
customers about the technical service of the COCOTS, but they were not
aware of the long distance tolls until we brought it to their
attention. They emphasized that it was neither their intent nor their
practice to profit from telephone services. The information they
provided supports their community reputation as a viable and dedicated
organization committed to helping ex-offenders return to the
community. In response to our questions, we were told the following:
The SAFC *does not* itself own the COCOTS, and the COCOTS there are
fairly new. The Salvation Army recently signed a contract with a
company that promised to deliver services identical to the previous
system, Illinois Bell, at no extra cost to the users. The SAFC signed
a contract when told they would receive a better commission with equal
service and no increased rates. Some sources indicated that the COCOT
phones did not, in fact, provide better service, and there was some
concern expressed by ex-offenders and others that the COCOT was, in
fact, *more expensive* for users than the previous carrier. Our own
experience suggested that, for long distance rates at least, this
complaint has substance.
The SAFC center does receive a monetary return from COCOT use. The
return is accumulated for the residents' benefit fund. This fund is
used to replace equipment, provide amenities (such as tv sets),
defray costs for special events such as the annual Christas part, and
provide modest resources for indigent prisoners in emergencies. The
profits from the COCOT are ultimately returned directly to the
prisoners, and the SAFC itself does not profit.
SAFC personell emphasized that there are still alternative (RBOC)
telephones available, and at least one telephone is available at no
charge for important calls such as obtaining job interviews.
Because the SAFC is bound by contract to their current COCOT owner,
they are not sure of their options for the long run. Over the short
run, however, they indicated that they will address the problem in two
ways. First, they will discuss the problems with the owner and attempt
to assure that the terms of the contract--equal service at no higher
costs--are met. Second, they will emphasize "consumer literacy" and
assure that their clients are aware of the differences in especially
long distance rates between the various long distance service
providers and explain that users are legally entitled to place calls
to alternative carriers if the one to which they initially connect is
not to their liking. We have sent them a copy of PL 101-435 to assist
them in their discussions with the COCOT owner and to provide their
consumers with adequate information.
We commend the SAFC for its handling of the situation. Salvation Army
officials were concerned that our previous post would communicate
erroneous information about the nature of the SAFC and its operation.
Both they, and others, affirmed that the SAFC is a successful,
exceptionally beneficial, and highly reputable program with only one
end in mind: To help ex-offenders. If our previous remarks were
excessively strident, we apologize. They have displayed both honor
and initiative in protecting prisoners from exploitation, and we thank
them for their concern. It is unfortunate that GTE, USLD, and Zeroplus
cannot follow their example.
------------------------------
Date: Wed, 6 May 92 07:27 GMT
From: Jean-Bernard Condat <0005013469@MCIMAIL.COM>
Subject: File 4--Chaos Computer Club France's hackers bibliography
Enclosed one bibliography that all the CCCF's members read all the
time in France...
Sincerely yours,
Jean-Bernard Condat
Chaos Computer Club France [CCCF]
B.P. 8005
69351 Lyon Cedex 08, France
Phone: +33 1 47 87 40 83, Fax.: +33 1 47 87 70 70.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
File x: Chaos Computer Club France's hackers bibliography
Nelson, B. [Univ. of Southern California, Los Angeles, CA, USA]:
"Straining the capacity of the law: the idea of computer crime in
the age of the computer worm
In: Computer/Law Journal (April 1991) vol.11, no.2, pp.299-321
Considers whether traditional justifications for the
criminalization of conduct are adequate to encompass new forms of
'criminal' behavior arising out of advanced computer technology.
Describes the reactions of legislator, computer designers and
users, and members of the general public who have opposed Robert
Tappan Morris's trial a nd conviction. Two prominent and
competing theories, retribution and utilitarianism,are useful in
helping understand the conflict between two sets of social values:
those we seek to protect by means of a criminal justice system and
those associated with the basic principles of freedom. Nonetheless,
neither traditional retributive nor utilitarian theory provides a
clear justification for the imposition of
criminal punishment in the case of the 'crime' that Morris committed when
he introduced the Internet worm. (61 Refs)
Spafford, E.H.[Dept. of Comput. Sci., Purdue Univ., West Lafayette, IN,
USA]: "Are computer hacker break-ins ethical?"
In: Journal of Systems and Software (Jan. 1992) vol.17, no.1; pp.41-7
Recent incidents of unauthorized computer intrusion have brought about
discussion of the ethics of breaking into computers. Some individuals have
argued that as long as no significant damage results, break-ins may serve a
useful purpose. Others counter that the break-ins are almost always harmful
and wrong. This article lists and refutes many of the reasons given to
justify computer intrusions. It is the author's contention that break-ins
are ethical only in extreme situations, such as a life-critical emergency.
The article also discusses why no break-in is 'harmless'. (17 Refs)
Kluepfel, H.M.: "In search of the cuckoo's nest-an auditing framework for
evaluating the security of open networks"
In: EDP Auditor Journal (1991) vol.3; pp.36-48
In Clifford Stoll's best-selling book "The Cuckoo's Egg" he describes the
pursuit of a computer hacker who, like the cuckoo, left something in the
computing nests of other users. The paper provides a perspective on
auditing networked systems to find the nest which may have an extra 'egg'
in it or is inviting one because of a breakdown in security design or
practice. It focuses on: the security implications for an increasingly
open network architecture; the lessons learned from performing intrusion
post-mortems; the need for architecture plans and systems engineering
for security; an audit framework for evaluating security. (26 Refs)
Raymond, E.S.: "New Hacker's dictionary"
Publisher: MIT Press, London, UK (1991); xx+433 pp.
From ack to zorch (and with hundreds of other entries in between) The New
acker's Dictionary is a compendium of the remarkable slang used by today's
computer hackers. Although it is organized in reference form, it is not
a mere technical dictionary or a dry handbook of terms; rather, it offers
the reader a tour of hackerdom's myths, heroes, folk epics, in-jokes
taboos, and dreams-an unveiling of the continent-spanning electronic
communities that knit hackers together.Appendixes include a selection of
classic items of hacker folklore and humor, a composite portrait of 'J.
Random Hacker' assembled from the comments of over one hundred respondents,
and a bibliography of nontechnical works that have either influenced
or described the hacker culture. (12 Refs)
Arnold, A.G.; Roe, R.A.[Dept. of Philosophy & Tech. Social Sci., Delft Univ
of Technol., Netherlands]: "Action facilitation; a theoretical concept and
its use in user interface design"
In: Work With Computers: Organizational, Management, Stress and Health
Aspects. Proceedings of the Third Conference on Human-Computer Interaction.
Vol.1, pp.191-9
Editor(s): Smith, M.J.; Salvendy, G.; Elsevier, Amsterdam; xii+698 pp.
The concept of action facilitation, derived from Hacker's theory of
goal-directed action, can be defined as an improvement or maintenance
of performance under conditions of decreasing mental and/or physical
effort. This concept applies to any kind of work, including work with
computers. A method for operationalizing this concept in the context of
human-computer interaction is discussed, and it is shown how this method
can be applied to the evaluation and design of user interfaces for office
systems. (20 Refs)
Menkus, B.: "'Hackers': know the adversary"
In: Computers & Security (Aug. 1991) vol.10, no.5; pp.405-9
Abstract: Confusion appears to continue among many of those concerned
about computer security about who hackers are, what they do and why they
are doing it. The author clarifies some of the terms, concepts, and motives
involved in the hacker phenomenon. The author discusses the hackers'
objectives and their methods. He discusses some of the problems that need
to be resolved to in order to tackle hackers' activities. Implementing an
effective counter hacker strategy rests on the recognition that access to
information is only granted to aid in tasks of value to the organizatio
and that an organizatio does have the right to own and use legitimate
information. He concludes that three tactics should be employed: initiation
of active lobbying by the targets of hacker activity; improved personnel
attribute verification on access; and tracing system use activity on a
real-time basis. (3 Refs)
Cook, W.J.: "Costly callers: prosecuting voice mail fraud"
In: Security Management (July 1991) vol.35, no.7; pp.40-5
Abstract: On August 17, 1990, Leslie Lynne Doucette was sentenced to 27
months in prison. Her sentence, one of the most severe ever given to a
computer hacker in the United States, was based on her role as the head of
a nationwide voice mail computer fraud scheme and her unauthorized
possession of 481 access codes as part of that scheme. Evidence developed
during the investigation and disclosed in pretrial proceedings, revealed
that the case was part of a broader trend toward voice mail computer abuse
by hackers. This article examines the telecommunication technology involved
and the ways computer hackers use and abuse that technology, and it
summarizes the investigation that led to Doucette's conviction and the
convictions of other hackers in her group.
Myong, A.M.; Forcht, K.A.[James Madison Univ., Harrisonburg, VA, USA]: "The
computer hacker: friend or foe?"
In: Journal of Computer Information Systems (Winter 1990-1991) vol.31,
no.2; pp.47-9
Abstract: To most people, the hacker seems somewhat harmless but the
reality is quite the contrary. Quite often, extremely sensitive data is
accessed by hackers and tampering of any kind can cause irreversible
damage. Although this situation is causing great concern, the hacker is not
seen as the hardened criminal, and laws dealing with this kind of
'technological trespass' poses the question: 'is the hacker a friend or
foe?' Obviously, these hackers violate the security and privacy of many
individuals, but by doing so, vulnerabilities in the systems are showcased,
alerting the need for increased security. Paradoxically, by committing
computer crimes, these 'hackers' could be doing society an indirect favor.
The authors give a profile of a hacker and explain how some users and
systems make it easy for one to break into their system. Various actual
hacks are also presented. (13 Refs)
Koseki, J.: "Security measures for information and communication networks"
In: Data Communication and Processing, (1991) vol.22, no.4; pp.38-46
Abstract: The causes of interruptions of the information/communication
system can be classified roughly into accidents and crime. The factors of
disturbing system operations include reduction of system functions due to
traffic congestion. While accidents occur due to unexpected natural
phenomena or human errors, crimes are failures based on intentional human
behavior, unjust utilization and destruction of the system involving the
hacker and computer virus. In order to complete the security for
information and communication networks and eliminate the risk of accidents
and crime, it is necessary to improve system functions and take harmonious
measures viewed from human and legal factors as well as a technological
standpoint.
Zajac, B.P., Jr.[ABC Rail Corp. Chicago, IL, USA]: "Interview with Clifford
Stoll (computer crime)"
In: Computers & Security (Nov. 1990) vol.9, no.7; pp.601-3
Abstract: Concerns the trials of Clifford Stoll, tracking a hacker that
was looking for US military information and then trying to convince the
Federal Bureau of Investigation that he had an international computer spy
on his hands. As the system manager, he was to track down a $0.75
discrepancy in one of the accounting systems. In his quest Stoll discovered
that this was not the simple theft of some computer time but was something
far greater-international computer espionage aimed at US military
computers.
"IT security"
In: Wharton Report (Aug. 1990) no.144; pp.1-8
Abstract: As our reliance on computer systems increases so too does the
risk of data loss. A computer can be insecure in many ways: a clever
hacker, a virus, a careless employee or a vandal can steal, destroy, alter
or read data with relative ease. In addition to this, the proliferation of
networks and the increasing number of tasks given over to a company's
central computer have, while helping us achieve higher degrees of output,
made our data even more insecure. The trend towards open systems will also
bring us security problems.
Schneider, E.W.[Peacham Pedagogics, Madison, NJ, USA]: "Progress and the
hacker ethic (in educational computing)"
In: Educational Technology (Aug. 1990) vol.30, no.8; pp.52-6
Abstract: A hacker is someone who writes clever code on a small machine
in something very close to machine language so that the small machine does
things that would be impressive on a big time-sharing machine.
Microcomputers were introduced into schools by teachers who were also
electronic hobbyists. Some of these teachers went on to learn programming,
becoming true hackers. Due to unprecedented demand from industry, true
hackers in education are an extinct species. Other teachers developed
skills in keeping the machine running, and ordering the latest and
greatest; they form a group that is peculiar to education: the
pseudo-hackers. Most computer applications in higher education have adopted
a hacker ethic. They act as if educational research and medical research
used the same way of determining needs, funding, and performing research,
and disseminating the results. They expect teachers to be as motivated as
doctors, learning about the latest techniques and adopting them as quickly
as possible. That may well be the way it ought to be, but that certainly
isn't the way that it is.
Cook, W.J.: Uncovering the mystery of Shadowhawk
In: Security Management (May 1990) vol.34, no.5; pp.26-32
Abstract: How can a juvenile infiltrate some of the country's most
classified and secured datafiles? Easy-with his home PC. On February 14,
1989, a hacker was sentenced to nine months in prison, to be followed by
two and a half years' probation, and was ordered to pay restitution
totaling $10000. On February 28, 1989, he started serving his prison term
in a prison in South Dakota. If the hacker had been 18 when he committed
these crimes, he would have faced a possible 13-year prison sentence and
fines totaling $800000. Facts developed during a one-week trial established
that between July and September 1987, the hacker, under the code name
Shadowhawk, used a modem on his home computer to gain unauthorized remote
access to AT&T computers in Illinois, New Jersey, North Carolina, and
Georgia and stole copies of copyrighted AT&T source code worth over
$1,120,000. (7 Refs)
Greenleaf, G.: "Computers and crime-the hacker's new rules"
In: Computer Law and Security Report (July-Aug. 1990) vol.6, no.2; p.21-2
Abstract: The author reflects on the international response to the case
of Robert Morris, a US hacker. He looks at recent Australian legislation on
computer crime and some legal definitions from England.
Kluepfel, H.M. [Bellcore, Morristown, NJ, USA]: Foiling the wily hacker:
more than analysis and containment
Conference Title: Proceedings. 3-5 Oct. 1989 International Carnahan Conf.
Security Technology; pp.15-21
Publisher: ETH Zentrum-KT, Zurich, Switzerland; 1989; 316 pp.
Abstract: The author looks at the methods and tools used by system
intruders. He analyzes the development of the hacker, his motivation, his
environment, and the tools used for system intrusion. He probes the nature
of the vulnerable networking environments that are the target of
intrusions. The author addresses how to turn the tables on these intruders
with their own tools and techniques. He points out that there are many
opportunities to learn from the intruders and design that knowledge into
defensive solutions for securing computer-based systems. The author then
presents a strategy to defend and thwart such intrusions. (16 Refs)
Dehnad, K. [Columbia Univ., New York, NY, USA] : "A simple way of improving
the login security"
In: Computers & Security (Nov. 1989) vol.8, no.7; pp.607-11
Abstract: The login procedure is formulated as a test of hypothesis. The
formulation is used to show that the commonly used procedure provides
valuable information to a hacker which enables him to use trial and error
to gain access to a computer system. A general method for reducing this
information is described and its properties studied. The method introduces
randomness into the procedure, thus denying a hacker the luxury of trial
and error. (6 Refs)
Earley, J.: "Supplier's view-considering dial-up (hacker prevention)"
In: Computer Fraud & Security Bull. (Oct. 1989) vol.11, no.12; pp.15-18
Abstract: Discusses the practicalities of hacker prevention. Password
protection, data encryption algorithms and the combination of data
encryption and access control are briefly considered. The Horatius access
control system and Challenge Personal Authenticator are discussed.
Lubich, H.P.: "Computer viruses, worms, and other animals: truth & fiction"
In: Output (5 April 1989) vol.18, no.4; pp.31-4
Abstract: Computer viruses can be classified according to
characteristics, especially their effects and their propagation mechanisms.
Harmless and destructive viruses and their propagation in computer systems
are discussed. Related definitions of virus, worm, mole, Trojan horse,
trapdoor, logic bomb, time bomb, sleeper, hole, security gap, leak, hacker,
and cracker are explained. System penetration by hackers or viruses has
been aided by lack of system security consciousness, and by security
deficiencies in hardware and software supplied by manufacturers.
Countermeasures discussed include care in software purchase, use of test
programs, use of special security measures, and recourse to legislation.
Brunnstein, K.: "Hackers in the shadow of the KGB"
In: Chip (May 1989) no.5; pp.14-19
Abstract: The author examines the question of whether hackers are
criminals or idealists. He sketches a profile of a typical hacker (which
turns out to be similar to that of a professional programmer) and looks at
hackers' work methods, clubs and motives. He outlines some of their more
wellknown cases (e.g. the Chaos club, the Hannover hacker, the involvement
of Russia in buying stolen technical secrets) and comments on the measures
being taken to prevent hackers getting in and to make computer systems
'secure'.
Campbell, D.E. [PSI Int., Fairfax, VA, USA]: "The intelligent threat
(computer security)"
In: Security Management (Feb. 1989) vol.33, no.2; pp.19A-22
Abstract: This article is about the hacker as an external threat, a
terrorist, a person who destroys information for spite, revenge, some
get-rich-quick scheme, or some ideological reason-but always with physical
or electronic destruction or modification of data as a possible end result.
The hacker as a destructive force is the external threat all information
systems are faced with, and as a manager of these systems, your job may
depend on how well you defend your data against such a force.
Samid, G.: "Taking uncommon-but effective-steps for computer security"
In: Computers in Banking (March 1989) vol.6, no.3; pp.22, 61-2
Abstract: System managers and security officials should take the time to
familiarize themselves with the hackers job. Only then will they develop a
sense of their system's vulnerability. Such awareness is a prerequisite for
installation of a heavy-duty defense. No computer system is break-safe.
Therefore computer security starts with identifying who will benefit the
most from breaking in. Then the analysis should assess the value of
breaking in for the intruder. That value should be less than the effort or
cost of accomplishing the intrusion. As long as the balance cost/benefit is
kept unfavorable to the would-be intruder, the system is virtually
break-safe.
Wilding, E.: "Security services shaken by UK hacker's claims"
In: Computer Fraud & Security Bulletin; (Jan. 1989) vol.11, no.3; pp.1-5
Abstract: Discusses the case of Edward Austin Singh, the UK hacker
reported in October to have accessed some 250 academic, commercial,
government and military networks worldwide. This case serves as a useful
framework for discussing legal issues related to computer hacking in the
UK.
Gliss, H.: "US research systems attacked by German student"
In: Computer Fraud & Security Bulletin (July 1988) vol.10, no.9; pp.1-3
Abstract: A researcher with 'a hacker's mentality' caught a German
computer science student from Hanover. The researcher, Clifford Stoll from
Lawrence Berkeley Laboratory (LBL), trapped the student by a trace
connection over the US data networks into Bremen University (West Germany)
and from there through DATEX-P to the individual telephone from which the
hacker did his job. The author gives a comprehensive overview about Stoll's
successful approach, and the lessons which LBL management drew from the
case.
Beale, I.: Computer eavesdropping-fact or fantasy
In: EDP Auditor Journal (1988) vol.3; pp.39-42
Abstract: Equipped with a black and white television set, an antenna and
a small amount of electronics equipment it is possible to display the
information from the screen of a terminal located in a building over 300
metres away. This shows how easy eavesdropping can be, how inexpensive the
necessary equipment is and how readable the data received is. Clearly then,
senior management within many companies should be concerned about the
vulnerability of their systems and the information contained within them. A
broad range of information currently processed on computer systems is of a
confidential nature and needs to be stored and processed within a secure
environment. This type of information includes financial data, financial
projections, design data for new products, personnel records, bank
accounts, sensitive correspondence and competitive contract bids. Any of
this information may be valuable to eavesdroppers either for their own use,
or so that they can sell it to a third party. Another interested party in
this technology is the would-be hacker. By using eavesdropping techniques,
the hacker will be able to readily identify user ids and passwords which
are valid on client computer systems. This will be much more efficient than
the techniques currently used by hackers to identify valid user id and
password combinations.
Stoll, C.: "Stalking the wily hacker"
In: Communications of the ACM (May 1988) vol.31, no.5; pp.484-97
Abstract: In August 1986 a persistent computer intruder attacked the
Lawrence Berkeley Laboratory (LBL). Instead of trying to keep the intruder
out, LBL took the novel approach of allowing him access while they printed
out his activities and traced him to his source. This trace back was harder
than expected, requiring nearly a year of work and the cooperation of many
organizations. This article tells the story of the break-ins and the trace,
and sums up what was learned. (49 Refs)
Schechter, H.: "Dial-up network management-more than just security!"
Conference Title: SECURICOM 86. 4th Worldwide Congress on Computer and
Communications Security and Protection; pp.173-8
Publisher: SEDEP, Paris, France; Date: 1986; 476 pp; Date: 4-6 March 1986
Abstract: During the last few years, worldwide data communications
networks have been besieged by terrorist attacks, the personal computer
hacker. As businesses have aggressively pursued the use of the PC and
dial-up services, they have found that they must guard their networks and
data, and at the same time manage this dial-up network like they manage
leased line networks. The paper analyzes the needs and components of
dial-up network management and security.
Troy, E.F.: "Security for dial-up lines"
Issued by: Nat. Bur. Stand., Washington, DC, USA; May 1986; vi+60 pp.
Abstract: This publication describes the problem of intrusion into
government and private computers via dial-up telephone lines, the so-called
'hacker problem'. There is a set of minimum protection techniques against
these people and more nefarious intruders which should be used in all
systems which have dial-up communications. These techniques can be provided
by a computer's operating system, in the best case. If the computer does
not have the capability to give adequate protection against dialup
intruders, then other means should be used to shore up the system's access
control security. There are a number of hardware devices which can be
fitted to computers or used with their dial-up terminals and which provide
additional communications protection for nonclassified computer systems.
This publication organizes these devices into two primary categories and
six subcategories in order to describe their characteristics and the ways
in which they can be used effectively in dial-up computer communications. A
set of evaluative questions and guidelines is provided for system managers
to use in selecting the devices which best fit the need. A set of four
tables is included which lists all known devices in the four primary
categories, along with vendor contact information. No attempt is made to
perform any qualitative evaluation of the devices individually. (41 Refs)
Roberts, W. [Dept. of Comput. Sci., Queen Mary Coll., London, UK]: "'Re-
member to lock the door': MMI and the hacker"
Conference Title: System Security: Confidentiality, Integrity,
Continuity. Proceedings of the International Conference; pp.107-14
Publisher: Online Publications, Pinner, UK; Date: 1986; xii+232 pp.
Conference Date: Oct. 1986; London, UK
Abstract: Increasing emphasis is being placed on the importance of man
machine interface (MMI) issues in modern computer systems. This paper
considers the ways in which common MMI features can help intruders to
breach the security of a system, and suggests methods for enhancing system
security and data integrity by careful MMI design, aiding both the user and
the system administrator.
Murphy, I. [Secure Data Syst., Philadelphia, PA, USA]: "Aspects of hacker
crime: high-technology tomfoolery or theft?"
In: Information Age (April 1986) vol.8, no.2; pp.69-73
Abstract: Computer crime is an increasingly common problem worldwide.
Perpetrated by a growing band of people known as hackers, it is exacerbated
by the ease with which hackers communicate over clandestine bulletin
boards. The types of information contained in these boards is reviewed, and
a parallel is drawn with the problem of telephone fraud also rampant in the
USA. The author looks at the problem of unauthorized access to telephone
lines and personal data. (1 Ref)
Shain, M.: "Software protection-myth or reality?"
Conference Title: Protecting and Licensing Software and Semiconductor
Chips in Europe; 30 pp.
Publisher: Eur. Study Conferences, Uppingham, Rutland, UK; 1985; 273 pp.
Conference Date: 7-8 Nov. 1985; Amsterdam, Netherlands
Abstract: The article reviews the motives people have for copying
software and estimates the size of the revenue loss due to this. Commercial
software protection schemes are reviewed and an account of microcomputer
fundamentals is given for those with no prior knowledge. The techniques
used by the software hacker are analyzed and a view is taken as to whether
software protection is a myth or reality.
Mullen, J.B.: "Online system reviews: controls and management concerns"
In: Internal Auditor (Oct. 1985) vol.42, no.5; pp.77-82
Abstract: The generally accepted controls for online systems can be
divided into three categories: preventive; detective; and corrective. The
preventive controls include sign-on key and passwords. The periodic
changing of these controls and other preventive access controls may prevent
a hacker from learning the access system via observation. The detective
controls include: line protocol, which defines the method of data
transmission; front-end edits, routines within the online-application
programs to detect errors in critical fields; and authorization files,
online files containing user passwords. Corrective controls include:
transaction logging; online training, security software; audit caveats;
audit procedures and effectiveness.
Rous, C.C. [Cerberus Comput. Security Inc., Toronto, Ont., Canada]: "What
makes hackers tick? A computer owner's guide"
In: CIPS Review (July-Aug. 1985) vol.9, no.4; pp.14-15
Abstract: Harmless pranksters or malicious wrongdoers? A computer
security expert points out the differences and similarities-and offers
preventative tips. A major concern of most data processors today is the
threat of 'The Hacker'. This article attempts to de-mystify the breed by
examining hacker psychology. The focus is on the distinction between
frivolous and serious, or benign and malicious, hackers. While the
distinction is valid, it is equally important to recognize the fundamental
similarities between the two. In addition, no matter how benign the hacker
who penetrates a system, if he or she has done so a more malicious one
presumably could too. The author goes on to list the different types of
hacker and provides a detailed analysis of each one. Finally, some lessons
for owners and operators of computer systems are offered.
Haight, R.C.: "My life as a hacker" Conference Title: ACC '84. Proceedings
of the Australian Computer Conference; pp.205-12 Editor(s): Clarke, R.
Publisher: Austr. Comput. Soc, Sydney, NSW, Australia; 1984; xx+672 pp.
Conference Date: 4-9 Nov. 1984; Location: Sydney, NSW, Australia Abstract:
The author has been programming and supervising programmers since 1961.
His experiences and personal viewpoint are described.
------------------------------
End of Computer Underground Digest #4.22
************************************
Computer underground Digest Mon May 25, 1992 Volume 4 : Issue 23
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Associate Editor: Etaion Shrdlu, Jr.
Arcmeisters: Brendan Kehoe and Bob Kusumoto
CONTENTS, #4.23 (May 25, 1992)
File 1--Thanks from Craig Neidorf for Support
File 2--Resurgance of a Myth ("The Dying Child")
File 3--Freedom and Privacy in North American Cyberspace
File 4--PREXY CANDIDATE E-ADDRS & update re candidates' ONLINE forum
File 5--FINAL ANNOUNCEMENT FOR IFIP/SEC CONFERENCE '92
File 6--BYU Hackers Busted
File 7--GEnie Conference on "Virtual Reality"
Issues of CuD can be found in the Usenet alt.society.cu-digest news
group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG,
and DL0 and DL12 of TELECOM, on Genie in the PF*NPC RT libraries, on
the PC-EXEC BBS at (414) 789-4210, and by anonymous ftp from
ftp.eff.org (192.88.144.4), chsun1.spc.uchicago.edu, and
ftp.ee.mu.oz.au. To use the U. of Chicago email server, send mail
with the subject "help" (without the quotes) to
archive-server@chsun1.spc.uchicago.edu. European distributor: ComNet
in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
From: Craig Neidorf <cneidorf@ITP.ACLU.ORG>
Date: Wed, 20 May 1992 11:52:28 EDT
Subject: File 1--Thanks from Craig Neidorf for Support
Dear CuD:
I would like to thank the many people who have taken their time and
their checkbooks and sent me donations to help me cope with the costs
of my legal defense.
Whenever its been possible, I have personally mailed each individual
that has made a donation. All of these people should also have
received a letter from Sheldon Zenner.
However, there have been a few problems in certain cases in getting
the money to the correct place.
The law firm of Katten, Muchin, & Zavis is huge. They have 5 offices
in the US and their Chicago office alone occupies 5 floors and employs
over 300 attornies plus all of the support staff.
Over the last couple of months, a lot of checks have come into Katten,
Muchin, & Zavis, but they were not addressed to Sheldon Zenner's
attention. This has caused many delays and in some cases it is very
possible that the money was never credited to my account at all.
If you are among the people who did send in a donation and you have
not received a letter from me or Sheldon Zenner, then please contact
me via email. I know that about 9 people's checks were credited to
my account, but Sheldon Zenner was not made aware of the people's
names. The checks were mailed to Neidorf Defense instead of Sheldon
Zenner and not every one at the firm is familiar with my case, thus
causing confusion.
For those people who are still considering sending a donation, please
follow these instructions.
Make your check out to: Katten, Muchin, & Zavis.
Write "Craig Neidorf" in the memo.
Send your check (or money order) to:
Sheldon Zenner
Katten, Muchin, & Zavis
525 West Monroe Street
Suite 1600
Chicago, IL 60606-3693
(It wouldn't hurt to attach a note).
Thank you all.
Craig Neidorf
------------------------------
Date: Thu, 14 May 92 16:26 GMT
From: Jean-Bernard Condat <0005013469@MCIMAIL.COM>
Subject: File 2--Resurgance of a Myth ("The Dying Child")
The resurgence of a myth: Craig Shergold
If you happen to see a message on your local packet BBS about sending
post cards to a dying child, you might wish to consider the following
and perhaps even follow up on the BBS message.
If you call the "Children's Make a Wish" foundation, you will find
that they are not soliciting any form of card for Craig Shergold or
anyone else. Better yet, if you call the Guinness people (US
publisher is "Facts on File" @ 212-683-2244, ext. 336), you can get
this same story confirmed. You will also find that they will no
longer endorse or support any effort to break this record.
Many years ago, Craig Shergold had a brain tumor, believed inoperable.
He sought to set the Guinness record for get-well cards. The call was
well-publicized, and he did, indeed set the record (consult a recent
edition of the book--he has received in excess of 16 million cards
to date; he officially set the record as of 17 Nov 1989).
As part of this whole story, his plight caught the attention of John
Kluge, the US billionaire, who paid for Craig to come to the US and
receive specialized treatment. As a result, Craig has recovered
completely from his tumor. He is also no longer seven, but well into
his teens (you can see how out-of-date the request for cards is from
this--it's like circulating a letter encouraging people to vote for
Carter for President).
The problem is that the mimeographed sheets and letters seeking cards
for Craig have continued to be circulated. As a result, cards
continue to pour in to the post office for Royal Marsden Hospital in
England. Worse, the appeal has mutated into various other versions,
such as an appeal for business cards, one for postcards, and another
version that appeals for holiday cards.
The Shergold family has publicly appealed many times that people cease
to mail them cards and letters, and that no more appeals be made on
their behalf. One easily accessible way to verify this is with the
article on page 24 of the 19 July 1990 NY Times. People Magazine wrote
an article about it on June 1, 1991, page 63. Even Ann Landers has
carried an item on this [6/23/91], but people still keep trying to send
cards. Both Guinness and Royal Marsden have repeatedly issued press
releases asking people to stop circulating requests for cards, as they
are creating an undue burden on both the hospital and the postal service.
The Guinness people have discontinued the category to prevent this
kind of thing from ever happening again, and are doing their utmost to
kill any further mailings. The Royal Marsden Hospital is at a loss
what to do with the cards that continue to arrive--most are being
sold to stamp collectors and paper recyclers, and none go on to Craig.
This appeal for Craig, as well as many urban legends, regularly appear
on electronic bulletin boards around the world, and in many
organizational newsletters and bulletins. It is both heartening and
unfortunate that there are so many well-meaning people who continue to
propagate these stories. It is too bad that so many people are
unwilling to verify their information before passing such things
along, especially when a simple phone call will suffice to do so. In
this case, opening a recent copy of a book carried by nearly every
library and bookstore would illuminate the situation.
If you would still like to do something for a dying child, consider
making a donation to a charity such as UNICEF or to the International
Red Cross (Red Crescent, Red Magen David). Many thousands of children
are dying daily around the world from disease and starvation, and
countless millions more are suffering from the ravages of war, famine,
disease, and natural disaster. Think how many of them might be helped
by the millions of dollars in postage spent on cards to Craig
Shergold...
Also, I encourage you to save this announcement, in either electronic
or hard copy form, and to post it to any bulletin board you've seen the
original plea on. If you see it in the future, as you probably will,
you can attach a copy of this announcement. Wouldn't it be great to
finally kill this story, which spreads like a virus? - JBC]
Forwarded by:
Dr Jean-Bernard Condat
Chaos Computer Club France [CCCF]
B.P. 8005
69351 Lyon Cedex 08, France
BIBLIOGRAPHY
1. PR Newswire: "Young Recipient of Millions of Greeting cards undergoes
successful surgery." March 5, 1991, 585 words;
2. PR Newswire: "Requests for cards and letters for Craig forwarded to
Make-A-Wish Foundation (Craig Shergold)." April 5, 1990, 350 words;
3. "Youth who set card record takes vacation." in: Sun Sentinel (FL),
Nov. 6, 1990, page 17A, 158 words;
4. Rose BOCCIO: "Deluge of cards swamp sick boy, give him record." in:
Sun Sentinel (FL), April 4, 1990, page 4B, 528 words;
5. Jane SEABERRY: "Boy gets more than get-well wishes: life virginia
billionaire pays for his surgery." in: San Francisco Chronicle, March 22,
1991, page B3, 748 words;
6. "Get-well cards; enough already." in: San Francisco Chronicle, August
9, 1990, page B4, 538 words;
7. Ann LARDERS: "English Boy with tumor will be fine." in: Akron Beacon
Journal (AZ), June 23, 1991, page E8, 643 words;
8. Jane SEABERRY: "Fairy-tale ending for get-well-card king." in: Akron
Beacon Journal (AZ), March 21, 1991, page A1, 943 words;
9. David GROGAN: "Miracle in the mail; little Craig Shergold's recovery
was in the cards; brain tumor patient goes for world record in get-well
cards." People Weekly, vol. 35, page 63(2), June 10, 1991;
10. Robert ALBRECHT: "Get-well cards continue after "Guinness" record try
has ended." in: Colombus Dispatch, May 3, 1991, page 8C, 494 words;
11. News Editors: "Make A Wish: Update on Craig Shergold and erroneous
chain letter." March 4, 1992, 433 words;
12. "Don't keep those cards and letters coming, folks." in: Orlando
Sentinel, June 20, 1990, page A6, 421 words;
13. Paula MONAREZ: "Well-wishers help sick boy attain guinness record."
in: Daily News of Los Angeles, April 8, 1990, page L3, 563 words.
((Moderators note: The ease of electronic communication helps spread
urban legends rather quickly. Despite subsequent disclaimers, they
often continue to spread. Two recent examples include the "chocolate
chip cookie recipe" and the "FCC modem tax". Perhaps somebody could
write a short article on "urban legends and computer dissemination)).
------------------------------
Date: Fri, 15 May 92 08:22:40 -0400
From: sross@CRAFT.CAMP.CLARKSON.EDU(SUSAN M. ROSS)
Subject: File 3--Freedom and Privacy in North American Cyberspace
((Moderators' note: Susan M. Ross is doing interesting research
comparing Canadian and U.S. rights in cyberspace. She recently
received a grant to pursue the topic, and we asked her to send a copy
of the original proposal along for those interested in the topic. If
you have ideas, bibliographic items or other information of interest,
you should contact her directly)).
Freedom and Privacy in Cyberspace, Accessed Through North
America: Comparing and Contrasting the Canadian Charter of
Rights and Freedoms and the United States Bill of Rights with
respect to Computer-mediated Communication.
Susan Mallon Ross
Clarkson University
BACKGROUND
The Constitution of the United States of America (U.S.
Constitution, U.S. Bill of Rights), as originally adopted and
subsequently amended, does not explicitly extend constitutional
protections (e.g. First Amendment and Fourth Amendment rights) to
citizens who employ or are affected by technologies its framers could
not anticipate. Indeed, Laurence Tribe of Harvard Law School is
promoting a Constitutional amendment (Tribe, 1991) specifically to
remedy this situation. It would read:
This constitution's protections for the freedoms of speech,
press, petition, and assembly, and its protections against
unreasonable searches and seizures and the deprivation of life,
liberty, or property without due process of law, shall be
construed as fully applicable without regard to the technological
method or medium through which information content is generated,
stored, altered, transmitted or controlled.
In contrast, the Canadian Charter of Rights and Freedoms
(Canadian Charter) does guarantee freedom of expression in using "all
media of communication" (Section 2-b). However, at least two other
sections of the Canadian Charter could undermine this guarantee:
Section 1, which makes the rights and freedoms the document guarantees
subject to "reasonable limits" that "can be demonstrably justified in
a free and democratic society," and Section 33, the "override " or
"notwithstanding" clause, which allows Parliament or any province to
override certain rights guaranteed by the charter. These
qualifications seem to mean that, for the time being, even the
"fundamental right" to freedom of expression is not inalienable.
FUNDAMENTAL QUESTIONS
This work focuses on several questions:
1) What is "cyberspace" (Gibson, 1984) and what are some core issues
related to communicative freedom and privacy in the "cyberspace
age" (Tribe, 1991)?
2) What has been the United States experience with issues of
communicative freedom and privacy in cyberspace? (What legal
issues have arisen? What other challenges to constitutionally
protected rights seem likely? What cases have been tried and how
have they been resolved? How are the access to and the use of
cyberspace regulated? What governmental and private action is
being taken to protect the rights of citizens who venture into
cyberspace?)
3) What has been the Canadian experience with issues of freedom and
privacy in cyberspace?
4) What are the major trans-border issues that have arisen (or are
likely to arise) related to cyberspace, especially in the context
of freer trade? For example, how may freer trade be implemented
with respect to the products of the burgeoning, computer-mediated,
information industry (products that both provide and require access
to cyberspace) while protecting the constitutionally entrenched
rights both of Canadian and U.S. citizens? One such issue is
balancing: a) promoting freer trade, b) maintaining Canadian
Cultural Security, as protected by the Broadcast Act, an act
recently revised to include "all types of transmission to the
public of visual and sound programming, whether or not they
included transmission over the airwaves.... [The wording of the
revised Broadcast Act explicitly includes transmission by] 'wire,
visual or other electromagnetic system or any other optical or
technical system'" (Creery), and c) still guaranteeing "freedom of
expression."
METHODOLOGY
Cyberspace is a new frontier for a world that had perceived
itself already to have encountered its last frontier. This work
explores this new frontier to provide case-specific analysis focused
to contribute towards answering the ambitious and important questions
listed above. More specifically, the work involves the following tasks
and processes:
1) Reviewing the constitutional histories, including precedent setting
cases, of the United States and Canada related to communicative
freedom and privacy in cyberspace (computer-mediated
communication).
2) Reviewing relevant scholarship and applying it to answering the
major questions listed above.
3) Monitoring evolving issues in the Canadian and United States press
as well as through Canadian and U.S. computer hotlines and
publications concerned with computer-mediated communication.
4) Corresponding (usually by electronic mail) with key explorers of
the electronic frontier from both Canada and the United States.
5) Interviewing governmental officials in both nations.
PROJECTED CONTRIBUTION OF THE WORK
This project would provide a previously unavailable synthesis
and interpretation of Canadian and U.S. perspectives on the
application of constitutionally entrenched rights and freedoms to the
electronic frontier labelled "cyberspace." To Canadian-U.S. business
studies, in particular, it would contribute a comparative perspective
related to the computer-mediated information industry; specifically,
how North America's current partners in free trade constitutionally
deal with private, governmental, and commercial uses of computer
mediated communication. This study, therefore, would contribute
insight into the manifest and nascent issues these differences raise
in Canadian-U.S. relations, including our free trade partnership and,
perhaps, the trilateral negotiations to broaden that partnership to
include Mexico.
SOURCES
Borella, M. (1991). Computer Privacy vs. First and Fourth
Amendment Rights. A paper presented at the annual meeting of the
Speech Communication Association, Atlanta. (This paper resulted from
an academic project for which the author of this abstract was the
sponsor.)
Creery, T. (1990). "The Burden of Broadcasting: Becoming all
things to all political masters." Ottawa Citizen (22 May 1990, p.
A11).
Gibson, W. (1984). Neuromancer. New York: Ace Books.
Mandel, M. (1989). The Charter of Rights and the Legalization of
Politics in Canada, Toronto: Wall and Thompson.
Tribe, L.H. (1991). "The Constitution in Cyberspace." Keynote
Address at the First Conference on Computers, Freedom and Privacy: San
Francisco.
AUTHOR'S BIOGRAPHY
Susan Mallon Ross is a faculty member in Technical Communications
at Clarkson University in Potsdam, New York, U.S.A. Her doctorate in
Communication and Rhetoric is from Rensselaer Polytechnic Institute in
Troy, New York, U.S.A. This work is supported by a Faculty Research
Grant by the Canadian Embassy, Washington, D.C. and by a Research
Grant from Clarkson University.
------------------------------
Date: Sat, 16 May 92 12:12:16 PDT
From: jwarren@AUTODESK.COM(Jim Warren)
Subject: File 4--PREXY CANDIDATE E-ADDRS & update re candidates' ONLINE forum
This update includes the E-MAIL ADDRESSES for the major presidential
campaigns, except the Bush campaign which does not appear to have a
public e-address.
** Have you sent *your* request that they join an online presidential
forum? ** Since the public is best-served by hearing from *all* the
candidates, in one place and at one time, you might sent your requests
to *all* the candidates --not just the one you personally favor.
>From the ROSS PEROT campaign
On Friday, May 15th, Perot campaign worker David S. Bush responded
to the proposal for online debate(s) saying, "... The only official
view is that we need to do it. No one is sure of what it should look
like. We do know what the vision and mission of the Electronic
Townhall is. There are no specifics. That's what I'm trying to put
together now. I want to use the existing networks to gather people
together and come up with a solution." [Perot campaign email:
71511.460@compuserve.com ]
>From the JERRY BROWN campaign On Friday, May 8th, Sarah Gray from the
Brown campaign's Computer Department called to say that the Brown
campaign was commiting to participate. She followed this up with
this email:
> From autodesk!brown92%igc.org Fri May 8 21:32:37 1992
> To: 75300.3105@compuserve.com, autodesk!jwarren
> Uubject: Re: ... proposed online prexy-candidate debate
> ... The Brown for President campaign would be glad to communicate with
> Internet users in an online presidential candidate's forum. Please feel
> free to distribute this official memo.
> Sarah Gray, Computer Department, Brown for President campaign
> brown92@igc.org
I have requested that they verify that all responses will be posted
over Brown's name, as being an official statement from the candidate.
They are now trying to get time with Brown to discuss it and assure
his approval.
[ email: 75300.3105@compuserve.com; brown92@igc.org; brown92@well.sf.ca.us ]
>From the ANDRE MARROU campaign
On Saturday, May 9th, Steve Dasbach, the the Libertarian
presidential campaign committee chair, called to say that the Marrou
campaign was commiting to participate. As I am doing with all
respondents, I requested a signed commitment on letterhead stationary.
Per my request, they have sent a signed fax, fax-dated May 12th at
7:41, stating: ...
"On behalf of Andre Marrou, we accept your invitation to participate
in the on-line debate you outlined in your letter. "We understand
that all postings are to be made over Andre Marrou's name,
indicating that they are authorized statements by him.
... /s/ Bruce Baechler, Director of Operations" [73720.557@compuserve.com]
[Marrou campaign email: 75300.3114@compuserve.com ]
>From the PAT BUCHANAN campaign
On Tuesday morning, May 12th, Hal Turner, who identified himself as
"the point-man for their electronic campaign" called in response to an
email copy of the proposal. After discussing why to do it on the
Internet/USENET --widest possible exposure, access often free or very
low-cost -- he said that he would "talk it up" to the campaign
hierarchy.
[Buchanan campaign email: 76326.126@compuserve.com ]
[Clinton campaign email: 75300.3115@compuserve.com ]
[Bush campaign email: no public e-address known at this time ]
Democracy is a Do-It-Yourself project Hope you have sent a fax and/or
snailmail to the candidates urging them to participate in the
proposed online prexy forum. I would expect them to join an online
forum, *only* if they believe a great many people are interested.
And, the forum will be of greatest value -- to everyone, including
your favorite candidate -- if *all* the candidates participate, so
requests should be sent to all the candidates (please request
addresses and fax numbers from me, if you don't have them from the
previous posting). Also, it would be helpful if you would let me
know when you send your request to them.
As I know more, you'll know more. :-)
--jim
Jim Warren, Electronic Democracy Initiative, 415-851-7075
jwarren@well.sf.ca.us -or- jwarren@autodesk.com
---
DISCLAIMER: These comments are my personal free speech, stated during
my personal time, in personal discussion with citizens publicly
assembled in a global electronic Hyde Park that spans perhaps a
million company cafeterias and ultimately perhaps 15-million private
living rooms or more. This is not a representation of views of any
organization with which I am affiliated.
< Between 4/30 and 5/9, I sent invitations to the better-known presidential
< candidates, inviting them to participate in an ONLINE forum (on the Internet
< and via USENET, for maximum exposure and access). They would be replying to
< questions from reporters from major media, who would be accessible to
< everyone on the net and with a parallel newsgroup for concurrent public
< discussion.
< This invitation was faxed and mailed to (alphabetically) Brown, Buchanan,
< Bush, Clinton, Marrou and Perot. It has been reported in several major
< newspapers including the Houston Chronicle and Dallas Morning News.
< These are the responses that *I* have received, to date (the Houston
< Chronicle of 5/3 also reported responses from the Bush and Clinton campaigns;
< copy available upon request):
------------------------------
Date: Sat, 16 May 92 07:29:30 SST
From: "Dr. Guy G. Gable, IFIP/Sec '92 Program Chair" <ISCGUYGG@NUSVM.BITNET>
Subject: File 5--FINAL ANNOUNCEMENT FOR IFIP/SEC CONFERENCE '92
I would appreciate very much if the following announcement could be
circulated to as many users of the network as possible. Thanks. Guy
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
THE IFIP/SEC'92
8th INTERNATIONAL INFORMATION SECURITY CONFERENCE
May 27-29, 1992
Raffles City Convention Centre
Singapore
Organized by:
Singapore Computer Society
International Federation of Information Processing
Technical Committee 11
Sponsored by:
National Computer Board, Singapore
Singapore Federation of the Computer Industry
Microcomputer Trade Association (Singapore)
EDP Auditors' Association, Singapore Chapter
IEEE Singapore Section, Computer Chapter
Data Processing Managers Association
Official Hotel: Westin Stamford and Plaza
Official Airline: Singapore Airlines
Official Publication: Asia Computer Weekly
Endorsing Publication: I.T. Times
Managed by: HQ Link Pte Ltd
THE CONFERENCE
The purpose of the 1992 International Federation for Information
Processing Security Conference (IFIP/Sec'92) is to provide a forum for
the interchange of ideas, research results, and development activities
and applications amongst academicians and practitioners in the
information, computer and systems sciences. IFIP/Sec'92 consists of
advance tutorials, an open forum, distinguished keynote speakers, and
the presentation of high-quality internationally refereed papers. A
high degree of interaction and discussion amongst Conference
participants is expected, as a workshop-like setting will be promoted.
IFIP/Sec'92 is organised by The International Federation for
Information Processing, Technical Committee 11, on Security and
Protection in Information Processing Systems, and The Singapore
Computer Society. IFIP/Sec'92 is a non-profit activity funded
primarily by registration fees.
WHO SHOULD ATTEND
The conference is intended for Computer Security Managers - Internal
Auditors - Disaster Recovery Managers - Data Processing Managers -
Computer Operations Managers - PC Managers - System Designers -
Information Resource Managers - EDP Managers - Software Specialists -
Hardware Specialists - Systems Analysts - Systems Planners - Chief
Information Officers - IT Directors - MIS Managers - Office Automation
Specialists - Engineering Services Specialists - Financial
Managers/Controllers - Operations Managers - Administrative Managers -
Company Secretaries.
If you are interested in attending the conference or tutorials, please
call (65) 534-3588, fax (65) 534-2300, or telex (RS 24603 MOLDC), HQ
Link Pte Ltd in Singapore for further details.
------------------------------
Date: 20 May 92 18:52:50 EDT
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 6--BYU Hackers Busted
The following news item appeared in the _Ogden (Utah)
Standard-Examiner_ during the last part of April, first part of May
1992. The clipping was not submitted with an exact page/date
reference.
===
TWO BYU COMPUTER HACKERS ARRAIGNED
Provo [Utah] - Two Provo men accused of tapping into a Brigham Young
University computer system face arraignment in district court May 22
on second-degree felonies.
William Swinyard Jr. and Alexsander [sic] Radulovic, both 22, appeared
in 4th circuit Court Thursday for a preliminary hearing. However,
both opted to forego the hearing and have the case sent to district
court.
The two defendants allegedly used BYU computers to obtain credit
histories on 122 people.
====
If any CuD readers have additional information on this case,
particularly any details on the unclear reference to how the
University computers were used to obtain information that presumably
was on an outside system, please let us know.
------------------------------
Date: 10 May 92 20:51:52 EDT
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 7--GEnie Conference on "Virtual Reality"
__________________________________________________________
-=(( The Public Forum * NonProfit Connection RoundTable ))=-
-==((( GEnie Page 545 - Keywords PF or NPC )))==-
-=((__________________________________________________________))=-
Real-time Conference on Virtual Reality
with
Howard Rheingold
(May 3, 1992)
===================================================================
Copyright (C) 1992 by GEnie (R) and Public Forum*NonProfit Connection
This file may be distributed only in its entirety
and with this notice intact.
This file is the transcript of a real-time on-line conference in
GEnie's Public Forum with Howard Rheingold, author of VIRTUAL REALITY:
The Revolutionary Technology of Computer-Generated Artificial
Worlds--and How It Promises and Threatens to Transfrom Business and
Society.
Howard edits _The Whole Earth Review_ and consults with the US
Congress Office of Technology Assessment. He has written for such
publications as _The New York Times_, _Esquire_, _Playboy_ and _Omni_.
His other (excellent!) books include _Tools for Thought_ and
_Excursions to the Far Side of the Mind._ _Virtual Reality_ is
published by Simon and Shuster.
An electronic meeting place for friends, family and national "town
meetings," GEnie is an international online computer network for
information, education and entertainment. For under $5.00/month, GEnie
offers over 50 special interest bulletin boards and unlimited
electronic mail at no extra charge during evenings, weekends and
holidays. GEnie is offered by GE Information Services, a division of
General Electric Company.
In the Public Forum*NonProfit Connection, thousands of people every
day discuss politics and a wide range of social and nonprofit issues.
A neutral arena for all points of view, the PF*NPC is presented by
Public Interest Media, a nonprofit organization devoted to empowering
people through the socially productive use of information and
communication technology. For more information about GEnie or the
Public Forum, call 1-800-638-9636 or send electronic mail to
tsherman@igc.org.
Future real-time conferences, all beginning at 9 p.m. ET, include:
Steve Cisler, Apple Computer on data highways (May 10)
Katie Hafner, author of Cyberpunk (May 24)
Jerry Berman, Esq., Electronic Frontier Foundation (May 31)
To sign up for GEnie service, call (with modem in HALF DUPLEX)
800-638-8369. Upon connection, type HHH. At the U#= prompt,
type XTX88367,GENIE <RETURN>. The system will prompt you for information.
-=-=-=-=-=-=-=-=-=-=-=-=-
<SHERMAN> Welcome to the first in this month's series of RTCs
on Technology and Society! Please check the
schedule, posted in our Announcements topic (cat
1/topic 3) for the other events . . . These
realtime conferences raise important issues for the
future -- some of them already being discussed in
BB Cat 7: Technology, Science and Society . . .
You'll also find many excellent files in the Public
Forum library, including a couple of articles
posted with permission from the editor of The Whole
Earth Review -- tonight's special guest, Howard
Rheingold . . .
For more than 10 years, Howard has been writing
books and articles about "mind-amplifying"
technologies. Although he questions "the
possibility of accurately predicting the social
impact of any new technology," (in _Tools for
Thought_) . . . he's done a great job helping us
think about the social transformations that may be
provoked by new technology. I've invited Howard to
say a few words of introduction and then . . .
he'll answer questions and join in the discussion.
When you finish typing, please type GA (for Go
Ahead) to let us know that you're done. Three
periods means . . . I'm not done talking; please
wait a second. And now: here's Howard! Any
introductory thoughts? GA
<[Howard] PRESS11> Hello! I like a medium where my ability to type
fast is rewarded. ;-) I guess the first thing I
would like to say about VR is that all the
travelling and talking and reading since I finished
the book have changed some of my attitudes. I would
say that I am more skeptical and less enthusiastic
about the technology's potential than I was when I
wrote the book.
<SHERMAN> Howard, are there any particular aspects of VR
you'd like us to focus on?
<[Howard] PRESS11> One thing I have noticed is that VR is almost like
a metaphor for technology for many people. This is,
it is a way to talk about some of the hopes and
fears we have about the way the world seems to be
heading. In truth, the technology isn't going to
affect most of us for years to come. I'd like to
talk about the ethics of VR. I'm not sure what to
do about it, but I find myself wondering about the
potentially harmful applications, especially since
the Gulf War used VR so successfully.
<[..Ryan...] R.MACMICHAEL> From what I've heard, it is planned on being used
to test-fly planes before they are built in order
to anticipate problems... ... but how could that be
done (the real world emulated so closely) in a way
that humans couldn't pick up on them just as fast.
ga
<[Howard] PRESS11> Flight simulation is one of the roots of VR. Flight
simulators, both civilian and military, are far
more realistic (and expensive) than the Virtuality
games or anything we are likely to see in arcades
for the next decade or two. ga
<SHERMAN> Ryan, follow up question?
<[..Ryan...] R.MACMICHAEL> Yes... How soon would they be used for safety
purposes on a more wide-scale basis? (in the way I
mentioned above) ga
<[Howard] PRESS11> Flight simulators have been used for decades.
United Airlines has a HUGE flight simulator in, I
think, Denver. Only the military use the full-tilt
3D goggles, but the view-through-the-window stuff
is pretty impressive. GA
<SHERMAN> Thanks, Ryan
<[..Ryan...] R.MACMICHAEL> Thanks...
<[Connie] C.RIFENBURG> What has made you more skeptical and less
enthusiastic ...and what did you =think= was the
potential before now... what do you believe =is=
the potential NOW? GA
<[Howard] PRESS11> I don't think that it is a good idea to blur the
line between playing a video game and blowing up
people. And I think that the medium, if perfected,
will be a very powerful tool for mind control...
After all, people decide who to elect and what to
buy and how to live according to the images that we
see on a tiny 2D television tube. How much more
powerful will VR be? Are we really sure that the
medical and design uses are worth the other uses?
Do we really really need this stuff? Perhaps we
ought to spend more time looking at the toxicity of
the environment, and preserving the cultures and
biomass that use plants as healing agents, instead
of creating 3D tools for irradiating tumors. In
regard to the humanities at universities, I
understand that there is a center for the arts in
Banff that is doing good work. And Carl Loeffler at
Carnegie Mellon is doing some stuff with the arts
and VR. GA
<[Connie] C.RIFENBURG> So you think it's like the quandry similar to what
the A-Bomb created? Good/Bad: How can we manage it?
GA
<[Howard] PRESS11> Yes, I think we, as a species, ought to take a
closer look at the natural world that we seem to be
destroying. I'm not so sure that we will be
altogether happy in a totally simulated world when
all the real trees are dead. ga
<SHERMAN> Thanks Connie. Dave Baldwin, your question?
<[Dave] D.BALDWIN8> Other than the obvious military and video game
applications, where would you... anticipate VR
technology showing up in the next decade or so?
Anywhere useful,... Or will it just be a novelty?
GA
<[Howard] PRESS11> 3D CAD pretty soon. Autodesk and IBM will probably
both have products out next year. The design
industry will be the first to have a crack at it.
Scientific visualization and telerobotic control
are the other two fields that will have tools
within the next couple years. ga
<SHERMAN> Because so many of you want to ask questions of
Howard, I'm gonna skip the follow up questions
until we've gone around once . . . Bart, your
question?
<[Dave] D.BALDWIN8> how much more efficient will it be, though? and
what about the cost/benefits?
<[bart] B.PREECS> Howard, do you see VR falling under the control of
the same people/organizations that control our
existing media system Ga
<[Howard] PRESS11> Regarding efficiency -- if you have a design
problem that involves visualizing a complex 3D
space, then even today's crude level might be a
useful tool. Good question. We'll have to see how
the architects and designers react. . .
Yes, I think ALL technologies that create power and
wealth are likely to fall under control of those
who recognize that, and who already have the power
and wealth to seize control of the new media . . .
Are we really sure that hobbyists and artists and
benign folks are going to be the ones who use VR to
the largest effect? Or will it be a weapon and
mind-control device? ga
<SHERMAN> Bart, thanks! Rick D, your question?
<RICK.D> What would the hardware requirements be for the VR
systems of, say, the next three to five years?
Would a standard PC of today work for the systems
you mentioned might be released next year?? GA
<[Howard] PRESS11> The cost of chips seems to be coming down. A 486
engine, for example, is pretty affordable now, and
you can do some stuff with it. But you really want
ten times the power. . . The transputer
architectures, where you put a bunch of chips
together, have some promise. I think people will be
able to do some fun stuff with desktop VR in the
next few years, but the resolution and reaction
speed won't be great. ga
<SHERMAN> Ric Helton, your question?
<[Ric] GRAFFITI> A perfect application of VR hardware (and one that
is likely to speed its development) is "telepresence"
(being somewhere else through remote control,
complete with sight & sounds). How long will it
take telepresence to become commonplace? How far
will it trickle down to "mundane" occupations?
(Not astronautics, nuclear waste management or the
like.) GA
<[Howard] PRESS11> Don't expect anything affordable and high-res in
the telepresence area for five or ten or fifteen
years. There are a lot of problems to be solved,
and a lot of expensive hardware is necessary ga
<SHERMAN> Thanks, Ric, Dave Messer, your question?
<[Dave] D.MESSER> It seems to me that VR also has a potential to help
the environment by reducing pollution, how big an
impact do you thing "telecommuting" will have with
VR? ga
<[Howard] PRESS11> I think we will all be dead from toxic chemicals,
ozone depletion, and the world's largest traffic
jam by the time VR has any impact. In other words,
I think the promise of VR telecommuting is bogus if
you look at it in context of the problems. If
Time/Warner is doing anything, it is strictly
exploratory. Unless they are going into the theme
park business. Disney and Fujitsu, for example, are
creating stuff that we will see in theme parks in a
few years, but not at home. Two limitations:
screen resolution, and computing power, are hard.
But you can't forget that good software takes a
while to create. When LCD screens are ten times as
good and one tenth the price, we'll see some
action. When you can get CRAY power on a desktop
for less than $1000.
<SHERMAN> Frank, your question
<[Frank] F.DUROSS> We have heard the term electronic LSD many times,
how might VR be used as a form of mind expansion?
How might it be abused? GA
<[Howard] PRESS11> I go into it in my book. I think the electronic LSD
argument is a red-herring for the near future.
People are already incredibly addicted to
television, a truly stupefying drug. It will take
decades to create electronic LSD. The worst abuse
model, as I mentioned, is television. Withdrawal
from the real world ga
<SHERMAN> Phil, your question?
<[PHIL] P.VOYSTOCK> Can you be more specific regarding your fear of
mind control applications with VR technology? GA
<[Howard] PRESS11> "Perception is Reality." Willie Horton elected
George Bush. A videotape burned down LA.
Technologies that can manipulate emotions via
perceptions are technologies for manipulating
beliefs, and thus for controlling people
politically. If television works so well with such
little involvement, what will VR do? ga
<SHERMAN> M.DAVIS, your question?
<M.DAVIS34> I've devoured CQ/Whole Earth Review for many years.
Thanks for the great resource. I've heard tell of
VR potentially being used in biomedical/genetic
engineering on a molecular scale. What are some of
the high points/dangers of these developments? GA
<[Howard] PRESS11> Actually, I am much more interested in and
concerned with developments in artificial life
research. But that's another topic. Look for a LOT
on that in the Fall, 1992, WER. VR is being used as
in interface to microengineering, which COULD lead
to nanodevices. A whole new ball game if that's
true. It will take years. ga
<SHERMAN> David G, your question?
<[david] D.GALBRAITH5> where is VR design work/discussion happening
outside of the military-industrial complex?
<[Howard] PRESS11> IBM announced a joint venture with a small British
company. Fujitsu working on entertainment
applications. Various projects at computer
companies. A couple dozen small start-ups. It is
healthy but not huge, exept in Japan, where
significant money -- tens of millions per year --
is still being spent. ga
<SHERMAN> Joe, your question?
<JOE.WEBB> What is the role of VR's money-making potential in
determining how it is developed? ga
<[Howard] PRESS11> When one company or industry demonstrates that
using VR will give it competitive advantage, it
will drive development; when one kind of
application makes economies of scale effective for
components, it drives developments in other fields.
We have yet to see an example of either. The next
five years will tell the tale. ga
<SHERMAN> Bil. Swartz, your question?
<BIL.SWARTZ> Having recently picked up your book 'VR' to
hopefully find some answers but not having time to
more than crack the cover I find it erie that you
are here to ask in person! I would like to know
more about the current state of feed back devices.
The bulky feedback devices such as that ARM...
ouch. How much got thru? ga
<SHERMAN> Bart, you had a question.
<[bart] B.PREECS> Howard, in *your* opinion, what is the most
*useful* thing VR could do that we couldn't do with
out it? GA
<[Howard] PRESS11> The most useful thing, I think, is scientific
visualization. Just as a microscope made modern
medicine possible because biologists could SEE
germs, I think the use of VR to visualize things
like the way the immune system works could help
give scientists important new insights. ga
<SHERMAN> Phil, your question?
<[PHIL] P.VOYSTOCK> How long did it take to reasearch/write your book?
<[Howard] PRESS11> I travelled and interviewed and did a lot of
reading for about a year, and spent about another
year writing and filling in other interviews and
reading. ga
<SHERMAN> Dave M, your question?
<[Dave] D.MESSER> Do you think that VR technology should be
controller or suppressed due to the dangers
involved? GA
<[Howard] PRESS11> No, I don't think "controlled" or "suppressed" are
the right words. I don't think we even HAVE the
right words. We need to find ways, as a society, to
have discussions about how to guide technological
development. I trust neither the government nor
private enterprise, given the history of the past
decades. . . Although I don't have the answer, I do
believe that it is important for citizens to inform
ourselves about the potential consequences of
technology, and to raise these questions.
Unfortunately, our society can't even handle
discussions of basic human rights or environmental
dangers versus economics. The best I can do is
write books and talk to people and encourage them
to ask questions. ga
<SHERMAN> Adrn, your turn
<[Adrn] A.DEMARAIS> The sci-fi book Ender's Game was about a child
prodigy being taught how to wage a war in
simulators, only to discover that it was all real
and he had destroyed a civilization . Is this what
you fear VR might become? GA
<[Howard] PRESS11> Ender's Game is one real fear, yes. I think it is
entirely possible, given the way military uses of
technology have evolved, and how well VR did in the
Gulf. War is bad enough, but what if we don't know
whether we are playing a game or blowing up real
people somewhere? ga
<SHERMAN> Dave Galbraith, your turn!
<[david] D.GALBRAITH5> Do you know of any specific public access forums
for individuals involved with VR using TODAY's
level of computing hardware? GA
<[Howard] PRESS11> You mean places to talk about it? There is the VR
conference on the WELL, and the usenet newsgroup,
sci.virtual-worlds, both of which have a lot of
<SHERMAN> We're going to end the formal RTC now. I want to
thank you all for some great questions and to thank
Howard for taking time (from his next book and his
garden) to answer them . . . We can continue to
chat informally, and Howard, before you go, I
wonder if you . . .
<[Howard] PRESS11> Dinner is awaiting me! Thanks for the questions,
and keep on asking them!
<[Howard] PRESS11> ** has left.
-----# Participants #-----
<[Adrn] A.DEMARAIS>
<[bart] B.PREECS>
<BIL.SWARTZ>
<[Connie] C.RIFENBURG>
<[Dave] D.BALDWIN8>
<[david] D.GALBRAITH5>
<[Dave] D.MESSER>
<E.HUDSON>
<[Frank] F.DUROSS>
<[Ric] GRAFFITI>
<JOE.WEBB>
<[Missy] M.ALLEN18>
<M.DAVIS34>
<[PHIL] P.NICHOLLS2>
<[PHIL] P.VOYSTOCK>
<[Howard] PRESS11>
<[..Ryan...] R.MACMICHAEL>
<RICK.D>
<[Tom] SHERMAN>
<SHERRY>
______________________________________________________
| |
| The Public Forum * NonProfit Connection RoundTable |______
|______________________________________________________| |
| Sysops' GE Mail: PF$ RTC Sunday 9pm EDT: MOVE 545;2 |______
|___________________________________________________________| |
| News, Current Events, Government, Societal Issues, Nonprofits |
|________________________________________________________________|
# # #
------------------------------
End of Computer Underground Digest #4.23
************************************
Computer underground Digest Sun May 31, 1992 Volume 4 : Issue 24
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Associate Editor: Etaion Shrdlu, Jr.
Arcmeisters: Brendan Kehoe and Bob Kusumoto
CONTENTS, #4.24 (May 31, 1992)
File 1-- Spring 2600
File 2-- Correction on "Cybermyth" Article
File 3--Info from French CCC--One Year After
File 4-- GEnie Transcript: Steve Cisler/"Data Highways"
Issues of CuD can be found in the Usenet alt.society.cu-digest news
group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG,
and DL0 and DL12 of TELECOM, on Genie in the PF*NPC RT libraries, on
the PC-EXEC BBS at (414) 789-4210, and by anonymous ftp from
ftp.eff.org (192.88.144.4), chsun1.spc.uchicago.edu, and
ftp.ee.mu.oz.au. To use the U. of Chicago email server, send mail
with the subject "help" (without the quotes) to
archive-server@chsun1.spc.uchicago.edu. European distributor: ComNet
in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
From: Moderators <tk0jut2@mvs.cso.niu.edu>
Date: Sat, 30 May 1992 12:22:41 CDT
Subject: File 1--Spring 2600
The Spring '92 issue of "2600: The Hacker Quarterly" is out, and it's
another fine issue. Articles include MS DOS viruses and inadequate
virus scanners, boxes and cruising through Unix, and security
information on WWIV BBS software. There's the usual technical
information and letters, and an overview of the Australian phone
system. And more. The review of the month is the Steve Jackson game
HACKER: THE COMPUTER CRIME CARD GAME (it gets a highly positive
review).
2600 is a excellent value for $21 (U.S./Canada). More information can
be obtained directly from the editor, Emmanuel Goldstein, at
2600@well.sf.ca.us, or:
2600
PO Box 752
Middle Island, NY 11953-0752
------------------------------
From: Gene Spafford <spaf@CS.PURDUE.EDU>
Date: Wed, 20 May 1992 11:52:28 EDT
Subject: File 2--Correction on "Cybermyth" Article
Gene Spafford reminds us that he was the original author of the
article in Cu Digest 4.23 on the "myth of the dying child."
Attribution to Spaf as the author was inadvertently left out as it
made the rounds from its original posting to news.announce.important
last year. Further, in formatting the article, the initials of the
contributor of the article to CuD made it appear that the poster
signed the original moderator comment by Mark Horton. We attribute
the inadvertent omissions to the quirks of recursive circulation of
messages, and are certain that those whose hands the message passed
through intended no slight to the original author. Spaf indicates
that the message is as he wrote it with the exception of some minor
formatting changes, the bibliography, and the omission of a paragraph
with UNICEF and Red Cross addresses.
For those who missed it, the article was about the cybermyth of Craig
Shergold, a "dying child," that circulated the nets. Like other
cybermyths ("chocolate chip cookie recipe" and "FCC modem tax"), the
post took on a life of its own and still occasionally can be seen. We
are waiting for an ambitious reader to compile a list of similar
cybermyths that have been net-spread periodically. But, do it before
Sun Devil II hits.
------------------------------
Date: Tue, 26 May 92 08:52 GMT
From: Jean-Bernard Condat <0005013469@MCIMAIL.COM>
Subject: File 3--Info from French CCC--One Year After
DON'T HESITATE TO FOLLOW TO OTHER BULLETIN BOARDS THROUGHOUT THE WORLD.
June 6th, 1991 6:24 pm
The French Police Judiciaire inculped of computer fraud (]462.2 of the
French legislation) Jean-Bernard Condat, general secretary of the Chaos
Computer Club France (cccf).
The police said that like an hackers club (72 members in France) and
1,800 correspondents throughout the world) cannot be legal and found a
crazy story of NUI (the well known BND2 code used from two years by all
the people via Minitel, the French terminal) and inculped Jean-Bernard
for paying US$1,000 pro month... "ad vita aeternam"!
The anniversary of this day, the CCCF make a great fest with a lot of
articles on computer hacking, etc. Don't hesitate to collaborate and/or
send a message in this e-mail box for Jean-Bernard.
Thank for your help. Don't hesitate to put this e-mail address on your
mailing list... and to ask us for all your French questions.
(bureau of) Jean-Bernard Condat
Chaos Computer Club France (CCCF)
B.P. 8005
69351 Lyon Cedex 08, France
Tel.: +33 1 47 87 40 83
Fax.: +33 1 47 87 70 70.
------------------------------
Date: 20 May 92 19:04:48 EDT
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 4--GEnie Transcript: Steve Cisler/"Data Highways"
______________________________________________________
| |
| The Public Forum * NonProfit Connection RoundTable |______
|______________________________________________________| |
| Sysops' GE Mail: PF$ RTC Sunday 9pm EDT: MOVE 545;2 |______
|___________________________________________________________| |
| News, Current Events, Government, Societal Issues, Nonprofits |
|________________________________________________________________|
__________________________________________________________________
| Rights & responsibilities, government, politics, minority civil |_
| rights, volunteerism, nonprofit management, the media, the | |
| environment, international issues, gay/lesbian/bisexual issues, | |
| women & men, parenting, youth organizations and more! | |
|__________________________________________________________________| |
|__________________________________________________________________|
________ PF$ PF*NPC Sysops _____________
| |_ | Weekly RTC: |_
| The | | SHERMAN Tom Sherman | 9pm Eastern | |
| PF*NPC | | SCOTT Scott Reed | on Sundays! | |
| Staff: | | CHERNOFF Paul Chernoff | Type M545;2 | |
|________| | GRAFFITI Ric Helton |_____________| |
|________| SHERRY Sherry |_____________|
This is a transcript of the RealTime Conference with Apple's Steve
Cisler, a note librarian and data access pioneer, discussing access to
the "data highways" and computer systems that will increasingly shape
the world around us.
An electronic meeting place for friends, family and national "town
meetings," GEnie is an international online computer network for
information, education and entertainment. For under $5.00/month, GEnie
offers over 50 special interest bulletin boards and unlimited electronic
mail at no extra charge during evenings, weekends and holidays. GEnie is
offered by GE Information Services, a division of General Electric Company.
In the Public Forum*NonProfit Connection, thousands of people every day
discuss politics and a wide range of social and nonprofit issues. A neutral
arena for all points of view, the PF*NPC is presented by Public Interest
Media, a nonprofit organization devoted to empowering people through the
socially productive use of information and communication technology.
For more information about GEnie or the Public Forum, call 1-800-638-9636
or send electronic mail to tsherman@igc.org.
Future real-time conferences, all beginning at 9 p.m. ET, include:
Katie Hafner, author of Cyberpunk (May 24)
Jerry Berman, Esq., Electronic Frontier Foundation (May 31)
To sign up for GEnie service, call (with modem in HALF DUPLEX)
800-638-8369. Upon connection, type HHH. At the U#= prompt,
type XTX88367,GENIE <RETURN>. The system will prompt you for information.
Copyright (c)1992 Public Forum * NonProfit Connection RT and GEnie(R)
May be redistributed as long as it is unedited and this notice appears.
__________________________________________________________
-=(( The Public Forum * NonProfit Connection RoundTable ))=-
-==((( GEnie Page 545 - Keywords PF or NPC )))==-
-=((__________________________________________________________))=-
<[Tom] SHERMAN> Let me say a few quick words of introduction . . .
Welcome to the second in this month's series of
RTCs on Technology and Society! Please check
the schedule, posted in our Announcements topic
(cat 1/topic 3) for the other events . . .
These realtime conferences raise important
issues for the future -- some of them already
being discussed in BB Cat 7: Technology,
Science and Society . You'll also find many
excellent files in the Public Forum library. .
Because we have a small, well-mannered group
tonight <grin> . . . I'm going to leave the
room open for everyone to talk, BUT .... it'll
be a lot easier if you /RAIse your hand to be
called on so that STeve only has to answer one
question at a time . . .
Now the PF*NPC is delighted to introduce Steve
Cisler from Apple Computer. A former librarian,
Steve is now internationally known for his
involvement in . . . .issues involving public
access to information and the networks that
carry it. Here's Steve! GA
<[Tom] SHERMAN> The room is open now . . . Steve will you say
hello -- and anything else you want to say? GA
<[Steve Cisler] PRESS20> I still consider myself a librarian, but I have
been working a lot with national networking
issues ga
<[Tom] SHERMAN> Steve, today's NY Times has a review of Neil
Postman's latest book . . . in which he claims
that technology has sapped us of our initiative
and control . . . and I wonder if you see
evidence of that happening in the world of
online information. GA
<[Steve Cisler] PRESS20> Yes, I read it. I think he chooses not to
understand some of the positive aspects of
technology, esp. interactive computing. ...
<[Steve Cisler] PRESS20> I know that people have tried to show him the
benefits of computer discussions. In fact, he
was sent a discussion of his AMUSING OURSELVES
TO DEATH (about TV) but he never responded. Re:
lost of initiative and control. I think that
loss of control over personal information as
well as information generated by the govt seems
out of our control ga
<[Tom] SHERMAN> Scott, your question?
<SCOTT> Can you address the problems of making
telecommunications more accessible to people?
ga
<[Steve Cisler] PRESS20> I think the interfaces, the modem setup or even
elimination of such equipment will be important
to attract a whole new class of users on to
these and other systems. The barriers
(including typing ability) are still great...
Also, there is the problem of cost. Some places
are providing public access to online services.
Santa Monica City has public access PC's in
libraries and public places. These have been
used by non-computer... owners including the
homeless who used them to negotiate with the
city council for some services. ga
<[Tom] SHERMAN> Ric, your question?
<[Ric] GRAFFITI> How much does the hardware infrastructure have
to do with how many people will utilize public
data networks? Will we need desktop ISDN before
it becomes widescale, or is it starting to
becoming pervasive even now? GA
<[Steve Cisler] PRESS20> Obviously, people are getting a lot of use out
of 2400 bps systems, so the speed is not all
that important. I do believe that new sorts of
services will emerge from commercial providers
and from amateurs when we get something like
ISDN ... [garbled] ... If these short answers
don't suffice, I'll try and answer in more
detail by mail ga
<[Tom] SHERMAN> Marty, your question?
<[MARTY] MKB> Steve, you cite cost. Why shouldn't consumers
of information services pay the true cost of
the information? Libraries have been energetic
in seeking subsidized information. At some
point, we taxpayers have to stop subsidizing
everything.
<[Steve Cisler] PRESS20> Part of my posting was clipped. sorry
Many people believe that our country was based
on access to information. It has been a big
part of the democratic tradition. I do think
there are many arguments about just how much
should be subsidized...
<[MARTY] MKB> This country is based on access to information.
But I don't remember the constitutional
arguments about who was supposed to pay for it.
<[Steve Cisler] PRESS20> In the 80's and 90's there seems to be far less
support for what I would call an information
commons, be it electronic or print, Systems
such ... as the FreeNets in Cleveland, Peoria,
Youngstown and online libraries such as Melvyl
(Un. of California) are open to all callers and
Internet users. They have turned nobody away
except when all the ports are full. ga
<[Tom] SHERMAN> Marty, follow up question?
<[MARTY] MKB> I think what's important is the access to
information. That issue is being addressed by
the EFF.
<[Tom] SHERMAN> My turn! . . . Is there any way to set a price
for information? Should its cost be determined
by what the market will pay? And is it
technologically possible these days to control
the distribution of information?
<[Steve Cisler] PRESS20> I think that EFF is promoting access to the
network by providing info about tools, the Net,
and the policies. Now to Tom's question...
I don't think that all information should be
driven by market considerations. For instance
the Smithsonian sells GIF files on CompuServe
and America Online but will be giving the same
ones away on the Internet. In fact, they will
be better quality!... Controlling dist. of
info: CD-ROM publishers can time date software
to stop working after a certain time. Network
providers are looking at models for metering
smaller and smaller chunks of info, and I think
encryption will be very very big in a couple of
years ga
<[Tom] SHERMAN> Marty (or others), care to comment?
<[MARTY] MKB> We're sitting here on an information utility,
all enjoying access to a cornucopia of
information, and we've priced it very
effectively. And it's growing! We're getting
the tools.
<[Ric] GRAFFITI> I think the major focus on 'information' in our
culture has been on how much money we can make
from it, and not an any democratic process.
Copyright law itself is based on protecting
commercial interests.
<[Steve Cisler] PRESS20> Well, copyright was originally intended to
foster the spread of information by assuring
that the creator would get some remuneration.
That has been forgotten to some extent. ga
<[Ric] GRAFFITI> How long will it be before we see other city,
county, state or even the federal government
online and accessible to the public at large?
Access to current laws, referendums, email to
elected officials, that sort of thing. GA
<[Steve Cisler] PRESS20> It's happening in different areas. Apple
Library of Tomorrow has provided equipment
grants to Access Colorado. The state wants to
hook up all the libraries in Colorado... so
that each citizen can reach them with a local
call. Now, other agencies want to provide some
of their databases and information for public
access via this network (which will be on the
Internet this year)... One problem is that some
states want to re-sell the information and
programs to access that info. It seems like a
natural course to take for some MIS folks at
state and local level... but it can make access
to that info very expensive, if not totally out
of reach to many. Given the touch budgets they
are working with, there are no easy solutions.
ga
<[Ric] GRAFFITI> So UNIX is turning out to be a popular harward
choice? GA
<[Steve Cisler] PRESS20> Someone once said, "In Unix, no one can hear
you scream." But yes, it is getting popular. ga
<[Tom] SHERMAN> Randy, your question?
<[Randy] R.ZEITMAN4> Do you think the accessibility of information
will contribute to widening the gap between
gov't and 'the people' as gov't will continue
to take a more 'well, that information is
available, why didn't you read it'. done
<[Steve Cisler] PRESS20> Well, the inaccessibility should widen the gap.
Also, many legislators fear the day when they
start getting email. Heck, they are not listing
their fax machines in some parts of Congress. I
think all of us are... having a hard time
dealing with the information fire-hose. ga
<[Tom] SHERMAN> Randy, follow up question?
<[Randy] R.ZEITMAN4> ..and what about we as people. It seems one day
that a person will be able to live a whole life
from the desktop because
<[Steve Cisler] PRESS20> As I said, I'll take email and try to answer,
or else in the conferences. ga
<[Ric] GRAFFITI> (Ever watched British Parliament in session? A
member stands, and says "Question #34." The
speaker stands and answers, "Answer #125." And
on, and on.... I am picturing that. :)
<[Randy] R.ZEITMAN4> the very need to developer 'ties' to other
people by simply going out and talking to them
will be eliminated. in other words, can
information access cause alienation fo a whole
society?
<[Steve Cisler] PRESS20> the last question was garbled. ga
<[Tom] SHERMAN> Randy commented that someday a person may be
able to live a whole life from a desktop
because the very need to develop ties to other
people will be eliminated (by online
connections)
<[Randy] R.ZEITMAN4> as Tom said.
<[Steve Cisler] PRESS20> I think the technologies are going to be more
seductive. People may scorn human contact, if
the computer is more satisfying, or if the
other users are more in tune with them...
<[Ric] GRAFFITI> That's a fatalistic view, isn't it? Couldn't
technology actually augment our interpersonal
connections, allowing us to meet (both
electronically AND in person, people we'd never
have had the opportunity to know otherwise?
<SCOTT> Could you say more about the near-term
technological advances that will make computer
telecom more accessible? (Please tell us what
ISDN is about.) How about the long-term? GA
<[Steve Cisler] PRESS20> ISDN provide two 64 kilobit/sec channels and 1
16 kb/sec. With video compression you will see
video conferencing possible. The phone
companies are looking at a technology called
ADSL... which gives you about 1.5 megabits/sec
outbound with a return speed of perhaps 64
kb/sec. That is fast enough for full motion
video of laserdisc quality. The big plus for
the telcos is that they won't have to rewire
with fiber. ga
<[Tom] SHERMAN> Marty, your question/comment?
<[MARTY] MKB> Steve, you're right that all of us are
challenged by the need to cope with the
information cornucopia. Electronic newspapers
edited according to the reader's personal
criteria will be powerful in giving us a high
information density. Do you see them comDo you
see them coming? <ga>
<[Steve Cisler] PRESS20> Ric I fully agree that remote connections to
people encourages face to face meetings. It has
for me (that's how I've met Tom Sherman and
many other people.
About electronic newspapers... We were working
on a research project called Rosebud where you
could put in a series of personal questions for
the software to take and ask many different
databases... In the night the answers would
arrive, and a newspaper would be built and
would be sitting on your desktop in the morning
(or whenever). That's about all I can say
now... but I'm sure it's a model many other
companies are working on. Already there are
many electronic clipping services: News Edge,
Individual Inc are 2 that come to mind. Not
cheap though! ga
<[MARTY] MKB> Rosebud sounds interesting. I'm thinking more
of an online feed from, say, AP; each story
would have a specific subject tag, and the
computer would pick out the stories the reader
wanted, at varying levels of detail.
<[Tom] SHERMAN> Marty, follow up? Like that cable news
arrangement?
<[MARTY] MKB> Something like it. I picture the reader
spending half a day or so programming the thing
by subject and level of depth, from basic to
professional.
<[Steve Cisler] PRESS20> Are you familiar with X*Press Info. Services?
It's a service of TCI and is sold through local
cable companies. DOS and Mac software can grab
stories by keywords, broad subject areas
(Japan, Red Sox, serial killers) and save those
for you...
<[MARTY] MKB> No, is it what I'm describing? More to the
point, is it priced where an average middle
income information professional might want it?
<[Steve Cisler] PRESS20> Marty, there is a system called TOPIC from
Verity. You do spend a couple of hours
programming the personal profile, assigning
'weights' to diff. terms so your articles are
graded by relevance. That is really ...
attracting a lot of attention in some circles.
Librarians are skeptical of this sort of
system. For the individual user, I'm not sure
what to recommend. I think it's a bit too new
and costly for an information broker working at
home to use, but a system like GEnie might make
money providing Certainly print pubs are
targeting readers more and more narrowly. My
newsweek has ads for stores three miles away!
ga
<[MARTY] MKB> Now that's it. Is it priced in the ballpark for
the private individual rather than the office?
To a certain extent, of course, we already have
that with specialized newsletters. We read
MacWeek, we get specialized info.
<[Tom] SHERMAN> Marty, the last phone # I have for X*PRESS is
Linda Nicholson, 303-721-5130. Steve may have
newer numbers.
<[MARTY] MKB> Thanks, I'll check it out.
<[Tom] SHERMAN> Ric, you had a question?
<[Ric] GRAFFITI> Do you think that allowing users to read
"personalized" newspapers contributes somehow
to censorship... after all, you'd never read
anything you didn't WANT to read about, so you
would stagnate. Injustices would go
uncorrected.... activism would become
worthless: you'd be preaching to the choir,
people who WANTED to read your message. GA
(Oh, X-Press can be reached at 1-800-7PC-NEWS)
<[MARTY] MKB> Ric, a person has the right to receive only the
information he wants to receive!
<[Steve Cisler] PRESS20> I think that personal newspapers should have a
serendipity factor built in so you get fresh
info. Nicholas Negroponte of the Media Lab said
that was important. ga
<[Ric] GRAFFITI> I'm not talking 'rights' but the sociological
effects.
<[MARTY] MKB> The reader can SET a serendipity factor if he
wants it. I would. But freedom of speech has
never included the ability to make someone
listen.
<[Steve Cisler] PRESS20> I and other librarians kind of surf the
information waves in a general sort of way, and
our users find that very useful. So there is
value is staying abreast of all sorts of info,
not just narrow subjects. ga marty, I could not
read yours. ga
<[MARTY] MKB> I agree it's good to have a serendipity factor,
but the individual should decide that for
himself.
<SCOTT> I could imagine that folks might subscribe to a
service which acted like the ditor of a
newspaper in deciding for them what current
events were worth finding out about.
<[Tom] SHERMAN> Steve, what are your thoughts about the federal
government's current understanding of public
access to info and its control over that access
<[Steve Cisler] PRESS20> To change the subject, if any Mac owners want a
couple of disks with lots of info on the
Internet including guide books, then send... a
self addressed label to Internet Stuff, Apple
Library, 10381 Bandley Dr. MS8C Cupertino, CA
95014. Next: Tom's Question...
<[MARTY] MKB> Steve, can you put them in the online service
libraries?
<[Tom] SHERMAN> Or can we post 'em for you?
<[Steve Cisler] PRESS20> The feds have different views about access to
info. The drive to privatize it has diminished
since Bush took over, but there is also an
argument about what constitutes govt. info...
Some agencies think only printed stuff should
be disseminated, but many Congresspeople
disagreed. There are some people in the Office
of Management and Budget who will agree... but
they have to listen to the Information
Information Society on one hand and the
librarians and other who advocate unrestricted
access on the other... Another interesting
controversy: is any electronic message a govt.
record? Should you be able to get it with a
Freedom of Info. Act request? I believe in
access to most govt. info, but I know I'd...
feel hampered if all my email became an
official record. I like it to remain
conversation, and I think govt. employees
should have the right to electronic
conversation. ga
<[Tom] SHERMAN> Now there's a can of electronic worms! Scott,
your question?
<SCOTT> I find it a lot easier to comprehend and retain
info I've read in hardcopy. Can you suggest
reasons why reading info on the screen is more
difficult? GA
<[Steve Cisler] PRESS20> The resolution is much lower than a cheap
paperback, but that is going to change. I have
been reading Voyager's Expanded Books on our
Mac portable. Jurrasic Park by M. Crichton was
a good read on screen, but it will get much
better. ...
<[Ric] GRAFFITI> (I think the screen orientation -- standing up
or laying down -- is important, too)
<[Steve Cisler] PRESS20> Still, books will be around quite a while as
these technologies develop. I may be able to
use the device in the bathroom but not in the
tub or the pool. ga
<[Tom] SHERMAN> Scott, follow up?
<SCOTT> This has something to do with being able to
hold the page in my hand and knowing it will be
there when I go back to look again.
<[Steve Cisler] PRESS20> Well, when I reviewed the Crichton book on the
PowerBook, I read it on the plane flying from
San Jose to Austin and then the bus to
<SCOTT> Why is that? ga
<[Steve Cisler] PRESS20> San Antonio and finally in bed, with my head on
the pillow and the PowerBook on its side. I
drifted off to sleep, as did my machine. ga
<[Tom] SHERMAN> Steve, we've more questions! Can you stay
another 10 minutes or so?
<[Steve Cisler] PRESS20> Sure, as long as you want. ga
<[Tom] SHERMAN> GREAT! Marty, your question?
<[MARTY] MKB> A record is a record if it's an official
document, signed by a competent authority.
E-mail is not a record, it's a communication.
There will always be a zone of privacy for
government officials to exchange frank
comments, and they will find it one way one
way or another. Agree? <ga>
<[Steve Cisler] PRESS20> In some local governments, all meetings have to
be open. School boards and city councils are
one example. Dave Hughes of Colorado Springs
discussed this aspect (lack of privacy) some
time ago.... I agree that email is a
communication, but memos can be requested by
citizens who want to find out how business was
carried out on some rezoning controversy. ga
<[Steve Cisler] PRESS20> A. Duda is a librarian, if I remember. Welcome.
<A.DUDA> Thanks. Sorry to be so late.
<[MARTY] MKB> Right Steve, a memo is a record. But e-mails
are a communication.
<[Ric] GRAFFITI> email = memo?
<[Steve Cisler] PRESS20> I know that corporate lawyers caution people
about what they put into the email system. It
might show up in a court case later because it
is 'discoverable' (is that the term?) ga
<[MARTY] MKB> Right again. E-mails are discoverable, but they
shouldn't be considered fair game as policy
input.
<[Tom] SHERMAN> My turn :-) . . . Steve, would you say
something about the management of NREN and who
will profit (as well as benefit) from it?
<[Steve Cisler] PRESS20> Historians are worried about the use of
electronic comms because they cut out a lot of
informal records. Big gaps in how policy or
history is made.
On to Tom's Question... Many people are
concerned about the lack of governance in the
present Internet. Some LOVE the anarchy and see
strength in that. However, there is nobody you
can call when... you can't connect up to that
computer in Israel or Ann Arbor, and for
commercial firms to use the Internet, they want
accountability... I think there are several
circles of beneficiaries: 1. the research and
education community plus the national lab.
personnel 2. then the smaller colleges, K-12
schools, and some libraries... After that you
have small businesses, non-profits. museums and
some non-affiliated users who are sophisticated
about information access. The final group is
the biggest: ... the consumer who uses
electronics and computers but has not gone
online yet. Left out are lots of people who
don't have a need for this sort of info or who
choose to get it in other ways. ga
<[Tom] SHERMAN> Steve, how soon will the general consumer have
access to the highspeed data highways?
<[Steve Cisler] PRESS20> In some areas (Boston, DC, San Francisco Bay
Area) people can get accounts and begin using
the databases, discussion groups, and other
services right now. Netcom in San Jose offers a
flat rate connection for about $16/month plus a
lot of disk storage. Colorado Supernet has a
$2/hr. connect charge. Other places are much
much higher. ga
<[Tom] SHERMAN> Steve, will NREN have the same access as
Internet? Andrea, you'll be next.
<[Steve Cisler] PRESS20> NREN is the broadband expansion of the American
part of the Internet, and it will probably have
a broader user base, just because so many
people are clamoring for connections (the
groups I mentioned before) ga
<[Tom] SHERMAN> Andrea, your question?
<[Andrea] A.DUDA> There's been some talk about "virtual"
libraries. What do you think we have to look
forward to?
<[Steve Cisler] PRESS20> George Brett in North Carolina is designing a
text-based one, using MUDD software (multi-user
dungeons and dragons). You will be able to
enter... the library, examine objects, execute
code which will drop you into a 'real' database
or perhaps electronic object (text for now,
images and sounds later). That will be a start,
and then you'll have... much more media-rich
services. If these are successful, you'll
probably have 3D realistic browsing of
libraries and media objects. There will have to
be a good business model though. ga
<[Andrea] A.DUDA> Will there be a role for virtual librarians?
<[Steve Cisler] PRESS20> I think there will be a role for people and for
software agents that may seem like people to
users on the other end of the system... I think
librarians will have a big challenge to keep up
with the technology, redefine their roles, and
continue to provide more traditional services
for people who are not fond of computers. ga
<[Tom] SHERMAN> I want to remind you all that Katie Hafner will
be here May 24 and Jerry Berman May 30 . . .
<[Steve Cisler] PRESS20> Hafner is working on a new book. I hope she
tells you about it! ga
<[Tom] SHERMAN> Next Sunday, we're doing a joint RTC with the
SPACE RT talking about government spending for
protection from asteroids!!
<SHERRY> Frank, why don't you go ahead and say just a
bit about the RTC next week.
<FRANK.REDDY> There's a move a foot in the planetary science
community .. . to spend some modest bucks to
locate small -- meaning yards across -- debris
that crosses Earth's orbit. Sounds small, but
such impacts could wipe out a city!
<[Steve Cisler] PRESS20> I'm going to sign off tonight. Thanks for
inviting me. I enjoyed it. The time certainly
flew by. -Steve
<[Ric] GRAFFITI> Thanks for coming, Steve!
<[Steve Cisler] PRESS20> ** has left.
-----# Participants #-----
<[Andrea] A.DUDA>
<[rookie] B.COOKE5>
<FRANK.REDDY>
<[Ric] GRAFFITI>
<[jim&pat] J.ENG9>
<[MARTY] MKB>
<[Mark] MLEWIS>
<[Steve Cisler] PRESS20>
<[Randy] R.ZEITMAN4>
<SCOTT>
<[Tom] SHERMAN>
<SHERRY>
|
| This listing was generated by LRTC Version 1.00
| (C)opyright by Hartmut W. Malzahn, 1991. All rights reserved.
|
______________________________________________________
| |
| The Public Forum * NonProfit Connection RoundTable |______
|______________________________________________________| |
| Sysops' GE Mail: PF$ RTC Sunday 9pm EDT: MOVE 545;2 |______
|___________________________________________________________| |
| News, Current Events, Government, Societal Issues, Nonprofits |
|________________________________________________________________|
# # #
------------------------------
End of Computer Underground Digest #4.24
************************************
Computer underground Digest Sun June 7, 1992 Volume 4 : Issue 25
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Associate Editor: Etaion Shrdlu, Jr.
Newest Authormeister: B. Kehoe
Arcmeister: Bob Kusumoto
Downundermeister: Dan Carosone
CONTENTS, #4.25 (June 7, 1992)
File 1--Detailed Summary of X-Press (Response to CuD 4.24)
File 2--Study of E-Mail/Computer-Mediated Communication
File 3--Major Congressional Candidates Commit to Elec. Civil Liberties
File 4--Internet Society Details
File 5--GEnie RTC with Hafner (Co-author of CYBERPUNK)
Issues of CuD can be found in the Usenet alt.society.cu-digest news
group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG,
and DL0 and DL12 of TELECOM, on Genie in the PF*NPC RT libraries, on
the PC-EXEC BBS at (414) 789-4210, and by anonymous ftp from
ftp.eff.org (192.88.144.4), chsun1.spc.uchicago.edu, and
ftp.ee.mu.oz.au. To use the U. of Chicago email server, send mail
with the subject "help" (without the quotes) to
archive-server@chsun1.spc.uchicago.edu. European distributor: ComNet
in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Fri, 5 Jun 92 04:48 EST
From: "Michael E. Marotta" <MERCURY@LCC.EDU>
Subject: File 1--Detailed Summary of X-Press (Response to CuD 4.24)
In CUD #4.24, the transcript of Cisler's forum on Genie mentioned
X-Press. Here is a more detailed description of what X-Press is.
++++++++++++++++++++++++++++++
Excerpts from: "Connecting Your Computer to Cable TV
Doubles the Dimensions of Cyberspace"
by Michael E. Marotta
(originally published Aug 1991 by TELECOMPUTING, Albuq, NM)
X-PRESS Informations Services, Ltd., of Denver Colorado, makes it
possible for your home computer to receive and store news via cable
(or satellite) television. X-PRESS X-Change is their basic service;
they also sell an "executive" connection geared to businesses.
X-PRESS X-Change is a basic consumer information service provided by
cable television companies to personal computers. The service is a
constant stream of worldwide news, sports, and weather supplemented
with articles on lifestyle, shopping, and entertainment. Conferencing
with other users is also possible.
International news is the key feature of X-Change. In addition to the
Associated Press, there are nine other news feeds. Tass and Xinhua
send news in English from the USSR and China. English-language news
also comes from OPEC, Taiwan and Japan. NOTIMEX sends out news in
Spanish from Mexico. User can define up to 16 keywords for which the
computer will automatically scan. The results can be stored to disk
for later evaluation.
The service is generally compatible with IBM-PC, Apple // and
Macintosh, Atari and Amiga computers. It is most compatible with
IBM-PCs including the XT, AT and PC/2 lines. To run with an Apple //c
or //e, requires a super serial card. As you would expect, only the
Atari-ST series can be used and Amiga owners must have a 500, 1000 or
2000. This is a 16-bit service.
Also, there are some differences in the kinds of special features the
various kinds of personal computers will support. For example, all of
them will news and stock quotes and all can write news stories to disk
for future reference. However, only IBM, Atari and Amiga systems can
accept futures and options information.
To connect to X-Change, you buy an interface kit for $99.95. If your
cable television service already offers X-change there is no other
charge. Executive service costs $19.95 per month. The cost of the
modem is higher, also, $149.95. If your cable television provider
does not carry X-Change and doesn't want to, then you can use a
satellite dish. The signal comes from Galaxy-1 transponders 7 (WTBS)
and 18 (CNN) but you don't have to subscribe to these to use the
InfoCipher equipment. Via satellite the Executive service costs
$26.95 per month.
Both the Executive and basic products give you access to financial
information. For instance basic service includes the ability to track
128 symbols from 2000 securities. X-PRESS Executive provides quotes
on 30,000 securities. In addition, stocks, Treasury rates, CDs,
Broker Call Loans and foreign exchange rate, and selected metal prices
are also available. X-PRESS also provides software for tracking and
analyzing financial data. The output is compatible with Lotus 1-2-3.
Conferencing is also possible. X-PRESS clients can dial in via a
Tymnet 800 number. Users can read and post messages in several areas.
X-PRESS then selects messages to be posted on the television feeds.
The "Pen Pals" conference is popular with grade schoolers. High
school students benefit from a "Science and Technology" conference
that leans toward NASA activities. Thus, X-PRESS is basically a BBS
via cable television or satellite. Of necessity, the information flow
is generally one way, from X-PRESS to you.
------------------------------
Date: Fri 53 Jun 1992 17:22:51 CST
From: Jim Thomas<tk0jut1@niu.bitnet>
Subject: File 2--Study of E-Mail/Computer-Mediated Communication
A novel study is being proposed by a number of participants of the
bitnet Computer-Mediated Communication (CMC) newsgroup. It may be the
first such study--done by researchers scattered around the world who
have never met--of its kind. The CMC forum focuses on academic
discussions related to the impact of computer and related technology
on forms, content, and structure of communication. Those interested
can subscribe by sending the command: JOIN CMC <name> to:
COMSERVE@RPIECS Here is a summary of the research:
++++++ original post follows +++++++
Date- Wed, 3 Jun 1992 19-19-00 IST
From- Sheizaf Rafaeli <KBUSR@HUJIVM1.BITNET>
Subject- E-Group study update
E-Groups study, outline #3, update
As promised, here is a short summary of what has happened (for those
tuning-in late):
It began with a discussion of the dynamics of discussions. David
Levine, of UC Berkeley, proposed a 'bad posts drive out good'
postulate, that ignited many of us. A group of us have agreed to
attempt a joint study of the longevity and process of e-group
discussions.
We are now doing two things:
1) Mobilizing: identifying participants and collecting 'pledges'.
2) Conceptualizing: identifying research questions and hypotheses,
with an eye toward a study or two.
There seem to be, in the works, two parallel efforts. One line of
inquiry will be qualitative. The purpose in this study will be an
in-depth analysis of the dynamics occuring within a list. Prof. Brenda
Danet will, I hope, fill in more details on this effort.
The second project is shaping up to be a content-analysis of a
representative sample of archived discussions, which may (later) be
linked to surveys of users, moderators, participant observations, etc.
Under discussion are the hypotheses such a data set can address.
The e-group content analysis is an attempt to quantify group behavior
(formation, cohesion, dispersal) on e-lists. The hypotheses suggested so
far predict sensitivity of the threads of discussion to combinations of
the following variables:
* Length of messages
* language of message
* presence and nature of subject header
* presence and nature of stylized signature
* writer status
* writer gender
* dependency on previous messages (posts)
* use of quotes from previous posts
* tone (sarcasm, information, plea, threat, support, 'lecture')
* use of questions, challenges
* extent of use of nonverbal cues in message
* presence of "flames"
* metacommunication, that is communication about communication
* personal interest vested in post
* reference to external communication sources
We intend to 'massage' these concepts into a workable codebook. If the
numbers of participants stay where they are right now, the onerous
nature of content analysis grunt work wont even be that bad. We should
be able to generate reliable data.
The codebook will then be used to content-analyze series of messages.
Hopefully, we will end up with enough data to identify threads of
discussions, and "communities" forming, lasting and/or disbanding.
Eventually, if this works, we'll have at least two products on our
hands:
a. a large data set all can dip into.
b. the experience of having collaborated without meeting.
I believe either of the two is good enough reason to try.
Under discussion, currently, are:
1) Hypotheses and research questions.
2) Items for inclusion in the codebook.
3) Individual lists for inclusion in the sample,
or - alternatively - a method for selecting lists.
Nothing is set in stone yet. It is all, literally, bits in the wind. So
join in, Please!
Sheizaf Rafaeli
Hebrew University of Jerusalem
sheizafr@shum.huji.ac.il
or KBUSR@HUJIVM1
------------------------------
Date: Mon, 1 Jun 92 10:59:51 PDT
From: jwarren@AUTODESK.COM(Jim Warren)
Subject: File 3--Major Congressional Candidates Commit to Elec. Civil Liberties
Five Leading San Francisco Peninsula Congressional Candidates Sign
Explicit Commitments to Protect "Electronic Civil Liberties"
All but one of the six leading candidates for California's 14th
Congressional District have formally committed to protect traditional
constitutional liberties against technological threats. All three
Republican candidates and two of the three leading Democratic
candidates signed formal commitments.
The 14th District covers northern "Silicon Valley" and the southern
half of the San Francisco Peninsula.
This is believed to be the first time that major-party congressional
candidates have ever committed to explicit action to protect
technology-related civil liberties.
The candidates' signed statements that were much more than
nice-sounding, equivocating "God, mother and apple-pie" principles.
They made explicit commitments to take explicit action in their
first/next term in Congress.
Those 14th Dist candidates who signed the formal statement (below)
included:
Dixon Arnett (R), Tom Huening (R), Ted Lempert (D),
Tom Nolan (D), Mike Maibach (R) and Chuck Olson (L).
Gerry Andeen (D) sent a statement about the issues, but made NO
COMMITMENTS.
Anna Eshoo (D) FAILED TO RESPOND AFTER FOUR REQUESTS, as did
then-candidate James Blackman (D), after three requests. The multiple
requests were faxed and mailed to the candidates between Apr. 4th and
Apr. 13th, along with an explanatory cover letter.
Lempert was the first to respond -- apparently by return mail -- and
added a two-page statement regarding technological threats to personal
privacy and his commitment to seek protection against them, as well.
Arnett's response also noted that he was one of the cosponsors of
the Privacy Section that was added to the California Constitution
during his tenure in the state Assembly.
In addition, ten other Libertarian candidates signed the formal
statement, apparently circulated by Libertarian activists, primarily
using the computer nets. Those signing included:
Alan F. Barksdale (U.S. Senate from Alabama),
Richard Boddie (U.S. Senate from California),
James Elwood (8th House Dist from California),
June R. Genis (U.S. Senate from California),
Robert D. Goodwyn (22nd California State Assembly Dist),
Chuck Hammill (47th California State Assembly Dist),
James J. Ludemann (California State Assembly),
George L. O'Brien (12th House Dist from California),
Anton Sherwood (12th California State Assembly Dist),
Mark Valverde (13th California State Assembly Dist) and
Will Wohler (3rd California State Senate Dist).
Note: This Libertarian sign-up resulted entirely from one copy
being sent by electronic-mail to June Genis (San Mateo County) and one
to Mark Hinkle (Santa Clara County activist).
Several others responded without committing to action:
U.S. Senate candidate Tom Campbell (R) also sent a statement about
the issues, but offered NO COMMITMENTS TO EXPLICIT ACTION, as did
Glenn Tenney (D, 12th House).
This effort was an outcome of disclosures before and during the
First Conference on Computers, Freedom & Privacy, held near San
Francisco International Airport in March, 1991. It drew over eighty
pages of public and trade press coverage, internationally.
This is the statement that was signed by the indicated candidates:
Guaranteeing Constitutional Freedoms into the 21st Century
Preface
Harvard Law Professor Laurence H. Tribe, one of the nation's
leading Constitutional scholars, views technological threats to our
traditional constitutional freedoms and protections as so serious that --
for the first time in his career -- he has proposed a Constitutional
Amendment:
"This Constitution's protections for the freedoms of speech,
press, petition and assembly, and its protections against unreasonable
searches and seizures and the deprivation of life, liberty or property
without due process of law, should be construed as fully applicable
without regard to the technological method or medium through which
information content is generated, stored, altered, transmitted or
controlled."
-- First Conf. on Computers, Freedom & Privacy, 3/27/91, Burlingame CA
In the absence of such a constitutional clarification, legislation
and regulation are the only alternatives to assure that citizens are
protected from technological threats against their constitutional
rights and freedoms.
Candidate's Commitment to Action
Preface: It has been over two centuries since our Constitution
and Bill of Rights were adopted. The great technological changes in
the interim --especially in computing, telecommunications and
electronics -- now pose a clear and present danger to the rights and
protections guaranteed in those great documents. Therefore:
Commitment: In the first legislative session after I am
[re]elected, I will author or co-author legislation reflecting the
following specifics, and I will actively support and testify in favor
of any similar legislation as may be introduced by others. Further, I
will actively seek to include in such legislation, explicit personal
civil and/or criminal penalties against any agent, employee or
official of the government who violates any of these statutes. And
finally, I will keep all citizens who express interest in legislative
progress on these matters fully and timely informed.
The protections guaranteed in the Constitution and its Amendments
shall be fully applicable regardless of the current technology of the
time. This particularly includes, but is not limited to:
Speech: Freedom of speech shall be equally protected, whether by
voice or in written form as in the 18th Century, or by electronic
transmission or computer communication as in the 20th Century and
thereafter.
Press: Freedom of the press shall be equally protected, whether
its information is distributed by print as in the 18th Century, or by
networked computers or other electronic forms, as in the 20th Century
and thereafter. Liability for content: Just as a printer is not
liable for content of leaflets printed for a customer, so also shall
the owner or operator of a computer or electronic or
telecommunications facility be held harmless for the content of
information distributed by users of that facility, except as the owner
or operator may, by contract, control information content. Those who
author statements and those who have contractual authority to control
content shall be the parties singularly responsible for such content.
Assembly: Freedom of assembly shall be equally protected, whether
by face-to-face meeting as in the 18th Century, or by computer-based
electronic-conference or other teleconference as in the 20th Century
and thereafter. The right to hold confidential meetings shall be
equally protected, whether they be by personal meeting in private
chambers, or by computer-assisted or electronic-based means.
Self-defense: The right of the people to keep and use computers
and communications connections shall not be abridged by the
government.
Search & seizure: The right of the people to be secure in their
papers and effects, against unreasonable searches and seizures, shall
be fully applicable to their electronic mail, computerized information
and personal computer systems.
Warrants: No warrants for search or seizure shall issue for
computerized information, but upon probable cause, supported by oath
or affirmation, and particularly describing the computer system to be
searched and the specific information to be seized.
Secure information vaults: Just as search and seizure of letters in a
post-office, and papers in a bank-vault lock-box, and surveillance of
telephone conversations by wire-tap, each require a separate warrant
for each postal address, lock-box and telephone line, so also shall a
separate warrant be required for each electronic-mail address and/or
computer files of each suspect, when stored in a computer facility or
archive shared by others. And further, computer files stored in a
shared facility or archive by or for a citizen who is neither named in
a warrant nor associated with a suspect so-named, may not be used
against that un-named citizen, if seized or discovered during legal
search of or for files of a suspect.
Self-incrimination: No person shall be compelled in any civil or
criminal case to be a witness against himself or herself, nor be
compelled to provide information retained only in their mind, nor
otherwise be compelled to assist the translation or decoding of
information that he or she believes may be self-incriminating.
Property: Private property shall not be taken for public use without
just compensation, nor shall such property be used nor sold by any
government agency for less than fair market value, in which case all such
proceeds shall promptly derive singularly to its last owner prior to
government seizure.
Speedy release: Anyone not accused of a crime shall enjoy the
right to a speedy release and return of all of their property, as may
be seized under any warrant, particularly including their computerized
information. The government shall be fully liable for any damage
befalling property or information they have seized.
[ Additional copies of this model candidate's position commitment are
available from:
Jim Warren, Electronic Democracy Initiatives,
345 Swett Road, Woodside CA 94062; (415)851-7075, fax/(415)851-2814;
electronic-mail/ jwarren@autodesk.com -or- jwarren@well.sf.ca.us
For identification purposes, only: organized and chaired the First
Conference on Computers, Freedom & Privacy (3/91), received one of the
Electronic Frontier Foundation's first Pioneer Awards (3/92), is a
"futures" columnist for MicroTimes, an Autodesk Board member, the founder
of InfoWorld, PBS-TV "Computer Chronicles" founding host, etc. ]
------------------------------
Date: Tue, 2 Jun 1992 17:54:44 GMT
From: NEELY_MP@DARWIN.NTU.EDU.AU(Mark P. Neely, Northern Territory Univ.)
Subject: File 4--Internet Society Details
Details of the Internet Society for the readers of CuD:-
>From: Geoff Huston <G.Huston@aarnet.edu.au
>The Internet Society Newsletter is a publication of the Internet
>Society, sent to members of the Internet Society free of charge.
>To receive a subscription you need to join the Internet Society
>as a personal member. Regular membership is $70 US p.a. and
>student membership is $25 US p.a. The Internet Society is a
>non-profit professional society whose objective
>is facilitate and support the technical evolution of the
>Internet as a research and education infrastructure.
>To join send you details (name, address, email) to the Internet
>Society at
>isoc@nri.reston.va.us
>cheers
>Geoff Huston
------------------------------
Date: 30 May 92 21:08:09 EDT
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 5--GEnie RTC with Hafner (Co-author of CYBERPUNK)
______________________________________________________
| |
| The Public Forum * NonProfit Connection RoundTable |______
|______________________________________________________| |
| Sysops' GE Mail: PF$ RTC Sunday 9pm EDT: MOVE 545;2 |______
|___________________________________________________________| |
| News, Current Events, Government, Societal Issues, Nonprofits |
|________________________________________________________________|
Real-time Conference on Cyberpunk
with
Katie Hafner
(May 24, 1992)
====================================================================
(C) 1992 by GEnie (R) and Public Forum*NonProfit Connection
This file may be distributed only in its entirety
and with this notice intact.
CYBERPUNK: Outlaws and Hackers on the Computer Frontier has intrigued
everyone from William (Neuromancer) Gibson to Mitch (Lotus Development)
Kapor.
On May 24 at 9pm ET, author Katie Hafner joined us to talk about the
social consequences of computer networks and the communities that have
grown up around them. The government has both raided local BBSs and
solicited proposals for a "weaponized virus." What rules of the road
would you make for computer networks? Former news editor of Data
Communications magazine, Katie was correspondent for Business Week
specializing in technology and computers. A graduate of the University
of California at Santa Barbara, with an M.A. from Columbia University
School of Journalism, she's now working on a book about German
reunification. The New York Times' John Markoff is co-author of
Cyberpunk.
This RTC is the third in the Public Forum's month-long program on
Technology and Society. Our next RTC is May 31. And don't miss lively
discussion of Science, Technology and Society in bulletin board category
7, and check out the files on technology and society in our library.
See Cat 7/Topic 1 for details.
An electronic meeting place for friends, family and national "town
meetings," GEnie is an international online computer network for
information, education and entertainment. For under $5.00/month, GEnie
offers over 50 special interest bulletin boards and unlimited electronic
mail at no extra charge during evenings, weekends and holidays. GEnie is
offered by GE Information Services, a division of General Electric
Company.
In the Public Forum*NonProfit Connection, thousands of people every day
discuss politics and a wide range of social and nonprofit issues. A
neutral arena for all points of view, the PF*NPC is presented by Public
Interest Media, a nonprofit organization devoted to empowering people
through the socially productive use of information and communication
technology. For more information about GEnie or the Public Forum, call
1-800-638-9636 or send electronic mail to tsherman@igc.org.
To sign up for GEnie service, call (with modem in HALF DUPLEX)
800-638-8369. Upon connection, type HHH. At the U#= prompt, type
XTX88367,GENIE <RETURN>. The system will prompt you for information.
====================================================================
__________________________________________________________
-=(( The Public Forum * NonProfit Connection RoundTable ))=-
-==((( GEnie Page 545 - Keywords PF or NPC )))==-
-=((__________________________________________________________))=-
<SHERRY.PF> I'd like to welcome everyone to the RTC. Katie, why
don't you say a few words and introduce yourself.
<[Katie] PRESS11> let's see... john markoff (my husband) and i wrote
cyberpunk over a period... of about three years and
it came out last summer. but the book isn't cheap, so
luckily, the papberback is coming out next month
let's see...what else?....oh yes, now i'm living in
berlin... most of the time, working on a second book.
<SHERMAN> Let me explain the process here . . . Before we get
started, a word about the process . . . At the
beginning, only Katie and people asking questions
will be able to talk so that everyone gets a turn . .
If you have a question, type /RAI to raise your
hand. I'll call on you in order. Please type your
question, but DON'T hit <return> to send it. When
you're called on, THEN hit <return> to send your
question quickly . . . so we'll have time for more
questions . . . It's good to use three periods if you
have more to say and to put GA for "go ahead" at the
end of a final phrase . . . So let's see those
/RAIsed hands and I'll start calling on you! GA
<[Darryl] D.JENT> Katie, did you actually meet Kevin Mitnick & the
others in your book ga
<[Katie] PRESS11> yes. i met everyone in the book. the only one who
didn't cooperate with the book was kevin... kevin is
the hacker we wrote about in the first section of the
book... a member of an l.a. gang of phone phreaks and
hackers called the roscoe gang... he wanted to be
paid to talk to us, and i explained to him (and his
grandmother, who was working as his agent...) that
journalists, for obvious ethical reasons, do not (if
they're good journalists, that is)... pay sources fo
information.
<[Gene] G.STOVER> When do you think cyberspace will be available to the
general public? What part will NREN and ISDN play in
this? <ga>
<[Katie] PRESS11> it already is... the more bandwidth, the more
cyberspace! ga
<SHERMAN> After a few more people have had a chance to ask
questions . . . I'll give everyone a second or third
or fourthchance . . . <grin> Richard, your question?
<[Richard] R.GILLIAM3> Who was the publisher for each edition?
<[Katie] PRESS11> simon & schuster did the hardcover, and an imprint of
S&S... called Touchstone is doing the paperback. ga
<[Richard] R.GILLIAM3> Who was your editor at the publishing house. (Sorry
for my unfamiliarity with the commands)
<[Katie] PRESS11> my editor? a very nice guy who doesn't know a lot
about technology named Bob Bender ga
<SHERRY.PF> Katie, I read _The Cuckoo's Egg_, and was fascinated
-- and appalled. Have The Powers That Be become any
more security conscious, or at least any more willing
to listen in the event something like that happens
again?
<[Katie] PRESS11> it's still pretty bad, security-wise out there...
there are lots of loopholes. everywhere. ga
<[2] eric] E.SHCHNEIDER> did he give you permission to write about him ..... m
<[Katie] PRESS11> no. no one gave us permission. we're journalists, not
movie producers. ga
<[Andrea] A.DUDA> We read about the really sensational cases of
hackers. How much of a problem are they overall? And
in trying to limit their activities, do we lose more
than we gain (since we limit other, legitimate, users
as well)?
<[Katie] PRESS11> i think that the press reports that blow the hacking
incidents out of proportion.... do a real disservice
to society... that is, i think that now the public at
large has an exaggerated fear of hackers. in the
book... we tried to write very realistically about
what really happened... and i do think that we're
treading aline between restricting access too much
and leaving systems too wide open. ga
<[Darryl] D.JENT> Katie, What was your feelings about the chaos club in
Germany?
<[Katie] PRESS11> i like them a lot... they're very different from
hackers in the united states, and that was kind of
interesting...
<[Darryl] D.JENT> How much of their activities did you get to witness
ga
<[Katie] PRESS11> wau holland, the founder of chaos, is an old 60's
radical, and a liberatarian who's categorically
opposed to authority ga
<[Tom] SHERMAN> Katie, did you see Darryl's second qeustion -- how
much of their activities did you get to witness?
<[Katie] PRESS11> oops. sorry... yeah. i hung out with pengo in berlin
for several weeks... and of course i witnessed quite
a bit... he was good (at hacking, that is), but more
of a talker, really, than anything else... the really
talented one in that group was probably markus hess,
the one who was in the berkeley computers and who
gave cliff stoll such a heart attack... and in the
end, they all got scared and ratted on each other and
three of them went to jail (well, hess's parents
bailed him out) ga
<[Tom] SHERMAN> Katie, who do you think is going to draw that line
between too little restriction and too much? What
role does the public play? ga
<[Katie] PRESS11> i guess we have to draw the line... i mean, we are
all sitting in cyberspace right now, and we're pretty
much respecting the rules of the road... and if we
want to keep the feds from telling us what we can and
cannot do in cyberspace then we have to come up with
rules that are acceptable to us and to them. ga
<[Andrea] A.DUDA> How do you think the "rules of the road" will change
when commercial firms become more evident with NREN?
Are they more concerned about security than
universities, etc.?
<[Katie] PRESS11> in a way it's too bad because anything that goes
commercial takes on a formal flavor that can be
restrictive... but that's not always the case... but
yes, they are concerned about security, particularly
because of all the security firms out there telling
them they should be. ga
<[Andrea] A.DUDA> One of the things I like about the Internet is being
able to go to various computers for information. Do
you think the whole system will become more
restrictive to accommodate the commercial firms?
<[Katie] PRESS11> new technology such as cryptography... will tend to
make commercialization work because it will make
breaking into systems more difficult. ga
<[Tom] SHERMAN> Katie, would you say something about the differences
between European and US regulations governing
security and privacy -- and the potential for
problems with the European Community?
<[Katie] PRESS11> the europeans have always (like in all things) been a
little bit behind the u.s.... in hacking laws. the
most interesting thing about it is that as soon as a
country makes it illegal to break into computers...
then the hacking drops precipitously (or maybe the
underground goes deeper)... the international folks
at the ec are already trying to come up with uniform
laws governing computer security throughout the
european community. yawn. ga
<[Phillip] P.MAY2> katie, do you feel there is a greater potential for
abuse of systems from "insiders", i.e. employees of
companies who implement the systems, or outsiders
like those described in you r book .? ga
<[Katie] PRESS11> of course there is... it's pretty widely known that
almost all of the white-collar crime out there that
uses computers and is most expensive to business is
committed by insiders... but companies get very
embarrassed by that... and they tend not to report
those crimes... they'd rather report crimes that seem
to be committed by juvenile delinquents... not their
own people! ga
<[Darryl] D.JENT> What is nren & Katie what is the new book about. More
hackers or what?... I loved your first book, read it
in two days ga
<[Katie] PRESS11> national research and education network, designed to
send data above a gigabit... and tie all the nation's
supercomputer centers together and it's federally
funded. the book i'm working on now... is about a
particular house in gemrany. just over the glienicker
bride (where all the spies used to be exchanged)...
in berlin. nothing to do with computers.
<[Tom] SHERMAN> Darryl, check out the article from the Whole Earth
Review about data highways; it's in our file library
(with permission, of course :-) Darryl, follow up
question?
<[Darryl] D.JENT> Sounds interesting still, I'll thanks
<[Richard] R.GILLIAM3> Stock exchanges and currency exchanges are close to
24 hour world-wide operation. How possible will it be
for insiders to undetectable manipulate the
markets?GA
<[Katie] PRESS11> quite possible. have you heard about the $170
million or so that disappeared mysteriously from
volkswagen's books?... this happened a few years
ago. ga
<[Richard] R.GILLIAM3> No. I haven't heard the VW story. I think the
potential for financial hacking is enormous GA
<[Katie] PRESS11> i think you're absolutely right... and i think we
(the public) only hear about a very small fraction of
the stuff that goes on. ga
<[Tom] SHERMAN> Before we move into open discussion, I want to take a
second to . . . thank all of you for your question
and, especially, . . . to thank Katie for joining us!
<[Katie] PRESS11> it was fun! sorry about all my typing blunders :-)
<[Tom] SHERMAN> And now for the winners of our contest . . . Thanks
to Simon & Schuster, the publishers of CYBERPUNK, for
donating four copies of the book to our contest
winners. Thanks to everyone for submitting such
imaginative entries!. . . The envelope please . . .
For the best scenarios describing constructive uses
of hacking, T.CAMPBELL11 and M.VANCE1. And for
destructive uses, S.CURTISIII1 and D.TAMPLIN.
Congratulations to Tim, Vance, Stan and David! I'll
now open the room so that all of us can type . . .
<[Tom] SHERMAN> No one counts typing blunders, Katie, not in here!
<[Richard] R.GILLIAM3> RTC spell-checkers. The next cyber-frontier! <g>
<[Andrea] A.DUDA> Are the contest winners all in one place where we can
read them?
<[Tom] SHERMAN> Yes, the contest entries are in Cat 7/Topics 16 and
17, except . . . for one that was sent by e-mail
because the author thought it too dangerous to post
in public
<[Tom] SHERMAN> Katie, what do you think about the FBI's interest in
legislation requiring the phone companies to make
digital phone transmission accessible to them? (Did
you see Marc and Janlori on Koppel's program the
other night?)
<[Katie] PRESS11> it's the stupidest thing i've ever heard of. it will
never work... people will just buy cheap encryption.
<[Darryl] D.JENT> Katie, have you meet meet William Gibson & How
surprised are you at the way his books have become
reality?
<[Tom] SHERMAN> Hmmm, say a little more about that, would you?
<[Katie] PRESS11> i've talked to him on the phone. i'd like to meet
him, though. he's extremely tall, i hear ... but what
part has become reality? ga
<[Fomalhaut] J.PAXSON> Darryl, pray that the world itself does not become
that horrible.
<[Katie] PRESS11> you're not kidding.
<[Darryl] D.JENT> I was meaning the way virtual reality is shaping
<[Darryl] D.JENT> Most of what I've read about VR lately was in his
books
<[Fomalhaut] J.PAXSON> I've had some success with virtual reality using
x-specs and stereo headphones.
<[Richard] R.GILLIAM3> Experiment surgery has been done for the hearing
impaired, wiring the bones between the ear and the
brain so that some sound can be heard. This is, I
suggest, a rudimentary form of the cyber-wiring that
is certain to come.
<[Tom] SHERMAN> Richard, will they just wire digital jacks where our
ears used to be?
<[Katie] PRESS11> that's been done for the blind, too.
<[Andrea] A.DUDA> Interesting thought, Richard. Imagine what happens if
someone messes with that!
<SHERRY.PF> I heard that on a talk show just this morning,
Richard!
<[Richard] R.GILLIAM3> Yes, Tom. Expect that eventually it will be done by
radio receivers, not wires.
<[Tom] SHERMAN> Will there be an OFF switch?
<[Richard] R.GILLIAM3> Let's hope so, Tom
<SHERRY.PF> That'll depend on whether or not we end up in 1984 or
Brave New World.
<[Tom] SHERMAN> Is this what Gene meant when he said we'd all be on
the network?
<[Darryl] D.JENT> Katie, what is the wildest computer lab you have
visited as far as technologically advanced?
<[Richard] R.GILLIAM3> I've often thought it was just a question of who got
us first---the cyberpunks or the genetic engineers.
Eventually it will be both.
<[Katie] PRESS11> it's a toss-up between the media lab and xerox parc
<[Darryl] D.JENT> It that the media lab at MIT?
<SHERRY.PF> Is that Xerox in Leesburg, VA?
<[Katie] PRESS11> yeah, and xerox parc in palo alto
<SHERRY.PF> I haven't been to Palo Alto, but I've been to
Leesburg. It's pretty wild too. ;)
<[Darryl] D.JENT> hAVE YOU MET mARVIN mINSKY at MIT, He has wrote some
wild books about the brain & AI
<[Katie] PRESS11> yes. he's a wild guy. you should meet his daughter
<[Darryl] D.JENT> Tom, I didn't get a chance to, but will I loved his
book Society of the Mind.
<[Katie] PRESS11> i've never read that.
<[Darryl] D.JENT> It's about using Artificial Intelligence & trying to
mimic the brain
<[Darryl] D.JENT> About how the easiest things we do as humans are the
hardest to get a computer to do.
<[Tom] SHERMAN> Katie's already stayed longer than I asked and so . .
I want to thank her again for joining us and . . . to
remind all of you that Jerry Berman, formerly of the
ACLU and now . . . head of the D.C. office of the
Electronic Frontier Foundation will . . . be our
guest next Sunday! . . . Do join us and, during the
week, . . . take a minute to add your thoughts to our
bulletin board discussion about . . . technology and
society in Category 7 . . . All of you . . . are
welcome to stay as long as you like. Katie. thanks
again!
<[Darryl] D.JENT> Such as moving Thanks, Katie, will have to read your
new book. Good luck
<[Richard] R.GILLIAM3> Thanks Katie, Tom. Enjoyed the RTC. Looking forward
to visiting again.
<SHERRY.PF> You can get to the PF*NPC bulletin board on page
8011;1 -- it's a Basic service.
-----# Participants #-----
<[Andrea] A.DUDA>
<[Darryl] D.JENT>
<[Dave] D.THOMPSON74>
<[2] eric] E.SHCHNEIDER>
<[Gene] G.STOVER>
<[Fomalhaut] J.PAXSON>
<J.PRESLEY1>
<[Lamont] L.INGALLS>
<MCFARMER>
<[Phillip] P.MAY2>
<[Katie] PRESS11>
<[Richard] R.GILLIAM3>
<[Tom] SHERMAN>
<SHERRY.PF>
<[Tom] T.BARKER6>
__________________________________________________________________
| Rights & responsibilities, government, politics, minority civil |_
| rights, volunteerism, nonprofit management, the media, the | |
| environment, international issues, gay/lesbian/bisexual issues, | |
| women & men, parenting, youth organizations and more! | |
|__________________________________________________________________| |
|__________________________________________________________________|
________ PF$ PF*NPC Sysops _____________
| |_ | Weekly RTC: |_
| The | | SHERMAN Tom Sherman | 9pm Eastern | |
| PF*NPC | | SCOTT Scott Reed | on Sundays! | |
| Staff: | | CHERNOFF Paul Chernoff | Type M545;2 | |
|________| | GRAFFITI Ric Helton |_____________| |
|________| SHERRY Sherry |_____________|
__________________________________________________________
-=(( The Public Forum * NonProfit Connection RoundTable ))=-
-==((( GEnie Page 545 - Keywords PF or NPC )))==-
-=((__________________________________________________________))=-
|
| This listing was generated by LRTC Version 1.00
| (C)opyright by Hartmut W. Malzahn, 1991. All rights reserved.
|
# # #
------------------------------
End of Computer Underground Digest #4.25
************************************
Computer underground Digest Sun June 14, 1992 Volume 4 : Issue 26
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Associate Editor: Etaion Shrdlu, Jr.
Newest Authormeister: B. Kehoe
Arcmeister: Bob Kusumoto
Downundermeister: Dan Carosone
CONTENTS, #4.26 (June 14, 1992)
File 1--Chsun1 mailserv/ftp NO LONGER AVAILABLE
File 2--CFP-II Radio Shows
File 3--Another side of privacy
File 4--update: Presidental candidates' online forum/debate
File 5--Playboy Vs. Event Horizons (BOARDWATCH REPRINT)
File 6--FTPing Back Issues of CuD and other Files
File 7--PC BBS Raided by FBI (reprint)
Back issues of CuD can be found in the Usenet alt.society.cu-digest
news group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM, on Genie in the PF*NPC RT
libraries, on the PC-EXEC BBS at (414) 789-4210, and by anonymous ftp
from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Fri, 12 Jun 92 11:42:54 CST
From: Moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 1--Chsun1 mailserv/ftp NO LONGER AVAILABLE
Bob Kusumoto, archivist at the U of Chicago site, informs us that they
can no longer make back issues of files available. This generally
affects bitnet users without ftp access. At this point, because of
availability of back issues of CuD from other sources, we do not plan
to find a new site. We will re-assess the need in a few months, but
our sense is that between ftp and alternative sites, most readers will
not be inconvenienced.
Bob has been an archivist nearly from CuD's beginning, and provided a
shadow site to Brendan's. We (and others) appreciate and thank him for
his initiative and hard work and will miss him.
------------------------------
Date: Fri, 12 Jun 1992 18:37:30 EDT
From: Paul Hyland <PHYLAND@GWUVM.BITNET>
Subject: File 2--CFP-II Radio Shows
COMPUTER, FREEDOM, PRIVACY CONFERENCE-II on RADIO
Public radio listeners across the nation will have "virtual front row
seats" at the Second Annual Conference on Computers, Freedom, and
Privacy. The sessions were recorded at the March conference by Bruce
Koball and digitally edited for broadcast by Gregg McVicar (The
Privacy Project).
Ten one-hour programs will be available to stations through the public
radio satellite system, beginning June 23rd.
#1 Bruce Sterling "Speaking for the Unspeakable"
#2 Ethics, Morality, and Criminality
#3 Logging on to the Networks of the Future
#4 Free Speech and the Public Telephone Network
#5 Who's in Your Genes? Genetic Data Banking & Privacy
#6 Private Collection of Personal Information
#7 Privacy and Intellectual Freedom in the Digital Library
#8 Computers in the Workplace: Elysium or Panopticon?
#9 Who Holds the Keys? Cryptography, Privacy, and Security.
#10 Public Policy for the 21st Century.
Each station decides independently whether or not to air a program
offering and where to place it in its broadcast schedule. Therefore,
interested listeners are advised to immediately contact the program
director at their public radio station in support of carrying the
COMPUTERS, FREEDOM, & PRIVACY series locally.
KALW in San Francisco, Oregon Public Broadcasting, KPBS in San Diego,
WYEP in Pittsburgh, and WUMB in Boston plan to air the programs this
summer and have graciously provided seed funding for the project.
For more information, contact Gregg McVicar at Pacific Multimedia
(510) 938-2877, or GMcVicar@MCImail.com
------------------------------
Date: Tue, 9 Jun 92 16:07:20 PDT
From: jwarren@AUTODESK.COM(Jim Warren)
Subject: File 3--Another side of privacy
It is difficult to strike a balance between the just desires of
individuals for personal privacy, and the just needs of a community to
have an informed accounting of the consequences of the actions of its
individual members.
The problem with privacy is that there are those who intentionally use
it to cover their wrong-doing. Further, it shields those who are
casually irresponsible from being held accountable.
The following exemplifies the adverse side of privacy. It is not from
an Evil Corporation, nor a Naive Computer Neophyte, nor from a Person
Who Disrespects Privacy. Instead, it's from a mostly-consultant who
is an experienced computer pro, and someone who has long-illustrated
deep concern for ethical and civil-liberties issues.
Aside: This is similar to women who receive obscene or threatening
phone calls, but [a] can't get the local cops (or courts) to monitor
the line, and [b] are prohibited from having Caller ID to aid their
personal defense against anonymous electronic intruders in their
homes. Police won't furnish protection (or don't have the resources),
and the law suppresses the tools for self-defense against unwanted
intrusion.
Result: Phone-owners' privacy in their own homes is degraded or
forfeited in order to protect the privacy of anonymous, covert
callers.
jim
+++++++++++posted with the author's explicit prior permission+++++++++++++
>From autodesk!uucp Mon Jun 8 09:31:59 1992
Subject-- Freedom
To: jwarren@well.sf.ca.us
I have a problem with certain privacy concerns (this time I am on the
anti-privacy side). I have court judgements against some southern CA
slime bags (you want a definition, their BUSINESSES will not identify
themselves when you call them, they answer "corporate" and if you ask
who you have reached repeatedly, they will hang up on you). I think I
have a RIGHT to know where they live and work so I can serve them with
legal papers. Remember, they have already LOST the suit, their day in
court is over. But without going to court AGAIN for a separate order,
I cannot pull their credit records (privacy). BS! This is just a
makework thing for attorneys and PIs. You see, I can get the credit
report illegally for $30 (instead of $8 if I had a right to it). What
a crock! Do you agree?
Worse yet, all this privacy BS has given us 3 separate ID numbers. The
DMV wants driver's license number and birthdate, the credit guys want
SSN. I am all for a law-abiding guy trying to keep his private affairs
private, but when you have lost in court, those same laws keep you from
having to pay up. BS I say. Do you agree?
I am not sure I have an implementation, but I sure would work on one if
there were any reason to believe it would do some good. Dave
Dave Gomberg GOMBERG@UCSFVM Internet node UCSFVM.UCSF.EDU (415)731-7793
Seven Gateview Court, San Francisco CA 94116-1941
------------------------------
Date: Fri, 12 Jun 92 15:54:06 PDT
From: jwarren@AUTODESK.COM(Jim Warren)
Subject: File 4--update: Presidental candidates' online forum/debate
6/12/92 - STATUS REPORT
CLINTON organization has reiterated to a number of online addressees
that they intend to participate, and are currently getting organized
to do so.
email: 75300.3115@compuserve.com
PEROT organization called to reiterate that they are getting their
computer-access system set up. No specific commitment, yet, to an
online forum/debate with other candidates.
email: none identified
BUSH organization has said the "proposal is very interesting and worth
serious consideration," but gave no implication of any intent to
accept.
email: none identified
MEDIA INTEREST INCREASING
6/12- John Blackstone of CBS NEWS came up for an on-camera interview, to
be part of a Dan Rather Evening News segment on electronic democracy, elec.
town hall, etc. No airing date but probably within a week or so.
6/9- Jessica Seigel, a CHICAGO TRIBUNE features writer, called for a
lengthy interview; faxed additional info. No publication date, but if you
see it, please snailmail* a copy. [jes@well.sf.ca.us]
6/4- Details published in COMMUNICATIONS DAILY, written by Art Brodsky.
[arb@well.sf.ca.us]
6/4- Bill Turque of NEWSWEEK called for a lengthy interview; faxed
extensive additional information. No information on publication date, but
it you see it, please snailmail* a copy.
(Hope you send a fax and/or snailmail to the candidates urging them to
participate in the proposed online prexy forum. Mob pressure's needed! :-)
------------------------------
Date: 11 Jun 92 03:36:23 EDT
From: Lance Rose <72230.2044@COMPUSERVE.COM>
Subject: File 5--Playboy Vs. Event Horizons (BOARDWATCH REPRINT)
((Moderators' note: The latest issue (June) of BOARDWATCH MAGAZINE
includes the following article describing Playboy's copyright suit
against Event Horizon's, a BBS specializing in "adult" files.
BOARDWATCH is the best source for BBS-related information. Each issue
includes news, special features, and in-depth analysis of topics
ranging from technical information to BBS and sofware reviews. Even
the ads are fun reading. A year's sub (12 issues) remains a steal at
$36. BOARDWATCH address is: 7586 West Jewell Ave, Suite 200, Lakewood,
CO, 80232. Jack Rickard, the editor, is on-line at:
jrickard@teal.csn.org))
PLAYBOY'S NEW PLAYMATE - EVENT HORIZONS BBS
by Lance Rose
One of the most common personal uses of modems today is to transfer
graphic image files between computers. Sources for images are cheap
and plentiful - just pick up any picture book or magazine. Often the
hard part is finding someone with a scanner to turn the picture into
an uploadable computer file, but there are more and more of those as
well. Many of the most profitable small BBS', not to mention
CompuServe and other large information services, make a great deal of
money from the high volume of image uploads and downloads performed
daily across the country.
A large part of that volume is taken up by pictures of nude women and
sexually oriented materials. It's hard to pinpoint the ultimate
social meaning of this activity, but it's a fact that lots of people
are spending lots of time and money sending computerized soft and hard
pornography through the telephone lines. The cost is often far
greater than the price of a newsstand magazine that contains the same
picture at far greater resolution. Yet people keep doing it, and some
BBS' profit greatly from it.
Behind the scenes, fueling the boom, are the source images used to
create the digitized files. All too often these sources, whether they
depict a beautiful forest, a way cool car or a buxom blonde, are
copyrighted illustrations from magazines and books. This is a
well-known fact of life to most BBS users. When the practice of
scanning copyrighted images is debated online, the issue is usually
not whether it's legal (except among the "information wants to be
free" types), but who will get nailed by a copyright owner, and when.
It happened in March. Playboy Enterprises sued Event Horizons BBS for
infringement. Event Horizons is one of the largest BBS' in the
country, and well-known as a major center for uploading and
downloading graphic images, including pictures of nude women and
sexual images. Users are charged for downloading by connect time, so
the larger the file and longer it takes to download, the more a user
pays for the file. The BBS is said to gross over two million dollars
per year, and has served (in the profit-making sense at least) as an
ideal and model for others who run their BBS' as a business. Event
Horizons makes files available not only online, but also in
collections on disks.
This is an important case for BBS sysops, especially if the parties
fail to settle and it goes to trial. The resulting decision could set
some standards for copyright infringement by BBS', and help sysops
better determine which files to keep on their boards and which are
safest only when dropped in the bit bucket.
Playboy's suit actually claims two kinds of infringement: copyright
and trademark. On the copyright side, nine pictures of scantily clad
or naked women from the pages of Playboy Magazine (sandwiched, as
always, in between the Serious Articles) were discovered in Event
Horizon's file collection. The ladies pictured in the files include
such well-known babes as Linda Evans, Vanna White and Jessica Hahn.
Playboy pulls no rabbit punches in illustrating its claim that the
Event Horizons files are indeed direct copies. Playboy's legal
complaint includes all of the identified pictures from the magazine
and the corresponding printouts of Event Horizon's image files
(Apparently, those exhibits are meant only for the judge. Playboy's
corporate communications department made only the written portion of
the complaint available upon my request. Is this corporate image
management, or just their way of telling me I have to pay for those
pictures like everyone else?). In addition to these pictures, Playboy
identifies other files described in Event Horizon's disk catalog as
probable infringements, even though Playboy has not seen them, based
on descriptions of the files such as "pretty nude Playboy photo" and
"Playmate; topless young body." If the descriptions are accurate,
that's pretty damning evidence that someone infringed Playboy's
copyrights, though of course the actual pictures would have to be
produced.
The trademark claim by Playboy has two contradictory components. On
one hand, Playboy claims that Event Horizon's use of the name
"Playboy" with the files will confuse the public into wrongly thinking
that Playboy somehow sponsors or authorizes Event Horizon's
maintenance of the files. On the other hand, Playboy also says that
Event Horizon's use of "EH" will confuse the public into wrongly
thinking that Event Horizons, and not Playboy, is the real producer of
the pictures contained in the files. Playboy is right that these
names create confusion. At this stage, however, Playboy seems to be
the one who is a bit confused by it all.
Playboy still has a lot of points in its favor, though. For instance,
Playboy claims that Event Horizons' own copyright notice was found on
some of the files in question. That one might be pretty hard for
Event Horizons to explain away. Playboy also states that it sent six
warning letters to Event Horizons complaining about infringement, and
that Event Horizons did not stop the activities complained of. Again,
if this is true, it makes it look like Playboy gave Event Horizons
every opportunity to stop the claimed infringing practices, and only
brought legal action when the practices continued despite the endless
stream of letters.
As compensation for it's grief, Playboy is looking for a big payoff.
First, it wants a permanent injunction against any further
distribution of the files by Event Horizons. Second, it wants to
receive all of Event Horizons' profits from the files, measured by the
connect time charges paid by users downloading those files. This
could be a very big amount if the judge accepts that measure of
damages. Third, it wants Event Horizons to pay all of Playboy's legal
costs in bringing the legal action - another big number, which Event
Horizons will have to pay if Playboy wins. Fourth, it wants the court
to impound all files and disks containing the infringing files, and
the equipment used to make those files and disks - this could even
mean the BBS itself. There are even more damage claims, but there's
only so much room in this column.
Looks like a pretty grim situation for Event Horizons . . .
However, the game is not over. Jim Maxey, Event Horizons' owner,
tells a somewhat different story. He says that all of the files in
question were not created by him, but by BBS users who uploaded them
for credits permitting them to download other files for free. His
policy has been to ban all Playboy images he could identify, but he
says that some slip through nonetheless. If the file description does
not say the file is scanned from Playboy or another copyrighted
source, he has little way of knowing where it came from.
Maxey confirms that Playboy first contacted him about a year ago. He
says that when he first heard from Playboy, he redoubled his efforts
to remove any Playboy-related files from his BBS, and sent Playboy
letters certifying his removal efforts. However, Playboy never
acknowledged receiving his letters; there was "no way to communicate
with them." The next thing he knew, Playboy was suing him in federal
court.
Maxey also claims that Playboy is trying to physically intimidate him.
In particular, he says Playboy hired an enormous man, 250-300 pounds,
to serve him with the complaint. When the process server came to
Event Horizons' office, he allegedly smashed the receptionist against
the door, seriously injuring her hip and causing her to miss four
weeks of work. He says the man is currently being held by the police.
Event Horizons is changing its look and feel now, according to Maxey.
"Adult images" form only a small part of the current file transfer
activity on his BBS, as its focus shifts to education and
entertainment. His current projects include creating collections of
animations, and distributing the larger ones on CD-ROMs, including
animations with astronomical themes such as a tour of the planets of
the solar system.
Gee, after hearing Jim's side of the story, it makes you wonder why
Playboy is so upset. Someone here is telling less than the whole
truth. These stories are too contradictory to both be real. I
suspect both sides have polished up their stories just a bit for prime
time.
Playboy, for instance, is not beyond trying to pull the wool over the
judge's eyes. At one point, Playboy claims that "access by Event
Horizons to the [Playboy] copyrighted photographs should be presumed
in view of the striking similarity between the images contained in the
above identified Event Horizons' files and the corresponding [Playboy]
copyrighted photographs." In other words, Playboy would have us
believe that if you find an image scanned from a magazine on a BBS, we
can presume the sysop did the scanning himself.
This is obviously not so to anyone who knows about BBS', and the
statement reveals either ignorance or attempted deception on Playboy's
part. Most image files on BBS' are uploaded by users. It may well be
that Playboy's claim that Maxey created the files is true, but that is
something that must be proved, not presumed. Most BBS sysops today
are not creators of most of the materials on their systems, but
distributors. This is a very important distinction in a case like
this, because it means that the primary wrongdoer is the user who
uploaded the file, not the sysop who merely made it available for
download by others.
Certain parts of Maxey's story are also questionable. Though he
claims that all Playboy images found on his BBS were uploaded by
users, there are others who say it is common knowledge that Maxey
himself stocks his BBS with his own scans from Playboy and other
magazines. We will have to wait for the evidence to come in on this
one.
It is also pretty hard to go along with Maxey's reasoning on Playboy's
failure to acknowledge his letters to them. If Playboy did not
respond to his letter, why didn't he pick up the phone and call them?
Their number's in the phone book.
Of course, the parties may settle this case before it reaches trial.
In that event, the main effect of the case would be a warning to other
sysops not to become involved in infringing image files, at least when
the images are Playboy's.
What if the case does go to trial? Maxey's shifting of the blame for
infringement to his users raises the possibility he will use the same
defense successfully used by CompuServe recently in obtaining
dismissal from a libel suit against it. As readers of this magazine
may recall, in the case of CompuServe v. Cubby, CompuServe was sued
as the distributor of an electronic newsletter that supposedly
contained defamatory comments about a competing newsletter. The judge
let CompuServe out of the case on the basis that CompuServe did not
create the newsletter, but only distributed it. In a landmark ruling
for BBS', the judge held that BBS' are protected by the 1st Amendment
as distributors of free speech. It is impermissible to make a sysop
absolutely responsible for reviewing everything that passes through
the system.
For Maxey to successfully use this argument to escape the infringement
claim, he will need to prove that all of the infringing files were
uploaded by users, and that he was not actually aware of any of them
before Playboy brought them to his attention. This could be a tough
task, especially for the files that supposedly have Event Horizons'
own copyright notice attached to them. It could be fun to watch him
try, though.
Playboy's motives in bringing the suit can certainly be questioned.
My guess is that Playboy is getting ready to begin its own online
distribution of girlie pictures, and wants to clear out the
established competition. Playboy pictures probably form only a small
part of all the files on Event Horizons' BBS, but this lawsuit can
have a disproportionately large effect on the BBS' overall finances.
Playboy is letting the online world know that a Big Boy is entering
the scene, so watch out. At this point, Playboy will only be the
second major company of its sort in the online world. Penthouse
already has its own BBS, and has announced in the business news pages
that it sees its future in electronic communications.
However it ends up, this suit should serve as a word to the wise for
sysops and users of BBS'. The days of the free ride in scanning
printed copyrighted materials are coming to an end. The future of
image files in BBS'ing will not (and indeed should not) be merely to
reproduce mass-distributed print photographs and illustrations, but to
serve as a new and different distribution medium. Graphic artists of
all kinds who do not have access to print distribution channels should
receive increasing distribution on BBS'. New image types, best
displayed on computer screens (especially animations) rather than
paper, will continue to develop and flourish. By helping bring an end
to online infringement of its printed girlie pictures for gentlemen,
Playboy is, likely unwittingly, helping to usher in a new and far more
interesting online computer graphics regime.
++++
Lance Rose is an attorney practicing high-tech, computer and
intellectual property law in the New York City area. He is the author
of SYSLAW, a legal guide for BBS sysops, of which a revised edition
should appear this fall. He can be reached at elrose@well.sf.ca.us
------------------------------
Date: Fri, 12 Jun 92 11:42:54 CST
From: Moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 6--FTPing Back Issues of CuD and other Files
We are periodically asked where archives to back issues of CuD and
other papers, statutes, university policies, and 'Zines can be
obtained, and where various files are located in the directories. The
CuD ftp cites are listed in the header of each CuD. In addition, back
issues of CuD and most other electronic publications can be found on
THE WORKS (617) 861-8976.
Current CuD ftp sites are: ftp.eff.org (192.88.144.4) and
ftp.ee.mu.oz.au.
NOTE: THE UCHSUN1 MAILSERV AND FTP SITE WILL BE TAKEN DOWN IN A FEW
DAYS AND WILL NO LONGER BE AVAILABLE.
Directories in the ftp.eff.org archives include:
total 24
-rw-r--r-- 1 root 12 0 Oct 18 02:22 .notar
drwxrwsr-x 4 ckd 10 1024 Jun 9 22:28 EFF
drwxrwsr-x 5 mnemonic eff 512 Nov 26 22:05 SJG
drwxrwxr-x 13 kadie 21 1536 Jun 10 01:42 academic
drwxr-sr-x 2 hshubs 151 512 May 15 20:32 bcs
drwxr-xr-x 2 ezf 146 1024 May 27 19:03 cpsr
drwxr-xr-x 33 brendan 12 1024 Jun 8 12:25 cud
drwxr-xr-x 4 root daemon 1024 Aug 17 18:08 internet-info
drwxrwsr-x 2 hrose 14 1024 May 26 21:12 irc
drwxr-xr-x 8 rita 148 512 May 18 20:43 journals
drwxrwsr-x 3 ckd 12 512 Apr 22 21:28 mac
drwxr-sr-x 2 1 daemon 512 May 8 20:29 pub-infra
The follow subdirectories are in the /pub/cud directory:
cud:
total 104
-rw-r--r-- 1 brendan 149 3585 Jun 8 21:23 Added
-rw-r--r-- 1 brendan 149 10131 Jun 8 21:23 Index
drwxr-xr-x 2 brendan 149 512 May 18 14:08 alcor
drwxr-xr-x 2 brendan 149 512 May 18 14:08 ane
drwxr-xr-x 2 brendan 149 1024 May 18 14:08 ati
drwxr-xr-x 2 brendan 149 512 May 18 14:08 bootlegger
drwxr-xr-x 3 brendan 149 512 Apr 25 22:55 ccc
drwxr-xr-x 2 brendan 149 3584 Jun 8 21:23 cdc
drwxr-xr-x 2 brendan 149 512 Apr 25 22:55 cdugd
drwxr-xr-x 2 brendan 149 512 May 18 14:09 chalisti
drwxr-xr-x 2 brendan 149 512 May 18 14:09 cpi
drwxr-xr-x 2 brendan 149 2560 Jun 7 22:16 cud
drwxr-xr-x 2 brendan 149 512 May 24 18:35 dfp
drwxr-xr-x 2 brendan 149 512 Apr 25 22:55 fbi
drwxr-xr-x 2 brendan 149 512 May 18 14:09 inform
drwxr-xr-x 2 brendan 149 1024 Apr 25 22:55 law
drwxr-xr-x 2 brendan 149 512 May 18 14:09 lod
drwxr-xr-x 2 brendan 149 512 May 18 14:09 misc
drwxr-xr-x 2 brendan 149 512 May 18 14:09 narc
drwxr-xr-x 2 brendan 149 512 Apr 25 22:55 networks
drwxr-xr-x 2 brendan 149 512 Apr 25 22:55 nfx
drwxr-xr-x 2 brendan 149 1536 May 18 14:09 nia
drwxr-xr-x 2 brendan 149 512 May 18 14:09 nsa
drwxr-xr-x 2 brendan 149 1536 Jun 8 12:36 papers
drwxr-xr-x 2 brendan 149 512 Jun 7 21:18 phantasy
drwxr-xr-x 2 brendan 149 1024 May 19 13:00 phrack
drwxr-xr-x 2 brendan 149 512 May 18 14:09 phun
drwxr-xr-x 2 brendan 149 512 May 18 14:09 pirate
drwxr-xr-x 2 brendan 149 512 May 18 14:09 ppp
drwxr-xr-x 2 brendan 149 1024 Apr 25 22:55 schools
drwxr-xr-x 2 brendan 149 512 May 18 14:09 synd
drwxr-xr-x 2 brendan 149 512 May 18 14:09 tap
drwxr-xr-x 2 brendan 149 512 May 18 14:09 wview
THE CONTENTS OF INDIVIDUAL DIRECTORIES:
cud/alcor:
Information related to the Alcor suit:
total 246
-r--r--r-- 1 brendan 149 2506 Jan 10 17:05 alcor-1
-r--r--r-- 1 brendan 149 10036 Jan 10 17:06 alcor-2
-r--r--r-- 1 brendan 149 21192 Jan 10 17:06 alcor-3
-r--r--r-- 1 brendan 149 13439 Jan 10 17:06 alcor-4
-r--r--r-- 1 brendan 149 7727 Jan 10 17:06 alcor-5
-r--r--r-- 1 brendan 149 4381 Jan 10 17:06 alcor-6
-r--r--r-- 1 brendan 149 14366 Jan 10 17:06 alcor-7
-r--r--r-- 1 brendan 149 37303 Jan 10 17:07 alcor-8
-r--r--r-- 1 brendan 149 10212 Jan 10 17:07 alcor-9
cud/ane:
("Anarchist" journal)
total 530
-r--r--r-- 1 brendan 149 22545 Aug 18 1990 ane-1
-r--r--r-- 1 brendan 149 4577 Aug 18 1990 ane-2
-r--r--r-- 1 brendan 149 5766 Aug 18 1990 ane-3
-r--r--r-- 1 brendan 149 5276 Aug 18 1990 ane-4
-r--r--r-- 1 brendan 149 6850 Aug 18 1990 ane-5
-r--r--r-- 1 brendan 149 10070 Aug 18 1990 ane-6
-r--r--r-- 1 brendan 149 201033 Aug 18 1990 ane-7
cud/ati:
total 1900
-r--r--r--
ATI-Activist Times, Inc.
ati-1 through ati-59 (issue #9 is permanently lost)
cud/bootlegger:
total 880
-r--r--r-- 1 brendan 149 326412 Nov 9 1990 bootlegger-6
-r--r--r-- 1 brendan 149 101274 Nov 9 1990 bootlegger-7
cud/ccc:
Chaos Computer Club info
total 394
-r--r--r-- 1 brendan 149 5491 Aug 1 1991 LIES_MICH
-r--r--r-- 1 brendan 149 41360 Aug 1 1991 VMS_bug.doc
-r--r--r-- 1 brendan 149 29497 Aug 1 1991 bbs.ch
-r--r--r-- 1 brendan 149 17904 Aug 1 1991 bbs.hh
drwxr-xr-x 2 brendan 149 512 Mar 27 22:32 congress
-r--r--r-- 1 brendan 149 9862 Aug 1 1991 eunet_for_the_people.txt
-r--r--r-- 1 brendan 149 35391 Aug 1 1991 hacker.txt
-r--r--r-- 1 brendan 149 21269 Aug 1 1991 polizeigesetz.hh
-r--r--r-- 1 brendan 149 13081 Aug 1 1991 satzung.txt
-r--r--r-- 1 brendan 149 9411 Aug 1 1991 sitzungs_protokoll.1990
-r--r--r-- 1 brendan 149 12661 Aug 1 1991 uucp_de.sites
cud/ccc/congress:
total 928
-r--r--r-- 1 brendan 149 103307 Aug 1 1991 congress.berichte.89
-r--r--r-- 1 brendan 149 106563 Aug 1 1991 congress.berichte.90
-r--r--r-- 1 brendan 149 227883 Aug 1 1991 psycho.doc
cud/cdc:
total 4468
Cult of the Dead Cow:
Beginning with cdc-1 through cdc-199
cud/cdugd:
Computer-downunder-digest (Australian p/h news)
total 152
-rw-r--r-- 1 brendan 149 3197 Apr 7 20:16 cdugd-1.01
-rw-r--r-- 1 brendan 149 16888 Apr 7 20:16 cdugd-1.02
-rw-r--r-- 1 brendan 149 56293 Apr 7 20:16 cdugd-1.03
cud/chalisti:
total 3976
Chalisti: German "hacker" journal
chalisti-1 through chalisti-17
cud/cpi:
total 230
-r--r--r-- 1 brendan 149 19877 Jul 2 1991 cpi-1
-r--r--r-- 1 brendan 149 97268 Jul 2 1991 cpi-2
cud/cud:
Computer underground Digest
total 9424
CuDs, complete, beginning with cud1.00 through cud4.25
In addition:
-r--r--r-- 1 brendan 149 1110 Aug 3 1990 niedorf.flash
-r--r--r-- 1 brendan 149 16964 Nov 15 1990 vol1_index
-r--r--r-- 1 brendan 149 7905 Mar 7 1991 vol2_index
-r--r--r-- 1 brendan 149 19848 Mar 8 17:42 vol3_index
cud/dfp:
Digital Free Press
total 338
-r--r--r-- 1 brendan 149 22914 Jan 10 17:02 dfp-1.1
-r--r--r-- 1 brendan 149 51910 Mar 8 17:55 dfp-1.2
-r--r--r-- 1 brendan 149 50199 Apr 26 20:09 dfp-1.3
-r--r--r-- 1 brendan 149 46027 May 24 18:35 dfp-1.4
cud/fbi:
total 348
-r--r--r-- 1 brendan 149 54284 Aug 1 1991 fbi-1.1
-r--r--r-- 1 brendan 149 111127 Sep 3 02:58 fbi-1.2
cud/inform:
total 1024
-r--r--r-- 1 brendan 149 186042 Oct 16 17:13 inform-1
-r--r--r-- 1 brendan 149 176859 Jan 10 17:13 inform-2
-r--r--r-- 1 brendan 149 130779 Apr 24 18:04 inform-3
cud/law:
State/federal computer statutes
total 1786
-r--r--r-- 1 brendan 149 9384 Feb 26 1991 alabama
-r--r--r-- 1 brendan 149 10489 Feb 26 1991 alaska
-r--r--r-- 1 brendan 149 19545 Dec 31 1990 arizona
-r--r--r-- 1 brendan 149 227500 May 7 1991 bill.s.618
-r--r--r-- 1 brendan 149 67417 Nov 29 1990 california
-r--r--r-- 1 brendan 149 3832 Feb 26 1991 canada
-r--r--r-- 1 brendan 149 3185 Aug 1 1991 canada-addendum
-r--r--r-- 1 brendan 149 3795 Feb 26 1991 colorado
-r--r--r-- 1 brendan 149 16530 Feb 26 1991 connecticut
-r--r--r-- 1 brendan 149 14607 Feb 26 1991 delaware
-r--r--r-- 1 brendan 149 10035 Dec 4 1990 florida
-r--r--r-- 1 brendan 149 11535 Jul 14 1991 georgia
-r--r--r-- 1 brendan 149 7766 Feb 26 1991 georgia-old
-r--r--r-- 1 brendan 149 5341 Feb 16 23:24 ghana
-r--r--r-- 1 brendan 149 29160 Dec 18 1990 great.britain
-r--r--r-- 1 brendan 149 9115 Feb 26 1991 hawaii
-r--r--r-- 1 brendan 149 52233 Dec 8 21:11 hr3515
-r--r--r-- 1 brendan 149 8142 Feb 26 1991 idaho
-r--r--r-- 1 brendan 149 20850 Nov 27 1990 illinois
-r--r--r-- 1 brendan 149 38167 Nov 1 14:30 improve
-r--r--r-- 1 brendan 149 2378 Feb 26 1991 indiana
-r--r--r-- 1 brendan 149 10398 Feb 26 1991 iowa
-r--r--r-- 1 brendan 149 5144 Dec 13 1990 maryland
-r--r--r-- 1 brendan 149 12979 Feb 26 1991 minnesota
-r--r--r-- 1 brendan 149 2115 Feb 26 1991 minnesota.info
-r--r--r-- 1 brendan 149 10304 Nov 1 13:44 monitoring
-r--r--r-- 1 brendan 149 10324 Feb 26 1991 new.jersey
-r--r--r-- 1 brendan 149 16498 May 18 1991 new.mexico
-r--r--r-- 1 brendan 149 1479 Dec 31 1990 new.york
-r--r--r-- 1 brendan 149 5479 May 18 1991 north.carolina
-r--r--r-- 1 brendan 149 4515 May 8 1991 oregon
-r--r--r-- 1 brendan 149 18918 Aug 1 1991 scourt-bios
-r--r--r-- 1 brendan 149 11999 Feb 26 1991 texas
-r--r--r-- 1 brendan 149 128606 May 8 1991 us.e-privacy
-r--r--r-- 1 brendan 149 16360 Dec 13 1990 uscode.s.1030
-r--r--r-- 1 brendan 149 12002 Dec 31 1990 vermont
-r--r--r-- 1 brendan 149 12964 Feb 26 1991 virginia
-r--r--r-- 1 brendan 149 5767 May 10 1991 washington
-r--r--r-- 1 brendan 149 8498 Feb 26 1991 west.virginia
-r--r--r-- 1 brendan 149 5906 Apr 6 1991 wisconsin
cud/lod:
total 1650
-rw-r--r-- 1 brendan 149 27 May 13 03:41 Missing
-r--r--r-- 1 brendan 149 213571 Aug 12 1990 lod-1
-r--r--r-- 1 brendan 149 148592 Aug 12 1990 lod-2
-r--r--r-- 1 brendan 149 167909 Aug 12 1990 lod-3
-r--r--r-- 1 brendan 149 256202 Aug 12 1990 lod-4
cud/misc:
total 1632
-r--r--r-- 1 brendan 149 13690 Jun 7 1991 WATCH10A.EXE
-r--r--r-- 1 brendan 149 7936 Mar 8 19:40 anarch.man
-r--r--r-- 1 brendan 149 14534 Mar 8 19:40 basic1.net
-r--r--r-- 1 brendan 149 43817 Mar 8 17:41 cdc-100
-r--r--r-- 1 brendan 149 9473 May 29 1991 china-2.3
-r--r--r-- 1 brendan 149 5693 Dec 8 1989 codehack
-r--r--r-- 1 brendan 149 6075 Mar 8 19:34 cyberspace-1.1
-r--r--r-- 1 brendan 149 10447 Dec 8 1989 defense
-rw-r--r-- 1 brendan 149 86416 Mar 9 13:52 elektrix-1
-rw-r--r-- 1 brendan 149 78482 Mar 9 13:52 globe-1.1
-rw-r--r-- 1 brendan 149 32484 Mar 9 13:52 globe-1.2
-rw-r--r-- 1 brendan 149 63856 Mar 9 13:52 globe-1.3
-r--r--r-- 1 brendan 149 69686 Aug 3 1990 hnet-1
-r--r--r-- 1 brendan 149 79559 May 29 1991 hun-1.2
-rw-r--r-- 1 brendan 149 32102 Mar 9 13:54 kcah-1
-r--r--r-- 1 brendan 149 17440 Jun 18 1991 kcah-2
-r--r--r-- 1 brendan 149 10237 Jan 1 1980 phreak1.bok
-r--r--r-- 1 brendan 149 121252 May 29 1991 ppa-2
-r--r--r-- 1 brendan 149 5036 Aug 9 1991 rrg-1
-r--r--r-- 1 brendan 149 65643 Mar 8 19:55 tph-1
-r--r--r-- 1 brendan 149 41453 Jun 7 1991 watch10a.uu
cud/narc:
total 122
-r--r--r-- 1 brendan 149 5210 Aug 3 1990 narc-1
-r--r--r-- 1 brendan 149 3350 May 29 1991 narc-10
-r--r--r-- 1 brendan 149 5327 Aug 3 1990 narc-2
-r--r--r-- 1 brendan 149 7871 Aug 3 1990 narc-3
-r--r--r-- 1 brendan 149 7327 Aug 3 1990 narc-4
-r--r--r-- 1 brendan 149 4831 Aug 3 1990 narc-5
-r--r--r-- 1 brendan 149 4406 Aug 3 1990 narc-6
-r--r--r-- 1 brendan 149 8283 Aug 3 1990 narc-7
-r--r--r-- 1 brendan 149 3716 May 29 1991 narc-8
-r--r--r-- 1 brendan 149 5555 May 29 1991 narc-9
cud/networks:
total 266
-r--r--r-- 1 brendan 149 1216 Mar 8 18:09 Index
-r--r--r-- 1 brendan 149 3833 Mar 11 1991 ansnet
-r--r--r-- 1 brendan 149 2171 Mar 11 1991 cerfnet
-r--r--r-- 1 brendan 149 9572 Mar 11 1991 compuserve
-r--r--r-- 1 brendan 149 8577 Mar 11 1991 concert
-r--r--r-- 1 brendan 149 3881 Mar 11 1991 cren
-r--r--r-- 1 brendan 149 21201 Mar 11 1991 email
-r--r--r-- 1 brendan 149 10296 Mar 11 1991 farnet
-r--r--r-- 1 brendan 149 2296 Mar 11 1991 fricc
-r--r--r-- 1 brendan 149 540 Mar 11 1991 los-nettos
-r--r--r-- 1 brendan 149 31098 Mar 11 1991 mrnet
-r--r--r-- 1 brendan 149 2375 Mar 11 1991 nearnet
-r--r--r-- 1 brendan 149 2607 Mar 11 1991 northwestnet
-r--r--r-- 1 brendan 149 2790 Mar 11 1991 nsfnet
-r--r--r-- 1 brendan 149 5800 Mar 11 1991 onet
-r--r--r-- 1 brendan 149 4504 Jun 18 1991 prepnet
-r--r--r-- 1 brendan 149 5341 Mar 11 1991 uninet
-r--r--r-- 1 brendan 149 7939 Mar 11 1991 ut.software
cud/nfx:
total 166
-r--r--r-- 1 brendan 149 16024 Aug 9 1991 nfx-1
-r--r--r-- 1 brendan 149 41918 Aug 9 1991 nfx-2
-r--r--r-- 1 brendan 149 26341 Aug 24 03:40 nfx-3
cud/nia:
(nia-1 through nia-73)
total 6510
cud/nsa:
total 394
-r--r--r-- 1 brendan 149 35692 Jul 2 1991 nsa-1.1
-r--r--r-- 1 brendan 149 33176 Jul 2 1991 nsa-1.2
-r--r--r-- 1 brendan 149 48678 Jul 2 1991 nsa-1.3
-r--r--r-- 1 brendan 149 82665 Aug 24 03:45 nsa-1.4
cud/papers:
total 7004
-rw-r--r-- 1 brendan 149 0 Apr 25 22:55 .notar
-r--r--r-- 1 brendan 149 87213 Jul 26 1990 baudy.world
-r--r--r-- 1 brendan 149 57407 Dec 1 02:23 bbs.and.the.law
-r--r--r-- 1 brendan 149 103794 Dec 2 02:51 bbs.defamation
-r--r--r-- 1 brendan 149 6030 Dec 1 1990 biblio
-r--r--r-- 1 brendan 149 63205 Jul 26 1990 candp
-r--r--r-- 1 brendan 149 63050 Feb 26 1991 civil.disobedience
-r--r--r-- 1 brendan 149 31426 Mar 13 1991 closing.the.net
-r--r--r-- 1 brendan 149 12431 Jun 16 1991 company-email
-r--r--r-- 1 brendan 149 98842 Jul 14 1991 computer.crime
-r--r--r-- 1 brendan 149 47714 May 14 1991 const.in.cyberspace
-r--r--r-- 1 brendan 149 27717 Nov 9 1990 cp.2600
-rw-r--r-- 2 mnemonic 104 63838 Feb 23 1991 crime.puzzle
-r--r--r-- 1 brendan 149 21027 Jun 23 1991 cyberspace
-r--r--r-- 1 brendan 149 58773 Jul 26 1990 denning
-r--r--r-- 1 brendan 149 74868 Feb 26 1991 dennis.hayes
-r--r--r-- 1 brendan 149 10286 Dec 2 02:51 ecpa.layman
-r--r--r-- 1 brendan 149 11517 Oct 29 1990 edwards_letter
-r--r--r-- 1 brendan 149 536453 Nov 1 13:43 electropolis.ps
-r--r--r-- 1 brendan 149 115151 Nov 1 13:43 electropolis.txt
-r--r--r-- 1 brendan 149 19636 Nov 9 1990 email_privacy
-r--r--r-- 1 brendan 149 5192 Dec 31 1990 fbi.systems
-rw-r--r-- 1 brendan 149 42545 Jun 8 12:32 future
-r--r--r-- 1 brendan 149 253367 Aug 9 1991 fyi-8
-r--r--r-- 1 brendan 149 53191 Aug 9 1991 gao-report
-r--r--r-- 1 brendan 149 17441 Jun 13 1991 intro
-r--r--r-- 1 brendan 149 190622 Jul 2 1991 len.rose
-r--r--r-- 1 brendan 149 7584 Apr 6 1991 len.rose.news
-r--r--r-- 1 brendan 149 20106 Dec 3 11:03 lod_ss
-r--r--r-- 1 brendan 149 46888 Dec 8 21:11 memetics
-r--r--r-- 1 brendan 149 150214 Jul 26 1990 meyer
-rw-r--r-- 1 brendan 149 66115 May 31 17:26 mindvox
-r--r--r-- 1 brendan 149 31927 May 10 1991 morris.appeal
-r--r--r-- 1 brendan 149 42000 Aug 9 1991 neidorf-script
-r--r--r-- 1 brendan 149 20191 Nov 9 1990 netproposition
-rw-r--r-- 1 brendan 149 21364 Jun 8 12:34 nightline-wire
-r--r--r-- 1 brendan 149 498787 Aug 30 1990 phreak.man
-r--r--r-- 1 brendan 149 45299 Oct 23 13:11 privacy
-r--r--r-- 1 brendan 149 55329 May 29 1991 riggs.brief
-r--r--r-- 1 brendan 149 55329 Mar 8 18:20 riggs_comment
-r--r--r-- 1 brendan 149 8181 Sep 3 02:58 rights.of.expr
-r--r--r-- 1 brendan 149 73736 Dec 8 21:12 ripco-warrant
-r--r--r-- 1 brendan 149 27063 Oct 23 13:13 rivera
-r--r--r-- 1 brendan 149 71262 Oct 15 18:41 sj-resp
-r--r--r-- 1 brendan 149 102570 Nov 15 1990 sundevil
-r--r--r-- 1 brendan 149 21329 Dec 23 05:08 sysops
-r--r--r-- 1 brendan 149 12513 Mar 11 1991 theft.of.software
cud/phantasy:
total 604
-r--r--r-- 1 brendan 149 24971 Oct 30 1990 phantasy-1.1
-r--r--r-- 1 brendan 149 27050 Nov 30 1990 phantasy-1.2
-r--r--r-- 1 brendan 149 25251 Dec 17 1990 phantasy-1.3
-r--r--r-- 1 brendan 149 37567 Feb 26 1991 phantasy-2.4
-r--r--r-- 1 brendan 149 29898 Jan 10 17:00 phantasy-2.5
-r--r--r-- 1 brendan 149 53818 Mar 8 18:21 phantasy-3.6
-r--r--r-- 1 brendan 149 55005 Mar 8 18:21 phantasy-3.7
-rw-r--r-- 1 brendan 149 52131 Jun 7 21:18 phantasy-3.8
cud/phrack:
phrack-1 through phrack-38
total 14116
cud/phun:
total 1712
-r--r--r-- 1 brendan 149 81603 Aug 12 1990 phun-1
-r--r--r-- 1 brendan 149 151367 Aug 12 1990 phun-2
-r--r--r-- 1 brendan 149 241514 Aug 12 1990 phun-3
-r--r--r-- 1 brendan 149 207097 Aug 12 1990 phun-4
-r--r--r-- 1 brendan 149 140588 Nov 9 1990 phun-5
cud/pirate :
total 1514
-r--r--r-- 1 brendan 149 94932 Jul 26 1990 pirate-1
-r--r--r-- 1 brendan 149 205948 Jul 26 1990 pirate-2
-r--r--r-- 1 brendan 149 136370 Jul 26 1990 pirate-3
-r--r--r-- 1 brendan 149 171304 Jul 26 1990 pirate-4
-r--r--r-- 1 brendan 149 115472 Jul 26 1990 pirate-5
cud/ppp:
total 60
-r--r--r-- 1 brendan 149 8449 May 29 1991 ppp-1
-r--r--r-- 1 brendan 149 21077 May 29 1991 ppp-2
cud/schools:
University computer policies
total 462
-r--r--r-- 1 brendan 149 3329 Nov 16 05:39 Index
-r--r--r-- 1 brendan 149 15060 Feb 26 1991 acadia
-r--r--r-- 1 brendan 149 4530 Feb 26 1991 baylor
-r--r--r-- 1 brendan 149 2474 Feb 26 1991 bitnet
-r--r--r-- 1 brendan 149 4891 Feb 26 1991 bostonu
-r--r--r-- 1 brendan 149 8632 Feb 26 1991 colgateu
-r--r--r-- 1 brendan 149 4963 Feb 26 1991 columbiau
-r--r--r-- 1 brendan 149 4463 Feb 26 1991 danwebster
-r--r--r-- 1 brendan 149 7962 Feb 26 1991 jmadisonu
-r--r--r-- 1 brendan 149 6483 Feb 26 1991 kansas.state
-r--r--r-- 1 brendan 149 12699 Feb 26 1991 michstu
-r--r--r-- 1 brendan 149 4236 Feb 26 1991 newcastleu
-r--r--r-- 1 brendan 149 8138 Feb 26 1991 newmexstu
-r--r--r-- 1 brendan 149 1394 May 29 1991 ocf.bylaws
-r--r--r-- 1 brendan 149 14491 May 29 1991 ocf.constitution
-r--r--r-- 1 brendan 149 11185 May 14 1991 pucc
-r--r--r-- 1 brendan 149 10026 Feb 26 1991 purdue
-r--r--r-- 1 brendan 149 5878 Feb 26 1991 riacs
-r--r--r-- 1 brendan 149 4715 Feb 26 1991 rose.hulman.cs
-r--r--r-- 1 brendan 149 31308 Nov 16 05:33 udel.guidelines_draft
-r--r--r-- 1 brendan 149 3612 Nov 16 05:34 udel.policy_draft
-r--r--r-- 1 brendan 149 5311 Apr 6 1991 umich-1
-r--r--r-- 1 brendan 149 7906 Feb 26 1991 umich-2
-r--r--r-- 1 brendan 149 1714 Feb 26 1991 uofidaho
-r--r--r-- 1 brendan 149 7298 Feb 26 1991 uofmissouric
-r--r--r-- 1 brendan 149 2509 Feb 26 1991 uofmissourikc
-r--r--r-- 1 brendan 149 4080 Feb 26 1991 uofmissourirolla
-r--r--r-- 1 brendan 149 8165 Feb 26 1991 uofnewmexico
-r--r--r-- 1 brendan 149 2697 Feb 26 1991 uofpitt
-r--r--r-- 1 brendan 149 3425 Feb 26 1991 uofwales
-r--r--r-- 1 brendan 149 8624 Feb 26 1991 washu.engr
cud/synd:
total 780
-r--r--r-- 1 brendan 149 6680 Dec 21 1990 synd-1
-r--r--r-- 1 brendan 149 11371 Dec 21 1990 synd-10
-r--r--r-- 1 brendan 149 10383 Dec 21 1990 synd-11
-r--r--r-- 1 brendan 149 11274 Dec 21 1990 synd-12
-r--r--r-- 1 brendan 149 8245 Dec 21 1990 synd-13a
-r--r--r-- 1 brendan 149 14850 Dec 21 1990 synd-13b
-r--r--r-- 1 brendan 149 17365 Dec 21 1990 synd-14
-r--r--r-- 1 brendan 149 15540 Dec 21 1990 synd-15a
-r--r--r-- 1 brendan 149 13036 Dec 21 1990 synd-15b
-r--r--r-- 1 brendan 149 15181 Dec 21 1990 synd-16a
-r--r--r-- 1 brendan 149 14446 Feb 26 1991 synd-17
-r--r--r-- 1 brendan 149 6229 Dec 21 1990 synd-2
-r--r--r-- 1 brendan 149 20068 Dec 21 1990 synd-20a
-r--r--r-- 1 brendan 149 18740 Dec 21 1990 synd-20b
-rw-r--r-- 1 brendan 149 47975 Mar 9 13:52 synd-21
-rw-r--r-- 1 brendan 149 37628 Mar 9 13:53 synd-23
-rw-r--r-- 1 brendan 149 49182 Mar 9 13:53 synd-25
-r--r--r-- 1 brendan 149 5458 Dec 21 1990 synd-3
-r--r--r-- 1 brendan 149 8166 Dec 21 1990 synd-4
-r--r--r-- 1 brendan 149 8584 Dec 21 1990 synd-5
-r--r--r-- 1 brendan 149 11428 Dec 21 1990 synd-6
-r--r--r-- 1 brendan 149 9445 Dec 21 1990 synd-7
-r--r--r-- 1 brendan 149 11365 Dec 21 1990 synd-8
-r--r--r-- 1 brendan 149 11970 Dec 21 1990 synd-9
cud/tap:
total 496
-r--r--r-- 1 brendan 149 239001 Mar 9 1991 tap-1
cud/wview:
total 700
-r--r--r-- 1 brendan 149 32812 Jan 10 17:03 worldview-1.10
-r--r--r-- 1 brendan 149 30380 Jul 5 1991 worldview-1.5
-r--r--r-- 1 brendan 149 40310 Sep 7 20:27 worldview-1.6
-r--r--r-- 1 brendan 149 26539 Sep 21 22:45 worldview-1.7
-r--r--r-- 1 brendan 149 46112 Nov 10 17:37 worldview-1.9
-r--r--r-- 1 brendan 149 48680 Mar 8 17:51 worldview-2.1
-r--r--r-- 1 brendan 149 48568 Mar 12 03:06 worldview-2.2
-r--r--r-- 1 brendan 149 38305 Apr 9 18:03 worldview-2.3
-rw-r--r-- 1 brendan 149 41419 May 18 13:46 worldview-2.4
------------------------------
Date: Sun, 14 Jun 92 09:18:27 CST
From: MackL <Mclaugh@psicom2.edu>
Subject: File 7--PC BBS Raided by FBI (reprint)
"PC Bulletin Board Hit by FBI Raid"
By Josh Hyatt (Boston Globe)
From: (Chicago Tribune, June 14. Sect 7, p 3)
BOSTON--In one of the first reported crackdowns of its kind, six FBI
agents raided a computer bulletin board based in a Millbury, Mass.,
home last week. Authorities said the bulletin board's operator had
been illegally distributing copyrighted software.
Executing a criminal search warrant, the agents seized several
computers, six modems and a program called PC Board, which was used to
run the bulletin board. Authorities also seized documents that listed
users of the service.
No arrests were made, according to the Software Publisher's
Association, a trade group that brought the case to the FBI's
attention. The association estimates that, as of March, the bulletin
board had distributed $675,000 worth of copyrighted software; software
pirates, it says, annually steal as much as $12 billion this way.
The FBI will not comment on the case except to confirm that a raid had
taken place and that the investigation is continuing. The alleged
operator of the bulletin board, Richard Kenadek, could not be reached
for comment.
Around the same time as the raid, the software association filed a
civil lawsuit against Kenadek, charging him with violating copyright
laws. Ilene Rosenthal, the group's director of litigation, said that
"the man had incriminated himself" through various computerized
messages.
"There's plenty of evidence to show that he was very aware of
everything on his bulletin board," she said.
Bulletin boards let personal computer users access a host computer via
modems. Typically, participants exchange information regarding
everything from computer programs to tropical fish. They may also,
for example, obtain upgrades of computer programs.
The association said its own four-month investigation revealed that
this bulletin board, called Davy Jones Locker, contained copies of
more than 200 copyrighted programs.
Rosenthal said users also were encouraged to contribute copyrighted
software programs for others to download or copy.
According to Rosenthal, subscribers paid a fee, $49 for three months
or $99 for one year. She said Davy Jones Locker had nearly 400 paying
subscribers in 36 states and 11 foreign countries.
------------------------------
End of Computer Underground Digest #4.26
************************************
Computer underground Digest Sun June 21, 1992 Volume 4 : Issue 27
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Associate Editor: Etaion Shrdlu, Jr.
Newest Authormeister: B. Kehoe
Ex-Arcmeister: Bob Kusumoto
Downundermeister: Dan Carosone
CONTENTS, #4.27 (June 21, 1992)
File 1--RFD: comp.society.cu-digest
File 2--Changing CuD to a Comp Usenet Group (Moderators' view)
File 3--CFP'93 Call for Participation
File 4--CPSR membership info
File 5--CPSR New Managing Director
File 6--Gore introduces Senate version of WINDO
File 7--NY Telephone Cuts Int'l Service At Some pay Phones (NEWSBYTES)
Back issues of CuD can be found in the Usenet alt.society.cu-digest
news group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM, on Genie in the PF*NPC RT
libraries, on the PC-EXEC BBS at (414) 789-4210, and by anonymous ftp
from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Fri, 19 Jun 1992 04:06:09 GMT
From: chip@chinacat.unicom.com (Chip Rosenthal)
Subject: File 1--RFD: comp.society.cu-digest
(Moderators' note: Chip Rosenthal has been instrumental in advocating
changing Cu Digest from an alt to a comp group in the Usenet
hierarchy. He posted the following on Usenet's news.groups list).
PROPOSAL:comp.society.cu-digest (moderated)
CHARTER:The Computer Underground Digest
SUMMARY: The proposed newsgroup will be used to distributed the
Computer Underground Digest. The CuD is an open forum for issues
relating to the phenomena of computer cracking. It has been in
publication since 1990, and is widely distributed in a number of
electronic forms.
The Computer Underground Digest began publication in early 1990 to
discuss the issues related to computer cracking -- and the crackdown
on cracking. Shortly thereafter, a gateway was instituted to
distribute CuD via alt.society.cu-digest. If this proposal passes,
the gateway destination will be changed to comp.society.cu-digest and
the alt.society.cu-digest newsgroup will be decommissioned.
Since the CuD is an edited periodical (a la RISKS Digest), it is best
handled as a moderated newsgroup. The editors of the CuD are
reachable via Internet mail at the address <tk0jut2@mvs.cso.niu.edu>.
That would be used as the `mailpaths' address for the moderated group.
If you have never seen the CuD, volume 4, issue 26 was posted to
alt.society.cu-digest recently. You might want to check it out.
I asked the editors of the CuD to contribute a brief description for
inclusion in ths RFD. This is what they provided:
| Computer underground Digest (or CuD) began in March, 1990, to continue
| discussion of so-called "hacker crackdowns," especially the
| Phrack/Craig Neidorf indictment, that Pat Townson (moderator of
| Telecom Digest) was unable to publish. CuD's editors, Jim Thomas and
| Gordon Meyer, assumed that CuD would be a temporary forum. But, as
| articles came in and the scope of the discussions expanded, CuD has
| become an established electronic journal.
|
| Although classified as a "hack-symp 'zine" by The Village Voice, CuD
| encourages articles that reflect a diversity of opinion, politics, and
| ideology. CuD is an open forum dedicated to sharing information among
| computerists and to the presentation and debate of diverse views.
| Readers are encouraged to submit reasoned articles relating to
| computer culture and communication. Discussions of the legal,
| ethical, social, and political implications of "cyberspace" and
| computer culture provide the core of CuD articles. The editors
| strongly encourage debate over the content and direction of computer
| technology in contemporary society.
I am not involved in the production of the CuD in any way. I merely
operate the gateway to distribute CuD via USENET. This proposal is
being made with the knowledge and support of the CuD editors. I would
be glad to answer questions regarding this RFD or the USENET gateway.
Questions regarding the content of the CuD should be directed to the
editors at <tk0jut2@mvs.cso.niu.edu>. Followups have been directed
to news.groups. Mail replies have been directed to an alias which
reaches both the moderators and myself. If there is consensus that
this proposal is reasonable, I will bring it to a vote in approximately
two weeks.
***
Chip Rosenthal 512-482-8260 | Let the wayward children play. Let the wicked
Unicom Systems Development | have their day. Let the chips fall where they
<chip@chinacat.Unicom.COM> | may. I'm going to Disneyland. -Timbuk 3
------------------------------
Date: Sat 20 Jun 92 10:21:39 CST
From: Moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 2--Changing CuD to a Comp Usenet Group (Moderators' view)
Thanks to Chip and others who have suggested and supported changing
CuD to a comp group. The advantage of changing is this:
The current readership is between 26,000-30,000 (about 16,000 on usenet
as alt.society.cu-digest) and the rest on GEnie, Compuserve, BBSes and
news-feeds and a large mailing list. The number of sites carrying alt
groups seems to be diminishing (according to usenet stats), and a
shift to comp would enable us to reduce the mailing list (and thus
bandwidth), expand the access of to CuD a significant number of
readers who lacking access to alt groups, and to improve the quality
of articles by expanding the pool or readers (and presumably
contributors).
CuD focuses on computer issues relevant to scholars, researchers, and the
media in much the same way as other comp groups (EFF, Telecom Digest,
RISKS) does. The primary difference is that we encourage articles
(rather than sort posts, although we try to include as many posts as
space allows). Our primary interest is on the legal and cultural
aspects of cyberspace, and we try to keep readers informed of relevant
computer conferences, computer-related news, book reviews, and
summaries of research on computer culture. The current mailing list
is about 50 percent computer professionals and academics, 30 percent
media, law enforcement, government/military agencies and non-computer
professionals, and 20 percent students. Although we have no hard data,
we assume that the usenet stats correspond to the mailing list
(judging from responses).
For those unsure of what CuD is: CuD stands for Computer underground
Digest, a name that was given to the first issue by a poster and the name
stuck. Recent issues have included transcripts of the PHRACK trial,
the Playboy/Event Horizons' suit, summaries, transcripts, and the text of
the FBI's proposed wire tap legislation, and attempts to make presidential
candidates aware of the power of electronic media as a "town-hall forum."
Subscriptions are available by dropping a one word "SUBSCRIBE" note
(with address included underneath):
example: SUB CuD
gayle jones gayle@jones.edu
Mail the requests to TK0JUT2@mvs.cso.niu.edu or TK0JUT2@niu.bitnet
We appreciate the support we have received for re-naming, and we
encourage readers to vote in support of the change in two weeks.
Discussions and other relevant information on voting can be found on
Usenet's news.groups
------------------------------
Date: Wed, 17 Jun 92 11:48:16 -0700
From: Bruce R Koball <bkoball@WELL.SF.CA.US>
Subject: File 3--CFP'93 Call for Participation
Call for Participation
CFP'93
The Third Conference on Computers, Freedom and Privacy
Sponsored by ACM SIGCOMM, SIGCAS & SIGSAC
9 - 12 March 1993
San Francisco Airport Marriott Hotel, Burlingame, CA
INVITATION
This is an invitation to submit session and topic proposals for
inclusion in the program of the Third Conference on Computers,
Freedom and Privacy. Proposals may be for individual talks, panel
discussions, debates or other presentations in appropriate
formats. Proposed topics should be within the general scope of the
conference, as outlined below.
SCOPE
The advance of computer and telecommunications technologies holds
great promise for individuals and society. From convenience for
consumers and efficiency in commerce to improved public health and
safety and increased participation in democratic institutions,
these technologies can fundamentally transform our lives.
At the same time these technologies pose threats to the ideals of
a free and open society. Personal privacy is increasingly at risk
from invasion by high-tech surveillance and eavesdropping. The
myriad databases containing personal information maintained in the
public and private sectors expose private life to constant
scrutiny.
Technological advances also enable new forms of illegal activity,
posing new problems for legal and law enforcement officials and
challenging the very definitions of crime and civil liberties. But
technologies used to combat these crimes can threaten the
traditional barriers between the individual and the state.
Even such fundamental notions as speech, assembly and property are
being transformed by these technologies, throwing into question
the basic Constitutional protections that have guarded them.
Similarly, information knows no borders; as the scope of economies
becomes global and as networked communities transcend
international boundaries, ways must be found to reconcile
competing political, social and economic interests in the digital
domain.
The Third Conference on Computers, Freedom and Privacy will
assemble experts, advocates and interested people from a broad
spectrum of disciplines and backgrounds in a balanced public forum
to address the impact of computer and telecommunications
technologies on freedom and privacy in society. Participants will
include people from the fields of computer science, law, business,
research, information, library science, health, public policy,
government, law enforcement, public advocacy and many others.
Topics covered in previous CFP conferences include:
Personal Information and Privacy
International Perspectives and Impacts
Law Enforcement and Civil Liberties
Ethics, Morality and Criminality
Electronic Speech, Press and Assembly
Who Logs On (Computer & Telecom Networks)
Free Speech and the Public Telephone Network
Access to Government Information
Computer-based Surveillance of Individuals
Computers in the Workplace
Who Holds the Keys? (Cryptography)
Who's in Your Genes? (Genetic Information)
Ethics and Education
Public Policy for the 21st Century
These topics are given as examples and are not meant to exclude
other possible topics on the general subject of Computers, Freedom
and Privacy.
PROPOSAL SUBMISSION
All proposals should be accompanied by a position statement of at
least one page, describing the proposed presentation, its theme
and format. Proposals for panel discussions, debates and other
multi-person presentations should include a list of proposed
participants and session chair. Proposals should be sent to:
CFP'93 Proposals
2210 Sixth Street
Berkeley, CA 94710
or by email to: cfp93@well.sf.ca.us with the word "Proposal"
in the subject line. Proposals should be submitted as soon as
possible to allow thorough consideration for inclusion in the
formal program. The deadline for submissions is 15 August 1992.
STUDENT PAPER COMPETITION
Full time students are invited to enter the student paper
competition. Winners will receive a scholarship to attend the
conference and present their papers.
Papers should not exceed 2500 words and should address the impact
of computer and telecommunications technologies on freedom and
privacy in society. All papers should be submitted to Professor
Dorothy Denning by 15 October 1992. Authors may submit their
papers either by sending them as straight text via email to:
denning@cs.georgetown.edu or by sending 6 printed copies to:
Professor Dorothy Denning
Georgetown University
Dept. of Computer Science
225 Reiss Science Bldg.
Washington DC 20057
Submitters should include the name of their institution, degree
program, and a signed statement affirming that they are a full-
time student at their institution and that the paper is an
original, unpublished work of their own.
INFORMATION
For more information on the CFP'93 program and advance
registration, as it becomes available, write to:
CFP'93 Information
2210 Sixth Street
Berkeley, CA 94710
or send email to: cfp93@well.sf.ca.us with the word
"Information" in the subject line.
THE ORGANIZERS
General Chair
-------------
Bruce R. Koball
CFP'93
2210 Sixth Street
Berkeley, CA 94710
510-845-1350 (voice)
510-845-3946 (fax)
bkoball@well.sf.ca.us
Steering Committee
------------------
John Baker Mitch Ratcliffe
Equifax MacWeek Magazine
Mary J. Culnan David D. Redell
Georgetown University DEC Systems Research
Center
Dorothy Denning
Georgetown University Marc Rotenberg
Computer Professionals
Les Earnest for Social Responsibility
GeoGroup, Inc.
C. James Schmidt
Mike Godwin San Jose State University
Electronic Frontier Foundation
Barbara Simons
Mark Graham IBM
Pandora Systems
Lee Tien
Lance J. Hoffman Attorney
George Washington University
George Trubow
Donald G. Ingraham John Marshall Law School
Office of the District Attorney,
Alameda County, CA Willis Ware
Rand Corp.
Simona Nass
Student - Cardozo Law School Jim Warren
Microtimes
Peter G. Neumann & Autodesk, Inc.
SRI International
Affiliations are listed for identification only.
Please distribute and post this notice!
------------------------------
Date: Mon, 15 Jun 1992 12:25:53 PDT
From: Nikki Draper <draper@CSLI.STANFORD.EDU>
Subject: File 4--CPSR membership info
COMPUTER PROFESSIONALS FOR SOCIAL RESPONSIBILITY is a public-interest
alliance of computer scientists and others interested in the impact of
computer technology on society. We work to influence decisions
regarding the development and use of computers because those decisions
have far-reaching consequences and reflect basic values and
priorities.
As technical experts, CPSR members provide the public and policymakers
with realistic assessments of the power, promise, and limitations of
computer technology. As concerned citizens, we direct public
attention to critical choices concerning the applications of computing
and how those choices affect society.
Members of CPSR believe that computer technology should make life more
enjoyable, productive, and secure. We are working for a world in
which science and technology are used not to produce weapons of war,
but to foster a safe and just society. These concerns impel us to
many forms of action:
o We encourage public discussion of and public responsibility for
decisions involving the use of computers in systems critical to
society.
o We work to dispel popular myths about the infallibility of
technological systems.
o We challenge the assumption that technology alone can solve
political and social problems.
o We encourage critical examination of social and technical issues
within the computer profession, nationally and internationally.
o We encourage the use of computer technology to improve the quality
of life.
CPSR HISTORY
------------
Since its beginnings as a small discussion group formed over a Palo
Alto computer mail network in 1981, CPSR has grown into a national
organization with 21 chapters throughout the United States. We are also
affiliated with similar groups in Canada, Australia, New Zealand, Great
Britain, Germany, Finland, and Italy. Membership is open to all.
CPSR PROJECTS
-------------
Risk and Reliability:
Overreliance on computing technology can lead to unacceptable risks.
This project analyzes application areas in which those risks seem
particularly serious:
o SDI software problems
o dangers of autonomous weapons
o the inadequacy of simulation as a means for testing complex systems
o the potential for software failure in life-critical systems
Civil Liberties and Privacy:
The growing use of computers for record-keeping has brought with it the
danger that the vast amount of information maintained about individuals
threatens our privacy. Centered in our Washington D.C. office, the
Civil Liberties and Privacy Project is concerned with such topics as:
o the FBI National Crime Information Center
o the growing use of databases of personal information by both
government and private industry
o the right of public access to government information
o extension of First Amendment rights to electronic communication
o establishing legal protections for privacy of computerized
information
The CPSR Workplace Project:
By the mid-1990s, most U.S. workers will use a computer on the job.
The increasing use of computers in the workplace raises important
social issues, and CPSR believes that it is important for computer
professionals to be involved in this debate. CPSR's Computers in the
Workplace Project has concentrated on the following topics:
o design methodologies for workplace software
o electronic monitoring of workers on the job
o health problems associated with computer use
The 21st Century Project:
Since the Second World War, most U.S. research in science and technology
has been funded by the military and directed toward military needs.
With the end of the Cold War and the changes that have swept Eastern
Europe and the Soviet Union, it is time to refocus our scientific and
technological research toward the problems that society faces as we
enter the next century.
The 21st Century Project, led by CPSR from our Cambridge office, is a
coalition of professional organizations working to redirect national
science and technology priorities, so that they more closely match
social needs.
Grassroots Projects:
CPSR's chapter-based projects and national interest groups span a wide
range of issues, including:
o computers in education
o computers and the environment
o viruses and threats to computer security
o computerized vote-counting systems
o status of women in computer science
o implications of speculative technologies such as nanotechnology
and virtual reality
HIGHLIGHTS
----------
In the ten years since CPSR's creation, CPSR has been effective in
alerting the public and key decision-makers in the U.S. and abroad
about the impact of computers on society:
o CPSR published the first papers and held the first public debates
on the computing aspects of the Strategic Defense Initiative, or
"Star Wars."
o CPSR members testified before a U.S. Senate subcommittee on the
feasibility of SDI.
o CPSR/Boston produced an award-winning slide show and videotape
called "Reliability and Risk: Computers and Nuclear War."
o CPSR members produced the first book for general audiences on the
ways in which computers revolutionize modern weapons systems,
*Computers in Battle: Will they Work?*
o At the request of a House subcommittee, CPSR studied the FBI's
proposed National Crime Information Center upgrade (NCIC 2000).
CPSR's report was widely credited for the FBI's subsequent decision
to drop a proposal to track individuals who had not been charged
with any crime.
o CPSR co-produced a "Special Report on Computers and Elections"
for the 1988 Presidential Campaign, highlighting the potential
for errors in electronic vote-counting systems.
o CPSR filed lawsuits under the Freedom of Information Act to force
the FBI and Secret Service to reveal whether they monitor computer
bulletin boards and electronic mail.
o CPSR/Portland hosted a conference on Computers and the Environment.
o The CPSR Workplace Project organized PDC'90--the first U.S.
conference on participatory design, in which users work together
with software designers to ensure that systems meet workers' needs.
o CPSR helped lead a successful grassroots campaign to convince the
Lotus Development Corporation not to release their proposed
Marketplace: Households product, which would have included data
on 120 million Americans.
o CPSR/Berkeley organized a media campaign to register our concern
over the deadly role of computing technology in the Persian Gulf
War.
MEMBERSHIP BENEFITS
-------------------
o The CPSR Newsletter--a highly regarded magazine with reviews of
CPSR's activities and analyses of issues of concern to CPSR members.
o Invitations and discounts to CPSR events, including the annual
meeting, our biannual conference on Directions and Implications
of Advanced Computing, and various special events.
o Notice of new CPSR educational materials, including videotapes,
research papers, and books.
o Automatic membership in a local CPSR chapter (if available) and
notices of chapter meetings and activities.
MEMBERSHIP CATEGORIES
---------------------
The attached reply form lists several categories of membership. The $40
"basic" membership covers only the costs of sending you the newsletter
and the basic administrative services we provide. If you want to help
support CPSR's program work, please consider joining at the $75
"regular" rate, or at whatever higher level you can afford. CPSR's
accomplishments during our first ten years were possible because we had
strong membership support. Such support will continue to be critical
as we try to make our second decade even more successful.
PRIVACY NOTICE
--------------
The CPSR membership database is never sold, rented, lent, exchanged, or
used for anything other than official CPSR activity. CPSR may elect
to send members mailings with information from other groups, but the
mailings will always originate with CPSR.
ORGANIZATIONAL INFORMATION
--------------------------
CPSR National Office
P.O. Box 717
Palo Alto, CA 94302
415-322-3778, 415-322-3798 (FAX)
E-mail: cpsr@csli.stanford.edu
CPSR Cambridge Office
P.O. Box 962
Cambridge, MA 02142
617-497-7440
chapman@saffron.lcs.mit.edu
CPSR Washington Office
666 Pennsylvania Ave SE, Suite 303
Washington, DC 20003
202-544-9240, 202-547-5482 (FAX)
rotenberg@washofc.cpsr.org
Staff
Gary Chapman Cambridge Director
Marc Rotenberg Washington Director
Evelyn Pine Managing Director
Nikki Draper Assistant to the Director, National
National Advisory Board
Herbert L. Abrams Richard Karp Anthony Ralston
John Backus Barbara Liskov John Shattuck
Paul Brest James Martin Herbert Simon
David Burnham Elliot Maxwell Robert E. Tarjan
Dorothy Denning Eli Noam Robert W. Taylor
Douglas Engelbart Karen Nussbaum Lawrence Tesler
Admiral Noel Gayler Severo M. Ornstein Sherry Turkle
Adele Goldberg
Board of Directors
Eric Roberts President
Jeff Johnson Chair
Todd Newman Secretary
Rodney Hoffman Treasurer
Ronni Rosenberg Director-at-Large
Dan Williams Director-at-Large
Paul Hyland Middle Atlantic Director
Lesley Kalmin Western Director
Patti Lowe Midwestern Director
Ivan Milman Southern Director
Douglas Schuler Northwestern Director
Coralee Whitcomb New England Director
Terry Winograd Special Director
Cathy Cook Special Director
============================ clip and mail ===========================
CPSR MEMBERSHIP FORM
Name ___________________________________________________________
Address ___________________________________________________________
___________________________________________________________
City/State/Zip _____________________________________________________
Home phone _____________________ Work phone ______________________
Company ___________________________________________________________
Type of work ______________________________________________________
E-mail address _____________________________________________________
CPSR Chapter
__ Acadiana __ Austin __ Berkeley
__ Boston __ Chicago __ Denver/Boulder
__ Los Angeles __ Madison __ Maine
__ Milwaukee __ Minnesota __ New Haven
__ New York __ Palo Alto __ Philadelphia
__ Pittsburgh __ Portland __ San Diego
__ Santa Cruz __ Seattle __ Washington, DC
__ No chapter in my area
CPSR Membership Categories
__ $ 20 Student/low income member
__ $ 40 Basic member
__ $ 50 Library/institutional subscriber
__ $ 75 REGULAR MEMBER
__ $ 150 Supporting member
__ $ 500 Sponsoring member
__ $1000 Lifetime member
Additional tax-deductible contribution to support CPSR projects:
__ $50 __ $75 __ $100 __ $250
__ $500 __ $1000 __ Other
Please add $10 for memberships outside the U.S.
Total Enclosed: $ ________
Make check out to CPSR and mail to:
CPSR
P.O. Box 717
Palo Alto, CA 94302-0717
------------------------------
Date: Mon, 15 Jun 1992 12:23:23 PDT
From: Nikki Draper <draper@CSLI.STANFORD.EDU>
Subject: File 5--CPSR New Managing Director
FOR IMMEDIATE RELEASE
contact:
Nikki Draper
draper@csli.stanford.edu
(415) 322-3778
COMPUTER PROFESSIONALS FOR SOCIAL RESPONSIBILITY
NAMES EVELYN PINE NEW MANAGING DIRECTOR
PALO ALTO, Calif., June 5, 1992 -- Computer Professionals for Social
Responsibility (CPSR), the national alliance of professionals concerned
with the impact of technology on society based here, announced that
it has named Evelyn Pine as Managing Director. Pine, who reports to
the organization's Board of Directors, is responsible for the overall
administration of the national organization, including coordination
with its offices in Cambridge, MA and Washington, D.C. In addition,
Pine will be responsible for the design and implementation of a long-
range organizational development plan.
"Whether fighting to protect civil liberties in the information age,
or forging a non-military agenda for American research and
development, CPSR will continue to challenge both government
and industry to insure that technology serves human needs,"
Pine said.
For ten years, Pine has worked to ensure that Americans make
meaningful use of electronic technology. She comes to CPSR
from a stint as the Executive Director of The Community Memory
Project, the first participatory, public access computer network
in the country. While there, she encouraged seniors low income
families and at risk youth to use the network, located in Berkeley,
California, to share information and discuss crucial issues. As Deputy
Director of the Foundation for Community Service Cable TV, Pine
worked with local governments, schools, and community
organizations to create local cable programming.
"CPSR is extremely fortunate to have someone of Evelyn's caliber to
oversee and direct our national effort. Over the last ten years, CPSR
has established itself as a critical voice in the public debate over
technology," said Eric Roberts, president of the board of directors.
"Evelyn brings considerable talent and experience to this position.
We feel that she is the right person to lead CPSR into our second
decade."
Founded in 1981, CPSR is a public interest alliance of computer
scientists and other professionals interested in the impact of
computer technology on society. As technical experts and
informed citizens, CPSR members provide the public and policy
makers with realistic assessments of the power, promise, and
limitations of computer technology.
CPSR began as a small discussion group formed over a electronic
mail network. Today it has grown into a national organization,
with 21 chapters in the United States. The organization also has
program offices in Washington D.C. and Cambridge, MA.
The Washington D.C. office is the focal point for CPSR's Civil Liberties
and Privacy Program. This effort is concerned with equitable public
access to government information; protection of First Amendment
rights in electronic communication; and rights of privacy attached to
computerized information.
The Cambridge, MA office is the focal point for the organization's
21st Century Project. It is a coalition of professional organizations
working to redirect national science and technology priorities, so that
they more closely match social needs.
For more information on the Civil Liberties and Privacy Program,
contact Marc Rotenberg at (202) 544-9240.
For information on The 21st Century Project, contact
Gary Chapman at 617-497-7440.
------------------------------
Date: Wed, 17 Jun 1992 17:06:02 EDT
From: James P Love <LOVE@PUCC.BITNET>
Subject: File 6--Gore introduces Senate version of WINDO
- Gore, Ford, Sarbanes and Simons introduce Senate verions of GPO WINDO.
- Name of bill is changed to GPO Gateway to Government
- Fiscal note is $3 million in fy 93, $10 million in fy 94.
On June 4, 1992 Senators Gore, Ford, Sarbanes and Simons introduced S.
2813, the GPO Gateway to Government. The text of the bill was printed
on page S. 7599 of the Congressional Record. The bill, which I
haven't seen yet, is reportedly very similiar to Rose's hr 2772.
All four cosponsors are democrats. It was a pleasant surprise that
Senator Ford, who chairs the Senate Rules Committee (where the bill is
referred) was among the sponors. Unfortunately, Senator Stevens
(R-AK) was not among the originial cosponsors.
As readers of this list may know, the GPO WINDO (HR 2772) and the GPO
Gateway to Government (S 2813) would provide one-stop-shopping online
access to federal government databases and and information systems.
The service would be free to 1,400 federal depository libraries and
available for subscriptions in homes and offices, priced at the
incremental cost of disseminating the information. The service would
be available through the internet and over ordinary telephone lines
using a modem. For more information, contact Anne Heanue, American
Library Association 202/547-4440; Bernadine Hoduski, Joint Committee
on Printing 202/224-5953; or James Love, Taxpayer Assets Project
609/683-0534.
------------------------------
Date: Thu, Jun 18, '92 (21:45)
From: John F. McMullen (mcmullen@well.sf.ca.us)
Subject: File 7--NY Telephone Cuts Int'l Service At Some pay Phones (NEWSBYTES)
NEW YORK, NEW YORK, U.S.A., 1992 JUN 18 (NB) -- As part of its effort
to figh phone fraud with stolen calling card numbers, New York
Telephone is blocking international calls from most of its public
phones inside the Port Authority Bus Terminal and at surrounding
sidewalk locations. The company said it would also target other
high-fraud areas throughout New York City.
New York Telephone will rely on technology developed by Mars
Electronics International, based in Pennsylvania, which blocks
international calls attempted through any long distance carrier or
private business phone system. New York Telephone said it would
implement the program at selected public phones so as not to
inconvenience legitimate callers.
This is the second time that phone companies have limited service at
pay phones as an anti-crime move. A few years ago, some phones were
switched from touchtone to rotary dial service, to keep people using
them from reaching beepers allegedly used by drug dealers.
Now the problem is "sidewalk surfing," where thieves listen to callers
giving their card numbers to operators, or peer over their shoulders
when they take out calling cards. The numbers are then taken to a pay
phone, where services using them are sold to all comers. Frequently,
the services are sold to drug dealers, who can then make untraceable
calls to their overseas contacts. Some observers claim that the
numbers are also used by illegal immigrants calling their families
back home.
Telephone fraud is estimated at more than $1 billion a year
nationwide. New York Telephone operates more than 57,000 public
phones in New York City.
(Dana Blankenhorn/19920618/Press Contact: Maureen Flanagan, New York
Telephone, 212-395-0500)
+++++++++++++++++++++++++++++++++++
****NY Police Responds To Blockage Of Int'l Phone Calls 06/18/92
WASHINGTON, D.C., U.S.A., 1992 JUN 18 (NB) -- New York State Police
Special Investigator Donald Delaney, in a conversation with Newsbytes,
strongly supported the move by New York Telephone Company, blocking
calls to foreign countries from pay phones in New York City's Times
Square , Port Authority Bus Terminal and other midtown locations with
a history of high credit card calling fraud, as reported elsewhere by
Newsbytes.
Delaney said: "I think that it is about time that such action was
taken. Telephone fraud in New York City is out of control and that is
why that New York Telephone took the action"
Delaney continued: "I think that this should be just the beginning. It
is not only in midtown Manhattan that we find this fraud. From one end
of Broadway t another, there is heavy incidence of fraudulent calls
through pay phones. You will also find neighborhoods that have high
incidence of the same type of crime. I would like to see the same type
of blockage on all pay phones." The Port Authority Bus Terminal has
long been identified as a major scene of telecommunications fraud
encompassing not only call selling by the collection of valid credit
card numbers from unsuspecting users so that numbers may, in turn, be
used for fraudulent calls. The numbers are generally taken through
"shoulder-surfing", a term for simply looking over the shoulder of an
unsuspecting caller and recording the keystrokes made while entering
the credit card number.
According to Delaney, shoulder-surfing in the Port Authority takes in
a whole new dimension with people using binoculars and telescopes from
positions in Port Authority's balcony to see the numbers and
voice-activated tape recorder to record them.
(Barbara E. McMullen & John F. McMullen/19920617)
------------------------------
End of Computer Underground Digest #4.27
************************************
Computer underground Digest Mon June 29, 1992 Volume 4 : Issue 28
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Associate Editor: Etaion Shrdlu, Jr.
Newest Authormeister: B. Kehoe
Ex-Arcmeister: Bob Kusumoto
Downundermeister: Dan Carosone
CONTENTS, #4.28 (June 29, 1992)
File 1--Proposal: A Market Mechanism for Information Age Goods
File 2--EFF on GEnie's RoundTable
Back issues of CuD can be found in the Usenet alt.society.cu-digest
news group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM, on Genie in the PF*NPC RT
libraries, on the PC-EXEC BBS at (414) 789-4210, and by anonymous ftp
from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Sat, 20 Jun 92 12:39:51 0
From: infoage!bradcox@hsi.hsi.com (Brad Cox, Ph.D.)
Subject: File 1--Proposal: A Market Mechanism for Information Age Goods
The enclosed article, which was written as a column for an
object-oriented programming magazine, proposes an initiative that has
great potential for both good and for harm. I believe that
superdistribution, as discussed in this paper, should be relevant to
EFF's interests, even though it looks at privacy from a viewpoint
contrary to the one that EFF generally endorses.
++++++++++++++
"WHAT IF THERE *IS* A SILVER BULLET...AND THE COMPETITION GETS IT FIRST?"
(Invited Column; Journal of Object-oriented Programming; June 1992)
Few programmers could develop a compiler, word processor or spreadsheet
to compete in today's crowded software market The cost and complexity
of modern-day applications far exceed the financial and intellectual
capacity of even the rarest of individuals. Even large-granularity
sub-components like window systems, persistent object databases and
communication facilities can be larger than most individuals could
handle. But nearly any of us could provide smaller (so-called
'reusable') software components that others could assemble into larger
objects; components as small as Stacks and Queues.
So why don't we? Why do we drudge away our lives in companies with the
financial, technical, and marketing muscle to build the huge objects we
call applications? Why don't we start software companies, like Intel,
to invent, build, test, document, and market small-granularity objects
for other companies to buy? Think of the reduction in auto emission
pollution if more of us stayed home to build small-granularity
components for sale! Think of not having to get along with the boss!
Object-oriented programming technologies have brought us tantalizingly
close to making this dream technically, if not economically, feasible.
Subroutines have long been able to encapsulate functionality into
modules that others can use without needing to look inside, just as
with Intel's silicon components. Object-oriented programming languages
have extended our ability to encapsulate functionality within
Software-ICs<1> that can support higher-level objects than subroutines
ever could<2>. Such languages have already made the use of
pre-fabricated data structure and graphical user interface classes a
viable alternative to fabricating cut-to-fit components for each
application. All this is technically feasible already, even though the
software industrial revolution has hardly begun<3>.
Yet these technical advances have not really changed the way we
organize to build software. They've just providing better tools for
building software just as we've done in the past. The pre-fabricated
small components of today are not bought and sold as assets in their
own right, but are bundled (given away) inside something much larger
than any individual could build. Sometimes they are bundled to inflate
the value (and price!) of some cheap commodity item, as in Apple's ROM
software that turns a $50 CPU chip into a $5000 Macintosh computer.
Sometimes they play the same role with respect to software objects, as
in the libraries that come with object-oriented compilers.
There is no way of marketing the small active objects that we call
reusable software components, at least not today. The same is true of
the passive objects we call data. For example, nearly 50% of the bulk
waste in our landfills is newspapers and magazines. Nearly half of our
bulk waste problem could be eliminated if we could break the habit of
fondling the macerated remains of some forest critter's home as we
drink our morning coffee. But this is far more than a bad habit from
the viewpoint of newspaper publishers. If they distributed news
electronically, how would they charge for their labor?
Paper-based information distribution makes certain kinds of information
unavailable even when the information is easily obtainable. For
example, I hate price-comparison shopping and would gladly pay for
high-quality information as to where to buy groceries and gasoline
cheaply within driving distance of my home. This information is avidly
collected by various silver-haired ladies in my community, but solely
for their own use. There is no incentive for them to electronically
distribute their expertise to customers like myself.
What if entrepreneurs could market electronic information objects for
other people to buy? Couldn't geographically specialized but broadly
relevant objects like my gasoline price example be the 'killer apps'
that the hardware vendors are so desperately seeking? Think of what it
could it mean to today's saturated market if everyone who buys gasoline
and groceries bought a computer simply to benefit from Aunt Nellie's
coupon-clipping acumen?
Information Age Economics
These questions outline the fundamental obstacle of the manufacturing
age to information age transition. The human race is adept at selling
tangible goods such as Twinkies, automobiles, and newspapers. But we've
never developed a commercially robust way of buying and selling easily
copied intangible goods like electronic data and software.
Of course, there are more obstacles to building a robust market in
electronic objects than I could ever mention here. Many of them are
technological deficiencies that could easily be corrected, such as the
lack of suitably diverse encapsulation and binding mechanisms in
today's object-oriented programming languages, insufficient
telecommunications bandwidth and reliability, and the dearth of capable
browsers, repositories and software classification schemes. My second
book, Object Technologies; A Revolutionary Approach, <Cox2> considers
these technical obstacles in detail to show how each one could be
overcome if suitable economic incentives were in place.
The biggest obstacle is that electronic objects can be copied so easily
that there is no way to collect revenue the way Intel does, by
collecting a fee each time another copy of a silicon object is needed.
More than any other reason, this is why nobody would ever quit their
day job to build small-granularity software components for a living.
A striking vestige of manufacturing age thinking is the still-dominant
practice of charging for information age goods like software by the
copy. Since electronic goods can be copied easily by every consumer,
the producers must inhibit copying with such abominations as shrinkwrap
license agreements and copy protection dongles. Since these are not
reliable and are increasingly rejected by software consumers, SPA
(Software Publishers Association) and BSA (Business Software Alliance)
have even started using handcuffs and jail sentences as copy protection
technologies that actually do work even for information age products
like software.
The lack of robust information age incentives explains why so many
corporate reuse library initiatives have collapsed under a hail of user
complaints. "Poorly documented. Poorly tested. Too hard to find what I
need. Does not address my specific requirements." Except for the often
rumored "Not invented here" syndrome, the problem is only occasionally
a demand side problem. The big problems are on the supply side. There
are no robust incentives to encourage producers to provide minutely
specialized, tested, documented and (dare I hope?) guaranteed
components that quality-conscious engineers might pay good money to
buy. As long as these "repositories" are waste disposal dumps where we
throw poorly tested and undocumented trash for garbage pickers to
"reuse", quality-conscious engineers will rightly insist, "Not in my
backyard!"
Paying for software by the copy (or "reusing" it for free) is so
widespread today that it may seem like the only option. But think of it
in object-oriented terms. Where is it written that we should pay for an
object's instance variables (data) according to usage (in the form of
network access charges) yet pay for methods (software) by the copy?
Shouldn't we also consider incentive structures that could motivate
people to buy and sell electronic objects in which the historical
distinction between program and data are altogether hidden from view?
Superdistribution
Lets consider a different approach that might work for any form of
computer-based information. It is based on the following observation.
Software objects differ from tangible objects in being fundamentally
unable to monitor their copying but trivially able to monitor their
use. For example, it is easy to make software count how many times it
has been invoked, but hard to make it count how many times it has been
copied.
So why not build an information age market economy around this
difference between manufacturing age and information age goods? If
revenue collection were based on monitoring the use of software inside
a computer, vendors could dispense with copy protection altogether.
They could distribute electronic objects for free in expectation of a
usage-based revenue stream.
Legal precedents for this approach already exist. The distinction
between copyright (the right to copy or distribute) and useright (the
right to 'perform', or to use a copy once obtained) are both provided
by existing copyright laws. They were stringently tested in court a
century ago as the music publishers were sorting out the implications
of the emerging music broadcasting industry.
When we buy a record, we acquire ownership of a physical copy
(copyright), but only a limited useright; just the right to use the
music for personal enjoyment. Conversely, large television and radio
companies get the very same records for free, but pay substantial fees
for the useright to play the music on the air. The fees are
administered by ASCAP (American Society of Composers, Authors and
Publishers) and BMI (Broadcasting Musicians Institute) by monitoring
how often each record is broadcast to how large a listening audience.
A Japanese industry-wide consortium, JEIDA (Japanese Electronics
Industrial Development Association) is developing an analogous approach
that analogizes each computer to a station that broadcasts to an
audience of one<4>. Called super�distribution, its premise is that copy
protection is exactly the wrong idea for software. Instead,
superdistribution allows software to be freely distributed and freely
acquired via whatever distribution mechanism you please. You are
specifically encouraged to download superdistribution software from
networks, give copies to your friends, or send it as junk mail to
people you've never met. Spray my software from airplanes if you want.
Please!
This generosity is possible because this software is 'meterware'. It
has strings attached that effectively make revenue collection
completely independent of software distribution. The software contains
embedded instructions that make it useless except on machines that are
equipped for this new kind of revenue collection.
The computers that can run superdistribution software are otherwise
quite ordinary. In particular, they will run ordinary pay-by-copy
software just fine. They just have additional capabilities that only
superdistribution software uses. In JEIDA's current prototype, these
services are provided by a silicon chip that plugs into a Macintosh
coprocessor slot.
Electronic objects (not just applications, but active and/or passive
objects of every granularity) that are intended for superdistribution
invoke this hardware to ensure that the revenue collection hardware is
present, that prior usage reports have been uploaded, and that prior
usage fees have been paid.
The hardware is not complicated (the main complexities are
tamper-proofing, not base functionality). It merely provides several
instructions that must be present before superdistribution software can
run. The instructions count how many times they have been invoked by
the software, storing these usage counts temporarily in a tamper-proof
persistent RAM. Periodically (say monthly) this usage information is
uploaded to an administrative organization for billing, using public
key encryption technology to discourage tampering and to protect the
secrecy of this information.
The end-user gets a monthly bill for their usage of each top-level
component. Their payments are credited to each component's owner in
proportion to the component's usage. These accounts are then debited
according to each application's usage of any sub-components. These are
credited to the sub-component owners, again in proportion to usage. In
other words, the end-user's payments are recursively distributed
through the producer-consumer hierarchy. The distribution is governed
by usage metering information collected from each end-user's machine,
plus usage pricing data that is provided to the administrative
organization by each component vendor.
Since communication is infrequent and involves only a small amount of
metering information, the communication channel could be as simple as a
modem that autodials a hardwired 800 number each month. Many other
solutions are viable, such as flash cards or even floppy disks to be
mailed back and forth each month in the mails.
A Revolutionary Approach
Whereas software's ease of replication is a liability today,
superdistribution makes it an asset. Whereas software vendors must
spend heavily to overcome software's invisibility, superdistribution
thrusts software out into the world to serve as its own advertisement.
Whereas the personal computer revolution isolates individuals inside a
standalone personal computer, superdistribution establishes a
cooperative/competitive community around an information age market
economy.
Of course, there are many obstacles to this ever happening for real. A
big one is the information privacy issues raised by usage monitors in
every computer from video games to workstations to mainframes. Although
we are accustomed to usage monitoring for electricity, telephone, gas,
water and electronic data services, information privacy is an explosive
political issue. Superdistribution could easily be legislated into
oblivion out of the fear that the usage information would be used for
other than billing purposes.
A second obstacle is the problem of adding usage monitoring hardware to
a critical number of computers. This is where today's computing
establishment could be gravely exposed to those less inclined to
maintain the status quo.
It is significant that superdistribution was not developed by the
American computer establishment, who presently controls 70% of the
world software market. It was developed by JEIDA, an industry-wide
consortium of Japanese computer manufacturers. The Japanese are clearly
capable of building world-class computers. Suppose that they were to
simply build superdistribution capabilities into every one of them, not
as an extra-price option but as a ubiquitous capability of every
computer they build?
Review the benefits I've discussed in this column and then ask: Whose
computers would you buy? Whose computers would Aunt Nellie and her
friends buy? What if superdistribution really is a Silver Bullet for
the information age issues I've raised in this column? And what if the
competition builds it first?
[Footnotes]
<1> ) Software-IC is a registered trademark of The Stepstone
Corporation.
<2> Brad J. Cox; Object-oriented Programming; An Evolutionary Approach;
Addison Wesley; 1986.
<3> Brad J. Cox; Object Technologies; A Revolutionary Approach; Addison
Wesley; late 1992. Also see Planning the Software Industrial
Revolution; IEEE Software; November 1990, and There is a Silver Bullet;
Byte magazine; October 1990.
<4> Ryoichi Mori and Masaji Kawahara; Superdistribution: An Overview
and the Current Status; ISEC 89-44; and Superdistribution: The Concept
and the Architecture; The Transactions of the IEICE Vol. E 73 No 7 July
1990. Also seeWhat lies ahead; Byte 1989 January; pp 346-348 and On
Superdistribution; Byte 1990; September; p 346.
* * * * *
Brad Cox, Ph.D. (203) 868-9182 voice / -0780 fax
Information Age Consulting Best: infoage!bradcox@hsi.com
------------------------------
Date: 21 Jun 92 19:49:14 EDT
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 2--EFF on GEnie's RoundTable
______________________________________________________
| |
| The Public Forum * NonProfit Connection RoundTable |______
|______________________________________________________| |
| Sysops' GE Mail: PF$ RTC Sunday 9pm EDT: MOVE 545;2 |______
|___________________________________________________________| |
| News, Current Events, Government, Societal Issues, Nonprofits |
|________________________________________________________________|
__________________________________________________________________
| Rights & responsibilities, government, politics, minority civil |_
| rights, volunteerism, nonprofit management, the media, the | |
| environment, international issues, gay/lesbian/bisexual issues, | |
| women & men, parenting, youth organizations and more! | |
|__________________________________________________________________| |
|__________________________________________________________________|
________ PF$ PF*NPC Sysops _____________
| |_ | Weekly RTC: |_
| The | | SHERMAN Tom Sherman | 9pm Eastern | |
| PF*NPC | | SCOTT Scott Reed | on Sundays! | |
| Staff: | | CHERNOFF Paul Chernoff | Type M545;2 | |
|________| | GRAFFITI Ric Helton |_____________| |
|________| SHERRY Sherry |_____________|
Real-time Conference: Free Speech Online
with
Jerry Berman
(May 31, 1992)
====================================================================
(C) 1992 by GEnie (R) and Public Forum*NonProfit Connection
This file may be distributed only in its entirety
and with this notice intact.
Who gets to control the content of electronic communication
and the telephone system through which it travels?
Is the First Amendment well-served by current public policy
and legislation?
On May 31, at 9 pm ET, Jerry Berman, formerly chief legislative counsel for
the ACLU, joined us in RealTime Conference to talk about electronic free
speech. Founder of the ACLU Privacy and Technology Project, Jerry currently
directs the Washington, DC, office of the Electronic Frontier Foundation.
Don't miss lively discussion of Science, Technology and Society in bulletin
board category 7, and check out the files on technology and society in our
library. See Cat 7/Topic 1 for details.
-=-=-=-=-
An electronic meeting place for friends, family and national "town
meetings," GEnie is an international online computer network for
information, education and entertainment. For under $5.00/month, GEnie
offers over 50 special interest bulletin boards and unlimited electronic
mail at no extra charge during evenings, weekends and holidays. GEnie is
offered by GE Information Services, a division of General Electric Company.
In the Public Forum*NonProfit Connection, thousands of people every day
discuss politics and a wide range of social and nonprofit issues. A neutral
arena for all points of view, the PF*NPC is presented by Public Interest
Media, a nonprofit organization devoted to empowering people through the
socially productive use of information and communication technology.
For more information about GEnie or the Public Forum, call 1-800-638-9636
or send electronic mail to tsherman@igc.org.
To sign up for GEnie service, call (with modem in HALF DUPLEX) 800-638-8369.
Upon connection, type HHH. At the U#= prompt, type XTX88367,GENIE <RETURN>.
The system will prompt you for information.
__________________________________________________________
-=(( The Public Forum * NonProfit Connection RoundTable ))=-
-==((( GEnie Page 545 - Keywords PF or NPC )))==-
-=((__________________________________________________________))=-
<[Tom PF*NPC] SHERMAN> Welcome to the last in this month's series of
realtime conferences on Technology and Society!
These RTCs raise important issues for the future.
You'll find these issues discussed in our bulletin
board, especially in Category 7, and in many
excellent files in the Public Forum library.
Before we get started, a word about the process: So
that everyone gets a turn at the beginning, only our
guests and people asking questions will be able to
talk. When you have a question, type /RAI to raise
your hand. I'll call on you in order. Please type
your question, but DON'T hit <return> to send it.
When you're called on, THEN hit <return> to send
your question quickly. It's good to use three
periods if you have more to say and to put GA for
"go ahead" at the end of a final phrase.
And now it's our pleasure to introduce tonight's
special guests: Jerry Berman was chief legislative
counsel for the ACLU and founded its Privacy and
Technology Project. He now directs the Washington
D.C. office of the Electronic Frontier Foundation,
and is joined here tonight by his EFF colleague
Sheri Steele. They're here to talk with you about
general issues of free speech online. For example:
Who gets to control the content of electronic
communication and the telephone system through which
it travels? Is the First Amendment well-served by
current public policy and legislation?
I also want to announce that EFF and Computer
Professionals for Social Responsibility are both
getting GEnie accounts so that they can participate
in discussions like this in the BB and provide
information in our file library
Welcome, Jerry and Shari! Would you like to make any
introductory remarks?
<[JERRY BERMAN] PRESS20> Good to be here! Shari and I are at EFF Washington
Office on Capitol Hill in D.C. so we're inside the
beltway, trying to protect civil liberties for
cyberspace. Does anyone have any questions?
<[Tom PF*NPC] SHERMAN> Please type /RAI if you have a question and I'll
call on you. Jerry, maybe you'd like to add a few
words about the EFF server?
<[JERRY BERMAN] PRESS20> EFF is a new advocacy organization that is trying to
achieve the democratic potential of new technology.
We opened our Washington Office in January of this
year (EFF started a year before)... We are working
on a range of civil liberties issues. For example,
opposing the FBI's efforts to control digital
telephone technology to make wiretapping easier. We
are trying to get Congress, the FCC and the states
to make this telephone network digital to make all
of this democracy we are engaged in easier and less
savage.
<[Randy] R.DYKHUIS> Does the EFF work with e-mail systems inside
companies or does it focus exclusively on "public"
networks like GEnie?
<[JERRY BERMAN] PRESS20> We consider GENIE a "private" network even though it
is open to the "public." On the other hand, the
telephone network is a public regulated network. Do
you get the distinction?
<[Randy] R.DYKHUIS> Yes, I understand.
<[gene] G.STOVER> In our current Information Revolution, like in the
Industrial Revolution, rights and other legal issues
are being juggled and rearranged. A lot of freedoms
and privileges are at stake. Are you optimistic
about the outcome? Will future generations thank us
for the world we are creating?
<[JERRY BERMAN] PRESS20> A big issue in the electronic age is insuring
that the public network carries all speech and does
not censor. Like telephone calls. It is not clear
that this is the current regime... I am optimistic
if we can join together to make sure rights are
guaranteed and extended in cyberspace or the
electronic age.
<[Ric] GRAFFITI> Thanks for coming tonight! We archive all of the
EFFector online issues here in the public forum
library, and I have read a lot about Operation Sun
Devil. Where does that stand, now? What is the EFF
doing?
<[JERRY BERMAN] PRESS20> We have brought a civil suit against the government
and the case is in currently in the discovery phase
in Texas. It'll take time, but we hope to establish
new privacy rights for bulletin board users.
<[Tom PF*NPC] SHERMAN> Jerry, you might say a few words to describe Sun
Devil for those who don't know about it.
<[JERRY BERMAN] PRESS20> Lots of people know that the Secret service and FBI
conducted a sweeping and overbroad search looking
for suspected computer hackers. We need to focus,
even tonight, on other pressing issues that confront
us. For example, Are we going to continue to let the
government control encryption so that we can never
have real privacy either against law enforcement
agencies or against others who want to violate ojur
communication privacy.
<[Ric] GRAFFITI> One of the most disturbing aspects of Sun Devil was
the confiscation of private property - computers and
related equipment and supplies - without charges
being brought OR the return of the stuff. They can
easily silence us, apparently, by taking away our
modems and terminals. What can be done?
<[JERRY BERMAN] PRESS20> We have to establish new investigative law
enforcement warrant requirements for computer crime
investigations where First amendment rights may be
involved. There are precedents... The FBI must use
special procedures to conduct undercover operations
when it may be targeted against a newspaper or
university or political group to protect against
interfering with free speech... Congress almost
passed legislation after Watergate to limit in
statute how the FBI investigates political groups.
Guidelines do exist, even though the bill did not
pass... We have to do the same for BBS type
investigations.
<[Branch] H.HAINES3> What would probably be your biggest concern
regarding current electronic freedom, or the biggest
threat you are aware of?
<[JERRY BERMAN] PRESS20> We need to insure that this telephone network that
GEnie is on MUST carry all speech, and not be able
to discriminate on the basis of content. Telephone
companies are not carrying certain political "900"
number accounts because they think they don't have
to carry all services just like telephone calls.
This could come to serve as a precedent for not
carrying a controversial BBS service. These rules
need to be worked out in law now before the Jesse
Helms' of the world get into this technology when
it is easier and see what's going on...
<[Branch] H.HAINES3> I hear a lot of reports that *P* (Tom PF knows this
term I'm sure) is very restrictive about what can be
said by its users. Would that be part of the problem
you describe?
<[JERRY BERMAN] PRESS20> Good question. Prodigy is a private service. It is
not big enough to be regulated like a public
institution. So they can discriminate and make
editorial decisions not to carry speech. We think
this is a misguided policy and have told Prodigy so
publically and privately. However, we want Prodigy
to have rights. We think the best answer is to make
the telephone network better so there can be many
Prodigy's and similar services and make it easier
for everyone to use a GEnie or some other provider
that has a more open policy. We need to make the
telephone network digital now. We can do this well
before we get to fiber optics and other 21st century
technologies. But it will require political action.
It is EFF's highest priority now.
<[gene] G.STOVER> Are BBS operators currently held responsible for the
information on their BBSes? Should they be held
responsible?
<[JERRY BERMAN] PRESS20> It depends. There is very little case law. But if a
BBS has a forum like this one open to all, it should
not be liable if, for example, I libel one of you or
commit a crime on line... But today, we are not sure
what responsibilities BBSs have. Some case law
suggests that it is limited and that a BBS is like a
newsstand, and newsstand operators don't have to
know everything in every mag or book on the stand.
<[gene] G.STOVER> So if someone posts something illegal on a BBS and
is prosecuted, is the sysop prosecuted, too?
<[JERRY BERMAN] PRESS20> It could be charged. The operator would argue that
it is not reasonable under the circumstances to say
it knew of or should have known the crime was being
committed. This will be a factual issue. The legal
issue is to get the Courts or the Congress to give
BBS operators a lot of freedom to err or not to
censor. Like a newspaper is not liable to public
figures for defamation unless it acts recklessly in
disregard of the truth.
<[Charlie] VASSILOPOULO> How large is the movement in Washington to legislate
morality in general and specifically in electronic
media, and who spearheads that movement?
<[JERRY BERMAN] PRESS20> Today, all sides--but especially the right--want to
legislate one kind of morality or another. Our job
is to make sure it is not inconsistent with the
constitution when electronic technology is involved.
We have had Congress several years ago try to outlaw
certain gay BBS systems because of possible child
pornography. Such bills will come up again when this
technology is more widely used. You can be sure that
the morality gang in Congress will try to regulate
adult, political BBSs when they are really in a
majority of American homes. And as you know, this is
not far off. We need to establish the rules now
before we have Congress looking at very
controversial siutuations with no rules in mind, or
a precedent.
<[Darla] KUBY> Won't there be sort of a 'conflict of interest' with
you having a free account on GEnie? I mean, would
Compuserve give you a free account? Or Prodigy?
<[Tom PF*NPC] SHERMAN> Let me step in here. EFF is not getting a free
account; they're paying just like everyone else
except that we're giving them free access to the
Public Forum because they are helping with the
discussion and library files.
<[JERRY BERMAN] PRESS20> Darla, we are paying.
<[Darla] KUBY> Would you accept the same from Compuserve or
Prodigy?
<[JERRY BERMAN] PRESS20> Of course, we would love to pay them also. We are
on Compuserve and we have a Prodigy account. What,
by the way, is the conflict if we had a free
account--which we don't?
<[Connie] C.RIFENBURG> A question recently came up on one of the boards
concerning reposting of a deleted post. The original
poster had deleted a post. It was captured by
another person in a buffer and reposted to the BBS.
People said it was against copyright laws...? Who
"owns" the BB post once posted?
<[Tom PF*NPC] SHERMAN> Connie, I'm afraid you're asking a question that has
partly to do with GEnie rules. But Jerry can
certainly answer the general question
<[JERRY BERMAN] PRESS20> Again, it depends. I dont think it is covered by
copyright law unless the posting was from, say, a
book or magazine and wasmnore than fair use.
<[Connie] C.RIFENBURG> Then copyright is only book or magazine?
<[JERRY BERMAN] PRESS20> No. But when I send this message I do not expect to
be covered by copyright even though I may say
something very original. I could I guess put a THIS
IS COPYRIGHTED here. But it would be difficult to
enforce... Copyright does apply to more than books or
magazines, however, like film, etc.
<[Tom PF*NPC] SHERMAN> Jerry, I think your comment conflicts with those of
another RTC guest, Gerry Elman, Esq. But that's why
we have courts, I guess :)
<[Ric] GRAFFITI> It may be too fine a distinction, but all online
systems are actually store & forward messaging
systems (voice mail & pager systems, too), instead
of direct communications channels like the phone
lines. That seems to make the BBS or online service
a publisher, by re-broadcasting (or narrowcasting,
to one person) the messages as if it had originated
the message, even though system operators had
nothing to do with the content. That seems to be
where confusion over liability for defamation and
criminal conduct occurs. Any comment?
<[JERRY BERMAN] PRESS20> Yes. Analogies break down but the store and forward
does not always mean the ability to edit or know of
the contents in such a way as to be liable. For
example, under current law, a service that offers
E-mail to its users violates the law if it reads a
stored message (email) before it is forwarded or
while it is stored. In fact the FBI has to get a
warrant from a court to get such a message. This is
one of the issues in Steve Jackson case. Did they
have a warrant for all the emial in Jackson's
system?
<[Ric] GRAFFITI> They got it, didn't they? :) Seriously, then, online
and BBS systems are not liable for the contents of
email?
<[JERRY BERMAN] PRESS20> That is correct. Thus, one could shield a BBS from
liability by encouraging anything controversial be
carried as email between those who wanted to send
and receive the messages.
<[gene] G.STOVER> Do you think the proposed(?) partial deregulation to
allow the telcos to produce TV is a good idea? Could
this produce abuses like those with the old railroad
tycoons? Comments?
<[JERRY BERMAN] PRESS20> Good question. The issue is whether a carrier (like
the telcos) can also publish content and not
discriminate against other information providers.
There is good reason to worry, but did you know that
while the telcos can't do cable TV yet over their
lines, they NOW can do information services and
compete with others?
<[gene] G.STOVER> Where could I find more info on this?
<[JERRY BERMAN] PRESS20> Send Shari Steele E-Mail at Eff.org
(ssteele@eff.org)
<[Tom PF*NPC] SHERMAN> And you'll see the EFF GEnie address pretty soon!
<[T.C.] WIDMO> What is the danger of public BBS messages being
gathered by gov't, to suppress individual political
action?
<[JERRY BERMAN] PRESS20> Not much right now. Since the Watergate scandals
and Hoover revelations, government has not been
collecting gobs of info from political groups. They
used to gather everything using informants and
wiretaps, etc.... also attend public meetings.
Today, if a police officer joined this conference,
we would have a hard time arguing that he or she
could not. Does any one disagree?
<[T.C.] WIDMO> Could they pressure co's with gov't contracts to
forward to them anything questionable?
<[JERRY BERMAN] PRESS20> Sure they could. They could ask BBS services to give
them transcripts of public forums like this and it
would break no law. (Perhaps a contract between BBS
and subscriber but NO LAW.)
<POLICE> I just came in on this a short time ago so I may
have missed this, but does an online service such as
GEnie or Prodigy have a right to censor public
messages on the BB's?
<[JERRY BERMAN] PRESS20> The answer is Yes. For example, if GEnie did not
want a DAVID DUKE conference it could turn Duke
down. Or it could end the conference. GEnie is a
private publisher and its BBS conferences are like
letters to the editor in some respects. GEnie is not
the government. We want GEnie to have the right to
editorialize so that we all have similar rights to
choose how we speek. We need a diversity of BBSs to
cover political diversity. Does anyone disagree?
<[Ric] GRAFFITI> I imagine you run into the misperception about
public vs. private data networks often. However,
moving on...... Could you comment on the FBI's
"demand" to be let in and given free access to the
plaintext of the digital phone network? Why did they
publish editorials and go on TV with this request to
massively re-engineer modern phone & data equipment?
<[JERRY BERMAN] PRESS20> Good question. The FBI is worried that fiber optic
networks, services like Call-Forwarding, etc. will
make it difficult for them to conduct lawful
warrants. This is a real concern, but we do not
believe the solution is to allow them backdoors to
all networks or easy access to encryption keys.
There are narrower solutions. They went on TV and
radio because they are engaged in political
persuasion to get the law changed in their favor. We
are doing the same from the other side. CPSR, EFF,
ACLU and industry are opposing this proposal.
<[Ric] GRAFFITI> Is the day of the phone bug, wire tap and easy
access to private communications coming to a close?
<[JERRY BERMAN] PRESS20> No. Some of the technology is better for privacy but
software changes can give law enforcement access to
more info than ever.
<[Tom PF*NPC] SHERMAN> Jerry, what would you suggest that people, who are
concerned about free speech online, do to insure
that corporate or government interests won't impose
limitations?
<[JERRY BERMAN] PRESS20> Citizens on the electronic frontier need to organize
to protect their rights. Keeping informed--like here
on GEnie--is a good step. Joining organizations like
CPSR, EFF, and ACLU (I try to be catholic) also will
help. We are trying to put together at EFF an
advocacy organization that can make our voices heard
on these issues. We are amping up our membership
effort. We now already have 4 full professionals
here in DC working on legal and policy issues
involving technology, free speech, privacy, access to
information, improving the telephone network,
creating a BBS rights and responsibilities book,
etc...
<[Tom PF*NPC] SHERMAN> You said something about these issues being settled
in the courts or in Congress. Which would you
prefer? Is working through EFF, CPSR, ACLU etc the
best way to influence the outcome?
<[JERRY BERMAN] PRESS20> I do not think we can solve large technology issues
in the courts. It took the courts 40 years to figure
out that wiretapping violated privacy. Bad cases,
like national security threats, tend to make bad
law... and this is not a liberal Supreme Court, is
it? We need broader technology policy and that
requires working out new relationships between
converging technologies, like computers, telephones,
cable, mass media... Congress and state legislatures
are the appropriate forums. And we can have an
influence and not let the courts do the elitist
solution routine.
<[Tom PF*NPC] SHERMAN> A perfect closing answer! Thanks to Jerry Berman and
Shari Steele for joining us tonight, and thanks to
the EFF for joining GEnie to improve our discussion
of these crucial issues for the future. I also want
to thank all the participants who asked great
questions tonight and to encourage all those reading
this transcript to join us! <grin>
-----# Participants #-----
<[Connie] C.RIFENBURG>
<[gene] G.STOVER>
<[Ric] GRAFFITI>
<[Branch] H.HAINES3>
<[Darla] KUBY>
<POLICE>
<[JERRY BERMAN] PRESS20>
<[Randy] R.DYKHUIS>
<[Tom PF*NPC] SHERMAN>
<[Charlie] VASSILOPOULO>
<[T.C.] WIDMO>
|
| This listing was generated by LRTC Version 1.00
| (C)opyright by Hartmut W. Malzahn, 1991. All rights reserved.
|
______________________________________________________
| |
| The Public Forum * NonProfit Connection RoundTable |______
|______________________________________________________| |
| Sysops' GE Mail: PF$ RTC Sunday 9pm EDT: MOVE 545;2 |______
|___________________________________________________________| |
| News, Current Events, Government, Societal Issues, Nonprofits |
|________________________________________________________________|
------------------------------
End of Computer Underground Digest #4.28
************************************
Computer underground Digest Sun July 5, 1992 Volume 4 : Issue 28
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Copy Editor: Etaion Shrdlu, Jr.
Firstbooksisoutmeister: B. Kehoe
Ex-Arcmeister: Bob Kusumoto
Koalameister: Dan Carosone
CONTENTS, #4.28 (July 5, 1992)
File 1--May '92 Version of FBI Digital Telephony Proposal
File 2--Chronicle Crypto Article
File 3--Re: Subbed to CuD
File 4--Govt & Corp Sysops Monitoring Users & Email
File 5--Call for papers : Digitisation
Back issues of CuD can be found in the Usenet alt.society.cu-digest
news group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM, on Genie in the PF*NPC RT
libraries, on the PC-EXEC BBS at (414) 789-4210, and by anonymous ftp
from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Mon, 22 Jun 1992 21:10:20 EDT
From: Dave Banisar <banisar@WASHOFC.CPSR.ORG>
Subject: File 1--May '92 Version of FBI Digital Telephony Proposal
The following is the latest version of the FBI Digital Telephony
Proposal, introduced in May 1992. This version removes the previous
language that authorized the FCC to set standards and now places it
solely in the hands of the Attorney General. Fines are $10,000/day for
non compliance with services within the public switched network having
18 months to comply and services outside having three years. The
proposal now mandates that the capability for remote government
wiretapping must be included into the system.
This proposal clearly enhances the ability of the FBI to monitor
communications. It takes the unprecedented step of placing control over
certification of telecommunications equipment in the hands of the
Attorney General and requires that the equipment be constructed to allow
government have the ability to monitor communications from a
"government monitoring facility remote from the target facility." All
telecommunications users should be concerned by the privacy and
security implications of creating systems that have holes for the
government or any other knowledgeable user to plug into.
David Banisar
CPSR Washington Office
banisar@washofc.cpsr.org
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
102nd Congress
2nd Session
S. _____
[H.R. _____]
IN THE SENATE
[IN THE HOUSE OF REPRESENTATIVES]
M. ________________ introduced the following bill; which was
referred to the Committee on__________________
A BILL
To ensure the continuing access of law enforcement to the content of wire
and electronic communications when authorized by law and for other
purposes.
Be it enacted by the Senate and the House of Representatives of the United
States of America in Congress assembled,
SEC. 1. FINDINGS AND PURPOSES.
(a) The Congress finds:
(1) that telecommunications systems and networks are often
used in the furtherance of criminal activities including organized
crime, racketeering, extortion, kidnapping, espionage, terrorism, and
trafficking in illegal drugs;
(2) that recent and continuing advances in telecommunications
technology, and the introduction of new technologies and transmission
modes by the telecommunications industry, have made it increasingly
difficult for government agencies to implement lawful orders or
authorizations to intercept wire and electronic communications and thus
threaten the ability of such agencies effectively to enforce the laws and
protect the national security; and
(3) that without the assistance and cooperation of providers of
electronic communication services and private branch exchange operators,
the introduction of new technologies and transmission modes into
telecommunications systems without consideration and accommodation
of the need of government agencies lawfully to intercept wire and
electronic communications would impede the ability of such agencies
effectively to carry out their responsibilities.
(b) The purposes of this Act are to clarify the responsibilities of
providers of electronic communication services and private branch
exchange operators to provide such assistance as necessary to ensure the
ability of government agencies to implement lawful court orders or
authorizations to intercept wire and electronic communications. SEC. 2.
(a) Providers of electronic communication services and private branch
exchange operators shall provide within the United States capability and
capacity for the government to intercept wire and electronic
communications when authorized by law:
(1) concurrent with the transmission of the communication to
the recipient of the communication;
(2) in the signal form representing the content of the
communication between the subject of the intercept and any individual
with whom the subject is communicating, exclusive of any other signal
representing the content of the communication between any other
subscribers or users of the electronic communication services provider or
private branch exchange operator, and including information on the
individual calls (including origin, destination and other call set-up
information), and services, systems, and features used by the subject of the
interception;
(3) notwithstanding the mobility of the subject of the intercept or
the use by the subject of the intercept of any features of the
telecommunication system, including, but not limited to, speed- dialing or
call forwarding features;
(4) at a government monitoring facility remote from the target
facility and remote from the system of the electronic communication
services provider or private branch exchange operator;
(5) without detection by the subject of the intercept or any
subscriber; and
(6) without degradation of any subscribers telecommunications
service.
(b) Providers of electronic communication services within the
public switched network, including local exchange carriers, cellular
service providers, and interexchange carriers, shall comply with
subsection (a) of this section within eighteen months from the date of
enactment of this subsection.
(c) Providers of electronic communication services outside of the
public switched network, including private branch exchange operators,
shall comply with subsection (a) of this section within three years from
the date of enactment of the subsection.
(d) The Attorney General, after consultation with the
Department of Commerce, the Small Business Administration and Federal
Communications Commission, as appropriate, may except from the
application of subsections (a), (b) and (c) of this section classes
and types of providers of electronic communication services and
private branch exchange operators. The Attorney General may waive the
application of subsections (a), (b) and (c) of this section at the
request of any provider of electronic communication services or
private branch exchange operator.
(e) The Attorney General shall have exclusive authority to
enforce the provisions of subsections (a), (b) and (c) of this section. The
Attorney General may apply to the appropriate United States District Court
for an order restraining or enjoining any violation of subsection (a),
(b) or (c) of this section. The District Court shall have
jurisdiction to restrain and enjoin violations of subsections (a) of
this section. (f) Any person who willfully violates any provision
of subsection (a) of this section shall be subject to a civil penalty
of $10,000 per day for each day in violation. The Attorney General
may file a civil action in the appropriate United States District
Court to collect, and the United States District Courts shall have
jurisdiction to impose, such fines.
(g) Definitions--As used in subsections (a) through (f) of this
section--
(1) provider of electronic communication service or private
branch exchange operator means any service or operator which provides
to users thereof the ability to send or receive wire or electronic
communication, as those terms are defined in subsections 2510(1) and
2510(12) of Title 18, United States code, respectively, but does not include
the government of the United States or any agency thereof;
(2) communication means any wire or electronic
communication, as defined in subsections 2510(1) and 2510(12), of Title 18,
United States Code;
(3) intercept shall have the same meaning as set forth in section
2510(4) of Title 18, United States Code; and
(4) government' means the Government of the United States
and any agency or instrumentality thereof, any state or political
subdivision thereof, the District of Columbia, and any commonwealth,
territory or possession of the United States.
DIGITAL TELEPHONY AND INTERCEPTION BY CRIMINAL LAW
ENFORCEMENT AGENCIES
The telecommunications systems and networks are often used to
further criminal activities including white collar and organized
crime, racketeering, extortion, kidnapping, espionage, terrorism, and
trafficking in illegal drugs. Accordingly, for many years, one of the
most important tools in the investigation of crime for Federal and
State criminal law enforcement agencies has been the court authorized
interception of communications. As illustrated below, the majority of
original authorizations to intercept wire or electronic communications
are conducted by State criminal law enforcement agencies.
Interception Applications Authorized
State Federal Total
1984 512 289 801
1985 541 243 784
1986 504 250 754
1987 437 236 673
1988 445 293 738
1989 453 310 763
1990 548 324 872
Total 3,440 1,945 5,385
Approximately, 3/8 of authorized interceptions were conducted by Federal
agencies, while 5/8 of the authorized interceptions were conducted by State
criminal law enforcement agencies.1
The recent and continuing advances in
telecommunications technology, and the introduction of new technologies
by the telecommunications industry, have made it increasingly difficult
for government agencies to implement lawful orders or authorizations to
intercept wire and electronic communications, as well as to implement
pen register and trap-and-trace court orders or authorizations. These new
technologies inadvertently undermine the ability of criminal law
enforcement agencies to enforce effectively the criminal laws and protect
the national security. Without the assistance and cooperation of the
telecommunications industry, these new technologies will impede the
ability of the telecommunications industry, these new technologies will
impede the ability of the government to enforce the criminal law.
Accordingly, the purpose of this bill is to clarify the existing
responsibilities of electronic communication services providers and private
branch exchange operators, as established, for example, in 18 U.S.C. ____
2518(4), 3124(A), (B), to provide such assistance as necessary to ensure the
ability of government agencies to implement lawful orders or
authorizations to intercept communications.
Over the past twenty-five years, the working relationship between
the criminal law enforcement community, particularly the Federal
Bureau of Investigation as the federal governments primary criminal
law enforcement agency, and the telecommunications industry, in
response to the appropriate court orders or authorizations, has
provided government agencies with timely access to the signals
containing the content of communications covered by the court orders
or authorizations. As a general proposition, this has involved
providing the means to acquire the communication as it occurs between
two individual telephone users at a remote location, not dissimilar to
a call in which the two originating parties do not know that a third
party is listening, and in which the third party (the criminal law
enforcement agency) records the authorized and relevant calls.
Historically, and with relatively few exceptions, the
telecommunications industry has provided the criminal law enforcement
community with the ability to monitor and record calls:
1. at the same time as the call is transmitted to the recipient;
2. in the same form as the content of the call was transmitted
through the network, notwithstanding the use by the target of custom
features of the network;
3. whether stationary or mobile;
4. at the government monitoring facility;
5. without detection by the target or other subscribers; and
without degrading any subscribers service.
However, the introduction of new technology has begun to erode the
ability of the government to fully effectuate interceptions, pen
registers and trap-and-race court orders or authorizations that are
critical to detecting and prosecuting criminals. As technology has
developed, the telecommunications industry has not always ensured the
continued ability to provide the same services to the criminal law
enforcement community. The telecommunications industrys introduction
of certain types of new technology poses real problems for effective
criminal law enforcement. Legislation is necessary to ensure that the
government will be provided with this capability and capacity in the
future by all providers and operators and to maintain a level playing
field among competitive providers and operators in the
telecommunications industry.
There have been instances in which court orders authorizing the
interception of communications have not been fulfilled because of
technical limitations within particular telecommunications networks.
For example, as early as 1986, limited capabilities became apparent in
at least one network which will only be corrected later in 1992. This
technical deficiency in a new technology forced criminal law
enforcement agencies to prioritize certain interceptions to the
exclusion of other court orders. Accordingly, for approximately six
years, there have been court orders that have not been sought by the
criminal law enforcement community or executed by the
telecommunications industry and, as a consequence, important criminal
investigations have not been brought to fruition or have been less
than efficiently concluded. This is one classic example of new
technology affecting adversely the criminal law enforcement community:
a microcosm of what may be expected on a nationwide basis without
enactment of this legislation.
Section 1 of the bill states Congressional findings and purpose.
Section 2 is divided into seven subsections. Subsection (a)
establishes as a matter of law the responsibility of electronic
communication services providers and private branch exchange operators
to continue to provide, within the United States, the capability and
capacity for criminal law enforcement agencies to intercept wire and
electronic communications when authorized by law. These subsections
delineate the existing attributes of wire or electronic communication
interception.
1. Concurrent with Transmission. The application for a court order
to intercept telecommunications conversations or data transmissions is
rarely a leisurely process. For example, on the Federal side, the
development of the required affidavits, submission to the Criminal
Division of the Department of Justice for approval, transmission of
approval to the Assistant United States Attorney, the appearance of
the Assistant before a judge to request the order and the delivery of
the judges order to the appropriate telecommunications company is
frequently completed in a very short time. However, crime waits for
no one and the system for approval of interceptions must and does
conform with the realities of the activity that is sought to be
investigated and, if appropriate, prosecuted as criminal offenses.
Since time is of the essence, current law requires that service
providers and operators provide the government forthwith all
information, facilities and technical assistance necessary to
accomplish its mission. It is critical that the telecommunications
industry respond quickly to execute the court order or authorization.
The ultimate problem of timeliness, however, is the real-time
monitoring of the intercepted communications. As serious and
potentially life- threatening criminal conduct is detected, it may be
necessary to move quickly to protect innocent victims from that
conduct. Accordingly, real-time monitoring is critical.
2. Isolated Signal and Services Used. Nearly all of the
communications network is partially Ranalogs at this time. In
conducting an interception, for example, of a telephone conversation,
the government is allowed to monitor and record criminal conversation
such as a conspiracy, minimizing the acquisition of non-criminal or
innocent conversation. When an electronic communication services
provider or private branch exchange operator introduces a new
technology--such as a digital signal--the communications are converted
into a different and more efficient form for transmission, but a more
difficult form to monitor during interception. The bill requires only
that the provider or operator isolate and provide access to the
electronic signal that represents the content of the communications of
the target of the intercept2 from the stream of electronic signals
representing other communications. This provision seeks to ensure
that, in the new electronic environment in which signals are mixed for
transmission and separated at another switch for distribution, the
government does not receive the communications of any individual other
than the individuals using the targets communications point of origin
and receipt; the government must remain subject to the minimization
standards of 18 U.S.C. __ 2518(5).
This provision also makes it clear that an electronic communication
services provider or private branch exchange operator is not required
to provide for reconversion of the isolated communication to analog or
other form. The government expects that this process will be
accomplished by the government.
3. Mobility and Features. Increasingly, criminal acts are being
conducted or discussed over cellular telephones or by using special
telecommunications features. As this mobility is introduced, the
electronic communication services providers and private branch
exchange operators would be required to assure the capability and
capacity for criminal law enforcement agencies to continue lawful
interception.
Further, this subsection makes it clear that features used by the
target do not defeat the court order or authorization. For example,
communications which have been addressed to the telephone number of
the target, but which may have been programmed through a
call-forwarding feature to another, otherwise innocent, telephone
number, must be captured and made available to criminal law
enforcement authorities pursuant to court order or authorization.
This requirement will obviate the need for applications for authority
to monitor otherwise innocent telephone numbers that receive, only
intermittently, calls forwarded by the target. The effect of this
provision is to further minimize monitoring of calls of innocent
parties. Similarly, certain speed dialing features that mask the
telephone number called by the target must be identified for criminal
law enforcement investigation. The ability to consistently determine
the destination of calls is critical to minimizing the monitoring of
innocent calls.
4. Government Monitoring Facility. Government agencies do not
normally request the use of telecommunications industry physical
facilities to conduct authorized interceptions nor is it encourage by
the industry. Normally, the government leases a line from the
electronic communication services providers or private branch
exchange operators switch to another location owned or operated by the
government. This minimizes the cost and intrusiveness of
interceptions, which benefits the service provider or operator, as
well as the government. Accordingly, the ability to monitor
intercepted communications remotely is critical.
5. Without Detection. One of the reasons that governments operate
their own facilities is to reduce the risk of detection of the
interception, which would render the interception worthless. At the
present time, the existence of an interception is unknown to any
subscriber and is not detectable by the target, notwithstanding
folklore and spy novels. This provision merely ensures that the
secrecy of effective interceptions will be maintained.
6. Without Degradation. Maintaining the quality of the telephone
network is in the interest of the government, the industry and the
public. Presently, the existence of an interception has no effect on
the quality of the service provided by any network to the target or
any subscriber. This provision ensures that the quality of the
network will continue to be uncompromised. Absent the assistance
delineated by this legislation, the execution of court orders and
authorizations by the government could well disrupt service of the
newer technological systems, a result that this legislation seeks to
avoid.
Subsection (b) provides that electronic communication services
providers and private branch exchange operators with the public
switched networkS must be in compliance with the minimum intercept
attributes within eighteen months after enactment. Thereafter, new
technologies must continue to meet these minimum attributes.
Subsection (c) provides that electronic communication service
providers and private branch exchange operators that are not within
the public switched networkS must be in compliance with the minimum
intercept attributes within eighteen months after enactment.
Thereafter, new technologies must continue to meet these minimum
attributes.
Subsection (d) provides that the Attorney General may grant
exceptions to the affirmative requirements of subsection (a), as well
as the implementation deadlines of subsections (b) and (c). In
considering any request for exception, the Attorney General will
consult with Federal Communications Commission, the Small Business
Administration and the Department of Commerce, as appropriate.
Accordingly, the Attorney General has the authority to except, for
example, whole classes, categories or types of private branch exchange
operators where no serious criminal law enforcement problems are
likely to arise, such as hospital telephone systems.
This subsection also permits the Attorney General to waive the
requirements of subsections (a), (b) and (c) on application by an
electronic communication services provider or private branch exchange
operator. Accordingly, if a particular company can not comply with
one or more of the requirements of subsection (a), or needs time
additional to that permitted under subsections (b) or (c), the
Attorney General may grant an appropriate waiver.
Subsection (e) provides that the Attorney General has exclusive
authority to enforce the provisions of the bill. While a number of
States have authority to seek and execute interception orders, they
will be required to seek the assistance of the Attorney General if
enforcement of this legislation is required. This section also
provides for injunctive relief from violations of the provisions of
the bill.
Subsection (f) provides for enforcement of the provisions of the bill
through imposition of civil fines against any company that is not
excepted from the provisions of the bill, does not acquire a waiver of
the provisions of the bill, and fails to meet the requirements of
subsection (a) after the effective dates set out in subsection (b) or
(c), as appropriate. A fine of up to $10,000 per day for each day in
violation may be levied; for most companies in the telecommunications
industry this amount is sufficient to ensure that compliance will be
forthcoming. Although this provision is not expected to be used, it
is critical to ensure that compliance with the provisions of the bill
will occur after the effective dates of the requirements of subsection
(a).
Subsection (g) carries forward a number of definitions from the
current provisions for the interception of wire or electronic
communications under Ritle III.S The definition of government that
is currently in use includes all States, territories and possessions
of the United States, as well as the United States, is made applicable
to the bill.
[Footnotes]
1 Interceptions for foreign intelligence and counterintelligence
purposes are not counted within the figures used here, but would likewise
benefit from enactment of the legislation.
2 Whether the content is voice, facsimile, imagery (e.g. video), computer
data, signalling information, or other forms of communication, does not
matter; all forms of communication are intercepted.
------------------------------
Date: Wed, 24 Jun 92 18:02:18 CDT
From: Joe.Abernathy@HOUSTON.CHRON.COM(Joe Abernathy)
Subject: File 2--Chronicle Crypto Article
This cryptography article appeared Sunday, June 21. It is being
forwarded to Risks as a way of giving back something to the many
thoughtful participants here who helped give shape to the questions
and the article.
In a companion submission, I include the scanned text of the NSA's
13-page response to my interview request, which appears to be the most
substantial response they've provided to date. I would like to invite
feedback and discussion on the article and the NSA document. Please
send comments to edtjda@chron.com
"PROMISING TECHNOLOGY ALARMS GOVERNMENT"
"Use of super-secret codes would block legal phone taps
in FBI's crime work"
By JOE ABERNATHY
Copyright 1992, Houston Chronicle
Government police and spy agencies are trying to thwart new
technology that allows conversations the feds can't tap.
A form of cryptography _ the science of writing and deciphering
codes _ this technology holds the promise of guaranteeing true privacy
for transactions and communications.
But an array of federal agencies is seeking to either outlaw or
severely restrict its use, pointing out the potency of truly secret
communications as a criminal tool.
"Cryptography offers or appears to offer something that is
unprecedented,'' said Whitfield Diffie, who with a Stanford University
colleague devised public key cryptography,'' an easily used
cryptography that is at the center of the fight. "It looks as though
an individual might be able to protect information in such a way that
the concerted efforts of society are not going to be able to get at
it.
"No safe you can procure has that property; the strongest safes
won't stand an hour against oxygen lances. But cryptography may be
different. I kind of understand why the police don't like it.''
The National Security Agency, whose mission is to conduct espionage
against foreign governments and diplomats, sets policy for the
government on matters regarding cryptography.
But the FBI is taking the most visible role. It is backing
legislation that would address police fears by simply outlawing any
use of secure cryptography in electronic communications.
The ban would apply to cellular phones, computer networks, and the
newer standard telephone equipment _ already in place in parts of
Houston's phone system and expected to gain wider use nationwide.
"Law enforcement needs to keep up with technology,'' said Steve
Markardt, a spokesman for the FBI in Washington. "Basically what
we're trying to do is just keep the status quo. We're not asking for
anything more intrusive than we already have.''
He said the FBI uses electronic eavesdropping only on complex
investigations involving counterterrorism, foreign intelligence,
organized crime, and drugs. "In many of those,'' he said, we would not
be able to succeed without the ability to lawfully intercept.''
The State and Commerce departments are limiting cryptography's
spread through the use of export reviews, although many of these
reviews actually are conducted by the NSA. The National Institute of
Standards and Technol ogy, meanwhile, is attempting to impose a
government cryptographic standard that critics charge is flawed, al
though the NSA defends the standard as adequate for its intended,
limited use.
"It's clear that the government is unilaterally trying to implement
a policy that it's developed,'' said Jim Bidzos, president of RSA Data
Security, which holds a key cryptography patent. "Whose policy is it,
and whose interest does it serve? Don't we have a right to know what
policy they're pursuing?''
Bidzos and a growing industry action group charge that the policy
is crippling American business at a critical moment.
The White House, Commerce Department, and NIST refused to comment.
The NSA, however, agreed to answer questions posed in writing by
the Houston Chronicle. Its purpose in granting the rare, if limited,
access, a spokesman said, was "to give a true reflection'' of the
policy being implemented by the agency.
"Our feeling is that cryptography is like nitroglycerin: Use it
sparingly then put it back under trusted care,'' the spokesman said.
Companies ranging from telephone service providers to computer
manufacturers and bankers are poised to introduce new services and
products including cryptography. Users of electronic mail and
computer networks can expect to see cryptography-based privacy
enhancements later this year.
The technology could allow electronic voting, electronic cash
transactions, and a range of geographically separated _ but secure _
business and social interactions. Not since the days before the
telephone could the individual claim such a level of privacy.
But law enforcement and intelligence interests fear a world in
which it would be impossible to execute a wiretap or conduct
espionage.
"Secure cryptography widely available outside the United States
clearly has an impact on national security,'' said the NSA in its
13-page response to the Chronicle. "Secure cryptography within the
United States may impact law enforcement interests.''
Although Congress is now evaluating the dispute, a call by a
congressional advisory panel for an open public policy debate has not
yet been heeded, or even acknowledged, by the administration.
The FBI nearly won the fight before anyone knew that war had been
declared. Its proposal to outlaw electronic cryptography was slipped
into another bill as an amendment and nearly became law by default
last year before civil liberties watchdogs exposed the move.
"It's kind of scary really, the FBI proposal being considered as
an amendment by just a few people in the Commerce Committee without
really understanding the basis for it,'' said a congressional source,
who requested anonymity. "For them, I'm sure it seemed innocuous, but
what it represented was a fairly profound public policy position
giving the government rights to basically spy on anybody and prevent
people from stopping privacy infringements.''
This year, the FBI proposal is back in bolder, stand-alone
legislation that has created a battle line with law enforcement on
one side and the technology industry and privacy advocates on the
other.
"It says right on its face that they want a remote government
monitoring facility'' through which agents in Virginia, for instance,
could just flip a switch to tap a conversation in Houston, said Dave
Banisar of the Washing ton office of Computer Professionals for Social
Responsibility.
Though the bill would not change existing legal restraints on
phone-tapping, it would significantly decrease the practical
difficulty of tapping phones _ an ominous development to those who
fear official assaults on personal and corporate privacy.
And the proposed ban would defuse emerging technical protection
against those assaults.
CPSR, the point group for many issues addressing the way computers
affect peoples' lives, is helping lend focus to a cryptographic
counterinsurgency that has slowly grown in recent months to include
such heavyweights as AT&T, DEC, GTE, IBM, Lotus, Microsoft,
Southwestern Bell, and other computer and communications companies.
The proposed law would ban the use of secure cryptogra phy on any
message handled by a computerized communications network. It would
further force service providers to build access points into their
equipment through which the FBI _ and conceivably, any police officer
at any level _ could eavesdrop on any conversation without ever
leaving the comfort of headquarters.
"It's an open-ended and very broad set of provisions that says the
FBI can demand that standards be set that industry has to follow to
ensure that (the FBI) gets access,'' said a congressional source.
"Those are all code words for if they can't break in, they're going to
make (cryptography) illegal.
"This is one of the biggest domestic policy issues facing the
country. If you make the wrong decisions, it's going to have a
profound effect on privacy and security.''
The matter is being considered by the House Judiciary Committee,
chaired by Rep. Jack Brooks, D-Texas, who is writing a revision to the
Computer Security Act of 1987, the government's first pass at secure
computing.
The recent hearings on the matter produced a notable irony, when
FBI Director William Sessions was forced to justify his stance against
cryptography after giving opening remarks in which he called for
stepped-up action to combat a rising tide of industrial espionage.
Secure cryptography was designed to address such concerns.
The emergence of the international marketplace is shaping much of
the debate on cryptography. American firms say they can't compete
under current policy, and that in fact, overseas firms are allowed to
sell technology in America that American firms cannot export.
"We have decided to do all further cryptographic development
overseas,'' said Fred B. Cohen, a noted computer scientist. "This is
because if we do it here, it's against the law to export it, but if we
do it there, we can still import it and sell it here. What this seems
to say is that they can have it, but I can't sell it to them _ or in
other words _ they get the money from our research.''
A spokeswoman for the the Software Publishers Association said
that such export controls will cost $3-$5 billion in direct revenue if
left in place over the next five years. She noted the Commerce
Department estimate that each $1 billion in direct revenue supports
20,000 jobs.
The NSA denied any role in limiting the power of cryptographic
schemes used by the domestic public, and said it approves 90 percent
of cryptographic products referred to NSA by the Department of State
for export licenses. The Commerce Department conducts its own reviews.
But the agency conceded that its export approval figures refer only
to products that use cryptology to authenticate a communication _ the
electronic form of a signed business document _ rather than to provide
privacy.
The NSA, a Defense Department agency created by order of President
Harry Truman to intercept and decode foreign communications, employs
an army of 40,000 code-breakers. All of its work is done in secret,
and it seldom responds to questions about its activities, so a large
reserve of distrust exists in the technology community.
NSA funding is drawn from the so-called "black budget,'' which the
Defense Budget Project, a watchdog group, estimates at $16.3 billion
for 1993.
While the agency has always focused primarily on foreign espionage,
its massive eavesdropping operation often pulls in innocent Americans,
according to James Bamford, author of "The Puzzle Palace," a book
focusing on the NSA's activities. Significant invasions of privacy
occurred in the 1960s and 1970s, Bamford said.
Much more recently, several computer network managers have
acknowledged privately to the Chronicle that NSA has been given access
to data transmitted on their networks _ without the knowledge of
network users who may view the communications as private electronic
mail.
Electronic cryptology could block such interceptions of material
circulating on regional networks or on Internet _ the massive
international computer link.
While proponents of the new technology concede the need for
effective law enforcement, some question whether the espionage needs
of the post-Cold War world justify the government's push to limit
these electronic safeguards on privacy.
"The real challenge is to get the people who can show harm to our
national security by freeing up this technology to speak up and tell
us what this harm is,'' said John Gillmore, one of the founders of Sun
Microsystems.
"When the privacy of millions of people who have cellular
telephones, when the integrity of our computer networks and our PCs
against viruses are up for grabs here, I think the battleground is
going to be counting up the harm and in the public policy debate
trying to strike a balance.''
But Vinton Cerf, one of the leading figures of the Internet
community, urged that those criticizing national policy maintain
perspective.
"I want to ask you all to think a little bit before you totally
damn parts of the United States government,'' he said. "Before you
decide that some of the policies that in fact go against our grain and
our natural desire for openness, before you decide those are
completely wrong and unacceptable, I hope you'll give a little thought
to the people who go out there and defend us in secret and do so at
great risk.''
------------------------------
Date: Fri, 26 Jun 92 09:10:40 EDT
From: Kim Clancy <clancy@CSRC.NCSL.NIST.GOV>
Subject: File 3--Re: Subbed to CuD
Somebody Watching? Somebody Listening?
*** Special Announcement ***
KNIGHT LIGHTNING TO SPEAK AT SURVEILLANCE EXPO '92
Washington, DC
The Fourth Annual International Surveillance and Countersurveillance
Conference and Exposition focusing on Information Security and
Investigations Technology will take place at the Sheraton Premiere in
Tysons Corner (Vienna), Virginia on August 4-7.
The seminars are on August 7th and include Craig Neidorf (aka Knight
Lightning) presenting and discussing the following:
- Are law enforcement and computer security officials focusing their
attention on where the real crimes are being committed?
- Should security holes and other bugs be made known to the public?
- Is information property and if so, what is it worth?
Experience the case that changed the way computer crime is
investigated and prosecuted by taking a look at one of America's
most talked about computer crime prosecutions: United States v.
Neidorf (1990).
Exonerated former defendant Craig Neidorf will discuss the
computer "hacker" underground, Phrack newsletter, computer
security, and how it all came into play during his 7 month
victimization by some of our nation's largest telephone companies
and an overly ambitious and malicious federal prosecutor.
Neidorf will speak about his trial in 1990 and how the court
dealt with complex issues of First Amendment rights, intellectual
property, and criminal justice.
Security professionals, government employees, and all other interested
parties are invited to attend. For more information please contact:
American Technology Associates, Inc.
P.O. Box 20254
Washington, DC 20041
(202)331-1125 Voice
(703)318-8223 FAX
------------------------------
Date: Sun, 21 Jun 92 17:46:26 PDT
From: jwarren@AUTODESK.COM(Jim Warren)
Subject: File 4--Govt & Corp Sysops Monitoring Users & Email
Last month, I gave a morning talk to an all-day meeting of an
organization of systems administrators of mini-class, mostly-shared
systems -- most of them employed by Fortune 500 companies and
government agencies.
Initially titled, "Dodging Pitfalls in the Electronic Frontier," by
mutual agreement with the organizers, we re-titled it, "Government
Impacts on Privacy and Security." However, it was the same talk. :-)
It was based on information and perspectives aired during recent
California Senate Judiciary privacy hearings, and those presented at
the 1991 and 1992 conferences on Computers, Freedom & Privacy. (I
organized and chaired the first CFP and co-authored its transcripts,
available from the IEEE Computer Society Press, 714-821-8380, Order
#2565.)
The talk was long; the audience attentive; the questions and
discussion extensive. The attendees were clearly and actively
interested in the issues. At one point, I asked "How many have *NOT*
been asked by their management or superiors to monitor their users
and/or examine or monitor users' email."
Only about 20% held up their hands -- even though I emphasized that I
was phrasing the question in a way that those who would be proud to
hold up their hands, could to do so.
------------------------------
Date: Tue, 30 Jun 1992 17:56:35 EDT
From: "PETER B. WHITE" <pbwhite@LATROBE.EDU.AU>
Subject: File 5--Call for papers : Digitisation
SPECIAL ISSUE
MEDIA INFORMATION AUSTRALIA
SOCIAL IMPLICATIONS OF DIGITISATION
MEDIA INFORMATION AUSTRALIA will be publishing a special issue
devoted to the social implications of digitisation in February
1993. Issues to be considered include the social, economic and
political implications of digitisation for:
- electronic communities
- journalism, publishing and broadcasting
- telecommunications
- privacy and free speech
- work practices
- gender relations
- international communications
- leisure, education and training
MEDIA INFORMATION AUSTRALIA, founded by the late Professor
Henry Mayer, is a peer-reviewed journal with an international
orientation, in its sixteenth year of publication. It is
published by the Australian Film Television and Radio School.
Potential contributors should send abstracts of no more than
300 words by July 15, 1992, Commissioned papers of 3000-5000
words will be due by October 1, 1992 and they will be peer-
reviewed in the normal way.
Please send abstracts to the Issue Editor :
Dr Peter B. White,
Media Centre,
La Trobe University,
Bundoora, Victoria 3083, Australia or
EMAIL: PBWHITE@LATROBE.EDU.AU
FAX: + 61 3 817 5875.
------------------------------
End of Computer Underground Digest #4.29
************************************
Computer underground Digest Sat July 11, 1992 Volume 4 : Issue 30
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Copy Editor: Etaion Shrdlu, Jr.
Archivist: Brendan Kehoe
Archivist in spirit: Bob Kusumoto
Shadow-Archivist: Dan Carosone
CONTENTS, #4.30 (July 11, 1992)
File 1--MOD Busts in New York
File 2--New York Computer Crime Indictments
File 3--MOD Bust (Press Release, US Atty, S. District of NY)
File 4--EFF responds to MOD Indictments...
File 5--LoD t-shirts
File 6--AT&T's fight against toll fraud continues
File 7--Boston BBS Shutdowns
File 8--OMB A130 REVISION
Back issues of CuD can be found in the Usenet alt.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from American Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by
anonymous ftp from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: 10 Jul 92 18:33:32 EDT
From: Moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 1--MOD Busts in New York
Federal Agents indicted five members of MOD, a group of computer
crackers, last week on 11 counts that included conspiracy, wire fraud,
unauthorized access to computers, unauthorized possession of access
devices, and interception of electronic communications. Julio
Fernandez (Outlaw), John Lee (Corrupt), Mark Abene (Phiber Optik),
Elias Ladopoulos (Acid Phreak), and Paul Stira (Scorpion) were
indicted under various provisions of Title 18, including 18 USC S.
1029(a)(3); 18 USC S. 371; 18 USC S. 2511(1)(a) and 2); and 18 USC S.
1343. The charges allege that the defendants broke into
telephone switching computers of several Bell systems, engaged in
"phreaking," and computer tampering.
Phiber Optik, perhaps the best-known of the group, Scorpion, and Acid
Phreak were raided by federal agents in January, 1990. Felony charges
against Phiber Optik were dropped in January, 1991, when he pled
guilty to misdemeanor offenses. The bulk of the allegations listed
in last week's indictment occured in November, 1991.
Members of MOD received national attention in 1990 as the result of an
article on "hackers" in the Village Voice (Dibbell, Julian. 1990.
"On Line and Out of Bounds," Voice, 35(July 24): 27-32.) Phiber Optik,
an occasional active participant in The Well's "Hacker's conference,"
demonstrated his abilities to other members by obtaining credit and
and similar private information, and by defending "hacking" and
computer intrusion (see Harper's Forum. 1990. "Is Computer Hacking a
Crime? A Debate from the Electronic Underground." Harper's,
280(March): 45-57).
Among some "hackers," MOD was considered the "bad boys" of the
computer underground because of alleged disruptiveness and harassment
that was perceived to be their trademark. According to some, MOD had a
reputation for arrogance and for vindictive retaliation against those
who "crossed" them that ran counter to the "hacker ethic." A few,
however, saw MOD as skilled teenagers whose apparent eccentricities
should be tolerated because of their skill.
Prosecution of malicious behavior is appropriate, but as the articles
below suggest, much of the evidence against the group derives from
wiretap information. As the NEWSBYTES article suggests, the case may
be raised as an example of the importance of passing proposed
legislation to expand the wire-tapping capability of law enforcement
agents. One need not support alleged destructive behavior to be
suspicious of law enforcement methods and attempts to expand intrusive
powers that have been demonstrably abused in the past.
------------------------------
Date: 10 Jul 92 21:14:29 EDT
From: mcmullen@well.sf.ca.us
Subject: File 2--New York Computer Crime Indictments
NEW YORK, N.Y., U.S.A., 1992 JULY 9 (NB) -- Otto G. Obermaier, United
States Attorney for the Southern District of New York, has announced
the indictment of five "computer hackers" on charges of computer
tampering, computer fraud, wire fraud, illegal wire tapping and
conspiracy. The announcement was made at a press conference at 2:00 PM
on Wednesday, July 8th at the Federal Court hose in Manhattan
Named in the indictment were Julio Fernandez, 18, known as the
"Outlaw"; John Lee, 21, a/k/a "Corrupt"; Mark Abene, 20, a/k/a "Phiber
Optik"; Elias Ladopoulos, 22, a/k/a "Acid Phreak"; and "Paul Stira,
22, a/k/a "Scorpion". In addition to alleged specific illegal acts
involving computers, the five individuals were also charged with
conspiracy.
According to the indictment, the five were members of a group known as
MOD (standing for either "Masters of Disaster" or "Masters of
Deception") and the goal of the conspiracy was "that the members of
MOD would gain access to and control of computer systems in order to
enhance their image and prestige among other computer hackers; to
harass and intimidate rival hackers and people they did not like; to
obtain telephone, credit, information, and other services without
paying for them; and to obtain. passwords, account numbers and other
things of value which they could sell to others."
The indictment defines computer hacker as "someone who uses a computer
or a telephone to obtain unauthorized access to other computers."
Obermaier stated that this investigation was "the first investigative
use of court-authorized wiretaps to obtain conversations and data
transmissions of computer hackers." He said that this procedure was
essential to the investigation and that "It demonstrates, I think, the
federal government's ability to deal with criminal conduct as it moves
into new technological areas." He added that the interception of data
was possible only because the material was in analog form and added
"Most of the new technology is in digital form and there is a pending
statute in the Congress which seeks the support of telecommunications
companies to allow the federal government, under court authorization,
to intercept digital transmission. Many of you may have read the
newspaper about the laser transmission which go through fiber optics
as ernment needs the help of Congress and, indeed, the
telecommunications companies to able to intercept digital While all of
those indicted were charged with some type of unlawful access to one
or more of computer systems belonging to the following: Southwestern
Bell, BT North America, New York Telephone, ITT, Information America,
TRW, Trans Union, Pacific Bell, the University of Washington, New York
University, U.S. West, Learning Link, Tymnet and Martin Marietta
Electronics Information and Missile Group, Fernandez and Lee were also
charged with selling illegally obtained credit information to a person
that later re-sold the information to private detectives.
Assistant United States Attorney Stephen Fishbein announced that
Morton Rosenfeld has been indicted and pled guilty to purchasing
credit information and access codes from persons named "Julio" and
"John". Fishbein said that Rosenfeld, at the time of his arrest on
December 6, 1991, has approximately 176 TRW credit reports in his
possession. Rosenfeld, 21, pled guilty on June 24, 1992 and is
scheduled to be sentenced on September 9th. He faces a maximum of five
years imprisonment and a fine of the greater of $250,000 or twice the
gross gain or loss incurred.
Fishbein also announced the outcome of a "separate but related court
action, Alfredo De La Fe, 18, pled guilty on June 19, 1992 to the use
and sale of telephone numbers and codes for Private Branch Exchanges
(PBX's). De La Fe said that he had sold PBX numbers belonging to Bugle
Boy Industries to a co-conspirator who used the numbers in a
call-selling operation. He also said that he and a person that he knew
as "Corrupt" had made illegal long difference conference calls. De La
Fe faces the same maximum penalty as Rosenfeld and is scheduled for
sentencing on August 31st.
Among the charges against the five charged as conspirators is the
allegation that Fernandez, Lee, Abene and "others whom they aided and
abetted" performed various computer activities "that caused losses to
Southwestern Bell of approximately $370,000. When asked by Newsbytes
how the losses were calculated, Fishbein said that there was no
breakdown beyond that stated in the indictment -- "expenses to locate
and replace computer programs and other information that had been
modified or otherwise corrupted, expenses to determine the source of
the unauthorized intrusions, and expenses for new computers and
security devices that were necessary to prevent continued unauthorized
access by the defendants and others whom they aided and abetted."
In answer to a Newsbytes question concerning the appropriateness of
making an intruder into a computer system totally responsible for the
cost of adding security features "which possibly should have been
there to begin with", Obermaier said "That theory would make the
burglar the safety expert since one can't have people going around
fooling around with other people's relatively private information and
then claiming that I'm doing it for their good."
Paul Tough of Harper's Magazine followed up on the same topic by
saying "In the Craig Neidorf case a regional telephone company claimed
that a document was worth over $100,000. When it was found to be worth
only $12, the case was thrown out. In view of that, are you concerned
that they (Southwestern Bell) may have overreported? In response,
Obermaier "No, we are not concerned. It's a matter of proof and, if
the accused stand trial and have a similar experience to as happened
the case you cite, not in this district, then the results predictably
will be the same." Fishbein said that the conspiracy change carries a
maximum sentence of five years imprisonment while each of the other
counts (there are 10 additional counts) carries a maximum of five
years imprisonment and a fine of the greater of $250,000 or twice the
gross gain or loss incurred. A single exception is a count charging
Fernandez with possessing fifteen or more unauthorized access devices.
That count carries a maximum penalty of ten years imprisonment.
In response to a statement by Alex Michelini of the New York Daily
News that "What you've outlined, basically, except for the sales of
credit information, this sounds like a big prank, most of it",
Obermaier said "Really, Well, I suppose, if you can characterize that
as a prank but it's really a federal crime allowing people without
authorization to rummage through the data of other people to which
they do not have access and, as I point out to you again, the burglar
cannot be your safety expert. He may be inside and laugh at you when
you come home and say that your lock is not particularly good but I
think you, if you were affected by that contact, would be somewhat
miffed"
Obermaier also said that "The message that ought to be delivered with
this indictment is that such conduct will not be tolerated,
irrespective of tensible purpose."
Obermaier also said that "The message that ought to be delivered with
this indictment is that such conduct will not be tolerated,
irrespective of the ag of the particular accused or their ostensible
purpose."
Others participating in the news conference were Raymond Shaddick,
United States Secret Service assistant director - Office of
Investigations; William Y. Doran, FBI special agent in charge, New
York criminal division; Scott Charney, United States Dept. of Justice
chief of computer crime unit. All stressed the cooperation that had
gone on between the various law enforcement agencies during the
investigation.
Charney told Newsbytes that, in spite of the fact that the search
warrants executed on Stira and Ladopoulos preceded those executed on
Lee and Fernandez by almost two years and that the last specific
allegation against Stira proceeds the first against Lee by 16 months
and the first against Fernandez by 21 months, there is evidence that
links them together in the conspiracy. Charney also told Newsbytes
that the counts against Abene were not related to a misdemeanor
conviction in early 1991 for which he served community service. Those
indicted have been asked to present themselves at New York Service
Services headquarters at 9:00 AM on July 8th for fingerprinting.
Arraignment for the indicted is scheduled for Thursday, July 16th.
Abene told Newsbytes that while he couldn't comment on anything
related to the indictment until he obtained legal counsel, "I've been
participating i conferences with law enforcement personnel and guest
lecturing to college classes for the last year and a half. In every
case, I have said how those responsible for information about us have
the responsibility to protect that data. I have also tried to explain
the great difference between a true hacker and a person who uses
computers for criminal profit. I hope that I have increased
understanding with these efforts."
(Barbara E. McMullen & John F. McMullen/Press Contacts:Federico E.
Virella, Jr., United States Attorney's Office, 212 791-1955; Betty
Conkling, United States Secret Service, 212 466-4400; Joseph Valiquette,
Jr, Federal Bureau of Investigation, 212 335-2715/19920709)
------------------------------
Date: 09 Jul 92 21:14:29 EDT
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 3--MOD Bust (Press Release, US Atty, S. District of NY)
From-- J.MCNEELY6 Jack C. Mcneely
To-- GRMEYER Gordon R. Meyer
Sub: MOD Bust
Group of "Computer Hackers" Indicted;
First Use of Wiretaps in Such a Case
To: National Desk
Contact: Federico E. Virella Jr., 212-791-1955, or
Stephen Fishbein, 212-791-1978, of the Office of
the U.S. Attorney, Southern District of New York; or
Betty Conkling of the U.S. Secret Service, 212-466-4400; or
Joseph Valiquette Jr. of the Federal Bureau of
Investigation, 212-335-2715
NEW YORK, July 8 /U.S. Newswire/ -- A group of five "computer hackers"
has been indicted on charges of computer tampering, computer fraud,
wire fraud, illegal wiretapping, and conspiracy, by a federal grand
jury in Manhattan, resulting from the first investigative use of
court-authorized wiretaps to obtain conversations and data
transmissions of computer hackers.
A computer hacker is someone who uses a computer or a telephone to
obtain unauthorized access to other computers.
The indictment, which was filed today, alleges that Julio Fernandez,
a/k/a "Outlaw," John Lee, a/k/a "Corrupt," Mark Abene, a/k/a "Phiber
Optik," Elias Ladopoulos, a/k/a "Acid Phreak," and Paul Stira, a/k/a
"Scorpion," infiltrated a wide variety of computer systems, including
systems operated by telephone companies, credit reporting services,
and educational institutions.
According to Otto G. Obermaier, United States Attorney for the
Southern District of New York, James E. Heavey, special agent in
charge, New York Field Division, United States Secret Service, William
Y. Doran, special agent in charge, Criminal Division, New York Field
Division, Federal Bureau of Investigation, and Scott Charney, chief of
the Computer Crime Unit of the Department of Justice, the indictment
charges that the defendants were part of a closely knit group of
computer hackers self-styled "MOD," an acronym used variously for
"Masters of Disaster" and "Masters of Deception" among other things.
The indictment alleges that the defendants broke into computers "to
enhance their image and prestige among other computer hackers; to
harass and intimidate rival hackers and other people they did not
like; to obtain telephone, credit, information and other services
without paying for them; and to obtain passwords, account numbers and
other things of value which they could sell to others."
The defendants are also alleged to have used unauthorized passwords
and billing codes to make long distance telephone calls and to be able
to communicate with other computers for free.
Some of the computers that the defendants allegedly broke into were
telephone switching computers operated by Southwestern Bell, New York
Telephone, Pacific Bell, U.S. West and Martin Marietta Electronics
Information and Missile Group. According to the indictment, such
switching computers each control telephone service for tens of
thousands of telephone lines.
In some instances, the defendants allegedly tampered with the
computers by adding and altering calling features. In some cases, the
defendants allegedly call forwarded local numbers to long distance
numbers and thereby obtained long distance services for the price of a
local call.
Southwestern Bell is alleged to have incurred losses of approximately
$ 370,000 in 1991 as a result of computer tampering by defendants
Fernandez, Lee, and Abene.
The indictment also alleges that the defendants gained access to
computers operated by BT North America, a company that operates the
Tymnet data transfer ne twork. The defendants were allegedly able to
use their access to Tymnet computers to intercept data communications
while being transmitted through the network, including computer
passwords of Tymnet employees. On one occasion, Fernandez and Lee
allegedly intercepted data communications on a network operated by the
Bank of America.
The charges also allege that the defendants gained access to credit
and information services including TRW, Trans Union and Information
America.
The defendants allegedly were able to obtain personal information on
people including credit reports, telephone numbers, addresses,
neighbor listings and social security numbers by virtue of their
access to these services.
On one occasion Lee and another member of the group are alleged to
have discussed obtaining information from another hacker that would
allow them to alter credit reports on TRW. As quoted in the
indictment, Lee said that the information he wanted would permit them
"to destroy people's lives... or make them look like saints."
The indictment further charges that in November 1991, Fernandez and
Lee sold information to Morton Rosenfeld concerning how to access
credit services. The indictment further alleges that Fernandez later
provided Rosenfeld's associates with a TRW account number and password
that Rosenfeld and his associates used to obtain approximately 176 TRW
credit reports on various individuals. (In a separate but related
court action, Rosenfeld pleaded guilty to conspiracy to use and
traffic in account numbers of TRW. See below).
According to Stephen Fishbein, the assistant United States attorney in
charge of the prosecution, the indictment also alleges that members of
MOD wiped out almost all of the information contained within the
Learning Link computer operated by the Educational Broadcasting Corp.
(WNET Channel 13) in New York City.
The Learning Link computer provided educational and instructional
information to hundreds of schools and teachers in New York, New
Jersey and Connecticut.
Specifically, the indictment charges that on Nov. 28, 1989, the
information on the Learning Link was destroyed and a message was left
on the computer that said: "Happy Thanksgiving you turkeys, from all
of us at MOD" and which was signed with the aliases "Acid Phreak,"
"Phiber Optik," and "Scorpion."
During an NBC News broadcast on Nov. 14, 1990, two computer hackers
identified only by the aliases "Acid Phreak" and "Phiber Optik" took
responsibility for sending the "Happy Thanksgiving" message.
Obermaier stated that the charges filed today resulted from a joint
investigation by the United States Secret Service and the Federal
Bureau of Investigation.
"This is the first federal investigation ever to use court-authorized
wiretaps to obtain conversations and data transmissions of computer
hackers," said Obermaier.
He praised both the Secret Service and the FBI for their extensive
efforts in this case. Obermaier also thanked the Department of Justice
Computer Crime Unit for their important assistance in the
investigation. Additionally, Obermaier thanked the companies and
institutions whose computer systems were affected by the defendants'
activities, all of whom cooperated fully in the investigation.
Fernandez, age 18, resides at 3448 Steenwick Ave., Bronx, New York.
Lee (also known as John Farrington), age 21, resides at 64A Kosciusco
St. Brooklyn, New York. Abene, age 20, resides at 94-42 Alstyne Ave.,
Queens, New York. Elias Ladopoulos, age 22, resides at 85-21 159th
St., Queens, New York. Paul Stira, age 22 , resides at 114-90 227th
St., Queens, New York. The defendants' arraignment has been scheduled
for July 16, at 10 a.m. in Manhattan federal court.
The charges contained in the indictment are accusations only and the
defendants are presumed innocent unless and until proven guilty.
Fishbein stated that if convicted, each of the defendants may be
sentenced to a maximum of five years imprisonment on the conspiracy
count. Each of the additional counts also carries a maximum of five
years imprisonment, except for the count charging Fernandez with
possession of access devices, which carries a maximum of ten years
imprisonment. Additionally, each of the counts carries a maximum fine
of the greater of $ 250,000, or twice the gross gain or loss incurred.
++++++++++++
In separate but related court actions, it was announced that Rosenfeld
and Alfredo De La Fe have each pleaded guilty in Manhattan Federal
District Court to conspiracy to use and to traffic in unauthorized
access devices in connection with activities that also involved
members of MOD.
Rosenfeld pled guilty on June 24 before Shirley Wohl Kram, United
States District Judge.
At his guilty plea, Rosenfeld admitted that he purchased account
numbers and passwords for TRW and other credit reporting services from
computer hackers and then used the information to obtain credit
reports, credit card numbers, social security numbers and other
personal information which he sold to private investigators.
Rosenfeld added in his guilty plea that on or about Nov. 25, 1991, he
purchased information from persons named "Julio" and "John" concerning
how to obtain unauthorized access to credit services.
Rosenfeld stated that he and his associates later obtained additional
information from "Julio" which they used to pull numerous credit
reports. According to the information to which Rosenfeld pleaded
guilty, he had approximately 176 TRW credit reports at his residence
on Dec. 6, 1991.
De La Fe pled guilty on June 19 before Kenneth Conboy, United States
District Judge.
At his guilty plea, De La Fe stated that he used and sold telephone
numbers and codes for Private Branch Exchanges ("PBXs").
According to the information to which De La Fe pleaded guilty, a PBX
is a privately operated computerized telephone system that routes
calls, handles billing, and in some cases permits persons calling into
the PBX to obtain outdial services by entering a code.
De La Fe admitted that he sold PBX numbers belonging to Bugle Boy
Industries and others to a co-conspirator who used the numbers in a
call sell operation, in which the co-conspirator charged others to
make long distance telephone calls using the PBX numbers.
De La Fe further admitted that he and his associates used the PBX
numbers to obtain free long distance services for themselves. De La Fe
said that one of the people with whom he frequently made free long
distance conference calls was a person named John Farrington, who he
also knew as "Corrupt."
Rosenfeld, age 21, resides at 2161 Bedford Ave., Brooklyn, N.Y.
Alfredo De La Fe, age 18, resides at 17 West 90th St., N.Y. Rosenfeld
and De La Fe each face maximum sentences of five years, imprisonment
and maximum fines of the greater of $250,000, or twice the gross gain
or loss incurred. Both defendants have been released pending sentence
on $20,000 appearance bonds. Rosenfeld's sentencing is scheduled for
Sept. 9, before Shirley Wohl Kram. De La Fe's sentencing is scheduled
for Aug. 31, before Conboy.
/U.S. Newswire 202-347-2770/
------------------------------
Date: Fri, 10 Jul 1992 17:26:52 -0500
From: Craig Neidorf <knight@EFF.ORG>
Subject: File 4--EFF responds to MOD Indictments...
+=========+=================================================+===========+
| F.Y.I. |Newsnote from the Electronic Frontier Foundation |July 9,1992|
+=========+=================================================+===========+
FEDERAL HACKING INDICTMENTS ISSUED AGAINST FIVE IN NEW YORK CITY
Yesterday, Federal officials indicted five people in New York City for
computer crime. The indictments name Mark Abene (Phiber Optik), Julio
Fernandez (Outlaw), John Lee (Corrupt), Elias Ladopoulos (Acid
Phreak), and Paul Stria (Scorpion). The indictments charge that the
accused used their computers to access credit bureaus, other computer
systems, and make free long-distance calls.
Prosecutors revealed they relied on court-approved wiretaps to obtain
much of the evidence for their multiple-count indictment for wire
fraud, illegal wiretapping and conspiracy. Each count is punishable by
up to 5 years in prison. The defendants are scheduled to be arraigned
in Manhattan Federal Court on July 16. If found guilty on all counts
the defendants could face a maximum term of 50 years in prison and
fines of $2.5 million.
Otto Obermaier, U.S. Attorney, discounted suggestions that the acts
alleged in the indictment were only "pranks" and asserted that they
represented "the crime of the future." He also stated that one purpose
of the indictment was to send a message that "this kind of conduct
will not be tolerated."
Mark Abene, known to the computer community as Phiber Optik, denied
any wrongdoing.
The Electronic Frontier Foundation's staff counsel in Cambridge, Mike
Godwin is carefully reviewing the indictments. Mitchell Kapor, EFF
President, stated today that: "EFF's position on unauthorized access
to computer systems is, and has always been, that it is wrong."
"Nevertheless," Kapor continued, "we have on previous occasions
discovered that allegations contained in Federal indictments can also
be wrong, and that civil liberties can be easily infringed in the
information age. Because of this, we will be examining this case
closely to establish the facts."
+=====+===================================================+=============+
| EFF |155 Second Street, Cambridge MA 02141 (617)864-0665| eff@eff.org |
------------------------------
Date: 25 Jun 92 17:38:55 EDT
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 5--LoD t-shirts
++++ Original post follows ++++
Date-- Wed, 24 Jun 92 19--35--36 -0500
From-- amartin@ccwf.cc.utexas.edu (Aston Martin)
Net Denizens:
With all the amazing hullabaloo going on in several newsgroups and
throughout the electronic community as a whole, I have decided to go
ahead and make one more, FINAL, print run on the LOD t-shirts.
Please, if anyone is interested, have your mail sent by the end of
July, so everyone who wants one can get one this time. I thought that
in the 6 print orders I made previously "Everyone" who wanted one got
one, but from the requests I have received apparently not.
I was amazed at the orders that came in from locations such as Hong
Kong, England, Netherlands and Australia. The list of luminaries who
came out of the woodwork with an interest in such item was equally as
impressive, security types at LLNL, government employees, hackers from
the golden days, and even a certain regular contributor to a few "not
for normal distribution" mail lists.
This run is for those of you who got left out. Again, I urge that you
respond before July 31, as that is when it the opportunity ends
forever.
Blatant promotion follows:
"LEGION OF DOOM--INTERNET WORLD TOUR" T-SHIRTS!
Now you too can own an official Legion of Doom T-shirt. This is the
same shirt that sold-out rapidly at the "Cyberview" hackers conference
in St. Louis. Join the other proud owners such as Lotus founder Mitch
Kapor and award-winning author Bruce Sterling by adding this
collector's item to your wardrobe. This professionally made, 100
percent cotton shirt is printed on both front and back. The front
displays "Legion of Doom Internet World Tour" as well as a sword and
telephone intersecting the planet earth, skull-and-crossbones style.
The back displays the words "Hacking for Jesus" as well as a
substantial list of "tour-stops" (internet sites) and a quote from
Aleister Crowley. This T-shirt is sold only as a novelty item, and is
in no way attempting to glorify computer crime.
Shirts are only $15.00, postage included! Overseas add an
additional $5.00. Send check or money-order (No CODs, cash or
credit cards--even if it's really your card) made payable to
Chris Goggans to:
Chris Goggans
5620 Glenmont #P-17
Houston, TX 77081
------------------------------
Date: Tue, 30 Jun 1992 16:57:47 -0400
From: Brendan Kehoe <brendan@CS.WIDENER.EDU>
Subject: File 6--AT&T's fight against toll fraud continues
AT&T is giving businesses a new way to fight telephone fraud and
abuse. The long-distance carrier is offering a calling card that
allows corporate customers to preselect specific phone numbers, area
codes, or countries that can be called by the card's user.
Non-designated calling areas cannot be accessed. The card, which
allows managers to designate up to 50 possible calling combinations,
will be available for free this year. Beginning next year, AT&T will
charge a service fee for the card.
Information Week, June 29, 1992.
------------------------------
Date: Tue, 30 Jun 92 21:22:00 PDT
From: Mark Coats <mcoats@IGC.ORG>
Subject: File 7--Boston BBS Shutdowns
Has anyone heard about several BBSs being shutdown in the Boston area?
I recently talked to Bob Chatelle, who told me that three boards, all
gay oriented, have ceased operation recently. The first was well
known, the Eagle's Nest, and was seized in conjunction with a raid on
a rowdy party. The second, the Boston Connection, ceased operation
and Bob has no info on it. The last, Doug's Den, was embroiled in a
sale of the BBS itself, when it is rumoured to have been seized by the
feds on child pornography charges.
If you know anyone tracking Cyberbusts and/or suspicious BBS shutdowns
please forward this to them.
Bob is not on the net but can be reached at 617-497-7193 or at:
Bob Chatelle
296 Western Ave.
Cambridge, MA 02139
Thanks,
------------------------------
Date: Tue, 30 Jun 1992 18:19:13 EDT
From: James P Love <LOVE@PUCC.BITNET>
Subject: File 8--OMB A130 REVISION
Taxpayer Assets Project
Information Policy Note
June 23, 1992
THE APRIL 29, 1992 PROPOSED REVISION TO OMB CIRCULAR A-130.
SUMMARY AND INTRODUCTION
- Important policy advisory for all federal agencies
concerning the management of federal information resources.
- Proposed Revision is an improvement over the existing A-130,
but needs considerable work. Your comments are needed.
- Public comments due by August 27, 1992
- Comments can be filed at any time before the deadline by
email. Send to (Internet): omba130@nist.gov
INTRODUCTION
On April 29, 1992 OMB published a notice in the Federal Register
asking for public comments on proposed revisions of its OMB
Circular A-130. This important circular is a policy advisory
from OMB to all federal agencies concerning the management of
government information resources.
Since it was first issued in 1985 A-130 has been a controversial
document. In its earlier versions A-130 was used to eliminate or
raise prices on many free publications, and to promote the
privatization of the dissemination of government information.
The April 29, 1992 draft is a major improvement from the 1985
circular or any of the previous attempts to revise it. There are
also a number of problems with A-130.
GOOD NEWS
The best new features of the Circular are its decreased emphasis
on privatization, the much more generous mandate to use computer
technologies to disseminate government information (its ok for a
government agency to "add value"), and OMB's very good statement
on pricing of government information (no more than the cost of
dissemination).
BAD NEWS
DEPOSITORY LIBRARIES
OMB contends that federal agencies do not have to give electronic
information products and services to the federal depository
library program. There are 1,400 federal depository libraries,
including most major research libraries. They provide free
access to thousands of federal publications. By law all federal
agencies are required to provide copies of paper productions to
this program, which was organized in the middle of the 19th
century. OMB's proposal, which may not be legal, is a major
change of philosophy, and it should be criticized strongly. We
don't need a technological sunset of this important program which
provides universal access to federal information resources.
WHAT'S MISSING FROM THE CIRCULAR
CONFLICTS OF INTEREST
A surprisingly large number of agencies have contracts with
private firms to carry out data processing or information
dissemination tasks, when the contractor is also a potential
competing outlet for the information. The conflicts of interest,
both real and potential, are huge, and of great importance.
Consider the following examples:
SEC's Insider trading data. The SEC hires InvestNet to data
punch its insider trading reports. InvestNet provides a
copy of its work to the National Archives, missing the field
of the shareholder's address. This makes the government's
copy of the data worthless for many users. InvestNet then
the public sells access to the complete data for very high
fees.
SEC's EDGAR system. The SEC hires Mead Data Central to
disseminate the electronic records for EDGAR. Meanwhile,
Mead wants to sell the public access to those same records.
The result is one of the most restrictive systems for public
access that one could imagine.
LANDSAT. GM and GE are given a monopoly on the sale of
LANDSAT data. Forget GM's conflict of interest in making
data on air pollution and climate available to environmental
groups. GM, through its Hughes subsidiary, wants to force
people to buy its value added services, "enhancing" the
LANDSAT data, before its disseminated.
JURIS. The Department of Justice hires Westlaw to key punch
federal court decisions. Westlaw, of course, is one of two
commercial sources (with Mead Data Central) of legal
information online. West provides the government with its
headnotes, which West copyrights. West then can exercise a
copyright over the entire database, which otherwise consists
of the LAW itself. West has used this to prevent the public
from having access to the JURIS online system and from
preventing potential competitors from obtaining the records
under FOIA.
There are dozens of other cases of conflicts of interest. OMB
should address this issue in A-130.
PUBLIC NOTICE
OMB is still acting as though the only reason for public notice
is if there is a major decision on the creation or termination of
an information product or service. We believe the public should
have regular opportunities to comment on agency policies and
practices. For example, since JURIS has never been available to
the public, there hasn't been any public notice. Or, the SEC's
public notice of EDGAR was years and years ago, before anyone
knew what it was really going to do. What if the public wants
something new that doesn't exist, or wants to criticize an agency
choice of standards? Some of the most important issues concern
the types of incremental adjustments that agencies need to make.
We support the extensive public comment provisions that are
described in Representative Owens' Improvement of Information
Access Act (IIA Act, HR 3459). Let's do it right in A-130, and
pay more attention to data users problems.
NTIS
Ever since Congress required NTIS to operate without taxpayer
funds (funded entirely on user fees), it has used electronic
products and services to subsidize its money losing paper
products. Agencies now sell electronic products through NTIS,
splitting fees. The records are no longer available through
FOIA, and A-130's policy on pricing (no more than dissemination
costs) is completely undermined. NTIS charges huge prices for
its data in electronic formats. (As much as $1,000 or more for a
single real of magnetic tape). This loophole is causing immense
problems, and should be addressed in A-130.
STANDARDS
If the three most important things about information in a
networked environment are standards, standards, and standards,
then A-130 should talk more about standards. And when you talk
about standards, you have to talk about *regular* public comment.
Users have to be involved. Again, we support the Owens bill (HR
3459) approach on this.
CONCLUSION
Omb Circular A-130 is a pivotal federal document, and it will be
important to file your comments by the August 27, 1992 deadline.
OMB is making this very easy by allowing comments to be filed by
email any time before the deadline, at omba130@nist.gov.
For more information, contact OMB's Office of Information and
Regulatory Affairs.
Information Policy Branch internet: ombA130@nist.gov
Office of Information and voice: 202/395-3785
Regulatory Affairs
OMB
Room 3235
New Executive Office Building
Washington, DC 20503
============================================================
James Love voice: 609/683-0534
Director, Taxpayer fax: 202/234-5176
Assets Project internet: love@essential.org
P.O. Box 19367
Washington, DC 20036�
------------------------------
End of Computer Underground Digest #4.30
************************************
Computer underground Digest Fri July 17, 1992 Volume 4 : Issue 31
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Copy Editor: Etaion Shrdlu, Jr.
Archivist: Brendan Kehoe
Archivist in spirit: Bob Kusumoto
Shadow-Archivist: Dan Carosone
CONTENTS, #4.31 (July 17, 1992)
File 1--MOD Indictment (July, '92)
File 2--Newsbytes Editorial on MOD Indictment
Back issues of CuD can be found in the Usenet alt.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from American Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by
anonymous ftp from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: 17 Jul 92 16:43:21 CDT
From: Moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 1--MOD Indictment (July, '92)
((Moderators' note: The following is the complete indictment of
five MOD members (see CuD 4.30 for background)).
UNITED STATES DISTRICT COURT
SOUTHERN DISTRICT OF NEW YORK
- - - - - - - - - - - - - - - - - - - -X
:
UNITED STATES OF AMERICA :
:
- v - :
:
JULIO FERNANDEZ, a/k/a "Outlaw," : _INDICTMENT_
JOHN LEE, a/k/a "John Farrington," :
a/k/a "Corrupt," :
MARK ABENE, a/k/a "Phiber Optik," :
ELIAS LADOPOULOS, : 92 Cr.
a/k/a "Acid Phreak," and :
PAUL STIRA, a/k/a "Scorpion" :
:
Defendants :
:
- - - - - - - - - - - - - - - - - - - -X
_COUNT ONE_
Conspiracy
The Grand Jury Charges:
_Introduction_
1. At all times relevant to this indictment:
(a) MOD was a closely knit group of computer
hackers located primarily in the New York City area. (The term
"computer hacker" refers to someone who uses a computer or a
telephone to obtain unauthorized access to other computers). The
letters "MOD" had various meanings, among them "Masters Of
Disaster" and "Masters of Deception."
(b) At various times, the defendants JULIO
FERNANDEZ, JOHN LEE, MARK ABENE, ELIAS LADOPOULOS and PAUL STIRA
were members of MOD. Within MOD and in the course of their
computer hacking activities, the defendants frequently identified
themselves by their nicknames or hacking "handles." In
particular, JULIO FERNANDEZ used the name "Outlaw," JOHN LEE used
- 1-
the name "Corrupt," MARK ABENE used the name "Phiber Optik,"
ELIAS LADOPOULOS used the name "Acid Phreak," and PAUL STIRA used
the name "Scorpion." JOHN LEE was also known to his associates
as "John Farrington."
(c) Southwestern Bell Telephone Company
("Southwestern Bell") was a regional telephone company that
provided local telephone service to millions of customers in
Arkansas, Kansas, Missouri, Oklahoma and Texas. Southwestern
Bell's telephone system was controlled and operated by numerous
computers located throughout the above-named states, including
telephone switching computers. The telephone switching computers
operated by Southwestern Bell and other telephone companies were
large computers that controlled call routing, calling features
(such as call forwarding, call waiting and three-way calling),
billing and other telephone services for tens of thousands of
telephone lines each. Southwestern Bell's headquarters were
located in St. Louis, Missouri.
(d) BT North America Inc. was an international
corporation that provided telecommunications services throughout
the world. Among BT North America's businesses in the United
States was the operation of a data transfer network called
Tymnet. The Tymnet network was an international network through
which customers could transmit electronic communications. The
Tymnet network was controlled and operated by numerous computers
located throughout the United States and elsewhere. BT North
America's headquarters were located in San Jose, California.
- 2 -
(e) New York Telephone Company ("New York
Telephone") was a regional telephone company that provided local
telephone service to millions of customers in New York State.
New York Telephone's telephone system was controlled and operated
by numerous computers located throughout New York State. New
York Telephone's headquarters were located in New York City.
(f) Pacific Bell and U.S. West were regional
telephone companies that provide telephone service to customers
in, among other states, California and Idaho, respectively. One
of the telephone switching computers operated by Pacific Bell was
located in Santa Rosa, California. One of the telephone
switching computers operated by U.S. West was located in Boise,
Idaho.
(g) Martin Marietta Electronics Information and
Missile Group ("Martin Marietta") was an aerospace and
engineering company located in Orlando, Florida. Martin Marietta
operated a telephone switching computer that handled the
company's telephone lines.
(h) International Telephone and Telegraph Company
("ITT"), was a telecommunications company. One of the ways that
ITT provided telephone services to customers was to provide
customers with personal identification numbers. Customers could
dial local or toll free telephone numbers assigned to ATT, enter
their personal identification numbers, and then obtain local and
long distance calling services that would be charged to their
accounts.
- 3 -
(i) Information America, Inc., was a computerized
information service that provided subscribers with accesses to
telephone numbers, addresses, business abstracts and other
information regarding individuals and businesses throughout the
United States. Information America's headquarters and its primary
computer data base were located in Atlanta, Georgia.
(j) TRW Information Services ("TRW") and Trans
Union Corporation ("Trans Union") were credit reporting services
that provided subscribers with access to credit reports and other
information. One of the ways that subscribers could obtain
credit information was to use a computer to access data bases
maintained by TRW and Trans Union. TRW's primary data base was
located in Anaheim, California. Trans Union's primary data base
was located in Chicago, Illinois.
(k) The Learning Link was a computerized
information system operated by the Educational Broadcasting
Corporation in New York City. The Learning Link computer
provided educational and instructional information to hundreds of
schools and educators in New York, New Jersey and Connecticut.
Access to the Learning Link computer was limited to persons and
institutions who subscribed to the service and paid a membership
fee.
(l) New York University ("NYU") was a large
university located in New York City. NYU operated a computer
system for faculty, students and other authorized users. One of
the services provided by the NYU computer systems was to allow
- 4 -
authorized users to make local and long distance telephone calls for
the purpose of connecting to other computers outside of NYU.
Authorized users of the NY computer could obtain outdial service by
accessing the NYU computer system and entering a billing code. The
call would then be charged to the authorized users' account.
(m) The University of Washington was a large
university located in Seattle, Washington, The University of
Washington operated numerous computers for use by faculty,
students and other authorized users.
(n) The Bank of America was a national Bank
located in California and elsewhere. The Bank of America operated
a data transfer network that was used to transmit electronic
communications of Bank of America employees and others.
_The Conspiracy_
2. From in or about 1989 through the date of the filing
of this Indictment, in the Southern District of New York and
elsewhere, JULIO FERNANDEZ, a/k/a "Outlaw," JOHN LEE, a/k/a "John
Farrington," a/k/a "Corrupt," MARK ABENE, a/k/a "Phiber Optik,"
ELIAS LADOPOULOS, a/k/a "Acid Phreak," and PAUL STIRA, a/k/a
"Scorpion," the defendants, and others known and unknown to the
Grand Jury (collectively the "co-conspirators"), unlawfully,
willfully and knowingly did combine, conspire, confederate and
agree together and with each other to commit offenses against the
United States of America, to wit, to possess unauthorized access
devices with the intent to defraud, in violation of Title 18,
United States Code, Section 1029(a)(3); to use and traffic in
- 5 -
unauthorized access devises with the intent to defraud, in
violation of Title 18, United States Code, Section 1029(a)(2); to
access federal interest computers without authorization, in
violation of Title 18, United States Code, Section 1030(a)(5)(a);
to intercept electronic communications, in violation of Title 18,
United States Code, Section 2511(1)(a); and to commit wire fraud,
in violation of Title 18, United States Code, Section 1343.
_Objects of the Conspiracy_
_Possession of Unauthorized Access Devices_
3. It was a part and object of the conspiracy that the
co-conspirators unlawfully, willfully, knowingly and with the
intent to defraud, would and did possess fifteen and more
unauthorized access devices, to wit, the co-conspirators would
and did posess fifteen and more unauthorized passwords, user
identifications, personal identification numbers and other access
devices that permitted access to computer systems, data bases and
telephone services of Southwestern Bell, BT North America, New
York Telephone, ITT, Information America, TRW, Trans Union, NYU
and others, in violation of Title 18, United States Code, Section
1029(a)(3).
_Use of Unauthorized Access Devices_
4. It was a further part and object of the conspiracy
that the co-conspirators unlawfully, willfully, knowingly and
with the intent to defraud, would and did use one or more
unauthorized access devices during a one year period, and by such
conduct obtain something of value aggregating $1,000 and more
- 6 -
during that period, to wit, the co-conspirators would and did use
unauthorized access devices of Southwestern Bell, BT North
America, New York Telephone, ITT, Information America, TRW, Trans
Union, NYU and others in order to obtain information services,
credit reporting services, telephone services and other things of
value aggregating in excess of $1,000 during a one year period,
in violation of Title 18, United States Code, Section 1029(a)(2).
_Unauthorized Access of Computers_
5. It was a further part and object of the conspiracy
that the co-conspirators unlawfully, willfully, knowingly and
intentionally would and did access federal interest computers
without authorization, and by means of such conduct alter, damage
and destroy information in such federal interest computers and
prevent authorized use of such computers and information, and
thereby cause loss to one or more others of a value aggregating
$1,000 and more during a one year period, to wit, the co-
conspirators would and did access computers belonging to
Southwestern Bell, BT North America and others without
authorization, and by means of such conduct altered telephone
services, installed their own computer programs and made other
modifications, thereby causing losses aggregating $1,000 and more
during a one year period, in violation of Title 18, United States
Code, Section 1030(a)(5)(A).
_Interception of Electronic Communications_
6. It was a further part and object of the conspiracy
that the co-conspirators unlawfully, willfully, knowingly and
- 7 -
intentionally would and did intercept, endeavor to intercept and
procure other persons to intercept electronic communications, to
wit, the co-conspirators would and did intercept, endeavor to
intercept and procure other persons to intercept passwords, user
identifications and other electronic communications as such
communications were being transmitted over Tymnet and other data
transfer networks, in violation of Title 18, United States Code,
Section 2511(1)(a).
_Wire Fraud_
7. It was a further part and object of the conspiracy
that the co-conspirators, unlawfully, willfully and knowingly,
and having devised a scheme and artifice to defraud and for
obtaining money and property by means of false and fraudulent
pretenses, representations and promises, would and did transmit
and cause to be transmitted by means of wire communications in
interstate and foreign commerce, signs, signals and sounds for
the purpose of executing the scheme to defraud, to wit, the co-
conspirators would and did transmit and cause to be transmitted
passwords, user identifications, personal identification numbers,
telephone tones and other signs, signals and sounds for the
purpose of executing a scheme to obtain telephone services,
credit reporting services, information services and other
services free of charge, in violation of Title 18, United States
Code, Section 1343.
- 8 -
_Goal of the Conspiracy_
8. It was the goal of the conspiracy that the members
of MOD would gain access to and control of computer systems in
order to enhance their image and prestige among other computer
hackers; to harass and intimidate rival hackers and other people
they did not like; to obtain telephone, credit, information and
other services without paying for them; and to obtain passwords,
account numbers and other things of value which they could sell
to others.
_Means and Methods of the Conspiracy_
9. Among the means and methods by which the co-
conspirators would and did carry out the conspiracy were the
following:
(a) The co-conspirators formed the group MOD to
further their computer hacking activities and to compete with
other computer hackers in their quest for and access to and control
of computer systems.
(b) The members of MOD exchanged computer-related
information among themselves including passwords, user
identifications and personal identification numbers. The members
of MOD also assisted each other in breaking into computer systems
by sharing technical information regarding the configuration and
security systems of target computers. The members of MOD agreed
to share important computer information only among themselves and
not with other computer hackers.
- 9 -
(c) The co-conspirators obtained passwords, user
identifications and other unauthorized access devices through a
variety of means including the following:
(i) Data interception--The co-conspirators
intercepted access codes as the codes were being transmitted over
Tymnet and other data transfer networks. The co-conspirators
were able to perform such interceptions on Tymnet by obtaining
unauthorized access to Tymnet computers which controlled the
transfer of electronic communications over the network. Using
their unauthorized access to Tymnet computers, the co-
conspirators monitored and intercepted information that Tymnet
personnel and others using the Tymnet network were sending
through the network, including user identifications and passwords
used by Tymnet personnel and others.
(ii) Social Engineering -- The co-
conspirators made telephone calls to the telephone company employees
and other persons, and pretended to be computer technicians or
others who were authorized to obtain access devices and related
information. The co-conspirators then caused the unwitting
targets of their calls to furnish access devices and other
proprietary information. The co-conspirators referred to this
technique as "social engineering."
(iii) Password Grabbing and Password Cracking
Programs -- The co-conspirators wrote and used various computer
programs that were designed to steal passwords from computers in
which the programs were inserted. The co-conspirators maintained
- 10 -
other programs that were designed to"crack" encrypted passwords,
that is, to take passwords that had been scrambled into a code
for security purposes, and to break the code so that the
passwords could be used to obtain unauthorized access to computer
systems.
(d) When the co-conspirators broke into computer
systems, they installed "back door" programs to ensure that they
would continue to have access to the computers. These back door
programs were designed to modify computers in which they were
inserted so that the computer would give the highest level of
access ("root" access) to anyone using a special password that
was known to the members of MOD. Some of these back door
programs also included additional features that were designed to
modify computers in which they were inserted so that (i) the
computer would store the passwords of legitimate users in a
secret file that was known to the members of MOD; (ii) the
computer would display a message that read, in part, "This system
is owned, controlled, and administered by MOD" to anyone who
accessed the system using the password "MOD"; and (iii) the
computer would be destroyed if anyone accessed the system using
another special password known to the members of MOD.
(e) The co-conspirators obtained free telephone
and data transfer services for themselves and for each other by:
(i) obtaining unauthorized access to telephone company computers
and adding and altering calling features; and (ii) maintaining
and exchanging personal identification numbers, passwords,
- 11 -
billing codes and other access devices that allowed them to make
free local and long distance telephone calls as well as to
transmit and receive electronic communications free of charge.
(f) One of the ways that the co-conspirators
obtained free telephone service by their access to telephone
switching computers was to call forward unassigned local
telephone numbers to long distance numbers or to pay per call
services such as conference calling services. By setting up such
call forwards the co-conspirators could make long distance and
conferences calls for the price of a call to the local unassigned
number.
(g) The co-conspirators obtained information
including credit reports, telephone numbers, addresses, neighbor
listings and social security numbers of various individuals by
obtaining unauthorized access to information and credit reporting
services.
_Overt Acts_
10. In furtherance of the conspiracy and to effect the
objects thereof, the co-conspirators committed the following acts
among others in the Southern District of New York and elsewhere:
(a) On or about November 28, 1989, members of MOD
caused virtually all of the information contained within the
Learning Link computer operated by the Educational Broadcasting
Corporation to be destroyed, and caused a message to be left on
the computer that said, in part: "Happy Thanksgiving you turkeys,
- 12 -
from all of us at MOD" and which was signed with the names "Acid
Phreak," "Phiber Optik" and "Scorpion" among others.
(b) On or about January 8, 1990, from his
residence in Queens, New York, ELIAS LADOPOULOS, a/k/a "Acid
Phreak," accessed a New York Telephone switching computer without
authorization. During the call, LADOPOULOS issued commands to
automatically call forward all calls received by one telephone
number to another telephone number.
(c) On or about January 24, 1990, at his college
dormitory room in Farmingdale, New York, PAUL STIRA, a/k/a
"Scorpion," possessed numerous password files containing hundreds
of encrypted and unencrypted user identifications and passwords
to telephone company computers and other computers.
(d) On or about January 24, 1990, at his college
dormitory room in Farmingdale, New York, PAUL STIRA, a/k/a
"Scorpion," possessed a back door computer program and a password
grabbing program. The back door program included a feature that
was designed to modify a computer in which the program was
inserted so that the computer would be destroyed if someone
accessed it using a certain password.
(e) On or about May 31, 1991, from his residence
in Brooklyn, New York, JOHN LEE, a/k/a "John Farrington," a/k/a
"Corrupt," obtained unauthorized access to a Southwestern Bell
computer in St. Louis, Missouri.
(f) On or about October 28, 1991, from his
residence in Bronx, New York, JULIO FERNANDEZ, a/k/a "Outlaw,"
- 13 -
obtained unauthorized access to a Southwestern Bell telephone
switching computer in Houston, Texas and issued commands so that
calls received by one telephone number would be automatically
forwarded to another number.
(g) On or about October 31, 1991, from his
residence in Bronx, New York, JULIO FERNANDEZ, a/k/a "Outlaw,"
obtained unauthorized access to a U.S. West telephone switching
computer in Boise, Idaho.
(h) On or about November 1, 1991, from his
residence in Bronx, New York, JULIO FERNANDEZ, a/k/a "Outlaw,"
called a New York Telephone technician. During the call,
FERNANDEZ pretended to be another New York Telephone employee and
convinced the technician to provide information regarding access
to a New York Telephone switching computer in Mt. Vernon, New
York.
(i) On or about November 1, 1991, from his
residence in Bronx, New York, JULIO FERNANDEZ, a/k/a "Outlaw,"
made multiple calls to a New York Telephone switching computer in
Mt. Vernon New York. During the calls, FERNANDEZ call forwarded
numbers and obtained detailed information regarding telephone
services provided by the switch.
(j) On or about November 5, 1991, from his
residence in Brooklyn, New York, JOHN LEE, a/k/a "John
Farrington," a/k/a "Corrupt," obtained a user identification and
password by monitoring electronic communications on the Tymnet
network. Later, on November 5, 1991, JOHN LEE called JULIO
- 14 '
FERNANDEZ, a/k/a "Outlaw," and provided FERNANDEZ with the
intercepted user identification and password.
(k) On or about November 6, 1991, JOHN LEE, a/k/a
"John Farrington," a/k/a "Corrupt," had a telephone conversation
with MARK ABENE, a/k/a "Phiber Optik." During the conversation,
LEE provided ABENE with the user identification and password that
LEE had intercepted the previous day.
(l) On or about November 6, 1991, JOHN LEE, a/k/a
"John Farrington," a/k/a "corrupt," had a telephone conversation
with another member of MOD, during which they discussed obtaining
information from another hacker about how to alter TRW credit
reports. LEE said that the information he wanted to obtain
included instructions on how to add and remove delinquency
reports, "to destroy people's lives. . .or make them look like
saints."
(m) On or about November 14, 1991, JULIO
FERNANDEZ, a/k/a "Outlaw," and JOHN LEE, a/k/a "Corrupt," had a
telephone conversation. During the conversation, FERNANDEZ and
LEE discussed a lengthy list of institutions that operated
computers, including government offices, private companies and an
Air Force base. In the course of the conversation, FERNANDEZ
said, "We've just got to start hitting these sites left and
right."
(n) On or about November 14, 1991, at his
residence in Brooklyn, New York, JOHN LEE, a/k/a "John
Farrington," a/k/a "Corrupt," obtained unauthorized access to
- 15 -
Trans Union's computerized data base and obtained credit reports
on several individuals.
(o) On or about November 22, 1991, at his
residence in Brooklyn, New York, JOHN LEE, a/k/a "John
Farrington," a/k/a "Corrupt," obtained unauthorized access to
Information American's computerized data base and obtained
personal information concerning several individuals.
(p) On or about November 23, 1991, MARK ABENE,
a/k/a "Phiber Optik," and JULIO FERNANDEZ, a/k/a "Outlaw," had a
telephone conversation. During the conversation, ABENE gave
FERNANDEZ advice concerning how to call forward telephone numbers
on a certain type of telephone switching computer.
(q) On or about November 25, 1991, JULIO
FERNANDEZ, a/k/a "outlaw," and JOHN LEE, a/k/a "John Farrington,"
a/k/a "Corrupt," obtained several hundred dollars from Morton
Rosenfeld, a co-conspirator not named herein as a defendant, in
exchange for providing Rosenfeld with information regarding how
to obtain unauthorized access to credit reporting services.
(r) On or about November 25, 1991, JOHN LEE, a/k/a
"John Farrington," a/k/a "Corrupt," JULIO FERNANDEZ, a/k/a
"Outlaw," and MARK ABENE, a/k/a "Phiber Optik," had a three way
telephone conversation. During the conversation, LEE and
FERNANDEZ provided ABENE with user identifications and passwords
of Southwestern Bell and Information America.
(s) On or about November 26, 1991, JOHN LEE, a/k/a
"John Farrington," a/k/a "Corrupt," and MARK ABENE, a/k/a "Phiber
- 16 -
Optik," had a telephone conversation. During the conversation,
LEE and ABENE discussed obtaining unauthorized access to
Southwestern Bell computes and LEE provided ABENE with a series
of Southwestern Bell user identifications and passwords. A short
while later, ABENE called LEE and reported that one of the
passwords worked and that he had obtained information from a
Southwestern Bell computer.
(t) On or about November 27, 1991, ELIAS
LADOPOULOS, a/k/a "Acid Phreak," had a telephone conversation
with JOHN LEE, a/k/a "John Farrington," a/k/a "Corrupt." During
the conversation, LADOPOULOS asked LEE to obtain personal
information on an individual.
(u) On or about November 27, 1991, from his
residence in Brooklyn, New York, JOHN LEE, a/k/a "John
Farrington," a/k/a "Corrupt" obtained unauthorized access to
Information America's computerized data base and obtained
personal information on the individual that ELIAS LADOPOULOS,
a/k/a "Acid Phreak," had requested. LEE the called LADOPOULOS
and gave him the information.
(v) On or about November 30, 1991, JULIO
FERNANDEZ, a/k/a "Outlaw," provided associates of Morton
Rosenfeld with an account number and password for TRW. Between
November 30, 1991, and December 2, 1991, Rosenfeld and his
associates used the TRW account number and password to obtain
approximately 176 credit reports on various individuals.
- 17 -
(w) On or about December 1, 1991, from his
residence in Bronx, New York, JULIO FERNANDEZ, a/k/a "Outlaw,"
obtained unauthorized access to a Pacific Bell Telephone
switching computer in Santa Rosa, California.
(x) On or about December 1, 1991, from his
residence in Bronx, New York, JULIO FERNANDEZ, a/k/a "outlaw,"
obtained unauthorized access to a Southwestern ell telephone
switching computer in Saginaw, Texas.
(y) On or about December 4, 1991, from his
residence in Bronx, New York, JULIO FERNANDEZ, a/k/a "Outlaw,"
obtained unauthorized access to a Martin Marietta telephone
switching computer in Orlando, Florida. During the call,
FERNANDEZ added a feature to one of the telephone numbers
services by the switch.
(z) On or about December 6, 1991, at his
residence in Queens, New York, MARK ABENE, a/k/a "Phiber Optik,"
possessed numerous proprietary technical manuals of BT North
America, including manuals that described the operation of Tymnet
computers and computer programs.
(Title 18, United States Code, Section 371.)
- 18 -
_COUNT TWO_
_Unauthorized Access to Computers_
The Grand Jury further charges:
11. Between on or about January 1, 1991 and on or about
January 1, 1992, in the Southern District of New York and
elsewhere, JULIO FERNANDEZ, a/k/a "Outlaw," JOHN LEE, a/k/a "John
Farrington,"a/k/a "Corrupt," and MARK ABENE, a/k/a "Phiber
Optik," the defendants, and others whom they aided and abetted,
unlawfully, willfully, knowingly and intentionally did access
federal interest computers without authorization, and by means of
such conduct did alter, damage and destroy information in such
federal interest computers and prevent authorized use of such
computers and information and thereby cause loss to one or more
others of a value aggregating $1,000 and more during a one year
period, to wit, JULIO FERNANDEZ, JOHN LEE, MARK ABENE, and others
whom they aided and abetted, accessed Southwestern Bell computers
without authorization and by means of such conduct altered
calling features, installed back door programs, and made other
modifications which caused losses to Southwestern Bell of
approximately $370,000 in the form of expenses to locate and
replace computer programs and other information that hand been
modified or otherwise corrupted, expenses to determine the source
of the unauthorized intrusions, and expenses for new computers
and security devices that were necessary to prevent continued
unauthorized access by the defendants and others whom they aided
and abetted.
(Title 18, United States Code, Sections 1030(a)(5)A) and 2.)
- 19 -
_COUNT THREE_
_Possession of Unauthorized Access Devices_
The Grand Jury further charges:
12. On or about December 6, 1991, in the Southern
District of New York, JULIO FERNANDEZ, a/k/a "outlaw," the
defendant, unlawfully, willfully and knowingly, and with the
intent to defraud, did possess fifteen and more unauthorized
access devices, to wit, JULIO FERNANDEZ possessed several hundred
unauthorized user identifications and passwords of Southwestern
Bell, BT North America, TRW and others with the intent to defraud
said companies by using the access devices to obtain services and
to obtain access to computers operated by said companies under
the false pretenses that FERNANDEZ was an authorized user of the
access devices.
(Title 18, United States Code, Section 1029(a)(3).)
_COUNTS FOUR THROUGH SIX_
_Interception of Electronic Communications_
The Grand Jury further charges:
13. On or about the dates set forth below, in the
Southern District of New York and elsewhere, JOHN LEE, a/k/a
"John Farrington," a/k/a "Corrupt," the defendant, unlawfully,
willfully, knowingly and intentionally, did intercept and
endeavor to intercept electronic communications, to wit, on the
dates set forth below, JOHN LEE did intercept and endeavor to
intercept electronic communications, including user
-20 -
identifications and passwords, as the communications were being
transmitted over the Tymnet network.
_Count_ _Date of Interception_
Four November 5, 1991
Five November 12, 1991
Six November 15, 1991
(Title 18, United States Code, Section 2511(1)(a).)
_COUNT SEVEN_
_INTERCEPTION OF ELECTRONIC COMMUNICATIONS_
The Grand Jury further charges:
14. On or about December 1, 1991, in the Southern
District of New York and elsewhere, JULIO FERNANDEZ, a/k/a
"Outlaw," and JOHN LEE, a/k/a "John Farrington," a/k/a "Corrupt,"
the defendants, unlawfully, willfully, knowingly and
intentionally, did intercept, endeavor to intercept and procure
others to intercept electronic communications, to wit, JULIO
FERNANDEZ gave JOHN LEE a password that JOHN LEE used to
intercept electronic communications as the communications were
being transmitted over a data transfer network operated by the
Bank of America.
(Title 18, United States Code, Sections 2511(1)(a) and 2.)
- 21 -
_COUNTS EIGHT AND NINE_
_Wire Fraud_
The Grand Jury further charges:
15. From in or about June 1991 through the date of the
filing of this Indictment, in the Southern District of New York,
JULIO FERNANDEZ, a/k/a "Outlaw," the defendant, unlawfully,
willfully and knowingly and having devised and intending to
devise a scheme and artifice to defraud and for obtaining
property by means of false and fraudulent pretenses and
representations, to wit, a scheme to obtain unauthorized access
to NYU's computer system and to use an NYU Billing code that was
not assigned to him to obtain free telephone connections to
computers outside of NYU, did, for the purpose of executing such
scheme, transmit and cause to be transmitted by means of wire
communications in interstate commerce, writings, signs,and
signals, to wit:
Destination Called
_Count_ _Date of Call to NYU_ _From NYU Computer_
8 November 29, 1991 Southwestern ell 5ESS
telephone switching computer
El Paso, Texas
9 December 5, 1991 University of Washington
computer system
Seattle, Washington
(Title 18, United States Code, Section 1343.)
- 22 -
_COUNTS TEN AND ELEVEN_
_Wire Fraud_
The Grand Jury further charges:
15. From in or about June, 1991 through the date of the
filing of this Indictment, in the Southern District of New York,
JOHN LEE, a/k/a "John Farrington," a/k/a "Corrupt," the
defendant, unlawfully, willfully and knowingly and having devised
and intending to devise a scheme and artifice to defraud and for
obtaining property by means of false and fraudulent pretenses and
representations, to wit, a scheme to obtain unauthorized access
to NYU's computer system and to use an NYU billing code that was
not assigned to him to obtain free telephone connections to
computers outside of NYU, did, for the purpose of executing such
scheme, transmit and cause to be transmitted by means of wire
communications in interstate commerce, writings, signs, and
signals, to wit:
Destination Called
_Count_ _Date of Call to NYU_ _From NYU Computer_
10 November 21,1991 University of Washington
computer system
Seattle, Washington
11 November 23, 1991 University of Washington
computer system
Seattle, Washington
(Title 18, United States Code, Section 1343.)
(signed)
_________________ ___________________________
Foreperson OTTO G. OBERMAIER
United States Attorney
- 23 -
------------------------------
Date: 14 Jul 92 22:02:12 PDT
From: mcmullen@well.sf.ca.us
Subject: File 2--Newsbytes Editorial on MOD Indictment
NEWSBYTES EDITORIAL
Second Thoughts On New York Computer Crime Indictments 7/13/92
NEW YORK, N.Y., U.S.A., 1992 JULY 13 (NB) -- On Wednesday, July 9th, I
sat at a press briefing in New York City's Federal Court Building
during which law enforcement officials presented details relating to
the indictment of 5 young computer "hackers". In describing the
alleged transgressions of the indicted, United States Assistant
Attorney Stephen Fishbein wove a tale of a conspiracy in which members
of an evil sounding group called the "Masters of Destruction" (MOD)
attempted to wreck havoc with the telecommunications system of the
country.
The accused were charged with infiltrating computer systems belonging
to telephone companies, credit bureaus, colleges and defense
contractors --Southwestern Bell, BT North America, New York Telephone,
ITT, Information America, TRW, Trans Union, Pacific Bell, the
University of Washington, New York University, U.S. West, Learning
Link, Tymnet and Martin Marietta Electronics Information, and Missile
Group. They were charged with causing injury to the telephone systems,
charging long distance calls to the universities, copying private
credit information and selling it to third parties -- a long list of
heinous activities.
The immediate reaction to the indictments were predictably knee-jerk.
Those who support any so-called "hacker"-activities mocked the
government and the charges that were presented, forgetting, it seems
to me, that these charges are serious -- one of the accused could face
up to 40 years in prison and $2 million in fines; another - 35 years
in prison and $1.5 million in fines. In view of that possibility, it
further seems to me that it is a wasteful diversion of effort to get
all excited that the government insists on misusing the word "hacker"
(The indictment defines computer hacker as "someone who uses a
computer or a telephone to obtain unauthorized access to other
computers.") or that the government used wiretapping evidence to
obtain the indictment (I think that, for at least the time being that
the wiretapping was carried out under a valid court order; if it were
not, the defendants' attorneys will have a course of action.).
On the other hand, those who traditionally take the government and
corporate line were publicly grateful that this threat to our
communications life had been removed -- they do not in my judgement
properly consider that some of these charges may have been
ill-conceived and a result of political considerations.
Both groups, I think, oversimplify and do not give proper
consideration to the wide spectrum of issues raised by the indictment
document. The issues range from a simple black-and-white case of
fraudulently obtaining free telephone time to the much broader
question of the appropriate interaction of technology and law
enforcement.
The most clear cut cases are the charges such as the ones which allege
that two of the indicted, Julio Fernandez a/k/a "Outlaw" and John Lee
a/k/a "Corrupt" fraudulently used the computers of New York University
to avoid paying long distance charges for calls to computer systems in
El Paso Texas and Seattle, Washington. The individuals named either
did or did not commit the acts alleged and, if it is proven that they
did, they should receive the appropriate penalty (it may be argued
that the 5 year, $250,000 fine maximum for each of the counts in this
area is excessive but that is a sentencing issue not an indictment
issue.).
Other charges of this black-and-white are those that allege that
Fernandez and/or Lee intercepted electronic communications over
networks belonging to Tymnet and the Bank of America. Similarly, the
charge that Fernandez, on December 4, 1991 possessed hundreds of user
id's and passwords of Southwestern Bell, BT North America and TRW fits
in the category of "either he did it or he didn't."
A more troubling count is the charge that the indicted 5 were all part
of a conspiracy to "gain access to and control of computer systems in
order to enhance their image and prestige among other computer
hackers; to harass and intimidate rival hackers and people they did
not like; to obtain telephone, credit, information, and other services
without paying for them; and to obtain. passwords, account numbers and
other things of value which they could sell to others."
To support this allegation, the indictment lists 26, lettered A
through Z, Overt Acts" to support the conspiracy. While this section
of the indictment lists numerous telephone calls between some of the
individuals, it mentions the name Paul Stira a/k/a "Scorpion" only
twice with both allegations dated "on or about" January 24, 1990, a
full 16 months before the next chronological incident. Additionally,
Stira is never mentioned as joining in any of the wiretapped
conversation -- in fact, he is never mentioned again! I find it hard
to believe that he could be considered, from these charges, to have
engaged in a criminal conspiracy with any of the other defendants.
Additionally, some of the allegations made under the conspiracy count
seem disproportionate to some of the others. Mark Abene a/k/a "Phiber
Optik" is of possessing proprietary technical manuals belonging to BT
North America while it is charged that Lee and Hernandez, in exchange
for several hundred dollars, provided both information on how to
illegally access credit reporting bureaus and an actual TRW account
and password to a person, Morton Rosenfeld, who later illegally
accessed TRW, obtained credit reports on 176 individuals and sold the
reports to private detective (Rosenfeld, indicted separately, pled
guilty to obtaining and selling the credit reports and named "Julio"
and "John" as those who provided him with the information). I did not
see anywhere in the charges any indication that Abene, Stira or Elias
Lapodoulos conspired with or likewise encouraged Lee or Fernandez to
sell information involving the credit bureaus to a third party
Another troubling point is the allegation that Fernandez, Lee, Abene
and "others whom they aided and abetted" performed various computer
activities "that caused losses to Southwestern Bell of approximately
$370,000." The $370,000 figure, according to Assistant United States
Attorney Stephen Fishbein, was developed by Southwestern Bell and is
based on "expenses to locate and replace computer programs and other
information that had been modified or otherwise corrupted, expenses to
determine the source of the unauthorized intrusions, and expenses for
new computers and security devices that were necessary to prevent
continued unauthorized access by the defendants and others whom they
aided and abetted."
While there is precedent in assigning damages for such things as
"expenses for new computers and security devices that were necessary
to prevent continued unauthorized access by the defendants and others
whom they aided and abetted." (the Riggs, Darden & Grant case in
Atlanta found that the defendants were liable for such expenses), many
feel that such action is totally wrong. If a person is found uninvited
in someone's house, they are appropriately charged with unlawful entry,
trespassing, burglary --whatever th statute is for the transgression;
he or she is, however, not charged with the cost of the installation
of an alarm system or enhanced locks to insure that no other person
unlawfully enters the house.
When I discussed this point with a New York MIS manager, prone to take
a strong anti-intruder position, he said that an outbreak of new
crimes often results in the use of new technological devices such as
the nationwide installation of metal detectors in airports in the
1970's. While he meant thi as a justification for liability, the
analogy seems rather to support the contrary position. Air line
hijackers were prosecuted for all sorts of major crimes; they were,
however, never made to pay for the installation of the metal detectors
or absorb the salary of the additional air marshalls hired to combat
hijacking.
I think the airline analogy also brings out the point that one may
both support justifiable penalties for proven crimes and oppose
unreasonable ones -- too often, when discussing these issues,
observers choose one valid position to the unnecessary exclusion of
another valid one. There is nothing contradictory, in my view, to
holding both that credit agencies must be required to provide the
highest possible level of security for data they have collected AND
that persons invading the credit data bases, no matter how secure they
are, be held liable for their intrusions. We are long past accepting
the rationale that the intruders "are showing how insecure these
repositories of our information are." We all know that the lack of
security is scandalous; this fact, however, does not excuse criminal
behavior (and it should seem evident that the selling of electronic
burglar tools so that someone may copy and sell credit reports is not
a public service).
The final point that requires serious scrutiny is the use of the
indictment a a tool in the on-going political debate over the FBI
Digital Telephony proposal. Announcing the indictments, Otto G.
Obermaier, United States Attorney for the Southern District of New
York, said that this investigation was "the first investigative use of
court-authorized wiretaps to obtain conversations and data
transmissions of computer hackers." He said that this procedure was
essential to the investigation and that "It demonstrates, think, the
federal government's ability to deal with criminal conduct as it moves
into new technological areas." He added that the interception of data
was possible only because the material was in analog form and added
"Most of the new technology is in digital form and there is a pending
statute in Congress which seeks the support of telecommunications
companies to allow the federal government, under court authorization,
to intercept digital transmission. Many of you may have read the
newspaper about the laser transmission which go through fiber optics
as a method of the coming telecommunications method. The federal
government needs the help of Congress and, indeed, the
telecommunications companies to able to intercept digital
communications."
The FBI proposal has been strongly attacked by the American Civil
Liberties Union (ACLU), the Electronic Frontier Foundation (EFF) and
Computer Professionals for Social Responsibility (CPSR) as an attempt
to institutionalize, for the first time, criminal investigations as a
responsibility of the communications companies; a responsibility that
they feel belongs solely to law-enforcement. Critics further claim
that the proposal will impede the development of technology and cause
developers to have to "dumb-down" their technologies to include the
requested interception facilities. The FBI, on the other hand,
maintains that the request is simply an attempt to maintain its
present capabilities in the face of advancing technology.
Whatever the merits of the FBI position, it seems that the indictments
either would not have been made at this time or, at a minimum, would
not have been done with such fanfare if it were not for the desire to
attempt to drum up support for the pending legislation. The press
conference was the biggest thing of this type since the May 1990
"Operation Sun Devil" press conference in Phoenix, Arizona and, while
that conference, wowed us with charges of "hackers" endangering lives
by disrupting hospital procedures and being engaged in a nationwide,
13 state conspiracy, this one told us about a bunch of New York kids
supposedly engaged in petty theft, using university computers without
authorization and performing a number of other acts referred to by
Obermaier as "anti-social behavior" -- not quite as heady stuff!
It is not to belittle these charges -- they are quite serious -- to
question the fanfare. The conference was attended by a variety of high
level Justice Department, FBI and Secret Service personnel and veteran
New York City crime reporters tell me that the amount of alleged
damages in this case would normally not call for such a production --
New York Daily News reporter Alex Michelini publicly told Obermaier
"What you've outlined, basically, except for the sales of credit
information, this sounds like a big prank, most of it" (Obermaier's
response -- "Well, I suppose, if you can characterize that as a prank
but it's really a federal crime allowing people without authorization
to rummage through the data of other people to which they do not have
access and, as I point out to you again, the burglar cannot be your
safety expert. He may be inside and laugh at you when you come home
and say that your lock is not particularly good but I think you, if
you were affected by that contact, would be somewhat miffed"). One
hopes that it is only the fanfare surrounding the indictments that is
tied in with the FBI initiative and not the indictments themselves.
As an aside, two law enforcement people that I have spoken to have
said that while the statement that the case is "the first
investigative use of court-authorized wiretaps to obtain conversations
and data transmissions of computer hackers.", while probably true,
seems to give the impression that the case is the first one in which
data transmission was intercepted. According to these sources, that
is far from the case -- there have been many instances of inception of
data and fax information by law enforcement officials in recent years.
I know each of the accused in varying degrees. The one that I know the
best, Phiber Optik, has participated in panels with myself and law
enforcement officials discussing issues relating to so-called "hacker"
crime. He has also appeared on various radio and television shows
discussing the same issues. These high profile activities have made him
an annoyance to some in law enforcement. One hopes that this annoyance
played no part in the indictment.
I have found Phiber's presence extremely valuable in these discussions
both for the content and for the fact that his very presence attracts
an audience that might never otherwise get to hear the voices of
Donald Delaney, Mike Godwin, Dorothy Denning and others addressing
these issues from quite different vantage points. While he has, in
these appearances, said that he has "taken chances to learn things",
he has always denied that he has engaged in vandalous behavior and
criticized those who do. He has also called those who engage in
"carding" and the like as criminals (These statements have been made
not only in the panel discussion but also on the occasions that he has
guest lectured to my class in "Connectivity" at the New School For
Social Research in New York City. In those classes, he has discussed
the history of telephone communications in a way that has held a class
of professionals enthralled by over two hours.
While my impressions of Phiber or any of the others are certainly not
a guarantee of innocence on these charges, they should be taken as my
personal statement that we are not dealing with a ring of hardened
criminals that one would fear on a dark knight.
In summary, knee-jerk reactions should be out and thoughtful analysis
in! We should be insisting on appropriate punishment for lawbreakers
-- this means neither winking at "exploration" nor allowing inordinate
punishment. We should be insisting that companies that have collected
data about us properly protect -- and are liable for penalties when
they do not. We should not be deflected from this analysis by support
or opposition to the FBI proposal before Congress -- that requires
separate analysis and has nothing to do with the guilt or innocence of
these young men or the appropriate punishment should any guilt be
established.
(John F. McMullen/19920713)
------------------------------
End of Computer Underground Digest #4.31
************************************
Computer underground Digest Tue July 21, 1992 Volume 4 : Issue 32
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Copy Editor: Etaion Shrdlu, Jr.
Archivist: Brendan Kehoe
Archivist in spirit: Bob Kusumoto
Shadow-Archivist: Dan Carosone
CONTENTS, #4.32 (July 21, 1992)
File 1--The NSA Papers
File 2--CPSR Challenges Virginia SS
File 3--EFF hires Cliff Figallo as director of Cambridge office
File 4--New York Hackers Plead Not Guilty (NEWSBYTES REPRINT)
File 5--Time Magazine Computer Analyst Arrested for Alleged Faud
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost at tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail to:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet alt.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from American Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by
anonymous ftp from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Wed, 24 Jun 92 18:10:02 CDT
From: Joe.Abernathy@HOUSTON.CHRON.COM(Joe Abernathy)
Subject: File 1--The NSA Papers
The following is the written response to my request for an intereview
with the NSA. To the best of my knowledge, and according to their
claims, it is the government's first complete answer to the many
questions and allegations that have been made in regards to the matter
of cryptography.
I would like to invite reaction from any qualified readers who care
to address any of the issues raised herein. Please mail to
edtjda@chron.com (713) 220-6845.
NATIONAL SECURITY AGENCY
CENTRAL SECURITY SERVICE
Serial: Q43-11-92 9
10 June 1992
Mr. Joe Abernathy
Houston Chronicle
P.O. Box 4260
Houston, TX 77210
Dear Mr. Abernathy:
Thank you for your inquiry of 3 June 1992 on the
subject of cryptography. Attached please find answers
to the questions that you provided our Agency. If
any further assistance is needed, please feel free
to contact me or Mr. Jerry Volker of my staff on (xxx)
xxx-xxxx.
Sincerely,
MICHAEL S.CONN
Chief
Information Policy
ENCL:
1. Has the NSA ever imposed or attempted to impose
a weakness on any cryptographic code to see if it
can thus be broken?
One of NSA's missions is to provide the means for
protecting U.S. government and military communications
and information systems related to national security.
In fulfilling this mission we design cryptologic codes
based on an exhaustive evaluation process to ensure
to the maximum extent possible that information systems
security products that we endorse are free from any
weaknesses. Were we to intentionally impose weaknesses
on cryptologic codes for use by the U.S. government,
we would not be fulfilling our mission to provide
the means to protect sensitive U.S. government and
military communications and our professional integrity
would be at risk.
2. Has the NSA ever imposed or attempted
to impose a weakness on the DES or DSS?
Regarding the Data Encryption Standard (DES), we
believe that the public record from the Senate Committee
for Intelligence's investigation in 1978 into NSA's
role in the development of the DES is responsive to
your question. That committee report indicated that
NSA did not tamper with the design of the algorithm
in any way and that the security afforded by the
DES was more than adequate for at least a 5-10 year
time span for the unclassified data for which it was
intended. In short, NSA did not impose or attempt
to impose any weakness on the DES.
Regarding the draft Digital Signature Standard
(DSS), NSA never imposed any weakness or attempted
to impose any weakness on the DSS.
3. Is the NSA aware of any weaknesses in the
DES or the DSS? The RSA?
We are unaware of any weaknesses in the DES or
the DSS when properly implemented and used for the
purposes for which they both are designed. We do not
comment on nongovernment systems.
Regarding the alleged trapdoor in the DSS. We
find the term trapdoor somewhat misleading since
it implies that the messages sent by the DSS are encrypted
and with access via a trapdoor one could somehow decrypt
(read) the message without the sender's knowledge.
The DSS does not encrypt any data. The real issue
is whether the DSS is susceptible to someone forging
a signature and therefore discrediting the entire
system. We state categorically that the chances of
anyone - including NSA - forging a signature with
the DSS when it is properly used and implemented is
infinitesimally small.
Furthermore, the alleged trapdoor vulnerability
is true for ANY public key-based authentication system,
including RSA. To imply somehow that this only affects
the DSS (a popular argument in the press) is totally
misleading. The issue is one of implementation and
how one goes about selecting prime numbers. We call
your attention to a recent EUROCRYPT conference which
had a panel discussion on the issue of trapdoors in
the DSS. Included on the panel was one of the Bellcore
researchers who initially raised the trapdoor allegation,
and our understanding is that the panel - including
the person from Bellcore - concluded that the alleged
trapdoor was not an issue for the DSS. Furthermore,
the general consensus appeared to be that the trapdoor
issue was trivial and had been overblown in the press.
However, to try to respond to the trapdoor allegation,
at NIST's request, we have designed a prime generation
process which will ensure that one can avoid selection
of the relatively few weak primes which could lead
to weakness in using the DSS. Additionally, NIST intends
to allow for larger modulus sizes up to 1024 which
effectively negates the need to even use the prime
generation process to avoid weak primes. An additional
very important point that is often overlooked is that
with the DSS the primes are PUBLIC and therefore can
be subject to public examination. Not all public key
systems provide for this same type of examination.
The integrity of any information security system
requires attention to proper implementation. With
the myriad of vulnerabilities possible given the differences
among users, NSA has traditionally insisted on centralized
trusted centers as a way to minimize risk to the system.
While we have designed technical modifications to
the DSS to meet NIST's requests for a more decentralized
approach, we still would emphasize that portion of
the Federal Register notice for the DSS which states:
While it is the intent of this standard to specify
general security requirements for generating digital
signatures, conformance to this standard does not assure
that a particular implementation is secure. The responsible
authority in each agency or department shall assure
that an overall implementation provides an acceptable
level of security. NIST will be working with government
users to ensure appropriate implementations.
Finally, we have read all the arguments purporting
insecurities with the DSS, and we remain unconvinced
of their validity. The DSS has been subjected to intense
evaluation within NSA which led to its being endorsed
by our Director of Information Systems Security for
use in signing unclassified data processed in certain
intelligence systems and even for signing classified
data in selected systems. We believe that this approval
speaks to the lack of any credible attack on the
integrity provided by the DSS given proper use and
implementation. Based on the technical and security
requirements of the U.S. government for digital signatures,
we believe the DSS is the best choice. In fact, the
DSS is being used in a pilot project for the Defense
Message System to assure the authenticity of electronic
messages of vital command and control information.
This initial demonstration includes participation from
the Joint Chiefs of Staff, the military services,
and Defense Agencies and is being done in cooperation
with NIST.
4. Has the NSA ever taken advantage of
any weaknesses in the DES or the DSS?
We are unaware of any weaknesses in the DSS or
in the DES when properly implemented and used for the
purposes for which they both are designed.
5. Did the NSA play a role in designing the DSS? Why, in the
NSA's analysis, was it seen as desirable to create
the DSS when the apparently more robust RSA already
stood as a de facto standard?
Under the Computer Security Act of 1987, NIST is
to draw upon computer systems technical security guidelines
of NSA where appropriate and to coordinate closely
with other agencies, including NSA, to assure:
a. maximum use of all existing and planned programs,
materials, and reports relating to computer systems
security and privacy, in order to avoid unnecessary
and costly duplication of effort; and
b. that standards developed by NIST are consistent
and compatible with standards and procedures developed
for the protection of classified systems.
Consistent with that law and based on a subsequent
Memorandum of Understanding (MOU) between NSA and NIST,
NSA's role is to be responsive to NIST's requests
for assistance in developing, evaluating, or researching
cryptographic algorithms and techniques. (See note
at end). In 19??, NIST requested that NSA evaluate
candidate algorithms proposed by NIST for a digital
signature standard and that NSA provide new algorithms
when existing algorithms did not meet U.S. government
requirements. In the two-year process of developing
a digital signature for U.S. government use, NIST
and NSA examined various publicly-known algorithms
and their variants, including RSA. A number of techniques
were deemed to provide appropriate protection for
Federal systems. The one selected by NIST as the draft
Digital Signature Standard was determined to be the
most suitable for reasons that were set forth in the
Federal Register announcement. One such reason was
to avoid issuance of a DSS that would result in users
outside the government having to pay royalties. Even
though the DSS is targeted for government use, eliminating
potential barriers for commercial applications is
useful to achieve economies of scale. Additionally,
there are features of the DSS which make it more attractive
for federal systems that need to have a digital signature
capability for large numbers of users. Chief mong
them are the number of trusted operation points and
system management overhead that are minimized with
the NIST proposed technique.
6. What national interests are served by limiting the
power of cyptographic schemes used by the public?
We call your attention to the House Judiciary committee
hearing of 29 April 1992. The Director of the FBI
expressed his concerns that law enforcement interests
in meeting responsibilities given to them by Congress
could be affected unless they had access to communications,
as was given to them by statute in 1968 (court monitored,
court sponsored, court reviewed and subject to Congressional
oversight).
The National Security Agency has no role in limiting
the power of cryptographic schemes used by the public
within the U.S. We have always been in favor of the
use of information security technologies by U.S. businesses
to protect their proprietary information, and when
we had an information security role with private industry
(prior to the Computer Security Act of 1987), we actively
advocated use of such technologies.
7. What national interests are served by limiting the
export of cryptographic technology?
Cryptographic technology is deemed vital to national
security interests. This includes economic, military,
and foreign policy interests.
We do not agree with the implications from the
House Judiciary Committee hearing of 7 May 1992 and
recent news articles that allege that U.S. export
laws prevent U.S. firms' manufacture and use of top
encryption equipment. We are unaware of any case where
a U.S. firm has been prevented from manufacturing
and using encryption equipment within this country
or for use by the U.S. firm or its subsidiaries in
locations outside the U.S. because of U.S. export restrictions.
In fact, NSA has always supported the use of encryption
by U.S. businesses operating domestically and overseas
to protect sensitive information.
For export to foreign countries, NSA as a component
of the Department of Defense (along with the Department
of State and the Department of Commerce) reviews export
licenses for information security technologies controlled
by the Export Administration Regulations or the international
Traffic in Arms Regulations. Similar export control
systems are in effect in all the Coordinating Committee
for Multilateral Export Controls (CoCom) countries
as well as many non-CoCom countries as these technologies
are universally considered as sensitive. Such technologies
are not banned from export and are reviewed on a case-by-case
basis. As part of the export review process, licenses
may be required for these systems and are reviewed
to determine the effect such export could have on
national security interests - including economic,
military, and political security interests. Export
licenses are approved or denied based upon the type
of equipment involved, the proposed end-use and the
end-user.
Our analysis indicates that the U.S. leads the
world in the manufacture and export of information
security technologies. Of those cryptologic products
referred to NSA by the Department of State for export
licenses, we consistently approve over 90%. Export
licenses for information security products under the
jurisdiction of the Department of Commerce are processed
and approved without referral to NSA or DoD. This includes
products using such techniques as the DSS and RSA
which provide authentication and access control to
computers or networks. In fact, in the past NSA has
played a major role in successfully advocating the
relaxation of export controls on RSA and related technologies
for authentication purposes. Such techniques are extremely
valuable against the hacker problem and unauthorized
use of resources.
8. What national interests are at
risk, if any, if secure cryptography is widely available?
Secure cryptography widely available outside the
United States clearly has an impact on national security
interests including economic, military, and political.
Secure cryptography within the United States may
impact law enforcement interests.
9. What does the NSA see as its legitimate interests in
the area of cryptography? Public cryptography?
Clearly one of our interests is to protect U.S.
government and military communications and information systems
related to national security. As part of that mission,
we stay abreast of activities in public cryptography.
10. How did NSA enter into negotiations with the Software
Publishers Association regarding the export of products
utilizing cryptographic techniques? How was this group
chosen, and to what purpose? What statute or elected
representative authorized the NSA to engage in the
discussions?
The Software Publishers Association (SPA) went
to the National Security Advisor to the President
to seek help from the Administration to bring predictability,
clarity, and speed to the process for exporting mass
market software with encryption. The National Security
Advisor directed NSA to work wth the mass market software
representatives on their request.
ii. What is the status of these negotiations?
These negotiations are ongoing.
12. What is the status of export controls on products using
cryptographic techniques? How would you respond to those who
point to the fact that the expot of RSA from the U.S. is
controlled, but that its import into the U.S. is not?
To the best of our knowledge, most countries who
manufacture cryptographic products regulate the export
of such products from their countries by procedures
similar to those existing within the U.S. Some even
control the import into their countries. The U.S.
complies with the guidelines established by CoCom
for these products.
Regarding the export of RSA from the U.S., we are
unaware of any restrictions that have been placed
on the export of RSA for authentication purposes.
13. What issues would you like to discuss that I have
not addressed?
None.
14. What question or questions would you
like to pose of your critics?
None.
NOTE: To clarify misunderstandings regarding
this Memorandum of Understanding (MOU); this MOU does
not provide NSA any veto power over NIST proposals.
As was discussed publicly in 1989, the MOU provides
that if there is an issue that can not be resolved
between the two agencies, then such an issue may be
referred to the President for resolution. Enclosed
please find a copy of subject MOU which has been made
freely available in the past by both NSA and NIST
to all requestors. At the House Judiciary Committee
hearings on 7 May 1992, the Director of NIST responded
that he had never referred an issue to the White House
since his assumption of Directorship in 1990.
MEMORANDUM OF UNDERSTANDING
BETWEEN
THE DIRECTOR OF THE NATIONAL INSTITUTE OF STANDARDS
AND TECHNOLOGY
AND
THE DIRECTOR OF THE NATIONAL SECURITY AGENCY
CONCERNING
THE IMPLEMENTATION OF PUBLIC LAW 100-235 Recognizing
that:
A. Under Section 2 of the Computer Security Act
of 1987 (Public Law 100-235), (the Act), the National
Institute of Standards and Technology (NIST) has the
responsibility within the Federal Government for:
1. Developing technical, management, physical,
and administrative standards and guidelines for the
cost-effective security ad privacy of sensitive information
in Federal computer systems as defined in the Act;
and,
2. Drawing on the computer system technical security
guidelines of the National Security Agency (NSA) in
this regard where appropriate.
B. Under Section 3 of the Act, the NIST is to coordinate
closely with other agencies and offices, including
the NSA, to assure:
1. Maximum use of all existing and planned programs,
materials, studies, and reports relating to computer
systems security and privacy, in order to avoid unnecessary
and costly duplication of effort; and, - 2. To the
maximum extent feasible, that standards developed
by the NIST under the Act are consistent and compatible
with standards and procedures developed for the protection
of classified information in Federal computer systems.
C. Under the Act, the Secretary of Commerce has
the responsibility, which he has delegated to the
Director of NIST, for appointing the members of the
Computer System Security and Privacy Advisory Board,
at least one of whom shall be from the NSA. Therefore,
in furtherance of the purposes of this MOU, the Director
of the NIST and the Director of the NSA hereby agree
as follows:
The NIST will:
1. Appoint to the Computer Security and Privacy
Advisory Board at least one representative nominated by
the Director of the NSA.
2. Draw upon computer system technical security
guidelines developed by the NSA to the extent that the NIST
determines that such guidelines are consistent with the requirements
tor protecting sensitive information in Federal computer
systems.
3. Recognize the NSA-certified rating of evaluated
trusted systems under the Trusted Computer Security Evaluation
Criteria Program without requiring additional evaluation.
4. Develop telecommunications security standards
for protecting sensitive unclassified computer data, drawing
upon the expertise and products of the National Security
Agency, to the ratest extent possible, in meeting
these responsibilities in a timely and cost effective manner
5. Avoid duplication where possible in entering
into mutually agreeable arrangements with the NSA for
the NSA support.
6. Request the NSA's assistance on all matters
related to cryptographic algorithms and cryptographic techniques
including but not limited to research, development valuation,
or endorsement. . - I
II. The NSA will:
1. Provide the NIST with technical guidelines in
trusted technology, telecommunications security, and personal
-identification that may be used in cost-effective
systems for protecting sensitive computer data.
2. Conduct or initiate research and development
programs in trusted technology, telecommunications security,
cryptographic techniques and personal identification methods.
3. Be responsive to the NIST's requests for assistance
in respect to all matters related to cryptographic
algorithms and cryptographic techniques including but not limited
to research, development, evaluation, or endorsement.
4. Establish the standards and endorse products
for application to secure systems covered in 10 USC
Section 2315 (the Warner Amendment).
5 Upon request by Federal agencies5 their contractors
and other government-sponsored entities, conduct assessments
of the hostile intelligence threat to federal information
systems, and provide technical assistance and recommend endorsed
products for application to secure systems against that threat.
iii. The NIST and the NSA shall:
1. Jointly review agency plans for the security and
-privacy of computer systems submitted to NIST and NSA pursuant
to section 6(b) of the Act.'
2. Exchange technical standards and guidelines
as necessary to achieve the purposes of the Act.
3. Work together to achieve the purposes of this
memorandum with the greatest efficiency possible, avoiding
unnecessary duplication of effort.
4. Maintain an ongoing, open dialogue to ensure
that each organization remains abreast of emerging technologies
and issues effecting automated information system security
in computer-based systems.
5. Establish a Technical Working Group to review
and analyze issues of mutual interes pertinent to protection
of systems that process sensitive or other unclassified-information.
The Group shall be composed of six federal employees, three
each selected by NIST and NSA and to be augmented as necessary by
representatives of other agencies. Issues may be referred to the
group by either the NSA Deputy Director for Information Security
or the NIST Deputy Director or may be generated -and addressed
by the group upon approval by the NSA DDI or NIST Deputy Director.
Within days of the referral of an issue to the Group by
either the NSA Deputy Director for Information Security or the
NIST Deputy .Director, the Group will respond with
a progress report and pan for further analysis, if any.
6. Exchange work plans on an annual basis on all
research and development projects pertinent to protection
of systems that process sensitive or other unclassified information,
including trusted technology, technology for protecting the
integrity and availability of data, telecommunications security
and personal identification methods. Project updates will be
exchanged quarterly, and project reviews will be provided
by either party upon request of he other party.
7. Ensure the Technical Working Group reviews prior
to public disclosure all matters regarding technical_systems
security techniques to be developed for use in protecting
sensitive information in federal computer systems to ensure
they are consistant with the national security of the
United States. If NIST and NSA are unable to resolve
such an issue within 60 days, either _ agency may elect
to raise the issue to the Secretary of Defense and
the Secretary of Commerce. It is recognized that such
an issue may be referred to the President through
the NSC for resolution. No action shall be taken on
such an issue until it is resolved.
8. Specify additional operational agreements in
annexes to this MOU as they. are agreed to by NSA
and NIST.
IV. Either party may elect to terminate this MOU
upon six months written notice. This MO& is effective
upon approval of both signatories.
RAYMOND G. KAMMER W. 0. STUDEMAN
Acting Director Vice Admiral, U.S. Navy National
Institut of Director Standards and Technology National
Security Agency
------------------------------
From: David Sobel <dsobel@WASHOFC.CPSR.ORG>
Date: Tue, 30 Jun 1992 17:29:04 EDT
Subject: File 2--CPSR Challenges Virginia SS
June 30, 1992
CPSR Challenges Virginia SSN Practice
PRESS RELEASE
WASHINGTON, DC -- A national public interest organization has filed a
"friend of the court" brief in the federal court of appeals, calling
into question the Commonwealth of Virginia's practice of requiring
citizens to provide their Social Security numbers in order to vote.
Computer Professionals for Social Responsibility (CPSR) alleges that
Virginia is violating constitutional rights and creating an
unnecessary privacy risk.
The case arose when a Virginia resident refused to provide his Social
Security number (SSN) to a county registrar and was denied the right
to register to vote. Virginia is one of a handful of states that
require voters to provide an SSN as a condition of registration.
While most states that require the number impose some restrictions on
its public dissemination, Virginia allows unrestricted public
inspection of voter registration data -- including the SSN. Marc A.
Greidinger, the plaintiff in the federal lawsuit, believes that the
state's registration requirements violate his privacy and impose an
unconstitutional burden on his exercise of the right to vote.
The CPSR brief, filed in the Fourth Circuit Court of Appeals in
Richmond, supports the claims made by Mr. Greidinger. CPSR notes the
long-standing concern of the computing community to design safe
information systems, and the particular effort of Congress to control
the misuse of the SSN. The organization cites federal statistics
showing that the widespread use of SSNs has led to a proliferation of
fraud by criminals using the numbers to gain driver's licenses, credit
and federal benefits. The CPSR brief further describes current
efforts in other countries to control the misuse of national
identifiers, like the Social Security number.
Marc Rotenberg, the Director of the CPSR Washington Office said that
"This is a privacy issue of constitutional dimension. The SSN
requirement is not unlike the poll taxes that were struck down as
unconstitutional in the 1960s. Instead of demanding the payment of
money, Virginia is requiring citizens to relinquish their privacy
rights before being allowed in the voting booth."
CPSR argues in its brief that the privacy risk created by Virginia's
collection and disclosure of Social Security numbers is unnecessary.
The largest states in the nation, such as California, New York and
Texas, do not require SSNs for voter registration. CPSR points out
that California, with 14 million registered voters, does not need to
use the SSN to administer its registration system, while Virginia,
with less than 3 million voters, insists on its need to demand the
number.
David Sobel, CPSR Legal Counsel, said "Federal courts have generally
recognized that there is a substantial privacy interest involved when
Social Security numbers are disclosed. We are optimistic that the
court of appeals will require the state to develop a safer method of
maintaining voting records."
CPSR has led a national campaign to control the misuse of the Social
Security Number. Earlier this year the organization testified at a
hearing in Congress on the use of the SSN as a National Identifier.
CPSR urged lawmakers to respect the restriction on the SSN and to
restrict its use in the private sector. The group also participated
in a federal court challenge to the Internal Revenue Service's
practice of displaying taxpayers' SSNs on mailing labels. CPSR is
also undertaking a campaign to advise individuals not to disclose
their Social Security numbers unless provided with the legal reason
for the request.
CPSR is a national membership organization, with 2,500 members, based
in Palo Alto, CA. For membership information contact CPSR, P.O. Box
717, Palo Alto, CA 94303, (415) 322-3778, cpsr@csli. stanford.edu.
For more information contact:
Marc Rotenberg, Director
David Sobel, Legal Counsel
CPSR Washington Office
(202) 544-9240
rotenberg@washofc.cpsr.org
sobel@washofc.cpsr.org
Paul Wolfson, attorney for Marc A. Greidinger
Public Citizen Litigation Group
(202) 833-3000
------------------------------
Date: Tue, 14 Jul 1992 21:05:54 -0400
From: Christopher Davis <ckd@EFF.ORG>
Subject: File 3--EFF hires Cliff Figallo as director of Cambridge office
+=========+=================================================+===========+
| F.Y.I. |Newsnote from the Electronic Frontier Foundation|July 14,1992|
+=========+=================================================+===========+
CLIFF FIGALLO OF THE WELL NAMED DIRECTOR OF EFF's CAMBRIDGE OFFICE
Cambridge, Massachusetts July 14,1992
Cliff Figallo, former director of the Whole Earth 'Lectronic Link (The
WELL), has accepted the position of Director of the Electronic Frontier
Foundation's Cambridge office. His duties will include developing that
office's outreach programs, increasing active EFF membership, and
expanding overall awareness of EFF's programs in the computer-
conferencing community and the world at large.
In announcing the appointment today, Mitchell Kapor, President of EFF,
said: "I'm delighted that Cliff Figallo will be joining the EFF to head
its Cambridge office. Cliff brings 20 years of experience in forming
both intentional and virtual communities. We know he will put these
skills to excellent use in helping EFF build its ties to the online
community.We're all looking forward to working with him closely."
Figallo is well-known in computer conferencing circles as the one who
from 1986 to the present guided the WELL through its formative years.
Working with a small staff, many volunteers and limited funding, he
helped develop the WELL into one of the world's most influential
computer conferencing systems. When EFF was founded it used the WELL as
its primary means of online communication.
Commenting on the appointment of Figallo, Stewart Brand, creator of The
Whole Earth Catalogue, one of the founders of The WELL and a member of
the EFF Board of Directors, said: "As an exemplary manager of EFF's
initial habitat, the WELL, Cliff brings great contextual experience to
his new job. Best of all for us on the WELL, he won't even be leaving,
electronically speaking. Cambridge is only several keystrokes from
Sausalito."
Contacted at his home in Mill Valley today, Figallo stated: "I'm very
thankful for the opportunity to take part one of the critical missions
of our time -- the opening of new channels of person-to-person
communication in the world, and the protection of existing channels from
naive or excessive regulation and restriction.
"Pioneers in electronic or telecommunications media are establishing new
definitions and structures for education, community, and co-operation
every day. They are developing tools and systems which may prove to be
vital to the salvation of the planet. This work must go on.
"I look forward to helping EFF communicate the importance of events on
the Electronic Frontier to current and future settlers, and to those who
would, through unwise use of power, stifle the continued exploration and
settling of this new realm of the mind and the human spirit."
Figallo will assume his duties in September of this year.
For more information contact:
Gerard Van der Leun
Electronic Frontier Foundation
155 Second Street
Cambridge, MA 02141
Phone: +1 617 864 0665
FAX: +1 617 864 0866
Internet: van@eff.org
+=====+===================================================+=============+
| EFF |155 Second Street, Cambridge MA 02141 (617)864-0665| eff@eff.org |
+=====+===================================================+=============+
------------------------------
Date: 18 Jul 92 18:29:39 CDT
From: mcmullen@well.sf.ca.us
Subject: File 4--New York Hackers Plead Not Guilty (NEWSBYTES REPRINT)
NEW YORK, N.Y., U.S.A., 1992 JULY 17 (NB) --At an arraignment in New
York Federal Court on Thursday, July 16th, the five New York
"hackers", recently indicted on charges relating to alleged computer
intrusion, all entered pleas of not guilty and were released after
each signed a personal recognizance (PRB) bond of $15,000 to guarantee
continued appearances in court.
The accused, Mark Abene also known as"Phiber Optik"; Julio Fernandez
a/k/a "Outlaw"; Elias Ladopoulos a/k/a "Acid Phreak"; John Lee a/k/a
"Corrupt"; and Paul Stira a/k/a "Scorpion", were indicted on July 8th
on 11 counts alleging various computer and communications related
crimes --although all five were indicted together, each in not named
in all eleven counts and the maximum penalties possible under the
charges vary from 5 years imprisonment and a $250,000 fine (Stira) to
40 years imprisonment and a $2 million fine (Lee).
As part of the arraignment process, United States District Judge
Richard Owen was assigned as the case's presiding judge and a
pre-trial meeting between the judge and the parties involved.
Charles Ross, attorney for John Lee, told Newsbytes "John Lee entered
a not guilty plea and we intend to energetically and aggressively
defend against the charges made against him."
Ross also explained the procedures that will be in effect in the case,
saying "We will meet with the judge and he will set a schedule for
discovery and the filing of motions. The defense will have to review
the evidence that the government has amassed before it can file
intelligent motions and the first meeting is simply a scheduling one."
Marjorie Peerce, attorney for Stira, told Newsbytes "Mr. Stira has
pleaded not guilty and will continue to plead not guilty. I am sorry
to see the government indict a 22 year old college student for acts
that he allegedly committed as a 19 year old."
The terms of the PRB signed by the accused require them to remain
within the continental United States. In requesting the bond
arrangement, Assistant United States Attorney Stephen Fishbein
referred to the allegations as serious and requested the $15,000 bond
with the stipulation that the accused have their bonds co-signed by
parents. Abene, Fernandez and Lee, through their attorneys, agreed to
the bond as stipulated while the attorneys for Ladopoulos and Stira
requested no bail or bond for their clients, citing the fact that
their clients have been available, when requested by authorities, for
over a year. After consideration by the judge, the same $15,000 bond
was set for Ladopoulos and Stira but no co-signature was required.
(Barbara E. McMullen & John F. McMullen//19920717)
------------------------------
Date: 21 Jul 92 19:21:06 EDT
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 5--Time Magazine Computer Analyst Arrested for Alleged Faud
((A little news tidbit to take in consideration next time we hear, a la
operation SunDevil, of all the 'hackers' that are active in CC fraud)).
Time Magazine Computer Analyst Arrested for Alleged Faud
A computer analyst, Thomas Ferguson, 44, who worked at Time magazine's
Tampa, Fla., customer service headquarters has been arrested after
allegations he sold thousands of subscribers' credit card numbers for
$1 apiece. Ferguson has been with the magazine for 18 months, faces
four counts of trafficking in credit cards, authorities said.
Police found computer disks containing the credit card numbers of
about 80,000 subscribers at Ferguson's Clearwater, Fla., home.
Authorities said they met Ferguson four times to buy about 3,000
credit card numbers since being tipped off to the scheme in June.
Time executives say that all credit card customers should examine
their credit card bills closely. If unauthorized purchases show up,
they should call the financial institution that issued the card.
(Reprinted from STReport 8.29 with permission.)
------------------------------
End of Computer Underground Digest #4.32
************************************
Computer underground Digest Sun July 26, 1992 Volume 4 : Issue 33
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Copy Editor: Etaion Shrdlu, III
Archivist: Brendan Kehoe
Shadow-Archivist: Dan Carosone
CONTENTS, #4.33 (July 26, 1992)
File 1--Bellcore threatens lawsuit against 2600 Magazine
File 2--The 2600 Article in Question
File 3--2600 reply to Bellcore
File 4--Bellcore Explains its Position against 2600
File 5--CuD Comment on Bellcore Letter to 2600
File 6--Are You a Hacker?
File 7--Re: Cu Digest, #4.31 (MOD Indictment)
File 8--The Ethics of Data Communications
File 9--Documents Available: Open Platform Overview, Life in Virtual
File 10--CPSR Recommends NREN Privacy
File 11--Int'l BBSing & Elec. Comm Conference July PR
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet alt.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from American Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by
anonymous ftp from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail at the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Thu, 23 Jul 92 00:40:43 -0700
From: Emmanuel Goldstein <emmanuel@WELL.SF.CA.US>
Subject: File 1--Bellcore threatens lawsuit against 2600 Magazine
THE FOLLOWING CERTIFIED LETTER HAS BEEN RECEIVED BY 2600 MAGAZINE.
WE WELCOME ANY COMMENTS AND/OR INTERPRETATIONS.
Leonard Charles Suchyta
General Attorney
Intellectual Property Matters
Emanuel [sic] Golstein [sic], Editor
2600 Magazine
P.O. Box 752
Middle Island, New York 11953-0752
Dear Mr. Golstein:
It has come to our attention that you have somehow obtained and published
in the 1991-1992 Winter edition of 2600 Magazine portions of certain
Bellcore proprietary internal documents.
This letter is to formally advise you that, if at any time in the future
you (or your magazine) come into possession of, publish, or otherwise
disclose any Bellcore information or documentation which either (i) you
have any reason to believe is proprietary to Bellcore or has not been
made publicly available by Bellcore or (ii) is marked "proprietary,"
"confidential," "restricted," or with any other legend denoting
Bellcore's proprietary interest therein, Bellcore will vigorously
pursue all legal remedies available to it including, but not limited
to, injunctive relief and monetary damages, against you, your magazine,
and its sources.
We trust that you fully understand Bellcore's position on this matter.
Sincerely,
LCS/sms
------------------------------
Date: Thu, 23 Jul 92 00:42:23 -0700
From: Emmanuel Goldstein <emmanuel@WELL.SF.CA.US>
Subject: File 2--The 2600 Article in Question
"U.S. Phone Companies Face Built-In Privacy Hole"
(From 2600, Winter, 1991-92 (Vol 8, No. 4: pp 42-43).
Phone companies across the nation are cracking down on hacker
explorations in the world of Busy Line Verification (BLV). By
exploiting a weakness, it's possible to remotely listen in on phone
conversations at a selected telephone number. While the phone
companies can do this any time they want, this recently discovered
self-serve monitoring feature has created a telco crisis of sorts.
According to an internal Bellcore memo from 1991 and Bell Operating
Company documents, a "significant and sophisticated vulnerability"
exists that could affect the security and privacy of BLV. In addition,
networks using a DMS-TOPS architecture are affected.
According to this and other documents circulating within the Bell
Operating Companies, an intruder who gains access to an OA&M port in
an office that has a BLV trunk group and who is able to bypass port
security and get "access to the switch at a craft shell level" would
be able to exploit this vulnerability.
The intruder can listen in on phone calls by following these four
steps:
"1. Query the switch to determine the Routing Class Code assigned to
the BLV trunk group.
"2. Find a vacant telephone number served by that switch.
"3. Via recent change, assign the Routing Class Code of the BLV trunks
to the Chart Column value of the DN (directory number) of the vacant
telephone number.
"4. Add call forwarding to the vacant telephone number (Remote Call
Forwarding would allow remote definition of the target telephone
number while Call Forwarding Fixed would only allow the specification
of one target per recent change message or vacant line)."
By calling the vacant phone number, the intruder would get routed to
the BLV trunk group and would then be connected on a "no-test
vertical" to the target phone line in a bridged connection.
According to one of the documents, there is no proof that the hacker
community knows about the vulnerability. The authors did express great
concern over the publication of an article entitled "Central Office
Operations - The End Office Environment" which appeared in the
electronic newsletter Legion of Doom/Hackers Technical Journal. In
this article, reference is made to the "No Test Trunk."
The article says, "All of these testing systems have one thing in
common: they access the line through a No Test Trunk. This is a switch
which can drop in on a specific path or line and connect it to the
testing device. It depends on the device connected to the trunk, but
there is usually a noticeable click heard on the tested line when the
No Test Trunk drops in. Also, the testing devices I have mentioned
here will seize the line, busying it out. This will present problems
when trying to monitor calls, as you would have to drop in during the
call. The No Test Trunk is also the method in which operator consoles
perform verifications and interrupts."
In order to track down people who might be abusing this security hole,
phone companies across the nation are being advised to perform the
following four steps:
"1. Refer to Chart Columns (or equivalent feature tables) and validate
their integrity by checking against the corresponding office records.
"2. Execute an appropriate command to extract the directory numbers to
which features such as BLV and Call Forwarding have been assigned.
"3. Extract the information on the directory number(s) from where the
codes relating to BLV and Call Forwarding were assigned to vacant
directory numbers.
"4. Take appropriate action including on-line evidence gathering, if
warranted."
Since there are different vendors (OSPS from AT&T, TOPS from NTI,
etc.) as well as different phone companies, each with their own
architecture, the problem cannot go away overnight.
And even if hackers are denied access to this "feature", BLV networks
will still have the capability of being used to monitor phone lines.
Who will be monitored and who will be listening are two forever
unanswered questions.
------------------------------
Date: Thu, 23 Jul 92 00:42:54 -0700
From: Emmanuel Goldstein <emmanuel@WELL.SF.CA.US>
Subject: File 3--2600 reply to Bellcore
Emmanuel Goldstein
Editor, 2600 Magazine
PO Box 752
Middle Island, NY 11953
July 20, 1992
Leonard Charles Suchyta
LCC 2E-311
290 W. Mt. Pleasant Avenue
Livingston, NJ 07039
Dear Mr. Suchyta:
We are sorry that the information published in the Winter 1991-92
issue of 2600 disturbs you. Since you do not specify which article you
take exception to, we must assume that you're referring to our
revelation of built-in privacy holes in the telephone infrastructure
which appeared on Page 42. In that piece, we quoted from an internal
Bellcore memo as well as Bell Operating Company documents. This is not
the first time we have done this. It will not be the last.
We recognize that it must be troubling to you when a journal like ours
publishes potentially embarrassing information of the sort described
above. But as journalists, we have a certain obligation that cannot be
cast aside every time a large and powerful entity gets annoyed. That
obligation compels us to report the facts as we know them to our
readers, who have a keen interest in this subject matter. If, as is
often the case, documents, memoranda, and/or bits of information in
other forms are leaked to us, we have every right to report on the
contents therein. If you find fault with this logic, your argument
lies not with us, but with the general concept of a free press.
And, as a lawyer specializing in intellectual property law, you know
that you cannot in good faith claim that merely stamping "proprietary"
or "secret" on a document establishes that document as a trade secret
or as proprietary information. In the absence of a specific
explanation to the contrary, we must assume that information about the
publicly supported telephone system and infrastructure is of public
importance, and that Bellcore will have difficulty establishing in
court that any information in our magazine can benefit Bellcore's
competitors, if indeed Bellcore has any competitors.
If in fact you choose to challenge our First Amendment rights to
disseminate important information about the telephone infrastructure,
we will be compelled to respond by seeking all legal remedies against
you, which may include sanctions provided for in Federal and state
statutes and rules of civil procedure. We will also be compelled to
publicize your use of lawsuits and the threat of legal action to
harass and intimidate.
Sincerely,
Emmanuel Goldstein
------------------------------
Date: Sat, 25 Jul, 1991 14:03:54 PDT
From: Jim Thomas <jthomas@well.sf.ca.us>
Subject: File 4--Bellcore Explains its Position against 2600
Bellcore's letter to 2600 Magazine (posted above) threatens legal
action because 2600 published alleged restricted (and therefore
"proprietary") information contained in a leaked Bellcore document(s).
According to Bellcore's General Attorney for Intellectual Property
Matters, Leonard C. Suchyta, the article reproduced protected
information of value and of a sensitive technological nature. The
intent of the letter, according to Suchyta, was to put 2600 "on
notice" of Bellcore's position in protecting intellectual property
and the willingness to pursue future monetary and injunctive relief if
necessary.
According to Suchyta, the article "U.S. Phone Companies Face Built-In
Privacy Hole" from the Winter, 1991-92 issue of 2600, included
paraphrased and direct quotes from proprietary Bell documents. At
issue, he said, were copyright and intellectual property rights rather
than potential security breaches. Citing two U.S. Supreme Court
Cases, Florida Star v. B.J.F. (1989) and Cohen v. Cowles Media (1991),
Suchyta argued that 2600 had gone beyond acceptable journalistic practices
in quoting Bell internal memos and documents in its
story. The issue, he said, wasn't whether one line or an entire
document were reproduced, because any reproduction was copyright
infringement. The Constitutional theory of "fair use," which follows a
sliding scale of copyright material allowed to be reproduced in other
media without permission, was inapplicable in this case, according to
Suchyta, because all material in the documents was restricted. He
indicated that the restrictive and proprietary nature of the original
documents was clearly marked, but he did not know the form in which
2600 received them or whether what 2600 received indicated
the proprietary markings.
When asked to compare 2600's action with commonly accepted
investigatory journalism in which government or private restricted
documents are the basis of a story, Suchyta explained that, in his
view, the 2600 action was not comparable to release of, for example,
the Pentagon Papers. With government documents, he said, the public
arguably may have an overriding interest that permits disclosure. In
the 2600 case, the information was private proprietary information.
When asked about the practice of media stories based on leaked
documents from whistle-blowers or other sources, he indicated that
without the specifics of a given case he couldn't draw a judgment.
Spokespersons at Bellcore said that although the letter was a
warning, they were not in a position to say at this time whether
litigation against 2600 was precluded.
------------------------------
Date: Sat, 25 Jul, 1991 14:15:31 PDT
From: Jim Thomas <jthomas@well.sf.ca.us>
Subject: File 5--CuD Comment on Bellcore Letter to 2600
Bellcore, the company-owned research arm of the various Bell systems,
is well-staffed, possesses considerable resources, and extends
throughout the country. 2600 magazine is a small publication run on a
shoestring with few resources. The Bell system, as the pursuit of
Craig Neidorf demonstrated, seems quite willing to attack the "little
guy," even if the little guy has not demonstrably violated a law. Big
guys who pick on little guys are generally called "bullies." Bellcore
does not allege that 2600 received the information it published
illegally or that any other criminal offense is involved. Bellcore's
letter to 2600 cites the publication of the material, not the manner
in which it was obtained, as objectionable. Although called a "hacker
journal," 2600 has been active as a gadfly in exposing security flaws
in computer and related technology. Just as other media have claimed
"the public's right to know" in using confidential documents as the
basis of revelations, 2600 also revealed, arguably for the public
good, a point of vulnerability in the Bell system. This seems to be
what galls Bellcore, and it is threatening the full force of its
resources against a small publication that perhaps it presumes is
unwilling to resist bullying tactics. As Emmanuel Goldstein, the
editor of 2600, indicates in his response to Bellcore, they are
mistaken.
One can appreciate the legitimate concerns of both parties. It
becomes more difficult to appreciate the style of Bellcore in
addressing this issue. When Playboy felt that Event Horizons had
exceeded appropriate limits in using Playboy material, it attempted to
resolve the matter amicably. Bellcore, by contrast, chose to begin
with threats backed up by the full force of its legal department.
Because of its massive resources, Bellcore may feel no need to attempt
conciliatory dialogue to attempt to resolve a problem. If you have a
hammer, so their logic seems to run, why waste it?
Does Bellcore have a strong case? If the facts alleged in their
letter are correct, not a strong one according to some specialists in
copyright law. Does Bellcore have a knack for public relations? It
seems not. Just one more case of Goliath tromping on those
ill-equipped to defend themselves. And, the chilling effect of their
letter threatens to trample on a free press as well.
------------------------------
Date: Fri, 24 Jul 1992 11:19:47 PDT
From: Bob Bickford <rab@well.sf.ca.us>
Subject: File 6--Are You a Hacker?
ARE YOU A HACKER?
by Robert Bickford
Are you a Hacker? How would you know? If all you know about the word
is what you've seen on the evening news, or read in a magazine, you're
probably feeling indignant at the very question! But do those
magazine-selling headlines really describe what a Hacker is?
Some time ago (MicroTimes, December 1986) I defined a Hacker as "Any
person who derives joy from discovering ways to circumvent
limitations." The definition has been widely quoted since that time,
but unfortunately has yet to make the evening news in the way that a
teenager who robs a bank with his telephone does.
Does that teenaged criminal fit my definition? Possibly. Does that
fact make all, or even most, Hackers criminals? (Does that fact make
all or most Hackers teenagers?) Of course not! So why is there such
widespread misinformation about Hackers? Very simply, it's because
the criminal hackers, or 'Crackers', have been making news, while the
rest of us are virtually invisible. For every irresponsible fool
writing a virus program, there are at least twenty software engineers
earning a living "...discovering ways to circumvent limitations."
When the much-publicized InterNet worm was released by an
irresponsible hacker, hundreds of other Hackers applied their
considerable talents to the control and eradication of the problem:
the brilliance and creativity brought to this task are typical of the
kind of people --- Hackers ---that my definition is meant to describe.
Working on the yearly Hackers Conferences has been a mixed experience:
on the one hand, helping to bring together 200 of the most brilliant
people alive today, and then interacting with them for an entire
weekend, is immensely rewarding. On the other hand, trying to explain
to others that the Hackers Conference is not a Gathering of Nefarious
Criminals out to Wreak Havoc upon Western Civilization does get a bit
wearing at times. Also, trying to convince a caller that repeatedly
crashing his school district's computer from a pay phone will not,
emphatically not, qualify him for an invitation to the conference can
be a bit annoying. None of this would be a problem if we hadn't let a
small minority --- the Crackers --- steal the show, and become
associated with the word 'Hacker' in the minds of the general public.
The attendees at the Hackers Conferences --- many of whom hold PhDs,
and/or are Presidents or other upper management of Fortune 500
companies --- are (quite understandably) very indignant at being
confused with these Crackers.
Taking myself as an example --- no, I don't have a PhD, my only degree
is from the School of Hard Knocks, and no, I'm not working in
management ---when this article was first published [1989] I was
writing software for a company that builds medical image processing
equipment. My code controls a product that can, and often does,
either improve the quality of medical care, reduce the cost, or both.
When I develop a piece of software that goes around some limit I feel
very happy, and can often find myself with a silly grin plastered
across my face. When some ignorant reporter writes a story that
equates the work I do with expensive but childish pranks committed by
someone calling himself a "Hacker", I see red.
Are you a Hacker? If you want to break rules just for the sake of
breaking rules, or if you just want to hurt or "take revenge" upon
somebody or some company, then forget it. But if you delight in your
work, almost to the point of being a workaholic, you just might be.
If finding the solution to a problem can be not just satisfying but
almost an ecstatic experience, you probably are. If you sometimes
take on problems just for the sake of finding the solution (and that
ecstatic experience that comes with it), then you almost certainly
are. Congratulations! You're in good company, with virtually every
inventor whose name appears in your high school history book, and with
the many thousands of brilliant people who have created the "computer
revolution."
What can we do about all that bad press? Meet it head on! Tell the
people you work with that you're a Hacker, and what that means. If
you know somebody whose work habits, style, or personality make them
pretty clearly a Hacker, tell them so and tell them what you mean by
that. Show them this article!
Meanwhile, have fun finding those solutions, circumventing those
limitations, and making this a better world thereby. You are an
Artist of Technology, a Rider of the Third Wave, and at least you can
enjoy the ride!
Bob Bickford is a software consultant who lives in Marin County, often
Hacking late into the night, and (usually) enjoying it immensely. His
wife, Greta, only tolerates this because she's an animation hacker and
sometimes does the same thing. Bob can be reached through InterNet at
rab@well.sf.ca.us
(An edited version of this article appeared in Microtimes in early
1989. Copyright (c) Robert Bickford, 1989, 1992)
+++
Robert Bickford "A Hacker is any person who derives joy from
rab@well.sf.ca.us discovering ways to circumvent limitations." rab'86
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
"I recognize that a class of criminals and juvenile delinquents has
taken to calling themselves 'hackers', but I consider them irrelevant
to the true meaning of the word; just as the Mafia calls themselves
'businessmen' but nobody pays that fact any attention." rab'90
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
------------------------------
Date: 18 Jul 92 07:12:11 CDT (Sat)
From: peter@TARONGA.COM(Peter da Silva)
Subject: File 7--Re: Cu Digest, #4.31 (MOD Indictment)
I'd like to make some comments on John McMullen's response to the MOD
indictment. While I agree with some of the things he has to say, I
have two serious problems with his commentary: first of all, the abuse
of the term "hacker" by phreaks and the government *is* a problem, and
attempting to trivialise people's concerns about it is
counterproductive. Second, his characterization of Phiber Optik seems
to directly contradict the facts as presented in the indictment:
> (a) On or about November 28, 1989, members of MOD
>caused virtually all of the information contained within the
>Learning Link computer operated by the Educational Broadcasting
>Corporation to be destroyed, and caused a message to be left on
>the computer that said, in part: "Happy Thanksgiving you turkeys,
>from all of us at MOD" and which was signed with the names "Acid
>Phreak," "Phiber Optik" and "Scorpion" among others.
This is not a prank, and shouldn't be shrugged off as one.
Particularly disturbing is the type of system attacked: the Learning
Link is not a typical phreak victim with a Big Bad Big Business image.
------------------------------
Date: Wed, 15 Jul 1992 12:34:08 -0500
From: anonymous <anycom@sys.sys.uunet.uu.net>
Subject: File 8--The Ethics of Data Communications
The Ethics of Data Communications
By Norris Parker Smith
A report issued jointly by the U.S. Education and Justice
departments urges that instruction in computer ethics be made a part
of school curricula.
The aim is to convince young people that unauthorized copying of, say, a
new game program is plain theft, like stealing a bicycle; turning
loose a destructive worm on the Internet is criminal, a form of
high-tech arson, like setting a fire at one end of a row of condos.
This is a laudable goal, although in the real world it must be
recognized that more and more responsibilities are being heaped upon
the schools while less and less money is available to pay for basic
quality teaching.
A broader point is more important: Where does ethics in computation
begin and end?
For example, data communication today is being transformed by a
worldwide trend. High-bandwidth digital networks based on optical
fiber are supplanting low-capacity analog channels over metal wires.
The benefits to computing and to the overall economy are obvious. On
the face of it, attempts to impede this broad, positive trend would be
comparable to tampering with the adoption of a beneficial new drug.
At the same time -- in response to the same phenomena that upset the
officials at Justice and Education -- users of data communication
facilities are adopting new methods to provide simple, reliable
security for their files and messages. This also would seem a good
thing, well within the rights of people wishing to protect their
property and their ideas.
Open Lines of Communication
On the international scene, the United States and other Western
democracies have recognized that they have a real and immediate
interest in encouraging democracy in the former Soviet states to
emerge from its present fumbling, anxious childhood and mature into
solid stability.
The Russians and their former fellow victims of Communist paranoia
and incompetence say that in order to attempt this difficult
evolution, they urgently need to upgrade communications. This would be
an improvement to their national infrastructures, one of the few areas
in which outside help can readily make a difference. International
consortia, including U.S. participants, stand ready to string up the
fiber and install the switches.
It would seem reasonable -- even ethical -- for the West to support
improvements in Russia's internal communications, or, at the least,
not stand in the way.
What is the record on these two simple propositions? In Congress,
the FBI presented testimony calling for modifications in new
communications technology to make eavesdropping easier. This is
based upon the supposition that massive streams of digitalized
photons are more difficult to bug than slender flows of obedient
analog electrons.
The direct costs of this proposed degrading of the communications
system is estimated in the high hundreds of millions of dollars. The
indirect costs of less-than-optimum systems could be much higher.
The National Security Agency also raised questions about improved
measures for data security. Security is fine, it said, but it should
not be too fine, because the wicked as well as the benign might make
use of it. And when the wicked get into the act, the NSA will have to
invest in more computer time to discern what's happening.
If the Russians go modern, reasoned the NSA, it would be more
difficult for NSA satellites and other means to listen in. And who
knows what evil might lurk, even now, in the minds of the Russians?
Thus, exports of advanced communications technology to the former
Soviet Union were blocked within the federal establishment, largely by
the NSA. Approval took place only when the Germans and other
Europeans applied determined pressure.
The government has legitimate concerns about national security in an
era that looks increasingly unsanitary. Yet it is difficult to project
that any of the nasty little wars that have flamed among the embers of
communism would become genuine threats to basic U.S. interests. Other
means toward nuclear safety in Eurasia offer better prospects than a
Luddite policy on internal communication.
Crime-fighting (which sounds much more acceptable than snooping)
also has its place. It seems only fair, however, for the FBI, like
everyone else, to adapt to new technology as it comes along -- rather
than abusing its authority and prestige by lobbying for a favorable
fix at the public expense.
One of the most fundamental maxims of ethics reads this way: "At a
minimum, avoid doing unnecessary harm and get out of the way of events
that clearly bring good."
The feds should grade their own schoolwork by this ethical criterion
before they draw up computational dos and don'ts for schoolchildren.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
SUPERNET INTERNATIONAL wants to know what you think about issues raised in
The Daily Word. For information on how to add your voice to the discussion,
see Your Feedback on the News under this topic.
Copyright 1992 by SUPERNET INTERNATIONAL. All rights reserved.
------------------------------
The following news summary, taking from the New York Times
News Service, appeared in the Chicago Tribune business section
on July 24 (p. 1). There was no author attributed, and the headline
was "Computer hackers put new twist on 'West Side Story'."
The article begins:
>Late into the night, in working-class neighborhoods around New
>York City, young men with code names like "acid Phreak" and
>"Outlaw" sat hunched before their glowing computer screens,
>exchanging electronic keys to complex data-processing systems.
>
>They called themselves the Masters of Deception. Their mission: to
>prove their prowess in the shadowy computer underworld.
>
>Compulsive and competitive, they played out a cybernetic version
>of "West Side Story," trading boasts, tapping into telephone
>systems, even pulling up confidential credit reports to prove
>their derring-do and taunt other hackers.
>
>Their frequent target was the Legion of Doom, a hacker group named
>after a gang of comic-book villains. The rivalry seemed to take on
>class and ethnic overtones, with the diverse New York group
>defying the traditional image of the young suburban computer
>whiz.
+++Commentary: The New York Times has finally resorted to the
sensationalism of other media that plays on public fears and
stereotyped images of the terrifying hacker menace. The Times even
goes a step further by laying out a Bloods-'n-Crips scenario, complete
with gang revenge and drive-by hackings. The Times, whose writers
should know better, also plays up the danger of obtaining credit
ratings. TRW credit reports are among the easiest of so-called
confidential data to get. The implication is that it's hackers, not
the abusive practices of used car salespeople or other marketers, that
are a danger to snatching this information.
The story continues with a summary of the MOD bust as reported in the
Times, CuD, and elsewhere. It adds some biographical information
about the MOD people indicted:
John Lee is 21, goes by the name Corrupt, and "has dreadlocks chopped
back into stubby 'twists' and live with his mother in a dilapidated
walkup in Bedford-Stuyvesant, Brooklyn." The story informs us that he
"bounced around programs for gifted students before dropping out of
school in the 11th grade." Lee works part-time as a standup comic and
is studying film production at Brooklyn University.
Paul Stira is 22 and lives in Queens and was valedictorian at Thomas
A. Edison High School. It adds that his handle was Scorpion. He is
three credits shy of a degree in computer science at Polytechnic
University.
Julio Ferndez is 18 and was known as Outlaw and studied computers in
grade school. The story includes a picture of Phiber Optik and
Scorpion.
The story continues with a brief history of MOD and the disputes
with Legion of Doom:
>The Masters of Deception were born in a conflict with the Legion
>of Doom, which had been formed by 1984 and ultimately included
>among its ranks three Texans, one of whom, Kenyon Shulman, is the
>son of a Houston socialite, Carolyn Farb.
>
>Abene had been voted into the Legion at one point. But when he
>began to annoy others in the group with his New York braggadocio
>and refusal to share information, he was banished, Legion members
>said.
>
>Meanwhile, a hacker using a computer party line based in Texas
>had insulted Lee, who is black, with a racial epithet.
>
>By 1989, both New Yorkers ((Abene and Lee)) had turned to a new
>group, MOD, founded by Ladopoulos. They vowed to replace their
>Legion rivals as the "new elite."
>
>According to a history the new group kept on the computer
>network, they enjoyed "mischievous pranks," often aimed at their
>Texas rivals, and the two groups began sparring. But in June 1990
>the three Texas-based Legion members, including Shulman, Chris
>Goggans and Scott Chasin, formed Comsec Cata Security, a business
>intended to help companies prevent break-ins by other hackers.
>
>Worried that the Texans were acting as police informers, the MOD
>members accused their rivals of defaming them on the network
>bulletin boards. MOD's activities, according to the indictment
>and other hackers, began to change and proliferate.
>
>Unlike most of the "old generation" of hackers who liked to
>joyride through the systems, the New Yorkers began using the file
>information to harass and intimidate others, according
>to prosecutors.
The article concludes by suggesting that MOD was jealous of Comsec's
media attention and mention Abene's and Ladopoulos's claims in the
media that they had a right to penetrate computer systems. It adds,
drawing from John Perry Barlow's paper, his experience with Abene in
1989. Abene allegedly downloaded Barlow's credit rating and posted it.
This was detailed in the 1990 Harper's magazine article on computer
privacy and abuse. The article was based on posts from a conference
discussion topic on a California computer system. The article
concludes by alleging that despite the indictment, MOD may still be
bugging people:
>But the battles are apparently not over. A couple of days after
>the charges were handed up, one Legion member said, he received a
>message on his computer from Abene. It was sarcastic as usual, he
>said, and it closed, "Kissy, kissy."
The Times story does challenge the myth of a stereotypical white male
locked away alone in a suburban bedroom all night. But linking it to
rival gang activity and West Side Story images seems bizarre. The
public, the fuzz, and the media pick up on these scripts. If it's in
the New Times, it must be true, right? In this case, the Times has
taken a few steps backwards in its normally competent (especially when
John Markoff writes) stories.
To the Times: "Kissy, kissy!"
------------------------------
Date: Mon, 20 Jul 1992 13:15:21 -0400
From: Christopher Davis <ckd@EFF.ORG>
Subject: File 9--Documents Available: Open Platform Overview, Life in Virtual
+======+==================================================+===============+
| FYI | Newsnote from the Electronic Frontier Foundation | July 20, 1992 |
+======+==================================================+===============+
ELECTRONIC FRONTIER FOUNDATION'S
OPEN PLATFORM PROPOSAL AVAILABLE VIA FTP
The full text of the EFF's Open Platform Proposal is available in
its current draft via anonymous ftp from ftp.eff.org as
pub/EFF/papers/open-platform-proposal.
To retrieve this document via email (if you can't use ftp), send mail to
archive-server@eff.org, containing (in the body of the message) the
command 'send eff papers/open-platform-proposal'. This is the proposal
in its 4th draft and is up-to-date as of July 2.
HOWARD RHINEGOLD'S "VIRTUAL COMMUNITIES, 1992" AVAILABLE VIA FTP
This is the full text of Howard Rhinegold's illuminating essay "A Slice
of Life In My Virtual Community" that was serialized in EFFector Online.
You can retrieve this document via anonymous ftp from ftp.eff.org as
pub/EFF/papers/cyber/life-in-virtual-community. To retrieve it via
email (if you can't use ftp), send mail to archive-server@eff.org,
containing (in the body of the message) the command 'send eff
papers/cyber/life-in-virtual-community'.
+=====+=====================================================+=============+
| EFF | 155 Second Street, Cambridge MA 02141 (617)864-0665 | eff@eff.org |
+=====+=====================================================+=============+
------------------------------
Date: Fri, 24 Jul 1992 17:25:57 EDT
From: Dave Banisar <banisar@WASHOFC.CPSR.ORG>
Subject: File 10--CPSR Recommends NREN Privacy
CPSR Recommends NREN Privacy Principles
(PRESS RELEASE)
WASHINGTON, DC -- Computer Professionals for Social Responsibility
(CPSR), a national public interest organization, has recommended
privacy guidelines for the nation's computer network.
At a hearing this week before the National Commission on Library and
Information Science, CPSR recommended a privacy policy for the
National Research and Education Network or "NREN." Marc Rotenberg,
Washington Director of CPSR, said "We hope this proposal will get the
ball rolling. The failure to develop a good policy for the computer
network could be very costly in the long term."
The National Commission is currently reviewing comments for a report
to the Office of Science and Technology Policy on the future of the
NREN.
Mr. Rotenberg said there are several reasons that the Commission
should address the privacy issue. "First, the move toward
commercialization of the network is certain to exacerbate privacy
concerns. Second, current law does not do a very good job of
protecting computer messages. Third, technology won't solve all the
problems."
The CPSR principles are (1) protect confidentiality, (2) identify
privacy implications in new services, (3) limit collection of personal
data, (4) restrict transfer of personal information,(5) do not charge
for routine privacy protection, (6) incorporate technical safeguards,
(7) develop appropriate security policies, and (8) create an
enforcement mechanism.
Professor David Flaherty, an expert in telecommunications privacy law,
said "The CPSR principles fit squarely in the middle of similar
efforts in other countries to promote network services. This looks
like a good approach."
Evan Hendricks, the chair of the United States Privacy Council and
editor of Privacy Times, said that the United States is "behind the
curve" on privacy and needs to catch up with other countries who are
already developing privacy guidelines. "The Europeans are racing
forward, and we've been left with dust on our face."
The CPSR privacy guidelines are similar to a set of principles
developed almost 20 years ago called The Code of Fair Information
practices. The Code was developed by a government task force that
included policy makers, privacy experts, and computer scientists. The
Code later became the basis of the United States Privacy Act.
Dr. Ronni Rosenberg, who has studied the role of computer scientists
in public policy, said that "Computer professionals have an important
role to play in privacy policy. The CPSR privacy guidelines are
another example of how scientists can contribute to public policy."
CPSR is a membership organization of 2500 professionals in the
technology field. For more information about the Privacy Policies and
how to join CPSR, contact CPSR, P.O. Box 717, Palo Alto CA 94302.
415/322-3778 (tel) and 415/322-3798 (fax). Email at
cpsr@csli.stanford.edu.
------------------------------
Date: Thu, 23 Jul 92 04:55:25 MDT
From: mbarry@NYX.CS.DU.EDU(Marshall Barry)
Subject: File 11--Int'l BBSing & Elec. Comm Conference July PR
FOR IMMEDIATE RELEASE
Contact: Terry Travis or Michelle Weisblat
Telephone: (303) 426-1847 -- Fax: (303) 429-0449
Do you want to know how to get thousands of computer programs free -
LEGALLY? Does being able to send messages around the world, and
receive replies, for the price of a local phone call interest you?
Are you confused by the terms "Hacker", "Phreak", "BBS", or "Baud"?
Do you want to know how to help keep the homebound or handicapped
from feeling cut off from society?
The answers to these questions, and much more, can be had by
attending the Second Annual International BBSing and Electronic
Communications Conference, IBECC'92, August 13-16 at the Sheraton
Denver West in Lakewood, CO.
IBECC'92 is an intensive three-day conference and workshop covering
topics ranging from "Staying Alive" (Handicapped Computing and
Accessing the World) to "Safe Computing" (Controlling the Spread of
Computer 'Infection'), and from "Why Kelly CAN Read" (Education and
the Computer) to "What IS a MODEM anyway?" (An Introduction to the
World of TeleCommunication).
At IBECC'92 you will be able to:
* Join Author and Lecturer Dr. Jerry E. Pournelle, Ph.D. for his
unique and critical views on life in the electronic future.
* Sit and discuss the electronic classroom and NREN - the
National Public SuperComputer Highway - with Telecommunications and
Education Pioneer David Hughes, Sr.
* Interact with Thom Foulks and his Award-Winning Radio Program,
"Computing Success", Live.
* Be a part of Denver's Only Live Computer Call-In Show,
"Komputer Knus" with Marshall Barry and Michelle Weisblat.
* Learn the tricks of the trade with Internationally Famous
Software Designer Andrew Milner,
* and much, much more.
You will have the chance to visit with vendors like U.S. Robotics
(modems), OnLine Communications (Remote Access and FrontDoor), MICRO
(The Users' Group for Users' and Groups), CDB Systems (Computers and
BBSes), Clark Development (PCBoard), Star Enterprises (Systems Sales
and Service), Artisoft (LANs), Second Sight (Blind and Handicapped
Systems and Software), the Electronic Frontier Foundation
(Electronic Rights) and, of course, hundreds of SySops, Users,
Educators and Enthusiasts.
IBECC'92 will truly be the Educational and Social Event of the Year!
It is designed for the beginner, the curious, the handicapped, and
educators interested in learning about tomorrow's technologies,
today. There will even be special sessions and seminars for those
who are already deeply involved in the "mysteries" of computer
communications.
For full details, schedules, conference rates and information,
please contact the sponsor, IBECC (a non-profit educational,
scientific, and literary society) at (303) 426-1847 (voice), or
(303) 429-0449 (fax).
------------------------------
End of Computer Underground Digest #4.33
************************************
Computer underground Digest Sun Aug 2, 1992 Volume 4 : Issue 34
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Copy Editor: Etaion Shrdlu, III
Archivist: Brendan Kehoe
Shadow-Archivist: Dan Carosone
CONTENTS, #4.34 (Aug 2, 1992)
File 1--Day (in court) of The Dead
File 2--Re: 2600 and Bellcore flap
File 3--Another View of Bellcore vs. 2600
File 4--New 2600 and 2600 Meetings
File 5--Is Bellcore Guilty of Stealing Copyright Information?
File 6--Update on Len Rose
File 7--Biblio resource: "Computer Crime" Handbook
File 8--Dr Ripco Summarizes his Legal Status since Sun Devil
File 9--Documents Available: Open Platform Overview, Life in Virtual
File 10--CPSR Recommends NREN Privacy Principles
File 11--Biblio resource: "Computer Crime" Handbook
File 12--Updated CPSR Archive Listing
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet alt.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by
anonymous ftp from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Sun, 26 Jul 92 2:33:02 CDT
From: bei@DOGFACE.AUSTIN.TX.US(Bob Izenberg)
Subject: File 1--Day (in court) of The Dead
>From:
Bandit, Shylock and Trackshoes
A Kinda Professional Corporation
>To:
Homo Sapiens
Dear Infringing Species,
It has come to our attention that you have been utilizing anatomical
developments pioneered by several of our clients, the dinosaurs, in your
everyday activities. This letter is to notify you that the dinosaurs
consider these features to be an infringement of dinosaur development,
which has been a documented fact in the scientific community for decades.
Said features are proprietary to the dinosaurs, and their duplication
represents a substantial harm to the saurian reputation and ability to
survive and thrive in a challenging evolutionary climate.
This letter is to formally advise you that the process of bipedal locomotion,
hereafter called "walking", is an activity the dinosaurs are prepared to
demonstrate that they have employed for thousands of years. Continued
use of your legs for locomotion on land will be considered actionable. In
addition, any evolutionary developments that you may have reason to believe
were first present in the dinosaurs must no longer be used by your species.
This includes all digestive and reproductive organs, and much of your
circulatory system. The dinosaurs will vigorously defend their hard-won
evolutionary developments by any and all means available to them, including
but not limited to injunctive relief, monetary damages, and gobbling alive,
against all members of your species and any evolutionary descendants.
We trust that you fully understand the dinosaur position on this matter.
Sincerely,
BB/file
Before you dismiss the imaginary letter above as completely without
relevance, consider the Bellcore letter to the editor of 2600 magazine that
was recently reprinted in these virtual pages. Also consider the early
snarls from AT&T lawyers directed at the authors of the BSD NET2 software
distribution. Those authors, you see, have written something much like the
UNIX operating system that AT&T markets, and have made the source code for
it available for one-tenth the cost of AT&T's version, and, in the case of
one version written specifically for the Intel 80386 processor, for free.
They have taken the first tentative bites out of the Thunder Lizard's food
supply, and the mad, unreasoning blood-lust that overcomes the dinosaur
at such moments cannot obscure the handwriting on the cave wall. Of course,
the day of the dinosaurs was long gone by the time that our species first
trod upon the Earth... but even in this day and age, a fossil living in a
museum can still get a good lawyer. The Dead rise up, and are sworn in.
It is a shame that the reputation for innovation that once was the
hallmark of AT&T and Bellcore has come to be so dominated by lawyers thriving
in at atmosphere of comparative technical innocence. The quest for product
viability and excellence may not have been abandoned, but in some sectors
it has been supplanted by a desire to seal the product up in a black box:
A black box that can't be explained, examined, or improved upon... just
paid for in perpetuity.
------------------------------
Date: Sat, 25 Jul 92 12:26:17 MDT
From: Lazlo Nibble <lazlo@triton.unm.edu>
Subject: File 2--Re: 2600 and Bellcore flap
> ...Article details how, after following 4 steps, any line is suspectible
> to secret monitoring. One document obtained by 2600 said: "There is no
> proof the hacker community knows about the vulnerability."
They may not have proof of it, but the first time I heard about Busy
Line Verification was in '84 or '85 and there's at least one person I
knew in the computer underground at the time who I had reason to
believe when he said he'd used it. Its existance is certainly no
secret to anyone who's messed around with the workings of the phone
system -- the codes that activate BLV were (and probably still are) a
sort of Holy Grail for telcom hackers.
------------------------------
Date: Wed, 29 Jul 92 14:42 GMT
From: "Thomas J. Klotzbach" <0003751365@MCIMAIL.COM>
Subject: File 3--Another View of Bellcore vs. 2600
To many, the crux of the controversy seems to be whether or not
the internal Bellcore document was legally published in 2600 Magazine.
To me, the issue is one far more basic.
Mr. Goldstein states that he published the article because it was
of "public importance". But were there other goals as well? To
embarrass Bellcore? To protect the phone system from degradation
caused by inappropriate use? Which goal or goals were the most
important? In his response to Mr. Suchyta, he states that "...as
journalists, we have a certain obligation that cannot be cast
aside...". What is that obligation? Is "...readers, who have a keen
interest in this subject matter..." enough of a justification? Or
should there be any justification?
I believe that Bellcore should be allowed to discover, document
and correct the problem internally. If Bellcore was negligent/refused
in correcting a known deficiency, that perhaps disclosure of the
problem would bring pressure to bear on Bellcore to correct the
deficiency. But this was not the case. Bellcore discovered,
documented and took steps to correct the problem it would seem, in a
timely manner. Also, the problem that Bellcore documents does not
appear to be caused as the result of a deliberate, planned action to
provide for a "trapdoor".
I would ask Mr. Goldstein:
- did you verify the source of the document?
- did you ascertain how the document was obtained?
- did the document contain any markings indicating that it was an
internal Bellcore document?
- did you weigh the needs of publishing the article versus not
publishing the article?
I tried to apply an ethical code or standard that would govern MY
conduct if I was the person who published a similar article relating
to my profession. I referred to the newly proposed revision to the
ACM Code of Ethics and Professional Conduct (CACM May '92). I
concluded after review with my attorney that a disclosure of a similar
type by me would probably be in violation of the ACM Code sections 1.2
(Avoid harm to others), 1.5 (Honor property rights including
copyrights and patents - this also deals with unauthorized duplication
of materials), 4.1 (Uphold and promote the principals of this Code)
and possibly 2.3 (Know and respect existing laws pertaining to
professional work).
This issue is not solely about computers and technology. It is
about "doing the right thing". It's about balancing the need for
information versus how that the information is obtained and
disseminated. It's about having an ethical standard that treats
disclosure for the sake of disclosure and not ensuring that the
information is obtained in a method consistent with high ethical
standards as deserving of skepticism by the reader.
There are those who liken this series of events to "Just one more
case of Goliath tromping on those ill equipped to defend themselves".
I would respond that if those who are "ill-equipped" to defend
themselves publish a document which may have been obtained in an
unethical manner and which may infringe on another party's rights,
then they should be prepared to face a possible challenge. And as far
as "the chilling effect of their (Bellcore's) letter threatening to
trample on a free press as well", I would add that we not only need a
free press, but a free and RESPONSIBLE press as well. The end does
not always justify the means.
The First Amendment provides for certain guarantees of freedoms as
they relate to assembly, press and speech. It does not unfortunately
guarantee common sense and a thorough review of all possible
reactions/results of exercising that freedom. Many cloak themselves
in the First Amendment words - fewer still cloak themselves in ethical
standards that bring credibility to their work and to the causes that
they advocate. The Computer Underground must win
respect/understanding in all phases of society or it will relegated to
a niche in that society.
------------------------------
Date: Fri, 31 Jul 1992 17:58:48 -0700
From: Emmanuel Goldstein <emmanuel@WELL.SF.CA.US>
Subject: File 4--New 2600 and 2600 Meetings
The summer issue of 2600 has been released. Subscribers should have it
no later than the early part of next week. Included within is the
latest on Bellcore's lawsuit threat against us, as well as a complete
guide to the different kinds of telephone signalling systems used
throughout the world (written by a real heavyweight in the phone
phreak world), a review of the Dutch demon dialer, a tutorial on
"portable hacking", tips on defeating call return (*69), a guide to
voice mail hacking, plus letters, news updates, revelations of an
interesting nature (more Bellcore stuff) plus a whole lot more.
On Friday, August 7th, we'll be having meetings in six American
cities. We expect all of these meetings to continue on a monthly
basis. Please spread the word. NEW YORK: Citicorp Center (between
Lexington and 3rd) downstairs in the lobby by the payphones. Payphone
numbers: 212-223-9011, 212-223-8927, 212-308-8044, 212-308-8162.
WASHINGTON DC: Pentagon City mall. CHICAGO: Century Mall, 2828 Clark
St, lower level, by the payphones. Payphone numbers: 312-929-2695,
2875, 2685, 2994, 3287. ST. LOUIS: At the Galleria, Highway 40 and
Brentwood, lower level, food court area, by the theaters. LOS ANGELES:
At the Union Station, corner of Macy St. and Alameda. Inside main
entrance by bank of phones. Payphone numbers: 213-972-9358, 9388,
9506, 9519, 9520, 213-625-9923, 9924, 213-614-9849, 9872, 9918, 9926.
SAN FRANCISCO: 4 Embarcadero Plaza (inside). Payphone numbers:
415-398-9803,4,5,6.
There is no agenda at a 2600 meeting, no formalities of any kind, no
dress code (except maybe in St. Louis), and no constraints other than
common sense. People generally get together, trade information, meet
people, look for feds, and do whatever else comes to mind (all
legally, of course). Each meeting runs approximately from 5 pm to 8
pm local time on the first Friday of the month. Anyone wanting to
organize a meeting in another city should contact 2600 at our office:
(516) 751-2600.
Our voice mail system is now a voice bulletin board system every night
beginning at 11 pm Eastern time. You can reach it at 0700-751-2600
through AT&T. If you're using another long distance carrier, preface
that number with 10288. It costs 15 cents a minute and all of the
money goes to AT&T. Whoopee.
Permission is hereby granted to repost this message with the intention
of spreading news of the above.
((Moderators' note: 2600 can be contacted at:
directly at emmanuel@well.sf.ca.us or 2600@well.sf.ca.us
or sub for one year for $21 and mail it to:
2600 Magazine
PO Box 752
Middle Island, NY 11953
------------------------------
Date: Mon, 27 Jul 1991 10:19:51 PDT
From: kram@ull.edy.edu
Subject: File 5--Is Bellcore Guilty of Stealing Copyright Information?
I read about Bellcore's threat against 2600 and wondered why nobody
made the connection between Bellcore and the Secret Service raids in
1990. The letter that Bellcore sent to 2600 was in that same petty
spirit. Bellcore made some vague threats about an unidentified
article that may or may not have been a copyright violation. This is
consistent with what they did a few years ago.
Bellcore's attempt to intimidate 2600 into silence sounds a bit like
the goring ox roaring even before it itself is gored. Bell
Communications Research, known as Bellcore, employed Henry M.
Kluepfel as a security specialist and David Bauer, a R&D security
technoid. Both have testified in hacker trials. Kluepfel was involved
in the Sun Devil and earlier investigations. He was on The Phoenix
Project bbs, where he routinely logged posts and sent them to the
Secret Service. The posters held the copyright, and Kluepfel, a
private citizen, took them without authorization or permission. These
were proprietary, and Bellcore, through its agent Henry Kluepfel,
clearly engaged in a conspiratorial scheme to obtain proprietary
information. Release of the information and subsequent use out of
context may be a criminal copyright infringement under 17 USC 506. Who
can ever forget how those posts were used by the Secret Service to
show that the claim that kermit is a 7-bit protocol is obvious
evidence of a conspiracy? This led to the unjustified raid on Steve
Jackson Games. Given the pattern of Bellcore's paid accomplice to
systematically, willfully, and knowingly engage in acts of obtaining
proprietary information, the RICO Act (18 USC 1962) might be fun to
invoke against Bellcore.
If Bellcore considers Emmanuel Goldstein guilty of obtaining
proprietary information, then I strongly suggest that the users of The
Phoenix Project have an equally valid claim that Bellcore was
responsible for stealing copyright material from users. Maybe all
ex-Phoenix Project users should send Bellcore some letters. The
address listed on the letter to 2600 was
Leonard Charles Suchyta
LCC 2E-311
290 W. Mt. Pleasant Avenue
Livingston, NJ 07039
+++
((MODERATORS' COMMENT: The above poster refers to The Mentor's BBS,
known as The Phoenix Project. Logs and other information taken from
TPP were instrumental in justifying the raid on Steve Jackson games.
In the Secret Service search affidavit for Steve Jackson Games, Henry
Kluepfel was listed as a "source of information." A substantial portion
of this information was derived from 17 messages of logs from The
Phoenix Project written from Jan. 23 through Jan. 29, 1990. CuD #2.11
includes the complete affidavit and commentary.
The reference to a description of Kermit by The Mentor as evidence of
his participation in an encryption conspiracy read:
>Name: The Mentor #1
>Date: Fri Jan 26 10:11:23 1990
>
>Kermit is a 7-bit transfer protocol that is used to transfer
>files to/from machines. It is mostly found on mainframes (it's a
>standard command on VAX, for instance). Kermit has the added
>advantage of being able to work through an outdial (because it is
>7-bit).
>
>Mentor
We share the poster's concern with the action of Bellcore's Henry
Kluepfel. In that search affidavit, Timothy Foley wrote that Kluepfel
indicted that TPP's users' list contained the names of two "hackers"
from Illinois' Northern Federal District. To the best of our
knowledge (and to the knowledge of those familiar with the users' list
during this period), the only two names on it from the Northern
District (former US prosecutor William J. Cook's jurisdiction) were
the CuD moderators. Given the rather strange logic by which evidence
is fabricated by some prosecutors, perhaps Bellcore should first apply
to its own employees the same standards of integrity and honesty it
expects from others.
Because of his actions, Henry Kluepfel was named as a co-defendant in
a civil suit brought against him, Bill Cook, Timothy Foley, and
others, by Steve Jackson Games in 1991. The litigation, alleging civil
rights violations, is still pending.
------------------------------
Date: Sat, 1 Aug 92 23:58:14 PDT
From: infogroup@unixville.com
Subject: File 6--Update on Len Rose
Len Rose was released from the federal penitentiary in South
Carolina in March after serving 10 months of a one year sentence
for unauthorized possession of Unix sourcecode. He completed the
remaining two months in a community release center in Chicago.
He is now working in Silicon Valley, and involved in some innovative
work. He is working on a project that involves feeding Usenet news and
Internet mail onto a satellite which basically provides a full news
and mail feed anywhere in continental US.
His wife and kids are still living in Chicago, and will hopefully be
able to join him soon. He is also doing consulting work in California,
so it looks like his life may be back on track.
When I recently spoke with Len, he said "... with the exception of my
financial condition, I am probably happier than I have ever been .."
He also mentioned that he is trying to contact everyone who ever
helped him , to say "Thanks" personally, so feel free to send mail to
him at: "len@netsys.com" and he will get in touch with you.
Perhaps there are happy endings after all.
------------------------------
Date: Fri, 31 Jul 1991 22:15:54
From: Jim Thomas <cudigest@mindvox.phantom.com>
Subject: File 7--Biblio resource: "Computer Crime" Handbook
A panel on computer crime, sponsored by the Chicago Bar Association,
led to an edited collection of documents, including articles and
federal statutes, that provides a helpful resource for those interested
in a basic background on crime and computer technology. The volume,
in spiral/desktop publishing format, includes a set of "hypotheticals"
used for organizing the panel discussion. However, the responses of
the panelists (which included William C. Cook, Sheldon Zenner, Robert
Gustafson and Bernard P. Zajac, Jr.) were not included.
The strength of the work is the appenix, which includes a list of
potential violations (matched to their statutes) that may be
prosecuted under various federal statutes; Copies of most relevant
federal legislation governing recent "hacker" indictments; Comments on
selected federal statutes; and reprints of articles from the National
Institute of Justice and by John Perry Barlow, Buck BloomBecker, and
others. It also includes a David R. Johnson's testimony regarding
Senate Bill 2476, and a basic annotated bibliography of books,
articles, journals, and other resources as pointers to further
information on these issues.
The volume is about 150 pages (unpaginated, unindexed) and is
available at cost (about $20). For further information, contact
Joanna Alperin
Chicago Bar Association
321 South Plymouth Court
Chicago, IL 60604-3997
------------------------------
Date: Wed, 29 Jul 1991 17:34:18 CST
From: Moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 8--Dr Ripco Summarizes his Legal Status since Sun Devil
((Moderators' note: We asked Dr Ripco to give a detailed summary of
all that has changed in his legal status in the past 18 months.
Following is his summary of what's changed)).
Dear Jim:
Sincerely,
Dr Ripco
+++
((MODERATORS' NOTE: Dr Ripco's status on 1 August 1992 is identical to
his status on May 8, 1990, the morning of the raid by the secret
service and others. Although never charged, and although there is to
date no evidence that he was involved in any criminal behavior, none
of his equipment has been returned, he has not been contacted by law
enforcement agents in over two years, he has not heard from attorneys
he believed were helping him in the return of his equipment, and he
has received no information about when, if ever, he can reclaim his
equipment. In short, he has no idea, nor has he been able to learn,
what's happening. Kafka's The Trial should be required reading for
everybody.
------------------------------
Date: Mon, 20 Jul 1992 13:15:21 -0400
From: Christopher Davis <ckd@EFF.ORG>
Subject: File 9--Documents Available: Open Platform Overview, Life in Virtual
+======+==================================================+===============+
| FYI | Newsnote from the Electronic Frontier Foundation | July 20, 1992 |
+======+==================================================+===============+
ELECTRONIC FRONTIER FOUNDATION'S
OPEN PLATFORM PROPOSAL AVAILABLE VIA FTP
The full text of the EFF's Open Platform Proposal is available in
its current draft via anonymous ftp from ftp.eff.org as
pub/EFF/papers/open-platform-proposal.
To retrieve this document via email (if you can't use ftp), send mail to
archive-server@eff.org, containing (in the body of the message) the
command 'send eff papers/open-platform-proposal'. This is the proposal
in its 4th draft and is up-to-date as of July 2.
HOWARD RHINEGOLD'S "VIRTUAL COMMUNITIES, 1992" AVAILABLE VIA FTP
This is the full text of Howard Rhinegold's illuminating essay "A Slice
of Life In My Virtual Community" that was serialized in EFFector Online.
You can retrieve this document via anonymous ftp from ftp.eff.org as
pub/EFF/papers/cyber/life-in-virtual-community. To retrieve it via
email (if you can't use ftp), send mail to archive-server@eff.org,
containing (in the body of the message) the command 'send eff
papers/cyber/life-in-virtual-community'.
+=====+=====================================================+=============+
| EFF | 155 Second Street, Cambridge MA 02141 (617)864-0665 | eff@eff.org |
+=====+=====================================================+=============+
------------------------------
Date: Wed, 29 Jul 1992 15:27:38 EDT
From: Paul Hyland <PHYLAND@GWUVM.BITNET>
Subject: File 10--CPSR Recommends NREN Privacy Principles
PRESS RELEASE
July 24, 1992
CPSR Recommends NREN Privacy Principles
WASHINGTON, DC -- Computer Professionals for Social Responsibility
(CPSR), a national public interest organization, has recommended
privacy guidelines for the nation's computer network.
At a hearing this week before the National Commission on Library and
Information Science, CPSR recommended a privacy policy for the
National Research and Education Network or "NREN." Marc Rotenberg,
Washington Director of CPSR, said "We hope this proposal will get the
ball rolling. The failure to develop a good policy for the computer
network could be very costly in the long term."
The National Commission is currently reviewing comments for a report
to the Office of Science and Technology Policy on the future of the
NREN.
Mr. Rotenberg said there are several reasons that the Commission
should address the privacy issue. "First, the move toward
commercialization of the network is certain to exacerbate privacy
concerns. Second, current law does not do a very good job of
protecting computer messages. Third, technology won't solve all the
problems."
The CPSR principles are (1) protect confidentiality, (2) identify
privacy implications in new services, (3) limit collection of personal
data, (4) restrict transfer of personal information,(5) do not charge
for routine privacy protection, (6) incorporate technical safeguards,
(7) develop appropriate security policies, and (8) create an
enforcement mechanism.
Professor David Flaherty, an expert in telecommunications privacy law,
said "The CPSR principles fit squarely in the middle of similar
efforts in other countries to promote network services. This looks
like a good approach."
Evan Hendricks, the chair of the United States Privacy Council and
editor of Privacy Times, said that the United States is "behind the
curve" on privacy and needs to catch up with other countries who are
already developing privacy guidelines. "The Europeans are racing
forward, and we've been left with dust on our face."
The CPSR privacy guidelines are similar to a set of principles
developed almost 20 years ago called The Code of Fair Information
practices. The Code was developed by a government task force that
included policy makers, privacy experts, and computer scientists. The
Code later became the basis of the United States Privacy Act.
Dr. Ronni Rosenberg, who has studied the role of computer scientists
in public policy, said that "Computer professionals have an important
role to play in privacy policy. The CPSR privacy guidelines are
another example of how scientists can contribute to public policy."
For more information about the Privacy Polices and how to join CPSR,
contact CPSR, P.O. Box 717, Palo Alto CA 94302. 415/322-3778 (tel)
and 415/322-3798 (fax). Email at cpsr@csli.stanford.edu.
++++++++++++
[Moderator's note: The full text of the referenced NREN Privacy
Principles is available from the CPSR Listserv file server. Send
the command:
GET NREN PRIVACY
to listserv@gwuvm.gwu.edu, as the text of an e-mail message. -peh]
------------------------------
Date: Fri, 31 Jul 1991 22:15:54 EDT
From: Jim Thomas <cudigest@mindvox.phantom.com>
Subject: File 11--Biblio resource: "Computer Crime" Handbook
A panel on computer crime, sponsored by the Chicago Bar Association,
led to an edited collection of documents, including articles and
federal statutes, that provides a helpful resource for those interested
in a basic background on crime and computer technology. The volume,
in spiral/desktop publishing format, includes a set of "hypotheticals"
used for organizing the panel discussion. However, the responses of
the panelists (which included William C. Cook, Sheldon Zenner, Robert
Gustafson and Bernard P. Zajac, Jr.) were not included.
The strength of the work is the appenix, which includes a list of
potential violations (matched to their statutes) that may be
prosecuted under various federal statutes; Copies of most relevant
federal legislation governing recent "hacker" indictments; Comments on
selected federal statutes; and reprints of articles from the National
Institute of Justice and by John Perry Barlow, Buck BloomBecker, and
others. It also includes a David R. Johnson's testimony regarding
Senate Bill 2476, and a basic annotated bibliography of books,
articles, journals, and other resources as pointers to further
information on these issues.
The volume is about 150 pages (unpaginated, unindexed) and is
available at cost (about $20). For further information, contact
Joanna Alperin
Chicago Bar Association
321 South Plymouth Court
Chicago, IL 60604-3997
------------------------------
Date: Mon, 20 Jul 1992 14:48:39 EDT
From: Paul Hyland <PHYLAND@GWUVM.BITNET>
Subject: File 12--Updated CPSR Archive Listing
Following is an updated version of the file CPSR ARCHIVE, which lists
the files stored on our Listserv archive. This is the last time that
this entire file will be distributed to the list. From now on, I will
periodically send mail containing only the updates (add/change/delete).
Users can also subscribe to any of our files, and receive either notice
or the file itself when it is changed. For information on this and other
Listserv File Server features, send the command:
INFO LISTFILE
The command INFO GENINTRO will provide an introduction to Listserv in general.
Questions, comments, or complaints should be directed to phyland@gwuvm.gwu.edu
Paul Hyland
Owner, CPSR List
******************************************************************************
This file contains a list of files available on the CPSR LISTSERV file server.
To request a copy of any file, send mail to the list server:
LISTSERV@GWUVM.GWU.EDU (Internet) or LISTSERV@GWUVM (Bitnet)
In your mail, send one line per request, using this command for each request:
GET <FILENAME> <FILETYPE>
The options for <FILENAME> and <FILETYPE> are listed below. For example:
GET CPSR BROCHURE
Note that LISTSERV is case-insensitive for command and file names.
If you have problems with this list, send mail to the administrator,
Paul Hyland (phyland@gwuvm.gwu.edu or phyland@gwuvm).
===============================================================================
CPSR INFORMATION
Filename Filetype Lines Description
-------- -------- ----- -----------
CPSR ARCHIVE 213 This file
CPSR BROCHURE 300 CPSR overview and membership form ** UPDATED **
CPSR MEMBFORM 53 CPSR membership form (also in brochure)
CPSR BOOKS 129 List of CPSR publications and order form
CPSR ALIASES 75 CPSR E-mail Aliases @csli.stanford.edu
CPSR TEN-YEAR 219 Ten-year history of CPSR, thru spring '91
CPSR PAPERS AND PROJECT DESCRIPT,SCRIPT='SPELL'IONS
Filename Filetype Lines Description
-------- -------- ----- -----------
21STCENT PROJECT 287 21st Century Project description -
To redirect U.S. Science & Technology Policy
toward peaceful and productive uses.
PRIVACY PAPER 1550 "Privacy in the Computer Age" by Ronni Rosenberg
SUNDEVIL RULING 283 Text of ruling on CPSR FOIA lawsuit seeking
Operation Sun Devil search warrant materials
CONFERENCE MATERIALS
Filename Filetype Lines Description
-------- -------- ----- -----------
PDC-92 CALL4PAP 103 Participatory Design Conference
Cambridge, MA -- November 6-7, 1992
CRYPTO INTRO 109 2nd CPSR Cryptography and Privacy Conference --
Introduction from conference materials
CFP-2 REPORT 808 Report from 2nd Conference on Computers, Freedom
and Privacy (CFP-2) -- March, 1992
CFP-2 RADIO 34 CFP-2 radio program available in late JJune
CFP-93 CALL4PAP 176 3rd Conference on Computers, Freedom, and Privacy
San Francisco, CA -- March 9-12, 1993
DIAC-92 REPORT 219 Report from Directions and Implications of
Advanced Computing (DIAC-92) -- May, 1992
CFP2 ANNOUNCE - DELETED
CFP2 SHORT - DELETED
DIAC-92 ANNOUNCE - DELETED
DIAC-92 PROGRAM - DELETED
CHI-92 REPORT 79 From ACM SIGCHI (Computer-Human Interaction)
CHI '92 session on Social Impact - May, 1992
SIGCSE REPORT 100 From ACM SIGCSE (Computer Science Education)
Debate on state licencing of programmers
IFAC CALL4PAP 199 International Federation for Automatic Control
Symposium on Automated Systems Based on
Human Skill (and Intelligence)
September 23-25, 1992, Madison, WI
MULTIMED CALL4PAP 75 _Journal of Educational Multimadia and Hypermedia_
Special Issue on Multimedia and Hypermedia
Learning Environments - Deadline: Sept 15, 1992
SAUDI CALL4PAP 57 13th National Computer Conference and Exposition
Topic: Information Technology Transfer
Riyadh, Saudi Arabia - Nov. 21-26, 1992
TECHSTUD CALL4PAP 351 _Technology Studies_ Special Issue on Technology
and Ethics - Deadline: January 15, 1993
EMC-93 CALL4PAP 161 Society for Computer Simulation - International
Emergency Management and Engineering Conference,
Arlington, VA -- March 29 - April 1, 1993
IFIP CALL4PAP 33 International Federation for Info. Processing
Working Gp 9.2 (Social Accountability of Computers)
Working conference - `Facing the Challenge of Risk
and Vulnerability in an Information Society'
May 20-22, 1993, Namur, Belgium
ED-MEDIA CALL4PAP 353 World Conference on Educational Multimedia and
Hypermedia, Orlando FL, June 23-26, 1993
EASTWEST ANNOUNCE - DELETED
COLLAB92 ANNOUNCE - DELETED
CPSR ON-LINE NEWSLETTERS
Filename Filetype Lines Description
-------- -------- ----- -----------
CPSRBERK 2Q92 425 CPSR/Berkeley Electronic Newsletter
Second Quarter - 1992
CPSR-PDX VOL5-N02 258 CPSR/Portland Electronic Newsletter *new name*
Volume 5, #02, April 1, 1992
CPSR-PDX VOL5-N03 488 CPSR/Portland Electronic Newsletter *new name*
Volume 5, #03, May 26, 1992
CPSR-PDX VOL5-N04 531 CPSR/Portland Electronic Newsletter *new name*
Volume 5, #04, June 8, 1992
CPSR-PDX VOL5-N05 819 CPSR/Portland Electronic Newsletter
Volume 5, #05, June 23, 1992
CPSR-PDX VOL5-N06 612 CPSR/Portland Electronic Newsletter
Volume 5, #06, July 13, 1992
E-MAIL DIRECTRY 625 CPSR/PDX E-mail Directory of CPSR addresses and
other interesting lists - August 22, 1991
*renamed and updated*
LEGISLATIVE MATERIALS
Filename Filetype Lines Description
-------- -------- ----- -----------
BOS-CNID SHORT 122 Testimony by CPSR/Boston on Calling Number ID
before Mass. DPU - Oral version
BOS-CNID LONG 396 Testimony by CPSR/Boston on Calling Number ID
before Mass. DPU - Written version
CAL-CNID HEARING 299 Testimony by CPSR/Palo Alto and description of
hearing before California State Assembly on CNID
FBITAP PROPOSAL 445 Updated (and renamed) FBI Digital Telephony
Proposal, to force telco's to enable FBI
taps of the evolving digital network
(with an introduction by Dave Banisar of CPSR)
FBITAP LETTER 127 Letter from CPSR and others to Senator Leahy
urging a public hearing of this FBI proposal
FBITAP COMPWRLD 130 Article on FBI Proposal in Computerworld 6/8/92
SEMATECH ENVIRO 118 Press Release from Campaign for Responsible
Technology on environmental funding in
SEMATECH reauthorization legislation
SEMATECH AMENDMNT 222 Press Release from Campaign for Responsible
Technology on proposed amendment to SEMATECH
authorization to address environmental,
community and labor concerns
SB1447 BILL 1 California Senate Bill 1447 - Privacy Act of 1992
(obsolete version deleted - revision expected)
HR2772 BILL 85 GPO Wide Information Access Network for Data
Online Act of 1991 (GPO WINDO Bill)
HR2772 FACTS 95 Taxpayer Assets Project Fact Sheet on GPO WINDO
S2813 BILL 151 GPO Gateway to Government Act of 1992
(Senate version of WINDO)
HR3459 BILL 136 Improvement of Information Access Act of 1991
(Owens Bill)
HR3459 FACTS 65 Taxpayer Assets Project Fact Sheet on Owens Bill
OMB-A130 COMMENTS 178 Taxpayer Assets Project Note on the Proposed
Revisions to OMB Circular A-130 concerning
Management of Federal Information Resources
with info on how to obtain the document and
provide comments electronically (due 8/27/92)
EDGAR RELEASE 323 Taxpayer Assets Project Press Release on letter
to the Securities and Exchange Commission (SEC)
asking that they broaden access and improve
control over the Electronic Data Gathering,
Analysis and Retrieval System (EDGAR)
S1940 BILL 145 Electronic Freedom of Information Improvement
Act of 1991
HPC ACT 636 High Performance Computing Act of 1991
Signed December 9, 1991
CRYPTO ARTICLE 217 Article on Government attempts to control spread
of cryptographic technology into the telephone
network -- Joe Abernathy, Houston Chronicle
NSA PAPERS 439 Response from NSA to Joe Abernathy questions on
their attempts to control or hinder civilian
cryptographic technology
HR5615 BILL 144 Prescription Drug Records Privacy
Protection Act of 1992
CANADIAN PRINCIPL 90 Canadian Telecommunication Privacy Principles
ONLINE RESOURCES AND OTHER MATERIALS
Filename Filetype Lines Description
-------- -------- ----- -----------
RTK-NET SRCHFORM 136 RTK NET -- the Right-to-Know Computer Network --
Introduction and on-line search request form
PRIVACY LISTS 152 Information on two new privacy-related lists
RISKS SAMPLE 541 Sample Issue of RISKS Digest - Volume 13, # 59
CUD SAMPLE 995 Sample Issue of Computer underground Digest -
Volume 4, # 26
EFFECTOR SAMPLE 597 Sample Issue of EFFector Online - Volume 2, # 01
EMAILPRV BIBLIO 136 Bibliography of materials on E-mail Privacy
PRIVACY PROJECT 44 Tapes from the Privacy Project radio series
Available from Pacifica Programming Service
TEACHING VALUES 28 Describes "Teaching Social and Ethical
Implications of Computing: A Starter Kit"
from the Research Center on Computing and
Society at Southern Connecticut State Univ.
and Educational Media Resources, Inc.
VIRTREAL GENIE 472 Genie On-Line Conference on Virtual Reality
Howard Rheingold (Whole Earth Review) - 5/3/92
(from the Public Forum * Non-profit Connection)
CYBEPUNK GENIE 480 Genie On-Line Conference on Networks and Hackers
Katie Hafner (co-author, CYBERPUNK) - 5/24/92
DHIGHWAY GENIE 722 Genie On-Line Conference on Data Highways
Steve Cisler (Aplle Computer) - 5/17/92
MAIL MANNERS 150 Describes proper e-mail etiquette
NSF JOBS 64 Two jobs with NSF Information Tech. Programs
MONTHLY ARCHIVES OF CPSR LIST SUBMISSIONS
Filename Filetype Lines Description
-------- -------- ----- -----------
CPSR LOG9110 158 From list start-up through 10/91
CPSR LOG9111 674 From prior log through 11/91
CPSR LOG9201 1619 From prior log through 1/92
CPSR LOG9202 305 From prior log through 2/92
CPSR LOG9203 1539 From prior log through 3/92
CPSR LOG9204 866 From prior log through 4/92
CPSR LOG9205 91 From prior log through 5/92
CPSR LOG9206 2192 From prior log through 6/92
CPSR LOG9207 96 From prior log through 6/92
------------------------------
End of Computer Underground Digest #4.34
************************************
Computer underground Digest Sun Aug 9, 1992 Volume 4 : Issue 35
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Copy Editor: Etaion Shrdlu, III
Archivist: Brendan Kehoe
Shadow-Archivist: Dan Carosone
CONTENTS, #4.35 (Aug 9, 1992)
File 1--Pack your bags -- Cud's moving!
File 2--What's a "CuD?"
File 3--Re: Another View of Bellcore vs. 2600
File 4--Re: SURVEY: Is Big Brother Watching You?
File 5--BellSouth Shareholders Note
File 6--'Pirate' is PC?
File 7--"Piracy:" Overstated? (Chic Tribune summary)
File 8--'Zine Watch - 2600 and Boardwatch
File 9--*NO MORE CHICAGO TRIBUNE ARTICLES*
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by
anonymous ftp from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Sat, 8 Aug 1992 02:47:19 -0500 (CDT)
From: chip@CHINACAT.UNICOM.COM(Chip Rosenthal)
Subject: File 1--Pack your bags -- Cud's moving!
Those who receive CuD via Usenet probably know the news by now: the
`comp.society.cu-digest' vote is over and the newsgroup has been
approved. This is good news -- even to the non-Usenet readers.
Moving CuD out of the anarchistic `alt' hierarchy and into the
mainstream `comp' distribution potentially brings a lot of new readers
into the fray. (It also somehow gives an added air of legitimacy to
the CuD.)
A summary of the voting results appears towards the end of this
message. There will be another week or two for the voting results to
be reviewed before comp.society.cu-digest is actually created.
If you are a Usenet reader who could not receive the CuD via
alt.society.cu-digest, I urge you to drop your mailing list
subscription once comp.society.cu-digest is operational. Yes, you
will receive your CuD in the handy, easy-to-read Usenet format,
without a single word edited, modified, or expunged! By switching
over to Usenet you will save wear and tear on both our network
bandwidth and our esteemed editors.
If you are a Usenet administrator -- or know somebody who is a Usenet
administrator or aspire to someday become a Usenet administrator :-)
please note the following:
* The name of the new newsgroup will be `comp.society.cu-digest'.
* The newsgroup will be moderated, and the address for submissions
will be the CuD editors at <tk0jut2@mvs.cso.niu.edu>.
* If you maintain a `mailpaths' file, please ensure you update it
properly.
* Once the new newsgroup is operational, the CuD will be cross-posted
into both `comp.society.cu-digest' and `alt.society.cu-digest'
for a period of approximately one month. This will give Usenet
administrators and CuD readers a chance to switch over.
* After that one month period, the `alt.society.cu-digest' newsgroup
will be decommissioned.
* Please do NOT alias the old name to the new name. The proposed
changeover strategy should alleviate any such need.
Thanks to all who participated in the vote. If you have any questions
or concerns about the newsgroup vote or the Usenet gateway, feel free
to drop me a line.
Here are the final voting results:
PROPOSAL: comp.society.cu-digest
CHARTER: The Computer Underground Digest (moderated)
SUMMARY: This newsgroup will be used to distribute the Computer
Underground Digest. The CuD is an open forum for
issues relating to the phenomena of computer cracking.
It has been in publication since 1990, and is widely
distributed in a number of electronic forms. The CuD
has been distributed via alt.society.cu-digest. The
alt.society.cu-digest newsgroup will be decommissioned
once the new newsgroup is stable.
=== OFFICIAL VOTE TALLY ===
Total Votes Cast: 263
Valid Votes Cast: 260
Ambiguous Votes: 3 (excluded from count)
Yes Votes: 247 (95.00% of valid votes)
No Votes: 13 (5.00% of valid votes)
Yes-No Margin: 234
Percentage Test: pass (is yes/valid >= 66.67%?)
Margin Test: pass (is yes-no >= 100?)
VOTE RESULT: PASS (do both tests pass?)
=== TOP TEN VOTING DOMAINS ===
6 ac.uk
5 umd.edu
5 orst.edu
4 syr.edu
4 mit.edu
4 il.us
4 eff.org
4 cmu.edu
3 upenn.edu
3 uio.no
=== DISTRIBUTION OF VOTES RECEIVED ===
7/13 9 *****
7/14 86 ****************************************
7/15 29 **************
7/16 10 *****
7/17 6 ***
7/18 5 ***
7/19 5 ***
7/20 8 ****
7/21 23 ***********
7/22 17 ********
7/23 5 ***
7/24 3 **
7/25 3 **
7/26 0 *
7/27 1 *
7/28 6 ***
7/29 18 *********
7/30 10 *****
7/31 8 ****
8/01 2 *
8/02 5 ***
8/03 2 *
8/04 2 *
--
Chip Rosenthal 512-482-8260 | Let the wayward children play. Let the wicked
Unicom Systems Development | have their day. Let the chips fall where they
<chip@chinacat.Unicom.COM> | may. I'm going to Disneyland. -Timbuk 3
------------------------------
Date: Sat, 8 Aug 1992 09:23:01 (CDT)
From: CuD Moderators <tk0jut2@mvs.cso.niu.edu)
Subject: File 2--What's a "CuD?"
With the change to comp.society.cu-digest, we assume that
newcomers may not know what a "CuD' is. This seems like a good time to
respond to the FAQs (for newbies, "frequently asked questions"). We've
ignored some of the irrelevant ones (like "why doesn't Thomas cut his
ponytail" --he did, sort of), and "Yo, d00dz, got any good codez?"
(sigh). If we've missed any serious questions, let us know and we'll
try again.
WHAT IS CuD?
Cu-Digest, or CuD, is a weekly on-line electronic journal/news forum.
CuD began at the suggestion and encouragement of Pat Townson
(moderator of Telecomm Digest) in March 1990. The federal indictments
of Craig Neidorf (in the "PHRACK case" in Chicago) and Len Rose (in
Baltimore) generated more posts than Pat could manage, and the nature
of posts exceeded his Digest's Usenet charter. Jim Thomas and Gordon
Meyer volunteered to collect the surplus posts, and Pat helped get it
started. It was originally conceived as an interim forum that would
quietly depart after a few months. Volume 1, in fact, was originally
intended as the first and final volume in August '92, but a week later
Volume 2 appeared because of the continuous material. As of this
writing, CuD is publishing Volume 4.
Each issue is about 40 K.
WHAT IS THE GOAL OF CuD?
The broad goal of CuD is to provide a forum for discussion and debate
of the computer telecommunications culture. This culture especially
includes, but is not limited to, the unique world of BBSes, Internet,
and public access systems. We focus especially on alternative gropus
that exist outside of the conventional net community. We try to focus
on a broad range of issues that include news, debates of legal,
ethical, and technical issues, and scholarly research of relevance to
a broad audience of professionals and lay persons. Other than
providing a context for an article if necessary, the moderators *do
not* add commentary of agreement or disagreement. We see our role as
one of facilitating debate, although we will do take part in
discussions in separate articles.
WHO EDITS CUD?
Gordon Meyer and Jim Thomas publish CuD from Northern Illinois
University. Gordon Meyer's MA thesis, "The Social Organization of the
Computer Underground", was the first systematic attempt to place the
social world of "phreaks, hackers, and pirates" in a context that
looked at the culture, rather than the "deviance", of alternative uses
of computer use. Gordon is currently a system engineer with a large
national firm in the Chicago area. Jim Thomas, a professor of
sociology/criminology at Northern Illinois University, is a prison
researcher and qualitative methodologist. Gordon lured him into the
"underground" world 1987, and he has since become interested in the
legal and cultural issues of computer use.
WHY THE LABEL *UNDERGROUND*?
For some, the term underground connotes malice and a dark side of human
activity. For others, including the CuD editors, it denotes
alternative or unconventional activity. Like the "underground," or
"alternative" press of the counterculture of the 1960s, the "computer
underground" refers to types of behavior or characteristics of a
subculture that are unique, cohesively identifiable, possessing norms,
roles, and social expectations that define participants, and are
considered socially marginal by the dominant culture. Like the term
"hacker," there were originally no negative connotations associated
with "underground" when the term was first used. The name "Computer
underground Digest" was suggested with a bit of irony prior to the
first issue (how, after all, can a conventional digest that is
publicly accessible be "underground?"), and the name stayed. Early
discussions to change the name seemed impractical once the "CuD"
monogram was established, and the name stands.
IS CuD "PRO-HACKER?"
The term "hacker" has been grossly distorted by the media and law
enforcement personnel, who use it synonymously with "computer
intruders." CuD editors have repeatedly stated their own opposition to
all forms of predatory and malicious behavior, including malicious
computer intrusion. We accept Bob Bickford's definition of a "hacker"
as someone who derives joy from discovering ways to exceed
limitations. Hackers, in the original sense, referred to explorers who
solved problems and exceeded conventional limits through trial and
error in situations in which there were no formal guidelines or
previous models from which to draw. In this sense, CuD is quite
"pro-hacker," and we prefer the term "cracker" for malicious
practitioners of the hacking craft. Exploration is good, predation is
not. However, CuD encourages articles from all perspectives and
attempts to provide a forum for reasoned discussion on all sides of
an issue. CuD is against predatory behavior by any group, whether
computer enthusiasts or those who oppose them. CuD is for civil
liberties and for civilizing the electronic frontier by securing
rights assumed in other social realms and by advocating protection
from all forms of abuse.
Like rock 'n Roll and Richard Nixon, the computer underground culture
has not, and will not likely soon, go away. It has become an
entrenched part of computer culture. CuD attempts to document the
computer culture and ease the transition as the culture moves toward
the mainstream with articles that bridge the cultural gaps as
telecomputing becomes an increasingly important part of daily life.
The political, legal, economic, and social impact of changes in the
new technology is poorly covered elsewhere. We see our goal as
addressing the impact of these changes and providing alternative
interpretations to events.
WHAT KINDS OF THINGS DOES CuD PUBLISH?
We encourage submissions on a broad range of topics, from articulate
short responses and longer opinion pieces to book reviews, summaries
of research, and academic papers. We especially encourage:
1. Reasoned and thoughtful debates about economic, ethical, legal, and
other issues related to the computer underground.
2. Verbatim printed newspaper or magazine articles containing relevant
stories. If you send a transcription of an article, be sure it
contains the source *and* the page numbers so references can be
checked. Also be sure that no copyright protections are infringed.
3. Public domain legal documents (affidavits, indictments, court
records) that pertain to relevant topics.
4. General discussion of news, problems, or other issues that
contributors feel should be aired.
5. Unpublished academic papers, "think pieces," or research results
are strongly encouraged. These would presumably be long, and we would
limit the size to about 800 lines (or 40 K). Longer articles
appropriate for distribution would be sent as a single file and
so-marked in the header.
6. Book reviews that address the social implications of computer
technology.
7. Bibliographies (especially annotated), transcripts of relevant
radio or television programs (it is the poster's responsibility to
assure that copyrights are not violated), and announcements and
reports of relevant conferences and conference papers are strongly
encouraged.
8. Announcements for conferences, meetings, and other events as well
as summaries after they've occured.
9. Suggestions for improvement, general comments or criticisms of CuD,
and ideas for articles are especially helpful.
Although we encourage debate, we stress that ad hominem attacks or
personal squabbles will not be printed. Although we encourage
different opinion, we suggest that these be well-reasoned and
substantiated with facts, citations, or other "evidence" that would
bolster claims. Although CuD is a Usenet group, it does not, except
in the rarest of cases, print post-response-counterresponse in the
style common among most other groups.
HOW CAN I PUBLISH IN CUD?
To submit an article, simply send it to the editors at
tk0jut2@mvs.cso.niu.edu. If you receive CuD on Usenet, you can reply
(using the F or f commands) and your response will come directly to
the editors and will not be distributed across the nets. If you do not
have an article, but know of people who do, encourage them to send
their work along. Although CuD is a forum for opposing points of view,
we do prefer that articles a) be written in English, b) make sense,
and c) are not out-dated.
Submissions should be formatted at 70 characters per line and should
include a blank space separating individual paragraphs. Submissions
may be edited for spelling and format, but no other changes are ever
intentionally made without permission. Sigs are also removed to save
bandwidth.
WHO READS CuD?
As a conservative estimate, CuD reaches about 30,000 to 35,000 readers
each issue. According to monthly Usenet statistics, CuD averaged
about 23,000 readers a month on alt.society.cu-digest. We estimate
another 3,000 from the mailing list and feeds into various systems.
BBS readership, judging from non-scientific sysop feedback,
constitutes at least another 5,000, and public access systems
(Peacenet, America Online, GEnie, CompuServe) constitutes the rest of
domestic readership. Our figures do not include substantial European,
Australian, or ftp distribution.
Judging from a survey we took in 1990 and from the feedback we receive
from readers, CuD readers cut across occupational, ideological, and
age lines. The overwhelming majority (about 80 percent) of the
readership is college graduates About half is computer professionals
or in related fields. The remaining half is distributed among a
variety of professions (attorneys, journalists, academicians, law
enforcement, students) and territory (the mailing list includes every
continent except Asia and all west European countries).
HOW DO I RECEIVE CuD?
If you're reading this, you've already received it, and most likely
you can just keep doing whatever you did to get it. If you aren't sure
what you did, you can do any of the following:
CuD is *FREE*. It costs nothing. The editors make no profit, we take
no money, we accept no gifts (but we drink Jack Daniels and lots of
it, should you run into us in a pub). To receive CuD, you can access
it from many BBSes and most public access systems. Or, if you have
Usenet access, you can obtain it by subscribing through your local
system to comp.society.cu-digest.
If you do not have Usenet access, you can be placed on a mailing list
by dropping a short note to: tk0jut2@mvs.cso.niu.edu with the subject
header: SUB CuD and a message that says:
SUB CuD my name my.full.internet@address
------------------------------
Date: Sun, 2 Aug 92 23:43 PDT
From: john@ZYGOT.ATI.COM(John Higdon)
Subject: File 3--Re: Another View of Bellcore vs. 2600
In Digest #4.34, Thomas Klotzbach gives a reasoned and rational view
of the responsibility of a free press as it relates to the computer
underground and specifically to the matter of recent publications by
2600 of Bellcore material. I could agree with every point except for
the fact that Mr. Klotzbach makes an invalid assumption upon which
hangs the balance of his piece. His assertion (and I assume his
belief) is that Bellcore has conducted its business in good faith and
corrected "holes" and shortcomings in a timely manner.
Nothing could be further from the truth. Since the days of "The Bell
System", AT&T and the Bell Operating Companies have been grossly
negligent in the matter of security. It would be my guess that the
term, "Security Through Obscurity", originated with Ma Bell. Rather
than create systems that used password security or handshaking
protocols, "the phone company" merely relied on the (mistaken) idea
that the public was too removed from the technical workings of the
nationwide telephone network to be a "threat" to the billing or
privacy integrity of the system as a hole.
The classic example is the use of inband signaling which provided
hundreds, if not thousands of enthusiasts (for want of a better
euphemism) the ability to travel around the world on Ma Bell's dime.
These people could literally control the network because of a serious,
inherent flaw built into the system. The band-aid fixes were too
little, too late and network security was severely compromised until
the inband signaling was replaced with CCIS and its progeny.
The Busy Verify Trunk and No. Test Trunk holes, which are the focus of
the 2600 fracas, are just a portion of dozens of similar such
vulnerabilities in our national telephone network. Those of us who are
intimately familiar (for legitimate reasons) with this network have
known about these things for a long, long time. I, for one, would like
to see them plugged. If the 2600 article manages to get one of them
out of the way, more power to it.
But the policy of "The Bell System" and now Bellcore and the RBOCs
seems to be to do nothing about any such problems and wait for some
phreak to get caught with a hand in the cookie jar. After all, why
bother to fix something if it is not a problem (yet)? It can become a
problem (or an embarrassment) in one of two ways. A publication such as
2600 can publicize the vulnerability situation; or someone can be
caught taking advantage of it. In either case, Bellcore swings into
action. For the former, threats of civil action for the publication of
"proprietary" data does the trick. In the latter case, it simply hauls
the perpetrator into court and garners as much publicity as possible.
This has the dual purpose of intimidating others who may follow suit,
and it obscures the fact that the whole problem was caused by
Bellcore's own negligence.
It has been my experience in cases brought against accused phreaks
that the prosecutors have not a clue what constitutes sensitive
material. Bellcore exploits this to the hilt when it uses the long
arm of the law in lieu of properly imbedded security features. Just
ask Craig Neidorf. In all fairness, that particular incident involved
an RBOC trying to fry Craig for something Bellcore was readily selling
over the counter. And Bellcore is certainly not the only entity in
the nation, or perhaps the world, that gives security less than prime
consideration, just "hoping" that whatever is slapped together will be
good enough. But just because a practice may be widespread does not
make it legitimate.
The press has the right, nay the responsibility, to put these issues
before the public eye. We as a society have long since progressed
beyond the notion that there are just some things about which people
should not know, care, or ask. Security through obscurity no longer
can work in an enlightened society. A system or network is not safe if
the only thing keeping people out is the fact that a trivial entry
procedure is not widely known. Unfortunately, much of the nation's
telephone network can still be thusly described. If the only way to
get these holes plugged is to publicize them and literally force
Bellcore and the RBOCs to do their duty, then so be it. If prestigious
organizations such as Bellcore suffer a little embarrassment along the
way, just consider that the market force at work.
------------------------------
Date: Tue, 04 Aug 92 07:25:55 -0400
From: (Lorrayne Schaefer) <lorrayne@SMILEY.MITRE.ORG>
Subject: File 4--Re: SURVEY: Is Big Brother Watching You?
((MODERATORS' NOTE: As previous posts in CuD demonstrate, computer
privacy in the workplace has become an important issue in the past
year. Lorrayne Schaefer has been active in collecting data to enable a
specific assessment of the types of policies currently in place in the
public and private sectors. CuD will summarize the results of her
findings when completed.))
The purpose of this survey is to collect data for a presentation that
I will give at this year's National Computer Security Conference in
October. I would like to thank you for taking the time to fill out
this survey. If you have any questions, you can call me at
703-883-5301 or send me email at lorrayne@smiley.mitre.org. Please
send your completed survey to:
Lorrayne Schaefer
The MITRE Corporation
M/S Z213
7525 Colshire Drive
McLean, VA 22102
lorrayne@smiley.mitre.org
This survey has been posted on some newsgroups a few months ago. This
survey has also been distributed to various conferences over the past
few months. All results will be in the form of statistical
information and keywords. All participants will remain anonymous.
If you have responded to this survey, I give you my thanks. I cannot
get a realistic enough picture without those who have spent some time
answering these questions. For those who are responding to this
survey now, thank you.
SURVEY: MONITORING IN THE WORKPLACE
1. What is your title?
2. What type of work does your organization do?
3. Does your organization currently monitor computer activity? (Yes/No)
a. If yes, what type of monitoring does your company do (e.g.,
electronic mail, bulletin boards, telephone, system activity, network
activity)?
b. Why does your company choose to monitor these things and how
is it done?
4. If you are considering (or are currently) using a monitoring
tool, what exactly would you monitor? How would you protect this
information?
5. Are you for or against monitoring? Why/why not? Think in
terms of whether it is ethical or unethical ("ethical" meaning
that it is right and "unethical" meaning it is wrong) for an
employer to monitor an employee's computer usage. In your
response, consider that the employee is allowed by the company to use
the computer and the company currently monitors computer activity.
6. If your company monitors employees, is it clearly defined in
your company policy?
7. In your opinion, does the employee have rights in terms of
being monitored?
8. In your opinion, does the company have rights to protect its
assets by using a form of monitoring tool?
9. If you are being monitored, do you take offense? Managers:
How do you handle situations in which the employee takes offense at
being monitored?
10. What measures does your company use to prevent misuse of
monitoring in the workplace?
11. If an employee is caught abusing the monitoring tool, what would
happen to that individual? If your company is not using any form of
monitoring, what do you think should happen to an individual who
abused the tool?
12. Is it unethical to monitor electronic mail to determine if the
employee is not abusing this company resource (e.g., suppose the
employee sends personal notes via a network to others that are not
work related)? Why or why not?
------------------------------
Date: Mon, 3 Aug 92 21:03:26 PDT
From: Anonymous@CUP.PORTAL.COM
Subject: File 5--BellSouth Shareholders Note
((Thought you might be interested in the following text from the
BellSouth shareholder report. -ANON-))
Urgent Appeal To BellSouth Shareholders
The range of consumer choices, along with the future growth
opportunities of BellSouth and the other Bell holding
companies, would be sharply limited by H. R. 5096 - the
"Brooks bill." This legislation is being pushed through
Congress by giant media corporations as a means of keeping
competition out of their lines of business.
PLEASE WRITE YOUR REPRESENTATIVE TODAY, EXPRESSING YOUR
OPPOSITION TO H. R. 5096.
KEY POINTS TO MAKE WITH YOUR REPRESENTATIVE:
The Brooks bill must be stopped because it would:
1. deny consumers access to a rich array of information services
2. hurt domestic employment and
3. stifle competition.
To obtain the name of your representative, call the U. S.
Capitol at 202-224-3121. Mail your letter to your
representative at U. S. House of Representatives,
Washington, DC 20515.
For more about the Brooks bill, see pages 1 and 7 of this
newsletter, and/or mail the enclosed card. You may also call
1-800-522-2355, ext. 44.
Thank you for helping BellSouth preserve its right to
compete.
Dear Shareholders:
We had a strong second quarter. Earnings increased 26
percent, driven by growth in both our telephone and cellular
businesses, and by continued cost control.
But the good quarterly results were clouded by a
discriminatory bill that is moving through the U.S. House of
Representatives this summer. And we need your help to defeat
it.
BILL WOULD HURT CONSUMERS
H.R. 5096, also known as the "Brooks bill," would
effectively legislate BellSouth and the other Bell holding
companies (BHCs) out of promising areas of growth in the
industry we know best. It would do this by enacting into law
three of the line of business restrictions imposed by the
courts at divestiture - including information services,
which the courts already have allowed us to enter.
The bill is bad for customers, shareholders and employees.
Customers would be deprived of many new services that could
improve their quality of life. In fact, because BellSouth
already has information services in operation, our customers
stand to have the door slammed in their faces when it comes
to enhancing and expanding existing services.
The Brooks bill would hurt shareholders, primarily because
it severely limits our ability to increase the uses - and,
therefore, the value - of the sophisticated network your
capital has helped build.
LET CONGRESS KNOW WHERE YOU STAND
What can you do? Write or call your Representative in the
U.S. House. Tell him or her that you. as someone with a
substantial stake in BellSouth. oppose H.R. 5096 because the
bill is anti-jobs, anti-consumer and anti-competitive.
I know many of you already have written to Congress because
you sent me copies of your letters. But this issue is so
critical to you, our owners. that I am asking you to write
again.
You can affect what Congress does. and you can take action
to protect your investment in BellSouth. Please add your
voice to that of the Communications Workers of America (CWA)
and hundreds of other groups who oppose the Brooks bill.
Write your Representative now. and if you would also like to
receive a briefing package on this legislation, please
return the enclosed postcard. or call 1-800-522-2355, ext.
44.
BellSouth and the CWA aren't afraid to compete for the
customer's business.and we shouldn't be denied the
opportunity to do so.
=======================================================================
Positioning BellSouth for the Future
Excerpts from Chairman John Clendenin's remarks at the annual
shareholder's meeting in April.
"1991 was an extraordinary year in terms of positioning BellSouth for
the future. What we're seeing is the natural evolution of a totally
flexible new generation of telecommunications technology, and the
freeing of people from the communication umbilical cord that has tied
them to the office or the home."
"It's our conviction that the ability to combine wireless and wireline
skills - often in partnership with others - will serve our customers,
and hence our owners best."
"We're looking at our core telephone network in new ways, including
the philosophy of how we use it. We aim to grow our business by making
our core telephone intelligent network attractive for other
information providers to use. We're looking at ways to deliver more
services in joint efforts with others."
"RAM Mobile Data puts us on the forefront of another promising market
- wireless data transmission. Ultimately, this new technology's growth
is expected to parallel the explosive growth of cellular. There are an
estimated 10 million potential mobile data users in the U. S. alone."
"We are on the leading edge of technology, and we are absolutely
committed to staying there. Overseas and here in the U. S. we're
setting the pace in developing all the technical and other skills it
takes to give customers whatever it takes to communicate, whenever and
wherever they want to."
"As competitors take local exchange business from us, we have to
regain the freedom to get into other areas. Keeping our freedom to
provide sophisticated information services, such as distance learning,
is our top priority.
Eventually, these will be very important markets for us. But some
powerful interests, particularly some big media companies that own
newspapers and cable TV operations don't want us in information
services, and they're lobbying Congress to take away the freedom we've
gained from the courts.
If they have their way, BellSouth will be kept away from a big portion
of the growing telecommunications pie in this exploding Age of
Information."
"I've got a request: Write your U. S. Representative and your U. S.
Senators. Let them know that BellSouth, the other Bell holding
companies and America's consumers, shouldn't be denied information
services to protect the financial interests of those big media
companies. Tell them you oppose H. R. 5096, called the Brooks bill."
------------------------------
Date: 28 Jul 92 16:54:14 EDT
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 6--'Pirate' is PC?
"Texas and the Pirates"
With all the publicity computer pirates have been getting lately -
what with teenagers nonchalantly tapping into credit-card databases
from their bedrooms and bands of foreign technophiles looking for
vulnerable spots in computer networks that require high-level
clearance to access - security firms are going all out to market
their expertise to the nervous masses.
{ info about the June Computer Security Institute conference deleted.}
The two-day conference includes seminars on topics such as "Securing
the Simple Network Management Protocol" and "Protecting Against LAN
Viruses." To the astute security observer, however, the title of
one session - "Hackers and Your Network" - would certainly cause
a gasp. As all politically correct technophiles know, hackers are
legitimate computer enthusiasts; "computer pirates," by contrast,
are those involved in technothievery.
Excerpted from the June 1, 1992 issue of
INFORMATION WEEK, who should know better.
------------------------------
Date: Sun, 9 Aug 1992 10:05:58 (CDT)
From: CuD Moderators <tk0jut2@mvs.cso.niu.edu)
Subject: File 7--"Piracy:" Overstated? (Chic Tribune summary)
Summary from:
"Yes, Piracy's Illegal, But not the Scourge it's Cracked up to be"
Chicago Tribune, August 9, 1992 (Section 7, p. 7)
By T.R. Reid and Brit Hume
Sunday Tribune computer columnists Reid and Hume challenged what they
call one of the software industry's "periodic public relations
campaigns to get people to believe it's being robbed blind by software
pirates." They poked a bit of fun at a New York Time's front page
story dramatizing the "scourge," noting that the industry's claim that
pirates steal up to half of the annual total sales of $5.7 billion is
"almost certainly rot.
The $2.4 billion estimate of purloined software apparently comes from
a figure given out by the SPA (Software Publisher's Association) in
1990. The SPA has increased this figure dramatically in 1992 (see next
issue of CuD). As Reid and Hume correctly comment, "there is simply no
way the software industry can estimate accurately how many illegal
copies there are, and even if it could, it couldn't possibly determine
how many of them represent lost sales."
Reid and Hume continue, making several points that pirates would agree
with:
1. If you use a program, you should pay for it. Reid and Hume are a
bit more adamant in their claim that that it's *not* ok to pirate
software (a point on which pirates take exception). But, there is
strong consensus among "elite" pirates that, as Reid and Hume argue,
"it's particularly dishonest to use a stolen program for commercial
purposes." Elite pirates might phrase it a bit differently:
"Bootleggers are scum."
2. Sharing software can enhance sales. Reid and Hume argue that those
who obtain an unpurchased copy of software that they like and use may
find updates, instructions, and on-line help well worth the purchase.
They also note that the shareware concept, based on free distribution
of programs, has thrived and has made programmers quite successful.
(See the September, '92, issue of Boardwatch Magazine, for a story on
software industry awards).
3. They, as do most elite pirates, strongly condemn the practice of
copying an authorized program in a business and sharing it around to
avoid the site license fees.
4. The pre-purchase use of software is "not such a bad thing" because
it can help sales. It also provides users a chance to compare the most
expensive programs, such as word processors, databases, spread sheets,
and graphics programs, all of which are major expenditures for most
users. It makes no sense to spend $480 to purchase dBase when Foxbase
may be more suited to one's needs.
The columnists fall short of advocating responsible piracy, and they
make it clear that they oppose unauthorized copying for profit or
"free use" simply to avoid paying for a product that will be used.
But it is refreshing to see the mainstream press begin to challenge
the claims, and hopefully eventually the practices, of the SPA and
others who associate "piracy" with "theft" and would rather
criminalize the practice rather than take a more prudent approach to
creative software sharing.
------------------------------
Date: Sat, 8 Aug 1992 19:41:09 (CDT)
From: CuD Moderators <tk0jut2@mvs.cso.niu.edu)
Subject: File 8--'Zine Watch - 2600 and Boardwatch
2600: The Hacker Quarterly--The Summer, '92 (Vol 9, #2) issue is out
and includes articles on defeating *69 (automatic return call), a
summary of the recent MOD indictments and a critique of its media
coverage, Bellcore's plans for caller ID, a demon dialer review, and
much more. Perhaps the best piece is by an anonymous government
official who, while not in any way justifying or glorifying "hacking,"
makes a strong case that if security and law enforcement personal would
attempt to understand, rather than demonize, their "enemy," they would
be far better at their jobs and reduce some of the tensions that exist
between the two communities.
Information on 2600 can be obtained at 2600@well.sf.ca.us
Boardwatch: It gets slicker and better each issue. It's moving from
simply "very good" to "dynamite!" At $36 for 12 issues, it's a bargain
for serious modemers. The September issue includes the usual
"Tele-bits" and "Internet News" features, along with the BBS numbers,
ads that are actually fun to read, and a summary of the SIA Industry
Awards for best software in the past year. In our view, attorney
Lance Rose's monthly contributions alone are worth the price. Rose, a
specialist in copyright law and author of SYSLAW (a guide to legal
issues affecting sysops), focuses this month on the rumor that
Apogee's game, Wolfenstien, is illegal because it may violate German
law by including images of swastikas and other Nazi symbols, which
some feel may violate a German statute that prohibits the perpetuation
of their Nazi past. Rose addresses this in the broader context of
censorship and sysop legal liabilities. He also notes that the rumor
may have greatly enhanced the game's sales.
Information on Boardwatch can be obtained from:
jrickard@teal.csn.org
------------------------------
Date: Sun, 9 Aug 1992 11:51:31 (CDT)
From: CuD Moderators <tk0jut2@mvs.cso.niu.edu)
Subject: File 9--*NO MORE CHICAGO TRIBUNE ARTICLES*
Even though we require posters to assure they have copyright
permission for reposts they submit, this is not always done. We rely
on posters, because we have no reasonable way of checking permissions.
In the past year, we have received a disproportionate number of
Chicago Tribune articles, so we called Joe Leonard, associate editor
of operations in charge of granting copyright permission, to be sure
electronic reprinting of Tribune articles was kosher. His three word
response: "IT IS NOT!"
Leonard indicated that the Tribune has contracts with services for
electronic copying services, and allowing others to electronically
reprint Tribune articles would be a violation of their contract. He
contended that he perceives himself as in the information business,
not the newspaper business, and he will under no conditions give
permission to reproduce a Tribune article electronically, because it
puts him at risk with other information service providers. He
indicated, however, that permission for hardcopy reproduction is more
flexible. CuD will *NOT* accept reproductions from the Chicago
Tribune. If there is any doubt about the copyright of a news story,
the best rule of thumb is to err on the side of caution and summarize
it, quoting only enough material that falls on the safe side of "fair
use." When submitting a reproduced article (whether summarized or
intact), be sure to include the entire reference (source, date, page,
author).
------------------------------
End of Computer Underground Digest #4.35
************************************
Computer underground Digest Sun Aug 16, 1992 Volume 4 : Issue 36
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Copy Editor: Etaion Shrdlu, III
Archivist: Brendan Kehoe
Shadow-Archivist: Dan Carosone
CONTENTS, #4.36 (Aug 16, 1992)
File 1--COMP.SOCIETY.CU-DIGEST CHANGE
File 2--Bell System Policies - in Re CuD 4.35
File 3--Bell System Policies (John's Response 1)
File 4--Bell System Policies (Jerry's Response 2)
File 5--Bell System Policies (John's Response 2)
File 6--Pacbell security - The Final Word
File 7--Brooks Statement on INSLAW Report
File 8--Special Investigator Requested for Inslaw (Press Release)
File 9--Summary of NBC's Coverage of Danny Casolaro/Inslaw
File 10--Re: Overstated? (Chic Tribune summary)
File 11--Elite Pirates? I think not.
File 12--Deferring the Piracy Debate until September
File 13--Software piracy in America's schools?
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by
anonymous ftp from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Fri, 14 Aug, 1992 17:15:32 CDT
From: CuD Moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 1--COMP.SOCIETY.CU-DIGEST CHANGE
Chip Rosenthal reminds everybody:
The comp.society.cu-digest newsgroup has been created. Effective
immediately, the CuD will be cross-posted into both the old alt
group and the new comp group. After about a month's time to
allow for changeover, I will delete the old alt group and send it
only to the comp group.
SO: If you're reading CuD as an ALT group, BE SURE TO unjoin and
join COMP.SOCIETY.CU-DIGEST instead.
Chip took the initiative for the change, managed the discussion on
newss.groups, and is making the transition smooth and easy.
THANKS CHIP!! NICE JOB!!
------------------------------
Date: Mon, 10 Aug 1992 15:51:38 GMT
From: jmcarli@SRV.PACBELL.COM(Jerry M. Carlin)
Subject: File 2--Bell System Policies - in Re CuD 4.35
((MODERATORS' COMMENT: We asked Jerry Carlin and John Higdon to frame
their discussion of Bell System/Bellcore policies as a
point-counterpoint exchange. We found their discussion exceptionally
informative and commend them for putting together a stimulating
sequence of posts)).
In CuD 4.35, John Higdon wrote:
>But the policy of "The Bell System" and now Bellcore and the RBOCs
>seems to be to do nothing about any such problems and wait for some
>phreak to get caught with a hand in the cookie jar...
I'm not going to argue history but John's contention that Bellcore and
the RBOCs are doing nothing is incorrect. BTW, I work for PacBell.
Some examples:
Bellcore has issued "Technical Advisories" on the subject of
security including FA-NWT-000835 "Generic Framework
Requirements for Network Element and Network System Security
Administration Messages" and FA-STS-001324 "Framework Generic
Requirements for X Window System Security".
They participate in security organizations such as IEEE P1003.6
doing security standards for POSIX (UNIX) and ISO/IEC JTC1/SC27
and ANSI X3T4 (a mouthful :-) I personally voted on the last
draft of P1003.6, spending quite a bit of time to try to fathom
a very large document. Also, a set of Bellcore security
requirements forms a large part of a draft NIST "Minimum
Security Functionality Requirements for Multi-User Operating
Systems" (MSFR) document designed to replace the DoD Orange
Book.
They are doing work on using Kerberos and exploring OSF/DCE
security features to increase the robustness of distributed
applications.
We (Pacbell) have spent millions of dollars implementing
various security measures including security packages (RACF for
MVS) and in using Security Dynamics "SecureID" cards for dial
access.
We have been working on enhancing UNIX security. Bellcore has
developed a UNIX Security Toolkit which added many features to
the basic scripts first outlined in the book "UNIX System
Security" by Wood & Kochan. They added a one-week course on
UNIX security to their curriculum. We and they now have
security components to reviews of applications. Bellcore
developed a set of UNIX security requirements and asked all the
major vendors to respond. Systems security is now part of the
purchasing decisions.
Is all of this enough? Well, that is another argument but I hope it's
clear that Bellcore and Pacbell (and the other RBOCS) are "doing
something".
++++
Jerry M. Carlin (510) 823-2441 jmcarli@srv.pacbell.com
Alchemical Engineer and Virtual Realist
------------------------------
Date: Mon, 10 Aug 92 17:37 PDT
From: john@ZYGOT.ATI.COM(John Higdon)
Subject: File 3--Bell System Policies (John's Response 1)
jmcarli@SRV.PACBELL.COM(Jerry M. Carlin) writes:
[Lots of stuff about how Bellcore and Pac*Bell give major lip service
to security.]
But the truth of the matter is that while Bellcore may have written a
book on the matter of security, it apparently forgot to read it. Even
to this day, it is more or less a trivial matter for a knowledgeable
person to get into things he shouldn't.
If you want to have a good horse laugh, you should read the COSMOS
training manual. This system WAS so full of holes that you could
literally set up your own phone company using Pac*Bell's network with
the company becoming none the wiser.
This has been tightened up somewhat. And how did it get tightened up?
Go down to the LA area sometime and pull the microfilm on the LA Times
and the Orange County Register and see the pictures of the evil
desperados (a bunch of sixteen year old kids) who easily penetrated
Pac*Bell and set up all manner of telephonic conveniences for
themselves using COSMOS. This took place in the mid-eighties. Pac*Bell
should have been exceedingly embarrassed.
> Is all of this enough? Well, that is another argument but I hope it's
> clear that Bellcore and Pacbell (and the other RBOCS) are "doing
> something".
Dialups into CO switches used to have no password protection
whatsoever. Now they do. That's a start, folks. So you are now
thinking about security? Good for you. It is about time. Why has it
taken so long?
------------------------------
Date: Tue, 11 Aug 92 09:01:16 PDT
From: jmcarli@SRV.PACBELL.COM(Jerry M. Carlin)
Subject: File 4--Bell System Policies (Jerry's Response 2)
> From zygot!john@apple.com Mon Aug 10 17:48:25 1992
>
> jmcarli@SRV.PACBELL.COM(Jerry M. Carlin) writes:
> [Lots of stuff about how Bellcore and Pac*Bell give major lip service
> to security.]
I don't consider spending tens of millions of dollars over the past
few years as "lip service". If you wonder what on: such things as RACF
for MVS is not cheap. SecureID cards cost quite a bit when multiplied by
10,000 people. Getting lots of shredders costs money. Could we have spent
it more wisely. Of course, but what else is new. IMHO we've done pretty well.
> But the truth of the matter is that while Bellcore may have written a
> book on the matter of security, it apparently forgot to read it. Even
> to this day, it is more or less a trivial matter for a knowledgeable
> person to get into things he shouldn't.
It's neither easy nor quick to plug all the holes in 'swiss cheese'. The
point I'm trying to make is that we've been working on it for a number
of years and are continuing to work on it and that we've made good progress.
> ... Good for you. It is about time. Why has it taken so long?
Some of the reasons are our fault and some are not.
We have been yelling at vendors to deliver operating systems with adequate
security features and bug fixes for a number of years now. I'm REALLY
tired of having stupidities like /etc/hosts.equiv "+" and initial ID's
without passwords forcing us to do work we should not have to do to clean
it up.
Some of the problems require new technology. We REALLY want Kerberos
and/or OSF DCE but they are not ready yet. We're just getting to the
point of having secure SNMP. When the protocols are full of security holes
it makes it kind of difficult to have true security.
By the way, my personal opinion is that the biggest security problem is
people. We can have the most secure systems in the world, and they can
even be maintained in a secure state but one successful "social engineer"
can knock all of that into a cocked hat. It is a non-trivial problem to
make sure that all legitimate calls from one employee to another get
responded to without delay while at the same time catching all those
trying to talk employees out of confidential information or into opening
up some access in the name of a (bogus) emergency.
There is a public trust issue here. If someone gets the unlisted number
of a public figure and then uses that to harass the person, it's a serious
matter. If the 911 service is disrupted lives are at stake. If someone's
conversations are intercepted illegally, we've violated an expectation of
privacy if not various laws.
While I obviously believe that John is overemphasizing the negative, his
feeling that security is vital and that we need to finish the job is one
that I share. I think it is mandatory that we do so if we want to succeed
in the coming era where any customer will have a choice between several
vendors for basic dial tone. We're getting close now with cellular and
will get closer with the next generation mobile technology. Even the
hard-wired local loop will be opened up. We can no longer be arrogant
since "we're the phone company, after all". It's not true now and it will
be less true in the future. We're "A" phone company not "THE" phone
company.
------------------------------
Date: Wed, 12 Aug 92 14:13 PDT
From: john@ZYGOT.ATI.COM(John Higdon)
Subject: File 5--Bell System Policies (John's Response 2)
jmcarli@SRV.PACBELL.COM(Jerry M. Carlin) responds:
> It's neither easy nor quick to plug all the holes in 'swiss cheese'. The
> point I'm trying to make is that we've been working on it for a number
> of years and are continuing to work on it and that we've made good progress.
Yes, and it is important to separate "inherent insecurity" from
"sloppiness". The matter of inband signaling (from which the
publication "2600" derives its name) involved an imbedded, virtually
uncorrectable security hole. Most of these, thank heaven, are becoming
history.
But Pac*Bell, among others, is still just a wee bit sloppy on the
administrative level. Just one example:
After having eight of my residence phone numbers changed, I suddenly
realized that my Pac*Bell Calling Card was invalid. I called the
business office and explained that I wanted a new card. No problem. In
fact, I could select my own PIN. And if I did so, the card would
become usable almost immediately.
Do you see where I am going with this? No effort was made to verify
that I was who I claimed to be, even though my accounts are all
flagged with a password. (When I reminded the rep that she forgot to
ask for my password, she was highly embarrassed.) If I had been Joe
Crook, I would have a nice new Calling Card, complete with PIN, of
which the bill-paying sucker (me) would not have had any knowledge. By
the time the smoke cleared, how many calls to the Dominican Republic
could have been made?
When will Pac*Bell do something about this wide, gaping security hole?
I will tell you: when losses become significant, and/or the press gets
wind of it and some notable, visible cases go to court. So, you want
to go into the "Call Back to your Homeland Cheap" business? Call the
Pac*Bell business office, tell the rep you want a calling card for a
particular number (perferably one you do not get the bill for) and
select your own PIN (one that you can easily remember :-).
So, Pac*Bell, do you want to sue me for publishing "sensitive"
information? Or do you want to plug the hole and fix the problem? I
think by now you get the point.
------------------------------
Date: Wed, 12 Aug 92 16:45:35 PDT
From: jmcarli@SRV.PACBELL.COM(Jerry M. Carlin)
Subject: File 6--Pacbell security - The Final Word
John writes:
> But Pac*Bell, among others, is still just a wee bit sloppy on the
> administrative level. Just one example:...
>
> Do you see where I am going with this? No effort was made to verify
> that I was who I claimed to be, even though my accounts are all flagged
> with a password. (When I reminded the rep that she forgot to ask for my
> password, she was highly embarrassed.)...
>
> When will Pac*Bell do something about this wide, gaping security hole?...
All I can say is that we're trying. As I pointed out earlier in this
conversation, it all comes down to people. A mistake was made, no
doubt about it. Can be do a better job than we are doing? We're
trying to. Is being Ok enough? As the current advertising slogan says
"Good enough isn't". This slogan has to translate into real action.
As my part in this effort, I'm going to pass all of this along so that
management realizes that a mistake was made so that action can be
taken to minimize the chances of it reoccuring. At the very least we
can remind service reps that they need to remember to verify users and
to make sure that the procedures and training are up to snuff.
Even though it is uncomfortable to be the recipients of criticism, we
need to listen to our customers, especially knowedgeable ones like
John, otherwise they will go elsewhere as competition comes to the
business.
------------------------------
Date: Fri, 14 Aug, 1992 17:15:32 CDT
From: CuD Moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 7--Brooks Statement on INSLAW Report
Statement of Chairman Jack Brooks
Committee on the Judiciary
re: INSLAW Report
Tuesday, August 11, 1992
(MODERATORS' COMMENT: Following is the complete text of Jack Brooks
(Texas), chair of the House Judiciary Committee, summarizing the
findings of the Committee's investigation into the dispute between
INSLAW and the U.S. Department of Justice).
THE LAST ITEM ON OUR AGENDA TODAY IS THE CONSIDERATION OF THE
INVESTIGATIVE REPORT "THE INSLAW AFFAIR," WHICH WITHOUT OBJECTION WILL
BE CONSIDERED AS READ.
THIS REPORT DESCRIBES THE COMMITTEE'S INVESTIGATION INTO SERIOUS
ALLEGATIONS THAT HIGH-LEVEL DEPARTMENT OF JUSTICE OFFICIALS WERE
INVOLVED IN A CRIMINAL CONSPIRACY TO FORCE INSLAW, A SMALL COMPUTER
COMPANY, OUT OF BUSINESS AND STEAL ITS PRIMARY ASSET--A SOFTWARE
SYSTEM CALLED PROMIS.
BASED ON THE COMMITTEE'S INVESTIGATION AND TWO SEPARATE FEDERAL COURT
RULINGS, THE DRAFT REPORT CONCLUDES THAT HIGH-LEVEL DEPARTMENT OF
JUSTICE OFFICIALS DELIBERATELY IGNORED INSLAW'S PROPRIETARY RIGHTS IN
THE ENHANCED VERSION OF PROMIS AND MISAPPROPRIATED THIS SOFTWARE FOR
USE AT LOCATIONS NOT COVERED UNDER CONTRACT WITH THE COMPANY. JUSTICE
THEN PROCEEDED TO CHALLENGE INSLAW'S CLAIMS IN COURT EVEN THOUGH IT
KNEW THAT THESE CLAIMS WERE VALID AND THAT THE DEPARTMENT WOULD MOST
LIKELY LOSE IN COURT ON THIS ISSUE. AFTER ALMOST SEVEN YEARS OF
LITIGATION AND $1 MILLION IN COST, THE DEPARTMENT IS STILL DENYING ITS
CULPABILITY IN THIS MATTER.
UNFORTUNATELY, INSTEAD OF CONDUCTING AN INVESTIGATION INTO INSLAW'S
CLAIMS THAT CRIMINAL WRONGDOING BY HIGH-LEVEL GOVERNMENT OFFICIALS HAD
OCCURED, ATTORNEYS GENERAL MEESE AND THORNBURGH BLOCKED OR RESTRICTED
CONGRESSIONAL INQUIRIES INTO THE MATTER, IGNORED THE FINDINGS OF TWO
FEDERAL COURTS AND REFUSED TO SEEK THE APPOINTMENT OF AN INDEPENDENT
COUNSEL. THESE ACTIONS WERE TAKEN IN THE FACE OF A GROWING BODY OF
EVIDENCE THAT SERIOUS WRONGDOING HAD OCCURED WHICH REACHED THE HIGHEST
LEVELS OF THE DEPARTMENT. THE EVIDENCE RECEIVED BY THE COMMITTEE
DURING ITS INVESTIGATION CLEARLY RAISES SERIOUS CONCERNS ABOUT THE
POSSIBILITY THAT A HIGH-LEVEL CONSPIRACY AGAINST INSLAW DID EXIST AND
THAT GREAT EFFORTS HAVE BEEN EXPENDED BY THE DEPARTMENT TO BLOCK ANY
OUTSIDE INVESTIGATION INTO THE MATTER.
BASED ON THE EVIDENCE PRESENTED IN THIS REPORT, IT IS CLEAR THAT
EXTRAORDINARY STEPS ARE REQUIRED TO RESOLVE THE INSLAW ISSUE. THE
REPORT RECOMMENDS THAT THE ATTORNEY GENERAL TAKE IMMEDIATE STEPS TO
REMUNERATE INSLAW FOR THE HARM THE DEPARTMENT HAS EGREGIOUSLY CAUSED
THE COMPANY. IT ALSO RECOMMENDS THAT IN INDEPENDENT COUNSEL BE
APPOINTED WITH BROAD POWERS TO INVESTIGATE ALL MATTERS RELATED TO THE
ALLEGATIONS OF WRONGDOING IN THE INSLAW MATTER.
IN MY VIEW, CONGRESS AND THE EXECUTIVE BRANCH MUST TAKE IMMEDIATE AND
FORCEFUL STEPS TO RESTORE THE PUBLIC CONFIDENCE AND FAITH IN OUR
SYSTEM OF JUSTICE WHICH HAS BEEN SEVERELY ERODED BY THIS PAINFUL AND
UNFORTUNATE AFFAIR. I, THEREFORE URGE ALL MEMBERS TO SUPPORT THE
ADOPTION OF THIS REPORT.
(end -- original report all in upper case)
------------------------------
Date: Fri, 14 Aug, 1992 19:52:31 PDT
From: pinknoiz@well.sf.ca.us
Subject: File 8--Special Investigator Requested for Inslaw (Press Release)
One Hundred Second Congress
Congress of the United States
U.S. House of Representatives
Committee on the Judiciary
Washington, D.C. 20515
For Immediate Release
August 11, 1992
NEWS RELEASE
JUDICIARY COMMITTEE REPORT CALLS FOR INDEPENDENT COUNSEL TO
INVESTIGATE THE INSLAW CONTROVERSY
By a vote of 21 to 13, the House Committee on the Judiciary today
voted to adopt an investigative report entitled, "The INSLAW Affair."
This report recommends that Attorney General Barr seek the
appointment of an Independent Counsel to investigate potential
criminal conduct of current and former Justice officials involved in
an alleged conspiracy to steal the PROMIS software system from
INSLAW, Inc.
Congressman Jack Brooks (D-Tex.), Chairman of the full
Committee, stated, "This report culminates the Committee's
three-year investigation into serious allegations that
high-level Department of Justice officials were involved in
a criminal conspiracy to force INSLAW, a small computer
company, out of business and steal its primary asset -- a
software system called PROMIS. While the Department
continues to attempt to describe its conflict with INSLAW as
a simple contract dispute that has been blown out of
proportion by the media, the Committee's investigation has
uncovered information which suggests a much different,
disturbing conclusion."
In March 1982, the Justice Department awarded INSLAW, Inc., a $10
million, three year contract to implement a case management software
system called PROMIS at 94 U.S. Attorney's offices across the country
and U.S. territories. While PROMIS could have gone a long way toward
correcting the Department's long- standing need for a standardized
case management system, the contract between INSLAW and Justice
quickly became embroiled in bitterness and controversy which has
lasted for almost a decade.
The report concludes that there appears to be strong evidence, as
indicated by the findings of two Federal court proceedings, as well as
by the Committee investigation, that the Department of Justice "acted
willfully and fraudulently," and "took, converted and stole" INSLAW's
Enhanced PROMIS by "trickery, fraud and deceit." The report finds that
these actions against INSLAW were implemented through the Project
Manager from the beginning of the contract and under the direction of
high-level Justice Department officials. The evidence presented in the
report demonstrates that high-level Department officials deliberately
ignored INSLAW's proprietary rights and misappropriated its PROMIS
software for use at locations not covered under contract with the
company. Justice then proceeded to challenge INSLAW's claims in court
even though its own internal deliberations had concluded that these
claims were valid and that the Department would most likely lose in
court on this issue.
Brooks stated, "After almost seven years of litigation and
$1 million in cost to the taxpayer, the Department is still
trying to avoid accountability for the actions it took
against INSLAW. It is time for Justice to recognize its
mistakes and cut its losses and restore its moral standing
as an enforcement agency, which is just as committed to
living by the law as any other citizen."
According to the report, the second phase of the Committee's
investigation concentrated on the allegations that high-level
officials at the Department of Justice conspired to drive INSLAW into
insolvency and steal PROMIS. In this regard, the report states that
several individuals testified under oath that INSLAW's PROMIS software
was stolen and distributed internationally in order to provide
financial gain to associates of Justice Department officials and to
further intelligence and foreign policy objectives of the United
States. Additional corroborating evidence was uncovered by the
Committee which substantiated to varying degrees the information
provided by these individuals.
Brooks stated, "It is unfortunate that the Department chose
not to conduct a thorough investigation into INSLAW's
allegations of criminal wrongdoing by high-level government
officials. Although they were faced with a growing body of
evidence that serious wrongdoing had occurred which reached
to the highest levels of the Department, both Attorneys
General Meese and Thornburgh blocked or restricted
Congressional inquiries into this matter and in the case of
Attorney General Thornburgh ignored the findings of two
Federal courts and refused to seek the appointment of an
Independent Counsel."
The report recommends that Attorney General Barr immediately settle
INSLAW's claims in a fair and equitable manner. The Committee report
also strongly recommends that the Department seek the appointment of
an Independent Counsel in accordance with 28 USC $$591-599 to conduct
a comprehensive investigation of the INSLAW allegations of a high
level conspiracy within the Justice Department to steal and distribute
the Enhanced PROMIS software. According to the report, the
investigation should: (1) ascertain whether there was a strategy by
former Attorneys General and other Department officials to obstruct
this and other investigations through employee harassment and denial
of access to Department records; (2) determine whether current and
former Justice Department officials and others involved in the INSLAW
affair resorted to perjury and obstruction in order to cover-up their
misdeeds; (3) determine whether the documents subpoenaed by the
Committee and reported missing by the Department were stolen or
illegally destroyed; and, (4) determine if private sector individuals
participated in (a) the alleged conspiracy to steal INSLAW's PROMIS
software and distribute it to various locations domestically and
overseas, and (b) the alleged cover-up of this conspiracy through
perjury and obstruction.
Finally, the Committee report recommends that the Independent Counsel
investigate the mysterious death of reporter, Daniel Casolaro, who
died while conducting an investigation of the INSLAW matter. The
report notes that the suspicious circumstances surrounding his death
have led some law enforcement professionals and others to believe that
his death may not have been a suicide.
Brooks concluded: "The conduct of the Department in the
INSLAW affair has resulted in an erosion of the public's
trust in the organization charged with enforcing our
Nation's laws. In order to restore the public's confidence
in the Department of Justice, there must be a full and open
investigation into this matter. However, I'm skeptical that
without the appointment of an individual to conduct this
investigation who is not under the direct control of the
Attorney General, this matter will ever be fully resolved."
------------------------------
From: ccb@MACBETH.UMD.EDU(Chrome Cboy)
Date: Wed, 12 Aug 1992 11:07:44 -0400
Subject: File 9--Summary of NBC's Coverage of Danny Casolaro/Inslaw
The NBC coverage of the Danny Casolaro death in the Inslaw case, which
aired last week, didn't seem to add many new facts, but I was
surprised to see that the incident hadn't been forgotten--in fact, it
seems to finally be making its way back into the spotlight.
Interviewed were Jack Anderson, a personal friend of Danny; Timothy
Hutton, who is playing Danny in a forthcoming HBO docu-drama; John
Connolly, the investigative reporter who has continued Danny's
research on behalf of HBO, and the chief counsel for INSLAW, an
ex-head of the Department of Justice who's name I can't remember.
Connolly felt that there wasn't an "Octopus" as Danny thought--eight
men at the highest levels of government, working in concert to further
their own desires. He did think, however, that these eight men were
involved in wrongdoings involving illegal aid to the Contras, the BCCI
scandal, the INSLAW theft, drug running, and possibly other things.
They simply weren't in cahoots.
There was also a taped interview with a forensic expert who claimed
that the entire autopsy was poorly performed, that it didn't follow
standard procedures, and that the report looked like the conclusion
regarding the cause of Danny's death had been reached a priori, and
that the rest of the report was then written to justify the
conclusion. Items that went unmentioned or were glossed over include:
multiple large contusions, including one to the head; that three of
Danny's fingernails had either been pulled off or were broken off
(possibly during a struggle); and that the wounds on his wrists were
deep and unhesitating, which is extremely rare in suicide victims. (In
fact, one of his wrists had been slashed eight times, cutting through
tendons all the way to the bone.)
It was Connolly's hypothesis that Danny had been jumped in his hotel
room in the early morning hours, subdued, interrogated (traces of
"strange drugs" were found in his system), and then killed. Adding to
the suspicions of foul play include the fact that none of Danny's
personal effects have been returned to the family, and that
investigators have been unable to view any of his personal effects,
reportedly including some notes that were found hidden in one of his
shoes. Also, his reporter's note are still missing.
I could probably flesh this out, add disclaimers, and touch it up if
you can't find anyone who managed to record the segment.
------------------------------
Date: Mon, 10 Aug 92 13:46:35 -0500
From: Neil W Rickert <rickert@CS.NIU.EDU>
Subject: File 10--Re: Overstated? (Chic Tribune summary)
>Computer underground Digest Sun Aug 9, 1992 Volume 4 : Issue 35
>Sunday Tribune computer columnists Reid and Hume challenged what they
>call one of the software industry's "periodic public relations
>campaigns to get people to believe it's being robbed blind by software
>pirates."
I too was glad to see this column.
I remember an interview I heard on NPR ("All Things Considered") a few
years ago. The industry representative asked the rhetorical question
"What would it be like if, for every car an auto dealer sells, two are
stolen?" At the time, I thought the analogy was wonderful, except
that the industry rep had it slightly wrong. He should have asked
"What would it be like if, for every car an auto dealer sells, two are
taken for test drives?" And of course the answer would be "That
already happens."
The software piracy problem is, to a considerable extent, the natural
consequence of industry policies. The software industry would have
you purchase software sight unseen, in shrink wrapped packaging,
without any knowledge of whether it will adequately serve your
purposes, and with no chance of a refund if the product proves
unsuitable or defective. They exacerbate this problem further by
setting prices which bear little relation to their costs. They
justify their costs on a "perceived value" basis, whereby they argue
about the financial value of say a spreadsheet package to an
accountancy firm. This "perceived value" pricing might make sense if
they charged a much lower "perceived value" to the treasurer of a
small church who wished use the spreadsheet once per month to manage
the church books; but they don't.
In the book publishing industry, the price of a book is much closer to
the manufacturing cost, except for special topic books with limited
markets. Natural market forces require this. If publishers charged
too much other authors would write books of a somewhat similar nature,
and capture much of the market. But, in an obvious attempt to defeat
such natural market forces, the software publishing industry uses its
"look and feel" lawsuits in an attempt to defeat the law of supply and
demand, and thereby maintain monopoly privileges for their products.
------------------------------
Date: 10 Aug 92 08:06:42 CDT (Mon)
From: peter@TARONGA.COM(Peter da Silva)
Subject: File 11--Elite Pirates? I think not.
Elite Pirates, as described in (Jim Thomas's article in CuD #4.35)
article, are virtually unknown: an endangered species at best, perhaps
by now simply a chimera...
>Reid and Hume continue, making several points that pirates would agree
>with:
Not the ones I know about.
>1. If you use a program, you should pay for it.
Maybe there's an elite among pirates who think this way, but the vast
majority pirate software because they need it and don't want to pay for
it. Virtually everyone I know who has pirated software has done so for
this reason. Many have purchased IBM PCs, as they earlier bought Apples,
because of the vast amount of pirate domain software available... the
biggest beneficiaries of piracy are clone vendors.
>2. Sharing software can enhance sales.
Only if most pirates go along with point 1.
>They also note that the shareware concept, based on free distribution
>of programs, has thrived and has made programmers quite successful.
Not really. The main success stories have been from people who have gone
commercial or switched to crippleware demos to "encourage" people to go
along with point 1.
>3. They, as do most elite pirates, strongly condemn the practice of
>copying an authorized program in a business and sharing it around to
>avoid the site license fees.
Most pirates I know wouldn't go that far, but they would "borrow" a copy
from the guy in the next office, which comes to much the same thing.
>4. The pre-purchase use of software is "not such a bad thing" because
>it can help sales. It also provides users a chance to compare the most
>expensive programs [...]
So would a software library, or software rental agencies... something I've
hoped would start showing up. They did for a while, but large-scale piracy
has so muddied the waters that there's no hope of them catching on until
software becomes as hard to copy as a book.
>The columnists fall short of advocating responsible piracy, and they
>make it clear that they oppose unauthorized copying for profit or
>"free use" simply to avoid paying for a product that will be used.
I suspect that they're simply unfamiliar with the normal corporate
environment, and think that their buddies counting coup on Lotus and
Borland are what the SPA is really concerned about. The pirate who does
it simply for the thrill of the chase is a rare bird indeed.
BUT, they do make great headlines when they get caught. Sorry if the small
time corporate thief has ruined your playground, but that's the way it goes
in the real world.
------------------------------
Date: Fri, 14 Aug, 1992 17:15:32 CDT
From: Jim Thomas <cudigest@mindvox.phantom.com>
Subject: File 12--Deferring the Piracy Debate until September
I partially agree with Peter: The pirate world has changed
dramatically in the past two years, and the "elite pirates" of the
1980s--those who enjoyed the thrill (albeit an anal-retentive one) of
the chase--are an endangered species. Peter and I will address this
issue in a near-future issue. The points I would make are that the
types, the motivations, and the consequences of creative software
sharing are not as clear-cut and certainly not as pernicious as the
SPA and other anti-piracy activists suggest. I suspect the primary
difference between the positions of Peter and I are not that *some*
line must be drawn between acceptable and unacceptable "piracy," but
*where* that line should be drawn.
A spokesperson for the SPA has *tentatively* agree to participate in
the debate, and we hope to have at least one special issue in early
September on the pros/cons of the ethics, legality, and responses to
sharing unpurchased copyright software.
------------------------------
Date: Wed, 12 Aug 1992 18:37 CDT
From: <BOEHLEFELD@WISCSSC.BITNET>
Subject: File 13--Software piracy in America's schools?
In an advertising publication, CPR (Curriculum Product News),
distributed to school district administrators, an article, "Software
copying in schools: a 1992 update," presents piracy problems within a
slightly different population than that which we normally see.
The article (unsigned) begins: "The last we heard from Captain
Diskcopy, a few years ago, she and her brash band of pirates were busy
encouraging educators to disregard the law that allows only one backup
copy for each program purchased. Their credo was 'copy, copy,
copy.'...[their] gospel: 'It's OK because you're doing it for the
kids!'"
It continues by detailing the lessening, but apparently still
troublesome, level of software copying in US school districts. A
representative of the National School Boards Assn. (members include
more than 2000 districts from 50 states) is quoted as saying that
unauthorized copying has been greatly reduced in recent years.
The article continues by citing information from the SPA about the
dollars lost to piracy ($24 billion in 1990), and the availability of
the SPAudit program (30,000 distributed in 1991), as well as a
12-minute videotape, "It's Just Not Worth the Risk." The tape is part
of an SPA "...public awareness and prevention campaign."
Also mentioned is the ICIA and its pamphlet of "...guidelines for
schools to follow, entitled, 'Should I Copy Micropcomputer Software.'
The guidelines are drawn from the Software Policy Statement published
in 1987 by ISTE (International Society for Technology in Education)...
." ISTE also distributes "A Code of Ethical Conduct for Computer-Using
Educators."
These progams, videos and publications are credited with decreasing
illegal copying in school districts.
The article then explains "lab packs," in which schools can obtain
multiple copies of software for educational purposes at special rates.
It notes that a few firms allow unlimited copying within a single
school building. (Rarely is an entire school district housed in a
single building, which can mean a district would have to buy multiple
lab packs for district use.) A smaller number of firms does offer
district-wide licenses, according to the article.
The article notes that the SPA has never sued a kindergarten through
high school (K-12) district, but does discuss a suit filed against the
University of Oregon's Continuation Center. A negotiated settlement
required the university to "...pay the SPA $130,000, launch a massive
on-campus campaign to educate students and faculty about lawful use of
copyrighted software, and host a national conference on 'Software and
the Law.'"
ICIA also asked its software publishing members to identify schools
which were copying software. An Ohio school district, described in the
article as "average sized," was mentioned frequently after the
campaign began, resulting in ICIA sending a cease and desist order to
the district.
A coordinator for instructional technology in an Indiana school
district then describes some of the problems she's had in purchasing
adequate software for her district's needs at a price that the
district can afford.
She says they are trying to comply with the law, but "'Even when I say
to a publisher that I'm willing to pay whatever you suggest is fair
for a building or district-wide license, they won't discuss it.'"
She also believes software publishers are not responsive to hardware
configurations in districts. Many, she says, have older hardware, and
are in transition periods to newer, but software companies won't allow
for these variations in selling their products. So districts can be
forced to buy multiple licensed copies or, as she suggests, revert to
piracy.
The article concludes with a remark paraphrased from "talking to...
educators" that flexible volume purchasing options would help to
further eliminate pirating in American schools.
The last page of the article (in a three column format) includes a
two-column ad from the SPA with a hotline number to report
"...unauthorized use of software including:
"*bulletin boards
"*unauthorized sales
"*hard disk loading
"*unauthorized internal copying[.]"
The ad also provides an address for obtaining a free pamphlet about
software and law.
A sidebar to the main story describes potential federal sentences and
fines for piracy, and notes that school districts are legally allowed
to lend software to students and staff unless that is "expressly
prohibited in the publisher's own licensing agreement." The sidebar
was credited to Mark Sherry, identified as president of Microease
Consulting, Inc., consultant with the Mecklenburger Group, and former
director of Software Evaluation for the EPIE Institute.
CURRICULUM PRODUCT NEWS is a slick (paper-quality) magazine
containing articles, advertising, and the ubiquitous "Circle #xxx for
more information" at the end of the 'news' articles. Its subtitle is
"The Magazine for District-Level Administrators," and it is published
10 times a year by Educational Media, Inc., 992 High Ridge Rd.,
Stamford, CT 06905. The article recapped here was in the May issue,
Vol. 3, No. 9, pages 22-26.
The article was heavy on the industry side (articulation of the
problems of piracy came from trade and like organizations), but did
attempt to balance the concerns and problems of educators with those
of software publishers. The article provides no specific information
about how much software piracy is going on in elementary and secondary
schools.
------------------------------
End of Computer Underground Digest #4.36
************************************
Computer underground Digest Thur Aug 20, 1992 Volume 4 : Issue 37
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Copy Editor: Etaion Shrdlu, III
Archivist: Brendan Kehoe
Shadow-Archivist: Dan Carosone
CONTENTS, #4.37 (Aug 20, 1992)
File 1--Re: Cu Digest, #4.36
File 2--Ripco the Victim of Misinformation?
File 3--Response to Privacy Times Article
File 4--Re: Quick reality check.....
File 5--Pager Fraud Conviction (Telecom Digest Reprint)
File 6--Calif. Woman Convicted in Computerized Tax Refund Scheme
File 7--EFF Receives Dvorak/Zoom Award
File 8--Pac-Bell's Privacy Rings False (CPSR Press Release)
File 9--CPSR 1992 Annual Meeting
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by
anonymous ftp from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Sun, 16 Aug 92 19:13:54 -0700
From: nelson@BOLYARD.WPD.SGI.COM(Nelson Bolyard)
Subject: File 1--Re: Cu Digest, #4.36
In article <1992Aug16.202305.16708@chinacat.unicom.com>
john@ZYGOT.ATI.COM(John Higdon) writes:
>After having eight of my residence phone numbers changed, I suddenly
>realized that my Pac*Bell Calling Card was invalid. I called the
>business office and explained that I wanted a new card. No problem. In
>fact, I could select my own PIN. And if I did so, the card would
>become usable almost immediately.
>Do you see where I am going with this? No effort was made to verify
>that I was who I claimed to be, even though my accounts are all
>flagged with a password. (When I reminded the rep that she forgot to
>ask for my password, she was highly embarrassed.) If I had been Joe
>Crook, I would have a nice new Calling Card, complete with PIN, of
>which the bill-paying sucker (me) would not have had any knowledge. By
>the time the smoke cleared, how many calls to the Dominican Republic
>could have been made?
To which jmcarli@SRV.PACBELL.COM(Jerry M. Carlin) replies:
>All I can say is that we're trying. As I pointed out earlier in this
>conversation, it all comes down to people. A mistake was made, no
>doubt about it. Can be do a better job than we are doing? We're
>trying to. Is being Ok enough? As the current advertising slogan says
>"Good enough isn't". This slogan has to translate into real action.
What Rubbish! It doesn't "come down to people". At least, it need not.
The _computer_ should enforce the right password to modify the account,
not the customer rep, and the rep should never SEE the customer's password.
The way PACBELL's existing account "password" program apparently works,
(information gleaned entirely from public sources of information, including
postings to TELECOM-digest and the CU digest) the account holder's
password is displayed on a screen, and it is a human's job to verify that
the customer speaks the right value. This system was obviously designed
by someone who didn't have a CLUE about security.
The system should have been designed so that when an account has a
password, ANY attempt by a customer service representative to access or
modify the account will be blocked until the password is entered by the
rep (who presumably has just gotten it from the person on the phone, the
alleged customer). I suppose some "supervisor override" password might
exist so accounts could be managed when the real customer was dead, but
any transactions done using the override password would render the user of
that password (e.g. supervisor) _personally_ liable if the actions proved
fraudulent (not properly authorized).
One final note to all this whining about "we're trying". I'm reminded of
parents who teach their children that it's OK to fail "as long as you
tried your best". Not one of us who holds a job is ever held up to that
ridiculously low standard of performance. No business ever survives by
holding itself to that standard. It's galling that PacBell should expect
us to apply that standard to them, especially given their regulated
monopoly.
If PacBell had any competition as a LEC, and that competitor used
real (not pretend) password account security, they'd stop this whining
and do something about it pronto, while customers went to the competitor
in droves.
--
Nelson Bolyard MTS Advanced OS Lab Silicon Graphics, Inc.
nelson@sgi.COM {decwrl,sun}!sgi!whizzer!nelson 415-390-1919
Disclaimer: I do not speak for my employer.
--
------------------------------
Date: Mon, 17 Aug 1992 19:27:13 PDT
From: Jim Thomas <jthomas@well.sf.ca.us>
Subject: File 2--Ripco the Victim of Misinformation?
The dangers of erroneous or fraudulent information can be demonstrated
in the abuses of Operation Sun Devil and the "Bill Cook cases."
Inaccurate interpretations, questionable "facts" and glib language of
posts were used to weave an imagery of a dangerous national conspiracy
of hackers intent in disrupting or destroying Life-As-We-Know-It. The
Secret Service claimed that a post describing Kermit as a 7-bit
protocol was evidence of a conspiracy; Bill Cook described publicly
available documents as a map of the E911 system, implying that those
who possessed it could endanger national safety and security; Henry
Kluepfel identitied to the Secret Service "hackers" who are presumably
the CuD moderators; BellSouth claimed that information available in a
document costing under $15 was worth several hundred thousand dollars.
These claims were used as the basis for raids, indictments,
prosecutions, and the disruption of lives and business enterprises who
fell victim to the abuse of misinformation.
Ripco BBS was a victim of the Sun Devil raids in May, 1990. Although
there was no evidence that the sysop, Dr. Ripco, ever engaged in the
crimes for which he and others were suspected, and no user of his
board was indicted for the suspected crimes, and no material on his
board was ever adduced in court in the prosecution of others, he lost
equipment, books, posters, and other items. Dr. Ripco was victim of
misinformation. Because of the manner in which law enforcement has
written search affidavits and indictments drawing from inaccurate
information, gross reporting of potentially damaging "facts" cannot go
without response. An article appearing in the July 30 issue of
Privacy Times (PT), written by Evan Hendricks the editor, is the kind
of article that requires a swift reaction.
The article is "Hacker 'Manual' Tells 'Wannabes' how to Penetrate TRW
Database." Although Ripco is mentioned in only one sentence, it is a
damaging choice of words.
The article itself describes a "hacker file" detailing how to obtain
access to a TRW account, login to the TRW system, find and download
information, and interpret the information once obtained. The
author(s) of the TRW file, dated April, 1992, write in the style of
the juvenile anarchists who fantasize mindless destruction of "The
System," and who self-define themselves as "great criminal minds." The
PT article itself is well-intended: The goal seems to be to
raise the visibility of the security weaknesses of the TRW data base
and simultaneously to dramatize the sociopathic tendencies of those
who, as Cliff Stoll might say, put razor blades in the sand. But
there is one dangerously inaccurate line in the PT story that cannot
go without response:
"Entitled 'TRW.Masterfile,' the manual was published on
the 'Ripco' bulletin board by two authors who identify
themselves as 'CitiZen-One" and "Evil Priest."
Dr. Ripco responds to this in the following file. But, as a long-time
user of Ripco BBS, I searched my own files and discovered the
following:
1) There is *NO* such TRW file listed in the file lists
2) There is one Evile Priest and one citizen-0ne listed, but
neither are regular users. As of August 15th, the former
has not signed on since January, 1992, and the latter hasn't
signed on since April, 1992. Neither was listed logs prior
to January, 1992 that I could find.
The TRW file in question can probably be found on a number of boards.
Assuming that the copy I have obtained is identical to the file
reported in PT, it would appear to contain no illegal information.
Although a "how to" manual, it falls within literature protected under
the First Amendment. Although it is poorly written (a Grammatik check
rates it as incomprehensible), poorly conceived and argued, childishly
simplistic, and quite silly, it reveals little about TRW and contains
no proprietary information. To its credit, PT does not sensationalize
the document, and the point of the TRW story is not to create hysteria
about the dangers of hackers, but appears instead to be simply
describing a variant of "anarckidz."
However, CuD *strongly* condemns the unsubstantiated allegation that
the file was "published" on Ripco. This is a distortion of how files
are created and disseminated and implicates a BBS and its sysop in
activities over which the sysop has no knowledge. This creates an
association between illegal behaviors and Ripco that is not only
erroneous, but dangerous. It puts the board and its users at risk for
continued law enforcement excesses on the basis of what appears to be
unsubstantiated claims of the kind that have been previous
justifications for searches and seizures.
Misinformation also creates the possibility that the line will be
picked up by other media and repeated as true. This occured with the
Privacy Times article. James Daley, of Computerword, received a fax of
the PT piece, and repeated the allegation in his own column in the
August 17 issue of Computerworld without checking the accuracy, without
calling Evan Hendricks at Privacy Times, and without calling Ripco.
Daley writes:
"Two unidentified persons have used the "Ripco" bulletin board
to electronically publish a detailed manual, complete with
dial-up numbers, geographical codes and methods for conning
bureau subscribers into divulging their passwords, for
penetrating TRW's credit bureau data base." (p. 47)
Seemingly trivial one-liners, like viruses, have a way of spreading
their destructiveness. And, just parenthetically, if, in a term
paper, a student reproduced material without acknowledging the
original source, as the Computerworld article did in reproducing the
Privacy Times piece without acknowledging the original author, I would
raise the question of plagiarism.
If I am correct in my belief that the files were never available on
Ripco, I wonder why PT (and Computerworld) made the claim that they
were? From what source *did* the writer of the PT article obtain the
files? If the article's allusion to Ripco was based on a line in the
file itself indicating that the authors of the file could be contacted
on Ripco, then why wasn't mention made of other boards (in Florida)
also mentioned? Why did the writer of the PT article make no attempt
to contact Dr. Ripco? He is accessible, articulate, and quite open.
Ripco's number was included in the file, making contact readily
possible if the author tried.
I contacted the author of the PT article, editor Evan Hendricks.
Evan shared my concern that if the facts were as I presented them,
then the choice of words was unfortunate. He explained that,
especially in technical matters relating to computer technology, he
relies on informants. In this case, his informants indicated that the
files were "published" (and available) on Ripco. He indicated that he
would have to check with his informants to clarify the apparent
discrepancy between their account and ours. I agree (and fully
sympathize) with Evan on one point: Sometimes secondary facts that are
not immediately relevant to the primary focus of a story appears too
minor to check. I am convinced of Evan's good faith, and readers of
Privacy Times informed CuD that Evan has taken an aggressive and
principled stand against excesses of the Secret Service in Steve
Jackson games. I also agree that the offending sentence is of the
kind that is normally innocuous and the result of a seemingly minor
informant error translated into a vague phrase. In this case, however,
the phrase could possibly re-appear in an indictment. Evan must, of
course, check the accuracy of my account in challenging the
availability of the TRW file on Ripco. However, he assured me that if
my account is accurate, he will correct the mistake.
The intent here is not simply to criticize Privacy Times or its
editor. Evan impressed me as concerned, sincere, and highly
interested in many of the same issues as CuD, EFF, and others. Of
broader relevance is the way that the media often represent the
computer culture and the ways in which the participants in that
culture respond. In my own experience, most reporters and editors
appreciate being informed of alternative interpretations and accurate
facts. Sometimes "corrections" are over minor and inconsequential
details of no import. At other times, they can be vitally important
to rectifying potentially damaging depictions. Either way, gentle but
explicit dialogue with the media is crucial to reducing the
misunderstandings offered to the public. In this case, I am confident
that Privacy Digest and Computerworld will "do the right thing" by
checking the accuracy of their allegations. If they find they were in
error, I am equally confident that they will retract it.
((Despite my criticism of this particular article, Privacy Times is
considered a reputable and helpful source of information on law,
government policy, and other issues related to intrusions into and
protections of Constitutional rights. It is subscriber-sustained and
contains no advertising. Examination copies are available, and
subscriptions run $225 a year. For more information, contact Evan
Hendricks, Editor; Privacy Times; PO Box 21501; Washington, D.C.,
((ADDENDUM: Media persons wishing to contact Ripco BBS may do so at
(312) 528-5020. If the lines are busy, which they often are because of
its nearly 1,300 users, messages sent to Dr. Ripco at
tk0jut2@mvs.cso.niu.edu will be immediately forwarded))
------------------------------
Date: Sun, 17 Aug 92 19:31:08 CDT
From: Dr Ripco <Ripco BBS>
Subject: File 3--Response to Privacy Times Article
In the July 30, 1992 issue of Privacy Times (v12, #15), a story appears
on page one entitled "Hacker 'Manual' Tells Wannabes How To Penetrate
TRW Database'. Within this article my board, "Ripco" is mentioned in a
manner that implies "the manual" is either available or was sanctioned
by myself or the system.
This is totally false.
The way I see it, the author of the article either failed to check
facts or simply irresponsibly reported misinformation. No one from this
newsletter has ever contacted me and to the best of my knowledge ever
attempted the same.
The first sentence of paragraph two reads as follows:
>"Entitled 'TRW Masterfile,' the manual was published recently on
>the 'Ripco' bulletin board by two authors who identify themselves
>as 'CitiZen-One' and 'Evil Priest.'"
This document has never been "published", distributed or been
available in any other form on my system. By checking the logs I have
determined that a user by the name of Evile Preist did call the system
once in January of 92 but no activity was shown on the account. In
April of 92 a user by the name of Citizen-0ne called 5 times and did
in fact upload a file called "TRW_MAST.TXT" on or around April 28th.
That file was immediately removed from the uploads directory by myself
under the strict rules I self-imposed after being victimized by
Operation Sundevil. The uploads on my system are locked and cannot be
downloaded by anyone until I clear the lock. Therefore, it was
impossible for it to be downloaded during th time it was first
uploaded and removed.
The logs, which I examined using the bulletin board program that
generates a complete listing of uploads and downloads, support my
claim. A record is made every time a file is either uploaded or
downloaded. This file shows one upload, no downloads.
Citizen-0ne and Evile Preist were never regular users of the board. I
do not know either one of them and never have had any contact with
them that I am aware of. Within the TRW_MAST.TXT file, my system along
with its phone number is mentioned but I have no idea why. The cDc
(Cult of the Dead Cow) is also mentioned but this does not appear in
the article.
I cannot control being mentioned in any file. Bulletin board names as
far as I know are not copyrighted or trademarked and it's been a
tradition for people who write files to stick a plug in for their
favorite system or two. Why my system is mentioned by authors who
appear to rarely use it is beyond me.
I have doubled checked most (if not all) of the files on my system
including a telecommunications newsletter and neither this file nor
any part of it is or ever on my system available to the users.
The two words "published recently" on the Ripco bulletin board
contained in the Privacy Times newsletter (p. 1) is absolutely,
unequivocally, and egregiously false. Besides, the correct name of
the system is "Ripco ][", because the original "Ripco" was removed
from service by the Secret Service on May 8 of 1990.
Dr. Ripco
------------------------------
Date: Wed, 12 Aug 92 15:57:02 EDT
From: Kim Clancy <clancy@CSRC.NCSL.NIST.GOV>
Subject: File 4--Re: Quick reality check.....
((MODERATORS' NOTE: We heard about the AIS BBS from several readers,
and checked it out. We we impressed by the collection of text files,
the attempt to bring different groups together for the common purposes
of security and civilizing the cyber frontier, and the professionalism
with which the board is run. AIS BBS is a first-rate resource for
security personnel who are concerned with protecting their systems)).
1. What is this Board? (name, number, who runs it (dept & sysop).
What kind of software are you using? When did the Board go on-line?
The Bulletin Board System (BBS) is run by the Bureau of the Public
Debt's, Office of Automated Information System's Security Branch. The
mission of the Bureau is to administer Treasury's debt finance
operations and account for the resulting debt. The OAIS security
branch is responsible for managing Public Debt's computer systems
security. The AIS BBS is open to the public and the phone number for
the Board is (304) 420-6083. There are three sysops, who manage the
Remote Access software. The BBS operates on a stand-alone pc and is
not connected to any of other Public Debt systems. The Board is not
used to disseminate sensitive information, and has been up operating
for the past 15 months.
2. What are the goals and purposes of the Board?
The BBS was established to help manage Public Debt's security program.
Security managers are located throughout Public Debt's offices in
Parkersburg, WV and Washington DC. The security programmers saw a
need to disseminate large amounts of information and provide for
communication between program participants in different locations.
Because the Board was established for internal purposes, the phone
number was not published. However, the number was provided to others
in the computer security community who could provide information and
make suggestions to help improve the bureau's security program.
Gradually, others became aware of the Board's existence.
3. What kinds of files and/or programs do you have on the Board?
Why/how do you choose the files you have on-line?
There is a wide variety of files posted. In the beginning, we posted
policy documents, newsletter articles from our internal security
newsletter, bulletins issued by CERT, such as virus warnings, and
others for internal use. I located some "underground" files that
described techniques for circumventing security on one of the systems
we manage. The information, from Phrack magazine, was posted for our
security managers to use to strengthen security. When we were called
by others with the same systems, we would direct them to those files
as well. Unexpectedly, the "hacker" that had written the file
contacted me through our BBS. In his article he mentioned several
automated tools that had helped him take advantage of the system. I
requested that he pass on copies of the programs for our use. He
agreed. This is how our "hacker file areas" came to be. Other
hackers have done the same, and have we also received many files that
may be useful. It is, indeed, an unusual situation when hackers and
security professionals work together to help secure systems. However,
this communication has been beneficial in strengthening an already
secure system.
4. Since you and the Secret Service are both part of the U.S.
Treasury, was the Board set up to catch "hackers?"
No, the BBS was designed to manage our internal security program. We
do not allow individuals to sign on with "handles." We do not know if
people are hackers when they sign on unless they identify themselves.
5. How did you get the idea to set it up?
The security branch accesses many BBSs on a daily basis for research
purposes, information retrieval and to communicate with others. Since
our security program is decentralized, the BBS seemed to be an
effective way of communicating with program participants in diverse
locations.
6. What distinguishes your board from sources like CERT, or from
"underground" BBSes?
First, there is a wide diversity to our files, ranging from CERT
advisories to the 40Hex newsletters. Also, many of the files on our
system are posted as a resource we use for the implementation of our
security program. For example, the Board lists computer based
training modules that we have developed, policy documents, and
position descriptions. These are files that other security programs
can use to implement or help start their programs. On the message
side of the BBS, what distinguishes it would have to be the open
interaction between hackers, virus writers, phone phreaks and the
security community.
7. What kinds of difficulties or problems have you encountered,
either from superiors or from users, in operating the Board?
I can recall few, if any, difficulties from anyone, users or
superiors. Upper management understands the value of the technology
and has been extremely supportive. All users have been courteous,
professional, and supportive. Security professionals constantly thank
us for providing "underground" information for them. It allows others
in the field to gain access to valuable information without having to
access "underground" systems. Users appreciate the opportunity to
share their knowledge with others and seem grateful to have an avenue
to communicate with security professionals who will listen to
"hackers" experiences.
8. Can you describe any unusual or humorous experiences you have had
with users while running the Board?
It is unusual for "hackers" and security professionals to work
together to help secure systems, but that is what is occurring on our
system. I have had requests from other government agencies asking for
resumes of "hackers" that may assist them. I have been contacted by
numerous government and private agencies asking for our "contacts." I
just direct them to the BBS and advise that they post messages
regarding the questions they need answered. If anyone is interested
in helping, they will respond. It is an unusual situation, but, in my
opinion, I can attest that the information we have received has been
very useful to our security program.
9. What future plans do you have for improving the hardware, such as
upgrading modem, number of lines, or storage capacity, or for
developing the services of the Board?
Starting July 13th, the Board will be down periodically for system
upgrades. We are adding an additional phone line, and a 315 mb hard
drive. Also, we are going to make a few changes to reorganize files.
It is hoped that group information will be more efficient in this
manner. We are also adding RIME relay net conferences and will carry
topics such as Data Protection.
10. What should potential users know about the Board or your policies
before attempting to receive access?
Users must be aware that we do not allow handles on the BBS. If they
sign on with a handle it will be deleted. We also reserve the right
to review all E-mail, public and private. All users have access to
the BBS upon sign on. If a user wants access to the "hacker" file
area, they need to send a message to the sysop requesting access.
Potential users should know they are welcome to call in and
communicate with us and others.
------------------------------
Date: 16 Aug 92 16:40:07 GMT
From: 1012breuckma@vmsf.csd.mu.edu
Subject: File 5--Pager Fraud Conviction (Telecom Digest Reprint)
Angry Callers Help Convict Man Behind Beeper Scheme
From {The Milwaukee Journal} 8/16/92
New York, N.Y. - A Manhattan man has been convicted of leaving
messages on thousands of beepers for a telephone number that cost $55
to call. While the defendant, Michael Brown, 23, never made a dime,
prosecutors said he stood to make millions before he was caught last
year. They said he tried to defraud thousand of potential victims.
US Atty. Otto Obermaier said Brown hooked up two computers in his
apartment and then attached them to two telephone lines. On one line,
the computer placed more than 4,000 calls a day to pagers that people
carry with them. A message said that a return call for
telephone-based informational services should be made to a special 540
number on Brown's second line tied to the second computer.
What the unsuspecting people who returned the calls were not advised
is that it would cost them $55 a call, in violation of a New York
State Public Service Commission regulation requiring operators of toll
numbers to advise incoming callers of the cost so they can hang up
before being charged. But Brown devised a scheme in which the
computer kept callers on the line for at least 20 seconds, the time
required so they could be billed for $55 by the telephone company.
In a six-day period in February 1991, the first computer spewed out a
total of 26,000 calls. But the fraud did not last long because irate
subscribers inundated New York Telephone with complaints of the $55
charge. By the time the company notified federal prosecutors and
disconnected Brown's two lines, he had billed a total of $198,000.
But prosecutors said that he never collected a dime, and that New York
Telephone made no efforts to collect the bills. After his conviction
last week, Brown faces up to five years in prison and a fine of
$250,000 when he is sentenced on Oct. 28. He is free on $30,000 bail.
------------------------------
Date: Tue, 18 Aug 92 23:46:20 EDT
From: <Nigel.Allen@LAMBADA.OIT.UNC.EDU>
Subject: File 6--Calif. Woman Convicted in Computerized Tax Refund Scheme
California Woman Convicted in Income Tax Refund Scheme
Press release from the U.S. Justice Department.
To: National Desk, California Correspondent
Contact: U.S. Department of Justice, 202-514-2007
FRESNO, Calif., Aug. 18 /U.S. Newswire/ -- Acting Assistant Attorney
General James A. Bruton and the United States Attorney for the Eastern
District of California, George L. O'Connell, announced Monday, Aug.
17, that Enedina Ochoa of Turlock, Calif., 26, was convicted by a
federal jury on Friday, Aug. 14, of one count of conspiracy to defraud
the government and 20 counts of assisting others in filing false
income tax refund claims with the Internal Revenue Service.
The jury trial lasted four days before United States District Judge
Oliver W. Wanger. Wanger ordered Ochoa held in custody pending
sentencing.
Ochoa's scheme exploited the Internal Revenue Service's newly
implemented electronic filing system, which allows filers of refund
claims to receive their refund checks in one or two days. By causing
large numbers of false refund claims to be electronically filed, Ochoa
and her co-conspirator, Karleena Pulido, fraudulently obtained
approximately $100,000 from the Internal Revenue Service. Most of the
criminal activity involved 1991 federal income tax returns filed
earlier this year.
Ochoa and Pulido, a Turlock income tax preparer who pled guilty two
weeks ago to conspiracy to defraud the government and 29 counts of
assisting others in filing false claims for income tax refunds,
engaged in a scheme to electronically file false refund claims with
the I.R.S. by recruiting individuals to provide their real names and
social security numbers for use by Pulido on false Forms W-2 which
Pulido fabricated. Ochoa then assisted the recruited individuals in
electronically filing these false refund claims with the I.R.S. from
electronic return transmitters such as Cash-N-Dash, an income tax
transmittal and check cashing service headquartered in Fresno. Ochoa
and Pulido then divided divided the refund proceeds among themselves
and the individuals they recruited.
The long-standing I.R.S. system of filing paper returns requires a
taxpayer to wait several weeks before receiving a refund check. Ochoa
and Pulido face a maximum sentence of ten years imprisonment and a
fine of $250,000 for the conspiracy convictions and five years
imprisonment for each conviction of assisting in the filing of a false
claim. Sentencing is set for Oct. 19, and Oct. 26, for Pulido and
Ochoa, respectively, before Wanger.
The case is the result of an extensive and ongoing investigation of
electronic filing fraud by special agents of the Internal Revenue
Service's Criminal Investigation Division, and was prosecuted by
Department of Justice Tax Division Trial Attorneys Eric C. Lisann and
Floyd J. Miller. It is the first prosecution of this type of crime in
this judicial district, and is one of only a very few such cases that
have gone to trial anywhere in the United States since the inception
of the Internal Revenue Service's electronic filing system. Acting
Assistant Attorney General James Bruton stated, "This
conviction serves as notice that the federal government is committed
to early detection and prosecution of electronic filing schemes.
Blatant abuse of the Internal Revenue Service's computerized refund
program will not be tolerated." According to Rick Speier, chief of
the Internal Revenue Service's Criminal Investigation Division in San
Jose and Fresno, "as the use of electronic filing increases, the
Internal Revenue Service will continue to be vigilant in identifying
electronic filing schemes organized by unscrupulousindividuals who
seek to exploit the system for criminal purposes."
------------------------------
From: Rita Marie Rouvalis <rita@EFF.ORG>
Subject: File 7--EFF Receives Dvorak/Zoom Award
Date: Tue, 18 Aug 92 16:01:17 EDT
EFF AWARDED DVORAK/ZOOM AWARD FOR EXCELLENCE IN TELECOMMUNICATIONS
AT ONE BBSCON IN DENVER
On August 13, the Electronic Frontier Foundation was the recipient
of one of twelve Dvorak/Zoom Telecommunications Awards. The
Dvorak/Zoom awards are to be given annually in order to recognize
individuals and organizations that have made a difference to
telecommunications and the BBS conferencing industry.
The awards were given for the first time at a presentation ceremony
during One BBSCON in Denver. The EFF was cited for "helping to keep
telecommunications safe from the potential perils of out-of-control
legal departments and over zealous law enforcement agencies." The
award also noted that the EFF has become "an extremely important
advocacy group for online telecommunications users."
Also honored in the awards ceremony were:
The WELL
Channel 1 BBS
Tom Jennings of Fidonet
Chuck Forsberg for Zmodem
John Friel III for Qmodem
Phil Katz for PKZip
Ward Christensen for Xmodem
Ward Christensen and Randy Seuss for BBS 1
Tom Smith for Procomm for Windows
Marshall Dudley for Doorway
The Rockwell Design Team for First Single Package
V.32N.32bis Chipset
A more detailed report on the activities of ONE BBSCON will be the
subject of a forthcoming edition of EFFector Online.
------------------------------
Date: Mon, 10 Aug 1992 15:59:31 PDT
From: Nikki Draper <draper@CSLI.STANFORD.EDU>
Subject: File 8--Pac-Bell's Privacy Rings False (CPSR Press Release)
PACIFIC BELL'S PHONE PRIVACY RINGS FALSE, SAYS
COMPUTER PROFESSIONALS FOR SOCIAL RESPONSIBILITY
PALO ALTO, Calif., August 10, 1992 -- Computer Professionals for
Social Responsibility (CPSR), a national alliance of professionals
concerned with the impact of technology on society based here,
expressed deep concern over Pacific Bell's attempt to gut a recent
California Public Utility Commission (PUC) order on Calling-Number
Identification (CNID). Pacific Bell has requested a rehearing on the
PUC restrictions. PacBell's proposal will eliminate important safety
and privacy protections in the Commission's order, CPSR charged. CNID
allows businesses to collect the phone numbers of customers who call
them.
The Commission's order guarantees privacy protections for all
Californians. PacBell proposes to eliminate a key privacy protection
called Per-Line Blocking with Per-Call Unblocking. This feature
prevents home numbers from being collected by businesses, unless the
caller decides to give it to them. Phone companies would prefer to
only offer per-call blocking, a scheme in which caller numbers are
always given out unless the caller remembers to dial a blocking code
before dialing the desired number.
"If this happens, Californians will inevitably receive more junk mail,
more annoying phone calls, and greater invasions of their privacy,
some of which may be dangerous," said CPSR Chair and user interface
expert, Dr. Jeff Johnson.
PacBell claims that CNID would give people more control over their
privacy by providing the phone number from the calling phone. This is
the wrong technological answer to the problem according to Johnson.
"What people want to know is who is calling, not what phone is being
used. If my wife's car breaks down and she calls me from a pay phone,
that's a call I want to answer. CNID doesn't give me any information
that will help me do that."
In PUC hearings held last year, Johnson accused the phone companies of
designing a service that is more useful for businesses in gathering
marketing data than for consumers in screening calls. Phone companies
are opposed to per-line blocking because it would presumably result in
more numbers being kept private, thereby reducing the value of the
CNID service to business subscribers.
"Phone companies don't want you to block your phone number when you
call movie theaters or appliance stores. The more times your number
is revealed to businesses, the better! So they oppose reasonable
blocking options and are pushing an error-prone one," he said.
If only per-call blocking were available, residential phone customers
-- or their children, parents, grandparents, guests -- would often
forget to dial their blocking code before making a call, resulting in
frequent disclosure of private information to businesses without the
consent, and sometimes even without the knowledge, of the caller.
"Unless PacBell is willing to live within the very reasonable bounds
set by the PUC decision, the concerns of Californians will be far
better served if CNID is simply not offered at all," said Johnson.
"Subscriber privacy is more important that Pacific Bell's profits."
Founded in 1981, CPSR is a public interest alliance of computer
scientists and other professionals interested in the impact of
computer technology on society. As technical experts and informed
citizens, CPSR members provide the public and policy makers with
realistic assessments of the power, promise, and limitations of
computer technology. It is a national organization, with 21 chapters
throughout the United States. The organization also has program
offices in Washington D.C. and Cambridge, MA.
For information on CPSR, contact the national office at 415-322-3778
or cpsr@csli.stanford.edu.
------------------------------
Date: Tue, 18 Aug 1992 15:22:45 PDT
From: Nikki Draper <draper@CSLI.STANFORD.EDU>
Subject: File 9--CPSR 1992 Annual Meeting
COMPUTER PROFESSIONALS FOR SOCIAL RESPONSIBILITY
1992 ANNUAL MEETING
OCTOBER 17TH AND 18TH
STANFORD UNIVERSITY
PALO ALTO, CALIFORNIA
In the heat of a presidential campaign, CPSR asks computer
professionals to take a critical look at how politics affects
technology and how technology affects the political process.
Computer scientists from across the country will rigorously examine
this years techno - speak to find the substance amid the line noise.
Our annual meeting is open to everyone who has an interest in
computers, communication, and our role as citizens in a high-tech
society.
Computer Professionals for Social Responsibility is a national
alliance of professionals dedicated to promoting the responsible use
of computer technology, ensuring that information technology plays a
positive role in society.
***********************************************************************
SATURDAY, OCTOBER 17TH
8 a.m. - 9 a.m. Registration and Continental Breakfast
9:00 - 9:15 Welcome
9:15 - 10:45 Teledemocracy & Citizen Participation:
Beyond the Electronic Town Meeting
Electronic media allow politicians and the general public to
communicate in new ways. An election year look at the dangers
and the opportunities of electronic democracy.
10:45 - 11:00 Break
11:00-12:30 The Politics of Cryptography
Cryptography is a means of ensuring the privacy and integrity of
electronically transmitted information. The military/intelligence
establishment has traditionally restricted the development and
dissemination of this technology. With the end of the Cold War and
the rapid expansion of the electronic network, government policy in
cryptography has come to the forefront. This panel examines the
current issues. Moderated by David Sobel, Legal Counsel for CPSR.
12:30 - 2:00 Lunch break
2:00 - 3:30 Everything's Digital!
Media Convergence: Hope, Hell, or Hype?
Big industry players are promoting multimedia convergence as the
next technological frontier. There's smoke, but is there fire? As all
forms of information congeal into a digital soup, convergence raises
issues of ownership, authorship, integrity and access. Is convergence
television to the 10th power, a consumer nightmare, or a true vision
of a new creativity? Moderated by Amy Pearl of Sun Microsystems.
3:30-3:45 Break
3:45-5:00 Envisioning Technology Policy
in a Democratic Society
How do we translate our vision of technology's promise into
democratic reality? A panel of activists looks at the development
of American technology policy and asks the crucial question: Is it
the vision thing or deep doodoo? CPSR Board member, Jim Davis
moderates.
5:00-7:30 Break
7:30-8:30 No Host Bar at Ming's Villa
8:30-10:30 Banquet at Ming's Villa
Dave Liddle of Interval Research speaks on Computing in the
21st Century. Announcement and presentation of the Norbert
Wiener Award for Social and Professional Responsibility in
Computing.
SUNDAY, OCTOBER 18TH
8 a.m. - 9 a.m. Continental Breakfast
9:00 - 9:15 Welcome
9:15- 10:30 CPSR: How We Have Impact and Why We Win
For over a decade, CPSR has had an important impact on national,
international, state and local technology policy. To continue our
success, CPSR activists share case studies of our of public policy
successes. By understanding why we win, we can maximize our
impact in the future.
10:30-10:45 Break
10:45-12:15 Organizing for the Future
A plenary discussion of CPSR's program areas - defining the issues,
building consensus, and setting the agenda.
12:15-2 p.m. Lunch
2:00-3:00 CPSR Working Groups
Break out groups, based on the morning's plenary, allow participants
to chart CPSR's plans on key program issues: civil liberties, privacy,
21st Century, reliability and risk, workplace issues, and more.
5 minute break
3:00 - 4:00 Leadership Development Workshops
Break out sessions on leadership development, organizing on the
net, chapter development, and more.
4:00-4:15 Break
4:15-5:30 Reports, evaluation, and President's message.
***********************************************************************
Name _____________________________________________________
Address ___________________________________________________
City__________________________State ________Zip Code_________
Telephone__________________________________________________
Important: Registration is on a first come, first serve basis. We
expect these events will sell out, so it is important that you return
the registration form as soon as possible to guarantee places at the
meeting and banquet.
EARLY REGISTRATION (received by 10/9/92)
CPSR Member
Meeting and banquet $85
Meeting only $45
Banquet only $40
Nonmember
Meeting and banquet $95
Meeting only $50
Banquet only $45
By adding $40 for a one-year CPSR membership, you can become
eligible for member prices. CPSR also offers a sliding scale fee for
registration to the meeting. If you are interested, call the National
Office at 415-322-3778, for details or send us email at
cpsr@csli.stanford.edu
LATE REGISTRATION (received after 10/9/92)
CPSR Member
Meeting and banquet $95
Meeting only $50
Banquet only $45
Nonmember
Meeting and banquet $105
Meeting only $55
Banquet only $50
I want a vegetarian dinner at the Banquet. _____YES ______NO
BRING SOMEONE WHO IS NOT A CPSR MEMBER TO THE ANNUAL MEETING, AND GET $5.00 OFF
YOUR REGISTRATION FEE!!
I can't attend the Annual Meeting, but I want to support the work of
CPSR. I've enclosed a tax deductible contribution to help create a
successful organization. Total enclosed $___________
Please send me _____ brochures to hand out to my friends and
colleagues. Make check payable to CPSR. Mail to:
CPSR
P.O. Box 717,
Palo Alto, CA 94301
For more information on CPSR call 415-322-3778 or send email to
cpsr@csli.stanford.edu
------------------------------
End of Computer Underground Digest #4.37
************************************
Computer underground Digest Sun Aug 23, 1992 Volume 4 : Issue 38
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Copy Editor: Etaion Shrdlu, III
Archivist: Brendan Kehoe
Shadow-Archivist: Dan Carosone
CONTENTS, #4.38 (Aug 23, 1992)
File 1--Retraction & apology to Ripco
File 2--THE GARBAGE DUMP BBS Purges Adult Gifs
File 3--Canada busts Pirate
File 4--Lotus NYT As against Borland
File 5--Secret Service -- the TV show
File 6--"The Hacker Files" Comic Book
File 7--ZEN AND THE ART OF THE INTERNET (Review 1)
File 8--ZEN AND THE ART OF THE INTERNET (Review 2)
File 9--CPSR Letter on Crypto Policy
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by
anonymous ftp from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Fri, 21 Aug 1992 11:41:44 -0600
From: Evan.Hendricks@EFF.ORG(hendricks@washofc.cpsr.org)
Subject: File 1--Retraction & apology to Ripco
((MODERATORS' NOTE: CuD #4.37 reported an inadvertent, but
unfortunate, phrasing of a reference to Ripco BBS, in an article in
Privacy Times. We contacted the editor, Evan Hendricks, who shared our
concern. He indicated that, if CuD's version of events were correct,
he would rectify the mistake. His response is below may be one reason
why Privacy Times is judged by many as as a first-rate and reputable
resource. His response should also be an example of integrity for
other journalists.))
The following retraction was printed in the Aug. 21, 1992 issue of
Privacy Times
++++++++++++++++++++++++++++
RETRACTION
In the previous issue, Privacy Times reported incorrectly that a
manual for breaking into TRW's credit bureau database was published on
the Ripco bulletin board. In fact, Ripco officials refused to publish
it. Our mistake was made worse by the fact that Ripco had been the
previous victim of unwarranted government persecution after
controversial matters were published on the board, sources said.
Privacy Times apologizes for this mistake. We regret any misconceptions
that this may have caused.
------------------------------
Date: Thu, 20 Aug 92 15:46:13 MDT
From: bbx!yenta!weenie@UNMVAX.CS.UNM.EDU(Dean Kerl)
Subject: File 2--THE GARBAGE DUMP BBS Purges Adult Gifs
FOR RELEASE AUGUST 17, 1992
GARBAGE DUMP BBS PURGES ADULT GRAPHIC FILES
DataSafe, owners and operators of The Garbage Dump Bulletin Board
Service (BBS) in Albuquerque, NM and Denver, CO announce the immediate
removal of all adult graphic files from its online service. This
action was taken to free up system and personnel resources which will
be used to enhance and expand current services such as DOS, Windows
and OS/2 shareware downloadable files. Shareware files will be
promoted as a primary product along with interactive chat, message
areas and online multiplayer games.
Simon Clement, VP of Marketing said, "These graphic files have never
been an integral part of our business and this action will allow us to
market to a much wider audience. We feel that this new market strategy
will position us to serve more customers with better and more valuable
services. We would like to encourage our customers to continue using
our expanding services. Any customer who is dissatisfied with our
market emphasis will be given a full refund, on request, for any time
remaining on their account."
The Garbage Dump BBS will continue to offer and promote uncensored
Chat, E-mail, and Message Areas. This uncensored format allows for
open discussion of a wide range of controversial topics including
politics, consumer issues, freedom of speech, alternative lifestyles
and current events.
The Garbage Dump BBS can be reached via modem in Albuquerque, NM at
(505)-294-5675 and in Denver, CO at (303)-457-1111. If you have any
questions about our new policy or would like further information about
our services, please contact Dean Kerl at (505)-294-4980 Voice.
------------------------------
Date: 20 Aug 92 21:41:18 EDT
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 3--Canada busts Pirate
Centre d'ordinateurs Microbec, a chain of four computer stores, has
been handed the largest software-copyright fine in the province's
history. The company was fined C$63,000 for selling computers loaded
with illegal copies of the MS-DOS operating system.
The fine is not the worst of it for Microbec. When the Royal Canadian
Mounted Police raided the company last October, they seized about 140
computers carrying the illegal software as evidence. Since the
company was convicted, the seized hardware will not be returned, said
Allan Reynolds, manager of the Canadian Alliance Against Software
Theft (CAAST), a Toronto-based group of major software vendors set up
to fight software piracy. Reynolds said the value of the seized
computers is "more than double the fine amount in terms of revenue
value." (Reprinted from ST Report 8.33 with permission)
------------------------------
Date: Thu, 20 Aug 92 11:49:51 PDT
From: name_withheld@by.request
Subject: File 4--Lotus NYT As against Borland
In case you missed it, there was a full page ad by Lotus in the August
20 issue of the New York Times (Business section, p. 3) about their
lawsuit against Borland. With a banner headline saying "There's
nothing innovative about copying, parts of it read:
On Friday, July 31, 1992, a U.S. District Court ruled that
Borland's Quattro(r) and Quattro Pro(r) spreadsheets infringe the
copyrights of Lotus(r) 1-2-3.
In its ruling, the court concluded tht "...the Quattro programs
derive from illicit copying," holding that "Lotus has sued" and
"Borland is liable."
Lotus goes for the jugular in the ad. In a large-print subhead, it
announces: "_Lotus innovated. Borland copied," and another says: "Who
should you trust?" The ad concludes:
But perhaps most importantly, Borland lost what matters most to
customers: credibility. For instance, Borland told the Court they
needed to copy our menus to achieve macro compatibility with
1-2-3. Now they tell their customers that the 1-2-3 menus aren't
critical to compatibility.
So ask yourself: To what extent can you trust a company that
values what is expedient over what is legal? And to what extent
can you rely on the product it wants you to buy?
Here's our advice: Choose the product, and the company, you can
trust. Choose Lotus. After all, we're the best in the business at
building innovative spreadsheets. Always hae been, always will
be.
Case closed.
Lotus
------------------------------
Date: 17 Aug 1992 12:24:24 -0400 (EDT)
From: Stephen Tihor 212 998 3052 <TIHOR@ACFcluster.NYU.EDU>
Subject: File 5--Secret Service -- the TV show
Last night NBC broadcast an episode of "Secret Service" in NY at least
that featured a straightforwards nut who wants to kill the President
plot and then a rather confusing account of their high technology
defense of a fuzzy city power system against sabotage by a fired
employee.
I hope someone taped it and caught the exact wording of the disclaimer
at the end because it was hard to follow the logic and determine what
was the original incident and what was Hollywoodisms.
The piece was prefaced with a brief discussion some of the risks of
power outages.
The expert quickly diagnosed the problem as a VIRUS. Persistent
references to virus in the context of a electric power control system
seemed odd. Since they appeared to be running pre-existing VIRUS
checking software on the system one might suspect the "main frame" was
an IBM PC or Apple Macintosh running standard software rather than a
real time control system or perhaps something larger and safer.
Interesting references were made to viruses lurking WITHIN modems.
Then they identified the source of the attacking codes as the local
font storage in what appeared to be a old DECwriter dot matrix
printer.
With some external clues the agents attempt to confront the criminal
in house, which is wired with many falling metal screen, sounds
effects, and gas but which lacks reinforced walls. The culprit is
classic middle aged computer geek who appears uncaring about possible
loss of life although the agents do not mention to him the risk of a
life sentence of death penalty of others die as a result of his
sabotage. He refuses to help them disarm the problem.
The expert has announced that this is a logic bomb and eventually
realizes that since the bug code is not in the copy of the system on
disk as long as they shutdown without writing memory to disk they can
reboot bug free. So a brief deliberate blackout is used to save the
city.
I am obvious very curious about the TRUE FACTs of this can if the show
plans to show such other SS triumphs in the war on electronic crime as
almost destroying Steve Jackson Games.
------------------------------
Date: Fri, 21 Aug 92 09:18:22 MDT
From: gambit@unijak.label.com(queen's gambit)
Subject: File 6--"The Hacker Files" Comic Book
_The Hacker Files_, if you've missed them, is the name of a new DC
comic book. At $1.95 each, I plunked down my six bucks and took the
first three of the 24 page monthly back to my digs and zap through
them between hacks. Reading took a lot less time than I thought. I
should have watched a double showing of Ishtar instead.
The premise of the story, which is continued in serial form from one
issue to the next, is that a virus has invaded Arpanet and threatens
the Pentagon's computer system and could trigger a nuclear set-to. No
matter that the collapse of Russia stretches the credibility of the
Dr. Strangelove plot. The hacker-not-cracker hero is Jack Marshall, a
scruffy looking peacenik who dresses in a t-shirt with a prominent
peace sign, jeans, and an army shirt-as-jacket. He's been dismissed
from his last company, Digitronix, under mysterious circumstances and
was black-balled from the industry. Digitronix, coincidentally,
installed the Pentagon's computers, and Jack Marshall, coincidentally,
wrote the operating system for it before his dismissal. Not
coincidentally, there's friction between Marshall and the Digitronix
crowd when he pops on the scene. Not coincidentally, this friction
may or may not have something to do with the plot in coming issues.
Marshall, handle of "Hacker," calls a few of his younger hacker
friends (Sue Denim and Dr. Zen) to help track down the virus planter.
Was it some curious kids? Was it Digitronix? Was it some nasty foreign
government? Do we really care?
I'm not sure who _The Hacker Files- is aimed at. It presents a rather
sympathetic view of hackers, so it's probably aimed at a younger,
techno-sophisticated audience. The unfolding of the plot is too slow
and twisted to hold the attention of the MTV generation, and pre-teens
would probably find the story line incomprehensible. The dialogue in
the book is R-rated, with "bullshits" and "goddamns" liberally
sprinkled in. The graphics include unnecessary snapshot scenes of
houses and neighborhoods that probably are intended for a touch of
realism, but do nothing but take up space. At 12 cents a page, the
space could be better used. The ads every few pages are distracting.
Simulated computer screens showing what the characters see on the
screen abound, but they don't add anything except maybe some vicarious
thrill for kids. The story line needs a stronger set of ideas
describing hackers and their activities and some coherent purpose in
using a hacker as hero or villain. The characters, except for the
youngest hackers, aren't either exciting or sympathetic, and like
Gertrude Stein said about Oakland, after three issues there just ain't
no there there.
As I see it, the "to be continued" format is just a device to entice
readers to get the next issue, but it's is as lame and drawn out as
the first three, the promised "conclusion" in the fourth issue will be
the last.
------------------------------
Date: 20 Aug 1992 09:46:11 U
From: "Anne" <harwell@SMTPGATE.TECHRSCS.PANAM.EDU>
Subject: File 7--ZEN AND THE ART OF THE INTERNET (Review 1)
((MODERATORS' NOTE: The following two posts review ZEN AND THE ART OF
THE INTERNET: A BEGINNER'S GUIDE, by Brendan P. Kehoe. Englewood
Cliffs (N.J.): Prentice-Hall. 122 pp. $22 (paper).))
Brendan Kehoe's _Zen and the Art of the Internet: A Beginner's Guide_
is an eminently usable handbook of information and tips for navigating
the Internet. Despite its title, beginners aren't the only ones who
can benefit from it. The novice will enjoy it as a guided tour of the
net; more experienced netters will find it a valuable resource as an
all-in-one-place source for tips and tricks.
Although some of his examples do betray an excessive fondness for
Unix, Kehoe stays for the most part platform-neutral, so anyone can
benefit from this book. All the basics are covered: email, FTP,
Usenet and Telnet; plus some of everybody's favorite fun things, such
as Finger, Ping, Talk and WHOIS.
One of the more interesting sections is Chapter 4, which is given over
entirely to explaining Usenet. Besides describing what Usenet is ("a
set of machines that exchange articles"), it also tells what Usenet is
not ("an organization," "the Internet," "fair"). Here the author
really seems to swing into his own; he's obviously very comfortable in
the world of newsgroups and this is some of his best writing. Although
the entire book is readable and easy to comprehend, it's fun in the
Usenet chapter. Perhaps echoing the anarchy of Usenet itself, Kehoe's
prose takes on a slightly more freewheeling bent, and his advice,
never heavy-handed, becomes more lively.
_Zen_ is also crammed with factoids that are great to know, but
sometimes hard to remember, such as directions for telnetting into the
Naval Observatory Automated Data Service and listings of email
gateways to. For the beginner, these are great guideposts for learning
what's what; the veteran will appreciate having a ready reference to
favorite services.
Like most people, I had to learn net behavior the hard way, but maybe
future generations will be spared this trauma by reading the section
on netiquette. Although having a more aware crop of newbies entering
the net may not be as amusing to the old timers, it has the potential
for freeing up substantial chunks of bandwidth that were previously
occupied by flames sent to the clueless ones.
One feature of the book that could still stand some improvement is the
appearance of the printed text itself. According to Kehoe, it was
output on a 300 dpi laser. In the mid-1980's that was a great "taking
control of our own property" kind of statement, but now it's easy to
get much higher-quality text out of felt that a book of this quality
deserved more attractive typefaces and higher-res output, such as what
could have easily been obtained from a Linotronic imagesetter.
However, this is a minor qualm and no reason for missing _Zen and the
Art of the Internet_. It's a book to keep handy by the computer,
whether you are a hardened veteran or a net.virgin. Although clearly
slanted towards the novice, there's lots here for everyone. I wish I'd
had it by my side when I first got on the net; it would have saved
asking a million clueless FAQs.
Anne Harwell
harwell@panam.edu
------------------------------
Date: Wed, 20 Aug 92 18:01:31 CDT
From: Jim Thomas <tk0jut2@mvs.cso.niu.edu)
Subject: File 8--ZEN AND THE ART OF THE INTERNET (Review 2)
_Zen and the Art of the Internet: A Beginner's Guide_ (ZAI) is a
deceptively subtle title. As Anne Harwell observes in her review in
the previous post, Kehoe has taken the most common problems and needs
of new internet riders and organized them in nine chapters, five
appendixes, a helpful glossary and a (all to brief) bibliography. Ms.
Harwell is an experienced cyber-surfer, administrator, and postmaster,
and not readily pleased. That she finds the book helpful is a
compelling endorsement.
Kehoe's title is more than a cute wordplay on the similarly titled
"Zen and the Art of Motorcycle Maintenance." It evokes an imagery and
analogue between the art of Zen, a belief that we fulfill ourselves
and understand the universe through self-mastery and mediation, and
the passion and mastery required to function in the Internet. The
Internet (or "net") is a system of interlinked computer systems
connected into a packet switching (data block transfer) network. It
enables users in different locations to communicate with each other by
connecting to a host computer, such as a university mainframe or
public access system, by addressing their "mail" with a unique address
to a recipient on the other end. Uses of the Internet include sending
and receiving electronic mail, ftp file transfers, telnet services
allowing access to remote systems, and inter-relay chat (IRC). The
increase in computer access at universities and the proliferation
especially of Unix-based public access systems such as The Well or
Mindvox have dramatically increased public access to The Net.
Internet's popularity and accessability make Kehoe's volume both
timely and important both for new users and even for experienced
net-travellers.
ZAI offers not only the basics for roaming around Internet, but
provides a helpful reference source of tips and addresses for others.
Beginning with network basics, Kehoe describes the concept of
networking and summarizes how connections are made. A condensed
chapter on electronic mail addresses explains how they are
logically constructed, how to read domain and account names, and
tricks for correcting bounced mail. He emphasizes to readers that
Usenet *is not* the same as internet (the former is a process for
exchanging posts for a mass audience, the latter is the computer
networking systems that carry the posts). His explanation of Usenet
hierarchies, gateways, and "netiquette" should be invaluable to
newcomers.
ZAI's overview of ftp and telnet are especially helpful. One of the
most common "frequent asked questions" (FAQs) received by CuD is, "how
can I ftp back issues?" Kehoe explains, step-by-step, how one uses ftp
and telnet. He also provides the addresses of a number of useful sites
for accessing help files, security documents, and other information of
use both to novices and professionals. His summary of "things you'll
hear about" is a list of people, common terms, or sites that, if read
and remembered, will allow a novice to appear to be a seasoned user
almost immediately.
Readers should not be deceived by Kehoe's easy-going and often
humorous style. Beneath the captivating prose is a serious purpose:
Kehoe successfully brings to life a primer in netology, and he
collapses considerable information into a short space. When finished
with the book, one will be able to distinguish between Z files and Gif
files, roam around archie with confidence, and log on to anonymous
ftp.
In the third edition, it would be helpful if some topics were
expanded. Additional addresses could be included of those sites that
have established longevity, Electronic digests such as Telecom Digest
and Cu-Digest might be mentioned, and a chapter on Bitnet, a
widely-used system among academics, might be included. It would also
be helpful to include a separate chapter on IRC, a growing interactive
communication procedure. If the publisher doesn't balk at the
expansion, a longer glossary and an expanded bibliography would also
be helpful (or at least explicit pointers to them).
These suggestions aside, ZAI, although a bit pricey at $22, is still a
good value, and the average reader will take away far more than from
books twice the size (or cost). It would make a nifty classroom aid
and should be required reading for anybody before being turned loose
on the nets. In fact, it should be required reading for us all.
------------------------------
Date: Mon, 17 Aug 1992 14:48:18 EDT
From: David Sobel <dsobel@WASHOFC.CPSR.ORG>
Subject: File 9--CPSR Letter on Crypto Policy
CPSR Letter on Crypto Policy
The following is the text of a letter Computer Professionals for
Social Responsibility (CPSR) recently sent to Rep. Jack Brooks,
chairman of the House Judiciary Committee. The letter raises several
issues concerning computer security and cryptography policy. For
additional information on CPSR's activities in this area, contact
banisar@washofc.cpsr.org. For information concerning CPSR generally
(including membership information), contact cpsr@csli.stanford.edu.
====================================================
August 11, 1992
Representative Jack Brooks
Chairman
House Judiciary Committee
2138 Rayburn House Office Bldg.
Washington, DC 20515-6216
Dear Mr. Chairman:
Earlier this year, you held hearings before the Subcommittee on
Economic and Commercial Law on the threat of foreign economic
espionage to U.S. corporations. Among the issues raised during the
hearings were the future of computer security authority and the
efforts of government agencies to restrict the use of new
technologies, such as cryptography.
As a national organization of computer professionals interested
in the policies surrounding civil liberties and privacy, including
computer security and cryptography, CPSR supports your efforts to
encourage public dialogue of these matters. Particularly as the
United States becomes more dependent on advanced network technologies,
such as cellular communications, the long-term impact of proposed
restrictions on privacy-enhancing techniques should be carefully
explored in a public forum.
When we had the opportunity to testify before the Subcommittee on
Legislation and National Security in May 1989 on the enforcement of
the Computer Security Act of 1987, we raised a number of these issues.
We write to you now to provide new information about the role of the
National Security Agency in the development of the Digital Signature
Standard and the recent National Security Directive on computer
security authority. The information that we have gathered suggests
that further hearings are necessary to assess the activities of the
National Security Agency since passage of the Computer Security Act of
1987.
The National Security Agency
and the Digital Signature Standard
Through the Freedom of Information Act, CPSR has recently learned
that the NSA was the driving force behind the selection and
development of the Digital Signature Standard (DSS). We believe that
the NSA's actions contravene the Computer Security Act of 1987. We
have also determined that the National Institute of Standards and
Technology (NIST) attempted to shield the NSA's role in the
development of the DSS from public scrutiny.
The Digital Signature Standard will be used for the
authentication of computer messages that travel across the public
computer network. Its development was closely watched in the computer
science community. Questions about the factors leading to the
selection of the standard were raised by a Federal Register notice, 56
Fed. Reg. 42, (Aug 30, 1991), in which NIST indicated that it had
considered the impact of the proposed standard on "national security
and law enforcement," though there was no apparent reason why these
factors might be considered in the development of a technical standard
for communications security.
In August 1991, CPSR filed a FOIA request with the National
Institute of Standards and Technology seeking all documentation
relating to the development of the DSS. NIST denied our request in
its entirety. The agency did not indicate that they had responsive
documents from the National Security Agency in their files, as they
were required to do under their own regulations. 15 C.F.R. Sec.
4.6(a)(4) (1992). In October 1991, we filed a similar request for
documents concerning the development of the DSS with the Department of
Defense. The Department replied that they were forwarding the request
to the NSA, from whom we never received even an acknowledgement of our
request.
In April 1992, CPSR filed suit against NIST to force disclosure
of the documents. CPSR v. NIST, et al., Civil Action No. 92-0972-RCL
(D.D.C.). As
a result of that lawsuit, NIST released 140 out of a total of 142
pages. Among those documents is a memo from Roy Saltman to Lynn
McNulty which suggests that there were better algorithms available
than the one NIST eventually recommended for adoption. If that is so,
why did NIST recommend a standard that its own expert believed was
inferior?
Further, NIST was required under Section 2 of the Computer
Security Act to develop standards and guidelines to "assure the
cost-effective security and privacy of sensitive information in
federal systems." However, the algorithm selected by NIST as the DSS
was purposely designed to minimize privacy protection: its use is
limited to message authentication. Other algorithms that were
considered by NIST included both the ability to authenticate messages
and the capability to incorporate privacy-enhancing features. Was
NSA's interest in communication surveillance one of the factors that
lead to the NIST decision to select an algorithm that was useful for
authentication, but not for communications privacy?
Most significantly, NIST also disclosed that 1,138 pages on the
DSS that were created by the NSA were in their files and were being
sent back to the NSA for processing. Note that only 142 pages of
material were identified as originating with NIST. In addition, it
appears that the patent for the DSS is filed in the name of an NSA
contractor.
The events surrounding the development of the Digital Signature
Standard warrant further Congressional investigation. When Congress
passed the Computer Security Act, it sought to return authority for
technical standard-setting to the civilian sector. It explicitly
rejected the proposition that NSA should have authority for developing
technical guidelines:
Since work on technical standards represents virtually
all of the research effort being done today, NSA would
take over virtually the entire computer standards job
from the [National Institute of Standards and
Technology]. By putting the NSA in charge of developing
technical security guidelines (software, hardware,
communications), [NIST] would be left with the
responsibility for only administrative and physical
security measures -- which have generally been done
years ago. [NIST], in effect, would on the surface be
given the responsibility for the computer standards
program with little to say about the most important part
of the program -- the technical guidelines developed by
NSA.
Government Operation Committee Report at 25-26, reprinted in 1988 U.S.
Code Cong. and Admin. News at 3177-78. See also Science Committee
Report at 27, reprinted in 1988 U.S.C.A.N. 3142.
Despite the clear mandate of the Computer Security Act, NSA does,
indeed, appear to have assumed the lead role in the development of the
DSS. In a letter to MacWeek magazine last fall, NSA's Chief of
Information Policy acknowledged that the Agency "evaluated and
provided candidate algorithms including the one ultimately selected by
NIST." Letter from Michael S. Conn to Mitch Ratcliffe, Oct. 31, 1991.
By its own admission, NSA not only urged the adoption of the DSS -- it
actually "provided" the standard to NIST.
The development of the DSS is the first real test of the
effectiveness of the Computer Security Act. If, as appears to be the
case, NSA was able to develop the standard without regard to
recommendations of NIST, then the intent of the Act has clearly been
undermined.
Congress' intent that the standard-setting process be open to
public scrutiny has also been frustrated. Given the role of NSA in
developing the DSS, and NIST's refusal to open the process to
meaningful public scrutiny, the public's ability to monitor the
effectiveness of the Computer Security Act has been called into
question.
On a related point, we should note that the National Security
Agency also exercised its influence in the development of an important
standard for the digital cellular standards committee. NSA's
influence was clear in two areas. First, the NSA ensured that the
privacy features of the proposed standard would be kept secret. This
effectively prevents public review of the standard and is contrary to
principles of scientific research.
The NSA was also responsible for promoting the development of a
standard that is less robust than other standards that might have been
selected. This is particularly problematic as our country becomes
increasingly dependent on cellular telephone services for routine
business and personal communication.
Considering the recent experience with the DSS and the digital
cellular
standard, we can anticipate that future NSA involvement in the
technical standards field will produce two results: (1) diminished
privacy protection for users of new communications technologies, and
(2) restrictions on public access to information about the selection
of technical standards. The first result will have severe
consequences for the security of our advanced communications
infrastructure. The second result will restrict our ability to
recognize this problem.
However, these problems were anticipated when Congress first
considered the possible impact of President Reagan's National Security
Decision Directive on computer security authority, and chose to
develop legislation to promote privacy and security and to reverse
efforts to limit public accountability.
National Security Directive 42
Congressional enactment of the Computer Security Act was a
response to President Reagan's issuance of National Security Decision
Directive ("NSDD") 145 in September 1984. It was intended to reverse
an executive policy that enlarged classification authority and
permitted the intelligence community broad say over the development of
technical security standards for unclassified government and
non-government computer systems and networks. As noted in the
committee report, the original NSDD 145 gave the intelligence
community new authority to set technical standards in the private
sector:
[u]nder this directive, the Department of Defense (DOD)
was given broad new powers to issue policies and
standards for the safeguarding of not only classified
information, but also other information in the civilian
agencies and private sector which DOD believed should be
protected. The National Security Agency (NSA), whose
primary mission is one of monitoring foreign
communications, was given the responsibility of
managing this program on a day-to-day basis.
H. Rep. No. 153 (Part 2), 100th Cong., 1st Sess. 6 (1987). The
legislation was specifically intended to override the Presidential
directive and to "greatly restrict these types of activities by the
military intelligence agencies ... while at the same time providing a
statutory mandate for a strong security program headed up by [NIST], a
civilian agency." Id. at 7.
President Bush issued National Security Directive ("NSD") 42 on
July 5, 1990. On July 10, 1990, Assistant Secretary of Defense Duane
P. Andrews testified before the House Subcommittee on Transportation,
Aviation, and Materials on the contents of the revised NSD. The
Assistant Secretary stated that the "the new policy is fully compliant
with the Computer Security Act of 1987 (and the Warner Amendment) and
clearly delineates the responsibilities within the Federal Government
for national security systems."
On August 27, 1990, CPSR wrote to the Directorate for Freedom of
Information of the Department of Defense and requested a copy of the
revised NSD, which had been described by an administration official at
the July hearing but had not actually been disclosed to the public.
CPSR subsequently sent a request to the National Security Council
seeking the same document. When both agencies failed to reply in a
timely fashion, CPSR filed suit seeking disclosure of the Directive.
CPSR v. NSC, et al., Civil Action No. 91-0013-TPJ (D.D.C.).
The Directive, which purports to rescind NSDD 145, was recently
disclosed as a result of this litigation CPSR initiated against the
National Security Council.
The text of the Directive raises several questions concerning the
Administration's compliance with the Computer Security Act:
1. The new NSD 42 grants NSA broad authority over "national security
systems." This phrase is not defined in the Computer Security Act and
raises questions given the expansive interpretation of "national security"
historically employed by the military and intelligence agencies and the
broad scope that such a term might have when applied to computer
systems within the federal government.
If national security now includes international economic activity, as
several witnesses at your hearings suggested, does NSD 42 now grant NSA
computer security authority in the economic realm? Such a result would
clearly contravene congressional intent and eviscerate the distinction
between civilian and "national security" computer systems.
More critically, the term "national security systems" is used
throughout the document to provide the Director of the National
Security Agency with broad new authority to set technical standards.
Section 7 of NSD 42 states that the Director of the NSA, as "National
Manager for National Security Telecommunications and Information
Systems Security," shall
* * *
c. Conduct, *approve*, or endorse research and
development of techniques and equipment to secure
national security systems.
d. Review and *approve* all standards, techniques,
systems, and equipment, related to the security of
national security systems.
* * *
h. Operate a central technical center to evaluate and
*certify* the security of national security
telecommunications and information systems.
(Emphasis added)
Given the recent concern about the role of the National Security
Agency in the development of the Digital Signature Standard, it is our
belief that any standard-setting authority created by NSD 42 should
require the most careful public review.
2. NSD 42 appears to grant the NSA new authority for information
security. This is a new area for the agency; NSA's role has
historically been limited to communications security. Section 4 of
the directive provides as follows:
The National Security Council/Policy Coordinating
Committee (PCC) for National Security Telecommuni-
cations, chaired by the Department of Defense, under the
authority of National Security Directives 1 and 10,
assumed the responsibility for the National Security
Telecommunications NSDD 97 Steering Group. By
authority of this directive, the PCC for National Security
Telecommunications is renamed the PCC for National
Security Telecommunications and Information Systems,
and shall expand its authority to include the
responsibilities to protect the government's national
security telecommunications and information systems.
(Emphasis added).
Thus, by its own terms, NSD 42 "expands" DOD's authority to
include "information systems." What is the significance of this new
authority? Will it result in military control of systems previously
deemed to be civilian?
3. NSD 42 appears to consolidate NSTISSC (The National Security
Telecommunications and Information Systems Security Committee)
authority for both computer security policy and computer security
budget determinations.
According to section 7 of the revised directive, the National
Manager for NSTISSC shall:
j. Review and assess annually the national security
telecommunications systems security programs and
budgets of Executive department and agencies of the U.S.
Government, and recommend alternatives, where
appropriate, for the Executive Agent.
NSTISSC has never been given budget review authority for federal
agencies. This is a power, in the executive branch, that properly
resides in the Office of Management and Budget. There is an
additional concern that Congress's ability to monitor the activities
of federal agencies may be significantly curtailed if this NSTISSC, an
entity created by presidential directive, is permitted to review
agency budgets in the name of national security.
4. NSD 42 appears to weaken the oversight mechanism established
by the Computer Security Act. Under the Act, a Computer Systems
Security and Privacy Advisory Board was established to identify
emerging issues, to inform the Secretary of Commerce, and to report
findings to the Congressional Oversight Committees. Sec. 3, 15 U.S.C.
Sec. 278g-4(b).
However, according to NSD 42, NSTISSC is established "to consider
technical matters and develop operating policies, procedures,
guidelines, instructions, and standards as necessary to implement
provisions of this Directive." What is the impact of NSTISSC
authority under NSD 42 on the review authority of the Computer Systems
Security and Privacy Advisory Board created by the Computer Security
Act?
Conclusion
Five years after passage of the Computer Security Act, questions
remain about the extent of military involvement in civilian and
private sector computer security. The acknowledged role of the
National Security Agency in the development of the proposed Digital
Signature Standard appears to violate the congressional intent that
NIST, and not NSA, be responsible for developing security standards
for civilian agencies. The DSS experience suggests that one of the
costs of permitting technical standard setting by the Department of
Defense is a reduction in communications privacy for the public. The
recently released NSD 42 appears to expands DOD's security authority
in direct contravention of the intent of the Computer Security Act,
again raising questions as to the role of the military in the nation's
communications network.
There are also questions that should be pursued regarding the
National Security Agency's compliance with the Freedom of Information
Act. Given the NSA's increasing presence in the civilian computing
world, it is simply unacceptable that it should continue to hide its
activities behind a veil of secrecy. As an agency of the federal
government, the NSA remains accountable to the public for its
activities.
We commend you for opening a public discussion of these important
issues and look forward to additional hearings that might address the
questions we have raised.
Sincerely,
Marc Rotenberg,
Director
CPSR Washington Office
------------------------------
End of Computer Underground Digest #4.38
************************************
Computer underground Digest Wed Aug 26, 1992 Volume 4 : Issue 39
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Copy Editor: Etaion Shrdlu, III
Archivist: Brendan Kehoe
Shadow-Archivist: Dan Carosone
CONTENTS, #4.39 (Aug 26, 1992)
File 1--Electronic Pests - Whiners, Thumpers, and Others
File 2--Mike Godwin's Response to William Sessions on Telephony Bill
File 3-- N.S.W. (Australia) anti-Corruption Report Released
File 4--Internet Guide (Nutshell Resource)
File 5--What is Usenet? NOT.
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by
anonymous ftp from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: 22 Aug 92 00:01:17 EDT
From: Bob McClenon <76476.337@COMPUSERVE.COM>
Subject: File 1--Electronic Pests - Whiners, Thumpers, and Others
This is a draft think piece for now. I have been thinking in the last
few weeks, based on experience on various bulletin board and mail
systems, about a taxonomy of electronic pests -- people who make
bulletin board systems unpleasant. I propose four categories for now:
whiners; thumpers; snipers; and dumpers.
Whiners are unhappy people who complain a great deal. Some whiners do
nothing but complain; they never ask for advice (which they wouldn't
accept anyway); offer advice; or engage in pleasantries. A few
whiners ask for advice but don't like it. There is no hard and fast
line between acceptable behavior and whining, but "you'll know it when
you read it". Whiners are unassertive unhappy people. (Bulletin
board users who are assertive about their unhappiness become other
types of pests.) In my experience most whiners have been female,
possibly because they have been socialized to be unassertive. Whiners
are the least destructive class of BBS pest, because they can
generally be ignored, and will usually heed a sysop warning to cool
it.
Thumpers are doctrinaire or ideological people who believe that all
the answers that matter can be found by reference to a holy book or
similar authority. The prototype for a thumper is a Christian
Bible-thumper. Objectivists thump the works of Ayn Rand. Communists
thump the works of Marx. Pseudo-scientists or adherents of
pseudo-scientific cults are sometimes thumpers, if they have accepted
a single truth rather than pursuing bizarre truths electically; for
instance, Velikovskians are thumpers. I have also seen thumpers
holding subviews in the true sciences. Thumpers are a common problem
in the comp. newsgroups of Usenet, and are one reason why the number
of issues of digests constantly increase, to deal with their constant
counter-flamings. One difference between thumpers and other believers
is that thumpers habitually denigrate other views, rather than
ignoring them or engaging in real dialogue. Their usual objective is
to win converts; however, they generally do not succeed, because they
do little to persuade the unpersuaded. Telling a skeptic to read the
Bible is not useful; he may have already read it and find it complex
and requiring difficult interpretation. Telling him to read the Bible
and understand it is empty unless one already understands a particular
interpretation. Telling someone to read Atlas Shrugged who finds it
flawed literature is not helpful. Thumpers are common in religious or
ideological sections. They may be harmless there. But their
intolerance may cause others to lose faith, especially if the faith is
one, like Christianity, that has a tradition of tolerance. They often
engage in internal quarrels. However, I have seen that a few
Bible-thumpers in a political and general section can be destructive,
because they squelch questioners by their thumping. They are very
difficult for a sysop to silence because they are convinced of their
own rightness. The best way to deal with thumpers, if possible, is to
isolate them. This is not always possible.
Snipers are angry people who lie in wait for the unsuspecting and lash
out at them. Sometimes they do so briefly and obnoxiously, sometimes
at length. Unlike both whiners and thumpers, they are usually silent,
but when they are aroused they can cause great unpleasantness, and can
even be slanderous. Snipers are difficult to control because they
snipe at sysops.
Dumpers are a special class of whiners. They complain, but they also
attack people or classes of people whom they believe (rightly or
wrongly) have made them unhappy. They in particular "dump" torrents
of abuse on people and classes. They are difficult to control because
when admonished they dump on the sysop about the unfairness of
censorship.
Does anyone have any comments? Has anyone experienced other classes
of pests or unpleasant users?
------------------------------
Date: Tue, 24 Aug 92 18:20:41 CDT
From: eff@eff.org
Subject: File 2--Mike Godwin's Response to W. Sessions on Telephony Bill
((Reprinted from: Effector 3.03, Aug 24, 1992))
THE EFF AND THE FBI: An exchange of views
This is an exchange of letters in the Wall Street Journal between the
Director of the FBI, William Sessions and EFF's Staff Counsel, Mike
Godwin.
++++++++++++++++
August 4, 1992
FBI Must Keep Up With Wonks & Hackers
Re your July 9 article about a very successful "computer hackers"
investigation conducted by the FBI and the Secret Service ("Wiretap
Inquiry Spurs Computer Hacker Charges"): The article mentions that
court-ordered electronic surveillance was a critical part of the
investigation and that the FBI is seeking laws to make it easier to
tap computer systems. Mike Godwin, general counsel for the Electronic
Frontier Foundation, said that "the success in this case 'undercuts'
the argument that new laws are needed." I believe the opposite to be
the case. This investigation clearly demonstrates why legislation is
absolutely necessary.
What Mr. Godwin is referring to is a legislative proposal on behalf of
law enforcement to ensure that as telecommunications technology
advances, the ability of law enforcement to conduct court-ordered
electronic surveillance is not lost. Without the legislation, it is
almost certain that will occur. The proposal is not directed at
computer systems, but pertains to telephone service providers and
equipment manufacturers.
In 1968, Congress carefully considered and passed legislation setting
forth the exacting procedure by which court authorization to conduct
electronic surveillance can be obtained. Since that time it has
become an invaluable investigative tool in combating serious and often
life-threatening crimes such as terrorism, kidnapping, drugs and
organized crime. The 1968 law contemplates cooperation by the
telecommunications service providers in implementing these court
orders. The proposed legislation only clarifies that responsibility
by making it clearly applicable regardless of the technology deployed.
Absent legislation, the ability to conduct successful investigations
such as the one mentioned in your article will certainly be
jeopardized. The deployment of digital telecommunications equipment
that is not designed to meet the need for law enforcement to
investigate crime and enforce the laws will have that effect. No new
authority is needed or requested. All the legislation would do if
enacted is ensure that the status quo is maintained and the ability
granted by Congress in 1968 preserved.
William S. Sessions Director, FBI, Department of Justice Wall Street
Journal, August 4, 1992
+++++++++++++++
August 14, 1992
Letters to the Editor The Wall Street Journal: 200 Liberty Street New
York, NY 10281
In his Aug. 4 letter to the editor, FBI Director William Sessions
disagrees with my quoted opinion that the FBI's success in a
computer-wiretap case "'undercuts' the argument that new laws are
needed." His disagreement doesn't disturb me too much; it's the kind
of thing over which reasonable people can disagree.
What does disturb me, however, is Sessions's claim about the FBI's
initiative to require the phone companies (and other
communications-service providers, like CompuServe) to build
wiretapping capabilities into their systems. Says Sessions, apparently
without irony: "No new authority is needed or requested. All the
legislation would if enacted is ensure that the status quo is
maintained and the ability [of law enforcement to implement wiretaps]
is preserved." Earlier, Sessions says the proposed legislation "only
clarifies [the phone companies'] responsibility" to cooperate with
properly authorized law enforcement under the 1968 Wiretap Act.
What Sessions does not mention, however, is that his legislation
would, among other things, allow the government to impose upon those
phone companies and communications-service providers who do not build
wiretapping into their systems "a civil penalty of $10,000 per day for
each day in violation." By any standards other than those of Sessions
and the FBI, this constitutes "new authority." If this proposal "only
clarifies" providers' obligations under the 1968 Act, one shudders to
imagine what Sessions would call an "expansion" of law-enforcement
authority.
MIKE GODWIN Staff Counsel Electronic Frontier Foundation Cambridge,
Massachusetts
------------------------------
Date: Sat, 22 Aug 1992 09:32:08 EDT
From: Roger Clarke <clarcomm@FAC.ANU.EDU.AU>
Subject: File 3--N.S.W. (Australia) anti-Corruption Report Released
A long-running 'Independent Commission Against Corruption' enquiry in
N.S.W. has finally reported on an investigation into leakage of
personal data to private enquiry agents, and the leading Sydney daily
had over 2 large pages devoted to the matter. Here's the lead
article.
Roger Clarke
+++++++++++++++++++++++++++++++++++++++++++++++++++++
SYDNEY MORNING HERALD
August 13 1992
HUGE TRADE IN PERSONAL FILES
By MALCOLM BROWN
Westpac, National Australia Bank, NRMA Insurance Ltd, Custom Credit
and Citicorp are some of the big names in a damning report by the ICAC
Assistant Commissioner, Mr Adrian Roden, QC, on the unauthorised
release of confidential government information.
Mr Roden found that there was a multi-million-dollar trade in such
information which involved public servants, including police, and
private inquiry agents.
"Information, from a variety of State and Commonwealth government
sources and the private sector has been freely and regularly sold and
exchanged for many years," he said. "NSW public officials have been
heavily involved."
Mr Roden heard 446 witnesses in public and private hearings over 168
days before compiling his 1,300-page report.
Even so, he said, it was necessary to be selective; thousands of
private and commercial inquiry agents had not examined.
Mr Roden found that more than 250 people had participated in the
illicit trade or had contributed to it.
Of these, 155 had engaged in corrupt conduct. A further 101 had
engaged in conduct which allowed, encouraged or caused the occurrence
of corrupt conduct.
Many are NSW and Commonwealth public servants who sold information
collected by the agencies where they work, including the Roads and
Traffic Authority (RTA), police force, Telecom and Sydney County
Council.
The Attorney-General, Mr Hannaford, announced that the Director of
Public Prosecutions had set up a task force to consider laying charges
against more than 100 people named in the report.
He said many of the public servants named could expect to lose their
jobs and that the heads of all the government departments involved had
been told to examine the report and take action against those
involved.
The Assistant Police Commissioner, Mr Col Cole, confirmed yesterday
that five police officers had been suspended and announced that three
task forces had been set up and computer security upgraded.
Mr Hannaford foreshadowed the introduction of privacy legislation to
make the unauthorised use of confidential information a criminal
offence.
The major banks said that they could not condone what their staff had
done but said the staff had believed that they were acting in the best
interests of their employers and the community.
None of the banks was planning to sack staff found to be corrupt
although several said the staff had been counselled or "educated".
Mr Roden said the trade involved banks, insurance companies and other
financial institutions which had provided "a ready market".
The link was provided by private and commercial inquiry agents. With
some banks, codes had been used to conceal the nature of the
transactions.
"As they have gone about their corrupt trade, commercial interest has
prevailed over commercial ethics, greed ha~ prevailed over public
duty; laws and regulations designed to protect confidentiality have
been ignored," Mr Roden said.
"Frequently the client, generally an insurance company, bank or other
financial institution, ordered the information from the agent with a
full appreciation of how it was to be obtained.
"The evidence disclosed that in the collection and recovery
departments of a number of those institutions, it has long been
standard practice to use confidential government information . . . as
a means of locating debtors."
Some finance and insurance companies had directed agents to keep all
references to the trade off invoices and reports.
"Some even directed that the agents falsely state the source of the
information in their reports," Mr Roden said.
"Some solicitors in private practice have sought and purchased
confidential government information in circumstances in which they
must have known that it could not have been properly obtained."
Mr Kevin Rindfleish, an unlicensed private inquiry agent, had sold
Department of Motor Transport/Roads and Traffic Authority and social
security information "on a large scale". His principal client had been
the ANZ Bank.
A private investigator, Mr Terence John Hancock, and his company, All
Cities Investigations Pty Ltd, had sold confidential government
information to the National Australia Bank and Westpac on a regular
basis.
Two employees of the NAB had used prior contacts to provide the bank
with access to RTA, social security, Australia Post and immigration
information. Between them, the employees also provided silent numbers
and information on electricity consumers.
The Advance Bank had "over a period of years" obtained information
improperly released from the RTA, the Department of Social Security
and the Department of Immigration. The practice was "known and
approved at least to senior management level".
New Zealand Insurance and Manufacturers Mutual had bought confidential
government information from private investigators.
NRMA Insurance Ltd and the Government Insurance Office were "found to
have participated as freely in the illicit trade in confidential
government information as their more commercially oriented
competitors".
"Evidence relating to NRMA Insurance Ltd established not only that it
purchased confidential government information through private
investigators, but also that investigators were required to obtain
relevant government information by unauthorised means if they were to
retain the company's work."
Esanda Finance Corporation Ltd had bought confidential information
over at least 23 years. Custom Credit Corporation Ltd which had
engaged in the illicit trade over "many years", had maintained false
records to conceal how it obtained information.
Alston de Zilwa, former underwriter and operations manager of Citicorp
Ltd and later, Toyota Finance Australia Limited's credit operations
manager, had established for each of the two companies a system for
obtaining confidential information.
The companies would seek information directly from employees of the
DMA and RTA and pay a private inquiry agent, Mr Kevin Robinson, who
would "launder" it, then invoice the companies for the corresponding
sum.
Mr Roden said that hundreds of thousands of dollars had changed hands
in the trade uncovered. One agent had estimated that he had paid
$40,000 to $50,000 a year for Social Security information alone.
Another had said he received $100,000 over two years for government
information.
Yet another had, according to records, charged a bank $186,000 for
"inquiry services" over a period of 18 months.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Simon Davies and Graham Greenleaf know a great deal about these matters; I
know a bit too, so if there's valuable info in here to support your own
work, let one of us know and we'll track down the refs. If there's
interest, I could also get the rest of the articles scanned in and put them
on an archive.
------------------------------
Date: Mon, 24 Aug 1992 12:42:22 PDT
From: Brian Erwin <brian@ORA.COM>
Subject: File 4--Internet Guide
On September 13, O'Reilly & Associates, Inc. will publish the
most comprehensive guide to the Internet, THE WHOLE INTERNET USER'S
GUIDE & CATALOG. Written by Ed Krol, assistant director for LAN
Deployment at the University of Illinois, this 400-page book covers
the basic utilities used to access the network and then guides users
through the Internet's "databases of databases" to access the millions
of files and thousands of archives available.
To help users maneuver smoothly through the system, THE WHOLE
INTERNET USER'S GUIDE & CATALOG presents:
* The History of the Internet
* How the Internet Works
* What's Allowed on the Internet
* How to Remote Login, Use Electronic Mail, and Move A File
* How to Find Software or Someone
* How to Deal with Network Problems
An added bonus of Krol's work is a resource index that covers a
broad selection of several hundred important resources available on
the Internet, ranging from the King James Bible to archives for USENET
news. In addition, Krol uses commands that can be used on almost any
computer, be it a PC or an open system.
THE WHOLE INTERNET USER'S GUIDE & CATALOG
by Ed Krol
ISBN 1-56592-025-2
Publication Date: September 13, 1992
400 pages; indexed
$24.95
------------------------------
Date: Mon, 24 Aug 92 16:19:09 EDT
From: Edward Vielmetti <emv@MSEN.COM>
Subject: File 5--What is Usenet? NOT.
I read the reviews of Zen, especially ch 4 the "what is usenet" bit.
_Zen_ has many good points but I suspect it will need to get better in
that section; the text there looks pretty old and stale to my eyes and
really hasn't been revised since the first "What is Usenet" postings
went out to the net oh lo those many years ago. Following is my
response to the "What is Usenet" information found in the "what is
Usenet" archive and reprinted in many books.
From-- emv@msen.com (Edward Vielmetti)
Subject-- What is Usenet? NOT.
References-- <spaf-whatis_692072008@cs.purdue.edu>
Organization-- MSEN, Inc. -- Ann Arbor, MI
Archive-name-- what-is-usenet/not
In article <spaf-whatis_692072008@cs.purdue.edu> spaf@cs.purdue.EDU (Gene
Spafford) writes:
>Archive-name: what-is-usenet/part1
>Last-change: 2 Dec 91 by chip@count.tct.com (Chip Salzenberg)
>
>The first thing to understand about Usenet is that it is widely
>misunderstood. Every day on Usenet, the "blind men and the elephant"
>phenomenon is evident, in spades. In my opinion, more flame wars
>arise because of a lack of understanding of the nature of Usenet than
>from any other source. And consider that such flame wars arise, of
>necessity, among people who are on Usenet. Imagine, then, how poorly
>understood Usenet must be by those outside!
Imagine, indeed, how poorly understood Usenet must be by those who
have the determined will to explain what it is by what it is not?
"Usenet is not a bicycle. Usenet is not a fish."
Any essay on the purported "nature of usenet" that doesn't get revised
every few months quickly becomes a quaint historical document, which
at best yields a prescriptivist grammar for how the net "should be"
and at worst tries to shape how the Usenet "really is". That's
especially true of essays on Usenet that complain about how little the
old hoary chestnuts get changed!
The first thing to understand about Usenet is that it is big. Really
big. Netnews (and netnews-like things) have percolated into many more
places than are even known about by people who track such things.
There is no grand unified list of everything that's out there, no way
to know beforehand who is going to read what you post, and no history
books to guide you that would let you know even a small piece of any
of the in jokes that pop up in most newsgroups. Distrust any grand
sweeping statements about "Usenet", because you can always find a
counterexample. (Distrust this message, too :-).
>Any essay on the nature of Usenet cannot ignore the erroneous
>impressions held by many Usenet users. Therefore, this article will
>treat falsehoods first. Keep reading for truth. (Beauty, alas, is
>not relevant to Usenet.)
Any essay on the nature of Usenet that doesn't change every so often
to reflect its ever changing nature is erroneous. Usenet is not a
matter of "truth", "beauty", "falsehood", "right", or "wrong", except
insofar as it is a means for people to talk about these and many
other things.
>WHAT USENET IS NOT
>------------------
> 1. Usenet is not an organization.
Usenet is organized. There are a number of people who contribute
to its continued organization -- people who post lists of things,
people who collect "frequently asked questions" postings, people
who give out or sell newsfeeds, people who keep archives of groups,
people who put those archives into WAIS or gopher servers. This
organization is accompanied by a certain amount of disorganization
-- news software that doesn't always work just right, discussions
that wander from place to place, people who don't follow the guidelines,
and parts of the net that resist easy classification. Order and
disorder are part of the same whole.
In the short run, the person or group who runs the system that you
read news from and the sites which that system exchanges news with all
control who gets a feed, which articles are propagated to what places
and how quickly, and who can post articles. In the long run, there
are a number of alternatives for Usenet access, including companies
which can sell you feeds for a fee, and user groups which provide
feeds for their members; while you are on your own right now as you
type this in, over the long haul there are many choices you have on
how to deal with the net.
> 2. Usenet is not a democracy.
Usenet has some very "democratic" sorts of traditions. Traffic is
ultimately generated by readers, and people who read news ultimately
control what will and will not be discussed on the net. While the
details of any individual person's news reading system may limit or
constrain what is easy or convenient for them to do right now, in the
long haul the decisions on what is or is not happening rests with the
people.
On the other hand, there have been (and always will be) people who
have been on the net longer than you or I have been, and who have a
strong sense of tradition and the way things are normally done. There
are certain things which are simply "not done". Any sort of decision
that involves counting the number of people yes or no on a particular
vote has to cope with the entrenched interests who aren't about to
change their habits, their posting software, or the formatting of
their headers just to satisfy a new idea.
> 3. Usenet is not fair.
Usenet is fair, cocktail party, town meeting, notes of a secret cabal,
chatter in the hallway at a conference, friday night fish fry,
post-coital gossip, conversations overhead on an airplane, and a bunch
of other things.
> 4. Usenet is not a right.
Usenet is a right, a left, a jab, and a sharp uppercut to the jaw.
The postman hits! You have new mail.
> 5. Usenet is not a public utility.
Usenet is carried in large part over circuits provided by public
utilities, including the public switched phone network and lines
leased from public carriers. In some countries the national
networking authority has some amount of monopoly power over the
provision of these services, and thus the flow of information is
controlled in some manner by the whims and desires (and pricing
structure) of the public utility.
Most Usenet sites are operated by organizations which are not public
utilities, not in the ordinary sense. You rarely get your newsfeed
from National Telecom, it's more likely to be National U. or Private
Networking Inc.
> 6. Usenet is not an academic network.
Usenet is a network with many parts to it. Some parts are academic,
some parts aren't. Usenet is clearly not a commercial network like
Sprintnet or Tymenet, and it's not an academic network like BITNET.
But parts of BITNET are parts of Usenet, though some of the traffic on
usenet violates the BITNET acceptable use guidelines, even though the
people who are actually on BITNET sites reading these groups don't
necessarily mind that they are violating the guidelines.
Whew. Usenet is a lot of networks, and none of them. You name
another network, and it's not Usenet.
> 7. Usenet is not an advertising medium.
A man walks into a crowded theater and shouts, "ANYBODY WANT TO BUY A
CAR?" The crowd stands up and shouts back, "WRONG THEATER!"
Ever since the first dinette set for sale in New Jersey was advertised
around the world, people have been using Usenet for personal and for
corporate gain. If you're careful about it and don't make people mad,
Usenet can be an effective means of letting the world know about
things which you find valuable. But take care...
- Marketing hype will be flamed immediately. If you need to post a
press release, edit it first.
- Speak nice of your competitors. If your product is better than
theirs, don't say theirs is "brain damaged", "broken", or "worthless".
After all someone else might have the same opinion of your product.
- Dance around the issue. Post relevant information (like price, availability
and features) but make sure you don't send everything out. If someone
wants the hard sell let them request it from you by e-mail.
- Don't be an idiot. If you sell toasters for a living, don't spout off
in net.breadcrumbs about an international conspiracy to poison pigeons
orchestrated by the secret Usenet Cabal; toaster-buyers will get word
of your reputation for idiocy and avoid your toasters even if they are
the best in the market.
- You can't avoid representing your company when you post under the
banner of the company's name. No matter how many disclaimers you
put on, no matter how laid back the audience, it still happens.
To maintain a separate net.identity, post from a different site.
> 8. Usenet is not the Internet.
It would be very difficult to sustain the level of traffic that's
flowing on Usenet today if it weren't for people sending news feeds
over dedicated circuits with TCP/IP on the Internet. That's not to
say that if a sudden disease wiped out all IBM RTs and RS6000s that
form the NSFnet backbone that some people wouldn't be inconvenienced
or cut off from the net entirely. (Based on the reliability of the
backbone, perhaps the "sudden disease" has already hit?)
There's a certain symbiosis between netnews and Internet connections;
the cost of maintaining a newsfeed with NNTP is so much less than
doing the same thing with dialup UUCP that sites which depend enough
on the information flowing through news are some of the most eager to
get on the Internet.
The Usenet is not the Internet. Certain governments have laws which
prevent other countries from getting onto the Internet, but that
doesn't stop netnews from flowing in and out. Chances are pretty good
that a site which has a usenet feed you can send mail to from the
Internet, but even that's not guaranteed in some odd cases (news feeds
sent on CD-ROM, for instance).
> 9. Usenet is not a UUCP network.
UUCP carried the first netnews traffic, and a considerable number of
sites get their newsfeed using UUCP. But it's also fed using NNTP,
pressed onto CD-ROMs, faxed to China, and printed out on paper to be
tacked up on bulletin boards and pasted on refrigerators.
>10. Usenet is not a United States network.
A recent analysis of the top 1000 Usenet sites showed about 66% US
sites, 15% unknown, 10% Germany, 7% Canada, 2-3% each the UK, Japan,
Sweden, and Australia, and the rest mostly scattered around Europe.
You can read netnews on all seven continents, including Antarctica.
The state of California is the center of the net, with about 15% of
the mapped top sites there. Other states and provinces with
widespread news connectivity include Massachusetts, Texas, Ontario,
Ohio, New York, Pennsylvania, Illinois, and Oregon.
If you're looking for a somewhat less US-centered view of the world,
try reading regional newsgroups from various different states or
groups from various far-away places (which depending on where you are
at could be Japanese, German, Canadian, or Australian). There are a
lot of people out there who are different from you.
>11. Usenet is not a UNIX network.
Well...ok, if you don't have a UNIX machine, you can read news. In
fact, there are substantial sets of newsgroups (bit.*) which are
transported and gatewayed primarily through IBM VM systems, and a set
of newsgroups (vmsnet.*) which has major traffic through DEC VMS
systems. Reasonable news relay software runs on Macs (uAccess), Amiga
(a C news port), MS-DOS (Waffle), and no doubt quite a few more. I'm
typing on a DOS machine right now.
There is a certain culture about the net that has grown up on Unix
machines, which occasionally runs into fierce clashes with the culture
that has grown up on IBM machines (LISTSERV), Commodore 64's (BIFF IS
A K00L D00D), and MS-DOS Fidonet systems. If you are not running on a
Unix machine or if you don't have one handy there are things about the
net which are going to be puzzling or maddening, much as if you are
reading a BITNET list and you don't have a CMS system handy.
>12. Usenet is not an ASCII network.
There are reasonably standard ways to type Japanese, Russian, Swedish,
Finnish, Icelandic, and Vietnamese that use the ASCII character set to
encode your national character set. The fundamental assumption of
most netnews software is that you're dealing with something that looks
a lot like US ASCII, but if you're willing to work within those bounds
and be clever it's quite possible to use ASCII to discuss things in
any language.
>13. Usenet is not software.
Usenet software has gotten much better over time to cope with the ever
increasing aggregate flow of netnews and (in some cases) the extreme
volume that newsgroups generate. If you were reading news now with
the same news software that was running 10 years ago, you'd never be
able to keep up. Your system would choke and die and spend all of its
time either processing incoming news or expiring old news. Without
software and constant improvements to same, Usenet would not be here.
There is no "standard" Usenet software, but there are standards for
what Usenet articles look like, and what sites are expected to do with
them. It's possible to write a fairly simple minded news system
directly from the standards documents and be reasonably sure that it
will work with other systems, though thorough testing is necessary if
it's going to be used in the real world.
>WHAT USENET IS
>--------------
"Usenet is like Tetris for people who still remember
how to read." J.Heller
Usenet is mostly about people. There are people who are "on the
net", who read rec.humor.funny every so often, who know the same jokes
you do, who tell you stories about funny or stupid things they've
seen. Usenet is the set of people who know what Usenet is.
Usenet is a bunch of bits, lots of bits, millions of bits each day
full of nonsense, argument, reasonable technical discussion, scholarly
analysis, and naughty pictures.
Usenet (or netnews) is about newsgroups (or groups). Not bboards, not
LISTSERV, not mailing lists, they're groups. If someone calls them
something else they're not looking at things from a Usenet
perspective. That's not to say that they're "incorrect" -- who is to
say what is the right way of viewing the world? -- just that it's not
the Net Way. In particular, if they read Usenet news all mixed in
with their important every day mail (like reminders of who to go to
coffee with on Monday) they're not seeing netnews the way most people
see netnews. Some newsgroups are also (or "really") available on GENIE
(rec.humor.funny), BITNET LISTSERV groups (bit.listserv.pacs-l), or
linked with Fidonet (misc.handicap). So be prepared for some violent
culture clashes if someone refers to you favorite net.hangout as a
"board".
Newsgroups have names. These names are both very arbitrary and very
meaningful. People will fight for months or years about what to name
a newsgroup. If a newsgroup doesn't have a name (even a dumb one like
misc.misc) it's not a newsgroup. In particular newsgroup names have
dots in them, and people abbreviate them by taking the first letters
of the names (so alt.folklore.urban is afu, and soc.culture.china is
scc).
>DIVERSITY
>---------
There is nothing vague about Usenet. (Vague, vague, it's filling up
thousands of dollars worth of disk drives and you want to call it
vague? Sheesh!) It may be hard to pin down what is and isn't part of
usenet at the fringes, but netnews has tended to grow amoeba-like to
encompass more or less anything in its path, so you can be pretty sure
that if it isn't Usenet now it will be once it's been in contact with
Usenet for long enough.
There are a lot of systems that are part of Usenet. Chances are that
you don't have any clue where all your articles will end up going or
what news reading software will be used to look at them. Any message
of any appreciable size or with any substantial personal opinion in it
is probably in violation of some network use policy or local ordinance
in some state or municipality.
>CONTROL
>-------
1. Keep the processors up and running, and make sure there's
enough disk space for netnews.
2. Keep the network up and running so that the
newsfeed comes in.
3. Install new newsreaders, get more feeds of more
groups, test out the latest filtering code.
4. Plan for getting more disks so you can keep more
news and index it all.
5. Read news (if there's time).
Some people are control freaks. They want to present their opinion
of how things are, who runs what, what is OK and not OK to do,
which things are "good" and which are "bad". You will run across
them every so often. They might even cancel your article that you
spend hours composing if it suits their whims. They serve a useful
purpose; there's a lot of chaos inherent in a largely self-governing
system, and people with a strong sense of purpose and order can
make things a lot easier. Just don't believe everything they say.
In particular, don't believe them when they say "don't believe
everything they say", because if they post the same answers month
after month some other people are bound to believe them.
If you run a news system you can be a petty tyrant. You can decide
what groups to carry, who to kick off your system, how to expire old
news so that you keep 60 days worth of misc.petunias but expire
rec.pets.fish almost immediately. In the long run you will probably
be happiest if you make these decisions relatively even-handedly since
that's the posture least likely to get people to notice that you
actually do have control.
Your right to exercise control over netnews usually ends at your
neighbor's spool directory. Pleading, cajoling, appealing to good
nature, or paying your news feed will generally yield a better
response than flames on the net.
>PERIODIC POSTINGS
>-----------------
"I've already explained this once, but repetition is
the very soul of the net." (from alt.config)
One of the ways to exert control over the workings of the net is to
take the time to put together a relatively accurate set of answers to
some frequently asked questions and post it every month. If you do
this right, the article will be stored for months on sites around the
world, and you'll be able to tell people "idiot, don't ask this
question until you've read the FAQ, especially answer #42".
The periodic postings include several lists of newsgroups, along with
comments as to what the contents of the groups are supposed to be.
Anyone who has the time and energy can put together a list like this,
and if they post it for several months running they will get some
measure of net.recognition for themselves as being the "official"
keeper of the "official" list. But don't delude yourself into
thinking that anything on the net is official in any real way; the
lists serve to perpetuate common myths about who's talking about what
where, but that's no guarantee that things will actually work out that
way.
There is an elaborate ritual associated with preparing a periodic posting
and having it appear in the newsgroup "news.answers". This ritual involves
intimate familiarity with the arcana of netnews headerology, proper
ordering of newsgroup names and accurate spelling of words that have both
British and American spellings.
PROPAGATION
-----------
In the olden days, when the net was young, and you could still read it
at 300 baud on a dumb terminal without a news reader and get work done
during the rest of the day...
In the olden days, news was sent out over UUCP and long-distance
dialup lines. A few people managed to sneak the horrendous phone
bills past their management, and they held a lot of power over which
newsgroups could be carried where. Those people called themselves
"the backbone cabal".
Things have changed. Nowadays, internet sites have plenty of
bandwidth, and it's generally disk space that's the limiting factor,
and the patience of news administrators to deal with odd newsgroups
appearing. New groups appearing and disappearing in the mainstream
news hierarchies are fairly well controlled, and newsgroup votes tend
to be accepted by most system managers. Netnews propagation has gotten
to the point that systems running the newest news software, INN, will
have articles sent out to remote sites all over the world within seconds
of them being posted.
There are many systems around the US which now sell a reliable
newsfeed for a few bucks a month. These folks will generally gladly
get you any group you want to read (to the best of their ability)
because, after all, you're paying for it.
NEWSGROUP CREATION
------------------
"If there are enough people who want to talk about
Joey and the Shralpers coming to you from East
Podunk, Ohio, and they vote and it passes, well,
dammit, they get a newsgroup." jamie@digex.com
It takes about two months, playing by the rules, to create a new
newsgroup. Pick a name, write a charter, circulate it for opinions,
and if after a month you don't have a raging flame-war in news.groups
call the vote. A month after you call the vote plow through your mail
box and count the results, if it meets the standards you're in. This
is all explained with a substantially greater amount of wind in a
document reverently called The Guidelines.
In order for your newsgroup to be propagated widely, it must show
promise. The name has to be good and consistent with other newsgroup
names; the charter should provide enough substance that people will
want to talk about those topics; and you have to figure out a way to
make it through a month of sniping by the news.groupies before you
call the question.
Chances are, some one is already talking about some of the stuff
you're interested in in one of the 2000-odd newsgroups and equally
many mailing lists there are out on the net. The purpose of all this
vote-gathering is to get the word out to them that there's some new
niche appearing to discuss things and if they want to get involved
here's the way to do it. If your proposed niche collides with someone
else's happy mail list or if it runs up too close to a hot newsgroup
argument be prepared for an unhappy vote-counting time.
IF YOU ARE UNHAPPY...
---------------------
Take a walk in the park, go rent a good movie, take a nice long bath
by candlelight, or call up a relative you haven't talked to for a long
time. Spend some time away from the net. You deserve it.
--
Edward Vielmetti, vice president for research, MSEN Inc. emv@msen.com
MSEN, Inc. 628 Brooks Ann Arbor MI 48103 +1 313 998 4562
"Gigabits are not needed where rice is lacking!" Bob Sutterfield
------------------------------
End of Computer Underground Digest #4.39
************************************
Computer underground Digest Sun Aug 30, 1992 Volume 4 : Issue 40
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Copy Editor: Etaion Shrdlu, III
Archivist: Brendan Kehoe
Shadow-Archivist: Dan Carosone
CONTENTS, #4.40 (Aug 30, 1992)
File 1--Moderators' Corner (triviata de jour)
File 2--CuD Back issues now available from the mailserv
File 3--Dvorak, Viruses, and Cracking
File 4--Third Annual Xmascon
File 5--INTERNET Information Resources for CMC
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by
anonymous ftp from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au
For bitnet users, back issues may be obtained from the mail server at
mailserv@batpad.lgb.ca.us
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Sun, 30 Aug 92 10:46:31 CDT
From: Moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 1--Moderators' Corner (triviata de jour)
Ah, sordid responses and announcements:
1. DON'T FORGET: If you read CuD as Usenet's alt.society.cu-digest,
YOU MUST change over to comp.society.cu-digest. The alt group will
disappear in two weeks.
2. CuD has been coming out twice a week since the shift to the comp
hierarchy. This is temporary, and we'll resume to the normal weekly
schedule in about 2 weeks.
3. We plan three special issues in the next few weeks. One will be a
retrospective on Cliff Stoll's The Cuckoo's Egg. Two others will be
(1) a summary of the Software Publisher's Association followed by (2)
a set of commentaries on the SPA. We are hoping for a third in which
the SPA responds and joins the dialogue.
4. Some Usenet readers had problems reading issue #4.39. We hope we
have the kinks worked out, but if you continue to have problems, let
us know and we'll try to resolve them. The current format of
"Subject:" line, length, and style has been worked out as a compromise
between the variations on different systems. For readers new to CuD,
we remind ya'll that Usenet readership constitutes less than two-thirds
of all readers, and we have to try to accommodate the other third as
well. If you have problems, let us know, but we can't always resolve
them, especially if they create problems for others.
5. For those wanting back issues: Time (and space) don't allow us mail
out back issues in either electronic or hardcopy format. Mike
Batchelor has made back issues available via mailserv (see following
file), and other sources of back issues are listed in introduction to
each issue.
------------------------------
Date: 30 Aug 1992 09:15:07 +0000 (GMT)
From: mike@BATPAD.LGB.CA.US
Subject: File 2--CuD Back issues now available from the mailserv
((MODERATORS' NOTE: Mike Batchelor has set up a mailserve for
back issues of CuD. Bitnet readers without ftp access will find this
especially helpful. Below are the instructions)).
CuD back issues are in aotd/vol?.zoo. An index is also
available, which I'll try to keep updated as new back issues are
added.
You may request them from mailserv@batpad.lgb.ca.us as follows:
In the body of your message, place the command
GET aotd/vol?,zoo UUE <or XXE>
GET aotd/index.zoo UUE <or XXE>
Use the volume number in place of the question mark. Wildcards are
not supported, but you may request more than one file in the same
message, one request per line. Files may be requested either UUencoded
or XXencoded. The default is to UUencode.
The mailserv will soon implement a QUIT command. Until then, just
ignore the spurious "Command not supported" message when it eats
your sig. This is harmless, and does not affect the status of your
request.
You are welcome to request the general INDEX file with the INDEX
command, and retrieve any files that are available from the mailserv.
You may also call The Batchelor Pad PCBoard and download any files on
your first call, no muss, no fuss. The telephone number is
310-494-8084, 8N1, 2400-14,400 bps V.32bis/V.42bis.
Problems and questions about the mailserv itself should be directed to me,
at the address below. Questions about the AOTD list should be directed
to Chris at cappucci@crs.cl.msu.edu.
[] Mike Batchelor -- mike@batpad.lgb.ca.us
[] Long Beach, California
------------------------------
Date: 28 Aug 92 15:52:10 EDT
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 3--Dvorak, Viruses, and Cracking
A Cu-Digest reader recently suggested that John Dvorak's column in the
May 1992 issue of _PC Computing_ was worth a laugh or two. I eagerly
looked it up at the local library...
Well, I can't honestly say that the librarian tossed me out for
excessive giggling, but I did find some of Dvorak's concepts
interesting. For example, it appears Mr. Dvorak believes that
anti-cracking laws are responsible for the current wave of computer
virus attacks...
"...a large group of dedicated hobbyists are writing their
{virus} code out of boredom. I think it all stems from the
new federal law prohibiting computer cracking. Cracking
used to keep these kids busy." (p108)
Hmmmm. And I suppose before kids kept busy with cracking they used to
shop- lift. I guess it wasn't coincidence I lost my copy of _Steal
This Book_ a few weeks before I broke into my first minicomputer. If
only I'd been at the drug store stuffing comic books under my jacket
instead.
Another interesting tidbit found in the same issue is a discussion of
"stealth" viruses. Yes, viruses that you don't know you have and
can't be detected. I can't wait for the first 'anti-stealth' virus
protection software. Reminds me of the old joke about Elephant
Repellent. "But there aren't any elephants in NYC"..."See how well it
works!." In all seriousness, I've heard of 'stealth' viruses, but
Dvorak is really sounding the alarm in this issue, much to the
amusement of Jim Seymour, his debate opponent on the matter.
Finally, Dvorak treats us to some major 'tsk-tsk'ing' (for our foreign
readers: an expression of moral contempt) over VR and sex. He says
the entire concept of using Virtual Reality for sexual gratification
or exploration is simply "un-American" (whatever that means). Oh
Damn, that's exactly what I was going to turn to once the anti-virus
laws kick in. ::sigh::
------------------------------
Date: Tue, 18 Aug 92 21:24 CDT
From: dfx@NUCHAT.SCCSI.COM(dFx International Digest)
Subject: File 4--Third Annual Xmascon
[Pre Announcement - August 17, 1992]
dFx International Digest and cDc - Cult Of The Dead Cow proudly present :
The Third Annual
X M A S C O N
AKA
H 0 H 0 C O N
"Here... why don't you talk to my lawyer"
Who: All Hackers, Journalists, Security Personnel, Federal Agents,
Lawyers, Authors and Other Interested Parties.
Where: Howard Johnson's - Hobby Airport
7777 Airport Boulevard
Houston, Texas 77061
U.S.A.
Tel: (800) 654-2000
Hou: (713) 644-1261
Fax: (713) 644-1117
When: Friday December 18 through Sunday December 20, 1992
Somebody call hotel security, we're at it again! Xmas/HoHoCon '92, three
years and running. HoHoCon '91 turned out to be the largest and most chaotic
gathering of any other computer underground conference ever, yet it was also
the most organized and well planned. Everything from party ball soccer to
interhotel telegrams from Cliff Stoll to elite cYbuR-strippers, and everyone
from Bruce Sterling to Erik Bloodaxe & Doc Holiday of Comsec to K0DE WARRI0R
himself. It was also the first conference to produce .gifs, a definite new
trend. How we got away with it is still a mystery, and how we'll top it,
I just don't know. But you can bet we're gonna try! We're looking to get an
even larger group of people from the computer underground, computer
security, media, and telecommunications world together to discuss a variety
of topics. Still no ego trip either, the event will once again be open to
the public so that anyone may attend, and everyone is encouraged to
participate in the activities.
Hotel Information
~~~~~~~~~~~~~~~~~
This year, we've moved the conference from Intercontinental Airport to Hobby
Airport. This was mainly due to conference room availability and room
pricing. It shouldn't create an inconvenience as most airlines service both
Airports.
The Hobby Airport Howard Johnson's Lodge is located almost directly across
the street from the entrance of the airport (approximately one block west if
facing the airport). The HoHoCon group room rates are $41.00 plus tax (15%)
per night, your choice of either single or double. There are also 2 suites
available, a mini and a large. You can call the hotel for pricing and
availability of the suites. Once again, when you make your reservations
(800-654-2000, which is also reachable from Houston), you will need to tell
them you are with the HoHoCon Conference to receive the reduced room rate,
otherwise you will be shelling out $59.00. There is no charge for children,
regardless of age, when they occupy the same room as their parents.
Specially designed rooms for the handicapped are available. The hotel
provides free on call transportation to and from the airport. The hotel
restaurant, The Mulberry Tree, is open from 6 a.m. to 10 p.m. Meal prices
range between $5 and $10, with breakfast being closer to $5 and dinner
closer to $10. There is also a buffet available for $6.95. The hotel bar,
The Hobby Saloon, is open from 2 p.m. to 2 a.m. and features the general
assortment of table games and bar attractions. There is an outdoor pool and
an exercise room. Car rental agencies are located in the lobbies of both the
hotel and airport. Unlike last year, there will be no need to hack the
television sets as the hotel provides free cable tv, which includes HBO
(don't know about those wonderfully edited R rated hotel pornos yet, kidz).
Check-in and check-out times are both 12:00 noon. Earlier check-in is
allowed if there are rooms available. If you need further information,
contact us or the hotel directly.
If you are only able to get a flight into Intercontinental Airport, there is
a shuttle that will take you to Hobby for $11.50. Departures start at 10
a.m. and continue until 10 p.m., leaving every hour on the hour. For more
information contact the Hobby Airport Limousine Service at (713) 644-8359.
Similar to last year, the hotel is placing the HoHoCon guests (those renting
rooms) in their own building (smart move). Thus, we are encouraging people
to make their reservations as early as possible to ensure themselves a room
in our building. As of this writing, there are 6 rooms reserved and there is
a total of 40 rooms in the building.
Directions
~~~~~~~~~~
If you plan to drive to the conference, plan your route to get you to
Interstate 45. From there, if you are coming from the North (which most of
you will be), take I-45 South to the Broadway exit. Make a right on Broadway
and drive down for about a mile or so until you come to Airport Boulevard
(you will be right in front of the airport at this point). Make a right
on Airport Boulevard and the hotel is one block down on the right.
If you are coming from the South, take I-45 North to Airport Boulevard. Go
left on Airport Boulevard and the hotel will be on the right, one block
past the airport.
Conference Details
~~~~~~~~~~~~~~~~~~
HoHoCon will last 3 days, with the actual conference being held on Saturday,
December 19, starting at 11:00 a.m. or 12:00 noon, depending on the number
of speakers, and continuing until 4:30 p.m. The reason for having to vacate
the conference room so early is because there is a Christmas party following
our conference. Hopefully, the partiers will get so drunk, loud and
obnoxious that the hotel staff won't have the time to pay attention to us.
This is actually a pre 'official announcement', so at this point, we don't
exactly have all of the conference itself planned. We are still in the midst
of arranging times and confirming speakers. We would like to have a number
of people speak on a varied assortment of topics. If you would like to
speak, please contact us as soon as possible and let us know who you are,
who you represent (if anyone), the topic you wish to speak on, a rough
estimate of how long you will need, and whether or not you will be needing
any audio-visual aids. The main announcement will probably be going out in
three weeks, and we will be releasing updates every three to four weeks
after that.
We would like to have people bring interesting items and videos again this
year, so if you have anything you think people would enjoy having the chance
to see, please let us know ahead of time, and tell us if you will need any
help getting it to the conference. If all else fails, just bring it to the
con and give it to us when you arrive. We will also include a list of items
and videos that will be present in a future update.
We received a nice amount of media support last year in the form of
pre-conference announcements and would greatly appreciate the same this
year. Besides our updates, you will most likely be able to get HoHoCon
details from CuD, Informatik, Mondo 2000, and Phrack Magazine. If you are a
journalist and would like to do a story on HoHoCon 92, or know someone who
would, contact us with any questions you may have, or feel free to use and
reprint any information in this file.
If anyone requires any additional information, needs to ask any questions,
wants to RSVP, or would like to be added to the mailing list to receive the
HoHoCon updates, you may write myself (Drunkfux) or any of the other
HoHoCon planning committee members (uh... whoever they may be) at:
dfx@nuchat.sccsi.com
For those without net access, we'll list a few boards to reach us on in the
upcoming announcement, as well as a P.O. Box. Currently, your best bet would
be to try any of the cDc systems. Mainly, Demon Roach Underground -
(806) 794-4362, Login: THRASH, NUP: Jihad (I think).
HoHoCon 92 will be a priceless learning experience for professionals (yeah,
right) and gives journalists a chance to gather information and ideas direct
from the source. It is also one of the very few times when all the members
of the computer underground can come together for a realistic purpose. We
urge people not to miss out on an event of this caliber, which doesn't
happen very often. If you've ever wanted to meet some of the most famous
people from the hacking community, this may be your one and only chance.
Don't wait to read about it in all the magazines, and then wish you had
attended, make your plans to be there now! Be a part of what we hope to be
our largest and greatest conference ever.
Remember, to make your reservations, call (800) 654-2000 and tell them
you're with HoHoCon.
------------------------------
Date: Mon, 10 Aug 92 02:07:38 -0400
From: John Arthur December <decemj@RPI.EDU>
Subject: File 5--INTERNET Information Resources for CMC
Information Sources: the Internet and Computer-Mediated Communication
==================================================================
Compiled by John December (decemj@rpi.edu), Release 1.53, 07 Aug 92
Additions/comments welcome. This document & updates are available via
anonymous ftp. Host: ftp.rpi.edu, file: pub/communications/internet-cmc
========================
PURPOSE: to list pointers to information describing the Internet,
computer networks, and issues related to computer-mediated
communication (CMC). Topics of interest include the technical,
social, cognitive, and psychological aspects of CMC.
AUDIENCE: this file is useful for those getting started in understanding
the Internet and CMC; it compactly summarizes sources of
information for those who are already exploring these issues.
ASSUMPTIONS: to access many information sources listed here you must
have access to and know how to use anonymous ftp, email, or
USENET newsgroups. Some files are in TeX or PostScript format.
========================
Contents:
Section -1- THE INTERNET AND SERVICES
Section -2- INFORMATION SERVICES/ELECTRONIC PUBLICATIONS
Section -3- SOCIETIES AND ORGANIZATIONS
Section -4- NEWSGROUPS
Section -5- SELECTED BIBLIOGRAPHY
========================
Section -1- THE INTERNET AND SERVICES
========================================================================
This section lists information about the Internet, services available
on it, and topics related to computer networking.
o INTERNET DESCRIPT,SCRIPT='SPELL'IONS ANONYMOUS FTP HOST FILE OR DIRECTORY/
~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
New User's Questions ftp.nisc.sri.com fyi/fyi4.txt
Hitchhikers Guide ftp.nisc.sri.com rfc/rfc1118.txt
Gold in Networks! ftp.nisc.sri.com rfc/rfc1290.txt
Zen & Art of Internet ftp.cs.widener.edu pub/zen/
Zen ASCII version csn.org pub/net/zen/
Guide Internet/Bitnet hydra.uwo.ca libsoft/guide1.txt
NSF Resource Guide nnsc.nsf.net resource-guide/
NWNet Internet Guide ftphost.nwnet.net nic/nwnet/user-guide/
SURANet Internet Guide ftp.sura.net pub/nic/infoguide.*.txt
NYSERNet Internet Guide nysernet.org pub/guides/Guide.*.text
CERFNet Guide nic.cerf.net cerfnet/cerfnet_guide/
DDN New User Guide nic.ddn.mil netinfo/nug.doc
AARNet Guide aarnet.edu.au pub/resource-guide/
Internet Monthly Report nis.nsf.net internet/newsletters/
Internet Maps ftp.merit.edu maps/
o INFO REPOSITORIES ANONYMOUS FTP HOST FILE OR DIRECTORY/
~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
FYIs ftp.nisc.sri.com fyi/fyi-index.txt
RFCs ftp.nisc.sri.com rfc/rfc-index.txt
Standards nis.nsf.net documents/std/INDEX.std
Network Info Center nic.ddn.mil netinfo/
Network Info ftp.nisc.sri.com netinfo/
Network Info nic.switch.ch /
UUNET archive ftp.uu.net uunet-info/
Telecomm Archives lcs.mit.edu telecom-archives/
Usenet Repository pit-manager.mit.edu pub/usenet/
Library of Congress seq1.loc.gov pub/iug/index
o NETWORKING ANONYMOUS FTP HOST FILE OR DIRECTORY/
~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
Network Reading List ftp.uu.net inet/doc/
Internetworking Guides ra.msstate.edu pub/docs/
GAO Internet Security merit.edu pub/doc/gao_rpt
List of FTP Sites pilot.njin.net pub/ftp-list/
NREN Information nis.nsf.net nren/
NSF Plan/Interim NREN expres.cise.nsf.gov recompete/impl.ascii
Uses of Networking infolib.murdoch.edu.au pub/gde/netser/usenetworks.gde
Intro TCP/IP topaz.rutgers.edu tcp-ip-docs/tcp-ip-intro.doc
o SERVICES ANONYMOUS FTP HOST FILE OR DIRECTORY/
~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
Yanoff Services List csd4.csd.uwm.edu pub/inet.services.txt
MaasInfo Indexes ftp.unt.edu articles/maas/maasinfo.files
Gopher boombox.micro.umn.edu pub/gopher/
Archie archie.mcgill.ca archie/doc/whatis.archie
Alex infolib.murdoch.edu.au pub/soft/alex/alexintro.doc
WAIS sketch/overview hydra.uwo.ca libsoft/wais.txt
WAIS paper julian.uwo.ca doc/wais-paper.text
WAIS information think.com wais/wais-discussion/
Email Services hydra.uwo.ca libsoft/email_services.txt
Public access UNIX gvl.unisys.com pub/nixpub/long
Internet access BBS wuarchive.wustl.edu pub/
WorldWideWeb info.cern.ch pub/www/doc/the_www_book.*
Dialup BBS list wuarchive.wustl.edu mirrors/msdos/bbslists
Network Service Guides ftp.sura.net pub/nic/network.service.guides/
List of Whois Servers sipb.mit.edu pub/whois/whois-servers.list
HYTELNET access.usask.ca pub/hytelnet/pc/
o DIRECTORIES ANONYMOUS FTP HOST FILE OR DIRECTORY/
~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
Internet Resource Dir ftp.virginia.edu public_access/*.txt
Electronic Journals ftp.eff.org pub/journals/
Barron Library Catalogs ftp.unt.edu library/
St. George Lib Catalogs nic.cerf.net cerfnet/cerfnet_info/library_catalog/
Technical Reports daneel.rdt.monash.edu.au pub/techreports
Interest Groups List ftp.nisc.sri.com netinfo/interest-groups
Dartmouth Merged SIGL dartcms1.dartmouth.edu siglists/
Online Library Catalogs hydra.uwo.ca libsoft/guide2.txt
Library Access Script sonoma.edu pub/libs.sh
Electronic Conferences ksuvxa.kent.edu library/acadlist.readme
o EMAIL ANONYMOUS FTP HOST FILE OR DIRECTORY/
~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
Finding Email addresses hydra.uwo.ca libsoft/email_address.txt
College Email addresses pit-manager.mit.edu pub/usenet/soc.college/
Pine email ftp.cac.washington.edu pine/pine.blurb
o COMMUNICATION ANONYMOUS FTP HOST FILE OR DIRECTORY/
~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
Multiple User Dialogue ftp.math.okstate.edu pub/muds/misc/mud-faq/
Internet Relay Chat(IRC) cs.bu.edu irc/support/tutorial.*
o LANGUAGE/CULTURE ANONYMOUS FTP HOST FILE OR DIRECTORY/
~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
Net Etiquette Guide ftp.sura.net pub/nic/netiquette.txt
Computer Jargon pit-manager.mit.edu pub/jargon/jargon*
Smileys nic.funet.fi pub/misc/funnies/smiley.txt
Post-Gutenberg infolib.murdoch.edu.au pub/jnl/harnad.jnl
o POPULAR TOPICS ANONYMOUS FTP HOST FILE OR DIRECTORY/
~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
Current Weathermap GIF vmd.cso.uiuc.edu wx/sa*
Whois Registration nic.ddn.mil netinfo/user-template.txt
========================
Section -2- INFORMATION SERVICES/ELECTRONIC PUBLICATIONS
========================================================================
This section lists sources of information devoted to the study of CMC
and computer network technology. Below the description of the services,
newsletters, and journals are tables describing online access if it is
available. [see also DIRECTORIES/Electronic Journals in Section -1-]
o INFORMATION SERVERS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ALMANAC. A service for multi-media document and information delivery.
It offers many database functions as well.
Comserve. An electronic information service for people interested
in human communication studies.
FTP MAIL get files at anonymous ftp sites via email
HCIBIB. A mail-based retrieval system interface to a database
related to Human-Computer Interaction (HCI).
LISTSERV. A mailing-list server for group communication. LISTSERVE lists
of interest of interest include:
CNI-DIRECTORIES Coalition for Networked Information Directories.
RFCs (Request For Comments). Documents about various issues for
discussion, covering a broad range of networking issues.
o ELECTRONIC JOURNALS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Current Cites. A journal which provides citations and brief annotations
for articles from 30 journals in networks and information and
computer technology.
Electronic Journal of Communication/La Revue Electronique de
Communication (EJC/REC). Covers communication theory, research,
practice, and policy.
EJournal. Concerned with implications of electronic networks and texts.
Netweaver. The Newsletter of the Electronic Networking Association.
NETTRAIN is a discussion list about training/support of others in using
the resources available on Bitnet and Internet.
o NEWSLETTERS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chaos Corner Dr. Chao's random and interesting things about
computers, networks, and other things
ConneXions Newsletter on information on networking
Inquire: ole@csli.stanford.edu
Internet Review. An "irregular and on-line journal of new and
internesting stuff on the net."
Internet World a newsletter from Meckler Associates
Inquire: meckler@tigger.jvnc.net
Linkletter. The Merit Network's newsletter.
Matrix News (paper newsletter, but partially online) Covers crossnetwork
issues. Some back articles, editorials, and indices online.
Inquire: tic@tic.com
NETNEWS newsletter for network resources
The Public-Access Computer Systems Review (PACSR)
o JOURNAL/SERVICE Access with email to Body of letter
~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~ ~~(Name = your full name)~
ALMANAC almanac@oes.orst.edu send guide
Comserve comserve@vm.ecs.rpi.edu Send Comserve Helpfile
Comserve CMC list comserve@vm.ecs.rpi.edu Sub CMC Name
Comserve CMC notes comserve@vm.ecs.rpi.edu Send CMC Notebook
EJC/REC comserve@vm.ecs.rpi.edu Directory EJCREC
EJournal listserv@albany.bitnet Sub EJRNL Name
HCIBIB hcibib@rumpus.colorado.edu query:
Netweaver comserve@vm.ecs.rpi.edu Send Netweave Winter91
RFCs rfc-info@isi.edu help: ways_to_get_rfcs
LISTSERV listserv@uacsc2.albany.edu send listserv memo
CNI-DIRECTORIES listserv@cni.org Subscribe CNI-DIRECTORIES Name
NETTRAIN listserv@ubvm.cc.buffalo.edu Subscribe nettrain Name
FTP MAIL ftpmail@decwrl.dec.com help
PACSR listserv@uhupvm1.uh.edu Subscribe PACS-P Name
o JOURNAL/SERVICE/DOC ANONYMOUS FTP HOST FILE OR DIRECTORY/
~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chaos Corner puffin.cit.cornell.edu cc*.txt
Current Cites a.cni.org current.cites/
Discussion of Comp Conf ftp.nisc.sri.com rfc/rfc1324.txt
Linkletter ftp.merit.edu newsletters/linkletter/
Matrix News (parts) quake.think.com pub/mids/matrix_news/
NETNEWS hydra.uwo.ca libsoft/netnews*.txt
========================
Section -3- SOCIETIES AND ORGANIZATIONS
========================================================================
This section lists societies and organizations which are concerned with
issues of electronic information and communication.
Below the description of each organization is a table describing
online access to more information if it is available.
Computer Professionals for Social Responsibility (CPSR): alliance
of computer professionals who discuss the impact of computer
technology on society. (Contact: cpsr@csli.stanford.edu).
Electronic Frontier Foundation (EFF): public interest organization to
educate public about computer and communication technologies.
The Internet Society (ISOC): supports the development of the
Internet and promotes education and applications.
Electronic Networking Association (ENA): "...to promote electronic
networking in ways that enrich individuals, enhance organizations,
and build global communities." [see Netweaver newsletter in
Section -2-]
o INFO FOR ANONYMOUS FTP HOST FILE OR DIRECTORY/
~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
EFF ftp.eff.org pub/EFF
ISOC nnsc.nsf.net internet-society/
o INFO FOR Access with email to Body of letter
~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~ ~~(Name = your full name)~
CPSR listserv@gwuvm.gwu.edu SUBSCRIBE cpsr Name
========================
Section -4- NEWSGROUPS
========================================================================
Newsgroups are sometimes a rich source of information about the
Internet, networks, and CMC issues. This section lists newsgroups in
which topics related to networks, the Internet, or CMC are discussed.
(FAQ) = periodic posting of Frequently Asked Questions (FAQ) & answers.
o INTEREST AREA NEWSGROUP(S)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Beginners news.announce.newusers
FAQs news.answers
Internet alt.internet.services, alt.best.of.internet
Usenet alt.culture.usenet, alt.uu.future, news.lists
Internet BBS alt.bbs.internet (FAQ)
Email comp.mail.misc (FAQ)
WAIS comp.infosystems.wais
Gopher alt.gopher
Network Info Sources comp.archives, comp.internet.library,
news.lists, comp.protocols.tcp-ip
Newsgroups news.groups, news.announce.newgroups
Information Systems comp.infosystems
ISDN comp.dcom.isdn
Technical Reports comp.doc.techreports
Computer BBS comp.bbs.misc
Telecomm comp.dcom.telecom, clari.nb.telecom
Computer Underground comp.society.cu-digest
MUDS rec.games.mud.announce (FAQ)
IRC alt.irc
PostScript Net Maps news.lists.ps-maps
Hackers alt.hackers
========================
Section -5- SELECTED BIBLIOGRAPHY
========================================================================
This section lists useful information sources.
o ONLINE BIBLIOGRAPHIES ANONYMOUS FTP HOST FILE OR DIRECTORY/
~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computer Communication infolib.murdoch.edu.au pub/bib/parker.bib
Networked Info Bib infolib.murdoch.edu.au pub/bib/stanton.bib
WAIS Bibliography infolib.murdoch.edu.au pub/bib/lincoln.bib
Electronic Serials infolib.murdoch.edu.au pub/bib/bailey.bib
FYI Bibliography ftp.nisc.sri.com fyi/fyi3.txt
o NETWORKS/CMC JOURNAL SPECIAL ISSUES
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scientific American, volume 265, number 3, September 1991. Issue on
computer networks.
Journal of Communication, volume 39, number 3, Summer 1989. Issue on
computer communication affecting social power distribution.
Communication Yearbook, volume 12, 1989, chapter 8, "Issues and Concepts
in Research on Computer-Mediated Communication Systems."
o TECHNICAL JOURNALS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computer Communication Review (ACM SIGCOMM), Communications of the ACM,
IEEE transactions on communication technology, IEEE Spectrum, Electronics
and communication engineering journal, ONLINE, Information Today, LinkUp,
MIS Quarterly, Information World Review Telecommunications,
Telecommunications Products and Technology, Global Networks
o HUMAN COMMUNICATION JOURNALS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Communication Quarterly, Communication Research, Communication Yearbook,
Computers and Human Behavior, Human Communication Research, Journal of
Communication, Technical Communication, World Communication
o BOOKS: a selected listing of particularly useful books.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--BIBLIOGRAPHIES:
Romiszowski, A. J. Computer-mediated communication: a selected
bibliography. Englewood Cliffs, N.J.: Educational Technology
Publications, 1992.
--COMPUTER NETWORKS:
Adams, Rick and Frey, Donnalyn: !%@:: A Directory of Mail Addressing and
Networks, 2nd Ed. Sebastopol, CA: O'Reilly & Associates, 1990.
Kehoe, Brendan P. Zen and the Art of the Internet: A Beginner's Guide.
2nd ed. Englewood Cliffs, NJ: Prentice Hall, 1992.
Kessler, Gary C. ISDN: concepts, facilities, and services. New York:
McGraw-Hill, 1990.
LaQuey, Tracy L., ed. The User's Directory of Computer Networks.
Bedford, MA: Digital Press, 1990.
Motorola Codex. The Basics Book of Information Networking. Reading,
MA: Addison-Wesley, 1992.
Quarterman, John S. The Matrix: Computer Networks and Conferencing
Systems Worldwide. Bedford, MA: Digital Press, 1990.
--COMPUTER-MEDIATED COMMUNICATION:
Chesebro, James W. and Donald G. Bonsall. Computer-mediated
communication: human relationships in a computerized world.
Tuscaloosa: University of Alabama Press, 1989.
Dunlop, Charles and Rob Kling, eds. Computerization and Controversy:
Value Conflicts and Social Choices. Academic Press, 1991.
Hiltz, Starr Roxanne and Murray Turoff. The Networked Nation: Human
Communication via Computer. Reading, MA: Addison-Wesley, 1978.
Sproull, Lee and Sara Kiesler. Connections: New Ways of Working in
the Networked Organization. MIT Press, 1991.
========================
This document is Copyright 1992 by John December (decemj@rpi.edu).
Permission to use, copy, or distribute this document for non-commercial,
educational purposes is hereby granted, provided that this copyright
and permission notice appear in all copies. I make no representations
about the suitability, stability, or accuracy of this document for any
purpose. It is provided "as is" without expressed or implied warranty.
------------------------------
End of Computer Underground Digest #4.40
************************************
Computer underground Digest Wed Sep 2, 1992 Volume 4 : Issue 41
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Copy Editor: Etaion Shrdlu, IV
Archivist: Brendan Kehoe
Shadow-Archivist: Dan Carosone
CONTENTS, #4.41 (Sep 2, 1992)
File 1--MINDVOX System -- Qs and As
File 2--Art of Technology Digest Info
File 3--Re: Internet Guide
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by
anonymous ftp from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au
For bitnet users, back issues may be obtained from the mail server at
mailserv@batpad.lgb.ca.us
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Wed, 2 Sep 92 02:53 EDT
From: digital@PHANTOM.COM(Patrick K. Kroupa)
Subject: File 1--MINDVOX System -- Qs and As
(MODERATORS' NOTE: We've been on a system called MINDVOX for the past
month (cudigest@mindvox.phantom.com), and found it a rather
interesting place to hang out. Although not officially "on-line" and
open to the public, there were still a sufficient number of
interesting posters and posts to keep us going back for more. IRC
access, multiple on-line chats, disk storage space, usenet feeds, and
other amenities, combined with the proposed future attractions once it
goes on line, indicate that MINDVOX may become one of the better
public access systems around. We played "Question and Answer" with Pat
Kroupa, who runs it along with his long-time friend Bruce Fancher)).
++++
CuD: What is your board's philosophy?
Vox: Jeez, you got 100K of space for me to go on? Um, well basically
the MindVox article is pretty much a summary of the causes and
inceptions of what drove a group of us to put this together, you can
pick it up off of various ftp sites under the cud/papers sections, and
it's on MindVox itself as the editorial at the moment. Basically we
are about evolving Cyberspace and online-communications to the next
level beyond what is available, and then repeating that process over
the years. We are about reality, virtual and non-virtual, making
available to people information that depicts the facts behind a lot of
things that the mass media tends to cloud and obscure, the hacker
underground of course, but we also have a strong focus on drugs, their
effects and uses, recreational, medicinal, steroids and the reality
behind how they work and the effects they have on muscle building,
weight-loss or weight gain, etc... The general idea was one of a
nexus point within Cyberspace where people from all over the world
could have access to information and first-hand-knowledge from other
individuals, that was not possible anywhere else. So far we are
succeeding in that effort.
CuD: What do users get?
Vox: Well the services they get access to are all the things they expect
from Unix in a clean easy-to-use interface. This includes the usenet,
IRC, software, as well as the MindVox Forums, Archives from the dawn
of Cyberspace, and all types of games and interactive simulations. We
also have mailboxes for people who might not want to belong to certain
mailing lists or sites, from their normal address, because of
big-brother type of system administrators. Member-selectable crypted
mail is in the pipeline, as well as various features that allow a high
level of privacy.
CuD: How are the conferences?
Vox: The conferences are going really well, considering that ratio of
about 5% of the users typically writing 95% of the messages, we're
closer to 15% or 20%, but then again we're just exiting beta mode, so
we'll see if it tops out at that ratio or gets better. Our primary
topical focus is of course Cyberspace, and we have a series of Forums
devoted to every tangent of that, ranging from technology, networking,
security, hardware and software, to discussions of ethics surrounding
hacking and piracy, the social structure of the underground, with most
of the players in residence, participating and explaining what it was
really like. We also have areas for Virtual Reality, Ontology, Drugs,
Health, Philosophy, Social Issues, the Arts, Business, Entertainment,
basically anything that people would like to take part in, we'll let
'em have, but as stated, our principle focus is Cyberspace and its
history and development.
CuD: Where are we going?
Vox: What we're going to be doing as time passes, is constantly evolving
the state-of-the-art in online systems. What we're really focusing on
is developing software objects that can be pulled apart and updated in
a very efficient and fast manner, since everything that is possible
with the current state of technology, basically moves forward 33%
every two years. Hardware is really cheap these days, but its still
running junk that was written in the early 80's and ported from
mainframes, or some MSDOS-based nightmare that is so ridiculous in
this day of workstations, that its not even funny. Most online
services are just user-hostile. Right now our VOICES software is
getting to a state that we're almost satisfied with, prior to getting
front-ends for the PC/Mac and Amiga going over the winter. Since
everything is always late, we probably won't have functional
front-ends until early spring, but hey, they tell me "winter" right
now, I just don't believe 'em, since they're always 4-8 weeks wrong.
CuD: Who is there?
Vox: Pretty much a cross-section of everybody in Cyberspace, with the
main focus being on people who are a lot closer to whatever you want
to term as being "the edge" which tends to define and re-define the
boundaries of the playing field we're in. We have a lot of
creative/artistic people, Mondo is online, Bruce Sterling,
cyberpunk/science fiction writers, movie people, a lot of journalists
and reporters are on to see what's going on or to communicate with
each other, we pretty much have EVERYBODY who had a hand in shaping
the computer underground during the 80's online, most of the ex-Legion
of Doom, Knights of Shadow, just people from way-back-when who are
living different lives right now; a lot of the EFF is around,
government people, a lotta security people from various places are
checking things out. Elvis was around for a while, but mostly we're
still negotiating to get Bill the Cat. Oh and hey, you're there too!
CuD: What's IRC (Inter-Relay Chat) like?
Vox: IRC is interesting, if the net is working anarchy, IRC is
dysfunctional anarchy. It's also probably one of the first genuine
steps into what will become Cyberspace. It's real-time interaction,
where I mean you're just typing to one another, but there are
hundreds, sometimes thousands of people there from all over the world.
And then when you stop and think that people meet, fall in love, even
get married through this -- it really is a new medium for
communications between people. On the other hand there are
individuals who tend to live their entire lives through it, but...
it's a really fascinating experience, what it means to you will vary
greatly upon your personal needs of course, to one person its crap, to
another an interesting diversion, and to a third, a reasonable
alternative to perpetual loneliness or suicide.
CuD: How do we access it?
Vox: You can telnet to phantom.com, the IP address for that is:
38.145.218.228 or
you can connect locally by dialing 212-988-5030.
CuD: How much does it cost to get access?
Vox: Pricing is broken down into a couple of categories to suit people's
needs. What we've found during our beta testing stage is that a lot
of clients are telnetting into Vox because they want to read the
forums, download from the Archives and hang out with us; they don't
really care about reading news or hanging out in IRC or whatever,
since they can do all that from accounts they have right now.
Conversely there are local people who are just amazed that they can
FTP software, and wanna read the newsgroups and use mail, and
basically don't have the slightest have the slightest idea who we are,
and even less interest in reading the Forums. In fact the majority of
local people just want Internet services with an easy-to-use front-end
so they don't have to deal with Unix. So we changed Memberships to
reflect what we discovered, and fulfill everyone's desires.
MindVox Membership is $10 a month. Which gives you access to the
MindVox Forums, the local Chat system, the Archives, Games, Mail, and
things that fall into these basic categories.
Internet Memberships are also $10 a month, and that's basically
Usenet, Software, Mail, IRC, and things that fall into the category of
"Public Unix Access."
Or $15 a month gets you all services, period.
Everybody gets two weeks of free time to check it out and decide if
its something they want to be part of, before billing gets activated.
------------------------------
Date: Sun, 30 Aug 92 18:45:13 EDT
From: Chris Cappuccio <cappucci@CRS.CL.MSU.EDU>
Subject: File 2--Art of Technology Digest Info
((MODERATORS' NOTE: The Art of Technology Digest is a new E-'Zine that
we came across, so we posed some questions to the editor, Chris
Cappuccio. From what we've seen of it so far, it's worth checking
out)).
Q: What's ATD About?
A: Things That Happen With Technology, How Technology Is Used,
Wierd Technology Uses, Some Computer Underground News
Q: How Often Does It Come Out?
A: Usually Every 1 1/2 Weeks or Whenever I Can Get It Out There
Q: Where Can I Get It?
A: For Back Issues, Call Live Wire BBS (313) 464-1470, 1200/2400/HST
9600-14400
You Will Get Access On Your First Call And All Files Are Zipped So The LD
Charges Are Low... To Be Put On The Mailing List, Do *Exactly* this:
mail mailserv@batpad.lgb.ca.us
SUBJECT:
SUBSCRIBE aotd
Q: How Can I Contribute?
A: Send Your Contributions And Complaints To: cappucci@crs.cl.msu.edu
Q: What Is The Mailserver at batpad.lgb.ca.us?
A: It's A Different Version Of The Listserv Commonly Found On Bitnet
(Because It's Time Network) And Uses Slightly Different Commands
Q: Why Does batpad.lgb.ca.us Take Hours To Respond?
A: Give UUCP A Break!
------------------------------
Date: Tue, 25 Aug 1992 15:36:10 PDT
From: Brian Erwin <brian@ORA.COM>
Subject: File 3--Re: Internet Guide
((MODERATORS' NOTE: We are not in the habit of providing free
advertising for profit-making enterprises, but we feel the following
"Nutshell" and related products by O'Reilly Associates are relevant
resources. Whenever we have technical questions, the people we ask
often refer us to a volume from the Nutshell series as a pointer for
further information. We asked Brian Erwin of O'Reilly Associates to
summarize a list of "how-to" books that might be relevant for CuD
readers, and he came up with the following).
***New Nutshell Handbooks***
Power Programming with RPC (New 2/92)
Guide to Writing DCE Applications (New 6/92)
UNIX in a Nutshell: A Desktop Quick Reference for System V and Solaris 2.0
(New 6/92)
UNIX & C Programming
____________________
Checking C Programs with lint
Guide to OSF/1: A Technical Synopsis
lex & yacc
Managing Projects with make, 2nd Edition
POSIX Programmer's Guide
Power Programming with RPC
Practical C Programming
Programming Perl
Programming with curses
sed & awk
Understanding and Using COFF
UNIX for FORTRAN Programmers
Using C on the UNIX System
UNIX Communications
___________________
The Directory of Electronic Mail Addressing & Networks
Managing UUCP and Usenet
MH & xmh: E-mail for Users & Programmers
Using UUCP and Usenet
The Z-Mail Handbook
UNIX System Administration
__________________________
Essential System Administration
Managing NFS and NIS
Practical UNIX Security
System Performance Tuning
termcap & terminfo
Computer Security
_________________
Computer Security Basics
Practical UNIX Security
UNIX Text Processing
____________________
Learning GNU Emacs
Learning the vi Editor
Typesetting Tables on the UNIX System
UNIX Basics
___________
DOS meets UNIX
Learning the UNIX Operating System
UNIX in a Nutshell for Berkeley
UNIX in a Nutshell: A Desktop Quick Reference for System V and Solaris 2.0
DCE
___
Guide to Writing DCE Applications
***The Pick Series***
Pick MASTER DICTIONARY: A Reference Guide to User Accounts
Pick ACCESS: A Guide to the SMA/RETRIEVAL Language
Pick BASIC: A Reference Guide
A Guide to the Pick System
==========
The X Window System Series
Definitive Guides to the X Window System
Volume 0, X Protocol Reference Manual, for X11 Release 4 and Release 5
Edited and with an introduction by Adrian Nye
516 pages, ISBN 1-56592-008-2, $34.95
3rd Edition, Release 5, February 1992
Describes the X Network Protocol which underlies all software for Version 11
of the X Window System. Includes protocol clarifications of X11 Release 5, as
well as the most recent version of the ICCCM and the Logical Font Conventions
Manual. For use with any release of X.
Volume 1, Xlib Programming Manual, Release 4
By Adrian Nye
672 pages, ISBN 0-937175-11-0, $34.95
2nd Edition, Release 4, April 1990
Complete programming guide to the X library (Xlib), the lowest level of
programming interface to X. Updated to cover X11 Release 4.
Volume 2, Xlib Reference Manual, for X11 Release 4 and Release 5
By Adrian Nye
1138 pages, ISBN 1-56592-006-6, $34.95 (estimated)
3rd Edition, Release 5, June 1992
Complete reference guide to the X library (Xlib), the lowest level of
programming interface to X. Updated to cover X11 Release 4 and Release 5.
Volume 3, X Window System User's Guide, Release 4
By Valerie Quercia & Tim O'Reilly
Standard Edition, 752 pages, ISBN 0-937175-14-5, $34.95
Motif Edition, 734 pages, ISBN 0-937175-61-7, $34.95
Standard Edition, Release 4, May 1990. Motif Edition January 1991.
Orients the new user to window system concepts and provides detailed tutorials
for many client programs, including the xterm terminal emulator and window
managers. Later chapters explain how to customize the X environment. This
popular manual is available in two editions, one for users of the MIT software,
one for users of Motif. Revised for X11 Release 4.
Volume 4, X Toolkit Intrinsics Programming Manual, Release 4
By Adrian Nye & Tim O'Reilly
Standard Edition, 624 pages, 0-937175-56-0, $34.95
Motif Edition, 666 pages, 0-937175-62-5, $34.95
2nd Edition, Release 4, September 1990. Motif Edition January 1991.
A complete guide to programming with Xt Intrinsics, the library of C language
routines that facilitate the design of user interfaces, with reusable
components called widgets. Available in two editions. The Standard Edition
uses Athena widgets in examples; the Motif Edition uses Motif widget examples.
Volume 5, X Toolkit Intrinsics Reference Manual, for X11 Release 4 and Release 5
Edited by David Flanagan
916 pages, ISBN 1-56592-007-4, $34.95
3rd Edition, Release 5, April 1992
Complete programmer's reference for the X Toolkit, providing pages for each
of the Xt functions, as well as the widget classes defined by Xt and the
Athena widgets. This 3rd Edition has been re-edited, reorganized, and expanded
for X11 Release 5.
Volume 6, Motif Programming Manual
By Dan Heller
1032 pages, ISBN: 0-937175-70-6, $39.95
1st Edition September 1991
The Motif Programming Manual is a source for complete, accurate, and
insightful guidance on Motif application programming. There is no other
book that covers the ground as thoroughly or as well as this one.
Motif Release 1.1.
Volume 7, XView Programming Manual, 3rd Edition
By Dan Heller, edited by Thomas Van Raalte
766 pages, ISBN 0-937175-87-0, $34.95
3rd Edition September 1991
XView Reference Manual
Edited by Thomas Van Raalte
266 pages, ISBN 0-937175-88-9, $24.95
1st Edition September 1991
Complete programming and reference guides to XView Version 3. XView was
developed by Sun Microsystems. It is an easy-to-use object-oriented toolkit
that provides an OPEN LOOK user interface for X applications.
The X Window System in a Nutshell
Edited by Ellie Cutler, Daniel Gilly, & Tim O'Reilly
424 pages, ISBN 1-56592-017-1, $24.95
2nd Edition April 1992
Indispensable companion to the X Window System Series. Experienced X
programmers can use this single-volume desktop companion for most common
questions, keeping the full series of manuals for detailed reference. This
book has been newly updated to cover R5 but is still useful for R4.
Programmer's Supplement for Release 5 of the X Window System, Version 11
David Flanagan
390 pages, ISBN 0-937175-86-2, $29.95
1st Edition November 1991
For programmers who are familiar with Release 4 of the X Window System and
want to know how to use the new features of Release 5. This books is an
update for owners of Volumes 1, 2, 4, and 5 of the X Window System Series,
and provides complete tutorial and reference information to all new Xlib
and Xt toolkit functions.
PHIGS Programming Manual: 3D Programming in X
By Tom Gaskins
968 pages, ISBN 0-937175-85-4, $42.95 softcover
ISBN 0-937175-92-7, $52.95 hardcover
1st Edition February 1992
A complete and authoritative guide to PHIGS and PHIGS PLUS programming,
this book documents the PHIGS and PHIGS PLUS graphics standards
and provides full guidance regarding the use of PHIGS within the X
environment.
==========
The X Resource: A Practical Journal of the X Window System
The X Resource is a quarterly working journal for X programmers. Its goal is
to provide practical, timely information about the programming, administration,
and use of the X Window System. Issues include:
-Over-the-shoulder advice from programmers who share their experience with you
-Suggestions from the people who wrote your software tools
-Insight on making better use of public domain tools for software development
-In-depth tutorial and reference documentation
-Annual Proceedings of the X Technical Conference held at MIT (O'Reilly &
Associates is the official publisher of the Proceedings, which form the
January issue.)
Regular issues of the journal (Spring, Summer, and Fall) include three
sections: papers, departments, and documentation. The Winter issue is the
Annual Proceedings of the X Consortium's X Technical Conference at MIT.
(The conference proceedings are published exclusively in The X Resource.) All
four issues are approximately 220 pages in length, with no advertising. The
journal is practical rather than academic: its primary aim is to help
programmers learn and program better.
Subscribers to The X Resource have the option of subscribing to the journal
plus supplements. For programmers who want to review proposed X Consortium
standards and participate in setting those standards, supplements to The X
Resource will include:
-Public Review Specifications for proposed X Consortium standards
-Introductory explanations of the issues involved
We're selling individual copies of The X Resource like books; you can buy
copies through O'Reilly & Associates or at bookstores. You can also subscribe
to The X Resource through O'Reilly & Associates. For information about
subscriptions contact Cathy Record at:
The X Resource
O'Reilly & Associates, Inc.
103A Morris St.
Sebastopol, CA 95472
USA/Canada: (800) 998-9938
Overseas or Local: 707-829-0515
Fax: 707-829-0104
The X Resource Issue 0, October 1991
Adrian Nye, Editor
253 pages, ISBN 0-937175-79-X, $22.50
Articles for Issue 0 include: default colormap manipulation,
prescient agents, engineering insights from an interactive imaging
application, C++ with Motif, xterm tips and tricks, Xcms, UIMS systems,
internationalization, editres and more.
The X Resource Issue 1, January 1992
Adrian Nye, Editor
240 pages, ISBN 0-937175-96-X, $22.50
Issue 1, January 1992, is the Annual Proceedings of the X Technical
Conference at MIT.
The X Resource Issue 2, April 1992
Adrian Nye, Editor
190 pages, ISBN 0-937175-97-8, $22.50
Articles for Issue 2 include: object-oriented implementation of
a drag-and-drop protocol, basic extension writing, imake, porting from motif
to Open Look, documentation on the Widget Creation Language.
The X Resource Issue 3, July 1992
Adrian Nye, Editor
220 pages, ISBN:0-937175-98-6, $22.50
The X Resource includes in-depth articles and documentation not available
elsewhere. Articles for Issue 3 include: multi-user application software
using Xt, using the new font capabilities of HP-donated font server
enhancements, improving X application performance, the nonrectangular window
shape extension, GUI Testing, Server instrumentation and tracing, Font Server
Administration, RichText widget, and more.
==========
Nutshell Handbooks
Concise, hands-on guides to selected UNIX topics
Using C on the UNIX System
By Dave Curry
250 pages, ISBN 0-937175-23-4, $24.95
1st Edition January 1989
This is the book for intermediate to experienced C programmers who want
to become UNIX system programmers. It explains system calls and special
library routines available on the UNIX system.
Understanding and Using COFF
By Gintaras R. Gircys
196 pages, ISBN 0-937175-31-5, $21.95
1st Edition November 1988
COFF--Common Object File Format--is the formal definition for the structure
of machine code files in the UNIX System V environment. All machine-code
files are COFF files. This handbook explains COFF data structure and its
manipulation.
Computer Security Basics
By Deborah Russell & G.T. Gangemi Sr.
464 pages, ISBN 0-937175-71-4, $29.95.
1st Edition July 1991
Provides a readable introduction to computer security concepts:
passwords, access controls, cryptography, network security,
biometrics, TEMPEST, and more. Describes government and industry
standards for security, including the "Orange Book" standard for
secure systems. Includes an extensive glossary of computer
security terms and sources for more information.
Programming with curses
By John Strang
76 pages, ISBN 0-937175-02-1, $12.95
1st Edition 1986
Curses is a UNIX library of functions for controlling a terminal's
display screen from a C program. This handbook helps you make use of
the curses library.
Guide to Writing DCE Applications
By John Shirley
282 pages, ISBN 1-56592-004-X, $29.95
A hands-on programming guide to OSF's Distributed Computing Environment
(DCE) for first-time DCE application programmers. This book is designed
to help new DCE users make the transition from conventional, nondistributed
applications programming to distributed DCE programming. Covers RPC, name
service, security services, threads, and other major aspects of DCE, and also
includes practical programming examples.
DOS meets UNIX
By Dale Dougherty & Tim O'Reilly
148 pages, ISBN 0-937175-21-8, $15.00
1st Edition April 1988
Describes the solutions available for integrating DOS and UNIX. It
also briefly introduces UNIX for DOS users.
Learning GNU Emacs
By Deb Cameron & Bill Rosenblatt
442 pages, ISBN 0-937175-84-6, $27.95
1st Edition October 1991
This book is an introduction to the GNU Emacs editor, one of the most
widely used and powerful editors available under UNIX. It provides a
solid introduction to basic editing, a look at several important
"editing modes" (special Emacs features for editing specific types of
documents), and a brief introduction to customization and Emacs LISP
programming. The book is aimed at new Emacs users, whether or not
they are programmers.
!%@:: A Directory of Electronic Mail Addressing & Networks
By Donnalyn Frey & Rick Adams
438 pages, ISBN 0-937175-15-3, $27.95
2nd Edition May 1990
Answers the problem of addressing mail to people you've never met, on
networks you've never heard of. Includes a general introduction to
e-mail, followed by detailed reference sections for over 130 networks.
Essential System Administration
By AEleen Frisch
466 pages, ISBN 0-937175-80-3, $29.95
1st Edition October 1991
Provides a compact, manageable introduction to the tasks faced by everyone
responsible for a UNIX system. This guide is for those who use a stand-alone
UNIX system, those who routinely provide administrative support for a larger
shared system, or those who want an understanding of basic administrative
functions. Covers all major versions of UNIX.
UNIX for FORTRAN Programmers
By Mike Loukides
264 pages, ISBN 0-937175-51-X, $24.95
1st Edition August 1990
This handbook minimizes the UNIX entry barrier by providing the serious
scientific programmer with an introduction to the UNIX operating system and
its tools. Assumes some knowledge of FORTRAN, but none of UNIX nor C.
Learning the UNIX Operating System
By Grace Todino & John Strang
84 pages, ISBN 0-937175-16-1, $9.00
2nd Edition 1987
If you are new to UNIX, this concise introduction will tell you just
what you need to get started and no more. Why wade through a 600-page
book when you can begin working productively in a matter of minutes?
lex & yacc
By Tony Mason & Doug Brown
238 pages, ISBN 0-937175-49-8, $24.95
1st Edition May 1990
Shows programmers how to use two UNIX utilities, lex and yacc,
to solve problems in program development. Includes explanations
of the concepts and tutorial examples, as well as detailed technical
information for advanced users.
Checking C Programs with lint
By Ian F. Darwin
84 pages, ISBN 0-937175-30-7, $12.95
1st Edition October 1988
The lint program is one of the best tools for finding portability
problems and certain types of coding errors in C programs. This
handbook introduces you to lint, guides you through running it on your
programs, and helps you interpret lint's output.
Managing Projects with make
By Steve Talbott and Andrew Oram
152 pages, ISBN 0-937175-90-0, $17.95
2nd Edition October 1991
Make is one of UNIX's greatest contributions to software development,
and this book is the clearest description of make ever written. This
revised second edition includes guidelines on meeting the needs of
large projects.
Managing UUCP and Usenet
By Tim O'Reilly & Grace Todino
368 pages, ISBN 0-937175-93-5, $27.95
10th Edition January 1992
For all its widespread use, UUCP is one of the most difficult UNIX
utilities to master. This book is for system administrators who want to
install and manage UUCP and Usenet software. "Don't even TRY to install UUCP
without it!" --Usenet message 456@nitrex.UUCP
MH & xmh: E-mail for Users & Programmers
By Jerry Peek
598 pages, ISBN 0-937175-63-3, $29.95
1st Edition January 1991
Customizing your e-mail environment to save time and make communicating
more enjoyable. MH & xmh: E-Mail for Users & Programmers explains how to
use, customize, and program with the MH electronic mail commands, available
on virtually any UNIX system. The handbook also covers xmh, an X Window
System client that runs MH programs.
Managing NFS and NIS
By Hal Stern
436 pages, ISBN 0-937175-75-7, $27.95
1st Edition June 1991
Managing NFS and NIS is for system administrators who need to set up or manage
a network filesystem installation. NFS (Network Filesystem) is probably
running at any site that has two or more UNIX systems. NIS (Network
Information System) is a distributed database used to manage a network of
computers. The only practical book devoted entirely to these subjects, this
guide is a "must-have" for anyone interested in UNIX networking.
Guide to OSF/1: A Technical Synopsis
The staff of O'Reilly & Associates
304 pages, ISBN 0-937175-78-1, $21.95
1st Edition June 1991
This technically competent introduction to OSF/1 is based on OSF technical
seminars. In addition to its description of OSF/1, it includes the differences
between OSF/1 and System V Release 4 and a look ahead at DCE.
Programming Perl
By Larry Wall & Randal Schwartz
482 pages, ISBN 0-937175-64-1, $29.95
1st Edition January 1991
Authoritative guide to the hottest new UNIX utility in years,
co-authored by the creator of that utility. Perl is a language for
easily manipulating text, files, and processes.
POSIX Programmer's Guide
By Donald Lewine
640 pages, ISBN 0-937175-73-0, $34.95
1st Edition April 1991
Most UNIX systems today are POSIX-compliant because the Federal government
requires it for their purchases. However, given the manufacturer's
documentation, it can be difficult to distinguish system-specific features
from those features defined by POSIX. The POSIX Programmer's Guide, intended
as an explanation of the POSIX standard and as a reference for the POSIX.1
programming library, will help you write more portable programs.
Practical C Programming
By Steve Oualline
420 pages, ISBN 0-937175-65-X, $24.95
1st Edition July 1991
C programming is more than just getting the syntax right. Style and debugging
also play a tremendous part in creating programs that run well. Practical C
Programming teaches you not only the mechanics of programming, but also
describes how to create programs that are easy to read, maintain and
debug. There are lots of introductory C books, but this is the Nutshell
Handbook!
Practical UNIX Security
By Simson Garfinkel & Gene Spafford
512 pages, ISBN 0-937175-72-2, $29.95
1st Edition June 1991
Tells system administrators how to make their UNIX systems--either System V
or BSD--as secure as they possibly can be without going to trusted system
technology. The book describes UNIX concepts and how they enforce security,
tells how to defend against and handle security breaches, and explains network
security (including UUCP, NFS, Kerberos, and firewall machines) in detail.
UNIX in a Nutshell for Berkeley
272 pages, ISBN 0-937175-20-X, $19.50
1st Edition December 1986
This UNIX quick-reference goes beyond the list of frequently used
commands and options found in most quick refs. "I highly recommend the
UNIX in a Nutshell handbooks as desktop references. [They] are
complete and concise; they pack more information into fewer pages than
I've ever seen." --DEC Professional, Sept. 1987
UNIX in a Nutshell: A Desktop Quick Reference for System V and Solaris 2.0
444 pages, ISBN 1-56592-001-5, $9.95
By Daniel Gilly and the staff of O'Reilly & Associates
2nd Edition June 1992
You may have seen UNIX quick reference guides, but you've never seen
anything like UNIX in a Nutshell. Not a scaled-down quick-reference of
common commands, UNIX in a Nutshell is a complete reference containing
all commands and options plus generous descriptions and examples that
put the commands in context. For all but the thorniest UNIX problems,
this one reference should be all the documentation you need.
Covers System V Releases 3 and 4 and Solaris 2.0.
Power Programming with RPC
By John Bloomer
494 pages, ISBN 0-937175-77-3, $29.95
1st Edition February 1992
RPC, or remote procedure calling, is the ability to distribute
the execution of functions on remote computers. Written from a
programmer's perspective, this book shows what you can do with
RPC and presents a framework for learning it.
sed & awk
By Dale Dougherty
414 pages, ISBN 0-937175-59-5, $27.95
1st Edition November 1990
For people who create and modify text files, sed and awk are power
tools for editing. Most of the things that you can do with these
programs can be done interactively with a text editor. However, using
sed and awk can save many hours of repetitive work in achieving the
same result.
System Performance Tuning
By Mike Loukides
336 pages, ISBN 0-937175-60-9, $24.95
1st Edition November 1990
System Performance Tuning answers the fundamental question: How can I
get my computer to do more work without buying more hardware? Some
performance problems do require you to buy a bigger or faster computer,
but many can be solved simply by making better use of the resources you
already have.
Typesetting Tables on the UNIX System
By Henry McGilton & Mary McNabb
280 pages, ISBN 0-9626289-0-5, $24.95
For those UNIX users who depend on troff, the definitive guide to tbl.
If you're a novice UNIX user, this book is the best way to learn tbl.
If you're an expert, the book will pay for itself the first time you want
to show off.
termcap & terminfo
By John Strang, Linda Mui, & Tim O'Reilly
270 pages, ISBN 0-937175-22-6, $21.95
3rd Edition April 1988
For UNIX system administrators and programmers. This handbook provides
information on writing and debugging terminal descriptions, as well as
terminal initialization, for the two UNIX terminal databases.
Using UUCP and Usenet
By Grace Todino & Dale Dougherty
210 pages, ISBN 0-937175-10-2, $21.95
1st Edition February 1986
Shows users how to communicate with both UNIX and non-UNIX systems
using UUCP and cu or tip, and how to read news and post articles.
This handbook assumes that UUCP is already running at your site.
Learning the vi Editor
By Linda Lamb
192 pages, ISBN 0-937175-67-6, $21.95
5th Edition October 1990
Complete guide to text editing with vi, the editor available on nearly
every UNIX system. Early chapters cover the basics; later chapters explain
more advanced editing tools, such as ex commands and global search and
replacement.
The Z-Mail Handbook: 3 Interfaces for E-mail
By Hanna Nelson
462 pages, ISBN 0-937175-76-5, $29.95
1st Edition October 1991
Z-Mail is a superset of the widely-used public-domain program, Mush.
Z-Mail runs on UNIX terminals or on graphic workstations running the
X Window System, and even supports multimedia attachments (so you can
mail anything that you can store on disk). This is the complete guide
to this powerful mail program. Also covers Mush.
==========
The Pick Series
If you've ever wanted more out of Pick documentation--understanding a
passage at first reading; speedily looking up an option; finding
complete coverage of a topic; having a guide you can give to a first-
time user--the Pick Series is for you. It's complete, accessible,
authoritative, and it even looks good.
The Pick Series is a complete Pick documentation set, based on a
mainstream implementation of the Pick operating system (R83) with notes
on SMA standards and other implementations.
Pick ACCESS: A Guide to the SMA/RETRIEVAL Language
By Walter Gallant
368 pages, ISBN 0-937175-41-2, $29.95
1st Edition November 1989
Pick ACCESS introduces ACCESS concepts, documents all commands, features,
and functions, and includes a thorough description of correlatives and
conversions.
Pick BASIC: A Reference Guide
By Linda Mui
338 pages, ISBN 0-937175-42-0, $39.95
1st Edition March 1990
Pick BASIC is complete documentation for applications programmers. The large
reference section covers all Pick BASIC functions and statements.
Pick MASTER DICTIONARY: A Reference Guide to User Accounts
By Walter Gallant
576 pages, ISBN 0-937175-44-7, $39.95
1st Edition March 1990
A complete command reference guide for all TCL and Editor commands available
in user accounts. Pick MASTER DICTIONARY includes more information than any
other reference volume currently available. Commands and options for major
Pick implementations such as ADDS Mentor, Ultimate, General Automation, PICK
Systems R83, and REALITY are included.
A Guide to the Pick System
By Dale Dougherty
330 pages, ISBN 0-937175-43-9, $34.95
1st Edition January 1990
This book is designed for the applications programmer or other experienced
user who wants to know how Pick structures database files and how to set up
databases.
===============
US and Canada: To order these books contact O'Reilly & Associates at
103 Morris Street, Suite A, Sebastopol, CA, 95472 or call 1-800-998-9938.
To send a FAX: +1 707-829-0104.
Email questions to nuts@ora.com or uunet!ora!nuts.
--
Brian Erwin, brian@ora.com
Public Relations, O'Reilly & Associates
103A Morris Street, Sebastopol CA 95472
707-829-0515, Fax 707-829-0104
------------------------------
End of Computer Underground Digest #4.41
************************************
Computer underground Digest Mon Sep 7, 1992 Volume 4 : Issue 42
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Copy Editor: Etaion Shrdlu, Jrr.
Archivist: Brendan Kehoe
Shadow-Archivist: Dan Carosone
CONTENTS, #4.42 (Sep 7, 1992)
File 1--Moderators' Corner - COMP hierarchy and future issues
File 2--Problem with refused back issue requests is resolved
File 3--Call for Papers
File 4--Updates to CPSR Listserv File Archive
File 5--TAP and Bringing Gov't into the Electronic Age
File 6--Reflections on INFOWEEK's CU-related stories
File 7--Software Piracy--The Social Context
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by
anonymous ftp from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au
For bitnet users, back issues may be obtained from the mail server at
mailserv@batpad.lgb.ca.us
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: 06 Sep 92 19:01:27 CDT
From: Moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 1--Moderators' Corner - COMP hierarchy and future issues
We're back to a once-a-week schedule (we hope), although Labor Day
disrupted the normal Sunday posting. The next three issues will be
thematic: #4.43 will be a collection of retrospective reviews on Cliff
Stoll's The Cuckoo's Egg; #4.44 will be a fairly neutral summary and
description of the Software Publisher Association's policies, goals,
and activities; and #4.45 will be a critique/response to some of these
policies. We will invite the SPA to respond in #4.46.
We also remind users that alt.society.cu-digest will be gone soon,
replaced by comp.society.cu-digest. If you sub through the alt group,
be sure to join the comp version instead. If you're a sysad, be sure
you facilitate the change ASAP, because we have received a number of
queries asking why the comp version is not yet available on some
systems. If your system is one on which it's not available in the
comp group, ask your sysad, not us. We just work here.
------------------------------
Date: 06 Sep 1992 21:44:51 +0000 (GMT)
From: mike@BATPAD.LGB.CA.US
Subject: File 2--Problem with refused back issue requests is resolved
When I set up the mailserv the handle the AOT-D list and the archive
of back issues, I neglected to add the AOTD directory to the valid
paths file that the mailserv checks before sending a file. This is
why you have been getting refused messages when requesting a back
issue.
This is fixed now. I just tested it, and a request for vol1.zoo was
correctly queued to send.
Sorry for the confusion.
------------------------------
Date: Thu, 3 Sep 92 21:36:03 EDT
From: "Jay A. Wood" <jwood@ANDROMEDA.RUTGERS.EDU>
Subject: File 3--Call for Papers
*AN INVITATION FOR THE SUBMISSION OF ARTICLES TO THE JOURNAL*
The Editorial Board of the Journal invites you to participate in our
continuing exploration of computers, technology, and the law by
submitting your article or commentary for publication.
Appropriate material would include articles, essays, comments, and
other items of interest in the area of technological advancement. The
Journal is published twice annually.
Manuscripts should be double-spaced, including footnotes in accordance
with the format rules set forth in _A Uniform System of Citation_.
All manuscripts submitted for publication are acknowledged and duly
considered for publication. Editors work closely with prospective
authors to ensure timely and accurate publication.
Send your submission to:
Rutgers Computer and Technology Law Journal
Rutgers School of Law
15 Washington Street
Newark, NJ 07102
or call 201/648-5549
or mail jwood@andromeda.rutgers.edu
*RECENT ARTICLES INCLUDE*
- Copyright and trade secret protection for chips, screen
designs, computer manuals, and computer created works.
- The patent, tort, and regulatory implications of recent
biotechnology developments.
- New environmental technologies and waste treatment
techniques.
- Government acquisition of software and copyrights.
- The use of computer, biological, or other high technology
evidence in civil and criminal trials.
- Copyright, free speech, and regulatory issues of new
transmission techniques; satellites, electronic bulletin
boards, and cable television.
- The ethical and malpractice issues arising from
professional reliance on artificial intelligence systems.
- Sales and property taxation problems in the computer
hardware and software industries.
- The use of computerized legal research systems.
- Automated data processing systems in governmental agencies
and courts.
Because the nexus between computers, technology, and the law
is constantly changing, any topic list can give only a
general indication of the scope of this Journal. Thus, this
list highlights - but does not exhaust - topics covered in
recent issues.
*UP-TO-DATE LEGAL GUIDE TO NEW TECHNOLOGIES*
First to enter the field and now in its third decade of publication,
the Journal provides attorneys and scholars with a guide to issues
arising from the interaction of computers, emerging technologies, and
the law. The JournalUs broad national and international circulation
has established its reputation as an effective and respected forum for
technology issues. The Journal has been cited in numerous texts and
articles, both foreign and domestic, and by the United States Supreme
Court.
In addition to provocative articles by leading commentators and
jurists, the Journal publishes timely book reviews by authorities in
the field and includes a comprehensive research source: _The Index and
Annual Selected Bibliography on Computers, Technology, and the Law_.
The Journal is an effective means of staying abreast of the latest
judicial and theoretical developments in the rapidly changing computer
and high technology areas.
------------------------------
Date: Fri, 4 Sep 1992 16:05:05 EDT
From: Paul Hyland <PHYLAND@GWUVM.BITNET>
Subject: File 4--Updates to CPSR Listserv File Archive
To CPSR List subscribers,
Welcome to new subscribers -- in case you haven't noticed, we try to
keep traffic on this list to a minimum, reserving it for important
announcements and information about CPSR and the issues it tries to
address as an organization. We have substantially more information
stored on a Listserv file server. The complete list of files is
stored in the file CPSR ARCHIVE, and periodically updates to the
archive are posted to the list.
To obtain any of the files listed below, or others on the archive,
send commands to listserv@gwuvm.gwu.edu. In a mail message, put one
command per line, starting with the first one. The command:
GET <filename> <filetype>
will retrieve files. For example:
GET CPSR ARCHIVE
GET CPSR BROCHURE
GET NRENPRIV TESTMONY
Any questions, comments, or complaints about the listserv should be
directed to me, phyland@gwuvm.gwu.edu. Any questions about CPSR,
address changes for members, and the like, should be directed to
cpsr@csli.stanford.edu.
Paul Hyland
Owner, CPSR List
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Filename Filetype Lines Description
++++++++ ++++++++ +++++ +++++++++++
CPSR-92 PROGRAM 213 CPSR Annual Meeting Program w/ confirmed speakers
Palo Alto, CA -- October 17-18, 1992
PDC-92 PROGRAM 126 CPSR Participatory Design Conference Program
Cambridge, MA -- November 6-7, 1992
NREN PRIVACY 0 **added as this, then updated and renamed to --
NRENPRIV TESTMONY 396 "Proposed Privacy Guidelines for the NREN"
presented at a hearing of the National
Commission on Libraries and Information
Sciences (NCLIS), July 21, 1992.
CRYPTO LETTER 380 Letter from CPSR to Rep. Jack Brooks, chair of
of House Judiciary Committee, on computer
security and cryptography policy
CPSRBERK 3Q92 573 CPSR/Berkeley Electronic Newsletter
Third Quarter, 1992
CPSR-DC JUNE1992 251 CPSR/DC Electronic Newsletter -- June 1992
HR2772 FACTS 0 **Deleted** (superseded by GATEWAY FACTS)
GATEWAY FACTS 161 Taxpayer Assets Project Fact Sheet on GPO WINDO
and GPO Gateway to Government Bills
GATEWAY STATEMENT 244 Taxpayer Assets Project statement on GPO WINDO/
Gateway submitted for joint hearing 7/23/92
AOT SAMPLE 815 Sample Issue of Art of Technology Digest - #2
August 4, 1992
------------------------------
Date: Wed, 9 Sep 1992 11:59:46 CDT
From: James P Love <LOVE%PUCC@PSUVM.PSU.EDU>
Subject: File 5--TAP and Bringing Gov't into the Electronic Age
Comments on Proposed Revisions of OMB Circular A-130
Taxpayer Assets Project
P.O. Box 19367
Washington, DC 20036
Internet: tap@essential.org
August 27, 1992
1. THE TAXPAYER ASSETS PROJECT
The Taxpayer Assets Project (TAP) was started by Ralph Nader to
monitor the sale and management of government property. Among the
public assets that we have investigated are government information
resources, government-funded software, and government-funded information
systems. We have been particularly interested in issues relating to the
pricing of government information products and services, public access
to taxpayer- funded information and information systems, and the quality
and nature of government information products and services.
TAP has also undertaken a number of case studies of the impact of
federal efforts to privatize the dissemination of government
information.
TAP is also engaged in research on a wide range of other topics,
including, for example, the management of federally owned mineral and
timber resources, licensing of federally funded inventions such as
pharmaceutical drugs, the allocation of rights to use public airwaves,
public infrastructure investments, and many other items.
In *all* of these endeavors, TAP is a consumer of government
information. We need to obtain information from dozens of federal
agencies on many different topics. Consider just two examples:
i. In our study of federal oil and gas resources, we need access
to Department of Interior (DOI) databases on OCS oil and gas
lease auctions, Department of Energy (DOE) databases on oil
output, consumption, and prices, and Federal Reserve databases
on bond yields for federal debt.
ii. In our research on government licensing of pharmaceutical
drugs we need access to databases on FDA approvals of new
drugs, federally funded medical research, patents, and federal
tax expenditures for orphan drugs.
For many projects we need access to information on corporations
that are reported in SEC filings, or agency notices that are published
in the Federal Register. This list could be expanded with countless
other federal information products and services.
TAP uses these information resources to do research and produce
reports and studies. Thus, TAP is both a consumer of government
information resources, and a producer of value added information
products and services.
2. CITIZENS NEED MECHANISMS TO TELL AGENCIES HOW INFORMATION POLICIES
CAN BE IMPROVED
The federal government spends billions of tax dollars every year to
collect and store of information. These expenditures create resources
that often have multiple uses, including uses that are beyond the
agency's mission. But agencies are often indifferent to the public
interest in the information resources that they manage.
Agencies should be required to accept comments from the public on a
wide range of information management issues, including policies on the
collection and the dissemination of information. Citizens should have
mechanisms to regularly inform agencies of changes in policies and
practices that will allow citizens to better utilize federal information
resources.
3. PUBLIC NOTICE SECTIONS IN A-130 SHOULD BE EXPANDED TO ADDRESS A
WIDE RANGE OF PUBLIC INTEREST CONSIDERATIONS
The proposed Circular requires agencies to provide notice and
accept public comments before an agency can create or terminate a major
information program. This is too narrow a scope for public notice and
comment. Citizens should have opportunities to tell agencies when
services are inadequate or poorly designed, and citizens should also
have opportunities to ask agencies to create new information products
and services.
Agencies often commit errors of omission. Failures to provide
public access to taxpayer-funded information systems, or to embrace new
technologies (online systems, CD-ROMs, etc) or standards are common and
important errors of omission. Regular opportunities for public comment
on agency information management policies and practices would provide an
important mechanism to identify such errors.
4. AGENCY PUBLIC NOTICE REQUIREMENTS SHOULD INCORPORATE THE PROPOSALS
IN H.R. 3459, THE IMPROVEMENT OF INFORMATION ACCESS ACT.
H.R. 3459, the Improvement of Information Access Act (IIA Act),
provides a model for public notice and comment on federal information
policy. The proposals in the IIA Act were developed by a large working
group of librarians, researchers, and agency officials. The public
notice sections would provide the following mechanism:
i. Every year all federal agencies would be required to publish a
report which describes:
- plans to introduce or discontinue information products and
services,
- efforts to develop or implement standards for file and record
formats, software query command structures, and other matters
that make information easier to obtain and use,
- the status of agency efforts to create and disseminate
comprehensive indexes or bibliographies of their information
products and services,
- how the public may access the agencies information,
- plans for preserving access to electronic information that is
stored in technologies that may be superseded or obsolete, and
- agency plans to keep the public aware of its information
resources, services, and products.
i. Agencies would be required to solicit public comments on this plan,
including comments on the types of information collected and
disseminated, the agency's methods of storing information, their
outlets for disseminating information, the prices they charge for
information, and the "validity, reliability, timeliness, and
usefulness to the public of the information." The agency would be
required to summarize the comments it received and report each year
what it had done to respond to the comments received in the
previous year.
The issues addressed in H.R. 3459 are the types of things that are
needed to make agencies more responsive to citizens who use federal
information resources. In comparison, the public notice and comment
provisions of the current draft of A-130 are limited and static. We
need the flexible and dynamic approach embraced in H.R. 3459, to address
the concerns of data users as technologies change and as the uses of
federal information resources change.
5. THE USE OF STANDARDS MAKES GOVERNMENT INFORMATION EASIER TO OBTAIN
AND USE
Few citizens are highly trained in using computers. Standards for
file formats, software interfaces, query commands and other items will
make it easier for the public to obtain and use agency information
resources. A-130 should require agencies to use standardized record and
file formats and software interfaces.
Computer technologies are rapidly changing. Because technologies
and standards are constantly evolving, agencies should be required to
accept regular and frequent input from data users.
6. DATA COLLECTION ISSUES ARE IMPORTANT
Citizens need information to understand the world around them.
Agencies should encourage public debates over information collection
issues. For example:
- The SEC should regularly accept public comments on the types
of information that should be reported in corporate disclosure
filings. Investors or citizens who monitor corporate
activities should have opportunities to tell the SEC the types
of the information that should be included on corporate 10k
reports, insider trading reports, stock prospectuses, and
other filings.
- Historically the taxpayers finance about half of all U.S. R&D
expenditures. One measure of the efficacy of those
investments are patents from inventions that were financed by
the taxpayers. The Patent and Trademark Office should collect
information on patent applications that identify the role of
federal funds in the development of the inventions.
- Prescription drugs are one of the fastest growing elements of
the nation's enormous health care bill. The federal government
funds more than $10 billion in medical research, and provides
a wide array of special marketing monopolies and tax
expenditures to the pharmaceutical industry. In order to
evaluate the reasonableness of the prices for prescription
drugs, particularly those developed with federal funds, the
federal government should collect data on the costs of drug
development. The government should also collect information
on drug prices and revenues and the amount of money the
government spends buying government developed but privately
marketed drugs through medicaid and medicare.
- Many economists say the recent boom and bust in commercial
real estate was a major contributor to the collapse of the
savings and loan industry and the weakening of the commercial
banking system, which has contributed to the current
recession. Pensions funds have also lost billions of dollars
in commercial real estate markets. The Bureau of the Census
spends millions of dollars every year on a monthly survey of
building permits. This survey collects information on the
*value* of permits issued. Most real estate researchers want
Census to collect information on the *square feet* of building
permits, since that statistic is a much better predictor of
real estate supply. Better information on the supply of
commercial real estate would help prevent costly investor
mistakes.
These are just a few of the countless data collection issues
that deserve far more debate. Agencies are often out of touch with
citizen concerns about information collection issues, and they need to
be required to accept suggestions on these issues.
7. CONFLICTS OF INTEREST ARE IMPORTANT, AND SHOULD BE ADDRESSED IN
A-130
Many agencies contract out data processing services to firms
that sell agency information to citizens. Conflicts of interest abound.
Frequently the contractor has an interest in restricting public access
to the agency information systems, so the contractor can sell the data
through its own retail outlets. For example:
- Mead Data Central will receive $13.5 million from the SEC to
provide online full text searching of the EDGAR database
system. Mead is also the SEC subcontractor in charge of
providing public access to the EDGAR database. But since Mead
wants to sell SEC information to the public through its own
LEXIS service, it has restricted public access to taxpayer
financed EDGAR system.
- Westlaw has a contract to create a digital version of federal
caselaw for the Justice Department's JURIS online database
system. But Westlaw wants to sell the public those same
records thought its own high priced online service, and it has
obtained a contact that restricted public access to the
Department of Justice's very important JURIS system. In doing
so Westlaw has not only denied the taxpayers access to an
important government database, but it has also prevented rival
database vendors from obtaining the JURIS database in order to
compete with Westlaw and Lexis, the two firms that currently
enjoy a duopoly in the market for online access to federal
legal opinions.
A-130 should address these types of agreements, instructing
agencies to insure that private contractors do not use federal data
processing contracts to obtain unfair advantages over their rivals, or
to deny the public access to information and information systems that
they have already paid for through taxes.
8. HIGH PRICES FOR INFORMATION PRODUCTS AND SERVICES CREATES LARGE
DISPARITIES BETWEEN CITIZENS BASED UPON THEIR ABILITY TO PAY
The Taxpayer Assets Project is a nonprofit organization with a
small budget. We simply cannot afford to buy many of the commercial
services that provide access to government databases. The groups that
are most able to afford these expensive services are those with large
financial interests in narrow aspects of government policy. For
example, most pharmaceutical firms have armies of lawyers, lobbyists and
policy analysts who can afford to monitor every actions of the FDA, PTO,
NIH, Congress and other government agencies, not to mention their
private sector rivals. When access to government information is rationed
according to willingness to pay, we find ourselves at an enormous
disadvantage. Not only do the pharmaceutical companies have the
resources to finance congressional and presidential campaigns, to dangle
high paying jobs to former government officials, and to vastly outstaff
groups that represent consumers and taxpayers, but they also are the
only ones who can afford to use the databases that are funded by the
taxpayers. This scenario, repeated throughout the government, is among
the reasons that special interest groups can manipulate and control the
government, at the expense of the broader public interest.
A-130 should instruct agencies to consider the impact of
information management policies on the prices that consumers will pay
for access to taxpayer funded information resources. For example, if an
agency can produce CD-ROM products for $35 or less, why should citizens
be required to pay $500 to $10,000 to buy the information from
commercial vendors? Likewise, if it costs between $15 and $35 an hour
to provide online access to the PTO's APS, why should citizens be forced
to pay $340 per hour to receive the same information through Lexis?
Agencies should avoid policies that deliberately restrict public
access to taxpayer funded information systems in order to bolster the
business interests of commercial vendors, since this leads to even
greater concentrations of political power. Low cost access to
government information is needed to strengthen citizen involvement in
government policy making.
9. OMB'S PROPOSED LIMITS ON PRICES FOR INFORMATION PRODUCTS AND
SERVICES ARE NEEDED
Among the best features of the proposed A-130 revision are the
provisions that would limit agency prices for information products and
services to the costs of dissemination. This is sorely needed.
10. AGENCIES ARE USING NTIS TO RAISE PRICES FOR INFORMATION PRODUCTS
AND SERVICES FAR ABOVE DISSEMINATION COSTS
Many agencies now have contracts that give NTIS exclusive rights to
sell information at prices that far exceed dissemination costs. For
example, the Federal Reserve sells its "bank call" reports on magnetic
tape for $560 per quarter. Information from the Home Mortgage Disclosure
Act (HMDA) is also very expensive. OMB should clarify an agency's
responsibility to provide access to information at cost, when NTIS is
simultaneously selling the information at huge markups. This is an
enormous issue, given the large and rapidly growing electronic
collections that NTIS currently manages.
11. THE FEDERAL DEPOSITORY LIBRARY PROGRAM SHOULD NOT BE SUBJECT TO A
TECHNOLOGICAL SUNSET
The federal Depository Library Program (DLP) provides 1,400
libraries with free access to federal information. This program, which
has been around since the middle of the 19th century, is not a welfare
program. It serves scholars, business persons, and many others who need
access to federal information.
We frequently use federal depository libraries. We cannot afford
to buy all the government publications that we use, but even when prices
are not an issue, we rely upon the library staff's expertise and
indexing resources to discover publications that may be useful to us.
The fact that information is disseminated in electronic formats should
not eliminate an agency's responsibility to this important program.
12. ACCEPTING PUBLIC COMMENTS VIA ELECTRONIC MAIL
OMB deserves a pat on the back for its efforts in using electronic
mail networks such as the Internet to disseminate information about the
proposed changes in the Circular, and to receive comments by electronic
mail. These steps will broaden public awareness of the Circular, and
allow a wider group of citizens to participate in the debate. We urge
OMB to address this issue in the final draft of A-130. That is, OMB
should encourage all federal agencies to use electronic mail networks to
disseminate public notices *and* to accept public comments. It is
particularly appropriate here, when many citizens who are interested in
government information policy have access to such networks. Of course,
these efforts should supplement and not replace other methods of
providing public notice and accepting comments.
+++++++++++++
James Love, Director VOICE: 215-658-0880
Taxpayer Assets Project FAX: call
12 Church Road INTERNET: love@essential.org
Ardmore, PA 19003
------------------------------
Date: 06 Sep 92 16:08:07 EDT
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 6--Reflections on INFOWEEK's CU-related stories
Information Week and "Weak Links"
The August 10, 1992 issue of INFORMATION WEEK (IW) features a story
on "weak links" in data security. IW Editor Jerry Colonna writes
that "We're not talking about hackers breaking into data centers.
Much attention has been paid to the obvious targets, and many data
centers now resemble medieval fortresses."
We will try to ignore the fact that just a few weeks ago IW
criticized the Computer Security Institute for using 'hacker' in
reference to computer intrusion. (see "Pirate is PC?" in CuD 4.35)
Colonna continues..."The problem is the low-tech access to your
network. If the deli down the road has your fax number, chances are
your competitors - or someone they hired - has it, too, and they can
read everything you send or receive. Orders from customers, invoices
from suppliers, Bank statements. Everything." (page 2) Later in
the same editorial he discusses the dangers of forgetting that
cellular phones can be overheard using a radio scanner.
The featured article has some good advice, ranging from buying an
encrypting phone for confidential conversations, to using fake names
when discussing business on an unsecured channel. (Although the
article didn't go so far as suggesting appropriate pseudonyms, I
enjoyed using 'Red Rooster Four' back in the Radio Shack
walkie-talkie days of my childhood. My friend Spencer was Red
Rooster One. There were no 'Two' or 'Three', but we wanted it to
sound like we had a bigger "army" then we actually did. A technique
that might also be handy on your car phone.)
And speaking of good advice, former Sun Devil mastermind Gail
Thackeray is quoted in the article as urging businesses to stop being
'promiscuous' with their fax numbers. Also, she advises, all outgoing
faxes should include a cover sheet saying that the fax is intended
only for the addressee. She reportedly stresses that this is
particularly important if the material in the fax is confidential.
Unfortunately there is no further explanation of just what good
stating this would do. It sounds vaguely like the "no cops allowed"
sign-ons found on some CU bulletin boards, which Thackeray and her
troops have no doubt ignored themselves.
Another interesting, but questionable, tidbit is found on page 30...
"If a corporate spy had to pick one 'darling' of the trade, it
would undoubtedly be the fax machine, says a report from the
American Institute For Business Research in Framingham, Mass.
The report, 'Protecting Corporate America's Secrets In the
Global Economy,' asserts that the fax is one of the easiest
ways for spies to steal corporate information. For one, the
report says, thieves can tap into the victim's fax line and
create a shadow version of every fax the victim sends or
receives."
Now I'm not an electrical engineer, but doesn't this seem about as
easy as getting three modems talking to each other all at once? I'm
not saying that a fax can't be intercepted, through a data trap, but
I don't think tapping a phone line and hanging an extra fax machine
in the circuit is going to get you anywhere. Reminding people that
faxed documents are inherently unsecure is a Good Thing, but this
vague statement might only lead to additional paranoia and
unwarranted concern. Unless, of course, this *is* something that is
easily accomplished. In which case it should have been stated even
more emphatically, and with more authority and credibility.
The four page article ends with an appropriate quote from the
security director at The Bank of Boston : "Technology can be your
best friend. But it can also be your mortal enemy". All in all,
not a bad thing to keep in mind.
CompuServe Magazine and Death in Cyberspace.
--------------------------------------------The September 1992 issue
of CompuServe Magazine features "The Mourning After" by Hank Nuwer.
(pp 32-34) Nuwer is a prolific author, including a recent book about
Fraternity Hazing. (_Broken Pledges: The Deadly Rite of Hazing) In
this article Nuwer discusses the grieving process, as experienced by
online friends, when someone dies.
The article touches upon four types of situations where online
communities are affected by the death of a member, or in some cases
the a death in the family of a community member. In the case of the
latter, online communities can provide a supportive network, removed
from the tragedy itself...
People often feel threatened when required to express
grief, but may be less intimidated expressing these
thoughts online, according to Dr. Dorothy DeMoya, a
consultant in {Compuserve's} Human Sexuality Information
and Advisory Service. 'Among patients who've lost loved
ones, strangers became family and family became strangers,'
she says. 'To be able to establish online relationships
like this is wonderful.'
Another example of how virtual communities are affected by death and
dying is illustrated by the unexpected death of Glenn Hart, sysop of
the Fox Software Forum, and contributing writer to PC Magazine.
After his death in January the forum was flooded with messages as
members expressed their sorrow and memories of him. In this case,
and in many others that Nuwer cites, the messages were captured and
printed by a forum member. They have been given to Hart's widow, who
is saving them for her younger children to read at the appropriate
time.
Finally, the article discusses the role of cyberspace in dealing with
deaths of other than family members. Participants in the RockNet
forum grieved the deaths of Bill Graham and Freddie Mercury, while
the Space and Astronomy Forum dealt with the loss of the six US
Astronauts lost in the 1986 Challenger Space Shuttle accident. Even
members of the Pet Forum have found that online friends can help in
adjusting to the loss of a favorite pet.
Moderators' Note: This is an area that is ripe for additional
research. CuD welcomes additional resources and references in this
area. Readers may also be interested in 'Online Suicide' by Preston
Gralla in the May 1991 issue of PC Computing. (p132+)
"No Piracy Shield"
Information Week reports that a US bankruptcy court in Los Angeles
has ruled a defendant cannot avoid paying damages for software piracy
by failing for bankruptcy. The ruling came down in Novell Inc v.
Medperfect Systems Inc (owned by Ronald S. Frank). The article
states that bankruptcy, in the past, has been used to avoid lawsuits
over copyright infringement and the like. Information Week also
reports that Medperfect admits to using unlicensed NetWare as the
basis for systems sold in dentist offices in Southern California.
Information Week July 13, 1992 p16
Phreak Insurance
Information Week is reporting that Travelers Corporation is going to
offer phone fraud insurance. The policy will be available in $50K
and $1 million dollar amounts to cover remote access fraud, those
calls made by hackers breaking into corporate phone systems and
placing outgoing calls. The policy will reportedly require that
certain minimum safeguards are met, such as making all passwords more
than three digits long. (INFORMATION WEEK, August 31, 1992 p16)
------------------------------
Date: Tue, 1 Sep 1992 10:22:44 -0700
From: James I. Davis <jdav@WELL.SF.CA.US>
Subject: File 7--Software Piracy--The Social Context
((MODERATORS' NOTE: Jim Davis raises a number of interesting issues
regarding piracy and the SPA. CuD 4.44 and 4.45 will be devoted to
some of these issues, and Jim will be invited to elaborate there on
some of the themes he addresses here)).
Anne Branscomb, a strong advocate of property rights in information --
admits that there is nothing "natural" about property rights (see her
essay "Property Rights in Information"). Property rights are social
conventions that are struggled over. And we shouldn't give up that
fight to the SPA.
Re: software "piracy" in schools, perhaps we should see an extension
of "Fair Use Doctrine" to software use in schools. A bit of recent
history -- broadcast TV shows were not intended to be copied and
viewed at leisure at home. But to have stuck to that point, the courts
would have criminalized a substantial number of adults who were
time-shifting with their VCRs to watch soaps or football games or
whatever. So "fair use", originally intended to allow book reviewers
to quote from works, was de jure extended to a de facto reality --
people "stole" TV shows, and enjoyed them. I understand that fair use
extends to school use as well.
Why don't people just see that loaning disks, copying programs, etc.
is wrong? Because it's not obvious, and it certainly isn't "naturally"
wrong. The SPA has to cultivate a mindset that isn't there. You give
me knowledge, you still have use of it; now I can use it too. The more
it is shared, the more useful it becomes. It doesn't really wear out,
and it doesn't get used up. So people (naturally) say, where's the
harm? It's not like I stole your silverware or pinched your car. A
rather noble attribute, sharing, is turned into a crime! And we are
all to be enlisted in this SPA scheme for policing property rights of
software companies. No thanks.
Property rights and information just don't go together:
(1) The enforcement of property rights in information requires a
police state. The SPA encourages people to squeal on each other by
calling an 800 number. If the laws were enforced, I would bet that
_most_ computer users would be guilty. Hence, the population is
criminalized, and subject to police and court control. Just because
the laws aren't enforced in totality doesn't mean that they can't be
used.
(2) Enforcing property rights in information prevents the "storehouse
of knowledge" from being used optimally. Hence society and
civilization is held back. The lost productivity due to conflicting
standards and interfaces required because of proprietary interfaces
etc. is one example. The lost educational opportunities resulting from
schools not getting the software they need in the quantities they need
is another. The lost time of researchers who must duplicate research
because they are prevented from sharing information because of trade
secrecy or international competition is another. The unavailability of
textbooks in poor countries because they cost as much as a month's
wages (or software that costs as much as a year's wages) is another .
(3) Property rights in information aren't needed to ensure software
production, creativity, advancement of society, etc. The freeware and
public domain library testify to this. People create for many reasons,
of which financial gain is only one, and I would argue, not the most
important. The challenge of doing it, peer or public recognition,
service to humanity are important motivators. Much valuable research
has been carried out in the public sector -- via federal research
institutions or via publicly funded universities. Obviously financial
gain wasn't the main motivator there (except until recently, brought
on by the de-funding of universities, forcing them to go begging. Most
engineers, I would guess, must sign work-for-hire agreements in order
to obtain work, effectively signing away any rights to the products of
their creativity. The beneficiaries of property rights in information
aren't the creators, but the entrepreneurs. Finally, is the software
industry profitable today? Yes. Even with the $24 billion in "piracy".
How can this be so? Because what the software companies "lose" is
revenue with no associated cost (the "pirate" has done the labor, and
presumably provided the equipment and disk). This is the difference
between stealing cars and duplicating software.
(4) But but but, how will software get written, who will finance it?
Knowledge is a _social_ treasury, and should be funded socially.
Public competitions, grants, a social fund supported by users,
whatever. We have some models already: the university and federal
research model; the arts funding model; the GNU experiment; the
freeware and public domain experience. We're a creative and energetic
group -- we can figure it out.
------------------------------
End of Computer Underground Digest #4.42
************************************
Computer underground Digest Sun Sep 13, 1992 Volume 4 : Issue 43
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivist: Dan Carosone
Copy Editor: Etaion Shrdlu, Srr.
CONTENTS, #4.43 (Sep 13, 1992)
File 1--Moderators' Corner (More FAQs)
File 2--Re: Piracy/Social Context (#4.42)
File 3--Re: Piracy/Social Context (#4.42)
File 4--PD-related IFAC symposium, 9/23, Madison
File 5--Cliff Figallo Online (From EFFector Online, # 3.04)
File 6--Bill Clinton on Electronic Technology (From EFFector 3.04)
File 7--Call for Cu-Related Papers for MSS
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by
anonymous ftp from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au
For bitnet users, back issues may be obtained from the mail server at
mailserv@batpad.lgb.ca.us
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to
computer culture and communication. Articles are preferred to short
responses. Please avoid quoting previous posts unless absolutely
necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Sun, 13 Sep 92 11:21:01 CDT
From: Moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 1--Moderators' Corner (More FAQs)
Some more Frequently Asked Questions (FAQs), incuding some not exactly
asked but thought we'd respond anyway:
1. WHY DOES CuD REPRINT STUFF THAT'S ALREADY APPEARED ON USENET OR
FROM EFFector WHEN MANY READERS HAVE PROBABLY ALREADY SEEN THESE
POSTS?
We estimate that about one-third of our readers do not have
conventional net access and read CuD from BBSs, public access systems
without net-connections, or from other sources where they wouldn't see
valuable information (such as the EFF posting below). Therefore, we
try to provide a variety of material that would interest an incredibly
diverse readership.
2. WHY DO THE MODERATORS SAY SOMETHING IS COMING OUT IN ISSUE #4.xx
AND IT DOESN'T APPEAR UNTIL SEVERAL ISSUES LATER?
Sometimes our own personal schedules prevent us from writing up our
own material or following up on items. Usually, however, it's because
of practical concerns, such as keeping issues to about 40 K (which
means that two 20K posts intended for a single issue must be split if
we have several 5-10K posts to include) or trying to keep thematic
issues in sequence (such as the SPA issue which will most likely be
two or three sequential issues), or--as is the case this week--because
of a long post that comprises most of an issue, which moves everything
forward. Hence, #4.44 will be The Cuckoo's Egg issue, and the
following two will be SPA issues.
WHEN DO YOU KEEP REMINDING PEOPLE THAT CuD WILL NO LONGER BE AVAILABLE
AS AN ALT GROUP ON USENET?
Because we are still receiving occasional posts inquiring why the
comp.society.cu-digest version is not available on a given site. We
are trying to be politely subtle in reminding sysads TO SWITCH OVER
because the ALT version is about to disappear!
NOBODY ASKED, BUT WHEN RESPONDING TO PREVIOUS ARTICLES:
*PLEASE TRY* to keep cited material to a minimum. Generally, it is far
better to summarize a post and make sure your own response is
sufficiently clear that it addresses that post in a way that allows
others to understand what the issues are. Good writing need not
depend on long cites unless, of course, those cites are critical to
the response.
WHY DON'T THE MODERATORS ACKNOWLEDGE RECEIPT OF ARTICLES?
We try to acknowledge *all* of them. Our system has no auto-reply, and
everything is read by humanpholk. Sometimes things slip through the
cracks. We'd like to think this is rare. We do our best.
HOW DO I KNOW IF SOMETHING I'VE WRITTEN IS APPROPRIATE FOR CuD?
If it addresses some issue of cyberculture, raises issues, provides
new information, or generally says something people might find
interesting, send it over. If it's not relevant, we'll let you know.
NOBODY ASKED, BUT WHEN SENDING CONFERENCE ANNOUNCEMENTS:
It helps to send stuff *prior* to the conference rather than a day or
before it's to occur. Two-three weeks or more should be the minimum.
------------------------------
Date: Fri, 11 Sep 92 15:16:56 JST
From: "Robert J. Woodhead" <trebor@FORETUNE.CO.JP>
Subject: File 2--Re: Piracy/Social Context (#4.42)
With regards the following article, I have some comments.
>Date--Tue, 1 Sep 1992 10:22:44 -0700
>From--James I. Davis <jdav@WELL.SF.CA.US>
>Subject--Software Piracy--The Social Context
In CUD 4.42, James I. Davis argues that property rights in information
are a bad idea. I would like to argue the opposite.
First of all, I believe we can take it as a given that information has
value. Ask any stockbroker, bookie or 5-star General if you don't
believe me. Whenever commodities of value exist, so does the
possibility of trade; buying and selling. In a free-market economy,
prices are set based on supply and demand, with sellers attempting to
maximize the equation of (# of copies sold)*(profit per copy).
The fundamental difference between the sale of information and the
sale of breakfast cereal (or any other physical commodity) is that
when information is sold, nothing physical is transferred. Once you
have a bit of information, you can sell it zillions of times, and
what's more, anyone you sell it to can do likewise, if they were so
inclined.
Wherein lies the problem - if everyone can sell every bit of
information they buy from another, the value of information, and thus
the incentive to create it, plummets. Which is why it is only very
rarely that information is actually sold - what you buy is the right
to USE the information for your own benefit.
Information industries have always been with us - book publication for
example. There have been many analogies made between book and
soft-ware publishers, but there is a fundamental difference; whereas
it costs more to Xerox a book than to buy an original, the digital
nature of software reverses the relationship. Why buy an original
when you can get an identical copy much cheaper?
My answer to the above is that when you make a copy, you are stealing
from two groups of people : the people who create and distribute the
software, and the people who legitimately buy it. In the first case,
you are showing a lack of respect for the creative efforts of other
people; in the second, you are forcing the legitimate customers to
shoulder a larger share of the development expenses than they would
otherwise have to. Mr. Davis totally misunderstands this
relation-ship, as he demonstrates in his final paragraphs where he
attempts to show that even with "24 billion" in piracy the software
industry is still profitable. Most of that 24 billion came out of the
pockets of legitimate users.
Mr. Davis also misunderstands the meaning of the "Fair Use Doctrine,"
which applies to how information that has legally been acquired may be
redisseminated. FUD has little or nothing to do with the concept of
software piracy. What FUD does say is what the purchaser or recipient
of information (eg: a computer game or a TV program) can do with the
information - for example, it says you can make as many backup copies
as you want, but not give them away.
He then goes on to state that the enforcement of property rights in
information would require a police state. Nonsense. What it requires
is the proper application of contract law, something we have hundreds
of years experience with. When you buy the right to use some
infor-mation, you agree to abide by the restrictions placed upon you
by the seller. If you don't like the restrictions, don't buy. If you
decide to say "Screw You!" to the seller and steal it, expect to get
censured it.
He further argues that enforcing property rights impedes the proper
dissemination of the storehouse of knowledge. I would argue the
opposite. By placing value on particular types of information, such
property rights guide the employment of human ingenuity in the
direction of providing the most valuable and needed information, and
the rewards given to those who create, or who have the wisdom to cause
to be created, the most valuable information, encourage others. He
bemoans the problems of schools and software, yet in fact the major
reason why tons of wonderful software isn't available cheaply is due
to the fact that schools are notorious for buying 1 copy for the
entire school system (I speak from personal experience here). Very
few companies specialize in educational software for schools for this
reason. And his textbook example (sorry) is specious because it has
nothing to do with software and everything to do with the cost of
printing books.
Lastly, Mr. Davis, after arguing that property rights = police state,
advocates that we entrust to the government the duty of deciding who
is to be paid for creating what information. Anyone who has actually
seen how much time and money is wasted due to infighting about grants
from the NSF would never make such a suggestion. He also brings up
the red herring of "it isn't the creators who get the money, but the
entrepreneurs." Hell, they risked the money to pay the creators, they
deserve the rewards. Having been on all sides of the equation, I can
tell you, in general everyone gets what they deserve. If a creator is
truly that, and not just a hack programmer who can code a module, he
can negotiate a % of the profits - just like in the movies. (except
computer firms usually aren't as sneaky accounting-wise)
Finally, he argues that property rights aren't needed to ensure
software production. My answer is, yes and no. While many people
create for the heck of it (me included), the fact is, there needs to
be a way for people to protect the fruits of their labors if they
choose to protect them. If the GNU approach is better than
Micro-softs, then the marketplace will decide. The fundamental
difference between myself and Mr. Davis (and the GNU folks) is that
they feel that the government should make everyone do things the way
they want, and I think that contract law and private agreements are
all that are needed.
I'll quote his last paragraph:
>(4) But but but, how will software get written, who will finance it?
>Knowledge is a _social_ treasury, and should be funded socially.
>Public competitions, grants, a social fund supported by users,
>whatever. We >have som>e models already: the university and federal
>research model; the arts funding model; the GNU experiment; the
>freeware and public domain experience. We're a creative and energetic
>group -- we can figure it out.
Welfare for Hackers. What a wonderful idea. (heavy sarcasm) Any
hacker worthy of the name would spurn it.
------------------------------
Date: Thu, 10 Sep 92 09:14:49 EDT
From: morgan@ENGR.UKY.EDU(Wes Morgan)
Subject: File 3--Re: Piracy/Social Context (#4.42)
>From-- James I. Davis <jdav@WELL.SF.CA.US>
>Subject-- Software Piracy--The Social Context
>
>Anne Branscomb, a strong advocate of property rights in information --
>admits that there is nothing "natural" about property rights (see her
>essay "Property Rights in Information"). Property rights are social
>conventions that are struggled over. And we shouldn't give up that
>fight to the SPA.
I disagree with several arguments used against said rights.
>Re: software "piracy" in schools, perhaps we should see an extension
>of "Fair Use Doctrine" to software use in schools. A bit of recent
>history -- broadcast TV shows were not intended to be copied and
>viewed at leisure at home. But to have stuck to that point, the courts
>would have criminalized a substantial number of adults who were
>time-shifting with their VCRs to watch soaps or football games or
>whatever.
Whoa! That wasn't the deciding factor at ALL! The decision was based
on the notion of "personal use". As I understand it, the courts decided
that individuals could record programs for later viewing. The court af-
firmed the copyright of the broadcasters when they disallowed rescreening
and/or rebroadcasting for profit. Even though you can tape "Days of Our Lives"
for yourself, you CANNOT charge people to view, nor can you rebroadcast the
program on your local Public Access channel.
What's the difference between taping/rebroadcasting a TV show and
copying/redistributing software? In each case, the initial step
(taping or copying, respectively) is legal FOR PERSONAL USE ONLY;
the second step (rebroadcasting/redistributing) is a violation of
copyright.
You'll notice that most software licenses allow you to make a backup
copy FOR PERSONAL USE ONLY.
>So "fair use", originally intended to allow book reviewers
>to quote from works, was de jure extended to a de facto reality --
>people "stole" TV shows, and enjoyed them. I understand that fair use
>extends to school use as well.
Here's a relevant quote:
"Section 107 of the Copyright Act establishes four basic factors to be
examined in determining whether a use constitutes a "fair use" under
the copyright law. These factors are:
a) The purpose and character of the use, including whether
such use is of a commercial nature or is for nonprofit
educational use;
b) The nature of the copyrighted work;
c) The amount and substantiality of the portion of the work used
in relation to the copyrighted work as a whole; and
d) The effect of the use in question upon the potential market for
or value of the copyrighted work.
No one factor is determinative of a person's right to use a copyrighted
work without permission. (EDUCATIONAL USE ALONE IS NOT SUFFICIENT TO
MAKE A USE IN QUESTION A FAIR ONE.)"
[Source: "Questions and Answers on Copyright for the Campus Community", the
Association of American Publishers and the National Association of College
Stores, Inc., 1991]
We may agree that copying software meets criterion (a); the others are
more difficult to justify. The crux of this particular problem lies in
criterion (d). Copying software DEFINITELY affects the "potential market"
for that software; if I can copy it, I don't have to buy it!
>Why don't people just see that loaning disks, copying programs, etc.
>is wrong? Because it's not obvious, and it certainly isn't "naturally"
>wrong.
I disagree. I find it painfully obvious that I should not take someone
else's property and redistribute it injudiciously.
>The SPA has to cultivate a mindset that isn't there.
Most of the license agreements I've read are explicit "right to use" licenses,
as opposed to a "transfer of ownership". If you purchase a copy of the
software, you agree to abide by the terms of the agreement. You can argue
the propriety of that agreement until you're blue in the face, but you still
have a legal obligation to abide by its terms.
The same notion applies to the terms of an apartment lease, a car rental con-
tract, or the deed to one's home. Each of these contract contains several
clauses which bind the parties to certain limitations.
>You give
>me knowledge, you still have use of it; now I can use it too.
Computer software is not "knowledge".
I can certainly share knowledge with you; I can teach you everything there
is to know about Quattro Pro, WordPerfect, or Microsoft Windows. However,
"sharing knowledge" does not include giving you something (the software it-
self) for which I do not possess redistribution rights.
>It's not like I stole your silverware or pinched your car. A
>rather noble attribute, sharing, is turned into a crime!
Sharing, while noble, only applies to those things which are yours.
As I mentioned earlier, the computer software you purchase is not
usually your property.
Would you make a copy of Webster's Dictionary and give it to a friend?
I don't believe that you would; most people would intuitively classify
such copying as "wrong". The 'intangible' nature of computer software
(some say "It's just bits on a floppy disk") does not negate this "common
sense" approach.
>And we are
>all to be enlisted in this SPA scheme for policing property rights of
>software companies. No thanks.
Gee, why don't you just Xerox (tm) your entire printed library for me?
I guess that would be just fine, right?
>Property rights and information just don't go together:
If we accept this notion, why do we have patents? After all, patented works
are just a tangible expression of a particular piece of knowledge. Copy-
righted works are a tangible expression of another kind; why should they be
treated differently?
>(1) The enforcement of property rights in information requires a
>police state. The SPA encourages people to squeal on each other by
>calling an 800 number.
So? Most major companies have a "graft and corruption" number.
Many government agencies (IRS, BATF) have similar facilities. Even
local governments get into the act; do you have "CrimeStoppers" broad-
casts on your local TV stations?
>If the laws were enforced, I would bet that
>_most_ computer users would be guilty.
So? This is starting to sound like "everybody does it, so it must be
allowed"......and that's a load of poppycock.
>Hence, the population is
>criminalized, and subject to police and court control.
It has been estimated that over 70% of US taxpayers attempt to mislead
the IRS on their yearly tax returns. [Source: US News and World Report]
The IRS cannot audit every return, but they usually detect (and punish)
the worst offenders. Does that "incomplete enforcement" somehow justify
the illegal actions of the unpunished offenders? Hardly.
The SPA (or the Copyright Office, or whoever) will never have the resources
to police *everyone*. I suspect that the 'software police' will eventually
follow the same principle as the IRS -- get the worst offenders. In fact,
SPA's current actions reflect this trend. They (the SPA) aren't going after
Joe Shmo and his Commodore 64; they're targeting the big corporations and
universities.
>Just because
>the laws aren't enforced in totality doesn't mean that they can't be
>used.
Are you trying to create a distinction between "a bootleg copy of Turbo C
on my son's PC" and "copying Turbo C for everyone in my office"? I don't
believe that you can make this work; in each case, the action is improper.
The fact that "my office" is more likely to be caught/punished than my son
is irrelevant; both cases are improper.
>(2) Enforcing property rights in information prevents the "storehouse
>of knowledge" from being used optimally.
I do not accept the equivalence of computer software and information,
but I'll address a few of these points anyway.......
>Hence society and civilization is held back.
With the growing number of "public access" computing sites, this may very
well become a moot point. Many high school computer facilities have "public
hours" for their community(ies); many public libraries are establishing com-
puter facilities for their patrons. I fail to see how "I can't get a free
copy of Lotus" impedes the progress of civilization.
>The lost productivity due to conflicting
>standards and interfaces required because of proprietary interfaces
>etc. is one example.
This is true; however, are you going to force each and every
company/school/person to adhere to some particular "nonproprietary"
interface? If so, how do you hope to accomplish it?
>The lost educational opportunities resulting from
>schools not getting the software they need in the quantities they need
>is another.
I agree that this is a real problem. However, many software companies
are now discounting bulk licenses for schools. Inexpensive "student
versions" are available for many popular software packages, such as
WordPerfect, Maple, and MATLAB.
>The lost time of researchers who must duplicate research
>because they are prevented from sharing information because of trade
>secrecy or international competition is another.
Please explain how "globally free" software would affect this situation.
>The unavailability of
>textbooks in poor countries because they cost as much as a month's
>wages (or software that costs as much as a year's wages) is another .
Several publishing houses in the Third World pirate textbooks; since
their countries are not signatories to the Berne Convention, the original
publishers cannot recover their losses.
>(3) Property rights in information aren't needed to ensure software
>production, creativity, advancement of society, etc. The freeware and
>public domain library testify to this. People create for many reasons,
>of which financial gain is only one, and I would argue, not the most
>important.
People may create for many reasons, but *companies* create for financial gain.
>Finally, is the software
>industry profitable today? Yes.
It is profitable AT THIS TIME. Will it continue to be profitable in
a society where piracy is allowed on any scale? I doubt it.
>Even with the $24 billion in "piracy".
>How can this be so? Because what the software companies "lose" is
>revenue with no associated cost (the "pirate" has done the labor, and
>presumably provided the equipment and disk). This is the difference
>between stealing cars and duplicating software.
That's incorrect.
If I steal your car, you (or your insurance company) will have to pur-
chase a new one. Honda (or GM, or whoever) has now given out TWO cars,
but they have recognized a profit on each one.
If I steal a copy of Lotus 1-2-3 (remember, you DO NOT OWN your copy;
you merely have a license to use it), I do not have to pay Lotus. You
don't have to pay for another copy; you still have your original. Lotus
has now (effectively) given out TWO copies, but they have only recognized
the profit from one copy.
That sounds like a loss to me........
>(4) But but but, how will software get written, who will finance it?
>Knowledge is a _social_ treasury, and should be funded socially.
>Public competitions, grants, a social fund supported by users,
>whatever. We have some models already: the university and federal
>research model; the arts funding model; the GNU experiment; the
>freeware and public domain experience. We're a creative and energetic
>group -- we can figure it out.
There's one topic which hasn't been addressed in this article; I rarely
see it addressed in any article on this particular subject.
The whole concept of copyrights (and patents) is based on the notion that
the creator of a commercial product is entitled to some compensation for
their effort. With patents, this compensation is realized through an
exclusive production license for a certain number of years; with copy-
rights, this compensation is realized through a similar exclusive license.
(I believe that a personal copyright extends through the life of the owner,
plus a certain extension after the owner's death.)
By your arguments, I would not realize any significant compensation at all
for the software I develop. In your society, I would just toss my product i
into the population, and we'd all live happily ever after. That doesn't work,
and it isn't right! If I pour 4 years of my life into the development of
SnarkleFlex, I DESERVE to profit from it (assuming that people want to
purchase/use it).
We could certainly argue that software should be PATENTED. If software
were patented (instead of copyrighted), both sides could be served equally:
- The creator (or creating firm) would receive an exclusive
license for the initial production of the product (software).
This would ensure that the creator(s) received compensation
for their efforts.
- After a certain period of time (10 years? 20?), the product
would lapse into the public domain; it could then be redis-
tributed freely.
As an alternative, previous versions of a particular package could lapse
into the public domain upon the release of a newer version. For instance,
SnarkleFlex 1.0 would become PD upon the release of SnarkleFlex 2.0. If
I've done a good job on SnarkleFlex 2.0, people will prefer it to version
1.0; they'll buy the new version, I'll realize my profit, and other people
can treat version 1.0 as PD. In fact, casting SnarkleFlex 1.0 into the
public domain may actually CREATE new customers for version 2.0; after
using the old version, they may decide to buy the new version!
(Of course, I could also save money by dropping support for any versions
that pass into PD status. Many companies drop support for older versions
on a regular basis; for example, I don't think you can get support for
SuperCalc 3 at this time)
------------------------------
Date: Thu, 10 Sep 1992 14:00:00 EDT
From: Jeff Johnson <jjohnson@HPLJAJ.HPL.HP.COM>
Subject: File 4--PD-related IFAC symposium, 9/23, Madison
-+++++- Forwarded Message
Date--Fri, 28 Feb 92 15:00:51 PST
From--mad@mambo.Stanford.EDU (Marcia A. Derr)
Subject--PD-related IFAC symposium
The International Federation of Automatic Control (IFAC) is holding
symposium on Automated Systems Based on Human Skill (and
Intelligence), September 23-25, 1992 in Madison, Wisconsin. According
to the symposium announcement, ``the objective of the symposium is to
bring together engineers, system designers, and end users, to bring
about a closer integration between users, who often possess specific
skills and designers who often seek designs to replace rather than
enhance skills.''
The symposium will address such topics as
- aspects of skill-based manufacturing,
- human work design criteria,
- design of better systems,
- valuation of alternative work structures and organizations, and
- participation of people involved.
For more information, contact
Prof. Frank Emspak
School for Workers
UWEX
610 Langdon Street
Madison, Wisconsin 53703
USA
Phone: 608-262-2111
FAX: 608-265-2391
------- End of Forwarded Message
(Contributor Note:: There is a file on the CPSR archive server called
IFAC CALL4PAP which can be retrieved by submitting the command GET
IFAC CALL4PAP to the address LISTSERV@GWUVM.GWU.EDU, in the text of
electronic mail. -peh)
------------------------------
Date: Fri, 11 Sep 92 13:47:52 EDT
From: Rita Marie Rouvalis <rita@EFF.ORG>
Subject: File 5--Cliff Figallo Online (From EFFector Online, # 3.04)
FIGALLO ONLINE AT EFF.ORG
Cliff Figallo became the new director of EFF-Cambridge at the
beginning of the month. Former director of The Whole Earth 'Lectronic
Link (the EFF's birthplace), Fig is charged with developing and
coordinating the Cambridge office's outreach activities, increasing
active EFF membership, and expanding overall awareness of the EFF's
programs in the computer-conferencing community and the world at
large.
Commenting on his new task, Figallo said, "EFF came upon the online
scene a couple years ago with a big splash. I'd like for us to
continue splashing. EFF is uniquely engaged in many useful and
important activities in the areas of online civil liberties, sane
lawmaking and advocacy of improved electronic highways for the future.
I want news of these activities to get out to the people for whom we
are making a difference. I also want us to develop better channels
for these same people to communicate their wants and needs to those of
us with access to the legal, informational and technical resources.
Our purpose is to serve those wants and needs for the betterment of
the world.
"More specifically, I will encourage people to become members of
EFF by demonstrating to them the value of a membership. One should
expect noticeable benefits from paying membership dues and I intend to
make it plain that those benefits exist and will only increase as more
people become involved in telecommunications. I will also be working
with regional groups who may be interested in forming local EFF
chapters so that we can learn together how such affiliations can
enhance our mutual effectiveness.
"I'm excited about working here. I believe in what EFF is all
about."
Cliff can be reached as fig@eff.org.
------------------------------
Date: Fri, 11 Sep 92 13:47:52 EDT
From: Rita Marie Rouvalis <rita@EFF.ORG>
Subject: File 6--Bill Clinton on Electronic Technology (From EFFector 3.04)
STATEMENT OF BILL CLINTON FOR THE INSTITUTE OF ELECTRICAL
AND ELECTRONIC ENGINEERS (IEEE)
Bill Clinton for President Committee * 1317 F Street, NW, Suite 902 *
Washington DC 20004 Telephone 202-393-3323 FAX 202-393-3329
e-mail correspondence@dc.Clinton-Gore.org
"We face a fundamental economic challenge today: to create a
high-wage, high-growth national economy that will carry America into
the 21st century. We need a long-term national strategy to meet this
challenge and win.
"Our productivity and income have been growing so slowly because
we've stopped investing in the economic infrastructure that binds our
markets and businesses together, in the education and training
necessary to give our workers world-class skills, and in the research
and development that can restore America to the cutting edge of the
world economy. As a nation, we're spending more on the present and
the past and building less for the future. We need a President who
will turn the country around and refocus on the long view. As
President, I will divide the budget into three parts, creating a
separate 'future budget' for the federal government to make
investments that will enrich our country over the long term. Today
the federal government spends only 9 per cent of the budget on
investments for the future; a Clinton Administration will double that.
We will pay for it by diverting resources no longer needed for
defense, but we will ensure that every dollar we take out of military
R&D goes into R&D for civilian technologies until civilian R&D can
match and eventually surpass our Cold War military R&D commitment.
"As President, I will create an investment tax credit and a new
enterprise tax cut that rewards those who invest in new businesses
that create new jobs. I will also make the research and development
tax credit permanent.
"My administration will create a civilian research and development
agency to support research in the technologies that scientists have
already identified as the basis for launching new growth industries
and revitalizing traditional ones over the next two decades. This
civilian DARPA will coordinate R&D to help companies develop
innovative technologies and bring new products to market. And without
inhibiting the competition that drives innovation, we will encourage
and promote collaborative efforts among firms and with research
institutes for commercial development just as we have done with
defense technologies for 40 years.
"A Clinton Administration will create a high-speed rail network
between out nation's major cities. And in the new economy,
infrastructure means information as well as transportation. More than
half the U.S. workforce is employed in information-intensive
industries, yet we have no national strategy to create a national
information network. Just as the interstate highway system in the
1950s spurred two decades of economic growth, we need a door-to-door
fiber optics system by the year 2015; a link to every home, lab,
classroom and business in America.
"For small defense manufacturers hit by cuts in defense spending,
the Small Business Administration will provide small conversion loans
to help finance their transition, and launch a Technology Assistance
Service -- modeled on the Agricultural Extension Service -- to provide
easy access to the technical expertise it takes to convert to
commercial production.
"To enjoy the full benefit of these investments, we must do
everything possible to open up markets now closed to American
products. My administration will provide the leadership for Japan and
the European countries to join us in coordinating our macroeconomic
policies and in reaching multilateral trade negotiations. But we will
also provide the muscle to open up Japan's markets to competitive U.S.
products using a stronger and more carefully targeted "Super 301"
approach. We favor a free and open trading system, but if our
competitors won't play by those rules, we will play by theirs.
"All the investments in the world won't mean much if our workers
don't have the education or the skills to take advantage of the
opportunities they create. My administration will fully fund Head
Start, increase funding for Chapter 1, and provide seed money for
innovative education projects. However, we will also raise standards
by establishing a national testing system in elementary and secondary
schools and instituting report cards for ever state, school district,
and school in the nation, to measure their progress. We will also
create a nationwide apprenticeship program for those young people who
choose not to go to college, and a national trust fund for college
loans for those who do. These loans will be repaid either as a small
percentage of income over time or with a couple of years of national
service.
"With the strategy I have outlined, we can restore the American
Dream by enabling every citizen and every business to become more
productive, and in so doing, restore our nation to the front lines of
high technology.
------------------------------
Date: Sun, 13 Sep 92 18:59:51 CDT
From: Jim Thomas <tk0jut2@mvs.cso.niu.edu>
Subject: File 7--Call for Cu-Related Papers for MSS
Jim Thomas is organizing a session at the Midwest Sociological
Meetings (April 7-10, '93) on "NEW INFORMATION TECHNOLOGIES AND
CRIME."
The topic is broad, and includes computer deviance (hacking, viruses,
computer crime, copyright, etc....); Methodological, ethical, legal,
and other issues related to researching the topic; Law enforcement
uses of new technology; New definitions and types of crime shaped by
the "techno-revolution" in computers and telecommunications; and uses
of technology to commit crimes or avoid detection.
Empirical papers from a qualitative perspective are preferred.
The deadine for paper titles and short (50-150 word abstract) is
OCTOBER 15, 1992
Send them to: Jim Thomas
Sociology
Northern Illinois University
DeKalb, IL (60115
(voice: 815-756-3839 ; fax: 815-753-6302)
Or: tk0jut1@niu.bitnet / tk0jut2@mvs.cso.niu.edu /jthomas@well.sf.ca.us
------------------------------
End of Computer Underground Digest #4.43
************************************
Computer underground Digest Sun Sep 20, 1992 Volume 4 : Issue 44
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivist: Dan Carosone
Copy Editor: Etaion Shrdleau, Srr.
CONTENTS, #4.44 (Sep 20, 1992)
File 1--The Cuckoo's Egg Revisited
File 2--The Egg, Over Easy
File 3--Cuckoo's Egg and Life
File 4--An Ideal(istic) Egg
File 5--The Cuckoo's Egg and I
File 6--Hatching the Cuckoo's Egg
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by
anonymous ftp from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au
For bitnet users, back issues may be obtained from the mail server at
mailserv@batpad.lgb.ca.us
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Wed, 29 Jul 92 21:17:34 EST
From: Gene Spafford <spaf@CS.PURDUE.EDU>
Subject: File 1--The Cuckoo's Egg Revisited
Cuckoo's Egg Revisited
by Gene Spafford
When I first read Cliff's book, in draft manuscript form (Cliff sent
me an advance copy), I found it gripping. So did my wife. We each
found that when we started it, we couldn't put it down until we
finished it -- both of us staying up past 3am on a weeknight to read
through to the end. We weren't the only ones. When the book was
published, I bought copies for some friends, several of whom don't use
computers. Almost all of them had the same reaction: they found the
book engrossing, entertaining, and informative. Several of them also
reported spending late nights (and early mornings!) reading to the end.
It wasn't that Cliff set down particularly elegant and engrossing
prose that made the book so captivating, although his writing is
certainly better than many others evidence. It wasn't because Cliff
recounted some high-tech adventure either -- many of the readers
(myself included) already had experience with computer security
incidents. So why was the book so interesting to us, and to so many
other people?
It wasn't until a few weeks ago, when Jim Thomas asked if I would do a
short retrospective on the "Cuckoo's Egg" that I thought about this
question. I even went back and skimmed through parts of the book
again. Now that I've thought about it, I believe I know why "Cuckoo's
Egg" had such an impact: it was a honest sincere, personal accounting
of one person's internal struggle with right and wrong, as well as
being a challenging mystery story.
Cliff's writing portrayed, for many of us, some interesting conflicts
and value judgments. For instance, having strong opinions about some
governmental and commercial entities, but finding that they are
composed of many well-meaning, genuinely nice people. Or discovering
that not every "harmless" act is really harmless when multiplied
many-fold. Heroic tales often involve journeys of self-discovery and
the loss of innocence; we saw Cliff undergo both.
To give a more concrete example of this, I consider the anecdote about
how Cliff "liberated" several printing terminals to track the logins a
perfect example of how rules, particularly property rules, may
sometimes be ignored by someone hot on a clever "hack," as Cliff was.
As the story unfolded, he made choices that I know he would have
reconsidered later on.
I also think that Cliff's account of keeping his system open, and
observing the cracker break in to other machines through his, is a
perfect example of how difficult some choices are to make, and how
they must be reevaluated as time goes on. Was Cliff partially
responsible for those break-ins? Was his notification of the sites
sufficient to counter the harm he had done? Is the argument that "the
bad guys would have used some other route" a valid argument? Seeing
those conflicts, even if indirectly, made the book something more than
just entertaining.
Cliff started as a well-meaning academic with strong views (almost
anarchistic, perhaps), and through the course of his personal
experience became someone with a different view of society. He
underwent a transformation, on the pages before us, from a
happy-go-lucky scientist, to someone obsessed with a problem. As he
recounted his growing awareness of the vast vulnerability our
increasing reliability on computers and networks presents, he made us
aware. And with this new awareness, we read about the change in Cliff
and his view of the world...and how those around him changed their
view of him.
Cliff admits that he second-guesses some of his decisions made during
the time of his pursuit. He's not sure he did the right thing at
every step, and he has paid a high price for doing what he felt was
right -- losing many things he treasured before and after the
publication of the book. I think that's in the book, too, although
maybe not explicitly. Or perhaps its because I know Cliff and have
talked to him about being thrust into the spotlight that makes me see
those things when I reread parts of the book. He lost some cherished
possessions in the midst of battling for his principles, and that is
always a gripping theme.
So, is "Cuckoo's Egg" still worth reading today? I think so. I
didn't find it so gripping this time as the first time I read it, but
I saw more of the internal struggle Cliff went through as he pursued
his investigation. I also saw how little some things have changed in
the our world of networks.
The book is still entertaining, too. Cliff's account of drying his
sneakers in the microwave oven sounds like something I'd do, and his
recipe for cookies is still a bonus.
If nothing else, "Cuckoo's Egg" is still a good way to expose the
uninitiated to some of the problems with computer security and
investigation. For that one reason alone, I think the book will
continue to have value to us -- as a place to get dialog started, if
nothing else.
I reflect on the world in Cliff's book, where sites were regularly
broken into without sys administrators knowing about it, where
security information was difficult to find, and where it was almost
impossible to get law enforcement to care about what was happening.
Then I think back over the past few weeks:
* I have given several continuing education courses in Unix
security, here in the US and in Europe, this summer, and turnout
has been good
* I've spoken on the phone with people in the FBI and US Attorney's
office whose full-time job is devoted solely to computer crime issues
* I've read in the paper about several arrests on computer crime
charges, in the US and in Europe
* I've corresponded with representatives of several security
response teams, charged with helping to deal with computer
security incidents
* I've received court papers identifying me as a witness in
an upcoming trial on computer abuse
* I've been talking with some law enforcement agents in a (unnamed)
nearby state who are concerned about how to define laws that help
them stop the "bad guys" yet don't hurt innocent third parties.
How different the world is now from when Cliff began his adventure and
wrote his book! Although we still have sites run with a cavalier
attitude towards security, and although there are still people who try
to penetrate whatever systems they can, the situation is not the same.
We now have dedicated security officers, a growing security industry,
new laws and law enforcement efforts, and coordinated responses to
unauthorized access and malicious behavior. It's far from ideal, but
awareness is growing.
Perhaps "Cuckoo's Egg" has had something to do with those changes? If
so, we should be grateful, perhaps, that this catalyst was crafted by
someone whose vision is that computers are useful if only we can
maintain sufficient trust in each other, and not someone with an urge
to legislate tight controls. In a way, that is one of the most
enduring aspects of Cliff's writing. It is clear that he loved some
aspects of computing. The challenge of tracking his intruder was
clearly an element of gamesmanship as well as duty.
Cliff, like many of us, came to realize that the world came to his
workstation through the magic of networks and computers. That world
view, however, is based on a foundation of 1's and 0's that bear no
definitive stamp of who sent them. The network provides freedoms to
be free of stereotypes, and to express your thoughts to millions.
Your thoughts come through, and the reader need never know if you are
young or old, tall or short, fat or thin, black or red or oriental or
hispanic or mongrel, male or female, hale or crippled. That same
freedom, however, requires responsibility to not abuse it, and trust
that the 1's and 0's aren't carrying lies.
It was Cliff's anger at the end of the book -- that his trust in what
came across his computer was violated -- that really brought home the
change. His anger, about how the abuse of trust by a few threatens the
many, clearly came through to me. His concern for our reliance on
computers also was clear. And the irony of the epilogue, tugging at
him again, after he said he was giving it all up; "I'm returning to
astronomy" are his final words in the last chapter. You can't go back
Cliff. Sadly, none of us can.
------------------------------
Date: 24 Aug 92 23:27:31 EDT
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 2--The Egg, Over Easy
The Egg, Over Easy.
Gordon R. Meyer, CuD co-moderator
It's Thursday, August 20, 1992 and I'm watching the President of the
U.S. address his loyal minions. "Fall of communism...I did that,"
"The reunification of Germany...did that too," "Kuwait is free..thanks
to me," "Events in our country?...blame Congress. It's not my fault".
The telephone suddenly rings...though semi-catatonic I know, just
know, it's the Thought Police. Shit, what will I tell them? I was
listening to the President...honest! You must have me confused with
someone else. My palms are sweating. The phone is still ringing. I
pick it up...
"Guten abend" I say, in my best German accent, hoping it will throw
them off the track. "Hey Gordon" Jim says without hesitation. "Jim!
It's you!" Thank God. I breath easier knowing that it's only Jim
Thomas, co-founder and Keeper-Of-CuD on the line. I guess I only
thought it was 1984.
Or maybe not. Before I know it Jim is asking me to write a review of
'The Cuckoo's Egg' for the next issue of CuD. I check my watch...it's
still ticking. A quick glance at the calendar on the wall...'1992'.
Hmmmm. Maybe Jim is still in his own RNC-induced trance. "Didn't we
review Cliff's book about..oh...two and half years ago?," I ask
quietly, trying not to wake him too abruptly. "Yeah." (It's a full
sentence for Jim, trust me, he can say a lot in one word.) Admitting
my confusion, I ask him to explain. "There has been a lot of water
under the bridge since Cliff's book, it'd be good to take another look
at it and see what it has to offer now. Besides," he added, "we
already have retrospectives from lots of other folks." "Nothing like
good old fashioned peer pressure" I mumble, trying to sound
enthusiastic. I ask him when he needs the article, knowing the answer
won't be as far in the future as I'd like, say eight or nine months
from now. "Wednesday latest, tuesday if you can." Great, so I've got
around five days to find, then re-read, then review the book. How will
I convince him it can't be done? I start to voice my objections,
starting with "I don't have time to read...," when he cuts me off
before I can finish. "So don't read it again, just review it." Huh?
No, wait, oddly enough it starts to make some sense. Or least more
sense than what I could hear coming from the television in the other
room. We discuss the idea a bit more and hang up with me promising to
send the article by wednesday, and Jim making me say "By wednesday the
24th of August 1992 anno Domini, cross my heart and hope to die."
Sheesh, what a slave driver...
I'm determined *not* to refer to my copy of The Cuckoo's Egg (The Egg)
for this exercise. I really do know where it is though, I can see it
on the shelf about ten feet away as I write this, but I'm not going to
cheat and look at it. I don't need to. Well, except to see how the
hell to spell "Cuckoo," but that doesn't count. There's no need for me
to tell you what the book says, you know that...or at least you
should. If you don't know then you haven't read it. Do so. Now.
End of review. (And if you choose to ignore this advice, and not read
it, I swear to God you will regret it because the very first
non-computer person you meet, who finds out about your interest in
security/hackers, will regale you with an enthusiastic 20-minute
summation of 'that one hacker book'. So either read it, or never
_ever_ admit you haven't. Trust me.)
Let's look at The Cuckoo's Egg not as a book, but as a landmark...A
cultural/historical icon that escaped from cyberspace into the 'real'
world. The Egg, for the most part, was the first to introduce to
mainstream (i.e., Non-cyberspace) society the concepts, magic,
implications, and yes, possible dangers, of the networked world. The
Egg uses popular and familiar "Hollywood" elements (espionage,
government agents, goofy liberal scientists) , and melds them with the
unfamiliar and obtuse (networks, Unix). Classical elements,
fascinating story...It'll sell a zillion copies! And it did. The Egg
has been in paperback, on Nova, in Congressional hearings, featured on
the Wily Hacker Trading Cards, retold in JPL Comics, selected as a
Book-of-the-Month Club Alternate Selection, and the ultimate in
mainstream acceptance and recognition...condensed for Readers Digest.
No, The Egg is certainly not just a book. I want to liken it to
_Hell's Angels_ by Hunter S. Thompson. But I'm not old enough to do
so with any credibility. Thompson introduced people to the outlaw
motorcycle gangs, and showed their lifestyle and organization in a way
that outsiders had never before seen. We share with HST as he learns
about the Angels, and we wince when gets beat-up at the end. In The
Egg, we mock Cliff's obsession with the teeny tiny accounting error
that leads to the discovery of The Intruder. Then, after enticing us
with a Brownie Recipe, he gets us caught up in the chase until we
cheer when the Bundepost gets a trace on the hacker's line. _Hell's
Angels_ is every bit as much as a 'must read' to be able to converse
about motorcycle outlaw gangs, as The Egg is to talk about the
problems of computer security. Only more so, as I don't think Readers
Digest has ever heard of Hunter Thompson. (Note to Jim: Don't worry,
I've deleted the discussion of the phallic symbolism of pistols and
yo-yo's.)
The Egg is also important as it documents an era when the FBI, SS,
CIA, Telco Security, and everyone else would laugh off hackers and/or
espionage. Those days have ended. In fact, the pendulum has swung so
far in the other direction that Stoll's experience with the laise-
faire authorities seems quaint. For researchers, The Egg marks
somewhat of a transition between Esquire's Cap'n Crunch article, Bill
Landreth's confessional book, and the ill-directed Operation Sun
Devil.
To my knowledge we've never really heard about the 'national defense'
impact any of the information Stoll's hacker may have passed on to the
Soviets. This is regrettable as The Egg has almost certainly had an
effect on concern about computer espionage. It would be interesting
to know how this 'classic case' (and oft cited) harmed, or failed to
harm, our "National Security." Regardless of the affect, it's a
reasonable assumption that Stoll's work has been used as justification
for more than one corporate security program sales pitch. The Egg is
destined to be a part of Bibliography's and "suggested reading" lists
for many years.
Finally The Egg has also given us its author, Cliff Stoll. If it
wasn't for his book, and his willingness to share it with the world
(quite literally, I understand, though haven't confirmed, that it has
been translated into many languages) Stoll might well be known only to
his fellow Astronomers. That would be a shame, for although I don't
always agree with Stoll's suggested solutions or characterizations of
the Computer Underground, I think the computer security community
would be a bit more boring without him.
So there you have it, The Cuckoo's Egg thus far. I'll be interested
in seeing how the book holds up over the next two or three years. I
predict it will do just fine, joining the ranks of _Hackers_ and _Soul
of a New Machine_, as dog-eared after dog-eared copy gets passed
from one computer enthusiast to another.
Postscript: For those who just can't get enough of the saga of the
egg, a book published in Germany, _Hacker for Moscow_, tells the tale
as seen from the other side of the terminal. If you were hungry for
more information about the German/East German connection, and you want
a more detailed description of the actual methods used to gain access,
as only the intruder himself can give, check it out. Unfortunately,
as far as I know, it hasn't been translated into english...outside of
Langley, VA of course.
------------------------------
Date: Sun, 2 Aug 92 18:51:50 PDT
From: brendan@CYGNUS.COM(Brendan Kehoe)
Subject: File 3--Cuckoo's Egg and Life
Life can take you in any number of directions, some of which may bring
you through Andy Warhol's proverbial fifteen minutes of fame. Cliff
Stoll found himself propelled into that limelight, caught quite
unawares. The tale of a six-bit accounting discrepancy leading to
spies and intrigue took the world by storm. His life has apparently
calmed down now, but the results of his experience are still being
realized by the computing community. Advances in technology, groups
like CERT and companies with full-time security alert personnel are
all, in part, testament to the work represented by his book.
The cosmopolitan appeal of The Cuckoo's Egg cannot be ignored,
however. Fully half the importance of a message is its capacity to be
conveyed to as many people as possible. Cliff accomplished this, in
spades. Rather than limit the audience to technophiles who would eat
up the juicy details, The Cuckoo's Egg offered readers an insight into
how a "diamond in the rough" might go about dealing with what amounted
to an impossible situation. Following Cliff as he was knocked about
from pillar to post, finding no help at all from those we would assume
are paid to investigate such things, made for truly fascinating and,
sometimes, disturbing reading.
Just over two years ago, I spent Christmas with a friend and his
family, the cost of returning to my native Maine proving prohibitively
high. While browsing a North Pennsylvania mall, we happened upon The
Cuckoo's Egg in a bookstore, and my friend chose to buy it as a gift
for his father. Someone I consider to be the perfect example of a not
terribly advanced, but quite comfortable, computer user, his dad was
instantly captured by the engaging story. He literally inhaled it,
along with dozens of cigarettes, over the course of not more than two
days. Chapter One on Tuesday, "THE END?" on Thursday evening. A
flurry of questions hit over the weekend: was the network used at
Widener University, where we were Computer Science majors, capable of
these things? had we ever seen anything like what had happened to
"that astronomer"? wouldn't it be cool to have it happen to us?
The notoriety Cliff Stoll gained from what could be termed an ordeal
was not, in my opinion, the reason The Cuckoo's Egg had to happen.
Rather, it accomplished precisely what it set out to do: bring the
concerns of information security into the thoughts and conversations
of thousands of people. People who would otherwise not have ever
encountered what may well prove to be one of the most decisive factors
in our world's future as we fast approach the new millennium.
------------------------------
Date: Mon, 14 Sep 92 11:14:49 CDT
From: Jim Thomas <cudigest@mindvox.phantom.com>
Subject: File 4--An Ideal(istic) Egg
Cliff Stoll, the hippy, might appreciate the irony of The Cuckoo's Egg
(TCE) symbolizing for the "hacker generation" what Altamont did for
the counter-culture of the sixties. Cliff Stoll, the socially
committed astronomer would take little pleasure in the prophetic power
of his observations. For those of the sixties, the free Rolling
Stones concert at Altamont was seen as a west-coast version of
Woodstock--a chance to frolic, engage in the excesses of "freedom from
responsibility," and live out a fantasy inspired by a romantic image
of the flower-power culture. A beating death by the Hell's Angels
"peace keepers," seemingly high numbers of drug overdoses, and
spiritual rain darkened the event.
Altamont itself did not kill the "hippy dream" any more than TCE had a
terminal effect on the hacker counterculture. Nonetheless, the
experiences recounted in TCE provided an icon for the passing of a
romantic era of hacking into one in which personal responsibility (or
lack of it), personal excesses, and increasing abuse without concern
for the consequences were eroding a culture from within. Like the
decay of the sixties' culture, the hacker culture of the 1980s was
invaded by newcomers who lacked the romantic idealism of those who had
come before them. As access to computers increased, a hoard of
newcomers moved in, bringing with them the problems that face any
community in a population explosion. In TCE, Cliff only documents one
slice of the problem by describing one incident that symbolized the
problems of a new society when trust and respect for the rights of
others breaks down.
In long-lost correspondence, Eric Smith once suggested that TCE
represented a turning point for Cliff, for the "hacker community," and
for computer users who who lived outside the pale of exploratory
computer use. Cliff's work raised consciousness, a few hackles
(including my own), praise, and criticism. It was written before
Operation Sun Devil, but was read by many of us in the context of the
Legion of Doom and Phrack indictments. It was cited by some law
enforcement agents in documents and other media as a means of
exaggerating the "Hacker Menace" as a national security threat to
justify their excesses in early 1990. As a consequence, it was not a
work that received many neutral readings. Ironically, much of the
criticism directed at Cliff and his work reflected the same passion
that prompted Cliff to write it: Betrayal of trust and opposition to
injustice and predatory behavior. The metaphors of betrayal and loss
permeate TCE. Openness, whether in our personal relationships or on
computer systems, require trust. When that trust is violated, we lose.
Cliff's persona seeps continually out of the book. One can picture him
with keyboard in one hand, yoyo in the other, chocolate chip cookie
crumbs scattered about, and sneakers steaming in the microwave,
sharing each chapter with the woman he loves with joy and
anticipation. The intellectual and other rewards he reaped from his
labor also carried a burden. The nearly three years' experience and
corresponding time to reflect on events since then cannot but make a
re-reading of The Cuckoo's Egg a somewhat sad experience. Cliff has
written elsewhere of his personal losses: Some friends abandoned him,
he was unfairly criticized, his relationship dissolved, and he found
himself at the center of controversy not of his own making.
What was the cause of all this? By now, most know that TCE was about
tracking an intruder into UC/Berkeley's computer system who was
noticed as the result of a miniscule accounting error. Cliff
discovered that his system was being used by the hacker to access
other systems, and, like a cyber-bloodhound, followed the intruder
into other systems and then retraced the steps and ultimately located
him on a system in Germany. The narrative made a fascinating
detective story, and when read from the protagonist's perspective, one
couldn't help root for the detective. Methodologically, patiently,
painstakingly, the narrator pursued his quarry. Guided by the same
passion for solving a puzzle that motivates hackers (and researchers)
and by the feeling that if things are not quite right they should be
fixed, Cliff combined curiosity and technology in a way that one
might argue celebrates the original hacker ethos while adamantly
opposing its excesses.
When I first read the Cuckoo's Egg in early 1990, the Legion of Doom,
Phrack, and Len Rose were facing legal problems. Sun Devil was still a
few months away. Prosecutors, the media, and others alluded to the
work to demonstrate the "hacker menace," to raise the spectre of
threats to national security through espionage or disrupting the
social fabric, and to generally justify the need to bring the full
weight of law enforcement down upon teenage joyriders. Although Cliff
has taken a strong and unequivocal stand on civil liberties and has
publicly denounced excesses that violate Constitutional rights, he had
no power of the use of the images that some took from the book. This
led some at that time, myself included, to associate him with the
excesses. Ironically he was in a sense victimized by the same law
enforcement excesses as others in early 1990. By attempting to alert
us to a problem, he was unwittingly caught up in it, and the messenger
was mistaken for the message. As a series of posts on
comp.org.eff.talk indicated this past summer, the mistake lingers.
And what *IS* Cliff's message? In TCE and elsewhere, he has made it
quite clear: Cyberspace must be based on trust. The sixties' idealism
of a better world through cooperation and respect for others' rights
is not simply a "PC" perspective, but an ethos that is essential if
computer technology and its benefits are to be widely shared. Those
who intrude on others subvert this trust, and virus-planters are akin
to putting razor blades in the sand at the beach. The attitude of
some that it's a right to try to hack into systems with impunity
subverts the freedom of others, and when trust dissolves, so does
freedom.
In some ways, Cliff Stoll *is* The Cuckoo's Egg. His persona has been
planted in our psyche, his images have become part of our lore, and
his non-compromising insistance on establishing a culture of trust and
mutual respect provide a model for teaching young computer users that
responsibility comes with knowledge. Gordon Meyer provides the best
summary for the legacy of The Cuckoo's Egg: It has hatched and his
given us Cliff Stoll and an image of curiosity, decency, and class
that can help civilize the cyber-frontier. And there aren't many
books or authors about which that can be said.
------------------------------
Date: Thu, 17 Sep 92 23:23:46 EDT
From: Mike Godwin <mnemonic@EFF.ORG>
Subject: File 5--The Cuckoo's Egg and I
THE CUCKOO'S EGG and I
By Mike Godwin
Copyright (c) 1992, Mike Godwin
I won't say that THE CUCKOO'S EGG is *the* book that changed my life,
but it's certainly *one* of those books. Here's how it happened:
In the middle of my last year of law school (1989-90), I was getting
bored with the local BBS scene in Austin, Texas. So, I decided it was
finally time to do what I'd been planning for a few years--getting an
account on a University of Texas system and participating in the huge,
distributed, free-floating conference system called Usenet.
By sheer chance, this decision came at a time when the Net was
particularly hungry for information about hackers and the law. Usenet
was still abuzz with discussion about the Internet Worm case, and
there was also a lot of talk about the so-called "Legion of Doom"
searches and seizures, which focused on three alleged hackers in
Atlanta. (As a third-year law student preparing to become a Texas
prosecutor, I had plenty of answers to the legal questions that
flooded Usenet newsgroups like misc.legal and comp.dcom.telecom.)
And, of course, there were lots of references to a book by some guy
named Stoll, who apparently had caught some hacker spies. A fellow
Austin BBSer named Al Evans told me he'd been enthralled by the book,
and when I saw it listed in the new acquisitions at my law school's
library, I decided to check it out.
The book was a revelation, and it kept me up half the night--I ended
up reading it in one sitting. The mystery of the Hannover Hacker was
only part of what fascinated me--the book, almost incidentally,
included the first *interesting* discussion I'd come across of the
structure and dynamics of the Internet. The image I formed of the
Hacker's leaping from network to network helped me begin to appreciate
the vast, complicated, deeply connected computer and telephone
networks that crossed the oceans and pierced national borders without
a pause.
I found Cliff's story also to fit well with what I knew, from my own
associations with researchers, what life can be like for working
scientists. There is a point in the book where Cliff's curiosity and
desire to find "the answer" kicks into overdrive--it's then that you
see why he became an astronomer. For me, one of the most inspiring
passages in the book is Cliff's account of his discussing the Hacker
with Nobel Prize-winner Luis Alvarez:
"Permission, bah. Funding, forget it. Nobody will pay for
research; they're only interested in results," Luie said.
"Sure, you could write a detailed proposal to chase this
hacker. In fifty pages, you'll describe what you knew, what
you expected, how much money it would take. Include the names
of three qualified referees, cost benefit ratios, and what
papers you've written before. Oh, and don't forget the
theoretical justification.
"Or you could just chase the bastard. Run faster than him.
Faster than the lab's management. Don't wait for someone
else, do it yourself. Keep your boss happy, but don't let
him tie you down. Don't give them a standing target."
That's why Luie won the Nobel Prize....
And yet, the same singleminded approach that Cliff (and I) found so
inspiring in Alvarez also inspired a lot of the criticism that Cliff
has faced from some quarters since the book was published. (More about
this later.)
At the time I read the book, it had not yet come out in paperback.
When I finished CUCKOO'S EGG, I looked again at the forward and
discovered that the author had left an e-mail address. Although not
always swift on the uptake, I managed to deduce from this that Cliff
wanted feedback from his readers, so, after some hesitation, I sent
him a letter in e-mail, giving him my reactions, and making a joke
about a humorous grammar error in Chapter 45 (for the curious, it's in
the top two lines on page 255 in the Pocket Books paperback).
To my surprise, I had mail back from Cliff the next day! He was
interested to hear my reactions, and was surprised to discover that I
was a law student--his wife, Martha, had been a Berkeley law student
during the events chronicled in the book, and was now a clerk for
Supreme Court Justice Harry Blackmun! We discussed the need for more
people on the Net with genuine knowledge of the law--few people had
had more experience than Cliff in running up against the "two
cultures" division between those representing the legal system (not
just lawyers, but also the FBI and the Secret Service) on the one
side, and the programmers, scientists, and students who populated the
Net on the other.
And as our correspondence progressed, we found ourselves talking from
time to time about the "hacker cases" that were being reported on
Usenet and in the news media. Cliff had seen what happened when
well-meaning and informed law-enforcement agents, like Mike Gibbons of
the FBI, took on a case in which a computer intruder clearly sought to
steal military secrets and sell them to Eastern Bloc spies. What we
both were seeing now were cases in which law-enforcement agents and
prosecutors were making obvious mistakes and damaging people's rights
in the process. The "Legion of Doom" hackers, for example, were
accused of stealing the source code for the Emergency 911 System from
a BellSouth computer--yet to anyone with even basic knowledge of what
a computer program looks like, the E911 "source code" was nothing more
than a bureaucratic memorandum of some sort, with a few definitions
and acronyms thrown in.
(The myth that the Legion of Doom defendants had access to the E911
source code persists to this very day: columnist "Robert Cringely" of
INFOWORLD once reported the "fact" that the AT&T crash of 1990 was due
to Legion of Doom sabotage, and that same "fact" appears, along with
numerous other egregious errors, in the diskette-based press kit for
the new movie "Sneakers.")
My growing interest in these hacker prosecutions, my discussions with
Cliff and others, and my reflections on THE CUCKOO'S EGG started
changing my postings on Usenet. Whereas before, I'd limited myself to
fairly dry and academic dispositions in answer to abstract legal
questions, I found myself getting emotional about some of these cases.
The more I learned about how the seizures and prosecutions were
hurting individuals and chilling free discussion on the Net (I even
lost an account myself as one sysadmin ended public access to his
system in order to minimize risk of having his system seized), the
more I found myself arguing with those whose justified anger at
computer intruders led them to justify, uncritically, any and all
overreaching by law enforcement.
And then this War On Hackers struck closer to home. On March 1, 1990,
an Austin BBS, run by the nationally famous role-playing-game
publisher Steve Jackson Games was seized by the United States Secret
Service. Although neither Jackson nor his company turned out to be the
targets of the Secret Service's criminal investigation, Jackson was
told that the manual for a role-playing game they were about to
publish (called GURPS Cyberpunk and stored on the hard disk of the
company's BBS computer) was a "handbook for computer crime."
The seizure, which shocked Austin's BBS community, had the potential
to put Jackson, an innocent third party, out of business. The sheer
magnitude of the effect on Jackson and his business outraged the
members of an Austin BBS called "Flight," which numbered both me and
Jackson among its users. Even more outrageous was the failure of the
media to pick up on the injustice that had occurred--one Flight user
pontificated that this was because the mainstream press had no
interest in BBSs, which publishers saw as nothing more than potential
competition.
I thought this theory was crazy. I had worked as a newspaper
journalist before I went to law school, and I'd even taken time off
from law school to edit my university's newspaper. I started arguing
on Flight that the media hadn't covered the story because they didn't
know about it. Or, at least, they didn't understand the issues.
Then it hit me. Why was I sitting at my terminal *talking* about
reaching the media, when what I should be doing is making sure that
the story gets publicized? With something of the same singlemindedness
I think Alvarez was talking about, I set out to see that the story of
the Steve Jackson Games raid, and of the other cases, got reported in
the mainstream press. I gathered together several postings from local
BBSs and from Usenet, and I drove down to the Austin
American-Statesman office to talk to a reporter I'd been referred to
by a friend of mine who worked on the newspaper's copy desk. I took
with me photocopies of the statutes that give the Secret Service
jurisdiction over computer crime and lots of phone numbers of
potential sources. At the same time, I called and modemed materials to
John Schwartz, a friend and former colleague who was now an editor at
Newsweek.
The story made the front page of the American-Statesman the following
weekend. And John Schwartz's story, which covered the Steve Jackson
Games incident as well as the Secret Service's involvement in a
nationwide computer-crime "dragnet," appeared in Newsweek's April 30
issue. When the latter story appeared, I realized that (in a much
smaller way, of course) I'd managed to do to the media what Markus
Hess had done to Lawrence Berkeley Labs, and what Cliff Stoll had done
to the puzzle created by Markus Hess: I'd hacked it!
And yet, really, I can't take full credit for getting the story of the
SJG raid out; if I hadn't read THE CUCKOO'S EGG, I'd never have
started a dialog with Cliff, and I'd never have begun to piece
together the significance of the wrongheaded hacker prosecutions that
we heard so much about it 1989 and 1990.
That's why it always strikes me as odd, and even offensive, when some
net.yahoo decides that Cliff's book is responsible for all the
offenses committed by law-enforcement agents in their efforts to fight
computer crime. As Cliff himself has remarked,
I've found [the book] used to justify increased security,
raids on bulletin boards, and monitoring of network traffic.
It's also used to refine legislation, to expand the Internet,
to better define what constitutes asocial behavior on the
networks.
It started out as a good story, but Cliff has seen it become the
justification for all sorts of actions, both positive and negative.
And yet Cliff, because he actually took the leap and tried to explain
to law enforcement what was going on, often gets much of the blame for
the negative results, and little of the credit for the positive ones.
This shortsighted, "kill the messenger" mentality may explain why a
few readers have gone so far as to vilify Cliff and his book, saying
things like "Cliff Stoll is just as much amoral a hacker as Markus
Hess." Even when those readers are making the criticism in good faith
(and I think many of them are simply motivated by the common American
vice of Let's Criticize the Famous), I think they're victims of a
basic confusion. True, Cliff was as *singleminded* as Markus Hess was.
(It takes a singular obsession to start wearing a beeper designed to
go off whenever a certain user logs in.) But the moral and
philosophical dimension of his actions was far different from those of
Hess, Pengo, and their associates. Although a few of them justified
their actions in political terms, for the most part the East German
hackers cracked systems in order to get money or drugs; in the book
Cliff tracks the hackers partly in order to solve what had become to
him a "scientific" problem, but also--as he begins to realize himself
in the book--in order to restore a community order that has been
violated and disrupted.
It is this same sense of a need to protect this vast, virtual
community that has led Cliff to change the way he talks about the
Cuckoo's Egg case over the last few years. I've had the privilege
several times of seeing Cliff entertain an auditorium full of rapt
listeners with the story of that tiny accounting error on the LBL
computer. Nowadays, he ends his presentation on an
uncharacteristically sober note: he reminds his audience that the need
to keep computers secure and to instill shared values in our online
communities *never* justifies the government's violation of the civil
liberties of individuals.
To me, all this casts Cliff and his book in a different light. Even
now, I can't say I necessarily approve of all the actions Cliff took
in trying to catch the East German hackers. (It is a measure of how
much the world has changed since CUCKOO'S EGG that it seems odd to
write the words "East German.") But when I reflect for a moment and
try to imagine what kind of people I'd want to share this networked
community with, it's hard to think of a person better than Cliff
Stoll--ferociously smart, passionately curious, self-doubting,
idealistic, and (to his own surprise, perhaps) deeply moral.
------------------------------
Date: 29 Jun 92 06:11:10 GMT
From: stoll@ocf.berkeley.edu (Cliff Stoll)
Subject: File 6--Hatching the Cuckoo's Egg
HATCHING THE CUCKOO'S EGG
Copyright (c) 1992 by Cliff Stoll
This version is posted to Usenet; ask me before you repost or
reprint it. Resend it across networks or archive it on
servers, but don't include in any digests, publications, or
on-line forums. Ask me first, and I'll probably say OK.
Yes, I'm active on the Usenet, often reading, seldom posting. I
keep a low profile partly because I'm busy (writing a book about
astronomy) and because I worry that my opinions are given too
much attention due to my notoriety.
You'll find my e-mail address in the front page of every copy of
Cuckoo's Egg. I read and reply to all my mail. However, because of
the huge number (about 18,000 in 3 years), I seldom write more than a
short answer. Often I get 3 weeks behind in replying to my mail.
Letters astonish me with their diversity: some say I'm a villain,
others a hero. I see myself as neither, but as an astronomer who got
mixed up in a bizarre computer mystery.
I'm now back in Berkeley/Oakland/San Francisco. I've cut down on
public speaking, mainly because it's exhausting. I'm a member of the
EFF, ACM, CSPR, BMUG, AAS, ARRL, NSS, pay all my shareware fees, and
floss nightly.
# Point of the book:
I started out by writing a technical summary in the Communications of
the ACM, 5/88. This article, "Stalking the Wily Hacker" was for
computer techies ... I wrote it in an academic style, and with more
technical detail than Cuckoo.
*** Before asking for more information ***
*** about Cuckoo's Egg, please read ***
*** Stalking the Wily Hacker ***
Throughout that article, as well as the book, I emphasized the many
mistakes I made, the difficult choices I worried about, and the need
for communities to be built upon trust.
I began writing a book about the fundamentals of computer security in
a networked environment. This was the logical expansion of my CACM
article. My friend, Guy Consolmagno, read the first 5 chapters and
said, "Nobody will read this book --it's just about computers and
bytes. Don't write about things. Write about people."
I'd never given it much thought, so I tried writing in first person.
You know, using "I" and "me". Weird ... kinda like walking around
nude. It's a lot safer hiding behind the third person passive voice.
Since I'd never written anything before, I just followed instinct.
I began weaving in different threads: a textbook, a mystery, a bit of
romance, and with my sister's suggestion, a coming of age story.
Kinda fun to jump from one subject to another.
Although I strongly object to anyone breaking into another's system, I
didn't wish to write a treatise against hackers, crackers, or phone
phreaks. Rather, I wanted to tell what happened to me and how my
opinions developed.
I wrote the book for fun, not money or fame. These have no value to
me.
# What's happened since then:
A year after Cuckoo's Egg was published, operation Sun Devil was
carried out, Steve Jackson Games was busted by the Secret Service, and
Craig Neidorff arrested. I knew nothing about these events, and was
astounded to hear of them.
The Cuckoo's Egg has been misused to justify busts of innocuous
bulletin boards, restrictive new laws, investigations into networked
activity, and who knows what kind of monitoring by big brother. It's
also been misused as a cookbook and justification by bd guys to break
into computers. I disagree with all of these. Strongly disagree.
I've repeatedly testified before congress and state legislatures: I
don't want to lose the friendly sandbox that our usenet has become.
Our civil rights -- including free speech and privacy -- must be
preserved on the electronic frontier.
At the same time, we must respect each others rights to privacy and
free speech. This means not writing viruses, breaking into another's
computer, or posting messages certain to cause flame wars. Just as
important, it means treating each other with civility, respect, and
tolerance.
# On being notorious:
This incident has been good to me in a few ways:
1) My folks are proud of me. Nothing makes me feel better.
2) I've made many friends, over networks, at meetings,
and by mail.
3) Several old friends have looked me up.
And there's a downside:
1) Alas, but the most important person in my life has left.
Deep sadness and hurt.
2) I've become a target of phone phreaks and crackers.
3) No privacy.
4) I'm stereotyped and pigeonholed.
5) Some people become jealous.
6) Several old friends have hit me up for money.
# Answers to specific questions:
1) Did Cliff violate Mitre's computers? As written in Cuckoo's Egg,
chapter 25, I logged into Mitre Washington Computer Centre and
demonstrated the insecurity of their system. Immediately afterwards,
I called Mitre and described the problem to them. Up to that point,
they (and I) didn't know where the problem was coming from. For a
week prior to touching their system, I was in contact with several
Mitre officers; we had a working arrangement to try to solve our
mutual problem. Moreover, I contacted the CEO of Mitre (James
Schlessinger) who questioned me at length and thanked me.
2) Did Cliff run off on his own? At the very start, I contacted three
attorneys: our general counsel, my local district attorney, and a
friend at the ACLU. Additionally, I asked several professors of law
at Boalt Hall and a number of law students. My boss, my lab director,
and my colleagues knew what was happening. I contacted systems
managers at Stanford, UC/Berkeley, and military sites. I did my best
to keep these people in the loop.
3) Was Cliff some kind of sheriff of the west, trampling over rights?
Uh, I never thought of myself that way. Indeed, much of the time, I
felt this was a chance to do science -- apply simple physics to a
curious phenomenon and learn about the environment around me. As much
as possible, I wished to remain invisible to the person breaking into
my computer, while prodding others to take action. As a system
manager, I did my best to monitor only the intruder, to keep him from
hurting others, and to find out why he was in our system.
4) Did Cliff track these people to support a political position? No.
5) Am I happy at the sentences meted out to the German defendants?
They received 1-2 years of probation and stiff fines. I don't take
joy in wrecking another's life -- rather, I'm sad that this entire
incident happened. I am glad that they did not end up in prison, glad
that at least one of them has said that he will never again break into
computers.
-Cliff Stoll 29 June 1992
------------------------------
End of Computer Underground Digest #4.44
************************************
Computer underground Digest Wed Sep 23, 1992 Volume 4 : Issue 45
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivist: Dan Carosone
Copy Editor: Etaion Shrdleau, Srr.
CONTENTS, #4.45 (Sep 23, 1992)
File 1--XmasCon Problems: HoHo's from HoJo's
File 2--The Background on HoJo's/Xmascon
File 3--How to Talk to the Press
File 4--CPSR Sues FBI for Wiretap Proposal Information
File 5--News Blurbs (INSLAW & CITIBANK)
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by
anonymous ftp from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au
Back issues also may be obtained from the mail server at
mailserv@batpad.lgb.ca.us
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Thu, 17 Sep 92 01:08:27 CDT
From: Jim Thomas <tk0jut2@mvs.cso.niu.edu>
Subject: File 1--XmasCon Problems: HoHo's from HoJo's
For the past few years, a conference called "XmasCon" (or HoHoCon) has
been held in Texas in December. As reported previously (CuD #4.40), it
will be held again this year from 18-21 December. For those unfamiliar
with it, XmasCon is a national meeting of curious computer
afficianados, journalists, scholars, computer professionals, and
others, who meet for three days and do what people do at other
conferences: Discuss common interests and relax.
XmasCon is approaching in a few months, so I called down to the
Houston Airport Howard Johnson's where conference arrangements
apparently had been made to check out reservations. I encountered the
most bizarre and crude interactions I have ever experienced with
reservation-making. The bottom line, it seems, is that XmasCon will
not be at HoJos this December. It will be located elsewhere. But,
we're getting ahead of the story.
My call to the HoJo receptionist began routinely. I indicated that I
would like to make reservations for a December conference. The
receptionist asked for some preliminary information, including my
name, phone number, dates, how long I would be staying, and what type
of room I wanted. I asked her what the conference rates were, and she
asked which conference I would be attending. I said, "XmasCon." Her
tone changed, and the mood dramatically shifted. She paused for a few
seconds, and said: "We don't take no reservations for XmasCon." Her
initially polite behavior (and attention to grammatical conventions)
had changed. Aha, I thought, what an odd response. So, I mustered up
the only intelligent question I could think of to a double negative:
"What?" "That conference has been cancelled," she replied.
Her response surprised me, because I had heard nothing of a
cancellation. "Cancelled?" I asked? "Yes," she repeated, "That
conference has been cancelled." I asked if she meant that the
conference had been cancelled or whether it was being held elsewhere.
She said she didn't know, and she wasn't allowed to give out any
information about it. A most unusual twist of phrase and a rather odd
turn of events, I thought. So, suspecting something was not quite
right, I thought it wise to obtain additional information. So, I
asked if I could talk to a supervisor. I was connected to "Gloria"
(who refused to provide a last name). The encounter began politely. I
gave her my name and affiliation and explained that the receptionist
had informed me that XmasCon was cancelled, but would give out no
further information. Gloria said that the receptionist was correct,
the conference was cancelled. I asked (the conversation was still
routine and polite) whether she knew if it was cancelled or simply
being held elsewhere. She said it that it would not be held at Howard
Johnsons; it was cancelled. Now, there's a rather substantial
difference between cancelling a conference and holding it elsewhere.
The conversation was still polite and routine, and I asked whether she
meant that the conference itself was cancelled or simply that the
original arrangements with HoJos were cancelled. The fit hit the shan!
"WHY DO YOU PEOPLE KEEP DOING THIS?!??" she screamed!
Uh oh. This was no longer a normal routine conversation. Either I
was dealing with a psychotic terrorist who had taken over the office,
or else something was going on that I didn't know about. I suspected
the former, so I thought tact the best approach. I asked "what people"
she thought I was, and what it was that "we people" kept doing. She
never did explain what "we people" she thought I was. I explained that
if by "we people," she meant criminology professors, we normally to
"this" to reserve a room in exchange for our money. She seemed to
care little who or what I was, and angrily explained that she was
instructed not to talk about XmasCon because "you people" had lawyers
calling. Uh, lawyers? What *is* going on, I began to wonder. So I
asked. She repeated that she couldn't talk about it. Actually, I
wasn't given the opportunity to ask much, because she talked over me
and cut me off whenever I tried to ask a question. Gloria tersely
informed me that if I wanted any information, I would have to obtain
it from the manager, James Marx, on Monday. Thank you Gloria. <click>
Having seen no reports of psychotic terrorists in the Houston area on
the news, I can only conclude that Gloria was, sadly, a representative
of HoJos. Normally, receptionists and supervisors don't freak-out on
callers, especially when no ostensible behavior triggered the assault.
In my substantial experience with conference hotels, the policy of
reputable sites when conference venue has been changed (especially by
the original hotel) is to inform an inquirer that the conference will
be held elsewhere and identify that location. If the original site
does not know the location, they so-state and suggest that the caller
inquire with the organizers. In this case, however, I was informed
that the conference was cancelled. Even though Gloria ultimately
indicated that she did not know if the conference was cancelled or
not, and finally indicated that she only knew that it would not be
held there, it took the entire conversation to obtain this nugget of
information and only after considerable verbal abuse.
Now, I'm not one to fall back on professional status. But, even though
I *politely* explained that I was a criminal justice professor at
Northern Illinois University and was simply trying to obtain routine
information, she continued to subject me to discourtesy. Not even an
"I apologize" at the end. Not even a softening. Odd. Very odd, I say
to myself. Something, however, is going on, so my next step was
calling James Marx.
I again called the airport HoJos (713-644-1261) and asked to speak to
Mr. James Marx. I was connected to his office. The call to James
Marx was less than satisfactory. The conversation began:
JM: "This is James."
JT: "Mr. Marx, my name is Jim Thomas, a criminal justice
professor at Northern Illinois University. I'm calling in regards
to XmasCon, about which I have a few questions and what I
consider a serious complaint."
JM: XmasCon will not be held here.
JT: I understand that, sir, but I have several questions and I
have a complaint about my treatment by one of your employees.
JM: What are your questions?
JT: I understand the conference was cancelled....
JM: They cancelled it.
JT: *They* cancelled it?
JM: Yes....
JT: Voluntarily?
JM: Uh, no.
JT: May I ask, sir, the circumstances of the cancellation?
JM: No, you may not.
The conversation was downhill from there. I **POLITELY** attempted
several times to inquire about the nature of the cancellation. He
indicated that he would not give me any information, and that I would
have to ask the conference organizers. Although indicating that "the
hotel decided to cancel it," he offered nothing further. He indicated
that the conference organizers did not inform him of the new site, so
HoJos could not direct callers elsewhere, and were therefore telling
callers that the conference was cancelled. I attempted to ask why they
used that choice of words, rather than indicate to callers that the
conference was not, in fact, cancelled. Why not say that it was
elsewhere and they simply didn't know where it was. I suggested that
the phrasing of the response was misleading to people like myself. He
said, "I told you. *No more questions*!"
Ok, fine. Now to voice my complaint about "Gloria." So: "I would also
like to discuss with you my complaint." "What is it?" he grumbled. I
explained that, in the middle of a routine conversation, Gloria,
without provocation, screamed at me: "Why do you people keep doing
this?" Says he, interrupting, "I told you, I'm *not* going to answer
any questions!" He threatened to hangup. Uh, Mr. Marx, I tried to
explain, I'm not asking you a question, I'm describing an event. You
just asked me a question, says he. Hmmm, this gets stranger. "Sir," I
said, realizing that the normal conventions of communication had
disintegrated, "That's not *my* question. That's the question Gloria
screamed at me! I'm not really the type to tolerate this kind of
unprovoked rudeness, and I'm simply telling you what happened. I'm a
criminal justice professional, and not used to being treated so
shabbily without provocation when discussing reservations in good
faith."
Wrong thing to say. "Sounds like you're threatening me," says he. Uh
oh. "Mr. Marx, what have I said to threaten you?" I was genuinely
surprised. "You people" (ah, that term again) "have threatened us with
law suits." Hmmm....attempting to describe the discourteous behavior
of an employee to the manager in polite, matter-of-fact discourse is
threatening a lawsuit? Did I miss something somewhere? Before I could
respond, I was cut off with: "You'll have to talk with the conference
organizers. I told you! No more questions!" But, how could the
conference organizers tell me why Mr. Marx thought I was threatening
him? Ooops---that's a question. "You'll just have to talk to them, I
told you." Still curious about why he thought I was threatening him,
it turns out that the fact that I identified myself as a criminal
justice professor was the threat. Now, it's generally my habit to
identify myself so the people at the other end know who they're
talking to. This is the first time in 13 years as a crim justice type
that anybody ever was threatened by my occupation. Why was that
threatening and how did he infer a lawsuit from my mentioning on
introduction that I was a CJ prof and a second time, during explaining
the complaint, making an off-handed reference that I was a CJ
professional who found rudeness unacceptable? Turns out, it seems,
that "you people" (another reference to "us") keep calling and
identifying "yourselves" with the legal profession and threatening
suits. In a rather nifty bit of paralogia, he explained that criminal
justice has something to do with law, right? "And you can't tell me
that it doesn't!" Uh, right. Guess he's got me there. Criminals break
the law, I study criminals, so guess that means I'm threatening a law
suit.
He then indicated that I should put whatever complaints I had about
his employees in writing and send them to the owner, Mr. Henry Woo, at
the HoJo airport address, and that he was going to terminate the
conversation. Ok, 10 minutes of weirdness is about all I can take in a
day, so it seemed best to say, "Thank you for your time" and end it.
Click.
Had I been in set: snippy mode, I could better understand the HoJo
response to me. However, I had donned my politest professional
persona. I do not know what the background is to the cancellation,
but it is clear that the hotel "decided not to have it." But I do know
that something went awry at HoJos instigation, and I do know that
neither Gloria or Mr. James Marx are people to whom I want to give my
money. I'm not sure what their problem is, but I'll sleep in my car
before I ever patronize another Howard Johnson's hotel, in Houston or
anywhere else.
If I could ask a few questions of Howard Johnson's in Houston, I would
be especially interested to learn:
1) Why did the hotel cancel arrangements after they were already made?
2) Why not have a standard and courteous reply to callers, rather than
put them through a ritual of abuse when they attempted to obtain
further information?
3) Why did Gloria "freak out" for no explicable reason?
4) What "people" am I, and what is it "we keep doing?" If they have a
thing against criminology professors, it would be useful to know for
future reference.
5) What possible rationale could justify abusive behavior to strangers
attempting routine inquiries?
6) Why could not James Marx listen to my original complaint of abusive
behavior without himself becoming abusive?
7) Why is it necessary for the hotel manager to belittle and criticize
my profession without cause or provocation?
8) What's with the Airport Howard Johnson's in Houston?
I am hoping that Mr. Henry Woo, the owner of the Airport Howard
Johnson's Lodge and the home office in Phoenix can provide some
answers.
------------------------------
Date: Tue, 22 Sep 92 01:41 CDT
From: dfx@NUCHAT.SCCSI.COM(dFx International Digest)
Subject: File 2--The Background on HoJo's/Xmascon
From--Kenneth Wood
Date--September 15, 1992
Some of you may have read about this year's HoHoCon conference in CuD
4.40. Some of you may also know that since the announcement ran in
that issue, conference details have changed under somewhat
"mysterious" circumstances. Unfortunately, not everyone knows of these
changes and they've yet to be presented in the public forum. There
seems to be a lot of people, including myself, who are eager to
receive the new conference details as well as an explanation of why
things changed so suddenly.
After talking with a few of the conference organizers and realizing
how busy they were, I asked if they needed any help and they mentioned
possibly writing something up to tell everyone what's going on and
shooting it over to CuD. Rather than have me try to remember what they
told me and put it in my own words, we agreed on transcribing a brief
phone interview.
(KW = Me)
(DF = Drunkfux)
KW: What exactly is HoHoCon?
DF: It's our big yearly anarchistic get-together where we worship the
'SpamGod' and slaughter cows in his honor. Oh, and we trade codes
too. Most of all, it's really el8. Spell that with an 8 please.
KW: Seriously now.
DF: Oh, all right. I honestly don't know really. The best way to describe
it is probably what it says in the announcement. Basically, it's a
three day gathering of people associated with what is commonly
referred to as the computer underground, the majority of which are
just people who are currently active in the "scene", whether they be
actual hackers or crackers (choose your preferred definition),
journalists, security professionals, or those who are just plain
interested.
KW: Does the conference actually last three days?
DF: Oh, no. The conference itself is held on Saturday. The rest of the
time, everyone does their own thing, although that generally is the
same thing. This is one of the few times each year when all us
compu-nerds can actually see each other face to face and sit around
and laugh at one another. Usually, the attendees break off into
groups and within time, there's a few dozen things happening at
once. Like last year, every few feet there was something different
going on. Sort of the Lollapalooza of hacking.
KW: What happens at the conference on Saturday?
DF: Everyone piles into the conference room, we say a few introductory
words, get things settled and proceed to let the speakers take over.
A general outline would be: introduction, speaker speaks then
answers questions from the audience, speaker shows any materials
he/she may have brought with him/her, including videos and the such,
speaker ends his speech, people clap, other people wake up, next
speaker gets on the mic and rocks the house. At both the beginning
and ending of the conference, journalist/editor type people pass out
reading materials and budding entrepreneurs sell everything from
t-shirts to back issues of magazines to sushi on a stick.
KW: What about Friday and Sunday? Do you have anything planned for then?
DF: Nope, not at all. That's the beauty of it. You really have to attend
one of these things to understand it. It's totally free form,
everyone does whatever they want to. It's not like your typical
stuffy, big room, security suit fest. All you have to do is be
yourself, unless you really feel like kissing someone's "booty".
KW: Does much happen during the non-conference times, like on Friday and
Sunday?
DF: Definitely. In fact, that's when people seem to have the most fun.
The conference is cool and all, no doubt, but it's more of a learning
and listening experience. You kinda have to sit there for a while.
Again, like I said before, everyone does their own thing. Some folks
sit around and talk about whatever or watch videos, others venture
off and "explore" the city and its establishments, some do actual
computing, and some try to do it all.
KW: Sounds good. Let's move on to the details of what happened with the
hotel this year. Can you tell us exactly what's been going on?
DF: No, because I don't know it all myself. I'll do my best to briefly
tell what I know. Here's the just of it -
We had been planning the conference for a while before we had even
found a hotel, which is always the hardest part. After deciding on
dates and the such, we proceeded to hunt down a conference site.
Howard Johnson's was definitely NOT our first choice. The name alone
was a turn off and we didn't know how people would take to it, but
they seemed nice and were semi-helpful as far as room pricing and
organizing went. Because not all of us have a lot of free time to fly
around and inspect hotels, we agreed to go with HoJo's mainly due to
the fact that almost every other hotel in town was booked conference
wise for that weekend. They agreed to take the conference in over
the phone and roughly 3 weeks later, a few of the conference
planners went to the hotel and were given the "grand tour" by a lady
named Shirley, who is believed to be the sales director. She showed
everyone the whole hotel, including the restaurant, bar, conference
room, pool, and the building which housed the rooms where, in her
own words, "we would be staying." Everyone agrees that she obviously
had the intention that we would be staying there. She had already
picked which building we would be in, as well as which conference
room. She also said things like, "this is where you'll be staying,"
"this is where we're gonna put you for your conference," etc.
After the tour, she brought everyone into her office and in the
people's opinion that were there, proceeded to ask some
semi-personal questions that seemed fairly unnecessary. Whether she
was being nosy or just trying to make conversation, it's not known.
Anyway, after all this chit-chat, she got back to discussing the
conference details and this is where she said things like "ok,
you'll have the conference room on Saturday from 10am until 5pm.",
and "I have you down for the one building that holds 40 rooms for
now, and if we need more later, it won't be a problem." She also
quoted room and tax rates, restaurant hours, reservation information
which included pointing out the 800 number that "you can start
giving to your people so they can make reservations", check in/out
times, and other assorted items. The last thing she said was
something close to "Well, everything is fine, I'll go ahead and
write you in here for December 18th through the 20th and we'll plan
on seeing you then." She also handed over a large stack of hotel
brochures to be distributed with advertisements for the conference.
Now, you tell me, doesn't it sound like agreed and confirmed that we
would be staying there?
KW: That's exactly what it sounds like to me.
DF: We thought so too. Everyone breathed a big sigh of relief knowing
that everything with the hotel was finally out of the way and we
could move on to the actual conference planning and advertising, as
in letting people know what the deal was. A number of people wrote
up announcements regarding the con as well as called around to let
people know the details. I put up the money to have one version of
the announcement printed out and duplicated a very large number of
times, and it was then bulk mailed out to people on a certain
collective mailing list. Oh, I mean snail mail too, not e-mail.
Chris Goggans also printed and mailed announcements, to a great
number of people. That same announcement was published in CuD and
also, somehow or other, appeared in comp.dcom.telecom. Needless to
say, by now, a lot of people knew about the conference and started
making plans to attend, which included making hotel reservations and
purchasing plane tickets.
KW: Wait. Did the hotel accept reservations for HoHoCon?
DF: Yep. More than 15 of them. Quoted them the room rate and the whole
deal and kept all their names together. One guy I spoke with
recently told me that he actually sent money to the hotel to
guarantee a room.
KW: Hell, it sounds like they must have been planning on having the
conference there. Did the guy get his money back?
DF: I don't know. He told me he had called the hotel and they said they
would send him back his money. Whether or not they did, I'm not
sure.
KW: What happened next?
DF: Well, I had ventured off to the west coast with my band for a few
weeks and upon returning, I received some beautiful news from Howard
Johnson's. It appears that there is a certain someone out there that
owns a Howard Johnson's up "north" we'll say. That someone also
happens to read CuD (or ordered an LoD t-shirt). After seeing the
announcement, he took it upon himself to fax it to the HoJo's down
here as well as call them and tell some sort of warped tale of how
everyone associated with the "computer underground" were nothing more
than raving, chaotic, unintelligent code maniacs who only lived to
destroy hotels. Unfortunately, the people down here believed this and
with the added factor of seeing "Cult Of The Dead Cow" as a
conference presenter, decided to breach their oral contract and
inform us that we could not stay at their hotel.
KW: Just like that?
DF: You got it.
KW: Do you know who the person was that faxed them the announcement?
DF: Yes, for the most part.
KW: Can I ask who it was?
DF: No. Not yet at least.
KW: How did you find out who it was?
DF: Let's just say some people don't cover their tracks too well. The
HoJo's employees down here are no wizards at keeping private things
private either. I found that out when they started giving our
studio's office number out to people who were trying to make HoHoCon
reservations after they decided to pull the plug.
KW: That's unbelievable. Those people really don't have their act
together, do they? Did you tell them to stop?
DF: We tried. After receiving about eight calls from different people all
telling us they got our name and number from HoJo's, I called them up
to politely ask them to stop and got nowhere. The lady I spoke with
was just some idiotic uneducated receptionist who kept telling me,
"Nobody's here, I don't know what to do! Can you call back?" So, the
next day, our attorney called and tried to explain the situation in a
very legal manner. The receptionist obviously freaked out and
transferred the call over to a lady named Gloria, who we thought must
have been the manager on duty or something close. Why else would they
transfer the call to her? Anyway.. Gloria was nothing less than a
unprofessional rude joke. After our attorney started explaining the
situation and asking that something be done to insure it didn't
continue to happen, she just started spewing out senseless sentences
that all basically said the same thing - I'm old and stupid and don't
want to take responsibility for any of this, call back tomorrow and
talk to someone else. We were recording the conversation and our
attorney told her and proceeded to try to say things for the record
and Gloria, who must have been smarter than she sounded, would
constantly say things really loud making it near impossible to get
things he needed to on tape. He would ask her to stay quiet for 5
seconds so he could ask us questions, and she'd say ok, and two
seconds later start belching out, "You'll have to call back tomorrow
and talk with somebody else besides me." It was kinda funny because
it really pissed off the attorney. So much so that I doubt he'll
forget about it for a long time.
KW: Did they stop giving out your information?
DF: Yeah, it looks that way. But now they tell people the conference has
been canceled, which is nothing more than a lie.
KW: Has anything else happened with the hotel?
DF: Yeah, but too much to get into and nothing extremely important to
anybody else. At this point, we're just trying to get everything
worked out with the new location.
KW: Which is?
DF: Well, I can't say as of yet because we haven't received the written
confirmation. As soon as we do, we'll release all the new
information.
KW: So the conference hasn't been cancelled?
DF: Definitely not. It'll be happening in Houston on December 18th
through the 20th no matter what. Even if we have to hold it at the
Squeaky Springs motel, it'll happen.
KW: Will the new hotel be near the old one?
DF: If we go with the one we're counting on, then no. Here's where some
of the changes come up. Some good, most bad.
First, one of the good things, if we get this hotel, it'll be a hell
of a lot nicer than HoBlo's. It is not located next to an airport,
but there is shuttle transportation to and from both airports, which
is good in case people have to fly in to Intercontinental.
Unfortunately, the shuttle isn't free, but we're trying to get
something worked out. The room rates are also going to be a bit
higher, around $49.
KW: Is everything going ok with the planning?
DF: I guess so. It's just been a bitch and a half to find a new hotel and
get all the details worked out. Plus, one of the main problems now is
the money thing. One of the downfalls for us is the fact that the
conference room rental at the new hotel is quite a bit more than it
was at BloJo's and I'm the one who gets to prepay it. So, we've been
discussing asking for small monetary contributions, like under five
bucks, at the conference door. But that's not something I really want
to do. We'll have to see what happens. That's not the only cost
related to this whole deal either, far from it. Last year, between
Judge Dredd of NIA and myself, we managed to rack up some nice phone
and postage bills getting the information out to people, which
included faxing the announcement out to the media and mailing hotel
brochures to those who asked for them.
The other problem is keeping in touch with people. The address that
people have been corresponding with - dfx@nuchat.sccsi.com - the one
that appeared in the announcements may not make it past September 30
because the site is fixing to start charging at a rate that would
make it quite hard to afford with the amount of time we have to spend
online. Hopefully, at the worst, we can get the admins to keep the
account active with a mail forward and not have to shell out mongo
dollars to do so. One of the things we could use now is a new account
somewhere else where we don't have to worry about how long we take to
reply to someone's mail when they're asking for information. I guess
the account would have to be in Houston also. I'm sure we'll figure
out a way to get the announcements and updates out to people even if
something doesn't turn up.
Luckily, we do have a slug-mail address that people can write to -
Fennec Information Systems
Attn: HoHoCon/dFx
11504 Hughes Road
Suite 131
Houston, Texas
77089
The only other thing I can think of that we would need as far as
communications go, is some fresh virgin codes. Just kidding. We could
use a vmb of some sort, and not one that was hacked out and will die
2 weeks down the line. Something that will stay up until the
conference happens so that people can just call and get all the
updated information. It's a long shot, but if someone is willing to
donate one, we're willing to accept one.
KW: Do you have anything lined up for the conference yet?
DF: You mean along the lines of speakers?
KW: Speakers or activities. Whatever you have planned.
DF: Yeah, we've got a few speakers lined up so far. We'll announce them a
little later on when they give a definite attendance confirmation. As
far as activities go, I don't really know of anything yet but I'm
sure there'll be some video viewing happening at some point.
KW: Are you expecting a lot of people to show up?
DF: At first, I didn't really know what to expect. I honestly didn't
think as many people were going to show as last year, just because so
many of them did. That was a total surprise. But after the response
we've received, it looks as if there'll be even more this year. I
think the word getting out early and the stories still lingering from
last year as well as the support from people like CuD has helped a
great deal.
KW: I can't think of too much more. Is there anything else you think
people should know or that you wanted to say?
DF: Not really. This is dragging on a bit anyway. Boycott Howard
Johnson's as well as it's manager, James Marx, and owner, Henry Woo.
The conference is still happening, December 18, 19, and 20. See CuD
4.40 for details, excluding location. Come to the conference,
everyone's gonna be there. It'll be swell. Eat spam. Code it up. Call
d.r.u. Don't count your chips before they're all cashed in. Traxster
for president. Donate to the cause. Eighteen on the fairway and when
the dog is gone, the cat will play. Monday, Tuesday, Happy Days...
KW: Ok, ok. I think that's enough.
DF: Use the force jedi master. Yeah Ocean. New lime flavor...
KW: Alright, end of discussion. I'm hanging up now.
------------------------------
Date: Thu, 17 Sep 92 19:30:08 EDT
From: Mike Godwin <mnemonic@EFF.ORG>
Subject: File 3--How to Talk to the Press
((It was rumored that, immediately after his appearance on
an NBC news show, that John (Cap'n Crunch) Draper was
released from his job for reasons of fiscal expediency.
Whether true or not, this seems like a good time to reprint
Mike Godwin's advice on "How to Talk to the Press" for those
who are in the rolodexes of media folk)).
This is a file I posted to an Austin BBS back when I gave the SJG
story to the local papers.
104: Talking to Media, part 1
By: Johnny Mnemonic [54]
Date: 11:07 3/18/90
As I've promised on another message base, here's the beginning of
discussion of how to bring stories to the media.
Since I keep thinking of different things people ought to know about
how to take a story to the media, I'm going to make this a multi-post
discussion.
1) TRY TO THINK LIKE THE REPORTER YOU'RE TALKING TO.
One of the things that happens when people know about an event or
series of events that may make a good news story is that they assume
the importance of the story will be obvious to anyone.
Sometimes this is true (when the tipster knows about a murder, for
example). Often it's not.
So, when I tell a reporter about a story I think she should want to
cover, I make sure to stress the aspects of the story that are likely
to interest that reporter and/or the readers of her publication. For
example, when I spoke to Kyle Pope about the Illuminati seizure, I
stressed the following:
a) Steve Jackson Games is an Austin business that may end up being
damaged by the seizure.
b) Nobody has given this story anything like major coverage in the
national media, or (so far as I knew) in other geographic areas. (I
was telling him he had a major "scoop" opportunity.)
c) There are some very dramatic aspects to this story. (I told him
about the 20-year-old LoD member who woke up on the morning of March 1
with a gun pointed at him by a Secret Service agent.)
2) IF YOU'RE GOING TO MEET THE REPORTER IN PERSON, TRY TO BRING
SOMETHING ON PAPER.
There are lots of good reasons to follow this rule:
a) Believe it or not, but people take stuff on paper a little more
seriously than the spoken word. It's nice to give the reporter
something that lends substance to what you're saying, even if the
substance is printouts from your own computer.
b) It makes life easier for the reporter, who doesn't have to write
down every single thing you tell her. Reporters like to have materials
they can use for reference as they research and write their stories.
c) It helps you remember to say everything you want to say. Nothing is
more frustrating than trying to get a reporter interested in your
story, getting inconclusive results, and then realizing later that you
should have told the reporter about something. (E.g., "Damn! I forgot
to tell him what 'cyberpunk' means, so he won't know how the federal
agents misinterpreted the manual.")
When I went to the Statesman, I took edited printouts of discussions
from Flight, from SMOF, and from comp.dcom.telecom on Usenet. I also
took some private Email I had received, with the names of the senders
deleted. And I took my copy of the WHOLE EARTH REVIEW with the article
on Usenet. My object was to convey to him the scale of concern about
the seizures, plus give him enough background to be able to ask
reasonably informed questions of the people he talked to.
3) GIVE THE REPORTER OTHER PEOPLE TO TALK TO, IF POSSIBLE.
Two basic justifications for this rule: First, it'll help your
credibility (especially if you don't already know the reporter
personally). Second, multiple sources or witnesses usually enable the
reporter to filter out what is mere opinion or speculation from what
everybody actually knows for a fact.
4) DON'T ASSUME THAT THE REPORTER WILL COVER THE STORY THE WAY YOU'D
LIKE HER TO.
Reporters' accuracy and focus in a story are constrained by several
factors:
a) The amount of available time. Reporters have to be quick studies,
and often have to assimilate a complex story in a hurry. This
necessarily increases the risk of inaccuracy in a story, and gives you
an even greater reason to follow Rules 1 through 3.
2) The reporters' obligation to be fair. This means they have to talk
to people on the other side of the issues from you. This in turn means
that you're unlikely to get a story that represents or promotes your
point of view at the expense of those who oppose you.
<More on this topic as I think of things. Please feel free to comment.>
------------------------------
Date: Fri, 18 Sep 1992 10:41:55 EDT
From: Dave Banisar <banisar@WASHOFC.CPSR.ORG>
Subject: File 4--CPSR Sues FBI for Wiretap Proposal Information
CPSR Sues FBI For Information About Wiretap Proposal:
Seeks Reasons for New Plan
PRESS RELEASE
WASHINGTON, DC
September 17, 1992
4:30 pm
Contact:
Marc Rotenberg, CPSR Director (202/544-9240)
rotenberg@washofc.cpsr.org
David Sobel, CPSR Legal Counsel (202/544-9240)
sobel@washofc.cpsr.org
Washington, DC - Computer Professional for Social Responsibility
filed suit today against the FBI for information about a new wiretap
proposal. The proposal would expand FBI wiretap power and give the
Bureau authority to set technical standards for the computer and
communications industry.
The suit was filed after the FBI failed to make the information
public. In April, CPSR requested documents from the Bureau about the
reasons for the proposal. The FBI denied that any information existed.
But when CPSR pursued the matter with the Department of Justice, the
Bureau conceded that it had the information. Now CPSR is trying to
force the Bureau to disclose the
records.
The proposal expands the FBI's ability to intercept communications.
It would mandate that every communication system in the United States
have a built-in "remote monitoring" capability to make wiretap easier.
The proposal covers all communication equipment from office phone
systems to advanced computer networks. Companies that do not comply
face fines of $10,000 per day.
The proposal is opposed by leading phone companies and computer
manufacturers, including AT&T, IBM, and Digital Equipment Corporation.
Many charge that the FBI has not been adequately forthcoming about the
need for the legislation.
According to CPSR Washington Office director Marc Rotenberg, "A full
disclosure of the reasons for this proposal is necessary. The FBI
simply cannot put forward such a sweeping recommendation, keep
important documents secret, and expect the public to sign off."
In a related effort, a 1989 CPSR FOIA suit uncovered evidence that
the FBI established procedures to monitor computer bulletin boards in
1982.
CPSR is a national membership organization of computer professionals
with over 2,500 members based in Palo Alto, California with offices in
Washington, DC and Cambridge, Massachusetts and chapters in over a
dozen metropolitan areas across the nation. For membership
information, please contact CPSR, P.O. Box 717, Palo Alto, CA 94303,
(415) 322-3778, cpsr@csli.stanford.edu.
------------------------------
Date: 17 Sep 92 19:48:32 EDT
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 5--News Blurbs (INSLAW & CITIBANK)
As reported in Information Week 9/14/92 pg 8
INSLAW:
The House Judiciary Committee is still looking into whether the
Justice Department stole and illegally copied a database management
program from Inslaw. Last week 20 Democrats on the committee asked
the US Attorney General thirty days to appoint a special prosecutor or
explain why one isn't needed.
CITIBANK:
A New Zealand computer dealer, Paul White, tried to extort over
$90,000 dollars from Citibank by threatening to release confidential
files stored on 88 floppy disks. White had obtained the disks after
purchasing some used computer equipment that Citibank had sold to a
clearinghouse. Citibank obtained a court order against that release
of the data, and police seized 86 of the disks. White turned over the
other two disks as part of a nearly $30,000 settlement. The day after
turning over the remaining disks White died in a traffic accident.
News stories about the case indicated that the disks contained
incriminating information on Citibank customers, but Citibank claims
is was merely outdated administrative data.
------------------------------
End of Computer Underground Digest #4.45
************************************
Computer underground Digest Sun Sep 26, 1992 Volume 4 : Issue 46
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivist: Dan Carosone
Copy Editor: Etaion Shrdleau, Srr.
CONTENTS, #4.46 (Sep 26, 1992)
File 1--J Davis response on Piracy
File 2--Response to Davis/Piracy (1)
File 3--Response to Davis/Piracy (2)
File 4--Studying Rights and Cyberspace
File 5--EFF Analysis of FBI Digital Telephony (wiretap) proposal
File 6--Cap't Crunch Discusses Sneakers With Newsbytes
File 7--GATEWAY/WINDO ALERT
File 8--Model Letter in re S. 2813 / HR 2772
File 9--Police files conference
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by
anonymous ftp from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au
Back issues also may be obtained from the mail server at
mailserv@batpad.lgb.ca.us
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Sun, 20 Sep 1992 17:27:16 -0700
From: James I. Davis <jdav@WELL.SF.CA.US>
Subject: File 1--J Davis response on Piracy
Regarding Robert Woodhead's and Wes Morgan's response (in CUD 4.42) to
my earlier posting about software piracy and property rights, there
are a few points to which I would like to respond. (As a disclaimer,
I am not trying to defend the right to bootleg software, that is, to
duplicate and _resell_ software. The discussion below deals with the
unauthorized duplication and sharing of software, where no money
changes hands.)
One common defense raised for intellectual property rights, and
against the unauthorized sharing of software, is that it injures the
creator by robbing him or her of some deserved reward. And on a
related note, the creator is entitled to compensation, and
intellectual property rights are required to guarantee that. [Mr.
Woodhead writes "[by unauthorized copying of software] you are showing
a lack of respect for the creative efforts of other people." Mr.
Morgan writes "If I pour 4 years of my life into the development of
Snarkleflex, I DESERVE to profit from it." Denise Caruso (now editor
of _Digital Media_) wrote a hilarious description a couple of years
ago in an _SF Examiner_ column: "Why would some genius programmer,
slaving away in a dark den redolent of cheese puffs and body odor, be
willing to work for years on a revolutionary new software design if he
or she didn't have any guarantee of being able to make money doing
it?"]
There are several fallacies in this argument.
First, the reality of software production in the late 20th century is
much different than this image. Most software production is NOT a
cottage industry. The industry has quickly matured in the past few
years into a typical monopolized industry. Most patent filings are by
corporations. Most software is not purchased from the individuals who
create the software, it is purchased from companies who have required
their engineers to sign away any rights to whatever they come up with,
AS A CONDITION OF EMPLOYMENT. So IN MOST CASES, the creator has been
separated from the results of his or her creativity. But the image of
the sole-proprietor hacker is raised up as a shield by the software
industry -- the public can take pity on the "defenseless" hacker;
people don't take pity on a Microsoft or an IBM. After invoking the
"harm to the individual" argument, Mr. Woodward later says the
distinction between creator and financier doesn't matter -- the
software sharer is showing disrespect for the person who put up the
cash. ("They risked the money, they deserve the rewards.") Here we get
to the heart of the matter -- we're really talking about the "rights"
of software corporations here; not the hacker, not the consumer, and
not society.
Nowhere do I argue that the people who write software should not be
compensated for their effort. Of course people should be compensated!
The question is how, and how much. Paycheck dollars from a
corporation, a university, a cooperative or the government all spend
equally as well. But the social benefits from the programmer's efforts
are constrained by forcing them through the legal contortions of
intellectual property rights and private ownership. The model that we
have been using is private speculation for private gain, made possible
via exclusive monopolies granted by the government, enforced by law. I
am saying that other successful models exist and have generated useful
products. The subtext in the "I deserve a reward" argument is that
someone who comes up with a really useful idea should get a special
reward. Fine. I have no problem with public recognition of significant
contribution, even including a cash award. Again, this doesn't
_require_ intellectual property rights.
Third, to repeat my original point, property rights are NOT required
to ensure creative activity. Switzerland didn't have a patent system
until 1907, and the Dutch abandoned a patent system from 1869 until
1912. George Barsalla, in _The Evolution of Technology_, argues that
this did not retard their economic development or their
"inventiveness." Both countries eventually adopted patent laws because
of pressure from other industrial nations. Mr. Morgan says that
"*companies* create for financial gain" (which I certainly agree
with), but puts this forward as if the protection of *their* financial
gain somehow justifies the rest of us having to suffer under
intellectual property rights. Corporations are not necessary for the
generation of the software we need.
Harlan Cleveland, former diplomat and dean of the University of MN's
HHHumphrey Institute of Public Affairs (I mean, he's a mainstream
guy), wrote in an essay that appears in _Information Technologies and
Social Transformation_ (published by the National Academy of
Engineering): "Is the doctrine that information is owned by its
originator (or compiler) necessary to make sure that Americans remain
intellectually creative?" He answers in the negative, citing the
healthy public sector R&D efforts in space exploration, environmental
protection, weather forecasting and the control of infectious diseases
as counter examples. He concludes the section with a warning. "The
notion of information-as-property is built deep into our laws, our
economy, and our political psyche... But we had better continue to
develop our own ways, compatible with our own traditions, of rewarding
intellectual labor without depending on laws and prohibitions that are
disintegrating fast -- as the Volstead Act did in our earlier effort
to enforce an unenforceable Prohibition."
Fourth, the notion of a solitary inventor is a popular falsehood. No
one creates in a vacuum. The programmer's skills and creativity rest
upon past inventions and discoveries; publicly supported education;
the other people who produced the hardware, the manuals and textbooks
and the development tools; as well as the artists and accompanying
infrastructure who may have inspired or influenced the programmer. In
this sense, the developer's product is a social product, and
consequently should redound to the benefit of all of society. The
practical problem of compensation for effort and reward for
outstanding achievement can be addressed outside of "intellectual
property rights."
Mr. Woodhead dismisses my position as "welfare for hackers." This is a
rather cheap shot. First, there is nothing wrong with welfare. But Mr.
Woodhead means "welfare for hackers" in a pejorative sense (he adds
that he is being heavily sarcastic). No self-respecting hacker, Mr.
Woodhead suggests, would accept something from the public or the
government. "Any hacker worthy of the name would spurn it." What about
every programmer who works for the government, obtains funding from
the government (including the defense industry), all programmers who
go through school and college (they're subsidized by the taxpayer),
and all programmers who work in universities? Who's left? The public
is already heavily involved in software production, but as is too
often the case, the public finances something, and then turns it over
to private corporations to reap all of the profits from it.
The "welfare" charge also carries a divisive edge to it, implying that
hackers should sneer at welfare. This is a self-defeating position for
the programming community. There has been a mythology that programmers
are a privileged lot, and immune from the vagaries of the overall
economy. Sleeper, awake! All programmers should read the first chapter
of Edward Yourdon's new book, _The Decline and Fall of the American
Programmer_. He rings an alarm bell that big changes are underfoot in
software production. As a current snapshot of the industry, here are
some stats which I submitted to the current CPSR/Berkeley newsletter
(available in its entirety from the CPSR listserver,
listserv@gwuvm.gwu.edu): "40,000 jobs were lost in the electronics
industry in the first quarter of this year (compared to 90,000 in all
of 1991), including 9,100 jobs at computer component makers. For the
first time since the American Electronics Association started
reporting software industry figures, software job growth was flat, at
133,400 workers. Wang goes into Chapter 11, with 5,000 workers to be
laid off over the next 30 days... Besides Wang, Digital Equipment cut
20,000 jobs over the past two years, and will cut another 15,000 this
year; Data General now has 7,100 workers, down from a high of 17,000.
Even computer services employment has been dropping, down 7.3% from
its peak at the end of 1989. IBM now will probably cut 12,000
additional workers this year, on top of the 20,000 previously
announced. (But profits are up at IBM!). Software maker Aldus is
laying off 100 workers, the Disney Park Design Unit is laying off 400
imagineers..." (And I've submitted similar figures for the previous
two quarterly newsletters as well.) The defense industry is expected
to fire 1.2 _million_ people over the next four years, many of them
highly skilled engineers. Programmers do get laid off. I know from
personal experience. I was glad that there was unemployment insurance.
No programmer should be so complacent as to say "it can't happen to
me." So be glad that there is a safety net there, and keep it strong.
Re: my point that intellectual property rights prevent intellectual
effort, including software development, from maximizing its social
benefit: If a copy of Lotus 1-2-3 does have use for people, and people
are prevented from using it (e.g., because of the price barrier), then
its potential benefit is constricted. (For an interesting discussion
of this see Natalie Dandekar, "Moral Issues Involved in Protecting
Software as Intellectual Property," _DIAC-90 Proceedings_, CPSR, Palo
Alto, CA, 1990.)
Mr. Woodhead claims that other users are hurt by the unauthorized
sharing of software, because they end up paying more for the software.
He is too charitable to the software companies. There is no reason to
believe that, in the absence of unauthorized duplication, software
prices would be reduced. The prime directive of capitalism is maximum
profit. That is what pushes the price upwards. He imagines that there
is a point at which the capitalist ("free-marketeer") is satiated and
retires from the feeding frenzy out there in the market. Maybe on
Mars. The capitalist can't say, I've made enough moolah, because he
knows that others are also grabbing for the goods, and whoever gets
the most wins, and drives the competition from the marketplace. His
claim that the purported $24 billion in lost revenue would have been
returned to the customer if the "pirates" didn't exist is absurd. What
does come out of the pockets of consumers is the cost of financing
legal battles between an Intel vs. AMD, or Apple vs. Microsoft, or
Ashton-Tate (RIP) vs. Fox, over who exactly does own a design or an
interface or a language (!).
Mr. Woodhead says that no companies specialize in educational
software. If this in fact is the case, then this only reinforces the
argument for the necessity of some sort of social or public or
community (or whatever you want to call it) funding of educational
software development. Just because there is no "market" for quality
educational software does not in any way mean that there is no _need_
for it. Woodhead blames the schools for sabotaging the educational
market by unauthorized duplication -- this, I would suspect, is more
the result of teachers trying to fulfill their professional commitment
of educating children, in the face of deep cuts in education spending
and the reluctance (or refusal) of vendors to negotiate affordable
site licenses. (See e.g., the 9/92 issue of _MacWorld_ for more on
this).
A similar argument _against_ the market, and _for_ public
participation in these matters is powerfully articulated in the work
of Prof. Herbert Schiller (most recently in _Culture, Inc.: The
Corporate Takeover of Public Expression_; for a briefer discussion see
his article "Public Information Goes Corporate" which appeared in the
October 1, 1991 issue of _Library Journal_). He quotes ( in _Culture,
Inc._) a 1986 interview with the then president of database vendor
DIALOG that appeared in _Information Today_: "We can't afford an
investment in databases that are not going to earn their keep and pay
back their development costs." When asked what areas were not paying
their development costs, he answered, "Humanities." The tag line above
the _LJ_ article says "a society is emerging in which only data with a
commercial value will be collected." One can extend this to software
-- only software with a commercial value will be commercially
produced. Marginal markets will be ignored.
Re: Mr. Morgan's notion of more aggressively extending patents to
software: it's already taking place. I think this topic has been
addressed thoroughly by the League for Programming Freedom in their
"Against Software Patents" paper (available from
league@prep.ai.mit.edu. The interested reader should also look at
their "Against User Interface Copyright" paper). 17 years (typical for
patents) is an eternity in the evolution of software (as is 10 or 20
years, as suggested by Mr. Morgan). As a sidenote, even the SPA has
opposed software patents.
Re: fair use -- the point I was trying to make is that the concept of
"fair use" has EVOLVED and EXPANDED with increasing ability to easily
duplicate various media. "Taping of television programs for personal
use appears to have become accepted as fair use of copyright material.
This is not in accord with the historical interpretation of fair use,
since the programs are taped in their entirety. The use of the
doctrine in the past has usually been restricted to copying portions
of the work [for purposes of criticism, comment, research, etc.]. The
rationale of the court must have been the unlikely efficacy of trying
to put Pandora back into the box and the fact that no commercial use
of the tapes was either alleged or documented." (Anne Branscomb,
"Property Rights in Information", in _Information Technologies and
Social Transformation_). The point is that legal constructs like "fair
use" are not brought to us by Moses -- they are determined by the
balance of social forces through legal, political, economic and other
forms of struggle. And therefore they are something which we can
affect.
If the persistent reader has made it this far, allow me to conclude
with a quote from an interview with Bruce Sterling that appeared in
the Summer, 91 issue of the excellent and highly recommended print
publication _Intertek_ ($8/year, check payable to Steve Steinberg, 325
Ellwood Beach, #3, Goleta, CA 93117; steve@cs.ucsb.edu): "I think that
trying to commodify information -- trying to make it like buying a
chair from Sears -- is just deeply misguided... It looks good on paper
but as you go on year after year, trying to make it a reality, you
find it just doesn't work. There are just too many people, like
myself, who have very little respect for the idea of intellectual
property. I don't pirate software, not because I believe that
intellectual stuff is property, but just because I'm law-abiding.
Information does want to be free -- it doesn't want to be $5 a baud.
There's something stupid about that... I think we'll see a lot more
commodification before we see less. But the idea of information as a
commodity is just wrong. I mean, people say, 'if you could go into
Sears and steal chairs they wouldn't stay in business.' Well if you
had a device that could make infinite chairs for free, Sears would
never have come into existence."
Computer: Earl Grey tea. Hot.
------------------------------
Date: 15 Sep 92 14:27:40 CDT (Tue)
From: peter@FICC.FERRANTI.COM(Peter da Silva)
Subject: File 2--Response to Davis/Piracy (1)
Re: Wes Morgan's article in CuD #4.43
I largely agree with most of his arguments, but I would like to point
out one mistake... he says:
"The whole concept of copyrights ... is based on the notion
that the creator ... is entitled to some compensation for his
effort"
This is just not true. The whole concept of copyrights and patents in
the United States is based on the notion that by making intellectual
property a salable commodity subject to market forces, more and better
intellectual property will be created and it will be distributed more
freely.
And, you know what, it works. There's no better refutation, nor need
there be a better refutation, of the argument that piracy promotes
openness. It doesn't. It promotes encrypted software, dongles, and
trade secrets. It discourages publication. It reduces the incentive to
create viable products of commercial quality. These are not the result
of intellectual property laws, they're the result of the failure to
enforce intellectual property laws.
------------------------------
Date: 21 Sep 1992 08:45:30 -0800
From: "Michael Stack" <stack@STARNINE.COM>
Subject: File 3--Response to Davis/Piracy (2)
The two responses (CuD 4.43) to James I. Davis's provocative article
--"Software Piracy - The Social Context" (CuD 4..42) -- both make the
common fault of equating whats good for business with that which is
good for society as a whole. They both seem to view copyright and
patents as a system guaranteeing a right to profit overlooking the
original constitutional intent to "promote the progress of Science and
the useful Arts."
Mr. Davis has difficulty with the way property rights are applied with
regard to software and information in general (as do I or I wouldn't
be writing this), yet both respondents base significant portions of
their counter-arguments upon the very object under contention. They
use terms like "stealing" and that software/information is "property"
etc. To be able to accuse someone of stealing or to claim something
as property (and to subsequently grant licenses on how this property
is to be used) implies there exists rights of ownership in the first
place. The crux of Mr. Davis's article questions this right. The
respondents by-pass this altogether. Their articles are but
explanations of the existing order in case we didn't already
understand.
Neither mentions the recent alarming developments in the application
of copyright and patent particularly to software (see the literature
of the League for Programming Freedom or the recent Barrons "Software
Patents Block the Path of Computing Progress" article) which threatens
all software written outside the cubicles of major software
corporations. The fact that "alls not well in the state of Denmark"
in itself punches large holes in the system the two respondents
defend.
Both belittle the spectre of "police state" raised by Mr. Davis.
Amazingly, this is done within the pages of a publication which has
spotlighted many instances of "police-state" behavior: doors
kicked-in in the early hours of morning, guns drawn, threats,
equipment confiscated (permanently?), "guilty till proved innocent,"
etc.
Some specifics on Mr. Morgan's piece:
--On the one hand you argue "If I pour 4 years of my life into the
development of SnarkleFlex, I DESERVE to profit from it" but then you
append a caveat which undoes this assertion "(assuming that people
want to purchase/use it)." Doesn't this condition make your
capitalized assertion self-destruct? Do you deserve to be rewarded
for your work, yes or no, or is it to be let dependent on market
caprice?
--You ask "Would you make a copy of Webster's Dictionary and give it
to a friend?" and you sport(!) "Xerox(tm)[ing] your entire printed
library for me..." "...would be just fine, right?" Yes, it would --
if the library and dictionary were in a readily distributable form and
the copy cost me near nothing i.e. in digital form. I'd be happy to
give you a copy. I could give it to anyone. As to how I'd have a
library in the first place we can discuss (perhaps outside of this
forum).
Michael Goldhaber in his book Reinventing Technology states "Since new
information technology includes easy ways of reproducing information,
the existence of these [intellectual property] laws effectively
curtail the widest possible spread of this new form of wealth."
------------------------------
Date: Thu, 24 Sep 92 21:55:28 EDT
From: woj <@netmgr.cso.niu.edu:REWOICC@ERENJ.BitNet>
Subject: File 4--Studying Rights and Cyberspace
The following article is transcribed from "Clarkson Closeup", a
magazine sent to alumni and such. I thought that CuD might be
interested in the subject matter (and perhaps the EFF might be as
well). I'm fairly certain that Prof. Ross is reachable via the net.
No byline is given.
((MODERATORS' COMMENT: Professor Ross may be reached at:
SROSS@CRAFT.CAMP.CLARKSON.EDU).
+++++
"Studying Rights and Cyberspace"
Susan M. Ross, assistant professor of Technical Communications, has
been awarded a $3,600 grant from the Canadian Embassy to study the
Canadian Charter of Rights and Freedoms and the U.S. Bill of Rights
with respect to computer-mediated communication. Her research
involves the study of cyberspace -- the "virtual" or imaginary space
within which computer data is stored.
Cyberspace can be entered though any computer connected in a network,
or via a modem. Within networks, "communities" are formed through the
ex-change of data and information.
Ross is analyzing the human rights issues within these cyberspace
communities to help define the rights of users connected to networks.
Her research also assesses the differences in legal structure,
regarding electronic communication, between the United States and
Canada. Currently, she is looking at specific legal issues which have
entered litigation.
Last year, for example, a network called CompuServe experienced
problems with obscene material posted by users. Courts ruled the
network was not responsible for postings by a private user.
Concerns have also arisen in both nations over guaranteeing "equal
justice" to those accused of committing computer-assisted crimes and
those accused of crimes in which computer technology in not involved.
Differences in the wording of the constitutions could affect the
pursuit of "equal justice." For example, the U.S. Constitution does
not explicitly extend constitutional protections (e.g. First Amendment
and Fourth Amendment rights) to citizens who employ or are affected by
technologies that its framers could not anticipate. In contrast,
Canada does guarantee, "freedom of thought, belief, opinion and
expression, including freedom of the press and other media of
communication."
The research has applications for the Free Trade Agreement with
respect to computer information exchange across the border. It also
covers the evolution of constitutional civil rights for citizens who
enter cyberspace from the U.S. and Canada.
Ross received a bachelor of arts degree from Middlebury College,
master's degrees from Dartmouth University and the University of
Vermont, and her doctorate from Renssalaer Polytechnic Institute.
++++++++++
I'd be interested in hearing more about this CompuServe case if anyone
has any information on it - I seem to have missed it completely.
Also, I think that Prof. Ross should be made aware of CuD, EFF and the
telecom-privacy digest as I'm sure that she could find some
interesting material there (and possibly save her some work.)
Just another Clarkson alum...
Reply to: Rob Woiccak - rewoicc@erenj.bitnet
------------------------------
Date: Thu, 17 Sep 1992 19:15:01 -0400
From: Christopher Davis <ckd@EFF.ORG>
Subject: File 5--EFF analysis of FBI Digital Telephony (wiretap) proposal
+=========+=================================================+===========+
| F.Y.I. |Newsnote from the Electronic Frontier Foundation |Sep 17,1992|
+=========+=================================================+===========+
JOINT INDUSTRY/PUBLIC INTEREST COALITION RELEASES WHITE PAPER OPPOSING
FBI DIGITAL TELEPHONY LEGISLATION
WASHINGTON, D.C. -- The Electronic Frontier Foundation (EFF), on
behalf of a coalition of industry, trade associations, computer users,
and privacy and consumer representatives, today released a white paper
entitled, "Analysis of the FBI Proposal Regarding Digital Telephony."
The FBI has proposed legislation which would require that all
telecommunications equipment be designed to allow law enforcement
monitoring and is seeking passage in the last few weeks of this
congress. The organizations that signed the paper believe that the
proposal would cost consumers millions of dollars, damage U.S.
competitiveness in the telecommunications marketplace, threaten
national security interests, and deny American consumers and American
businesses of much-wanted security and privacy on voice and data
communications.
"Basically, the FBI's legislative proposal is premature. We hope that
the white paper demonstrates that there are too many potential dangers
inherent in the legislative proposal and that there are other means of
addressing this situation," said Jerry Berman, Executive Director of
the Washington office of the Electronic Frontier Foundation.
Over the past decade a host of new digital communication technologies
have been introduced and more are being developed. New telephone
services, such as call-forwarding and last number re-dial, are now
being offered. The FBI is concerned about the impact these services
-- and other digital communications techniques -- will have on its
ability to wiretap. In the future, the vast majority of computer
communications will also use this technology to transfer information
and documents.
Signatories included major telecommunications equipment manufacturers,
such as AT&T; computer manufacturers, such as IBM and Digital
Equipment Corporation; software producers, such as Microsoft and
Lotus; network providers, such as Prodigy and Advanced Network and
Services, Inc.; trade associations in the telecommunications, computer
and electronic mail businesses; and public interest groups, such as
the Electronic Frontier Foundation and the ACLU. The Electronic
Frontier Foundation, a group of 955 members of the computer community,
has been coordinating an industry/public interest working group on
digital telephony.
The working group has met with the FBI over a number of months in an
effort to work out mutually-agreeable solutions to the challenge that
the development of new communications technologies poses to the FBI.
David Johnson, a partner at Wilmer, Cutler & Pickering, drafted the
white paper for the working group and serves as its legal advisor.
"We have made significant progress and both sides better understand
the other's needs and concerns. The bottom line, however, is that
those who signed the paper do not see broad-based legislation as the
right approach to this challenge. We have worked with the FBI to
develop practical, technical solutions to the problems they are
anticipating and intend to continue to do so," said John Podesta, of
Podesta Associates, Inc., who coordinates the working group on behalf
of EFF.
# # #
For a copy of the white paper, please call +1 202 544-6906, or use
anonymous ftp to ftp.eff.org, file pub/EFF/legal-issues/eff-fbi-analysis.
FOR IMMEDIATE RELEASE September 17, 1992
For more information contact: John Podesta 202/544-6906
Jerry Berman 202/544-9237
+=====+===================================================+=============+
| EFF |155 Second Street, Cambridge MA 02141 (617)864-0665| eff@eff.org |
------------------------------
Date: Fri, 18 Sep 92 07:06:00
From: John F. McMullen <mcmullen@well.sf.ca.us>
Subject: File 6--Cap't Crunch Discusses Sneakers With Newsbytes
NEW YORK, NEW YORK, U.S.A., 1992 SEP 18(NB) -- John Draper, author of
one of the earliest word processing programs, EasyWriter, and, under
his nomme de plume, "Cap't Crunch", one of the first known "hackers",
told Newsbytes that while he "really enjoyed Sneakers, people should
realize that there is an important message contained within."
Draper, who served time in prison for his "phone phreaking", was
considered the model on which the role of "Cosmo", played by Ben
Kingsley, was based. Cosmo, like Draper, served a prison sentence for
his activities and, while in prison, became a collaborator with a
nationwide criminal organization, becoming their technical wizard.
Draper accepts the identification with Cosmo and says that the movie
brings out the problems of technology transfer in prison. He said
"While I was in prison, I learned how to pick a master lock. I didn't
ask for the knowledge; it was forced on me. Someone would say 'Let me
show you this' so you would.
"They would wheedle things out of me -- you don't snitch or not go
along in prison. I showed them how to build a random code voice
scrambler as well as other things about methods of obtaining free
phone service. It bothers me that these methods are probably used
today by Columbia drug dealers.
"We have to be concerned about the fact that prisons are Universities
of Crime. We don't want criminals to have the benefit of knowledge
that our government doesn't have. We don't want a Robert Morris or a
Phiber Optik sharing a cell with a friend of Noreiga's. We should
learn from history and come up with procedures to insure that this
relationship between the computer underground and true criminals is
not allowed to flourish."
Draper also told Newsbytes that while he enjoyed the movie immensely,
he did not care for violent portions in which guns were used; he said
"I hate guns."
Draper became "Cap'n Crunch" when he found that whistles given away in
Cap't Crunch serial emitted the 2600 tone necessary to "fool" the
automatic billing and verification system of the phone companies.
Since his release from prison, Draper has written Easywriter and a
Forth compiler for the Apple II (while writing the software products,
Draper was known as "Cap't Software; he has since resumed Crunch). He
has also been employed as a programmer and consultant.
(Barbara E. McMullen & John F. McMullen/Press Contact: John Draper,
crunch@well.sf.ca.us (e-mail)/19920918)
------------------------------
Date: Mon, 14 Sep 1992 11:45:14 CDT
From: James P Love <LOVE%PUCC@PSUVM.PSU.EDU>
Subject: File 7--GATEWAY/WINDO ALERT
((MODERATORS' NOTE: The federal government seems to require dragging,
kicking and screaming, into the 21st century. On-line access to
federal information is *CRUCIAL* to an informed electorate, and we
URGE READERS TO WRITE THEIR REPRESENTATIVES AND OTHERS))
Gateway/WINDO - SEPTEMBER ALERT
===========================================================
Re: S. 2813, the GPO Gateway to Government
H.R. 2772, the GPO Wide Information Network for Data Online
(WINDO)
(two bills that would provide one-stop-shopping *online*
public access to federal information systems and databases)
===========================================================
September 14, 1992
BACKGROUND
Congress is considering two bills (S. 2813; hr 2772) that would
require the Government Printing Office (GPO) to provide
one-stop-shopping *online* public access to federal information
systems and databases. (For a fact sheet or copies of the bills, send
an email message to tap@essential.org). Joint House and Senate
hearings were held on July 23, 1992. To become law, the bills must be
approved by the House Administration and Senate Rules Committees, and
then be approved by the full House and Senate.
THE SCOOP
On September 10, the Senate Rules committee canceled a scheduled
mark-up of S. 2813, the Senate version of the Gateway/WINDO
legislation. The official reason for the cancellation was the death
of Senator Burdick. Unofficially, the problems have been attributed
to house republicans, led by Newt Gingrich, who have threatened to
oppose passage of a bill sponsored by Senator Gore, due to the
presidential campaign. The alternative strategy is to the move the
house bill first, thereby deemphasizing Senator Gore's role. If any
bill moves this year it is likely to be a substitute for HR 2772,
cosponsored by ranking republicans on the House Administration
Committee.
WHAT YOU CAN DO
Clearly time is running out. The most important thing that you can do
is contact your congressional representative and ask them to urge the
congressional leadership to move these bills. It is particularly
important to contact members of the House of Representatives,
including the House leadership and republicans on the House
Administration Committee. The names, telephone numbers and address
for key legislators are given below.
=========================
Congressional Target List
=========================
Committee on House Administration,
U.S. House of Representatives
Representative State/District Phone Major Cities
DEMOCRATS
Charlie Rose NC-7 225-2731 Fayetteville/Wilmington
Frank Annunzio IL-11 225-6661 Chicago
Joseph Gaydos PA-20 225-4631 McKeesport
Leon Panetta CA-16 225-2861 Monterey/Salinas
Al Swift WA-2 225-2605 Bellingham/Everett
Mary Rose Oakar OH-20 225-5871 Cleveland
Bill Clay MO-1 225-2406 St. Louis
Sam Gejdenson CT-2 225-2076 Norwich/Middletown
Joe Kolter PA-4 225-2565 Beaver Falls/Butler
Martin Frost TX-24 225-3605 Dallas
Tom Manton NY-9 225-3965 Sunnyside
Marty Russo IL-3 225-5736 Chicago
Steny Hoyer MD-5 225-4131 Landover/PG County
Gerald Kleczka WI-4 225-4572 Milwaukee
Dale Kildee MI-7 225-3611 Flint
REPUBLICANS
Bill Thomas CA-20 225-2915 Bakersfield/Pismo Beach
Bill Dickerson AL-2 225-2901 Montgomery
Newt Gingrich GA-6 225-4501 Atlanta
Pat Roberts KS-1 225-2715 Dodge City/Salina
Paul Gilmor OH-5 225-6405 Bowling Green/Sandusky
James Walsh NY-27 225-3701 Syracuse
Mickey Edwards OK-5 225-2132 Oklahoma City
Bob Livingston LA-1 225-3015 Slidell/Metairie
Bill Barrett NE-3 225-6435 Scotsbluff/Grand Island
HOUSE LEADERSHIP
Thomas Foley WA-5 225-2006 Spokane/Walla Walla
Robert Michael IL-18 225-6201 Peoria
Richard Gephardt MO-3 225-2671 St. Louis
Joe Moakely MA-9 225-8273 Boston
Mail to House Members should be addressed:
The Honorable ______________
U.S. House of Representatives
Washington, DC 20515
Committee on Rules and Administration
U.S. Senate
Senator State Phone
DEMOCRATS
Wendell Ford KY 224-4343
Claiborne Pell RI 224-4642
Robert Bryd WV 224-3954
Daniel Inouye HI 224-3934
Dennis DeConcini AZ 224-4521
Al Gore TN 224-4944
Daniel Moynihan NY 224-4451
Christopher Dodd CT 224-2823
Brock Adams WA 224-2621
REPUBLICANS
Ted Stevens AK 224-3004
Mark Hatfield OR 224-3753
Jesse Helms NC 224-6342
John Warner VA 224-2023
Bob Dole KS 224-6521
Jake Garn UT 224-5444
Mich McConnell KY 224-2541
SENATE LEADERSHIP
George Mitchell ME 224-5344
Mail to Senators should be addressed:
The Honorable ____________
U.S. Senate
Washington, DC 20510
=================================================================
James Love, Director voice: 215/658-0880
Taxpayer Assets Project fax: call
12 Church Road internet: love@essential.org
Ardmore, PA 19003
------------------------------
Date: Fri, 18 Sep 92 12:10:42 EDT
From: LOVE@TEMPLEVM.BITNET
Subject: File 8--Model Letter in re S. 2813 / HR 2772
Dear _________
We strongly support the GPO Gateway/WINDO (S. 2813; hr 2772)
legislation now pending before the Senate Rules and House
Administration Committees. These bills will vastly expand public
access to information produced at public expense, and allow ordinary
citizens to benefit from billions of dollars in federal expenditures
on information technologies. Citizen access to government computer
systems and databases through modems and computers is an idea whose
time has come. These bills are strongly supported by the American
Library Association, academic organizations, and many others in the
research community, including citizens groups and large and small
businesses. Please tell me what specific steps you take to obtain
passage of this important legislation.
------------------------------
Date: Tue, 22 Sep 1992 20:00:00 -0400
From: Nigel Allen <nigel.allen@CANREM.COM>
Subject: File 9--police files conference
Here is a press release from the U.S. Department of Justice.
National Criminal Justice Information Conference in New Orleans
To: City and Assignment desks
Contact: Stu Smith of the Office of Justice Programs,
U.S. Department of Justice, 202-307-0784 or
301-983-9354 (after hours)
WASHINGTON, Sept. 23 -- A national conference on federal-state
criminal justice information sharing will be held from Wednesday,
Sept. 23, through Saturday, Sept. 26, in New Orleans, the Department
of Justice announced today.
Jointly sponsored by the Bureau of Justice Statistics (BJS) and the
Justice Research and Statistics Association (JRSA), the conference
participants will discuss "Federal and State Information Sharing to
Effectively Combat Crime and Ensure Justice."
Specific topics that will be aired include "New Measures in the
Criminal Justice System," "'Weed and Seed' and New Drug and Crime
Prevention Initiatives," "Challenges and Reforms to the Justice System
in the 90s," "Uses of Incident-based Reporting Systems," "Recent
Developments in Criminal History Improvements" and various research
issues in corrections, prosecution and law enforcement. Among the
approximately 250 people expected to attend will be officials from
state and local government and various federal agencies as well as
leading criminal justice researchers and scholars. Other participants
will be the directors of State Statistical Analysis Centers (SACs) and
other members, associate members and guests of JRSA.
BJS has provided funding to state justice statistics and
information systems through a network of SACs since 1972. There are
currently SACs in 48 states, the District of Columbia, Puerto Rico,
the Virgin Islands, and the Northern Mariana Islands. The SACs
provide a wealth of data about crime and the operation of the criminal
justice system to state and local governments, legislatures,
and Attorneys General for policy analysis and planning purposes. This
year is the 20th anniversary of the SAC program. It also marks the
beginning of a new initiative to establish a truly national system of
federal, state and local government information-sharing and readily
accessible data bases.
Additional information about BJS programs and publications may be
obtained from the Bureau of Justice Statistics Clearinghouse, Box
6000, Rockville, Md. 20850. The telephone number is 800-732-3277.
+++
Canada Remote Systems - Toronto, Ontario
World's Largest PCBOARD System - 416-629-7000/629-7044
------------------------------
End of Computer Underground Digest #4.46
************************************
Computer underground Digest Wed Sep 30, 1992 Volume 4 : Issue 47
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivist: Dan Carosone
Copy Editor: Rtaion Shrdleau, Esq.
CONTENTS, #4.47 (Sep 30, 1992)
File 1--Statement of Principle
File 2--NEW WINDO BILL (HR 5983)
File 3--"In House Hackers" (Excerpts from the WSJ)
File 4--Software Piracy: A Felony?
File 5--Hacker hits Cincinnati Phones
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by
anonymous ftp from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au
Back issues also may be obtained from the mail server at
mailserv@batpad.lgb.ca.us
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Wed, 23 Sep 92 22:15:02 EDT
From: bruces@well.sf.ca.us
Subject: File 1--Statement of Principle
Bruce Sterling
bruces@well.sf.ca.us
Catscan 10
>From SCIENCE FICTION EYE #10
A STATEMENT OF PRINCIPLE
I just wrote my first nonfiction book. It's called THE HACKER
CRACKDOWN: LAW AND DISORDER ON THE ELECTRONIC FRONTIER. Writing
this book has required me to spend much of the past year and a half in
the company of hackers, cops, and civil libertarians.
I've spent much time listening to arguments over what's legal, what's
illegal, what's right and wrong, what's decent and what's despicable,
what's moral and immoral, in the world of computers and civil
liberties. My various informants were knowledgeable people who cared
passionately about these issues, and most of them seemed
well-intentioned. Considered as a whole, however, their opinions were
a baffling mess of contradictions.
When I started this project, my ignorance of the issues involved was
genuine and profound. I'd never knowingly met anyone from the
computer underground. I'd never logged-on to an underground
bulletin-board or read a semilegal hacker magazine. Although I did
care a great deal about the issue of freedom of expression, I knew
sadly little about the history of civil rights in America or the legal
doctrines that surround freedom of the press, freedom of speech, and
freedom of association. My relations with the police were firmly
based on the stratagem of avoiding personal contact with police to the
greatest extent possible. I didn't go looking for this project.
This project came looking for me. I became inextricably involved when
agents of the United States Secret Service, acting under the guidance
of federal attorneys from Chicago, came to my home town of Austin on
March 1, 1990, and confiscated the computers of a local science
fiction gaming publisher. Steve Jackson Games, Inc., of Austin, was
about to publish a gaming-book called GURPS Cyberpunk. When the
federal law-enforcement agents discovered the electronic manuscript of
CYBERPUNK on the computers they had seized from Mr. Jackson's
offices, they expressed grave shock and alarm. They declared that
CYBERPUNK was "a manual for computer crime."
It's not my intention to reprise the story of the Jackson case in this
column. I've done that to the best of my ability in THE HACKER
CRACKDOWN; and in any case the ramifications of March 1 are far from
over.
Mr Jackson was never charged with any crime. His civil suit against
the raiders is still in federal court as I write this.
I don't want to repeat here what some cops believe, what some hackers
believe, or what some civil libertarians believe. Instead, I want to
discuss my own moral beliefs as a science fiction writer -- such as
they are. As an SF writer, I want to attempt a personal statement of
principle.
It has not escaped my attention that there are many people who believe
that anyone called a "cyberpunk" must be, almost by definition,
entirely devoid of principle. I offer as evidence an excerpt from
Buck BloomBecker's 1990 book, SPECTACULAR COMPUTER CRIMES. On page
53, in a chapter titled "Who Are The Computer Criminals?", Mr.
BloomBecker introduces the formal classification of "cyberpunk"
criminality.
"In the last few years, a new genre of science fiction has arisen
under the evocative name of 'cyberpunk.' Introduced in the work of
William Gibson, particularly in his prize-winning novel NEUROMANCER,
cyberpunk takes an apocalyptic view of the technological future. In
NEUROMANCER, the protagonist is a futuristic hacker who must use the
most sophisticated computer strategies to commit crimes for people who
offer him enough money to buy the biological creations he needs to
survive. His life is one of cynical despair, fueled by the desire to
avoid death. Though none of the virus cases actually seen so far have
been so devastating, this book certainly represents an attitude that
should be watched for when we find new cases of computer virus and try
to understand the motivations behind them.
"The New York Times's John Markoff, one of the more perceptive and
accomplished writers in the field, has written than a number of
computer criminals demonstrate new levels of meanness. He
characterizes them, as do I, as cyberpunks."
Those of us who have read Gibson's NEUROMANCER closely will be aware
of certain factual inaccuracies in Mr. BloomBecker's brief review.
NEUROMANCER is not "apocalyptic." The chief conspirator in
NEUROMANCER forces Case's loyalty, not by buying his services, but by
planting poison-sacs in his brain. Case is "fueled" not by his greed
for money or "biological creations," or even by the cynical "desire to
avoid death," but rather by his burning desire to hack cyberspace.
And so forth.
However, I don't think this misreading of NEUROMANCER is based on
carelessness or malice. The rest of Mr. BloomBecker's book generally
is informative, well-organized, and thoughtful. Instead, I feel that
Mr. BloomBecker manfully absorbed as much of NEUROMANCER as he could
without suffering a mental toxic reaction. This report of his is what
he actually *saw* when reading the novel.
NEUROMANCER has won quite a following in the world of computer crime
investigation. A prominent law enforcement official once told me
that police unfailingly conclude the worst when they find a teenager
with a computer and a copy of NEUROMANCER. When I declared that I
too was a "cyberpunk" writer, she asked me if I would print the recipe
for a pipe-bomb in my works. I was astonished by this question, which
struck me as bizarre rhetorical excess at the time. That was before I
had actually examined bulletin-boards in the computer underground,
which I found to be chock-a-block with recipes for pipe-bombs, and
worse. (I didn't have the heart to tell her that my friend and
colleague Walter Jon Williams had once written and published an SF
story closely describing explosives derived from simple household
chemicals.)
Cyberpunk SF (along with SF in general) has, in fact, permeated the
computer underground. I have met young underground hackers who use
the aliases "Neuromancer," "Wintermute" and "Count Zero." The Legion
of Doom, the absolute bete noire of computer law-enforcement, used to
congregate on a bulletin-board called "Black Ice."
In the past, I didn't know much about anyone in the underground, but
they certainly knew about me. Since that time, I've had people
express sincere admiration for my novels, and then, in almost the same
breath, brag to me about breaking into hospital computers to chortle
over confidential medical reports about herpes victims.
The single most stinging example of this syndrome is "Pengo," a member
of the German hacker-group that broke into Internet computers while in
the pay of the KGB. He told German police, and the judge at the
trial of his co-conspirators, that he was inspired by NEUROMANCER and
John Brunner's SHOCKWAVE RIDER.
I didn't write NEUROMANCER. I did, however, read it in manuscript
and offered many purportedly helpful comments. I praised the book
publicly and repeatedly and at length. I've done everything I can to
get people to read this book.
I don't recall cautioning Gibson that his novel might lead to
anarchist hackers selling their expertise to the ferocious and
repulsive apparat that gave the world the Lubyanka and the Gulag
Archipelago. I don't think I could have issued any such caution, even
if I'd felt the danger of such a possibility, which I didn't. I still
don't know in what fashion Gibson might have changed his book to avoid
inciting evildoers, while still retaining the integrity of his vision
-- the very quality about the book that makes it compelling and
worthwhile.
This leads me to my first statements of moral principle.
As a "cyberpunk" SF writer, I am not responsible for every act
committed by a Bohemian with a computer. I don't own the word
"cyberpunk" and cannot help where it is bestowed, or who uses it, or
to what ends.
As a science fiction writer, it is not my business to make people
behave. It is my business to make people imagine. I cannot control
other people's imaginations -- any more than I would allow them to
control mine.
I am, however, morally obliged to speak out when acts of evil are
committed that use my ideas or my rhetoric, however distantly, as a
justification.
Pengo and his friends committed a grave crime that was worthy of
condemnation and punishment. They were clever, but treacherously
clever.
They were imaginative, but it was imagination in a bad cause. They
were technically accomplished, but they abused their expertise for
illicit profit and to feed their egos. They may be "cyberpunks" --
according to many, they may deserve that title far more than I do --
but they're no friends of mine.
What is "crime"? What is a moral offense? What actions are evil and
dishonorable? I find these extraordinarily difficult questions. I
have no special status that should allow me to speak with authority on
such subjects. Quite the contrary. As a writer in a scorned popular
literature and a self-professed eccentric Bohemian, I have next to no
authority of any kind. I'm not a moralist, philosopher, or prophet.
I've always considered my "moral role," such as it is, to be that of
a court jester -- a person sometimes allowed to speak the unspeakable,
to explore ideas and issues in a format where they can be treated as
games, thought-experiments, or metaphors, not as prescriptions, laws,
or sermons.
I have no religion, no sacred scripture to guide my actions and
provide an infallible moral bedrock. I'm not seeking political
responsibilities or the power of public office. I habitually
question any pronouncement of authority, and entertain the liveliest
skepticism about the processes of law and justice. I feel no urge to
conform to the behavior of the majority of my fellow citizens. I'm a
pain in the neck.
My behavior is far from flawless. I lived and thrived in Austin,
Texas in the 1970s and 1980s, in a festering milieu of arty
crypto-intellectual hippies. I've committed countless "crimes,"
like millions of other people in my generation. These crimes were
of the glamorous "victimless" variety, but they would surely have
served to put me in prison had I done them, say, in front of the State
Legislature.
Had I lived a hundred years ago as I live today, I would probably have
been lynched by outraged fellow Texans as a moral abomination. If I
lived in Iran today and wrote and thought as I do, I would probably be
tried and executed.
As far as I can tell, moral relativism is a fact of life. I think it
might be possible to outwardly conform to every jot and tittle of the
taboos of one's society, while feeling no emotional or intellectual
commitment to them. I understand that certain philosophers have
argued that this is morally proper behavior for a good citizen. But
I can't live that life. I feel, sincerely, that my society is
engaged in many actions which are foolish and shortsighted and likely
to lead to our destruction. I feel that our society must change, and
change radically, in a process that will cause great damage to our
present system of values.
This doesn't excuse my own failings, which I regret, but it does
explain, I hope, why my lifestyle and my actions are not likely to
make authority feel entirely comfortable.
Knowledge is power. The rise of computer networking, of the
Information Society, is doing strange and disruptive things to the
processes by which power and knowledge are currently distributed.
Knowledge and information, supplied through these new conduits, are
highly corrosive to the status quo. People living in the midst of
technological revolution are living outside the law: not necessarily
because they mean to break laws, but because the laws are vague,
obsolete, overbroad, draconian, or unenforceable. Hackers break laws
as a matter of course, and some have been punished unduly for
relatively minor infractions not motivated by malice. Even computer
police, seeking earnestly to apprehend and punish wrongdoers, have
been accused of abuse of their offices, and of violation of the
Constitution and the civil statutes. These police may indeed have
committed these "crimes." Some officials have already suffered grave
damage to their reputations and careers -- all the time convinced that
they were morally in the right; and, like the hackers they pursued,
never feeling any genuine sense of shame, remorse, or guilt.
I have lived, and still live, in a counterculture, with its own
system of values. Counterculture -- Bohemia -- is never far from
criminality. "To live outside the law you must be honest" was Bob
Dylan's classic hippie motto. A Bohemian finds romance in the notion
that "his clothes are dirty but his hands are clean." But there's
danger in setting aside the strictures of the law to linchpin one's
honor on one's personal integrity. If you throw away the rulebook to
rely on your individual conscience you will be put in the way of
temptation.
And temptation is a burden. It hurts. It is grotesquely easy to
justify, to rationalize, an action of which one should properly be
ashamed. In investigating the milieu of computer-crime I have come
into contact with a world of temptation formerly closed to me.
Nowadays, it would take no great effort on my part to break into
computers, to steal long-distance telephone service, to ingratiate
myself with people who would merrily supply me with huge amounts of
illicitly copied software. I could even build pipe-bombs. I haven't
done these things, and disapprove of them; in fact, having come to
know these practices better than I cared to, I feel sincere revulsion
for them now. But this knowledge is a kind of power, and power is
tempting. Journalistic objectivity, or the urge to play with ideas,
cannot entirely protect you. Temptation clings to the mind like a
series of small but nagging weights. Carrying these weights may make
you stronger. Or they may drag you down.
"His clothes are dirty but his hands are clean." It's a fine ideal,
when you can live up to it. Like a lot of Bohemians, I've gazed with
a fine disdain on certain people in power whose clothes were clean but
their hands conspicuously dirty. But I've also met a few people
eager to pat me on the back, whose clothes were dirty and their hands
as well. They're not pleasant company.
Somehow one must draw a line. I'm not very good at drawing lines.
When other people have drawn me a line, I've generally been quite
anxious to have a good long contemplative look at the other side. I
don't feel much confidence in my ability to draw these lines. But I
feel that I should. The world won't wait. It only took a few guys
with poolcues and switchblades to turn Woodstock Nation into
Altamont. Haight-Ashbury was once full of people who could trust
anyone they'd smoked grass with and love anyone they'd dropped acid
with -- for about six months. Soon the place was aswarm with
speed-freaks and junkies, and heaven help us if they didn't look just
like the love-bead dudes from the League of Spiritual Discovery.
Corruption exists, temptation exists. Some people fall. And the
temptation is there for all of us, all the time.
I've come to draw a line at money. It's not a good line, but it's
something. There are certain activities that are unorthodox,
dubious, illegal or quasi-legal, but they might perhaps be justified
by an honest person with unconventional standards. But in my
opinion, when you're making a commercial living from breaking the
law, you're beyond the pale. I find it hard to accept your
countercultural sincerity when you're grinning and pocketing the cash,
compadre.
I can understand a kid swiping phone service when he's broke,
powerless, and dying to explore the new world of the networks. I
don't approve of this, but I can understand it. I scorn to do this
myself, and I never have; but I don't find it so heinous that it
deserves pitiless repression. But if you're stealing phone service
and selling it -- if you've made yourself a miniature phone company
and you're pimping off the energy of others just to line your own
pockets -- you're a thief. When the heat comes to put you away,
don't come crying "brother" to me.
If you're creating software and giving it away, you're a fine human
being. If you're writing software and letting other people copy it
and try it out as shareware, I appreciate your sense of trust, and if
I
like your work, I'll pay you. If you're copying other people's
software and giving it away, you're damaging other people's interests,
and should be ashamed, even if you're posing as a glamorous
info-liberating subversive. But if you're copying other people's
software and selling it, you're a crook and I despise you.
Writing and spreading viruses is a vile, hurtful, and shameful
activity that I unreservedly condemn.
There's something wrong with the Information Society. There's
something wrong with the idea that "information" is a commodity like a
desk or a chair. There's something wrong with patenting software
algorithms. There's something direly mean-spirited and ungenerous
about inventing a language and then renting it out to other people to
speak. There's something unprecedented and sinister in this process
of creeping commodification of data and knowledge. A computer is
something too close to the human brain for me to rest entirely content
with someone patenting or copyrighting the process of its thought.
There's something sick and unworkable about an economic system which
has already spewed forth such a vast black market. I don't think
democracy will thrive in a milieu where vast empires of data are
encrypted, restricted, proprietary, confidential, top secret, and
sensitive. I fear for the stability of a society that builds
sandcastles out of databits and tries to stop a real-world tide with
royal commands.
Whole societies can fall. In Eastern Europe we have seen whole
nations collapse in a slough of corruption. In pursuit of their
unworkable economic doctrine, the Marxists doubled and redoubled their
efforts at social control, while losing all sight of the values that
make life worth living. At last the entire power structure was so
discredited that the last remaining shred of moral integrity could
only be found in Bohemia: in dissidents and dramatists and their
illegal samizdat underground fanzines. Their clothes were dirty but
their hands were clean. The only agitprop poster Vaclav Havel needed
was a sign saying *Vaclav Havel Guarantees Free Elections.* He'd
never held power, but people believed him, and they believed his
Velvet Revolution friends.
I wish there were people in the Computer Revolution who could inspire,
and deserved to inspire, that level of trust. I wish there were
people in the Electronic Frontier whose moral integrity unquestionably
matched the unleashed power of those digital machines. A society is
in dire straits when it puts its Bohemia in power. I tremble for my
country when I contemplate this prospect. And yet it's possible. If
dire straits come, it can even be the last best hope.
The issues that enmeshed me in 1990 are not going to go away. I
became involved as a writer and journalist, because I felt it was
right. Having made that decision, I intend to stand by my commitment.
I expect to stay involved in these issues, in this debate, for the
rest of my life. These are timeless issues: civil rights,
knowledge, power, freedom and privacy, the necessary steps that a
civilized society must take to protect itself from criminals. There
is no finality in politics; it creates itself anew, it must be dealt
with every day.
The future is a dark road and our speed is headlong. I didn't ask
for power or responsibility. I'm a science fiction writer, I only
wanted to play with Big Ideas in my cheerfully lunatic sandbox. What
little benefit I myself can contribute to society would likely be best
employed in writing better SF novels. I intend to write those better
novels, if I can. But in the meantime I seem to have accumulated a
few odd shreds of influence. It's a very minor kind of power, and
doubtless more than I deserve; but power without responsibility is a
monstrous thing.
In writing HACKER CRACKDOWN, I tried to describe the truth as other
people saw it. I see it too, with my own eyes, but I can't yet
pretend to understand what I'm seeing. The best I can do, it seems to
me, is to try to approach the situation as an open-minded person of
goodwill. I therefore offer the following final set of principles,
which I hope will guide me in the days to come.
I'll listen to anybody, and I'll try to imagine myself in their
situation.
I'll assume goodwill on the part of others until they fully earn my
distrust.
I won't cherish grudges. I'll forgive those who change their minds
and actions, just as I reserve the right to change my own mind and
actions.
I'll look hard for the disadvantages to others, in the things that
give me advantage. I won't assume that the way I live today is the
natural order of the universe, just because I happen to be benefiting
from it at the moment.
And while I don't plan to give up making money from my ethically
dubious cyberpunk activities, I hope to temper my impropriety by
giving more work away for no money at all.
------------------------------
Date: Tue, 29 Sep 1992 20:14:02 EDT
From: LOVE@TEMPLEVM.BITNET
Subject: File 2--NEW WINDO BILL (HR 5983)
From--James Love <love@essential.org>
Taxpayer Assets Project
Re--HR 5983, legislation to provide online access to
federal information
(Successor to Gateway/WINDO bills)
Date--September 23, 1992, Washington, DC.
On Wednesday, September 23, the House Administration Committee
unanimously approved H.R. 5983, the "Government Printing Office (GPO)
Electronic Information Access Enhancement Act of 1992." The bill,
which had been introduced the day before, was cosponsored by committee
chairman Charlie Rose (D-NC), ranking minority member William Thomas
(R-CA) and Pat Roberts (R-KA). The measure was a watered down version
of the GPO Gateway/WINDO bills (S. 2813, HR 2772), which would provide
one-stop-shopping online access to hundreds of federal information
systems and databases.
The new bill was the product of negotiations between
Representative Rose and the republican members of the House
Administration Committee, who had opposed the broader scope of the
Gateway/WINDO bills. Early responses to the new bill are mixed.
Supporters of the Gateway/WINDO bill were disappointed by the narrower
scope of the bill, but pleased that the legislation retained the
Gateway/WINDO policies on pricing of the service (free use by
depository libraries, prices equal to the incremental cost of
dissemination for everyone else). On balance, however, the new bill
would substantially broaden public access to federal information
systems and databases, when compared to the status quo.
WHAT HR 5983 DOES
The bill that would require the Government Printing Office (GPO) to
provide public online access to:
- the Federal Register
- the Congressional Record
- an electronic directory of Federal public information
stored electronically,
- other appropriate publications distributed by the
Superintendent of Documents, and
- information under the control of other federal
departments or agencies, when requested by the
department or agency.
The Superintendent of Documents is also required to undertake a
feasibility study of further enhancing public access to federal
electronic information, including assessments the feasibility of:
- public access to existing federal information systems,
- the use of computer networks such as the Internet and
NREN, and
- the development (with NIST and other agencies) of
compatible standards for disseminating electronic
information.
There will also be studies of the costs, cost savings, and
utility of the online systems that are developed, including an
independent study of GPO's services by GAO.
WHAT HR 5983 DOESN'T DO
The new bill discarded the names WINDO or Gateway without a
replacement. The new system is simply called "the system," a
seemingly minor change, but one designed to give the service a
lower profile.
A number of other features of the Gateway/WINDO legislation were
also lost.
- While both S. 2813 and HR 2772 would have required GPO to
provide online access through the Internet, the new bill
only requires that GPO study the issue of Internet access.
- The Gateway/WINDO bills would have given GPO broad authority
to publish federal information online, but the new bill
would restrict such authority to documents published by the
Superintendent of Documents (A small subset of federal
information stored electronically), or situations where the
agency itself asked GPO to disseminate information stored in
electronic formats. This change gives agencies more
discretion in deciding whether or not to allow GPO to
provide online access to their databases, including those
cases where agencies want to maintain control over databases
for financial reasons (to make money off the data).
- The republican minority insisted on removing language that
would have explicitly allowed GPO to reimburse agencies for
their costs in providing public access. This is a
potentially important issue, since many federal agencies
will not work with GPO to provide public access to their own
information systems, unless they are reimbursed for costs
that they incur. Thus, a major incentive for federal
agencies was eliminated.
- S. 2813 and HR 2772 would have required GPO to publish an
annual report on the operation of the Gateway/WINDO and
accept and consider *annual* comments from users on a wide
range of issues. The new bill only makes a general
requirement that GPO "consult" with users and data vendors.
The annual notice requirement that was eliminated was
designed to give citizens more say in how the service
evolves, by creating a dynamic public record of citizen
views on topics such as the product line, prices, standards
and the quality of the service. Given the poor record of
many federal agencies in addressing user concerns, this is
an important omission.
- S. 2813 would have provided startup funding of $3 million in
fy 92 and $10 million in fy 93. The new bill doesn't
include any appropriation at all, causing some observers to
wonder how GPO will be able to develop the online
Congressional Record, Federal Register, and directory of
databases, as required by the bill.
WHAT HAPPENED?
The bill which emerged from Committee on Wednesday substantially
reflected the viewpoints of the republicans on the House
Administration Committee. The republican staffers who negotiated
the new bill worked closely with lobbyists for the Industry
Information Association (IIA), a trade group which represents
commercial data vendors, and who opposed the broader
dissemination mandates of the Gateway/WINDO bills.
Why did WINDO sponsor Charlie Rose, who is Chair of the House
Administration Committee, give up so much in the new bill?
Because Congress is about to adjourn, and it is difficult to pass
any controversial legislation at the end of a Congressional
session. The failure to schedule earlier hearings or markups on
the WINDO legislation (due largely to bitter partisan battles
over the House bank and post office, October Surprise and
campaign financing reform) gave the republican minority on the
committee enormous clout, since they could (and did) threaten to
kill the bill.
Rose deserves credit, however, for being the first member of
congress to give the issue of citizen online access to federal
information systems and databases such high prominence, and his
promise to revisit the question next session is very encouraging.
PROSPECTS FOR PASSAGE
The new bill has a long way to go. It must be scheduled for a
floor vote in the House and a vote in the Senate. The last step
will likely be the most difficult. In the last few weeks of a
Congressional session, any member of the Senate can put a "hold"
on the bill, preventing it from receiving Senate approval this
year, thus killing the bill until next legislative session. OMB
and the republican minority on the House Administration Committee
have both signed off on the bill, but commercial data vendors
would still like to kill the bill. There's a catch, however.
Rose's staff has reportedly told the Information Industry
Association (IIA) that if it kills HR 5983, it will see an even
bolder bill next year. Since IIA was an active participant in
the negotiations over the compromise bill, any effort to kill the
bill will likely antagonize Rose. Of course, some observers
think that an individual firm, such as Congressional Quarterly,
may try to kill the bill. Only time will tell.
IS THE GLASS HALF EMPTY OR HALF FULL?
Despite the many changes that have weakened the bill, HR 5983 is
still an important step forward for those who want to broaden
public access to federal information systems and databases. Not
only does the bill require GPO to create three important online
services (the directory, the Congressional Record and the Federal
Register), but it creates a vehicle that can do much more.
Moreover, HR 5983 would provide free online access for 1,400
federal depository libraries, and limit prices for everyone else
to the incremental cost of dissemination. These pricing rules
are far superior to those used by NTIS, or line agencies like
NLM, who earn substantial profits on the sale of electronic
products and services.
WHAT YOU CAN DO
Urge your Senators and Representatives to support passage of HR
5983, quickly, before Congress adjourns in October. All members
of Congress can be reached by telephone at 202/224-3121, or by
mail at the following addresses:
Senator John Smith Representative Susan Smith
US Senate US House of Representatives
Washington, DC 20510 Washington, DC 21515
The most important persons to contact are your own delegation, as
well as Senators George Mitchell (D-ME) and Bob Dole (R-KA).
For more information, contact the American Library Association at
202/547-4440 or the Taxpayer Assets Project at 215-658-0880. For a
copy of HR 5983 or the original Gateway/WINDO bills, send an email
message to tap@essential.org.
------------------------------
Date: Sun, 30 Aug 92 05:19:34 EDT
From: Anonymous@anonvill.uunet.uu.net
Subject: File 3--"In House Hackers" (Excerpts from the WSJ)
Although cyber-surfing computer explorers receive the bulk of media
attention, there is little evidence that they comprise the greatest
danger to corporate computers or other resources. Confirming what
some observers have been saying for years, the Wall Street Journal
recently reported on the dangers of in-house hackers to corporate
computer security.
Summary of: "In House Hackers"
From: THE WALL STREET JOURNAL (Thursday, Aug. 27, 1992)
At its London office, American Telephone and Telegraph Co. says
three technicians used a computer to funnel company funds into
their own pockets. At General Dynamics Corp.'s space division in
San Diego, an employee plotted to sabotage the company by wiping
out a computer program used to build missiles. And at Charles
Schwab & CO. headquarters in San Francisco, some employees used
the stock brokerage firm's computer system to buy and sell
cocaine.
As these examples suggest, employees are finding increasingly
ingenious ways to misuse their companies' computer systems.
Although publicity about computer wrongdoing has often focused on
outside hackers gaining entry to systems to wreak havoc, insiders
are proving far more adept at creating computer mayhem.
Workers may use company computer system to line their own
pockets, to seek revenge because they didn't get a promotion or
because of other perceived slights. Whatever the motive,
high-tech misdeeds are creating significant problems for
companies large and small.
MEANS AND MOTIVE
Although figures for damages from computer abuse are scarce, some
companies report internal frauds involving losses of more than $1
million. Even more costly are losses from disrupted operations
or form repairing the damage.
"Employees are the ones with the skill, the knowledge and the
access to do bad things," says Donn Parker, an expert on computer
security at SRI International, Menlo Park, Calif. "They're the
ones, for example, who can most easily plant a which can crash
your entire computer system." Most companies quietly fire the
culprits without publicity, Mr. Parker adds. Dishonest or
disgruntled employees pose "a far greater problem than most
people realize."
The story reports interviews with various security experts who agree
that the increase of computer use also creates risks of unauthorized
computer access and tampering within a company. According to the
story, laptops cause special concern because of their flexibility and
power, which make it easier for employees to steal trade secrets.
Companies are beginning to recognize the need to develop increased
security measures to protect themselves from INTERNAL security
breaches. These include closer monitoring of who has access to
systems, encryption of sensitive files, and more carefully protecting
systems against unauthorized company users.
The story summarizes the AT&T trojan in England last year, in which
three AT&T technicians were charged with unauthorized modification of
computers and conspiracy to defraud. Although the case was later
dropped because of legal technicalities, it underscores the dangers of
the potential for inhouse crime.
The story summarizes the case of Michael Lauffenburger, a 31 year old
General Dynamics programmer in California, who was indicted in federal
court for trying to destroy parts of a computer program, quit the
company, and then get rehired as a well-paid consultant to rebuild the
program:
The plot, the indictment alleges, went like this: In March last
year, Mr. Lauffenburger created a second computer program, this
one a logic bomb called "Cleanup." It would totally erase the
original parts program starting at 6 p.m. May 24, the beginning
of the Memorial Day weekend, when few would be around to notice.
When the bomb went off, Mr Lauffenburger wouldn't be around
either; he quit March 29.
Lauffenburger pleaded guilty to computer tampering in early 1992 and
was fined $5,000 and required to perform community service.
The story lists another company, Pinkerton Security and
Investigation Services, that was victimized by an Employee. Tammy
Juse, 48, used the name "Tammy Gonzalez" to obtain a position in the
accounting department in 1988. She accessed Pinkerton accounts at
Security Pacific National Bank, and was discovered in 1990 to be
embezzling from the accounts. She was sentenced to 27 months in prison
for embezzling over $1 from the company:
Normally, a reconciliation of accounts would have caught the
discrepancies. But Ms. Gonzalez was also supposed to do the
reconciling, and somehow she didn't get around to it. At one
point, it was nearly two years behind.
The story lists the usual dangers of security lapses in companies,
including password problems, open computers, and other "people
problems" that leave systems vulnerable. It also identifies illegal
uses of company computers as a potential problem:
Sometimes it is the very advantages of computers, including speed
and convenience of communication, that make them tempting tools
of abuses. Late last year, officials at Charles Schwab, got a
tip that a cocaine ring was flourishing among its headquarters
employees in San Francisco. Hal Lipset, a private investigator
hired by Schwab, soon discovered that sales were being arranged
over Schwab's computer communications system.
Schwab officials secretly began monitoring the messages and
copying them for evidence. Two employees who allegedly were
selling drugs masked their messages by seeming to talk of tickets
to sports events or about a game of pool called eightball. But
according to one investigator, a "ticket" represented a half gram
of cocaine for $40, and "eightball" represented 3 grams for about
$280.
..............
An undercover man working for Mr. Lipset, in cooperation with San
Francisco police, began buying cocaine to gather more evidence.
In April, the police arrested two back-office workers at Schwab
for drug dealing. Both pleaded guilty. Schwab has fired them as
well as two others allegedly in the drug ring.
The WSJ story nicely details the threats to security from those within
the company entrusted to use and maintain them. Most "hackers"
operating from the outside agree that poor security rather than
external explorers are the greatest threat to company systems. It is
refreshing to see the media recognize that the greatest potential for
abuse comes from inside, and that the costs of computer crime are
overwhelming created not by curious teenagers, but by predators who
betray an employees trust.
------------------------------
Date: 27 Sep 92 22:59:05 EDT
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 4--Software Piracy: A Felony?
Washington is currently considering a bill, S.893, which would expand
felony provisions to all copyrighted materials, including computer
software. The bill provides for felony convictions punishable by up
to $250,000 in fines and two years in prison for willfully infringing
on software copyrights in amounts exceeding retail amounts of $5,000.
The bill is currently under consideration by the House Intellectual
Property and Judicial Administration Subcommittee, chaired by Rep.
William Hughes. For more details see 'A Felonious Crime', Amy
Cortese, INFORMATION WEEK, Sept 14,1992, p14
VIRUS SPREAD LESS THAN EXPECTED
A report released by IBM's High Integrity Computing Laboratory says
that computer viruses are spreading slower than expected because
assumptions made in earlier estimates haven't held true. Virus
epidemics were predicted based on a "homogeneous mixing" theory
modeled after the way diseases spread in humans. It turns out that
despite all the computer networks, most viruses are spread via shared
diskettes, which limits each computer's risk of exposure. (As
reported in INFORMATION WEEK, Sept 14, 1992, p16)
------------------------------
Date: 27 Sep 92 23:20:17 EDT
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 5--Hacker hits Cincinnati Phones
HACKER HITS CINCINNATI PHONES
A computer hacker apparently in the New York area broke the code into
one of the Cincinnati, Ohio, phone trunk lines, building up a $65,000
phone bill. Cincinnati city officials say the unknown invader racked
up the charges last winter and spring by placing calls around the
world.
David Chapman, the city's assistant superintendent for
telecommunica-tions, said that investigators think the tap originated
in the New York-New Jersey area, but they have no suspects and the
investigation is considered closed.
Chapman added, "Apparently these people were pretty darn slick, but
talking to the Secret Service, we were small potatoes. I understand
there have been some major companies hit." (reprinted from STReport
#8.38 with permission)
COMPUTER EXEC'S ENDORSE CLINTON FOR PRESIDENT
Thirty executives at a number of high-tech Silicon Valley firms
--including Apple Computer, Hewlett Packard, National Semiconductor,
Oracle Systems and Link Technologies -- have endorsed Democrat Bill
Clinton in his bid for the White House.
"Many of us here are actually not Democrats but Republicans," said
Apple CEO John Sculley. Sculley added the group believes Clinton can
put the country "back in the forefront of leading the world again."
Oracle Systems CEO Lawrence Ellison said that the Democrat's economic
plan is "why I am departing this year from my life-long support of the
Republican Party to endorse the Clinton-Gore ticket."
Besides Sculley and Ellison, those endorsing Clinton include HP
President/CEO John Young, as well as Gil Amelio, CEO of National
Semiconductor; Dave Barram, vice president of Apple Computers; Gerry
Beemiller, CEO of Infant Advantage; Chuck Boesenberg, CEO of Central
Point Software; Dick Brass, president of Oracle Data Publishing; Chuck
Comiso, president of Link Technologies.
Also: Gloria Rose Ott, president of GO Strategies; Ed McCracken, CEO
of Silicon Graphics; Regis McKenna, chairman of Regis McKenna; Bill
Miller, former CEO of SRI international, Sandy Robertson, general
partner of Roberston, Colman and Stephans. (Reprinted from STReport
#8.38 with permission)
------------------------------
End of Computer Underground Digest #4.47
************************************
Computer underground Digest Sun Oct 4, 1992 Volume 4 : Issue 48
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivist: Dan Carosone
Copy Editor: Etaion Shrdleax, Esq.
CONTENTS, #4.48 (Oct 4, 1992)
File 1--Wes Morgan's on J Davis & Piracy (Re: CuD 4.46)
File 2--"Whose Internet Is It Anyway?" (Online! Reprint)
File 3--Implementing System Security
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by
anonymous ftp from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au
Back issues also may be obtained from the mail server at
mailserv@batpad.lgb.ca.us
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Mon, 28 Sep 92 10:10:41 EDT
From: morgan@ENGR.UKY.EDU(Wes Morgan)
Subject: File 1--Wes Morgan's on J Davis & Piracy (Re: CuD 4.46)
In CuD #4.46, Jim Davis writes:
>First, the reality of software production in the late 20th century is
>much different than this image. Most software production is NOT a
>cottage industry.
Agreed, but that doesn't really change my arguments very much.
>The industry has quickly matured in the past few
>years into a typical monopolized industry. Most patent filings are by
>corporations. Most software is not purchased from the individuals who
>create the software, it is purchased from companies who have required
>their engineers to sign away any rights to whatever they come up with,
>AS A CONDITION OF EMPLOYMENT. So IN MOST CASES, the creator has been
>separated from the results of his or her creativity.
Isn't this true of almost any commercial concern? Toyota engineers
sign away their rights to the design of the 1993 Camry, and contribu-
ting editors sign away their rights to their editorials in the Lexington
Herald-Leader (if printed, unsigned, as the opinion of the paper). Yet,
these individuals still profit from their work; the engineers will receive
raises/bonuses if their designs are commercially successful, and the editors
of the Herald-Leader receive greater compensation if the paper's subscrip-
tions increase. What's the difference?
>But the image of
>the sole-proprietor hacker is raised up as a shield by the software
>industry -- the public can take pity on the "defenseless" hacker;
>people don't take pity on a Microsoft or an IBM.
It isn't a question of "pity", nor have I advanced it as such.
My argument is very simple. You do not have the moral, ethical, or legal
right to take someone else's explicit design (be it computer software, a
piece of sculpture, or a 1993 Camry), duplicate it, and give the copies away.
>Here we get
>to the heart of the matter -- we're really talking about the "rights"
>of software corporations here; not the hacker, not the consumer, and
>not society.
So, the people who constitute a corporation are now in a separate class?
>Nowhere do I argue that the people who write software should not be
>compensated for their effort. Of course people should be compensated!
You say that people should be compensated, yet you wish to remove their
largest/best-protected source of compensation -- contract royalties from
legitimate purchases.
>The question is how, and how much.
"how much"? This almost sounds like a thinly disguised slam on software
prices........
>Paycheck dollars from a
>corporation, a university, a cooperative or the government all spend
>equally as well.
Of course, one's paycheck is usually proportional to the success of
one's efforts. I can't imagine anyone increasing an employee's pay
for "good societal benefits" of their work (with the exception of
the fine people in the social work careers, of course....).
>But the social benefits from the programmer's efforts
>are constrained by forcing them through the legal contortions of
>intellectual property rights and private ownership.
If the programmer (or corporation) wants to reap social benefits, they'll
place the program in the public domain (or provide 'student editions', or
educational pricing, etc.). It's *their* choice, not yours.
>The model that we
>have been using is private speculation for private gain, made possible
>via exclusive monopolies granted by the government, enforced by law. I
>am saying that other successful models exist and have generated useful
>products.
Many such models exist; however, you would force everyone into the same
model. Neither of us can dictate models to the developer.
>The subtext in the "I deserve a reward" argument is that
>someone who comes up with a really useful idea should get a special
>reward. Fine. I have no problem with public recognition of significant
>contribution, even including a cash award. Again, this doesn't
>_require_ intellectual property rights.
I can see it now -- "You've written a wonderful program! Here's a one-
time cash award of $XXXX, and we're going to spread your program around
the world, let other people use it to make more money, and you won't reap
any further benefit from it."
>Morgan says that
>"*companies* create for financial gain" (which I certainly agree
>with), but puts this forward as if the protection of *their* financial
>gain somehow justifies the rest of us having to suffer under
>intellectual property rights.
Let's try a parallel (this usually degenerates into a flamefest, but...):
- You (Mr. Davis) write a book entitled "Intellectual Property in the
Information Age"
- Prentice-Hall, in their wisdom, deems it worthy; a First Edition is
prepared, published, and placed on sale.
- I purchase one copy, duplicate it 500 times, and distribute it to
a conference *without your permission*.
- Your book is included in the conference Proceedings, and is made
available to the public; again, neither you nor PH recognize any
compensation.
Can you honestly say that neither you nor Prentice-Hall will be concerned?
I have found that many people (NOT, necessarily, Mr. Davis) who argue against
intellectual property rights have never been in a position to earn compensation
from their personal work(s). I have been in such a position, and it definitely
changes one's opinions. (While my experience in this area does not lie within
the realm of computer software, I believe that my experience is valid.)
>Corporations are not necessary for the
>generation of the software we need.
That's well and good; you (and anyone else) is quite free to design,
implement, test, debug, document, and distribute any software you wish.
>Harlan Cleveland, .....wrote.....:
>"Is the doctrine that information is owned by its
>originator (or compiler) necessary to make sure that Americans remain
>intellectually creative?" He answers in the negative, citing the
>healthy public sector R&D efforts in space exploration, environmental
>protection, weather forecasting and the control of infectious diseases
>as counter examples.
Hmmm....."space exploration" == "NASA"
"environmental protection" == "EPA"
"weather forecasting" == "NOAA"
"infectious diseases" == "PHS/HHS/CDC"
"public sector" seems to melt into "government agencies". If you (or
Mr. Cleveland) can provide examples of such work which are outside the
governmental realm, I'd like to know about it. Of course, a great deal
of university research takes place under government grants; we might
even argue that universities are another arm of the government in this
respect.
I'm not familiar with any large-scale research which is truly in the
"public sector".
>Fourth, the notion of a solitary inventor is a popular falsehood. No
>one creates in a vacuum.
Agreed.
>The programmer's skills and creativity rest
>upon past inventions and discoveries;
This is true of almost any invention, discovery, or creation; would you
apply your arguments to cars, calculators, or novels? Heck, most musical
compositions are based on the ancient notions of scales, keys, and modes;
would you throw *all* music into the public domain, too?
>publicly supported education;
It is quite possible to complete one's education without setting foot
in a "publicly supported" school.
>the other people who produced the hardware, the manuals and textbooks
>and the development tools; as well as the artists and accompanying
>infrastructure who may have inspired or influenced the programmer.
You're absolutely correct, but it's still the programmer's invention
that made it possible.
>In
>this sense, the developer's product is a social product, and
>consequently should redound to the benefit of all of society.
Again, are you willing to apply this notion to *every* invention,
development, or creation? I still don't believe that computer
software is inherently different from any other medium.
>The
>practical problem of compensation for effort and reward for
>outstanding achievement can be addressed outside of "intellectual
>property rights."
I'd like to see some concrete ideas about the implementation of this
"compensation....and reward". You've mentioned it several times, but
you haven't presented any practical implementations.
>The public
>is already heavily involved in software production, but as is too
>often the case, the public finances something, and then turns it over
>to private corporations to reap all of the profits from it.
1) The "public" doesn't have to "turn it over" to the private sector.
2) Most programmers who develop something on their own (as opposed to
"staff programmers" at a software company) usually recognize compen-
sation in either lump-sum payment(s), increased salaries, or royalties.
3) If I decide to market my own software product, haven't I just become
one of your much-villified "private corporations"?
>Re: my point that intellectual property rights prevent intellectual
>effort, including software development, from maximizing its social
>benefit: If a copy of Lotus 1-2-3 does have use for people, and people
>are prevented from using it (e.g., because of the price barrier), then
>its potential benefit is constricted.
You didn't address my mention of "public access" computing sites, such
as those found in many schools and public libraries. It would seem that
this growing "public access" facility would render your "price barrier"
irrelevant.
>Mr. Woodhead says that no companies specialize in educational
>software. If this in fact is the case, then this only reinforces the
>argument for the necessity of some sort of social or public or
>community (or whatever you want to call it) funding of educational
>software development.
Just go ahead and say "government funding"; you've been hinting around
the phrase for several paragraphs.
>Re: Mr. Morgan's notion of more aggressively extending patents to
>software: it's already taking place.
Good; I'll look at the references you mentioned.
>17 years (typical for
>patents) is an eternity in the evolution of software (as is 10 or 20
>years, as suggested by Mr. Morgan).
OK, let's change it to 5; we're speaking rhetorically, right? 8)
>As a sidenote, even the SPA has
>opposed software patents.
Of course they oppose it! It cuts into their profits! I've never
said that current pricing is fair.......
>Re: fair use -- the point I was trying to make is that the concept of
>"fair use" has EVOLVED and EXPANDED with increasing ability to easily
>duplicate various media.
How, exactly, has it "evolved and expanded"?
>"Taping of television programs for personal
>use appears to have become accepted as fair use of copyright material.
"appears to have"? It was explicitly affirmed in several court decisions.
>The
>rationale of the court must have been the unlikely efficacy of trying
>to put Pandora back into the box and the fact that no commercial use
>of the tapes was either alleged or documented."
Bingo! The "personal use" factor was a determinant in each decision.
You'll notice that the courts did NOT affirm any redistribution rights,
either for-profit or for free.....
>The point is that legal constructs like "fair
>use" are not brought to us by Moses -- they are determined by the
>balance of social forces through legal, political, economic and other
>forms of struggle. And therefore they are something which we can
>affect.
Agreed!
I would enthusiastically support a "free for educational purposes" waiver of
licensing. I'm the Systems Administrator for the UK College of Engineering;
we spend a great deal of money on licenses, and some vendors have my undying
gratitude (Swanson Analysis, MathWorks, and CADKEY, are you listening?).
Let me ask you a simple question:
You have championed (and rightfully so) the cause of "educational computing";
you've used education as a bulwark of your arguments. However, would you
voluntarily restrict your use of "free software" to educational purposes?
If WordPerfect gave you 10 copies for your class, would you use it to write
your next book? Would you sell that book?
>From: peter@FICC.FERRANTI.COM(Peter da Silva)
>Subject--File 2--Response to Davis/Piracy (1)
>
>Re: Wes Morgan's article in CuD #4.43
>
>I largely agree with most of his arguments, but I would like to point
>out one mistake... he says:
>
> "The whole concept of copyrights ... is based on the notion
> that the creator ... is entitled to some compensation for his
> effort"
>
>This is just not true. The whole concept of copyrights and patents in
>the United States is based on the notion that by making intellectual
>property a salable commodity subject to market forces, more and better
>intellectual property will be created and it will be distributed more
>freely.
Absolutely! I think we said the same thing; I just didn't extend my
statement far enough. (My statement was based on my experience in
more "artistic" fields, namely music; the market forces Peter mentions
are less dominant in that field.)
Thanks for clarifying, Peter.
>And, you know what, it works. There's no better refutation, nor need
>there be a better refutation, of the argument that piracy promotes
>openness. It doesn't. It promotes encrypted software, dongles, and
>trade secrets. It discourages publication. It reduces the incentive to
>create viable products of commercial quality. These are not the result
>of intellectual property laws, they're the result of the failure to
>enforce intellectual property laws.
Breakaway! Shot! Goal!
Well said.
>From: "Michael Stack" <stack@STARNINE.COM>
>Subject--File 3--Response to Davis/Piracy (2)
>
>They both seem to view copyright and
>patents as a system guaranteeing a right to profit overlooking the
>original constitutional intent to "promote the progress of Science and
>the useful Arts."
Here's the relevant citation:
[Article I, Section 8, US Constitution]
...To promote the progress of science and useful arts, by securing for
limited times to authors and inventors the exclusive right to their
respective writings and discoveries;
We may argue that the current implementation of copyrights and patents
is in need of overhaul/modification, but you cannot evade the Constitutional
"exclusive right" for inventors and authors.
I'd also argue that the very presence of hundreds of software companies
validates the "progress of science and useful arts"; I receive informa-
tion on new software releases on an almost-daily basis.
>To be able to accuse someone of stealing or to claim something
>as property (and to subsequently grant licenses on how this property
>is to be used) implies there exists rights of ownership in the first
>place. The crux of Mr. Davis's article questions this right. The
>respondents by-pass this altogether.
I didn't bypass it at all; in fact, my entire argument is based on
the premise of "I made it, and it's mine!". 8)
>Their articles are but
>explanations of the existing order in case we didn't already
>understand.
The "existing order" is entirely Constitutional. Mr. Davis' questions
bypass the Constitutional provisions of "exclusive rights" for creations
and inventions. Would you support a Constitutional amendment to revoke
those "exclusive rights"?
Keep in mind that any such action would invalidate *all* trademarks,
copyrights, and patents. None of the parties in this discussion have
provided justification for applying different standards to computer
software, so it's in the same boat as any other "writings and discoveries".
>The fact that "alls not well in the state of Denmark"
>in itself punches large holes in the system the two respondents
>defend.
>Both belittle the spectre of "police state" raised by Mr. Davis.
>Amazingly, this is done within the pages of a publication which has
>spotlighted many instances of "police-state" behavior: doors
>kicked-in in the early hours of morning, guns drawn, threats,
>equipment confiscated (permanently?), "guilty till proved innocent,"
>etc.
I didn't "belittle" the police-state notion at all!
Of course, those are matters of criminal law, not copyright infringement.
I have yet to hear mention of such a "police state" approach to copyrights.
>--On the one hand you argue "If I pour 4 years of my life into the
>development of SnarkleFlex, I DESERVE to profit from it" but then you
>append a caveat which undoes this assertion "(assuming that people
>want to purchase/use it)." Doesn't this condition make your
>capitalized assertion self-destruct?
How about "I deserve the OPPORTUNITY to profit from it"?
>Do you deserve to be rewarded
>for your work, yes or no, or is it to be let dependent on market
>caprice?
Market caprice, absolutely! That's the basis for ANYONE's living; one
must provide a service (or goods) which people need or want. If there
is no market for your skills, you get to find another job. That's self-
determination.
>--You ask "Would you make a copy of Webster's Dictionary and give it
>to a friend?" and you sport(!) "Xerox(tm)[ing] your entire printed
>library for me..." "...would be just fine, right?" Yes, it would --
>if the library and dictionary were in a readily distributable form and
>the copy cost me near nothing i.e. in digital form. I'd be happy to
>give you a copy. I could give it to anyone. As to how I'd have a
>library in the first place we can discuss (perhaps outside of this
>forum).
"how I'd have a library......we can discuss.....outside of this forum"?
Oh, my! Let's translate this a bit.....
"Sure, I'll give you a copy; just don't ask where I got it."
>Michael Goldhaber in his book Reinventing Technology states "Since new
>information technology includes easy ways of reproducing information,
>the existence of these [intellectual property] laws effectively
>curtail the widest possible spread of this new form of wealth."
Your alternative is anarchic, is it not? I'll ask you a simple question,
one for which no one has provided a suitable answer:
If I choose to make my living as a software author (either "on
my own" or as part of a company/corporation), how will your
proposed "freedom of information" help me earn a living? Will
it, in fact, hinder me in earning a living?
--Wes
------------------------------
Date: Thu, 1 Oct 92 08:58:29 EDT
From: Rich=Gautier%SETA%DRC@S1.DRC.COM
Subject: File 2--"Whose Internet Is It Anyway?" (Online! Reprint)
This entire article was re-typed by Richard A. Gautier
(RG%SETA%DRC@S1.DRC.COM). If there are any SPELLING errors, they are
probably his. If there are grammar errors, they are Dr. Grundners, or
the editors. Mr. Gautier HAS obtained permission to electronically
disseminate this article from ngarman@tso.uc.edu who represents ONLINE
magazine. Her comment was that this article really does belong in the
electronic (Internet) forum, and that it was really a shame that I had
to ask with an article like this.
"WHOSE INTERNET IS IT ANYWAY? -- A CHALLENGE"
By Dr. Tom Grunder
From--Online! Magazine, July 1992, pp. 6-7, 10.
It began innocently enough. I was rummaging around the Internet
looking for some NREN information to include in a proposal I was
writing, when I came across a rather one-sided "debate."
It was a string of messages written mostly by people from academic
computing centers bemoaning the fact that NREN _might_ be made
available to K-12 schools, businesses, libraries, and (horror of
horrors) even to the general public. They were beside themselves.
"The Internet and the NREN are supposed to be for academic and
research purposes," they said. "What's going to happen if we allow
all these other people on? There's not going to be enough bandwidth.
Transmission time will suffer. Before you know it, the NREN is going
to be just as bad as the Internet is now."
As the messages came in, their outrage seemed to build. So did
mine.
Finally I came across a message that simply read: "Why should we
let them use it at all???" and suddenly the terrible mistake we've
been making became clear. We in the non-university networking
community have been framing the wrong issue.
Until now, the issue has been whether K-12 schools and community
users are going to have access to the NREN. It should have been
whether K-12 and community users are going to
_allow_the_academic_centers_ to access the NREN. Somehow we had
gotten our priorities crossed.
Who do they think is _paying_ for all this? When the NREN comes
online, the money to build it will be coming from that apparently
forgotten group of people called "taxpayers." Who do they think is
paying for the current Internet backbone? The National Science
Foundation? Wrong! It's the taxpayers. Who do they think is paying
for those mid-level networks, and for the high-speed data lines to
connect their colleges to those networks, and for the nice
high-powered servers that makes the connection so easy? Do they think
that money is coming from good ole Siwash State U.? If so, then who,
pray tell, is funding Siwash State? Right again. Taxpayers!
So now we come along, with hat in hand, begging for permission to
have minimal access to the Internet and to be a part of NREN. Why?
So we can set-up K-12 networks that will allow the _taxpayers'_ kids
to learn the information age skills they will need to be competitive
in the 21st century. So we can provide the _taxpayers_ access to
electronic mail, government information, and other resources via
libraries and community computer systems. So we can provide some
piece of the information age to the people who paid for it in the
first place! And the academics treat us like beggars in a subway
station.
_Absurd!_ Absurd, but not surprising.
To understand this attitude, you have to keep in mind that, in
most locations, these university computing centers are designed for
the people who work there plus 35 of their buddies. No one else -
including the other students and faculty on their own campuses - need
apply. In most locations, students or faculty members seeking to use
the Internet are given a blinking cursor that dares them to come up
with some combination of nonsense syllables to make it do something.
That's it. No help. No training. No assistance. Nothing. It is
not surprising that the idea of letting the community have access to
this preciously guarded resource would send chills up their spines.
But, in many ways, we in the non-academic computing circles have
made our share of mistakes as well. Not only have we been apologetic
in our claims to this national resource, but we have engaged in what I
call the "Balkanization" of the information age - the fragmentation of
our efforts into dozens of competing networks and special interest
systems. We should be working toward a common framework with enough
"conceptual bandwidth" to include everyone.
As a function of developing my organization, the National Public
Telecomputing Network, I am asked to speak at a lot of conventions and
conferences; and what I find at those meetings has become quite
predictable. Everyone is excited about computer networking. When I
go to a K-12 convention; everyone is talking about K-12 networks.
When I go to a library conference; everyone is talking about library
networks, and so on - all in direct competition with each other.
It doesn't make sense.
Let's say you are proposing a statewide network that will link
your libraries together, complete with Internet connections - the
whole bit. And let's say you take it to your state capital and,
amazingly enough, you get it funded. Now, what happens if a month
later the K-12 people (or someone else) shows up with a proposal to
fund their network; or worse, what happens if they get there a month
_before_ you? Some one must lose; it is inherent in that kind of
competitive process.
But our mistakes do not end with the competition for monies. They
run deeper than that. We have also failed to come up with a
comprehensive plan to show how any of our ideas fit together. Let me
use the K-12 initiatives as an example.
I have seen a number of proposals going around that (depending on
the proposal) would provide every school in the city/state/country
with a connection to the Internet - so every child will have access to
the information resources to be found there. That's fine. In fact,
on the surface, it sounds wonderful.
But what happens _after_ the student graduates from high school or
college? Do we toss him or her out into a world where those resources
are utterly unavailable? If so,
_what's_the_point_of_training_them_on_the_resources_
in_the_first_place? It's like having mandatory driver education in a
world without cars!
It doesn't make sense. We create plan after plan, proposal after
proposal, with no common conceptual framework to tie them together.
I believe we must start developing our programs in the context of
community-wide information systems. The guy who runs the corner gas
station (and who was in a K-12 class only a few years ago) should have
at least as much information access as the K-12 students who are in
class right now. But we can't do that; we can't achieve it; unless we
can band together somehow to speak with one voice.
And...we need leadership.
Where is that leadership going to come from? One logical source
is the library community. But I don't see that happening. What I see
is a profession divided. Half the librarians I've talked to see this
network technology as exactly the kind of thing libraries should be
embracing; and the other half (usually higher-level officials) see it
as the work of the devil - with no detectable middle ground.
We can't continue without leadership, without a plan, and in
direct competition with each other. Perhaps what is needed is a plot
of ground that stands outside existing territory, a place where
everyone can stand, and around which we can all rally.
Let me try out an idea on you.
Suppose a super-fund was created for the development of a
nationwide network of computerized community information systems.
These systems would be free to the user in the same sense that the
public library is free to its patrons. Of equal importance, each of
these systems would have a place on them for the library community,
the K-12 community, the medical community, government officials, and
anyone else who wanted to use it. In addition, each system would be
linked by, and would provide its users with controlled access to, the
Internet/NREN. From a technological standpoint, there are no barriers
to the development of these systems. Indeed, there currently exist
several pilot systems that are already accomplishing all the above and
more.
How would we fund it? One way would be to ask every Regional Bell
Operating Company to contribute, along with every high-tech
corporation, the federal government, every state government, every
major city, and every major foundation. If necessary, we would
approach the various state Public Utility Commissions to ask that a
surtax be placed on phone company data line profits. The fund would
be charged with developing a minimum of 100 community computers
covering all 50 states by the year 2000. Initial cost would be about
$30 million dollars.
Could it be done? Without any doubt, yes. We've done it before.
Most people do not realize that 100 years ago there was no such
thing as the public library as we know it. But we reached the
point in this country where literacy levels got high enough (and
the cost of producing books cheap enough) that the public library
became feasible. People across the country began to come together
around the idea of free public access to the printed word; and the
result was a legacy from which everyone reading this article has
benefitted.
What I am saying, is that in this century _computer_ literacy
levels have gotten high enough (and the cost of computer equipment
cheap enough) that it is time from a similar movement to form around
the development of free public-access computerized community
information systems. It is time for us to stop being apologetic, and
to stop competing wih each other. In short, it is time for us to
leave a legacy of our own.
Do you see what I am saying?
Would you support such a plan? I mean, would you support it
personally?
Would you work for it?
Would your company or institution support it?
Would they contribute to it? If so, let me know.
Send me electronic mail, send me snailmail, but let me know. The
key here is not the technology, that's already in place, it is "wil."
Do we have the will to do it?
The issue is no longer _whether_ we will enter an information age.
That part has been settled. We have. What is at issue is whether the
information age is something that happens _to_ us, or something that
happens _for_ us.
Fortunately, that decision still remains in our hands.
++++++++++++++++
_TOM_GRUNDNER_ is the president of the National Public
Telecomputing Network, and the founder of the Cleveland Freenet. The
freenets are community information systems, located in several Ohio
communities and in Peoria, Illinois. A column in DATABASE (April
1988, pp. 97-99) by Steve Cisler describes the Cleveland Freenet in
its early stages.
Communications to the author should be addressed to Dr. Tom
Grundner, National Public Telecomputing Network, Box 1987, Cleveland,
OH 44106; 216/368-2733; Internet-aa001@cleveland.freenet.edu;
BITNET-aa001%cleveland.freenet.edu@cunyvm. (Editor's Note: Write to
Tom Grundner, or write to ONLINE (ngarman@tso.uc.edu), to answer this
challenge and comment on this controversial issue facing the library
and online community. ONLINE will publish as many notes and letters
as we have room for in coming issues. --NG)
------------------------------
Date: 25 Sep 1992 11:07:31 -0700 (MST)
From: RayK <KAPLAN%UAMIS@ARIZVMS.BITNET>
Subject: File 3--Implementing System Security
Toward the Implementation of a System and Network Security-Related
Incident Tracking and Vulnerability Reporting Database
by Ray Kaplan
Consider the need for a system and network security-related incident
tracking and vulnerability reporting database (herein referred to as
ITVRD for convenience).
Such a database might be a relational combination of reported
vulnerabilities and incidents that could answer queries such as "show
me recorded instances of compromise for version xxx of operating
system yyy on zzz hardware" or "show me a list of known
vulnerabilities of the login sequence for version xxx of operating
system yyy on zzz hardware" or even, "show me a list of reported
compromises of version AAA of third party product BBB running under
version xxx of operating system yyy on zzz hardware". We might even
be able to ask "show me known instances of password guessing attacks
on version xxx of operating system yyy on zzz hardware at banks."
It is widely known that the flow of security-related information is
carefully controlled and that such information is not readily or
widely available to those who need it to protect their systems and
networks. There is plenty of information available - but, its
availability seems limited to the underground. While this apparently
serves those who know and control this information, but it does little
to help those who are trying to protect their systems and networks.
Security by obscurity is widely known to be a flawed concept. My
argument would be that this game of security incident/vulnerability
tracking is a lot like dealing with the AIDs crisis. If we don't
start talking openly about it, we are all in trouble(1).
While some of the various computer incident handling capabilities do
an excellent job of distributing SOME significant vulnerability and
incident information publicly(2), VERY LITTLE detailed information
gets disseminated in comparison to the number of known vulnerabilities
and known incidents. In addition, those who are not connected to the
Internet have a difficult time staying abreast of those incidents that
are reported. Worse yet, I speculate that the majority of systems and
private networks that exist in the world today are simply not even
tapped into the meager flow of security-related information that does
exist.
I believe that this sad situation is due to the politics of security
vulnerability information between vendors in the market(3), and an
inherent desire to control the distribution of this information by the
portion of the security community that has placed themselves in charge
of it. As proof of this, consider that prototypes of system and
network security-related ITVRDs are known to have been funded by the
government, but were stopped when the funding agency wanted to
classify the effort making it publicly inaccessible(4). What we - as
a community - are left with is an odd situation where the best
collections of vulnerability information are to be found only on the
clandestine sources of the world's underground computer community.
At this writing, the Defense Advanced Research Projects Agency's
(DARPA) Computer Emergency Response Team (CERT) is reporting on the
order of 3 incidents per day, but we - as a community - hear very
little about the exact nature of these problems, how they can be used
against our systems or their fixes. While the relatively new Forum of
Incident Response and Security Teams (FIRST) is working on the
problems associated with the design and implementation of a ITVRD,
their discussions are carefully restricted to their members and this
topic has been under discussion for quite a long time with no
apparent movement. In addition, most of us are not members of FIRST,
so we can't contribute to the discussions even if we wanted to do so.
Since I know that the formation of a widely available ITVRD is a very,
very emotional issue in the security community and since I am not
willing to suggest that I have the best design and implementation plan
for it in mind - I'm simply throwing the question out into the
community for an open, vigorous debate: how can a system and network
security-related ITVRD be implemented - or should it even be
implemented? Based on my recent, unsuccessful experiences in trying
to get members of the legitimate security community at large to talk
to members of the world's computer underground, I have decided that it
is not prudent for me to proceed with the design and implementation of
a ITVRD until some consensus in the community is reached about how -
or even if - such a thing should be done.
As a seed for the debate, here are some of the questions surrounding
the implementation of a ITVRD that I think need vigorous discussion by
the community. Please consider them carefully and offer us your
thoughts. Post your reply to this channel or send it to me at any of
the addresses below and I will collect it, combine it with others that
I receive and report it in some regular manner which is yet to be
determined.
A Myriad of hard questions:
What of the morals and ethics questions that surround the
establishment of a widely available ITVRD? While this is not a new
idea(5), we are talking about the morals and ethics of making an ITVRD
available to anyone who wants access to it. This necessarily includes
those that are not members of the legitimate security community. Even
though information such as that which an ITVRD would hold is readily
available now, it takes a lot of time and energy to find it. An ITVRD
would make incident and vulnerability information trivially available
to anyone who wanted it.
How should an ITVRD be accessible? Should it be a database on the
network that can be accessed by simply sending a well-formed query via
electronic mail to a database server? Should an ITVRD allow
interactive access? Should it be available via a toll-free, 1-800
number? A pay per-call, 1-900 number?
Since it has its own very well-developed channels of communication,
why would the underground even care to contribute to such an ITVRD?
Would a widely accessible ITVRD threaten or replace popular
underground publications like Hack-Tic or 2600? Would the underground
be happy with attribution for the holes that they find? Would the
contributors to an ITVRD even want to be identified?
Should a subscriber-based ITVRD pay its contributors for their
submissions? If so, on what basis and how much? Should it be
available to those that want to passively access it without
contributing to it? Should this access be on a subscription basis?
If so, does such a subscription service need some sort of
authentication to restrict access to only legitimate, paid
subscribers?
Should the contents of an ITVRD be exactly what is submitted to it, or
should submissions to it be edited and/or verified for authenticity.
If editing, verification and authentication of submissions are to take
place, who should do this and under what rules should it be done? In
recognition that many organizations do not currently report their
security problems, should anonymous submissions be allowed?
Should such an ITVRD be in the public domain or should it be private
property.
Where should an on-line ITVRD be maintained? Should it be located
outside the traditional boundaries of countries that would restrict its
availability?
I am sure that I have missed many, many important questions. Please
contribute to this discussion.
Electronic mail:Internet - kaplan@mis.arizona.edu
BITNET - KAPLAN@ARIZMIS
Snail mail:
Ray Kaplan
P.O. Box 42650
Tucson, AZ 85733-2650
FAX - (602) 791-3325
This has been posted to:
Some common Network Newsgroups, and the DECUS DECUServe bbs.Several of
the world's underground publications: 2600 and HacK-Tic.Selected
members of the security community.
Please feel free to re-post this anywhere you see fit - it is hereby
released into the public domain. If you post it somewhere - please let
me know where you put it so I can try and track the discussions - I'd
like to do a summary of it all one of these days.
In advance, thanks for your time and consideration. Since I know that
the ire of powerful forces in the security community may be stirred up
by the idea of publically discussing the design and operation of an
ITVRD, I only hope that a reasoned exchange of ideas will follow.
++++++++++
(1) I get into some interesting discussions with people who argue that
secrecy is the best course of action. For instance, while splitting
hairs on the tough subject of when you begin (of if there even should
BE) sex education, there is an argument that says educating very young
people about their sexuality will induce them to experiment where they
otherwise might not do so. In my view, this is similar to discussions
that I have with those that oppose the implementation of an ITRVD.
There are those that say the mere availability of an ITRVD will cause
more incidents. In the face of this criticism, I say that while this
may be true, at least system and network managers WILL have a
reference for this information where currently there is none. Just
think, the formation of an ITRVD may lead to vendors actually shipping
a document that describes the known vulnerabilities of their systems
to their customers. Sort of like the warning from the surgeon
General's warning on alcohol and tobacco products?
(2) Of note here is the Defense Advanced Research Projects Agency's
(DARPA) Computer Emergency Response Team (CERT). While these
consummate professionals do an excellent job of distributing incident
and vulnerability-related information to the Internet community, not
nearly enough is being done.
(3) While it is clear that there are vulnerabilities which affect many
vendors, there is evidence to suggest that some vendors in the
incident response community don't acknowledge those reports by other
vendors which clearly affect their own systems - let alone reporting
all of the vulnerabilities of their own systems.
(4) References available if you'd like them.
(5) There most certainly are ITVRDs currently being maintained in
various places.
------------------------------
End of Computer Underground Digest #4.48
************************************
Computer underground Digest Wed Oct 7, 1992 Volume 4 : Issue 49
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivist: Dan Carosone
Copy Editor: Etaion Jhrdleau, Sr.
CONTENTS, #4.49 (Oct 7, 1992)
File 1--Viruses--Facts and Myths
File 2--Defense Conversion Hearing
File 3--FBI Wiretap Scheme Examined
File 4--Intl. Piracy
File 5--SysLaw Announcement
File 6--Cu News: Dept Store Fraud / "MY PC PAL"
File 7--Brazilian Politics in Need of Encryption?
File 8--Police Charge Toronto Teenager in 911 Case
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by
anonymous ftp from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au
Back issues also may be obtained from the mail server at
mailserv@batpad.lgb.ca.us
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: 25 Sep 92 00:57:29
From: The Dark Adept <drkadpt@DRKTOWR.CHI.IL.US>
Subject: File 1--Viruses--Facts and Myths
Viruses--Facts and Myths
by The Dark Adept
This whole virus thing is a joke. Let me tell you why:
What is a virus?
----------------
A virus is a tiny program that attaches itself to other programs. It does
in fact operate as a biological virus does. It finds a victim program and
infects it with a copy of itself. Then when the victim program is
unsuspectingly run, the virus now inside it is activated. At this point,
it can do one of two things: infect another program, or cause mischief.
What do viruses do?
-------------------
Well, a number of things. Some erase your disks. Others print silly
messages to your screen. In any case, a virus is not written like other
programs are. It uses things that other programs normally don't. If your
computer is infected by a virus, whenever you turn on the machine that
virus is in the memory, and even if all it does is print "I want a cookie,"
it can still interfere with other programs since they don't expect it to
be there.
How do people catch viruses?
----------------------------
Yikes! Here's where all the rumors are! You cannot get a virus from a modem,
a printer, a CRT, etc. Viruses only come from other programs. So, whenever
you add a program to your hard disk or run one off of a floppy, you stand
a chance of catching a virus. Data files (files that are not programs, like
text for your wordprocessor) cannot contain viruses. Only programs can
contain viruses. On IBM PC's, programs usually end in ".exe" or ".com" and
are the files that you run. The programs are the only ones that can contain
viruses.
The only way to activate the virus is to run the program. Say for example
you got a new program called "game.exe". You put it on your hard drive,
but you never run it (i.e., you never tried it). Even if game.exe has a virus
in it, you WILL NOT catch it. The program has to be run at least once to make
the virus active.
Another thing is batch files. These are files on IBM PC's that end in ".bat".
These DO NOT contain viruses. However, .bat files run other programs. So
if the .bat file runs a program that has a virus, the virus WILL be activated.
The cause is NOT the .bat file, but the program that was run BY the .bat
file.
Tell me more about these things...
----------------------------------
Ok. Viruses can only be made for specific machines. By this I mean
that a virus that infects IBM PC's will NOT be able to infect Macs.
There may be a tiny tiny chance if your Mac is running something like
an IBM Emulator that a virus may cause problems, but in general, if
you have a non-IBM compatible computer, and you can't run IBM software,
then you can't catch IBM viruses and vice-versa.
For the most part, only personal computers (i.e., IBM PC's and Macs) are
affected by viruses. On IBM's, they are usually limited to DOS, so if
you are running Unix on a 386 you don't really need to worry (yet).
However, various flaws in NFS security and other technical aspects of
computers mean that viruses could someday appear in other types of
computers.
The reason why personal computers have this problem and others don't is
because of how they are designed. Personal computers of the past were
designed for one user running only one program. So, they could use all
the memory since it wouldn't hurt anyone else. On a mainframe or a Unix
system, the hardware (and software) know that many people will be using
it, so they are only allowed to use the memory given to them, and if
they try and use another section of memory, the computer stops them. Viruses
need access to memory that they shouldn't have, and on a personal computer,
there is nothing to stop them from getting it.
How do I *avoid* viruses?
-------------------------
That's like asking "how do I avoid VD?" The answer is "don't stick it in
your slot unless you know where it's been." If you buy the software from
a computer store, you don't have to worry. Once in a million there might
be some type of problem, but in general, store purchased software will
NEVER have a virus.
If you copy a program from a buddy, then you might have to think twice.
Where did he get it from? How many times has it been in someone else's
computer? The same goes for software you download with a modem.
The only way to complete ensure you never get a virus with 100% certainty
is to allow no outside contact with your computer. This is called a
"sterile environment" or a "Kosher komputer". This means that you cannot
use disks in your computer that have been in other computers, and you cannot
put any type of software in your computer that has not been purchased
from a store. In other words, the only "safe software" is "no software".
If you noticed, computer viruses operate a lot like biological viruses.
In fact, they mostly operate like venereal disease. So look at viruses
the same way as you would at VD. The only 100% assurance you have against
infection is abstinence (from using outside programs and disks). If
for some reason you cannot do this, then you must protect yourself.
How do I protect myself? Is there a "computer condom"?
-------------------------------------------------------
In a nutshell, the answer is NO NO NO!! Do not believe those
ads for anti-virus this and that. It's crap. Like a condom, they
*help* protect against infection, but there are no guarantees. Whenever
you put something in your (disk) slot, you still run a chance of being
infected - the "condom" may break or be infected itself.
Well, what are the different types of protection available?
-----------------------------------------------------------
There are 3 main types of "anti-virus" software available:
o Scanners
o Detectors
o Removers
+++Scanners+++
--------------
Each virus has what the anti-virus geeks call a "footprint". What this
means is that there is a sequence of "characters" that uniquely identify
the virus. For example, say someone gave you a book with no title or
description or whatnot and said, "Can you tell me if this is Hamlet by
Billy Shakespeare?" Being a virus wizard, you would say "Sure!" What
you would do is then look at all the text for the words "to be or not to be".
If you found them, then the book would be Hamlet. This is what virus scanners
do. They are programmed with an identifying "phrase" or footprint for
all known viruses. Then they look at each of your programs. If one
of them contains "to be or not to be" then it means that the Hamlet virus
has infected your program.
Those of you who have drank your coffee this morning might realize that
this doesn't help an awful lot. For one thing, what if the text isn't
Hamlet but a review of Hamlet that has a sentence "Hamlet's soliloquy which
begins with 'to be or not to be' is the most moving part of the play." Well,
the virus scanner would see "to be or not to be" and think it is a virus!
Of course, it would be wrong. Another thing is say I write a new virus,
and the anti-virus cronies haven't seen it yet. Its footprint wouldn't
be in the scanner. So the scanner wouldn't know it was a virus.
A final problem is that the scanner will only really protect you if it
scans the program *correctly* before you ever run it. Once you run it,
if you haven't scanned it or the scanner didn't pick anything up, and there
is a virus inside, you're toast. After you run the program, if you then
run the scanner, sure it will pick it up, but that's like going to the
doctor who tells you that you have the clap after you've got it. The
scanner is most effective when used before ever running the program. It
is also useful for giving your system a "check-up" every once in a while
to make sure something didn't slip by. However, again, now you already
have contracted the virus and now must worry about getting rid of it.
So, if you're going to use a scanner, remember this:
+ You must have a current version so that the new footprints are in there.
+ It works best when you scan programs *BEFORE* they are run for the
first time.
+ It might miss some or give you false results, so don't rely on it
completely.
+++Detectors+++
---------------
What the detectors do is watch for virus activity. For example, some
viruses try and erase your hard disk. What a detector does is sit in
the background and watches for an illegal or abnormal attempt to do
something to the hard disk. Then all sorts of alarms and bells go off
("Warning Will Robinson! Warning!") and the detector tries to stop
the virus from doing it. Some will also ask you if you want to allow
whatever action is taking place since you might actually be trying to
format your hard disk.
Another thing that some detectors do is a checksum/byte count check on
your files. Remember that a virus *adds* itself to another program.
So what the detector does is make a list of all the programs on your drive
and remembers what they look like. Then, when a virus changes one, the
detector notices this, and gives you a warning like "Program games.exe
failed checksum!" and asks you if you still want to run it.
You must know that the detector only checks program files. It would be a
real pain if every time you changed your term paper the detector went off.
However, this is not a weakness since only program files can contain
the viruses.
It may seem that detectors are the answer, but they are not. Remember,
the detector only detects virus activity. This means that you already
have a virus running around in your system. It will help stop the damage,
but the infection is already there. Another problem is that you must
remember that the detector is hiding in the background watching. Some
programs don't expect the detector to be there, and freak out (just like
they don't expect the viruses to be there either). So the detector might
interfere with other programs. The better detectors are well-written so
as to avoid this, but even then there might be problems.
So, if you are going to use a detector, remember this:
+ Detectors help stop damage caused by viruses.
+ If it detects virus activity, you are already infected.
+ You must buy a good one so that all types of virus activity are
detected.
+ The detector may interfere with other programs.
+++Removers+++
--------------
Also called "disinfectors." What these programs do is get rid of
the virus infection in your computer. Once you have detected an infection,
you have to get rid of it. However, like with cancer, that means cutting
something out usually. Nine times out of ten, a disinfector will have to
delete *ALL* the programs that are infected. Gone. Erased. Never to come
back. Some can get out the virus without deleting files, but this is
rare. It depends on how good the disinfector is and what type of virus
it is. The remover is probably the most crucial piece of anti-virus
software.
So, if you are going to use a remover (and you should), remember this;
+ Files (maybe important ones) will be deleted, so you need backup
copies of your software at all times (you should have this anyhow).
Who makes this and where can I get it? What do *you* use?
----------------------------------------------------------
There are a lot of companies who make this type of software. I've tried
a bunch, and my *personal* favorite is made by Central Point Software.
It comes in two types of packages:
+ PC Tools Deluxe
+ Central Point Anti-Virus
PC Tools deluxe has 2 main anti-virus items: PCBackup and VDefend. What
PCBackup does is backup your hard drive. You should be doing this anyhow.
What it also does, however, is there is an option to scan as it backs up.
What this means is before it backs up the program, it checks it for
a virus like a scanner would. This is important. Say you backup your
disk every month. Then like 3 weeks later you find that your word
processor and some other programs are infected by a virus. You disinfect
your disk, and go to install the back up copies. What if the backups are
infected? You're back to square one. PCBackup helps to ensure that your
backups are virus-free. And, like I said under scanners, you need the
current version. Well, good news. The data file where all the footprints
are is updated regularly and can be obtained at no cost (last time I checked)
from Central Point via modem. So you don't need to buy a new copy of
PC Tools every month, just get the new footprint file.
VDefend is a virus detector with a lot of neat options. It is also part
of the PC Tools Deluxe package. PC Tools deluxe is a nice product and
well written and I like it. If you like Norton's software, that is good,
too, and so are many others. I just happen to prefer PC Tools. So, you
get a lot more for your money than virus detection. Check it out at
your software store.
Now, the mother of all anti-virus software is Central Point Anti-Virus.
This is a killer package. All you could want and more. I've used it a
couple of times, but it is more than I need. Either I'm not paranoid
or I'm too trusting. However, if you want state-of-the-art TopGrade A-1
anti-virus protection, this is it. It also has a disinfector built in
and a lot of other goodies.
Now, why do I prefer these packages? I'll be honest with you. A lot
of the other anti-virus companies are in it strictly for the money. The
bigger the virus scare, the more money they make. Remember the
Michaelangelo virus? That was a load of crap. It was a simple virus.
There are a lot more dangerous ones out there, and they are more widespread.
These companies make *only* anti-virus packages, so they need the hype
to survive. Central Point and a few others are not in the anti-virus
industry per se. They are regular software companies who also offer
anti-virus software. Their programming experience is more widespread
than those who concentrate on viruses alone, and this means that their
software should be better in general. Why? Well, look at it this way:
Say you want to add an equalizer to your stereo. Now, do you want the
salesperson to know about stereos in general, or just about equalizers?
Shouldn't he know how equalizers interact with the rest of the system?
A software company that creates various pieces of software will know how
they interact and perform.
Further, an investigation into the history of some of these companies,
like McAfee and Associates, brings up questions about their competence
in this type of work. I ask you to draw your own conclusions, but as
a hint as to what I am referring, try and see what type of work McAfee
was involved in before viruses.
However, since I took a shot at McAfee, I must also state this: I have
known people to use McAfee's software and be 100% satisfied with no
complaints. They like McAfee's software and continue to use it. It
works for them and meets their needs. I hate both McAfee and his software,
and I refuse to use it ever, so you must decide for yourself.
Out of the general software houses, I like Central Point's goods. So those
are my reasons for why I chose it: 1) It is one of the reputable companies,
and, 2) Out of those reputable companies, this software has what I want.
Some people will say "You are picking on the little guys trying to start out."
Maybe. I wouldn't if this were a word processor where if something is
screwy in version 1, you can live til version 2. But this is for your
protection. Would you rather buy a gun made by Smith and Wesson or
Uncle Bob's Bullet Co.? When it comes down to protection, you don't
want any misfirings, and you must rely on reputation.
So, if you are going to buy "anti-virus" software, remember this:
+ Well-known, reputable, and experienced companies with good user
support like Central Point, Norton, etc. are preferred.
+ Out of those companies, pick the one that best suits *your* needs.
Everyone's system differs. You might love using Norton's backup
program, so you just want virus protection and not the full PCTools.
Etc., etc., etc. Look at all the software and see what you need and
want.
Myths
-----
Finally, I would like to expose some myths and misconceptions about
viruses:
"They threaten net connectivity"
--------------------------------
If by "net" you mean the Internet, this is 100% false. The machines
connected to the net do NOT run programs from other machines, so cannot
be infected by them. They merely store programs from other machines. It
would be like if a friend asked you to put that game.exe program on your
disk and hold it for him until he had space on his. As long as you
don't use it, you won't be injured by just storing it.
Another thing to remember is that most viruses are for personal computers
and most machines on the Internet are NOT personal computers, so the
viruses won't affect them anyhow.
The only role that the Internet plays in virus propagation (the spreading
of viruses) is that if someone gets a program from the Internet for his PC
and runs it he might get infected. But remember that you could also
get infected by getting a program from a friend. The Internet, therefore,
is not threatened by nor the cause of virus contamination.
However, if by "net" you mean the LAN at work, then this is true. A lot
of viruses spread rapidly through LAN networks, so if one machine gets
infected, all of them can. This is because all the personal computers
on the LAN run the same programs. Again, the cause here is the running
of the program by computers on the net. Internet computers generally
do not run the programs that contain viruses.
If some idiot says that their Internet connection should be severed due
to virus propagation, that would be like saying we should shut down Lake
Shore Drive in Chicago since a bank robber might drive down it to get
away. Sure it provides a path for viruses (bank robbers), but 99% of
the time it is providing a path for legitimate purposes (law abiding
citizens).
"BBS's are the major cause of virus spreading"
----------------------------------------------
FALSE FALSE FALSE!! The major cause of virus spreading is LAN's and
also copying from friends. BBS's merely store programs that you can copy
and most people who run BBS's try and make sure none of them have viruses.
A BBS is just copying from a friend over a modem. BBS's do not need to
be shut down or restricted because of viruses. It is up to *you* to
protect yourself from *any* program contamination no matter where
you copy the program from (i.e., a friend or BBS).
Some of you may have heard of Virus Exchange BBS's. Let me explain what
this is:
Any type of program ever written starts out as a "source file". This is
a regular text file made by a word processor that contains instructions
for a computer. This source file must be fed into either an "assembler" or
a "compiler" to become a program that can run. This is true whether the
program is a spreadsheet or a virus (viruses are programs, just very very
tiny ones).
Now the source file can have all of the program in it, or just part. The
rest would be in other source files. So, for example, if you look at your
wordprocessor in two parts you might see that one thing it does is let you
type stuff in, and the other part is it lets you print things out. So
it might have 2 source files: 1) tells the computer how to let you type
things in, and 2) tells the computer how to print things out.
A virus is made up of two basic parts: an infector and a destructor.
The INFECTOR is the part of the program which hides the virus and makes
it spread. The DESTRUCTOR is the mischief maker. This is the part
that draws crazy pictures on your screen or erases a file on you.
Now on these virus exchange BBS's, they 99% of the time just have virus
SOURCE FILES not virus programs. The source files CANNOT cause infection.
They must be fed to an assembler or a compiler first to become a program.
Remember that for a virus to become active it must be run as a program.
These BBS's do not distribute virus programs, but virus source files.
Furthermore, most of the source code for viruses on these BBS's is just
the INFECTOR part. This is what the programmers are interested in. This
is where the innovation and creativity and "wow! Nice piece of code!"
happens. The DESTRUCTOR is very basic and any idiot can do one: "del *.*".
People who run VXB's (Virus eXchange Boards) are interested in code for the
INFECTOR and the DESTRUCTOR is worthless.
In other words, they are merely giving out the blueprints and not the
bomb itself.
Some jerks argue that this in itself should be illegal. Well, another
article will deal with that, so please hold comments on this
aspect until after I have presented my position.
For right now, let me just say that in a nutshell, Virus Exchange BBS's do
NOT DIRECTLY cause infections. I think even the so-called "experts" would
agree with that.
"The first virus was written by..."
-----------------------------------
No one knows. However, if you were to ask me, I will say the first
virus was written by the first person who made copy-protection. Why?
Having the benefit of looking at both copy-protection and virus source
code, I can tell you that they do things the same way. The infector
part of the virus wants to hide itself and so does the copy-protection.
They both use the same types of methods to do so. Both also make programs
unusable if certain conditions are met. If it is a copy, the copy-protection
stops it from working properly. If it is an infected program that meets
the criteria for the destructor part of the virus to start, the virus
kicks in the destructor and does its job.
Again, please notice I am comparing the copy-protection with the infector, and
not the word processor with the destructor. The copy-protection and the
infector only differ in that the infector affects more than one program
and that the actual reason for both being there (the word-processor vs.
the destructor) are different. They both perform the same job - protection
and sustenance of the main program.
>From this idea of small programs that operate to protect a piece of software
known as copy-protection sprang forth the first viruses. So next time
you buy a piece of copy protected software you know who to thank for
your screwed up harddrive ("wah! but we don't write them!" no, but
you gave them the idea and techniques! Plus, copy protection is for loser
companies that don't give decent support to registered users thereby
creating a huge incentive to register a product. Enuff said.).
Another important similarity is that the techniques for removing copy
protection from a program and removing a virus from an infected file while
retaining the file are very similar (I've done both a few times).
"We're all doomed!! It's Michaelangelo!!"
-----------------------------------------
Yeah, eat me. I have been using computers for about 11 years. I have
been on everything from a Timex Sinclair to a Cray. I've had things on
my system you wouldn't feed to your dog. How many times have I been
infected by a virus? ZERO
I deal with over 100 computer-related people per day (I'm a graduate
student in Computer Science). Here is what contact I've had with virus
infection:
When I was an undergrad at the University of Illinois at Champaign-Urbana
(I started out in Electrical Engineering), the Mac labs got infected by
a virus. Rumor has it that it was caused by someone using an infected
copy of MacPlaymate (an X-rated video game for Macs) on one of the computers.
Last year, the PC-LAN at Loyola University of Chicago was slightly infected
by Michaelangelo, and one of the professors' PC's caught it because a student
handed in his infected programming assignment (it got infected because he
wrote it on the LAN). So, everyone who handed in their program got infected
if they reran the program when it was returned. Like 2 more people got
infected this way.
A friend of mine got infected by using an infected copy of a pirated video
game (serves him right hehehe!).
So, for someone who uses a computer every day and knows mostly computer
people, I have personally know 4 people and 2 sites that were infected
by viruses, and this is over 11 years.
Total damage? Not much. Nothing Anti-Virus and equivalent type software
couldn't fix and a quick restore from some backups.
So next time they yell "The sky is falling," tell them to line their
pockets somewhere else. You should protect yourself, but it's not the
end of the world.
In fact the only time my harddrive got erased on accident was when I was
installing OS/2. It was my fault for not reading the directions. Oops!
"They endanger National Security and the military!"
---------------------------------------------------
Hahahahahahaha! All I have to say is that most viruses (like 99.9%)
attack only personal computers, and any military or government that depends
on personal computers for national security and weaponry has more problems
than viruses. And furthermore, what are they doing letting missile officers
run MacPlaymate on the missile control computer anyhow?
Conclusion
----------
I just hoped I made this virus thing clearer. This is not based
on any virus "expertise" I have, just a thorough knowledge of
computers and my experience with them (which is extensive). I am not a
"virus expert" nor am I a virus author. But next time someone tries to
scare you or calls themselves a "virus professional" call them an idiot.
Just use common sense, make backups, and maybe get a piece of software from
a good company. No one is "out to get you". Most of the virus authors
are teenagers and are actually nice guys who just like to write intricate
programs -- they don't even spread them around! PHALCON/SKISM is a good
example. They don't even want to format a hard drive, just have a little
fun programming. Once in a while one of their "projects" might get out
of hand, but they're not there to make your life miserable. Sure I'd be
pissed at em if Flight Simulator got infected, but no biggie. Just clean
up and reinstall. Don't blame someone else if you don't make backups.
So have phun, and: "Don't worry; be happy!"
P.S. Sara(h) Gordon: Your rebuttal to Phrack touched me. Right about...
...there.
NOT!
(thanks Sarlo)
Tiny Bibliography
-----------------
40HEX - the Journal of viruses published by PHALCON/SKISM. Contains
new viruses by P/S and a lot of source code. Great reading for
programmers, virus authors, and copy-protection people. I've used some
of their disk access tricks for utilities I've written for my 386
system that bypass the device drivers. They also provide an excellent
and professional analysis of virus code with commented source code
from time to time. Tells ya how the varmints really tick. 4 stars!
(When's the next issue, guys?!?)
Hell Pit BBS - Of Sara(h) Gordon fame. If you want to see what a
Virus Exchange BBS is like and why all the screaming, bitching, and whining
that Sara(h) and the other people who call themselves "anti-virus"
people is for nothing, give it a call. Just don't run anything you download.
Most of it is source code, anyhow. Some of it is Sara(h) Gordon's source code.
I wonder if ACM would approve of her "research" in virus propagation?
I hope Hell Pit is still up. Sarah(s) crap caused Kato a lot of trouble
including making people think it was a Fed sting operation (lie).
Various hacker nets - like DarkStar, CyberCrime, etc. A lot
of virus authors can be contacted on these FidoNet type BBS's. Most of
them will answer any question about viruses you have unless you get
too specific like "Duh, what did you write?" or too idiotic like
"Viruses are terrible! Look at what Michaelangelo did!" (not much).
That's just a start, but if you're curious about what viruses really are,
don't ask those "anti-virus" goobers, ask the authors.
------------------------------
Date: Mon, 28 Sep 1992 13:29:05 -0400
From: "(Gary Chapman)" <chapman@SILVER.LCS.MIT.EDU>
Subject: File 2--Defense Conversion Hearing
The Department of Defense has set up a Defense Conversion Commission,
which is traveling around the country to conduct hearings on local
conversion requirements. So far there have been hearings in Atlanta;
Long Beach, California; St. Louis; Dallas; Groton, Connecticut; and
Seattle. The public hearings last one day, and the commission also
visits sites of major defense contractors and speaks to the local
press about defense conversion. The commission is scheduled to
release a report on its findings no later than December 31.
On September 24th, the commission held its hearing in Seattle and
testifying on behalf of CPSR and The 21st Century Project was
Professor Philip Bereano, professor of technology and public policy at
the University of Washington. Phil spoke for ten minutes -- the
alloted time for each hearing witness -- about The 21st Century
Project and its program of democratizing U.S. technology policy and
redirecting research and development programs to peaceful and
environmentally responsible goals.
There were eighteen other hearing witnesses testifying, representing a
broad range of public interest and business organizations, including
Washington State SANE/Freeze, Seattle Women Act for Peace, and the
Washington Association of Churches. Professional organizations
represented included the Seattle Professional Engineering Employees
Association and the IEEE Engineering Manpower Committee. There was
also testimony from the King County Diversification Committee, the
local commission on economic conversion.
There are six members of the commission, most of them Pentagon
officials; there is one representative from the Department of Labor,
and one from the President's Council of Economic Advisers. It is
chaired by David J. Berteau, Deputy Assistant Secretary of Defense for
Production and Logistics, and former director of the DoD's Office of
Economic Adjustment. The representative from the Department of Labor
(and the only woman on the panel) is Robin Higgins, Assistant
Secretary of Labor for Veteran's Employment and Training, a former
Marine officer, and widow of Colonel William R. Higgns, the Marine
officer captured and executed by Lebanese terrorists in 1988.
For more information about the commission and its work, contact the
Commission on Defense Conversion, 1825 K Street, N.W., Suite 310,
Washington, D.C. 20006, or call (202) 653-1664.
------------------------------
Date: Wed, 30 Sep 1992 17:05:06 PDT
From: "(Nikki Draper)" <draper@CSLI.STANFORD.EDU>
Subject: File 3--FBI Wiretap Scheme Examined
FOR IMMEDIATE RELEASE
Contact: Nikki Draper (415) 322-3778
Computer Public Advocacy Group To Examine FBI Wiretap Scheme
at October Annual Meeting.
Palo Alto, Calif., October 1, 1992 -- Computer Professionals for
Social Responsibility (CPSR), the national public interest
organization based here, will take an in-depth look at its recent suit
against the Federal Bureau of Investigation (FBI) during CPSR's 1992
Annual Meeting, October 17th and 18th at Stanford University in Palo
Alto, Calif. CPSR Legal Counsel, David Sobel, will talk about the FBI
suit for the first time since it was filed and moderate a panel
discussion on the politics of cryptography at the annual meeting. The
CPSR annual meeting is a provocative two-day conference that addresses
critical issues facing society as a result of information technology.
CPSR filed suit against the FBI in September, after the Bureau failed
to make public documents that would justify the need for its new
wiretap proposal. The FBI proposal would redesign the telephone
network to make wiretapping easier. Recognizing the importance of
cryptography policy, CPSR catalyzed a national debate earlier this
year, as to whether or not the FBI and National Security Agency (NSA)
should be involved in setting the technical standards for the computer
and communications industry.
The panel discussion will include a screening and discussion of film
clips from the movie, Sneakers. Panelists include, Joan Feigenbaum,
Technical Staff, Computing Principles Research, ATT Bell Labs, John
Gilmore, founder of Cygnus Support, and Dave Banisar, CPSR Policy
Analyst.
CPSR's annual meeting will bring together computer scientists from
across the country to examine the relationship between politics and
technology. Other topics include:
* Teledemocracy & Citizen Participation:
Beyond the Electronic Town Meeting,
This session is an election year look at the dangers and the
opportunities of electronic democracy. Speaker, Susan G. Hadden,
professor in the LBJ School of Public Affairs, University of Texas at
Austin, an expert on telecommunications and citizen participation.
* Everything's Digital! Media Convergence: Hope, Hype or Hell?
This session examines the social implications of multimedia
convergence which is the merging of computer, telephone, and video
technology. Panel discussion with David Bunnell, Editor, New Media,
Denise Caruso, Editor, Digital Media, and Howard Rheingold, Whole
Earth Review
* Envisioning Technology Policy in a Democratic Society;
A panel of technologists looks at the development of American
technology policy. Panelists include, Gary Chapman, The 21st Century
Project, Judy Stern, CPSR/Berkeley, Claire Zvanski, SEIU Local 790.
President of Interval Research, Dave Liddle, will be the keynote
speaker at CPSR's awards banquet Saturday evening. Liddle will be
speaking on the Computing in the 21st Century. IBM researcher,
Barbara Simons will be presented with the 1992 Norbert Wiener Award
for Social and Professional Responsibility in Computing.
Founded in 1981, CPSR is a national, non-profit, public interest
------------------------------
Date: 05 Oct 92 19:05:29 EDT
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 4--Intl. Piracy
Congress Urged to Strengthen International Intellectual Property Laws
Foreign copyright piracy of computer software, as well as movies,
books, and music and audio recordings costs U.S. firms between $12
billion and $15 billion in trade losses each year, says the
International Intellectual Property Alliance.
The Alliance told a Senate Judiciary subcommittee on patents,
copyrights and trademarks that losses in Mexico alone -- which were
not included in the international study -- topped $150 million
annually.
Eric Smith, director of the Alliance, said that although Mexico has
new intellectual property laws, "the situation in Mexico is still
quite serious."
He urged Congress to increase U.S. anti-piracy teams to crack down on
foreign copying operations and aid to foreign nations to help them
write tougher laws and enforce them.
Countries where piracy is particularly prevalent include Italy,
Taiwan, Eastern Europe, Russia, China, Paraguay, Peru, El Salvador,
Guatemala and Honduras. Brazil and Venezuela are considered problem
nations especially for software piracy.
------------------------------
Date: 02 Oct 92 11:13:46 EDT
From: Lance Rose <72230.2044@COMPUSERVE.COM>
Subject: File 5--SysLaw Announcement
NEW SYSLAW BOOK! MASSIVELY REVISED AND EXPANDED!
SysLaw, Second Edition: The Legal Guide for Online Service Providers
by Lance Rose, Esq., and Jonathan Wallace, Esq.
SysLaw provides BBS sysops, network moderators and other online
service providers with basic information on their rights and
responsibilities, in a form that non-lawyers can easily understand.
Subjects covered include the First Amendment, copyrights and
trademarks, the user agreement, negligence, privacy, criminal law,
searches and seizures, viruses and adult materials. SysLaw not only
explains the laws, it gives detailed advice enabling system operators
to create the desired balance of user services, freedom, and
protection from risk on their systems.
SysLaw is available from PC Information Group, 800-321-8285 or
507-452-2824, and located at 1126 East Broadway, Winona, MN 55987.
You may order by credit card or by mail. Price is $34.95 plus $3.00
shipping and (if applicable) sales tax. Price is subject to change
after January 1, 1993. For additional information, please contact
publisher Brian Blackledge at 800-321-8285.
------------------------------
Date: 03 Oct 92 11:54:38 EDT
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 6--Cu News: Dept Store Fraud / "MY PC PAL"
DEPARTMENT STORE COMPUTER FRAUD
The US Attorney's Office in Sacramento, California has announced an
indictment against a Fresno department store for using a 'special
computer program' to alter its financial records. The store,
Gottschalks, has pled guilty to three criminal counts and has agreed
to pay 1.5 million dollars in fines for taking illegal tax deductions
and violating securities exchange laws. The store reportedly
developed the program to overstate sales, supposedly by nearly half a
million dollars in one quarter, allowing it to claim a profit when it
was really operating at a loss. (Information Week, August 3, 1992: 10).
MY COMPUTER, MY FRIEND.
Logitech, Inc recently completed a "PC's and People" survey in which
98% of the 300 computer users surveyed indicated that they feel they
have personal relationships with their machines. In addition, 13%
said they ascribe personalities to their machines, while 9% admitted
that they have named them. At least 50% said they consider their
computers to be extensions of themselves. (CompuServe Magazine,
October 1992: 8)
------------------------------
Date: 7 Oct 92 15:24:01
From: Moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 7--Brazilian Politics in Need of Encryption?
Sometimes those suspected of massive offenses should either learn to
use computers properly or else not commit crimes. The current
Brazilian political scandals, which threaten to topple President
Fernando Collor de Mello, escalated this week when Brazilian
investigators began exploring the computer files of a man reportedly
at the center of the political corruption, Paulo Cesar ("PC") Farias.
According to an article in England's GUARDIAN WEEKLY (Oct 4, 1992 -
thanks to Bruce Sterling for sending it over), unencrypted data files
may provide considerable information describing the extent of his
involvement in Brazilian corruption. According to the article:
Under the filename "Collor", they ((the investigators)) had
found a list of several of the biggest government ministries,
beneath each of which were listed in methodical fashion the
main projects in that ministry, the value of the contracts
allocated and the commissions charged.
One of the most interesting entries concerned the Xingo
hydro-electric power station--the only large development
project undertaken by the Collor government.
This project, involving a consortium of large Brazilian
construction companies, including Mendes Junior and Odebrecht,
has long aroused suspicion, largely because its costs soared
$1.5 billion over budget. Now, thanks to PC's meticulous
accounting, the federal police, working with the tax
inspectors, believe they will be able to find out where most
of the extra money went.
One aspect of the listing remains baffling. At the end of
each entry PC wrote the name of a star or constellation: the
Southern Cross, the Great Bear, the Milky Way, Orion. These
heavenly bodies, the accountants guess but cannot yet
demonstrate, are probably codenames for sensitive information
that PC did not want to entrust to his computer--the names of
the powerful economic groups paying the commissions.
...........
Though part of the computer files are damaged, the
inspectors say they are finding enough evidence to establish
the size of the corruption network and the president's close
involvement in it.
Perhaps somebody could send Brazilian crooks a copy of Phil's Pretty
Good Encryption program and the investigators a registered version of
Norton Utilities.
------------------------------
Date: Wed, 7 Oct 92 17:54:07 EDT
From: <Nigel.Allen@LAMBADA.OIT.UNC.EDU>
Subject: File 8--Police Charge Toronto Teenager in 911 Case
Here is a press release that I received from the Metropolitan Toronto
Police. The Toronto Star ran a story (based on the press release) on
its front page today.
1992 October 06, 1950 hours
Teenage Computer Hacker Nabbed by Police
Detectives from the Major Crime Squad at Police Headquarters have
arrested a 15-year-old North York boy and charged him with a number of
computer-related crimes. Investigations have revealed that on some
occasions his pranks paralyzed the Metropolitan Toronto 911 emergency
telephone system.
Last July, a young man called the 911 emergency number from a
location in the west end of Metropolitan Toronto and reported a number
of medical emergencies which caused units from the Metropolitan
Toronto Police, ambulance services and local fire departments to
respond. All of these calls were determined to be false.
On one occasion, he totally monopolized the 911 system and rendered
it inoperable thereby denying citizens access to the 911 lifeline
throughout the Metropolitan Toronto area.
Bell Canada security officers assisted police in their search for the
source of the calls. Acting on a Criminal Code search warrant, police
today entered a North York home, seized a quantity of computers and
arrested a teen-age boy.
He is to appear in Youth Court, 47 Sheppard Avenue East, North York,
Friday, November 6, 1992, charged with theft of telecommunications, 24
counts of mischief and 10 counts of convey false message.
Investigations are continuing.
(end of press release)
Note from NDA: More information may be available from the public affairs
office of the Metropolitan Toronto Police at (416) 324-2222 or from
Detective W. Johnston of the Major Crime Squad at (416) 324-6245.
------------------------------
End of Computer Underground Digest #4.49
************************************
Computer underground Digest Sun Oct 11, 1992 Volume 4 : Issue 50
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivist: Dan Carosone
Copy Editor: Etaion Jhrdleau, Sr.
CONTENTS, #4.50 (Oct 11, 1992)
File 1--More Ah, Sordid administrivia
File 2--Senate Bill 893 (Anti-Piracy) Passes
File 3--Anti-Piracy Legisla<tion (S 893)
File 4--Sofware Copyright/License Quiz
File 5--Correction on Clarkson article in CuD #4.46
File 6--Is Cyberspace a "Culture?"
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by
anonymous ftp from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au
Back issues also may be obtained from the mail server at
mailserv@batpad.lgb.ca.us
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: 11 Oct 92 15:55:50
From: Moderators (tk0jut2@mvs.cso.niu.edu)
Subject: File 1--More Ah, Sordid administrivia
CuD IS IN THE COMP.SOCIETY USENET HIERARCHY
We continue to receive queries about the change-over from
alt.society.cu-digest TO COMP.SOCIETY.CU-DIGEST. By now, your system
should have switched over. It appears that there are glitches (or
sysad tardiness) on some systems. If your system IS NOT receiving the
comp version, check with your sys ad.
WEEKLY SCHEDULE:
CuD remains committed to a weekly schedule intended to publish about
50 issues a year (with a two week break over Christmas). The recent
twice-a-week schedule is temporary, owing in part to a surge of
material. The anticipated issue on the Software Publisher's
Association (SPA) will be out in about two weeks followed by a second
issue of responses.
SUBMITTING ARTICLES TO CuD:
The switch to the comp hierarchy has led to an increase in inquiries
about submitting articles. A summary of guidelines for longer articles
is available on request and may also be obtained from the FAQ
(frequently asked questions) list provided when requesting a mail
subscription. In general, we encourage all reasonable articles related
to some aspect of "cyber-culture" that have something substantive to
say. We do not publish 2-line "me too" agreements or 1-line "the
previous poster should be shot" flames. We encourage opinions,
debates, news summaries, book reviews, conference notices, conference
summaries, legal information, research summaries or articles,
technical blurbs, or other issues that are of interest to the diverse
interests of computer culture.
MAILING LIST GLITCHES:
We apologize to those on the mailing list for the occasional mailing
glitches (empty mail, garbled subject). The mailing list has increased
by nearly 25 percent in the past two months. We had assumed that the
change to the comp hierarchy would reduce the list, but for every
reader that's switched to Usenet, we've added two who can't access
Usenet. So, we've experimented with a primitive batch mailer that's
not yet perfected. Let us know if there are any problems.
------------------------------
Date: 11 Oct 11 16:29: 34
From: Moderators (tk0jut2@mvs.cso.niu.edu)
Subject: File 2--Senate Bill 893 (Anti-Piracy) Passes
The Senate Thursday night passed a series of Bills that included
S 893, anti-piracy legislation, that criminalizes and creates severe
sentences for anyone convicted under the statute.
The law's language essentially makes it a crime to make copies of
unauthorized software, whether by backup or for distribution on a BBS.
Two provisions seem especially questionable: (1) The provision that
criminalizes reproducing or distributing at least 50 copies of
copyright-infringing software in a 180 day period; and (2) The
provision that criminalizes reproduction or distribution of more than
10 but less than 50 copies of one or more offending programs with a
value of $2,500 or more. Depending on the nature of an offense or
whether it is a second offense, a violator could face a prison term of
up to 10 years. The law seems to target the "hobby pirate" rather
than professional bootleggers. As written, it seems that a user who
possesses an unauthorized copy of Word Perfect 5.1 and backs it up
once every two weeks to tape would violate the "more than ten copies"
provision. The "cost" would presumably exceed the $2,500 threshold.
Or, If a user downloaded 11 different word processing programs from a
BBS to test them before purchase, there is a risk of federal
prosecution even if one of them is purchased.
As with all new laws involving new technology, the scope and nuances
will be worked out in the courts over time. But, this may not prevent
abuse of the law by prosecutors and investigators. There is little
reason to trust in the good faith of prosecutors in alleged crimes
involving new technology (as Sun Devil and other cases demonstrate).
It is hardly unreasonable to create a scenario where one's computer
equipment is confiscated for "evidence" or for a minor offense and
then, if several unauthorized programs are found, to pursue more
serious charges. The wording of the law seems to create considerable
latitude for abuse by law enforcement and for excessive prosecution.
We would guess that, under the new law, a substantial portion of the
computer community has just become criminals.
The law also raises trickier questions. If the sysop of a small
neighborhood BBS has a program on the board, such as Windows 3.1, and
15 people download it, would this make the sysop vulnerable? Has the
sysop actually distributed that single copy? What if a single program
were distributed in a single post over the nets and received by 1,000
people? How about the case where a company's legitimate program, with
serial number intact, were spread to 50 other people by an employee
and then traced back to the legitimate purchaser? Even if the answers
are benign, the potential for over-zealous use of the law risks havoc
for those who, like Steve Jackson Games, ultimately must prove their
innocence to clear their name and have their equipment returned.
The law will likely to little to stifle the bootleggers--those who
profit from resale of unauthorized software. The relatively low
threshold of offense clearly seems to target the casual, "small-time"
computer user and pirate board. It is simply a bad law.
Perhaps it is not coincidental that the Bill's sponsor, Orrin Hatch of
Utah, is from the same state as Word Perfect. It would be convenient
to blame Congress, the SPA, large software manufacturers, or groups
such as the EFF for not taking a strong (or any) stand. In this case,
however, the computer community has only itself to blame. Discussions
with two Senators' aides indicated that IF THEY HAD RECEIVED SOME
REASONABLE RATIONALE DURING DELIBERATIONS, they would have been more
likely to oppose the Bill for further consideration. Senate sources
indicated that the bulk of the opposition came at the 11th hour, too
late to be of significant impact in a highly charged election year.
An aide to Senator Simon, who is normally highly sensitive to
potentially abusive legislation, indicated that the Senator did not
receive a single word of opposition to the Bill until our own call
about two hours prior to the final vote.
If groups like the EFF and CPSR have done nothing else, they have
demonstrated the value of and need for developing a quasi-organized
political constituency for cyber issues. Many of us (CuD included)
assumed that "George would do it." We goofed. If there is any lesson
to be taken from S 893, it is that we should all pay closer attention
to legislation that affects the bulk of the cyber community and not
simply sit back when we have the opportunity to provide input.
The Bill below *IS NOT* the final version, and we are told that there
was some minor last minute changes in wording to reconcile House and
Senate versions. For those wondering if the bill will affect them, we
include in file #4 a "piracy quiz." Take it, then re-read S 893.
------------------------------
Date: 8 Oct 92 12:40:51
From: Anonymous@anon.ymous.com
Subject: File 3--Anti-Piracy Legisla<tion (S 893)
((MODERATORS' COMMENT: The following is not the Bill's final wording.
Some minor changes were made at the last minute. However, it is
substantively the same Bill that is now law)).
BILL TRACKING REPORT
102nd Congress
1st Session
U. S. Senate
S 893
1991 S. 893
AMENDMENT, TITLE 18, UNITED STATES CODE
DATE-INTRO: April 23, 1991
LAST-ACTION-DATE: October 5, 1992
FINAL STATUS: Pending
SPONSOR: Senator Orrin G. Hatch R-UT
TOTAL-COSPONSORS: 2 Cosponsors: 1 Democrats / 1 Republicans
SYNOPSIS: A bill to amend title 18, United States Code, to impose criminal
sanctions for violation of software copyright.
ACTIONS: Committee Referrals:
04/23/91 Senate Judiciary Committee
06/09/92 House Judiciary Committee
Legislative Chronology:
1st Session Activity:
04/23/91 137 Cong Rec S 4837 Referred to the Senate Judiciary Committee
04/23/91 137 Cong Rec S 4862 Remarks by Sen. Hatch
07/25/91 137 Cong Rec D 972 Senate Subcommittee on Patents, Copyrights
and Trademarks approved for full Committee
consideration
08/01/91 137 Cong Rec D 1036 Senate Judiciary Committee ordered favorably
reported
09/23/91 137 Cong Rec S 13465 Cosponsors added
2nd Session Activity:
04/07/92 138 Cong Rec S 4931 Reported in the Senate (S. Rept. No.
102-268)
06/04/92 138 Cong Rec S 7580 Passed in the Senate, after agreeing to
an amendment proposed thereto, by voice
vote
06/04/92 138 Cong Rec S 7580 Senate adopted Specter (for Hatch)
Amendment No. 1868, to make a technical
correction, by voice vote
06/04/92 138 Cong Rec S 7613 Hatch Amendment No. 1868, submitted
06/09/92 138 Cong Rec H 4338 Senate requested the concurrence of the
House
06/09/92 138 Cong Rec H 4445 Referred to the House Judiciary Committee
08/12/92 138 Cong Rec D 1066 House Subcommittee on Intellectual Property
and Judicial Administration held a hearing
09/10/92 138 Cong Rec D 1094 House Subcommittee on Intellectual Property
and Judicial Administration approved for
full Committee action amended
09/30/92 138 Cong Rec D 1246 House Judiciary Committee ordered reported,
amended
10/03/92 138 Cong Rec H 11129 House voted to suspend the rules and pass,
amended, by voice vote
10/03/92 138 Cong Rec H 11129 House agreed to amend the title, by voice
vote
10/03/92 138 Cong Rec H 11196 Reported in the House, amended (H. Rept.
102-997)
10/05/92 138 Cong Rec S 16975 House requested the concurrence of the
Senate
BILL-DIGEST: (from the CONGRESSIONAL RESEARCH SERVICE)
0604/92 (Measure passed Senate, amended ) Amends the Federal criminal code
to impose criminal sanctions for copyright violations involving the
reproduction or distribution, during any 180-day period, of specified
numbers of copies infringing the copyright in one or more computer programs.
CRS Index Terms:
Crime and criminals; Computer software; Copyright infringement; Fines
(Penalties)
CO-SPONSORS:
Original Cosponsors:
DeConcini D-AZ
Added 09/23/91:
Gorton R-WA
FULL TEXT OF BILLS
102ND CONGRESS; 2ND SESSION
IN THE HOUSE OF REPRESENTATIVES
AS REPORTED IN THE HOUSE
S. 893
1991 S. 893;
SYNOPSIS:
AN ACT
To amend title 18, United States Code, to impose criminal sanctions for
violation of software copyright.
DATE OF INTRODUCTION: FEBRUARY 28, 1991
DATE OF VERSION: OCTOBER 5, 1992 -- VERSION: 5
SPONSOR(S):
Sponsor not included in this printed version.
TEXT:
102D CONGRESS
2D SESSION
S. 893
Report No. 102-997
To amend title 18, United States Code, to impose criminal sanctions for
violation of software copyright.
-------------------------------------
IN THE HOUSE OF REPRESENTATIVES
JUNE 9, 1992
Referred to the Committee on the Judiciary
OCTOBER 3, 1992
Reported with amendments, committed to the Committee of the Whole House
on the State of the Union, and ordered to be printed
Strike out all after the enacting clause and insert the part printed in
italic
-------------------------------------
AN ACT
To amend title 18, United States Code, to impose criminal sanctions for
violation of software copyright.
* Be it enacted by the Senate and House of Representatives of the United*
*States of America in Congress assembled, *
** That (a) section 2319(b)(1) of title 18, United States Code, is
amended-
(1) in paragraph (B) by striking "or" after the semicolon;
(2) redesignating paragraph (C) as paragraph (D);
(3) by adding after paragraph (B) the following:
"(C) involves the reproduction or distribution, during any
180-day period, of at least 50 copies infringing the copyright
in one or more computer programs (including any tape, disk, or
other medium embodying such programs); or";
(4) in new paragraph (D) by striking "or" after "recording,"; and
(5) in new paragraph (D) by adding ", or a computer program",
before the semicolon.
(b) Section 2319(b)(2) of title 18, United States Code, is amended-
(1) in paragraph (A) by striking "or" after the semicolon;
(2) in paragraph (B) by striking "and" at the end thereof and
inserting "or"; and
(3) by adding after paragraph (B) the following:
"(C) involves the reproduction or distribution, during any
180-day period, of more than 10 but less than 50 copies
infringing the copyright in one or more computer programs
(including any tape, disk, or other medium embodying such
programs); and".
(c) Section 2319(c) of title 18, United States Code, is amended-
(1) in paragraph (1) by striking "and" after the semicolon;
(2) in paragraph (2) by striking the period at the end thereof and
inserting "; and"; and
(3) by adding at the end thereof the following:
"(3) the term 'computer program' has the same meaning as set forth
in section 101 of title 17, United States Code.".
*SECTION 1. CRIMINAL PENALTIES FOR COPYRIGHT INFRINGEMENT. *
* Section 2319(b) of title 18, United States Code, is amended to read as*
*follows: *
* "(b) Any person who commits an offense under subsection (a) of this *
*section- *
* "(1) shall be imprisoned not more than 5 years, or fined in the *
* amount set forth in this title, or both, if the offense consists of *
* the reproduction or distribution, during any 180-day period, of at *
* least 10 copies or phonorecords, of 1 or more copyrighted works, *
* with a retail value of more than $2,500; *
* "(2) shall be imprisoned not more than 10 years, or fined in the *
* amount set forth in this title, or both, if the offense is a second *
* or subsequent offense under paragraph (1); and *
* "(3) shall be imprisoned not more than 1 year, or fined in the *
* amount set forth in this title, or both, in any other case.". *
*SEC. 2. CONFORMING AMENDMENTS. *
* Section 2319(c) of title 18, United States Code, is amended- *
* (1) in paragraph (1) by striking " 'sound recording', 'motion *
* picture', 'audiovisual work', 'phonorecord'," and inserting " *
* 'phonorecord' "; and *
* (2) in paragraph (2) by striking "118" and inserting "120". *
Amend the title so as to read: "An Act to amend title 18, United States
Code, with respect to the criminal penalties for copyright
infringement.".
Passed the Senate June 4 (legislative day, March 26), 1992.
Attest:
WALTER J. STEWART,
* Secretary.*
------------------------------
Date: 04 Oct 92 21:26:21 EDT
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 4--Sofware Copyright/License Quiz
SOFTWARE COPYRIGHT/LICENSE QUIZ
by Albert Silverman
Introduction
This is the second article in a series on "piracy"--with a reverse
twist. This series currently includes the following articles:
(1) Great Software Licensing Hoax (PIRACY1.TXT)
(2) Software Copyright/License Quiz (PIRACY2.TXT)
(3) Great School Copyright Robbery (PIRACY3.TXT)
(4) San Diego County--Truth Squad (PIRACY4.TXT)
(5) ADAPSO and SPA--Trade Pirates (PIRACY5.TXT)
(6) Aldus--Snaring a Pirate Chief! (PIRACY6.TXT)
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
You cannot reject the computer software industry's attempted piracy of
YOUR legal rights in the handling of your computer software, while at
the same time avoiding committing piracy yourself, unless you
understand the basic applicable laws. Please note that the following
quiz goes somewhat beyond these basic legal principles; hence the
knowledge which is required to answer many of these questions does not
fit the "basic" description. Answer "YES" or "NO," based upon your
understanding of these laws. Although several of these questions have
not been specifically addressed in the courts, the answers (which are
given following the list of questions) reflect a highly probable
decision if the question were to reach the courts. Answer as many of
the questions that you can (or that you can even understand!) before
looking up the answers. Good luck!
___ (01) Do you violate the copyright law by making a backup copy
of a copy-protected program, even though the software publisher
furnishes a second (pseudo-backup) copy labeled "archival" or
"backup"?
___ (02) Do you violate the copyright law by having (as opposed to
using simultaneously) more than a single backup copy of one program
on hand?
___ (03) Do you violate the copyright law by using a backup copy
which you have made instead of using the purchased copy, even
though the purchased copy has not been damaged?
___ (04) Do you violate the copyright law by paying someone else
to make a backup copy FOR you, rather than making it yourself?
___ (05) You have purchased a single copy of a copy-protected
program. In order to make a backup copy, it is necessary to alter the
scheme of copy-protection. However, this alteration cannot be
detected while using the program; apart from the "invisible" altered
copy-protection, the backup copy is identical with the original copy
from which it was prepared. Do you violate the copyright law by
transferring this backup copy along with the original copy?
___ (06) You are licensing the use of a computer program and the
license agreement forbids you from adapting and/or modifying the
program in any manner. Can you be successfully prosecuted for
violating the license agreement if you choose to disregard this
prohibition?
___ (07) A school loads a copy of a computer program which it
owns onto a network for distribution to ten computers for use by ten
students in its computer classroom. Is the school guilty of violating
the copyright law?
___ (08) You are licensing the use of a program and the license
agreement forbids you from using the software on more than one CPU
(central processing unit) at a time. Can you be successfully
prosecuted for violating the license agreement if you disregard this
restriction?
___ (09) You are licensing the use of a program and the license
agreement forbids you from lending it. Can you be successfully
prosecuted for violating the license agreement if you lend this
program to a friend, without charge?
___ (10) Do you violate the copyright law by lending to a friend,
without charge, the original copy of a computer program to which
you own the title?
___ (11) Do you violate the copyright law by copying a single
purchased program to hard disks on several computers within a
business establishment?
___ (12) If you purchase the title to a computer program and the
package contains two otherwise-identical disks, one of which is
labeled "archival" or "backup," do you violate the copyright law by
using both disks at the same time on separate computers?
___ (13) You are licensing the use of a copy-protected computer
program. Two copies of the program are supplied by the publisher,
one of which is labeled "archival." The license agreement forbids
the simultaneous use of both copies on separate computers. Can you
be successfully prosecuted for violating the agreement if you fail to
heed this prohibition?
___ (14) If you purchase the title to a computer program and the
package contains two otherwise identical disks, one of which is
labeled "archival" (or "backup"), do you violate the copyright law by
selling the archival (or backup) disk while retaining ownership of
the other disk?
___ (15) Do you violate the copyright law by possessing a copy of a
computer program when you do not rightfully possess the original
from which the copy was prepared?
___ (16) You are licensing the use of a program and the license
agreement forbids you from making more than two backup copies of
the software. Can you be successfully prosecuted for violation of
the license agreement if you make three backup copies?
___ (17) You are licensing the use of a program and the license
agreement forbids you from making more than two backup copies of
the software. Are you guilty of copyright infringement if you make
three backup copies?
___ (18) You are licensing the use of a program and the license
agreement forbids you from creating a derivative work based upon
the program. Can you be successfully prosecuted for violation of the
license agreement if you disregard this prohibition?
___ (19) You are licensing the use of a program and the license
agreement forbids you from creating a derivative work based upon
the program. Do you violate the copyright law if you disregard this
prohibition?
___ (20) You agree with a software publisher, in writing, that you
will place a copyright notice on the disk label of a backup copy
which you make of the program. Do you violate ANY law (i.e., either
breach the agreement or infringe the copyright) by failing to do so?
___ (21) You purchase a computer program and find, after you open
the package, that there is a plain, sealed envelope containing the
program disk. There is also, printed on a separate sheet among the
various papers enclosed with the program, a license agreement
containing a clause that prohibits you from selling it. The document
of agreement states that the software publisher is retaining the
title to the software. Can you be successfully prosecuted for
violating the license agreement if you sell the program?
___ (22) You are licensing the use of a computer program and are
provided with a 5 1/4" disk and a 3 1/2" disk, both of which contain
the same program. The license agreement states that you cannot use
these two disks simultaneously on different computers. Can you be
successfully prosecuted for violating the license agreement if you
fail to obey this restriction?
___ (23) You purchase a computer program which is recorded on
both a 5-1/4" disk and a 3-1/2" disk that are contained in a plain,
sealed envelope inside the software package. You are not able to use
the 3-1/2" disk and therefore give it to a friend. Impatient to use
the program, you do not open the instruction manual before you load
the program from the 5-1/4" disk into your computer. Later, during
the use of this program, you decide to look up in the manual some
point about the operation of the program. Upon opening the manual,
you find a license agreement inside, which prohibits you from using
both disks simultaneously on separate computers. Have you violated
ANY law by giving away the 3-1/2" disk?
___ (24) You purchase the title to an upgrade of a computer
program but are not required to exchange the earlier version for the
upgraded version. Do you violate ANY law if you sell the earlier
version, for which you no longer have any use?
___ (25) You work for a newspaper and are preparing to write an
article about a particular computer program. Your friend, who is
licensing the use of a copy of this program, makes a copy and gives
it to you for your use in preparing this article. The license
agreement restricts the use of the program to one CPU at a time. Is
either of you guilty of violating ANY law?
___ (26) You are licensing the use of a program and the license
agreement prohibits you from disassembling the program source
code. Do you violate ANY law if you fail to heed this prohibition?
___ (27) You are licensing the use of a computer program and the
license agreement prohibits you from exporting the software to a
country to which the United States bans such exports. Can you be
successfully prosecuted for violation of the agreement if you export
the software?
___ (28) Do you violate the copyright law by renting a computer
program to which you own the title?
___ (29) You have received a free copy of a copyrighted program
over an electronic bulletin board. The operator of the bulletin board
has been given permission by the copyright owner to distribute the
program in this manner. You are also warned in an accompanying
notice that you are not permitted to sell this copy. Do you violate
ANY law by selling the program against the wishes of the copyright
owner?
___ (30) Do you violate the copyright law by making a backup copy
of an unprotected (i.e., not copy-protected) program and lending it to
a friend, without charge, while retaining but not using the original
copy as long as your friend is in possession of the borrowed backup
copy?
___ (31) You are licensing the use of a computer program and the
license agreement contains a clause which states that you must
destroy a backup copy that you have made if you sell the program. Do
you violate ANY law if you sell the program and transfer, along with
the original copy, an exact copy which you made for backup
purposes?
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ANSWERS
The "Section" numbers referred to in these answers refer to the
applicable portions of the copyright laws.
(01) NO:
Your right to make backup copies of a program under Section 117 is
not affected by the presence of copy-protection nor by the number of
copies of the program which you own.
(02) NO:
Paragraph (2) of Section 117 contains the phrase: "all archival
copies are destroyed." The closing paragraph of Section 117
contains the phrase: "the copy from which such copies were
prepared." The CONTU report that provides the intent of this statute
also contains the phrase: "and to prepare archival copies of it."
Since you are permitted to make more than one backup copy, it
follows that you may have more than one copy on hand at one time.
(03) NO:
The intent of Section 117 of the copyright law is to protect the
purchased copy of the program from damage by mechanical or
electrical failure. This is most easily accomplished by the day-to-
day use of a backup copy in place of the purchased copy.
(04) NO:
The opening sentence of Section 117 contains the phrase: "to make or
authorize the making of."
(05) NO:
Since a program that is "altered" by modifying or removing the
scheme of copy-protection cannot be distinguished in its operation
from the original program from which it was prepared, it contains
all of the information about the content of the copyrighted material.
Hence it may be transferred along with the original copy; in
accordance with the transfer provision of Section 117, it is an
"exact" copy of the program.
(06) NO:
The adaptation and/or modification of a copyrighted work belongs
within the exclusive province of the federal copyright law and
cannot be restricted within an agreement.
(07) YES:
Since the simultaneous use of unauthorized copies in an educational
setting negatively impacts the market for the program, it violates
the doctrine of "fair use."
(08) NO:
In order to use a single program on several computers
simultaneously, you must make copies (either permanent or
temporary, via a network) of that program. Since the making and/or
use of copies is regulated under the copyright law, such conduct
cannot be restricted within a license agreement.
(09) YES:
Section 109(d) permits the one who owns the title to a program to
control its transfer by means of an agreement.
(10) NO:
Section 109(a) permits the one who owns the title to a computer
program to transfer it without the permission of the copyright
owner. Section 109(b)(1)(A) does not prohibit the one who owns the
title from lending the program without charge; rather, it forbids the
lending of software for the purpose of direct or indirect commercial
advantage.
(11) YES:
A hard disk copy is equivalent to a backup copy which is used as a
working copy in place of the original copy. Thus using a single
program simultaneously from several hard disks is equivalent to the
simultaneous use of backup copies. This is forbidden by the doctrine
of "fair use" in Section 107, due to the negative impact upon the
market for the program.
(12) NO:
Since you rightfully own two copies of the program, you do not
violate the copyright law by using these copies as you see fit,
despite the labeling by the software publisher of one of the copies
as "archival" or "backup."
(13) YES:
Since you do not own the title to the program, you must obey any
restrictions imposed by the title owner upon the use of publisher-
furnished copies of the program.
(14) NO:
Section 109(a) permits the title owner to transfer either disk,
without regard to its labeling.
(15) NO:
Mere possession of an "orphaned" copy does not violate the copyright
law, since its intended use may qualify for a "fair use" exception. If
there is no "fair use" exception, the purchased original from which
the copy was prepared may have been destroyed, in which case the
use of the orphaned copy does not violate the copyright law.
(16) NO:
Since the making of backup copies is regulated under the copyright
law, this conduct cannot be restricted within a license agreement.
Since Section 117 does not limit the number of backup copies which
can be made, you are not guilty of copyright infringement if you
make more than a single backup copy.
(17) NO:
Section 117 places no limit upon the number of backup copies which
can be made.
(18) NO:
The creation of a derivative work is regulated under the copyright
law and cannot be restricted within a license agreement.
(19) YES:
Under Section 106, the copyright owner has the exclusive right to
create a derivative work.
(20) NO:
Since matters involving the copyright notice are regulated under the
copyright law, your failure to heed a copyright notice requirement
imposed by the software publisher cannot be prosecuted as a
violation of the agreement. Since you may make backup copies, free
from any requirement to add anything to whatever copyright notice
might exist on the original copy, you do not violate the copyright law
by failing to supplement the copyright notice that exists on the
original copy.
(21) NO:
Since you were able to access the program disk without being aware
of the existence of a license agreement, the execution of the
agreement is defective. Therefore you have purchased the title to
the program, even though the so-called "license agreement" states
that the software publisher is retaining the title. Thus you are free
to sell the program without his permission, in accordance with the
provisions of Section 109(a).
(22) YES:
Since you do not own the software, you are bound to obey and use
restrictions which are imposed upon you by the one who owns the
title.
(23) NO:
You own the title to the software since you were able to gain access
to the program without being aware of the existence of both a
license agreement and the fact that the software publisher is
retaining the title. Any so-called "license agreement" which appears
only in the instruction manual and is not referenced before you can
gain access to the program disk is not a valid document of
agreement. Hence you are free to transfer either one or both of the
disks without permission from the copyright owner.
(24) NO:
Since you are not licensing the use of the program, Section 109(a)
permits you to sell EITHER version of the program without the
permission of the copyright owner.
(25) NO:
Since the making and/or use of copies is regulated under the
copyright law, this conduct cannot be restricted within a license
agreement. You are not guilty of violating the copyright law, since
the copyright law permits the use of an unauthorized copy for
journalistic use under the doctrine of "fair use."
(26) NO:
Disassembly of a program may be required as one step in creating a
derivative work, which is conduct that is regulated under the
copyright law. Hence disassembly cannot be prohibited within a
license agreement. Yet the mere act of disassembling a computer
program does not, in itself, constitute the creation of a derivative
work. Hence you may do so without violating the copyright law.
(27) NO:
The export of software is regulated under federal law. Hence it
cannot be prohibited within a license agreement.
(28) YES:
Section 109(b)(1)(A) prohibits the rental of software, whether or
not you own the title to it.
(29) NO:
You have acquired the title to the software, by virtue of the method
which you have obtained it. Section 109(a) permits the one who
owns the title to a computer program to sell it without the
permission of the copyright owner.
(30) YES:
Section 117 requires that any backup copy that is transferred must
accompany the original copy from which it was prepared.
(31) NO:
The transfer of backup copies is regulated under the copyright law
and cannot be restricted within an agreement. You are not guilty of
copyright infringement, since Section 117 permits any exact copies
to be transferred along with the original from which they were
prepared.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Read all about it in "THE COPYRIGHT GAME, ETC.--A Strategic Guide
for the Computer Software User," by Albert Silverman. ISBN
0-9527435-1-8. 330 pages in nominal 8-1/2"x11" format,
softbound with an attractive cover.
What is the purpose of this book? Replacing the legal Mumbo-Jumbo
with plain English, it provides an all-inclusive, detailed, and
impartial explanation of the computer software copyright laws,
using past court cases for clarification of obscure language in the
written letter of the law. Since there is NO commercially-generated
distortion, it is likely that you will find some surprises; i.e., which
run contrary to the industry's self-serving "interpretation" of the
law. Thoroughly debunked is the industry's attempt to pirate your
legal rights by the use of a phony "licensing strategy." Included is a
detailed and entertaining analysis of several leading Software
License Agreements. In summary, you are provided with sufficient
and accurate information (i.e., the legal FACTS) to permit you to
handle your computer software in the manner intended by the U.S.
Congress, while safely ignoring those industry perversions of the
law which seek to gain for it an unfair advantage--at YOUR expense.
Exposed in great detail is the outrageous software industry piracy of
the legal rights of unsophisticated software users (directed by
unconcerned educational administrators) within the California
public schools. For the first time ever, this well-hidden scheme has
been unearthed (with supporting and incriminating documentation
from my extensive research into the inner educational sanctum) and
is being made public. Although this ongoing effort is particularly
well-organized in California, the premier "computer state," it
blankets the entire nation, leaving no educational level uncovered.
The disastrous result of this exceptionally cozy relationship
between the computer software industry and the California
Department of Education is explained. If you are at all concerned
about the way in which this illicit educational-commercial
"partnership" affects the integrity of computer education in your
public schools and drains away your tax money to line the software
industry's pockets with unwarranted profits, this book is essential
reading.
What will NOT be found in this book? Since its sole purpose is to
ensure that you understand precisely what conduct is required for
your (simultaneous) compliance with federal copyright law and state
licensing law, there are no sermons about your "moral" or "ethical"
obligations. That is, it is only your hard and fast LEGAL obligations
which are addressed. The industry's "moral suasion" is most often
an attempt to get the software user to obey the law; i.e., it is a
substitute for the economically-unfeasible prosecution of small-
scale violations of the copyright law. On the other hand, there may
also be a piratical attempt to make an end-run around the law. That
is, when there is NO ground for legal action against the software
user, the industry may seek to gain its own way, either by shaming
the user with claims of immoral and/or unethical conduct or by the
use of a phony (and usually coercive) "license." This book sorts it
all out for you.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
The price of $19.92 (check or money order) includes $4.50 for
handling, shipping by UPS, and sales tax if shipped to a California
address. A street address is required for shipping purposes. Off-
the-shelf delivery from:
INTELLOGIC PRESS
P.O. Box 3322
La Mesa CA 91944
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Any questions? If you want information about the subject matter of
this article, or if you want more information about my book, send me
a message by GE Mail. My GEnie mail address is A.SILVERMAN4.
Or you may write to me at the above address, enclosing a stamped, self-
addressed envelope if you would like a reply.
------------------------------
Date: Sun, 11 Oct 92 16:44:51 -0400
From: sross@CRAFT.CAMP.CLARKSON.EDU(SUSAN M. ROSS)
Subject: File 5--Correction on Clarkson article in CuD #4.46
In CuD #4.46 (September 27, 1992) File #4 was a reprint of the most
recent Clarkson Closeup with a question about the "CompuServe Case"
mentioned in the "Close-up" write-up. There are inaccuracies in the
description of the case which may be the reason the case sounded like
news to Rob Woiccak -- and, perhaps, others. The alleged nature of the
objectional language was defamatory rather than obscene and the
material appeared in an independent newsletter "Rumorville" a "gossip"
feature about broadcast journalists. The alleged offense was
disparaging comments made about another "gossip" feature called
"Skuttlebut." This was the case in which Judge Leisure ruled that
CompuServe, like a library or bookstore, is not considered responsible
for what it carries. Therefore, CompuServe won its fight to be removed
from the suit. I never learned whether the complaint against the
"writer" of "Rumorville" was pursued further. I believe his name is
Mr. Fitzpatrick. Does anyone know the outcome of the case?
Thank you for letting me attempt to correct the inaccuracies. And
thanks, Rob, for taking notice and suggesting sources of information.
A first paper on my research will be presented at a conference later
this month.
Susan Ross, Technical Communications
Clarkson U. (sross@craft.camp.clarkson.edu)
P.S. Another case about which I'd be interested in additional info is
Alana Shoars vs Epsom, a case I believe to have been about
employer electronic monitoring of an employee or employees.
------------------------------
Date: 11 Oct 92 15:58:19
From: Moderators (tk0jut2@mvs.cso.niu.edu)
Subject: File 6--Is Cyberspace a "Culture?"
The following comments may be of interest primarily to social
scientists, especially students doing research. They derive from
discussions especially with grad students and a professors who have
experienced difficulty in convincing potential dissertation committee
members or editors that cyberspace constitutes a "culture" and is,
therefore, a legitimate topic for research for cultural analysis.
Ethnographers--those who study the meanings of a culture from the
natives' point of view--seem especially vulnerable to the criticism by
outsiders that little in the net-world is of cultural significance.
Although based on ignorance of the nets, this criticism dismisses as
legitimate the intents of potential scholars. These comments are
simply an attempt to provide the initial basis for the question: "Can
studies of cyberspace be cultural or ethnographic?"
The concept of "culture" is one of the broadest and vaguest in use by
social scientists. Whether a given group does or does not constitute a
culture is usually a determination made by the researcher. Although
I'm not convinced that culture is simply anything a researcher says it
is, I do agree that it is an ambiguous concept. At a minimum, a
"culture" includes some identifiable set(s) of norms, language,
expectations, boundary mechanisms, identity formation processes,
entry/exit rituals, and other identifying symbolic artifacts and
social processes that link participants. A culture of "garage sales,"
"bar rooms," "little league baseball," or BBSes would surely qualify
as a culture. As would some specific newsgroups or "the internet
culture."
If we define culture broadly as a complex system of signs and codes,
then the def of Van Maanen and Barley is useful:
In crude relief, culture can be understood as a set of solutions
devised by a group of people to meet specific problems posed by
situations they face in common. . .This notion of culture as a
living, historical product of group problem solving allows an
approach to cultural study that is applicable to any group, be it
a society, a neighborhood, a family, a dance band, or an
organization and its segments.
For social ethnographers, Chicago School ethnography provides the basic
model for how cultural studies of micro-cultures (or subcultures)
within a broader culture might proceed. Named after the University of
Chicago, where anthropological culture methods analysis were applied
to small-scale urban scenes in the 1920s and 1930s, the Chicago
School of ethnography emphasized, but was not restricted to,
participation with and interviews of participants in the chosen
research site. There are some who feel that cyberspace is not only not
a culture, even if it were it could not be studied as one because of
the absence of face-to-face contact.
In my view, the judgment that "Chicago school ethnography" is limited
to taxi-dance halls or hookers in hotels, as it is for many
conventional Chicago school adherents is abysmally narrow. Early
Chicago ethnographers illustrated how documents can be used to
reconstruct cultural processes and meanings (eg, The Polish Peasant),
suggesting that cultural artifacts hardly need depend on participant
observation. More recent Chicago-influenced ethnographers, such as the
"Chicago Irregulars" of the 1960s and their followers, have expanded
the data sources dramatically. Hence, neither the method (participant
observation ((PO)) nor the data source (a face-to-face setting) are
the defining characteristics of ethnography.
However, even if PO were a necessary criterion (which it's not), then
BBS/cyber-related research could certainly qualify. It should also be
noted that the early Chicago ethnographers themselves revised the
then-conventional view of ethnography as defined primarily by
anthropologists as they applied broad cultural studies to a more
narrow urban scene. Changing technology creates and opens up for
analysis new terrains that were not anticipated by the "originals." A
"hacker culture," for example, cannot be studied by hanging out in a
conventional locale requiring f2f interaction, which changes the
definition of PO, which normally presumes f2f interaction.
Cyber-culture (culture that exists in an electronic medium) provides a
number of artifacts by which to establish "the meaning of activity from
the participants' point of view"--on-line interactions (logs),
newsletters and other documents, clothes (t-shirts) and other stuff by
which to "read off" and analyze it. The works of semioticians and
postmodernists expand theoretical and conceptual methods by which to
do this (for those who want to move beyond the past).
Guess if I had to make a short response to editors or others who
claimed that analysis of cyber-culture is not (Chicago) ethnography,
it would be "Get a clue!"
Comments?
------------------------------
End of Computer Underground Digest #4.50
************************************
Computer underground Digest Wed Oct 14, 1992 Volume 4 : Issue 51
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivist: Dan Carosone
Copy Editor: Etaion Jhrdleau, Sr.
CONTENTS, #4.51 (Oct 14, 1992)
File 1--House Judicial Comm. Report on INSLAW
File 2--Trial Date Set In New York "Hacker" Case
File 3--News Reports Of 911 Attacks
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by
anonymous ftp from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au
Back issues also may be obtained from the mail server at
mailserv@batpad.lgb.ca.us
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: 8 Oct 92 22:04:31
From: Moderators (tk0jut2@mvs.cso.niu.edu)
Subject: File 1--House Judicial Comm. Report on INSLAW
((MODERATORS' COMMENT: The INSLAW case, in which the Department of
Justice may be implicated in software piracy and its coverup, may gets
its day in Congress. The House Committee on the Judiciary submitted
its report entitled "The Inslaw Affair," which strongly advocated
Congressional hearings on the case. Following is the Committee's
summary (the entire report is about 430 K).
We are indebted to pinknoiz@well.sf.ca.us (Bob Gonsalves) for the
prodigious effort of scanning and editing the file. Bob has previously
made other lengthy public documents available to the nets, and his
contributions are invaluable. Bob's computer activities include
consulting on advanced multimedia projects - design and implementation
of video and audio signal processing systems and artworks that arise
from the processes. He also offers computer assistance to political
researchers. His next big project, which will take about a half year,
is to scan in the House Select Committee on Assassinations report that
was issued in the late 70's. He hopes to make it available, for non
commercial purposes, to net.
The entire document is available from the CuD ftp site (ftp.eff.org)).
+++++++++++++++++++++++
THE INSLAW AFFAIR
SEPTEMBER 10, 1992.-Committed to the Committee of the Whole
House on the
State of the Union and ordered to be printed
Mr. BROOKS, from the Committee on the Judiciary, submitted
the following
INVESTIGATIVE REPORT
together with
DISSENTING AND SEPARATE DISSENTING VIEWS
BASED ON A STUDY BY THE FULL COMMITTEE
On August 11, 1992, the Committee on the Judiciary
approved and adopted a report entitled, '"The INSLAW
Affair." The chairman was directed to transmit a copy to the
Speaker of the House.
I. SUMMARY
The Department of Justice has long recognized the need
for a standardized management information system to assist
law enforcement offices across the country in the
recordkeeping and tracking of criminal cases. During the
1970's, the Law Enforcement Assistance Administration (LEAA)
funded the development by INSLAW1
of a computer software system called the Prosecutor's
Management Information System or PROMIS. This system was
designed to meet the criminal prosecutor workloads of large
urban jurisdictions; and by 1980, several large U.S.
attorneys offices were using the PROMIS software. At this
time, INSLAW (formerly
called the Institute for Law and Social Research) was a
nonprofit corporation funded almost entirely through
Government grants and contracts. When President Carter
terminated the LEAA, INSLAW converted the company to a for-
profit corporation in 1981 to commercially market PROMIS.
The new corporation made several significant improvements to
the original PROMIS software and the resulting product came
to be known as INSLAW's proprietary Enhanced PROMIS. The
original PROMIS was funded entirely with Government funds
and was in the public domain.
In March 1982, the Justice Department awarded INSLAW,
Inc., a $10 million, 3-year contract to implement the public
domain version of PROMIS at 94 U.S. attorneys' offices
across the country and U.S. Territories. While the PROMIS
software could have gone a long way toward correcting the
Department's longstanding need for a standardized case
management system, the contract between INSLAW and Justice
quickly became embroiled in bitterness and controversy which
has lasted for almost a decade. The conflict centers on the
question of whether INSLAW has ownership of its privately
funded "Enhanced PROMIS." This software was eventually
installed at numerous U.S. attorneys' offices after a 1983
modification to the contract. While Justice officials at the
time recognized INSLAW's proprietary rights to any privately
funded enhancements to the original public domain version of
PROMIS, the Department later claimed that it had unlimited
rights to all software supplied under the contract. (See
section of report entitled, "The Department Misappropriated
INSLAW Software.'")
INSLAW attempted to resolve the matter several times but
was largely met with indifference or hostility by Department
officials. Eventually, the Department canceled part of the
contract and, by February 1985, had withheld at least $1.6
million in payments. As a result, the company was driven to
the brink of insolvency and was threatened with dissolution
under chapter 7 of the bankruptcy laws. Department officials
have steadfastly claimed the INSLAW controversy is merely a
contract dispute which has been blown out of proportion by
the media. INSLAW's owners, William and Nancy Hamilton,
however, have persisted in their belief that the
Department's actions were Part of a high level conspiracy
within Justice to steal the Enhanced PROMIS software.
A. INSLAW ALLEGATIONS
Based on their knowledge and belief, the Hamiltons have
alleged that high level officials in the Department of
Justice conspired to steal the Enhanced PROMIS software
system. As an element of this theft, these officials, who
included former Attorney General Edwin Meese and Deputy
Attorney General Lowell Jensen, forced INSLAW into
bankruptcy by intentionally creating a sham contract dispute
over the terms and conditions of the contract which led to
the withholding of payments due INSLAW by the Department.
The Hamiltons maintain that, after driving the company into
bankruptcy, Justice officials attempted to force the
conversion of INSLAW's bankruptcy status from Chapter 11:
Reorganization to Chapter 7: Liquidation. They assert that
such a change in bankruptcy status would have resulted in
the forced sale of INSLAW'S assets, including Enhanced
PROMIS to a rival computer company
called Hadron, Inc., which, at the time, was attempting
to conduct a hostile buyout of INSLAW. Hadron, Inc., was
controlled by the Biotech Capital Corporation, under the
control of Dr. Earl Brian, who was president and chairman of
the corporation. The Hamiltons assert that even though the
attempt to change the status of INSLAW's bankruptcy was
unsuccessful, the Enhanced PROMIS software system was
eventually provided to Dr. Brian by individuals from the
Department with the knowledge and concurrence of then
Attorney General Meese who had previously worked with Dr.
Brian in the cabinet of California Governor Ronald Reagan
and later at the Reagan White House. According to the
Hamiltons, the ultimate goal of the conspiracy was to
position Hadron and the other companies owned or controlled
by Dr. Brian to take advantage of the nearly 3 billion
dollars, worth of automated data processing upgrade
contracts planned to be awarded by the Department of Justice
during the 1980's.
Information obtained by the Hamiltons through sworn
affidavits of several individuals, including Ari Ben-
Menashe, a former Israeli Mossad officer, and Michael
Riconosciuto, an individual who claims to have ties to the
intelligence community, indicated that an element of this
ongoing criminal enterprise by Mr. Meese, Dr. Brian and
others included the modification of the Enhanced PROMIS
software by individuals associated with the world of covert
intelligence operations. The Hamiltons claim the
modification of Enhanced PROMIS was an essential element of
the enterprise, because the software was subsequently
distributed by Dr. Brian to intelligence agencies
internationally with a "back door" software routine, so that
U.S. intelligence agencies could covertly break into the
system when needed. The Hamiltons also presented information
indicating that PROMIS had been distributed to several
Federal agencies, including the FBI, CIA, and DEA.
B. COMMITTEE INVESTIGATION
Due to the complexity and breadth of the INSLAW
allegations against the Department of Justice, the
committee's investigation focused on two principal
questions: (1) Did high level Department officials convert,
steal or otherwise misappropriate INSLAW's PROMIS software
and attempt to put the company out of business; and, (2) did
high level Department of Justice officials, including
Attorney General Edwin Meese and then Deputy Attorney
General Lowell Jensen, and others conspire to sell,
transfer, or in any way distribute INSLAW's Enhanced PROMIS
to other Federal agencies and foreign governments?
1. DID THE DEPARTMENT CONVERT, STEAL OR MISAPPROPRIATE THE
PROMIS SOFTWARE?
With regard to the first question, there appears to be
strong evidence, as indicated by the findings in two Federal
court proceedings as well as by the committee investigation,
that the Department of Justice "acted willfully and
fraudulently"2 and "took, con-
verted and stole"3 INSLAW's Enhanced PROMIS by "trickery,
fraud and deceit."4 It appears that these actions against
INSLAW were implemented through the project manager from the
beginning of the contract and under the direction of high
level Justice Department officials.
Just 1 month after the contract was signed, Mr. C.
Madison "Brick" Brewer, the PROMIS project manager, raised
the possibility of canceling the INSLAW contract. During an
April 14, 1982, meeting of the PROMIS Project Team, Mr.
Brewer, and others discussed terminating the contract with
INSLAW for convenience of the Government. Mr. Brewer did not
recall the details of the meeting but said that if this
recommendation was made, it was made "in jest."5 Based on
notes taken at this meeting by Justice officials, Bankruptcy
Court Judge George Bason found that Mr. Brewer's
recommendation to terminate the INSLAW contract,
"Iconstituted a smoking gun that clearly evidences Brewer's
intense bias against INSLAW, his single-minded intent to
drive INSLAW out of businessI."6 By his own admission, Mr.
Brewer became upset when INSLAW claimed that it had made
enhancements to the public domain version of PROMIS using
private funds. In his view, under the contract all versions
of PROMIS were the Government's property. It is clear from
the record that Mr. Brewer and Mr. Videnieks (the PROMIS
contracting officer), supported by high level Justice
officials continued to confront INSLAW at every turn. As
Senior District Court Judge Bryant stated in his ruling on
the case: '"There was unending contention about payments
under this contract and the rights of the respective
parties."
Over the life of the contract, INSLAW made several
attempts to reach an agreement with the Department over its
proprietary rights to the Enhanced PROMIS software. The
Department, however, steadfastly refused to conduct any
meaningful negotiations and exhibited little inclination to
resolve the controversy. In the meantime, INSLAW was pushed
to the brink of financial ruin because the Department
withheld at least $1.6 million in critical contract payments
on questionable grounds, and in February 1985 was forced to
file for protection under chapter 11 of the Bankruptcy Code
in order to stay economically viable. INSLAW at this time
had installed PROMIS at the 20 largest U.S. attorneys'
offices across the country as required by the contract.7 The
Department had earlier canceled installation of PROMIS at
the 74 smaller offices.
While refusing to engage in good faith negotiations with
INSLAW, Mr. Brewer and Mr. Videnieks, with the approval of
high level Justice Department officials, proceeded to take
actions to misappropriate the Enhanced PROMIS software.
These officials knew that INSLAW had installed Enhanced
PROMIS at the 20 sites. Yet, without notice, and certainly
without permission, the Depart-
ment of Justice illegally copied INSLAW's Enhanced PROMIS
software and installed it eventually at 25 additional U.S.
attorneys' offices. The Department reportedly also brought
another 31 U.S. attorneys, offices "on-line" to Enhanced
PROMIS systems via telecommunications. INSLAW first learned
of these unauthorized actions in September 1985, and
notified the Department that it must remove the Enhanced
PROMIS software or arrange for license agreements. When the
Department refused, INSLAW subsequently filed a claim
against Justice in the Federal Bankruptcy Court which
eventually led to the Bankruptcy's Court's finding that the
Department's actions "Iwere done in bad faith, vexatiously,
in wanton disregard of the law and the facts, and for
oppressive reasons I to drive INSLAW out of business and to
convert, by trickery, fraud and deceit, INSLAW's PROMIS
software. When the case was appealed by the Department,
Senior District Court Judge William Bryant concurred with
the Bankruptcy Court and was very critical of the
Department's handling of the case. In his ruling, at 49a,
Judge Bryant stated:
The Government accuses the bankruptcy court of
looking beyond the bankruptcy proceeding to find
culpability by the Government. What is strikingly
apparent from the testimony and depositions of key
witnesses and many documents is that INSLAW
performed its contract in a hostile environment
that extended from the higher echelons of the
Justice Department to the officials who had the
day-to-day responsibility for supervising its
work. [Emphasis added.]
Recently, the posture of some Department officials has
been to attempt to exonerate the Department's handling of
the INSLAW matter by citing the fact that the Court of
Appeals has vacated the Bankruptcy and District Courts'
judgment involving illegal misconduct of the Department
including violations of the automatic stay provisions of the
Bankruptcy Code. However, the D.C. Circuit's opinion was
grounded primarily on jurisdictional questions and did not
address the substantive merits of the findings of fact and
conclusions of law of either the Bankruptcy Court or the
ruling of the U.S. District Court.
Based on the facts presented in court and the committee's
review of Department records, it does indeed appear that
Justice officials, including Mr. Brewer and Mr. Videnieks,
never intended to fully honor the proprietary rights of
INSLAW or bargain in good faith with the company. The
Bankruptcy Court found that:
I [The Department] engaged in an outrageous,
deceitful, fraudulent game of cat and mouse,
demonstrating contempt for both the law and any
principle of fair dealing. [Finding No. 266 at
138.]
As the Bankruptcy and District Courts found on the
merits, it is very unlikely that Mr. Brewer and Mr.
Videnieks acted alone to violate the proprietary rights of
INSLAW in this matter. In explaining his own actions, Mr.
Brewer, the project manager, has repeatedly stated that he
was not acting out any personal vendetta against INSLAW and
that high level Department officials including Lowell Jensen
were aware of every decision he made with regard to the
contract. Mr. Brewer stated, under oath that "Ithere was
somebody in the Department at a higher level, looking over
the shoulder of not just me but the people who worked for
meI.''8 The PROMIS Oversight Committee, headed by Deputy
Attorney General Lowell Jensen, kept a close watch over the
administration of the contract and was involved in every
major decision. Mr. Jensen, who worked with former Attorney
General Edwin Meese in the Alameda County district
attorneys' offices, stated under oath that he kept the
Attorney General regularly informed of all aspects of the
INSLAW contract. The PROMIS Oversight Committee readily
agreed with Mr. Brewer's recommendation to cancel part of
INSLAW's contract for default because of the controversy
regarding the installation of PROMIS in word processing
systems at the 74 smaller U.S. attorneys' offices. Mr.
Brewer's proposal was ultimately rejected only because a
Justice contracts attorney advised the oversight committee
that the Department did not have the legal authority to do
so. Curiously, the recommendation to find INSLAW in default
occurred shortly after INSLAW and the Department signed a
modification to the contract (Mod. 12), which was supposed
to end the conflict over proprietary rights.
Mr. Jensen, who is currently a Federal District Court
judge in San Francisco, served at the Justice Department
successively as Assistant Attorney General in charge of the
Criminal Division, Associate Attorney General and Deputy
Attorney General between 1981 and 1986. The Bankruptcy court
found that he "had a previously developed negative attitude
about PROMIS and INSLAW" from the beginning (Findings No.
307-309) because he had been associated with the development
of a rival case management system while he was a district
attorney in California, and that this experience, at the
very least, affected his judgment throughout his oversight
of the contract. During a sworn statement, Judge Jensen
denied being biased against INSLAW, but averred that he did
not have complete recollection of the events surrounding his
involvement in the contract. However, based on the
committee's own investigation it is clear that Judge Jensen
was not particularly interested or active in pursuing
INSLAW's claims that Department officials were biased
against the company and had taken action to harm the
company. Perhaps most disturbing, he remembered very few
details of the PROMIS Oversight Committee meetings even
though he had served as its chairman and was certainly one
of its most influential members. He stated that after a
meeting with former Attorney General Elliot Richardson
(representing INSLAW) regarding the alleged Brewer bias, he
commissioned his deputy, Mr. Jay Stephens, to conduct an
investigation of the bias charges. Based on this
investigation, Judge Jensen said he concluded that there
were no bias problems associated with the Department's
handling of the INSLAW contract.
This assertion, however, contradicted Mr. Stephens, who
testified during a sworn statement that he was never asked
by Judge Jensen to conduct an investigation of the Brewer
bias allegations raised by Mr. Richardson and others. Mr.
Stephens, recollection of the events was sharp and complete
in stark contrast to Judge Jensen's. As a result, many
questions remain about the accuracy and
completeness of Judge Jensen's recollections and statements.
As for the PROMIS Oversight Committee, committee
investigators were told that detailed minutes were not kept
at any of the meetings, nor was there any record of specific
discussions by its members affecting the INSLAW contract.
The records that were available were inordinately sparse and
often did not include any background of how and why
decisions were made.
To date, former Attorney General Meese denies having
knowledge of any bias against INSLAW by the Department or
any of its officials. He stated, under oath, that he had
little, if any, involvement with the INSLAW controversy and
that he recalls no specific discussion with anyone,
including Department officials about INSLAW's contract with
Justice regarding the use or misuse of the PROMIS software.
This statement is in direct conflict with Judge Jensen's
testimony, that he briefed Mr. Meese regularly on this issue
and that Mr. Meese was very interested in the details of the
contract and negotiations.
One of the most damaging statements received by the
committee is a sworn statement made by Deputy Attorney
General Arnold Burns to Office of Professional
Responsibility (OPR) investigators in 1988. In this
statement, Mr. Burns stated that Department attorneys had
already advised him (sometime in 1986) that INSLAW's claim
of proprietary rights in the Enhanced PROMIS software was
legitimate and that the Department had waived any rights in
these enhancements. Mr. Burns was also told by Justice
attorneys that the Department would probably lose the case
in court on this issue. Accepting this statement, it is
incredible that the Department, having made this
determination, would continue to pursue its litigation of
these matters. More than $1 million has been spent in
litigation on this case by the Justice Department even
though it knew in 1986 that it did not have a chance to win
the case on merits. This clearly raises the specter that the
Department actions taken against INSLAW in this matter
represent an abuse of power of shameful proportions.
2. WAS THERE A HIGH LEVEL CONSPIRACY?
The second phase of the committee's investigation
concentrated on the allegations that high level officials at
the Department of Justice conspired to drive INSLAW into
insolvency and steal the PROMIS software so it could be used
by Dr. Earl Brian, a former associate and friend of then
Attorney General Edwin Meese. Dr. Brian is a businessman and
entrepreneur who owns or controls several] businesses
including Hadron, Inc., which has contracts with the Justice
Department, CIA, and other agencies. The Hamiltons and
others have asserted that Dr. Brian conspired with high
level Justice officials to sell PROMIS to law enforcement
and intelligence agencies worldwide.
Former Attorney General Elliot Richardson, counsel to
INSLAW, has alleged that the circumstances involving the
theft of the PROMIS software system constitute a possible
criminal conspiracy involving Mr. Meese, Judge Jensen, Dr.
Brian, and several current and former officials at the
Department of Justice. Mr. Richardson maintains that the
individuals involved in the theft of the Enhanced PROMIS
system have violated a plethora of Federal crimi-
nal statutes, including but not limited to: (1) 18 U.S.C 654
(officer or employee of the United States converting the
property of another); (2) 18 U.S.C 1001 (false statements);
(3)18 U.S.C 1621 (perjury); (4) 18 U.S.C 1503 (obstruction
of justice); (5) 18 U.S.C 1341 (mail fraud) and (6) 18
U.S.C. 371 (conspiracy to commit criminal offenses). Mr.
Richardson further contends that the violations of Federal
law associated in the theft of Enhanced PROMIS, the
subsequent coverup and the illegal distribution of PROMIS
fulfill the requirements for prosecution under 18 U.S.C.
1961 et seq. (the Racketeer Influenced and Corrupt
Organizations (RICO) statute).
As discussed earlier, the committee's investigation
largely supports the findings of two Federal courts that the
Department "took, converted, stole INSLAW'S Enhanced PROMIS
by "trickery, fraud and deceit'', and that this
misappropriation involved officials at the highest levels of
the Department of Justice. The recent ruling by the D.C.
Circuit Court of Appeals does nothing to vitiate those
conclusions, the product of an extensive record compiled
under oath by two Federal jurists. While the Department
continues to attempt to explain away the INSLAW matter as a
simple contract dispute, the committee's investigation has
uncovered other information which plausibly could suggest a
different conclusion if full access to documents and other
witnesses were permitted. Several individuals have stated
under oath that the Enhanced PROMIS software was stolen and
distributed internationally in order to provide financial
gain to Dr. Brian and to further intelligence and foreign
policy objectives for the United States. While it should be
acknowledged at the outset that some of the testimony comes
from individuals whose past associations and enterprises are
not commendable, corroborating evidence for a number of
their claims made under oath has been found. It should be
observed that these individuals provided testimony with the
full knowledge that the Justice Department could-and would
probably be strongly inclined to-prosecute them for perjury
if they lied under oath. Moreover, we note that the
Department is hardly in a position to negate summarily
testimony offered by witnesses who have led less than an
exemplary life in their choice of associations and
activities. As indicated by the recent prosecution of Manuel
Noriega, which involved the use of over 40 witnesses, the
majority of whom were previously convicted drug traffickers,
a witness, perceived credibility is not always indicative of
the accuracy or usability in court of the information
provided. Although the committee's investigation could not
reach a definitive conclusion regarding a possible motive
behind the misappropriation of the Enhanced PROMIS software,
the disturbing questions raised, unexplained coincidences
and peculiar events that have surfaced throughout the INSLAW
case raises the need for further investigation.
One area which requires further investigation is the
allegations made by Mr. Michael Riconosciuto. Mr.
Riconosciuto, a shady character allegedly tied to U.S.
intelligence agencies and recently convicted on drug
charges, alleges that Dr. Brian and Mr. Peter Videnieks
secretly delivered INSLAW's Enhanced PROMIS software to the
Cabazon Indian Reservation, located in California, for
"refitting" for use by intelligence agencies in the United
States and
abroad.9 When Dr. Brian was questioned about his alleged
involvement in the INSLAW case, he denied under oath that he
had ever met Mr. Riconosciuto and stated that he had never
heard of the Cabazon Indian Reservation.
C. ADDITIONAL QUESTIONS
Suspicions of a Department of Justice conspiracy to steal
INSLAW's PROMIS were fueled when Danny Casolaro-an
investigative writer inquiring into those issues-was found
dead in a hotel room in Martinsburg, WV, where he was to
meet a source that he claimed was critical to his
investigation. Mr. Casolaro's body was found on August 10,
1991, with his wrists slashed numerous times. Following a
brief preliminary investigation by local authorities, Mr.
Casolaro's death was ruled a suicide. The investigation was
reopened later as a result of numerous inquiries from Mr.
Casolaro's brother and others regarding the suspicious
circumstances surrounding his death.
The Martinsburg Police investigation subsequently
concluded in January 1992, that Mr. Casolaro's death was a
suicide. Subsequently, Chairman Brooks directed committee
investigators to obtain sworn statements from the FBI agent
and two former Federal Organized Crime Strike Force
prosecutors in Los Angeles who had information bearing on
the Casolaro case. Sworn statements were obtained from
former Federal prosecutors Richard Stavin and Marvin Rudnick
on March 13 and 14, 1992. After initial resistance from the
Bureau, a sworn statement was taken from FBI Special Agent
Thomas Gates on March 25 and 26, 1992.
Special Agent Gates stated that Mr. Casolaro claimed he
had found a link between the INSLAW matter, the activities
taking place at the Cabazon Indian Reservation, and a
Federal investigation in which Special Agent Gates had been
involved regarding organized crime influence in the
entertainment industry.
Special Agent Gates stated that Mr. Casolaro had several
conversations with Mr. Robert Booth Nichols in the weeks
preceding his death. Mr. Nichols, according to documents
submitted to a Federal court by the FBI, has ties with
organized crime and the world of covert intelligence
operations. When he learned of Mr. Casolaro's death, Special
Agent Gates contacted the Martinsburg, WV, Police Department
to inform them of the information he had concerning Mr.
Nichols and Mr. Casolaro. The Martinsburg Police have not
commented on whether or not they eventually pursued the
leads provided by Special Agent Gates.
Based on the evidence collected by the committee, it
appears that the path followed by Danny Casolaro in pursuing
his investigation into the INSLAW matter brought him in
contact with a number of dangerous individuals associated
with organized crime and the world of covert intelligence
operations. The suspicious circumstances surrounding his
death have led some law enforcement professionals and others
to believe that his death may not have been a suicide. As
long as the possibility exists that Danny
Casolaro died as a result of his investigation into the
INSLAW matter, it is imperative that further investigation
be conducted.
D. EVIDENCE OF POSSIBLE COVERUP AND OBSTRUCTION
One of the principal reasons the committee could not
reach any definitive conclusion about INSLAW's allegations
of a high criminal conspiracy at Justice was the lack of
cooperation from the Department. Throughout the two INSLAW
investigations, the Congress met with restrictions, delays
and outright denials to requests for information and to
unobstructed access to records and witnesses since 1988. The
Department initially attempted to prevent the Senate
Permanent Subcommittee on Investigations from conducting an
investigation of the INSLAW affair. During this committee's
investigation, Attorney General Thornburgh repeatedly
reneged on agreements made with this committee to provide
full and open access to information and witnesses. Although
the day before a planned committee meeting to consider the
issuance of a subpoena the Department promised full access
to documents and witnesses, the committee was compelled to
subpoena Attorney General Thornburgh to obtain documents
needed to complete its investigation. Even then, the
Department failed to provide all the documents subpoenaed,
claiming that some of the documents held by the Department's
chief attorney in charge of the INSLAW litigation had been
misplaced or accidentally destroyed. The Department has not
provided a complete accounting of the number of documents
missing nor has it conducted an investigation to determine
if the documents were stolen or illegally destroyed.
Questions regarding the Department's willingness and
objectivity to investigate the charges of possible
misconduct of Justice employees remain. That Justice
officials may have too readily concluded that witnesses
supporting the Department's position were credible while
those who did not were ignored or retaliated against was,
perhaps, most painfully demonstrated with the firing of
Anthony Pasciuto, the former Deputy Director, Executive
Office of the U.S. Trustees.
Mr. Pasciuto had informed the Hamiltons that soon after
INSLAW filed for chapter 11 bankruptcy in 1985, the Justice
Department had planned to petition the court to force INSLAW
into chapter 7 bankruptcy and liquidate its assets including
the PROMIS software. His source for this information was
Judge Cornelius Blackshear who, at the time, was the U.S.
Trustee for the Southern District of New York. Judge
Blackshear subsequently provided INSLAW's attorneys with a
sworn statement confirming what Mr. Pasciuto had told the
Hamiltons. However, following a conversation with a Justice
Department attorney who was representing the Department in
the INSLAW case,10 Judge Blackshear recanted his earlier
sworn statement. Moreover, Judge Blackshear, under oath,
could not or would not provide committee investigators with
a plausible explanation of why he had recanted
his earlier statements to INSLAW, Mr. Pasciuto and others
regarding the Justice Department's efforts to force INSLAW
out of business. He did confirm an earlier statement
attributed to him that his recantation was a result of "his
desire to hurt the least number of people." However, he
would not elaborate on this enigmatic statement.
Similarly, Mr. Pasciuto, under strong pressure from
senior Department officials, recanted his statement made to
the Hamiltons regarding Judge Blackshear. It appears that
Mr. Pasciuto may have been fired from his position with the
Executive Office of U.S. Trustees because he had provided
information to the Hamiltons and their attorneys which
undercut the Department's litigating position before the
Bankruptcy Court.11 This action was based on a recommendation
made by the Office of Professional Responsibility (OPR). In
a memorandum to Deputy Attorney General Burns, dated
December 18, 1987, the OPR concluded that:
In our view, but for Mr. Pasciuto's highly
irresponsible actions, the department would be in
a much better litigation posture than it presently
finds itself. Mr. Pasciuto has wholly failed to
comport himself in accordance with the standard of
conduct expected of an official of his position.
Mr. Pasciuto now states he regrets having allowed himself
to be coerced by the Department into recanting and has
stated under oath to committee investigators that he stands
by his earlier statements made to the Hamiltons that Judge
Blackshear had informed him that the Department wanted to
force INSLAW out of business. Certainly, Mr. Pasciuto's
treatment by the Department during his participation in the
INSLAW litigation raises serious questions of how far the
Department will go to protect its interests while defending
itself in litigation. Not unexpectedly, Mr. Pasciuto's
firing had a chilling effect on other potential Department
witnesses who might have otherwise cooperated with the
committee in this matter. Judge Blackshear, on the other
hand, was not accused of wrongdoing by the Department even
though he originally provided essentially the same
information as had Mr. Pasciuto.
Despite this series of obvious reversals, the Department,
after limited investigation, has apparently satisfied itself
that the sworn statements of its witnesses, including Judge
Blackshear, have somehow been reconciled on key issues such
that no false statements have been made by any of these
individuals. This position is flatly in opposition to the
Bankruptcy Court's finding that several Department officials
may have perjured themselves which was never seriously
investigated by the Department. In addition, there are
serious conflicts and inconsistencies in sworn statements
provided to the committee that have not been resolved.
Equally important, the possibility that witnesses, testimony
were manipulated by the Department in order to present a
"united front" to the Congress and the public on the INSLAW
case needs to be fully and honestly explored. The potential
for a conflict of interest in the Department's
carrying out such an inquiry is high, if not prudently
manifest, and independent scrutiny is required.
E. JUDGE BASON'S ALLEGATIONS AGAINST THE DEPARTMENT
Judge Bason testified, under oath, before the Economic
and Commercial Law Subcommittee that the Department's
actions against its critics may have extended into blocking
his reappointment as a bankruptcy judge in 1988 because of
his ruling in INSLAW's case. Judge Bason was replaced by
Martin Teel, Jr., who, prior to his appointment, was a
Justice Department attorney heavily involved in the
Department's litigation of the INSLAW case.12 The committee
was unable to substantiate Judge Bason's charges. If such
undue influence did occur, it was subtle and lost in the
highly private manner in which judge selection procedures
are conducted. While sworn statements were not taken, the
committee investigators interviewed several of the judges
involved in the selection process. The judges who agreed to
provide interviews all stated that they had little firsthand
knowledge in which to evaluate the candidates, including the
incumbent judge. As a result, the members of the Judicial
Council had to rely on the findings of the Merit Selection
Panel headed by Judge Norma Johnson.
The Merit Selection Panel's findings were provided to the
Judicial Council by Judge Johnson whose oral presentation
was instrumental in the final selection. Judge Johnson had
previously worked at the Department of Justice with Stuart
Schiffer, who led the Department's attempt to have the
District Court remove Judge Bason from the INSLAW case. Mr.
Schiffer is also the official who argued vociferously
against the appointment of an independent counsel on the
INSLAW case in a memorandum to Deputy Attorney General
Arthur Burns. Judge Johnson also served in the D.C. Superior
Court with Judge Tim Murphy from 1970 through 1980. Judge
Murphy subsequently worked directly for Mr. Brewer on the
PROMIS contract. The committee, however, has not at this
date found any evidence that Judge Johnson had specific
discussions with Mr. Schiffer or anyone else at the
Department of Justice about Judge Bason, the INSLAW case or
the bankruptcy judicial selection process.
The committee's investigation revealed that the selection
process was largely informal, undocumented and highly
subjective. For example, several members of the Judicial
Council indicated that one of the primary factors
influencing the non-reappointment of Judge Bason, was the
poor administrative condition of his court. These same
members admitted that they had no firsthand knowledge of the
administrative condition and based this opinion on the
reports of the Merit Selection Panel and Judge Johnson. This
was corroborated by the discovery of a confidential
memorandum written by a member of the Merit Selection Panel
which was highly critical of
Judge Bason and the administrative condition of the
Bankruptcy Court. While this memorandum had been seen by
several judges during the selection process, committee
investigators were unable to determine who authored it. The
committee's investigation did not reveal any evidence to
support the criticisms raised in the memorandum. Martin
Bloom, Clerk of the Bankruptcy Court, indicated in his sworn
statement to committee investigators that under Judge Bason,
the administrative condition of the court vastly improved.
These sentiments were echoed by Chief Judge Aubrey Robinson
who consistently complimented Judge Bason on his efforts to
improve the administrative condition of the Bankruptcy Court
in his remarks to the Annual Judicial Conference.
F. CONCLUSION
The history of the Department's behavior in the INSLAW
case dramatically igation and
prosecution.
As already documented and confirmed by two Federal
judges, the Department's actions in the INSLAW case have
greatly harmed the company and its owners. These actions, as
they pertain to the dispute with INSLAW over the
misappropriation of the PROMIS software, were taken with the
full knowledge and support of high level Justice officials.
The harm to the company was further perpetuated by
succeeding high level officials, such as former Attorney
General Richard Thornburgh, who not only failed to
objectively investigate the serious charges raised by the
Hamiltons and their attorney, former Attorney General Elliot
Richardson, but also delayed and rebuffed effective and
expeditious outside investigation of the matter by Congress.
The Department of Justice is this nation's most visible
guarantor of the notion that wrongdoing will be sought out
and punished irrespective of the identity of the actors
involved. Moreover, its mandate is to protect all private
citizens from illegal activities that undermine the public
trust. The Department's handling of the INSLAW case has
seriously undermined its credibility and reputation in
playing such a role. Congress and the executive must take
immediate and forceful steps to restore public confidence
and faith in our system of justice, which cannot be
undermined by the very agent entrusted with enforcement of
our laws and protections afforded every citizen. In view of
the history surrounding the INSLAW affair and the serious
implications of evidence presented by the Hamiltons, two
court proceedings in the judicial branch and the committee's
own investigation, there is a clear need for further
investigation. The committee believes that the only way in
which INSLAW's allegations can be adequately and fully
investigated is
by the appointment of an independent counsel. The
committee is aware that on November 13, 1991, Attorney
General Barr appointed Nicholas Bua, a retired Federal judge
from Chicago, as his special counsel to investigate and
advise him on the INSLAW controversy. The committee eagerly
awaits Judge Bua's findings; however, as long as the
investigation of wrongdoing by former and current high level
Justice officials remains under the ultimate control of the
Department itself, there will always be serious doubt about
the objectivity and thoroughness of the inquiry.
------------------------------
Date: 6 Oct 92 18:11:11
From: mcmullen@well.sf.ca.us
Subject: File 2--Trial Date Set In New York "Hacker" Case
NEW YORK, N.Y., U.S.A., 1992 Oct. 6 (NB) -- At a conference held in
United States Federal Court, Southern District, Judge Richard Owen set
April 12, 1993 as the date of the trial of five New York City
"hackers" indicted on Wednesday, July 8th for various alleged
telecommunications illegalities (in the initial indictment, the word
"hacker" was defined as "someone who uses a computer or a telephone to
obtain unauthorized access to other computers.").
The accused, Mark Abene, also known as "Phiber Optik"; Julio Fernandez
a/k/a "Outlaw"; Elias Lapodolous a/k/a "Acid Phreak"; John Lee a/k/a
"Corrupt"; and Paul Stiva a/k/a "Scorpion", were charged at the
original indictment with being part of a conspiracy intended to allow
"the members of MOD (the name of the group) would gain access to and
control of computer systems in order to enhance their image and
prestige among other computer hackers; to harass and intimidate rival
hackers and people they did not like; to obtain telephone, credit,
information, and other services without paying for them; and to
obtain. passwords, account numbers and other things of value which
they could sell to others." Additionally,individuals of the group
were charged with specific crimes including the illegal accessing of
computers belonging to Southwestern Bell.
Since the indictment, attorneys for the defendants have been reviewing
evidence obtained by the Secret Service and the FBI through
court-authorized wiretapping that is purported to substantiate the
allegations. At the most recent court appearance, the attorneys
requested an extended period of time for the discovery process because
they had only recently been furnished diskettes containing information
obtained through the inception of computer communications and,
according to a defense attorney, the material "runs somewhere between
20 and 50 megabytes."
When asked by Judge Owen for a definition of a megabyte, United States
Assistant Attorney General Stephen Fishbein informed him that a
megabyte is a million bytes and that a "byte is a piece of
information." Owen then asked if Fishbein was really going to present
all that information to a jury, saying "That would really byte the
jury." Fishbein said that only that portion of the material that
actually showed the existence of illegal activity would have to be
shown but that the defense attorneys might wish to examine all of the
intercepted material.
Owen then scheduled January 3rd as the date for filing of defense
motions, a date in February for government response and April 12th as
the actual trial date.
Marjorie Peerce, attorney for Paul Stira, told Newsbytes "I can't
comment on the details of the case but Mr. Stira looks forward to the
date he can tell his story in court."
(Barbara E. McMullen & John F. McMullen/19921006)
------------------------------
Date: 13 Oct 92 18:11:11
From: mcmullen@well.sf.ca.us
Subject: File 3--News Reports Of 911 Attacks
NEW YORK, NEW YORK, U.S.A., 1992 OCT 12(NB) -- United Press
International and the Toronto Sun have reported arrests related to
alleged "hacker" attacks on 911 systems. The law enforcement personnel
quoted in the stories were not available for comment due to the
observance of Columbus Day and the Canadian Thanksgiving,
respectively.
The UPI story reports the arrest of a 23 year-old Newark, New Jersey
individual, identified only as "Maverick" for allegedly attempting to
cause havoc through the disruption of 911 service. The story also said
that arrests were expected to be forthcoming in two Maryland
locations.
The Toronto story, written by Kevin Hann, described the arrest of a 15
year old high school student accused of misdirecting emergency
services crews and reporting false medical emergencies. He, according
to quotes attributed to Toronto police officials, used a home computer
to route calls through the United States back to Toronto in an attempt
to confuse security systems.
The New Jersey man arrested was said to be part of a loose network of
computer "hackers" known as the Legion of Doom (LOD) which, according
to the story, engages in telephone fraud by using corporate Private
Branch Exchanges (PBX) systems to illegally place their calls It was
alleged that the group made caused over $100,000 of charges to be
incurred by a Minnesota company within a single month.
The name Legion of Doom has been used repeatedly in recent years by
both law enforcement personnel and others in the last few years.
Robert Riggs, Adam Grant and Franklin Darden, convicted in 1990 for
intrusion in to BellSouth's computer systems were identified by law
enforcement officials as members of the Legion of Doom as was Len
Rose, sentenced in 1991 for "receiving misappropriated UNIX source
code."
Additionally, other persons have identified themselves as members or
ex-members of the Legion of Doom. In June 1991, Chris Goggans, Scott
Chasin and Ken Shulman, announcing the formation of ComSec, a computer
security firm, identified themselves as former LOD-ers "Erik
Bloodaxe", "Doc Holiday", and "Malefactor" (the firm has since gone
out of business). In January 1992, announcing the commercial bulletin
board system Phantom Access, the system owners, Patrick Kroupa and
Bruce Fancher, described themselves as "two former East-Coast Legion
of Doom members" ("Lord Digital" and "Dead Lord").
Fancher told Newsbytes "The Legion of Doom is not and never was an
organization with criminal intent. Any criminal activity that might
have happened was the result of inadvertent actions while exploring. I
never head of Maverick and doubt that he was a member of the group
known as the Legion of Doom. I also doubt that anyone that I knew in
the group would have considered malicious acts involving 911 systems."
(Barbara E. McMullen & John F. McMullen/19921012)
------------------------------
End of Computer Underground Digest #4.51
************************************
Computer underground Digest Sun Oct 18, 1992 Volume 4 : Issue 52
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth
Copy Editor: Etaion Jhrdleau, Sr.
CONTENTS, #4.52 (Oct 18, 1992)
File 1--Fixed Problems With The AOTD Mailserver
File 2--More on Inslaw -- Justice Dept response
File 3--The Essence of Programming
File 4-- CPSR Social Action Report
File 5--Making the News and Bookstands (Reprint)
File 6--Legion Of Doom Connection With 911 Attacks Denied
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by
anonymous ftp from ftp.eff.org (192.88.144.4), ftp.ee.mu.oz.au
and red.css.itd.umich.edu -- the texts are in /cud.
Back issues also may be obtained from the mail server at
mailserv@batpad.lgb.ca.us
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
- ----------------------------------------------------------------------
Date: Fri, 16 Oct 1992 18:13:55 EDT
From: Chris Cappuccio <chris%aotnet@mcnnet.mi.org>
Subject: File 1--Fixed Problems With The AOTD Mailserver
Ok, well after I got my computer connected with UUCP (I'm still not a
registered system but soon I expect to register with the local UUCP
stuff and also get a domain name in mi.org), I tried to subscribe to
the AOTD list with my account on my machine (aotnet) but I couldn't.
It turned out, because we put some more security from people using the
mailing list, that Mike also accidentaly changed the list name. Well
this is fixed now. To subscribe to Art of Technology Digest, do
*exactly* this:
mail mailserv@batpad.lgb.ca.us Leave the "Subject" line blank Put this
in the text of your message: SUBSCRIBE AOTD
and you will be put on the mailing list. You should wait 1-24 hours
for a response. I am not using my computer as the mailserver because I
only have a 2400 baud (or bps, whatever you like) modem and no
mailserver software. Oh, one more thing, you can get back issues of
AoT-D from wuarchive.wustl.edu under directory: /pub/aot/. Enjoy!
- ------------------------------
Date: Thu, 15 Oct 1992 22:58:43 -0700
From: James I. Davis <jdav@WELL.SF.CA.US>
Subject: File 2--More on Inslaw -- Justice Dept response
From-- Nigel.Allen@lambada.oit.unc.edu
Subject-- U.S. Justice Department Statement on Inslaw Affair
To-- Multiple recipients of list ACTIV-L
Here is a press release from the U.S. Department of Justice.
Justice Department Releases Statement
To: National Desk
Contact: U.S. Department of Justice, Public Affairs, 202-514-2007
WASHINGTON, Oct. 13 -- The Department of Justice released today
the following statement:
Attorney General William P. Barr today told the House Committee on
the Judiciary that he will not seek the appointment of an Independent
Counsel as requested in a Sept. 10 letter from a majority of the
committee's Democratic members. His reasons for this decision were
set forth in a letter to the Committee. Under the Independent Counsel
statute, only the committee can make these materials public, and the
attorney general has asked that it do so.
The Sept. 10 letter requested the appointment of an independent
counsel to investigate allegations contained in a report adopted by
the committee's Democratic majority members entitled, "The Inslaw
Affair" (Report).
The independent counsel statute was designed to apply to certain
exceptional cases. Accordingly, the statute's specialized procedures
are triggered in two specifically defined circumstances -- one
mandatory and one discretionary.
The mandatory provision, 28 U.S.C. 591 (a), requires the attorney
general to apply the procedures of the statute if and when he receives
specific and credible information sufficient to warrant a criminal
investigation of a "covered person." Covered persons' are a small
group of the most senior officials in the Executive Branch who are
specifically listed in the statute.
The discretionary provision of the statute, 28 U.S.C. 591 (c),
authorizes, but does not require, the Attorney General to proceed
under the statute if: (1) he receives specific and credible
information sufficient to warrant a criminal investigation of someone
other than a "covered person"; and (2) he determines that an
investigation or prosecution of that person by the Attorney General or
other officer of the Department "may result in a personal, financial
or political conflict of interest."
The department has concluded that the report contains no specific
information that any "covered person" has committed a crime.
Regarding "non-covered" persons, long before the committee
completed its report, Attorney General Barr appointed retired U.S.
District Judge Nicholas J. Bua as special counsel to investigate all
matters related to INSLAW. Judge Bua has had an outstanding judicial
career which has spanned almost thirty years. He has served on the
county, circuit and appellate courts in Illinois, and in 1977,
President Carter appointed him to the U.S. District Court in Chicago.
Judge Bua has full authority to conduct a thorough and complete
investigation of all INSLAW allegations -- including the power to
issue subpoenas and to convene grand juries. He is conducting his
investigation in a fair and impartial manner. The attorney general's
instructions included from the outset of this investigation for Judge
Bua to notify him of any information implicating the independent
counsel statute. Judge Bua found no evidence to support invoking the
mandatory or discretionary provisions of the independent counsel
statute before the report was issued, or since reviewing the report.
After an exhaustive review of the allegations, in accordance with
the requirements of the statute, the Attorney General will not seek
the appointment of an Independent Counsel at this time. The
department invites the committee, Congress, or any other source, to
provide any new information that warrants invoking the independent
counsel statute.
- ------------------------------
Date: 13 Oct 92 01:15:59
From: The Dark Adept <drkadpt@DRKTOWR.CHI.IL.US>
Subject: File 3--The Essence of Programming
The Essence of Programming
by The Dark Adept
What exactly is a computer program? Why do people wish to copyright
it? Why do people wish to patent its effects? Why do programmers
enjoy programming?
A lot of these questions cannot be answered in a straightforward
manner. Most people would give you a different answer for each, but
there is an indirect answer: the essence of programming.
In a recent CuD issue a question was raised about Cyberspace being a
culture. I am no sociologist, but it is apparent to me that every
culture has some form of artistic expression. Cyberspace is no
different. Beneath every piece of E-mail, beneath every USENET post,
beneath every word typed into a word processor is an underlying piece
of art hidden from the user's eyes: the computer program.
"A computer program is art? Is this guy nuts?" Well, yes and no in
that order ;) Art has many different definitions, but a few things
are apparent about true art. True art is an extension of the artist.
It is his view of the world around him. It contributes to his world,
not only aesthetically, but by influencing people. This is true
whether the art form is music, sculpture, photography, dance, etc.
True art is also created. It fulfills the artist's need to create.
It is no less his creation and part of him than his own child.
The source code for a computer program is art pure and simple.
Whether it is written by one programmer or many. Each programmer
takes his view of the world the art will exist in (the core memory of
the computer and the other programs around it), and shapes the program
according to that view. No two programmers program exactly alike just
as no two authors will use the same exact sentence to describe the
same thing.
And the computer program will influence people. Aesthetic value may
come from either video games, fractal generators, or even a hot new
GUI (graphical user interface -- like MS-Windows(tm)). But it does
more than this. It changes how people work, how people think. The
typist of the 1920's most certainly would look upon his work much
differently than the word processing secretary of the 1990's would
look upon his. No longer is the concern restricted to "should I
single- or double-space," but also to "what font should I use? What
size?"
Furthermore a computer program is interactive art. Once the program
is written and executed, people interact with it. Other machines
interact with it. Other programs interact with it. In fact, it is
not only interactive art, but *living* art. It reaches its fullest
not when looked at and appreciated, but put to use and appreciated.
It is not created to sit in the corner and be enjoyed, but also to be
interacted with and brought to life.
And just as the literary world had artists whose influence upon
society was negative instead of positive, their works are also art.
Hitler, Manson, Machiavelli, etc. all wrote great works whose
influence tore apart society and crippled it. However, even though
their work caused evil, it is nonetheless a form of art. _Mein Kampf_
caused more deaths in this world than almost any other publication.
For one piece of printed text to have this great of an effect on
society, the soul of the writer must be within those words. In another
vein, think of the Bible. Wars have been fought over it, miracles
have happened because of it, people have laughed and cried over it.
The reason is that the soul of the reader is stirred by the authors'
souls who are in the work itself. In any case, even thought _Mein
Kampf_ caused much evil, no one can deny that it was a powerful work
full of Hitler's soul, and deserves study and thought.
The negative art of the programming world would most certainly be
viruses and worms. Whether the author follows from Hitler and is bent
on the destruction of all unlike him, or is more of a scientist trying
to create life that is autonomous from the creator and it gets out of
hand like Dr. Frankenstein's, they are still great works. The
miniscule amount of "words" in a virus program can cause a greater
effect on people than the millions of "words" used to create DOS.
There is an elegant evil to them like there is to Machiavelli's _The
Prince_ which deserves study and thought.
To ban viruses, to ban worms is to ban the free expression and the
free thought of the artist. Yes, they should be stopped, but so
should the genocide proscribed in _Mein Kampf_. However, neither the
writing of _Mein Kampf_ nor the writing of viruses should be
disallowed and neither should their reading be restricted since if
nothing else both serve as a warning of what could happen if a
brilliant madman bent on killing and destruction is given an
opportunity to fulfill those psychotic fantasies.
For those programmers out there who have dabbled in Object Oriented
Programming (OOP), this relationship between art and programming
should be even clearer. In OOP, each part of the program is an actor
("who struts and frets" -- thanks, Bill) whose dialogue with the other
actors (objects) creates the play. Each object has his own
personality and capabilities, and, sadly enough, tragic flaws as well.
Now as for copyrighting and patenting and other such topics, I give
you this to think about. Who is the truer author of a great work:
Jackie Collins or Edgar Allen Poe? Why would each copyright? One
would copyright to protect their income, the other to protect their
child borne of their artistic expression. Computer programs should be
allowed protection in various forms, but to protect the inspiration
and expression within and not the dollar value generated by them. To
do so cheapens them and turns them into nothing more than trash
romance novels. Both may serve their purpose and be useful, but only
one is a great work -- the intent of the author comes from his soul as
well as his work, and only those of the purest origins will be great
while the others may only be useful.
Like many artists, the programmer pours his blood and sweat, his heart
and soul into his work. It is his child, a creation from his brow and
hand, and he loves it as such.
The essence of programming is the essence of the artist within the
programmer. To cheapen it by calling it a "product" is like calling
the "Mona Lisa" a product. Sure a price value can be placed on the
Mona Lisa, but the value stems from the affect that Leo's paint has
upon the observer, and not a sum cost of materials and labor so that a
profit of an acceptable margin is met and maintained.
Those who aren't programmers may not understand what I am talking
about, and there are programmers out there who may not understand what
I am talking about. However a select few may understand what I am
saying, and they are the true programmers and the true artists of
Cyberspace. Within them is the essence of the programmer and within
their source code is the essence of programming: their souls.
- ------------------------------
Date: Fri, 9 Oct 1992 13:40:01 EDT
From: Jeff Johnson <jjohnson@HPLJAJ.HPL.HP.COM>
Subject: File 4-- CPSR Social Action Report
TOWARDS A GUIDE TO SOCIAL ACTION FOR COMPUTER PROFESSIONALS
By Jeff Johnson, Chair, and Evelyn Pine, Managing Director,
Computer Professionals for Social Responsibility (CPSR)
Introduction
"Being a typical nerd programmer, it's always been comforting
to believe that somehow whatever I was working on in the
darkness of my cubicle would eventually benefit the world. ...
I focused on what was interesting to me, assuming that it
would also be important to the world. But the events in L.A.
have forced me to think that maybe it doesn't work that way;
and to confront the question: what can I, as a professional
in the HCI field, do to help change what's going on in the
world?" -- a CHI'92 attendee.
The Rodney King video, trial, verdict, and subsequent riots jolted
Americans in many ways besides showing us acts of violence committed
by police and citizens. It also made the inequities of American
society painfully clear, and provided a clear response to Langston
Hughes' question: "What happens to a dream deferred?" Answer: it
explodes. This caused many people to rethink how they are conducting
their lives, and how we are conducting our neighborhoods, our cities,
our states, and our nation.
Computer professionals have a relatively comfortable position in this
society. For the most part, we are well-paid, and our jobs are more
secure than most. As a result, we live in nicer neighborhoods, send
our kids to better schools, eat healthier food, use better tools, and
have access to better health care. Because of this, some of us feel a
responsibility to help those in our society who aren't so well-off,
and some of us don't.
However, computer professionals are not just another well-paid segment
of society. We, more than people in most other lines of work, create
world-changing technology, technology that profoundly affects how
people live, work, and die. We can create technology that, e.g., can
be used to improve neighborhoods, education, food production and
distribution, tools, and health care. We can also create technology
that can be used to keep the poor out of our neighborhoods and
schools, produce and sell junk food and worthless tools, and limit
access to health care, as well as keep the lid on discontent and even
kill people more efficiently.
Computer technology can help reduce inequity and it can also help
exacerbate it. The public learned of the King beating because of
technology in the hands of citizens. Today anyone with a PC, an
ink-jet printer, and a copier can produce documents that political
activists of just thirty years ago, cranking out smelly typewritten
ditto copies, never imagined. Citizens of China and Thailand used
fax, video, and electronic mail to document government repression of
democratic movements. Computer technology is a crucial ingredient of
all of the above, in their design and manufacture as well as in the
tools themselves.
Unfortunately, the effect of introducing computer technology has more
often been to increase the stratification of society. Let's face it:
computer systems often lead to loss of jobs. Furthermore, as the
infrastructure upon which society is based becomes more dependent upon
computer technology, those without technical skills are left behind.
The end of the Cold War and the recession, combined with the
introduction of computer technology, have served to exacerbate
joblessness and hopelessness for those who have been rendered
superfluous and don't have the education to become "knowledge
workers."
"How many of the projects that are funded will have a net result of
reducing jobs -- particularly jobs for less-educated people? ... I
find many in the computer industry have defensive rationalizations
for the fact that their own labor will result in the loss of jobs
to society. ... The up and coming area of software that I myself
work in -- workflow -- will automate people out of work. ... How
do we deal with this?" -- A CHI'92 attendee.
This special relationship between computer technology and society
gives those who develop it -- us -- responsibilities beyond any that
arise merely from our comfortable economic status. To quote from the
statement of purpose of Computer Professionals for Social
Responsibility (CPSR): "Decisions regarding the development and use
of computers ... have far-reaching consequences and reflect basic
values and priorities. We believe that computer technology should
make life more enjoyable, productive, and secure."
The King riots jolted us, causing many of us to reflect on whether we
are living up to our responsibilities as citizens and as computer
professionals. The contrast between the world we inhabit, of which
the CHI'92 conference is a part, and the one that exploded into
violence and flames the week before the conference, caused some of us
to feel a certain alienation from our work, as the opening quotation
of this article illustrates. Are we part of the solution, or part of
the problem? Also, as the effects of the riots rapidly spread to
surrounding neighborhoods, other cities, and even the presidential
campaign, it became obvious that the two "worlds" aren't really
separate. That burning society we saw on TV wasn't someone else's, it
was ours.
What Can I Do? -- The CPSR/CHI'92 "Social Issues" Session
In the midst of the worst period of rioting, as many of us were
preparing to head to Monterey, the site of CHI'92, Prof. Chris Borgman
of U.C.L.A. sent an e-mail message to several of her acquaintances
across the country, describing what was going on in L.A. and how she
and her friends there felt about it (see Shneiderman, 1992). Prof.
Ben Shneiderman was especially touched by the message. He contacted
the CHI'92 Co-Chairs, Jim Miller and Scooter Morris, and expressed his
desire that the conference should not run its course without
acknowledging the riots and the events that led up to them. Even
though the riots were not directly CHI- or computer-related, he felt
that ignoring them constituted burying our heads in the sand, and
would be morally wrong. Jim and Scooter agreed that something should
be done, but of course by that point the conference schedule was set.
They suggested a special session, during the lunch break just after
the official opening plenary session on Tuesday. Jim also suggested
that CPSR Chair Jeff Johnson be invited to help plan the session.
On Monday evening, Ben and Jeff met to plan the session. What quickly
emerged was a desire not only to acknowledge the distressing external
events and give people a chance to vent their spleens, but also to
help give people the wherewithal to act. To Ben and Jeff, it seemed
that many of their colleagues were angry, upset, worried, or
frightened about what was going on, but didn't know what to do about
it, or even how to find out. They decided that the session should be
an opportunity for people to share ideas on how computer
professionals, their employers, and their professional societies can
help address social problems of the sort that led to the riots. Jeff
proposed that to facilitate the capture and sharing of ideas, session
attendees be asked to submit ideas on paper as well as presenting them
verbally. CPSR volunteered to collect and compile the responses and
issue a report back to the attendees. Later that night, he created a
form for action-ideas, labeled "Constructive Responses to Events in
L.A. and Elsewhere," and made about 60 copies to cover the expected
audience.
The next morning, at the opening plenary session, Jim Miller announced
the special session. This was the first that the approximately 2500
attendees at CHI had heard of it.
At the announced time, despite the late notice and the conflict with
lunch, approximately 300 people showed up. Student volunteers quickly
went to make more copies of the "Constructive Responses..." form. Ben
Shneiderman expressed his delight at the number of people who had come
and opened the session, describing his feelings about the riots,
reading Chris Borgman's e-mail message, and giving the intent of the
session. Prof. Borgman then spoke, elaborating on her message and
giving her ideas about what people might do. She was followed by Jeff
Johnson, who talked about growing up in South Central L.A., what it is
like for his relatives who live there now, and about CPSR and some of
its
programs.
Members of the audience were then invited to the microphone to share
their ideas about what can be done to resolve social inequities. At
first, people were hesitant to speak, but within fifteen minutes or so
there were more people waiting to speak than there was time for. Some
people described volunteer work they do, some named organizations they
support, some talked about what companies do or should do, and some
talked about what various government bodies should be, but aren't,
doing.
Beyond CHI'92
One hundred and ten members of the audience wrote suggestions on the
forms and turned them in. After the conference, CPSR began the
process of compiling the responses and producing the promised report.
We found volunteers to put the responses on-line. We created an
e-mail distribution list consisting of respondents who had provided
e-mail addresses. We took a quick pass through the data, to see if it
contained ideas worth publishing and sharing. It did.
On the basis of our initial look at the responses, the report began to
take shape in our minds. We didn't think it would suffice to simply
list all of the ideas that the session attendees had written. A quick
query sent to the e-mail list confirmed this: session participants
didn't want the raw data or even lightly-digested data; they wanted a
well-digested, well-organized guide to social action, a resource
booklet that goes beyond what people put on their response forms. Not
everyone has been a volunteer or activist, and even those of us who
have can benefit from a complete guidebook on how to make a positive
contribution to society.
Producing such a comprehensive report presented CPSR with a challenge,
for it would require a significant amount of work. For instance, many
respondents mentioned organizations, but it was up to us to provide
contact addresses. We also found some suggestions to be out-of-date,
e.g., organizations that have changed policies. The research
necessary to produce such a report in the months following CHI'92
exceeds what CPSR's small staff and volunteer-base can deliver. To
produce the full report would require funding to allow us to pay for
some of the labor. We made some initial efforts to get funding, so
far without success. Nonetheless, we were committed to producing a
timely report for the CHI'92 session attendees. With encouragement
from Ben Shneiderman, the two of us decided to write a brief version
of the report for SIGCHI Bulletin. Hopefully, this brief initial
report will help attract funding for a full report.
This report is therefore intended to be the first deliverable of a
possible new CPSR project that would, if funded, provide computer
professionals with information and guidance on how to become "part of
the solution" to pressing social problems. Depending upon funding,
subsequent deliverables may include:
- a moderated e-mail discussion list on social involvement, - an
e-mail archive/server for information on social involvement, - the
aforementioned booklet: "A Guide to Social Action" for computer
professionals, suitable for companies to distribute to employees,
containing an overview of the ways to get involved, a categorized
list of ideas, a directory of organizations, some success examples,
with a sprinkling of interesting quotes from attendees of the CHI'92
special session. - a clearinghouse service to help computer
professionals and companies down the road toward social involvement.
In this initial report, we chose to focus on a few of the
most-commonly-suggested ideas, rather than present a shallow overview
of all of them. A more complete list will have to wait until the
booklet. We begin with some comments on what we have learned from
this exercise, then summarize a few of the suggestions, and conclude.
What have we learned from this?
"Tell me how I can help." -- a CHI'92 attendee.
Despite the stereotype of the apolitical, work-obsessed nerd, computer
professionals do care about what goes on in the world. Many are
already involved in volunteer projects, political action, and
critically examining the impact of their work. More importantly, many
more are looking for ways to get involved. The King riots really
shook up a lot of people.
The respondents see potential in themselves, their companies, and
their professional associations, but are concerned that social issues
often get lost in the shuffle of busy people and companies.
CHI conference attendees may not be representative of computer
professionals in general. Their professional focus on the interaction
between people and machines may make them more likely to be concerned
about social issues. However, CPSR members nationwide -- who are not
predominantly CHI members -- have been proving for over a decade that
a computer career and interest in social issues are not mutually
exclusive.
There is no shortage of good ideas about how to get involved. The
hundred and ten respondents in the CPSR-CHI special session have
provided a first glimpse, but our feeling is that many more good ideas
remain to be suggested.
Many individuals, organizations, and companies are already doing
things that we can learn from. We needn't design from scratch.
Summary of Responses
"Education is the single most effective and powerful way to change
the situation in a permanent way." -- a CHI'92 attendee.
Our respondents overwhelmingly saw education as fundamental. They
believe that individuals, companies, professional societies, and
various levels of government could be doing much more to support
education than they now are. For example:
- Individuals can tutor disadvantaged kids, teach computer courses
or run computer labs in schools, and speak in schools about their
company and their work.
- Companies can adopt a school, donate equipment and software, and
establish programs in which students visit the workplace to learn what
computer professionals do and what skills they need.
- Professional societies can provide scholarships for high school
kids, encourage individuals and companies to develop education
applications of computer technology, and advocate greater public
funding of education.
Many respondents suggested that individuals and companies donate new
and used computer equipment to schools, community centers, and
non-profit organizations. However, some pointed out that giving
antiquated, unreliable, or inappropriate equipment is almost worse
than unhelpful, in that it can drain valuable time and energy from the
important work that these organizations do. Accordingly, many
non-profits will not accept equipment for which they can no longer
find software, documentation, and maintenance support. To help insure
that donated equipment is effectively used, computer professionals can
donate time and expertise. Otherwise, donated equipment may just sit
in a
corner.
Not surprisingly, volunteerism is strongly advocated by our
respondents. Some of their suggestions are:
- Individuals can volunteer in computer labs, get involved with a
organizations that link volunteers with non-profit groups (e.g.,
CompuMentor), or even teach reading in an urban library. A frequent
comment was that literacy is more important than computer literacy.
- Companies can encourage volunteerism by helping match willing
employees with worthy organizations, by allowing employees to share
their skills on company time, and by honoring employees' volunteer
efforts.
- Professional societies can encourage volunteerism among
professionals by developing mentor programs in which members work with
urban youth, and by developing computer curricula that professionals
can take into volunteer teaching situations.
"I read to primary students one-half hour per week. I get more out
of that time than the kids, but their focus on me tells me they are
getting a lot out of my time also." -- a CHI'92 attendee.
Several respondents who are involved in volunteer work noted that
volunteering has value far beyond that of the actual work that
volunteers do. It helps build much-needed understanding and trust
between ethnic and socioeconomic groups. It also is beneficial to the
volunteers themselves: they gain teaching experience, social skills,
and a broader perspective on the society in which they live, and often
have fun while doing it.
Computer professionals have learned that access to on-line
communication and information services is a powerful tool for their
own education, communication, and activism. We found that many of
them believe that on-line access would be just as empowering for the
public at large. Middle-class Americans are already beginning to get
on-line, but individuals, companies, and professional societies can
make an extra effort to assure that the poor are not cut out of the
loop. Individuals, companies, and professional societies can help put
communities on-line, as has been done in Berkeley (Community Memory
Project) and Santa Monica (Public Education Network). Such networks
can facilitate communication and discussion not only with other
citizens of a local community, but, depending on how they are
connected to larger networks, with information service providers and
even elected representatives.
"Companies can actively recruit blacks and other minorities. I
have been at CHI for 2 1/2 days and have seen only two blacks with
CHI name tags." -- a CHI'92 attendee.
More of a commitment to affirmative action in hiring and promotion is
seen as a major way in which companies can help overcome social
inequities. This means making an extra effort to find qualified
minorities and women to fill jobs, and, when candidates are equally
qualified (i.e., the difference in their estimated ability to perform
the job is less than the margin of error of the assessment process),
giving the benefit of the doubt to minorities and women. Some
respondents suggested, for example, that companies hold outreach
activities in poor communities to find potential employees.
The respondents recommended awards as a way to encourage computer
companies, academic research projects, and individuals to get
involved.
Each year, CPSR recognizes a computer scientist who, in addition to
making important contributions to the field, has demonstrated an
ongoing commitment to working for social change. (ACM activist and
IBM researcher Barbara Simons is CPSR's 1992 Norbert Wiener Award
winner.) Many respondents suggested that SIGCHI or ACM offer an award
for companies that demonstrate a similar commitment through community
projects, encouraging employee volunteerism, or other good works.
The CHI conference itself emerged as an important potential focus of
social action work. Respondents recommended that CHI organizers seek
ways to have a positive impact upon the host community. Local
students -- high-school and college -- could be given tours of
exhibits or scholarships to attend the conference. Equipment used at
the conference could be donated to local schools and organizations.
Respondents also suggested paper and poster sessions devoted to
applying technology to social problems or to understanding social
issues related to computer technology.
"What's underneath are not wounds, but faults -- lines of fracture,
of discontinuity, in society, which periodically relieve their
stress in these violent ways. What can we do about that?" -- a
CHI'92 attendee.
Although our respondents provided a wealth of ideas for how we, as
computer professionals and concerned citizens, can offer our time and
skills for the betterment of society, a number of them acknowledged
that charity, volunteering, and technology alone cannot solve
political and social problems. Closing the gap between rich and poor,
educated and illiterate, empowered and disenfranchised will require
changes in basic priorities at the local, state, national, and
international levels. Accordingly, many respondents recommended
attempting to influence the political process, either individually,
through professional associations, or through organizations like CPSR.
Conclusions
"Thanks for the noontime meeting on Tuesday! It was motivating to
see such a strong response." -- a CHI'92 attendee.
"Thank you, thank you, thank you for organizing this forum and
bringing some heart and spirit into this cold, albeit exciting,
environment. Onwards and upwards, I'm with you all the way!" -- a
CHI'92 attendee.
"What a wonderful experience to find a humanistic island at a
professional conference!" -- a CHI'92 attendee.
The unexpectedly large response to the noontime session at CHI'92 was
extremely gratifying. Also gratifying is the degree of concern that
members of the CHI community have about social inequities and the
seriousness with which they addressed themselves to overcoming them.
Hopefully, with this report as inspiration, many computer
professionals will begin to take action.
"I'll go back and start asking questions in my company." -- a
CHI'92 attendee.
The foregoing has only scratched the surface of the ideas that emerged
from the CHI'92 social issues session. As described above, CPSR hopes
to expand this report into a widely-circulated Social Action Guide,
and eventually provide on-line services to help computer professionals
take action.
To learn more about Computer Professionals for Social Responsibility,
or to get involved in the preparation of the full Social Action Guide,
contact cpsr@csli.stanford.edu.
References
Shneiderman, B. "Socially Responsible Computing I: A Call to Action
Following the L.A. Riots" SIGCHI Bulletin, July, 1992, 24(3), pages
14-15.
- ------------------------------
Date: 16 Oct 92 23:59:59 GMT
From: jbcondat@ATTMAIL.COM
Subject: File 5--Making the News and Bookstands (Reprint)
MAKING THE NEWS AND BOOKSTANDS
(From "Intelligence Newsletter", No. 202 (Oct. 8, 1992), Page 5,
by O. Schimdt)
The computer virus "threat" is back in the news with a new study by
IBM specialist Jeffrey O. Kephart and on the bookstands with a French
do-it-yourself build-your-own manual on viruses. According to Kephart
of IBM's High Integrity Computing Laboratory, most previous theories
on the "social structure of computer use and networks were faulty":
not every machine could make contact with every other machine in one,
two or three "steps". Most individual computers are not connected to
others systems but only to their nearest neighbors. Therefore, most
infections take place not through networks, but through the physical
exchange of disks. Moreover, many of the 1,500 known viruses are not
good replicators and many are not destructive. Even the remaining
good replicators are "almost all defeated by normal anti-virus
programs." To advance knowledge such as this concerning viruses, Chaos
Computer Club France (CCCF) has decided to publish the French
trans-lation of "The Black Book of Computer Virus" by Mark Ludwig
"which was censored in the U.S." (French title, "C'est decide! J'ecris
mon virus," Editions Eyrolles). [...] The book contains "computer
codes for writing your own virus," but according to CCCF any such
virus can be defeated by normal anti-virus programs. Moreover, there
is no French law forbidding the publication of virus computer codes.
The book is intended for "responsible adults" and bears the warning
"Forbidden for readers not 18 years old".
*****
Jean-Bernard CONDAT (General Secretary)------Chaos Computer Club France [CCCF]
B.P. 8005, 69351 Lyon Cedex 08// France //43 rue des Rosiers, 93400 Saint-Ouen
Phone: +33 1 40101775, Fax.: +33 1 40101764, Hacker's BBS (8x): +33 1 40102223
- ------------------------------
Date: Fri, 16 Oct 1992 23:33:18 CDT
From: John F. McMullen <mcmullen@well.sf.ca.us>
Subject: File 6--Legion Of Doom Connection With 911 Attacks Denied
NEW YORK, NEW YORK, U.S.A., 1992 OCT 16(NB) -- Members of the
well publicized group of computer hackers, The Legion of Doom, have
denied any connection with the recent alleged tampering with US and
Canadian 911 emergency systems. They have also told Newsbytes that the
Legion OT Doom (LOD) group has been defunct for a number of years.
The recent publicized quote by an arrested 23 year old New Jersey
man, identified only as Maverick, that he was a member of the Legion
of Doom and that the group's intent was "to attempt to penetrate the
911 computer systems and inflect them with viruses to cause havoc" has
infuriated many of the original group.
"Lex Luthor", one of the founders of LOD, told Newsbytes "As far as I
am concerned the LOD has been dead for a couple of years never to be
revived. Maverick was never in LOD. There have been 2 lists of
members (one in phrack and another in the lod tj) and those lists are
the final word on membership. There has been no revival of lod by me
nor other ex- members. We obviously cannot prevent copy-cats from
saying they are in lod. When there was an LOD, our goals were to
explore and leave systems as we found them. The goals were to expose
security flaws so they could be fixed before REAL criminals and
vandals such as this Maverick character could do damage. If this
Maverick character did indeed disrupt E911 service he should be not
only be charged with computer trespassing but also attempted murder.
911 is serious business."
Lex continued "I am obviously not affiliated with any type of illegal
activities whatever especially those concerning computer systems.
However, I do try to keep up with what's going on and have 2 articles
on computer security being prepared to be published. I won't say where
or what name I am using because if the editors know an ex-hacker is
trying to help society and help secure computer systems they probably
would not accept the article."
Captain James Bourque of the Chesterfield County, Virginia police and
the person who had quoted Maverick to the press, told Newsbytes that
Lex's comments were probably correct. He said "I don't think that
there is a connection with the original group. I think that this group
sort of took on the Legion of Doom Name and the causes that they think
the Legion of Doom might have been involved in."
Bourque also said "This group tried to publicize their activities by
calling the local ABC station here as well as ABC in New York. It was
not unusual for four or five of these individuals to set up a
telephone conference and then to try to bring down our local 911
system here by monopolizing the system -- it never worked but they
continued to try."
Bourgue told Newsbytes that the continuing investigation is being
carried out by local law enforcement agencies and that an investigator
from his organization was in Newark reviewing the evidence against
Maverick. He said "It's possible that the Secret Service will become
involved after the presidential election is over. They are very busy
now."
Mike Godwin , in-house counsel of the Electronic Frontier Foundation.
(EFF), an organization that has been involved in a number of cases
involving admitted LOD members, commented to Newsbytes "I don't
believe for a minute that this has anything to do with the real Legion
of Doom."
Phiber Optic, another ex-LOD member, told Newsbytes that he was
disturbed that the media accepted the designation of Maverick as LOD,
saying "If he said that he was a Martian, would they have put in the
paper that he was a Martian?"
Phiber had previously posted a comment on the Whole Earth 'Lectronic
Link (WELL) on the LOD announcement and it is reprinted with his
permission:
1) Kids prank 911.
2) Kids get caught for being jackasses.
3) One kid just happens to have a computer.
4) Now it's suddenly a 'hacker crime'.
5) Kid foolishly decides he's in the 'Legion of Doom' when he's
questioned,because he probably always wanted to be (his heroes!).
6) Media pukes on itself. ("This is a HEADLINE!!!")
There. Can we all grow up and move along now?
Emmanuel Goldstein, publisher of 2600 Magazine: The Hacker Quarterly,
also took issued with the designation of those arrested in New Jersey
and Canada as "hackers", telling Newsbytes "No where have I seen any
indication that these people were inside of a telephone company
computer. They were allegedly making vocal calls to the 911 services
and trying to disrupt them. You certainly don't have to be a genius to
do that. Let's not demean hackers by associating them with the kind of
behavior that is alleged."
- ------------------------------
End of Computer Underground Digest #4.52
************************************
Computer underground Digest Sun Oct 25, 1992 Volume 4 : Issue 53
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth / Ralph Sims
Copy Editor: Etaion Shrdleaux, Sr.
CONTENTS, #4.53 (Oct 25, 1992)
File 1--Re: CuD 4.49 - Viruses--Facts and Myths (1)
File 2--Re: CuD 4.49 - Viruses--Facts and Myths (2)
File 3--Further Disclosures In 911/"Legion of Doom Case"
File 4--NY State Police Decriminalize the word "Hacker" (Newsbytes)
File 5--Update on Toronto Bust of Early October
File 6--SRI Seeks "Phreaks" for New Study
File 7--XIOX's Anti-Phone-Fraud Products (Press Release)
File 8--CSC "Anti-Telecom Fraud" Device
File 9--The CU in the News (from Info Week)
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; in
Europe from the ComNet in Luxembourg BBS (++352) 466893; and using
anonymous FTP on the Internet from ftp.eff.org (192.88.144.4) in
/pub/cud, red.css.itd.umich.edu (141.211.182.91) in /cud, halcyon.com
(192.135.191.2) in /pub/mirror/cud, and ftp.ee.mu.oz.au (128.250.77.2)
in /pub/text/CuD. Back issues also may be obtained from the mail
server at mailserv@batpad.lgb.ca.us.
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Fri, 23 Oct 92 01:23:48 EST
From: spaf@CS.PURDUE.EDU(Gene Spafford)
Subject: File 1--Re: Cu Digest, #4.49- Viruses--Facts and Myths (1)
In the Digest, #4.49, "Dark Adept" provided a long article on virus
facts and myths. Unfortunately, he/she got several "facts" incorrect.
I could try to make a point about the danger of correct-sounding
material being mistaken for factual simply because it is well-written,
and on the difficulty of verifying information presented from behind a
pseudonym and without citations, but will leave that for another rant. :-)
I'll try to correct a few of the more glaring errors. The interested
reader should consult one of the well-researched and documented texts
on the market for further details. I'd suggest Ferbrache's excellent
text "A Pathology of Computer Viruses" (Springer-Verlag), Hoffman's
collection "Rogue Programs" under the Van Nostrand Reinhold imprint,
and Denning's "Computers Under Attack" by Addison-Wesley. Also of
value are Hruska's "Computer Viruses and Anti-Virus Warfare" and the
badly overpriced "Computer Virus Handbook" edited by Highland.
The comp.virus newsgroup (Virus-L mailing list) has a very nice FAQ
article compiled by several knowledgeable researchers and authors in
the area of computer viruses that addresses many of these points and
provides pointers to additional information.
Now for my comments.
> A virus is a tiny program that attaches itself to other programs. It does
Viruses do not need to be tiny.
> a chance of catching a virus. Data files (files that are not programs, like
> text for your wordprocesser) cannot contain viruses.
Wrong. Data files can contain viruses in two ways. First, they may
contain viruses that are in a non-threatening format. For instance, a
text file may contain a virus encoded as hex digits. This is not a
threat, per se, but is a virus. This is the pedantic objection.
However, it is also possible for a virus to be present in a form that
causes it to be interpreted. For instance, a virus can be written in
Lotus 1-2-3 macros in a spreadsheet. The spreadsheet is not a
program, but is has elements that can be executed and act like a
virus. Likewise, a virus can be written in GNU Emacs macros that are
automatically executed when a file is read with Emacs (unless the
"inhibit-local-variables" variable is set correctly).
Viruses can be written for .bat files under DOS, and these are not
considered to be programs by everyone. However, they get executed,
and that means that a virus can be in one of them.
> The only way to activate the virus is to run the program.
Including my examples given above, this is not strictly true, either.
Some Mac viruses activate when one inserts a disk into the drive and
the desktop is read (under System 6.0.x). This does not involve
executing a program, but interpreting code present on the disk. Other
examples exist, but you get the point.
> Another thing is batch files. These are files on IBM PC's that end in ".bat".
> These DO NOT contain viruses.
However, they could. The viruses would be easy to spot and probably
not very effective, but they could be written, just as Unix shell
script viruses can be written. (For instance, see Tom Duff's paper in
"Computing Systems" of a few years ago.)
> Ok. Viruses can only be made for specific machines. By this I mean
> that a virus that infects IBM PC's will NOT be able to infect Macs.
> There may be a tiny tiny chance if your Mac is running something like
> an IBM Emulator that a virus may cause problems, but in general, if
> you have a non-IBM compatible computer, and you can't run IBM software,
> then you can't catch IBM viruses and vice-versa.
Wrong. A virus written in spreadsheet macros or Perl or some other
higher-level language will indeed work on any machine that supports an
interpreter for that high-level language. Also, we have seen cases of
viruses written for DOS machines (Intel 80x86 architecture) able to
run on DOS emulators under MacOS -- it isn't a tiny chance, but a real
possibility.
> For the most part, only personal computers (i.e., IBM PC's and Macs) are
> affected by viruses. On IBM's, they are usually limited to DOS, so if
> you are running Unix on a 386 you don't really need to worry (yet).
Wrong. Boot sector infectors are generally able to spread to Unix
disks. Usually they just wipe out the Unix boot sector. This should
indeed be a worry. If the Unix disk shares the same boot record
format as MS-DOS, it's even more of a worry (luckily, this isn't
generally the case).
> If you buy the software from
> a computer store, you don't have to worry. Once in a million there might
> be some type of problem, but in general, store purchased software will
> NEVER have a virus.
Wrong. Some stores will take software back for refunds after it has
been used in machines with viruses. Thus, the store software will be
infected. Some stores even put new shrink-wrap over the packages so
you can't tell it happened.
Other stores will use the software in the store in their machines to
demo it or to make sure it works the way you think. Again, this is a
source of viruses -- many store systems are badly infected.
Finally, there are many incidents where vendors have shipped their
software to stores with the disks already infected with a virus.
Getting software from a store is NOT a guarantee that it is free from
viruses.
> There are 3 main types of "anti-virus" software available:
>
> o Scanners
> o Detectors
> o Removers
This is not how most experts in the field classify such software.
> Each virus has what the anti-virus geeks call a "footprint".
We "geeks" usually refer to it as a signature. I know of no one
reputable who refers to these as "footprints."
[Dark Adept then goes on to explain his "detectors" and jumbles
together activity monitors and integrity checkers. I won't bother
explaining the nuances here -- consult one of the references.
However, many of his points are off the mark, especially as regards
integrity monitors.]
> Nine times out of ten, a disinfector will have to
> delete *ALL* the programs that are infected. Gone. Erased. Never to come
> back. Some can get out the virus without deleting files, but this is
> rare.
Not so rare -- several such programs exist and work quite well. In
the Mac world, almost all viruses can be successfully disinfected by
John Norstad's "Disinfectant". Skulason's F-Prot does a very good job
on removing most MS-DOS viruses. It is not rare at all.
[Dark Adept then recommends Central Point Software. We can't tell if
this is an informed opinion based on comparison, or if Dark Adept is
really the president of Central Point and trying to scam us because we
have no idea who or what Dark Adept really is.
In general, thorough and impartial tests conducted by places like the
Hamburg virus research group and by the Virus Bulletin have revealed
that Skulason's F-Prot and Dr. Solomon's Toolkit are far and away the
most complete and effective anti-virus tools for MS-DOS. Interested
readers can consult those mentioned and similar references for
details. Neither Skulason nor Solomon are greedy SOBs like some other
vendors in the arena (I agree with Dark Adept that there are some
notable ones out there). In fact, Skulson's product is free for
personal use at home!]
> A virus is made up of two basic parts: an infector and a destructor.
> The INFECTOR is the part of the program which hides the virus and makes
> it spread. The DESTRUCTOR is the mischief maker. This is the part
> that draws crazy pictures on your screen or erases a file on you.
Not strictly true. Many viruses cause damage because the people who
wrote them aren't as clever as they like to think they are, or because
new hardware & software configurations have come along that weren't
anticipated by the virus author. The result is that the virus causes
damage as it tries to spread by overwriting critical data or poking
into the wrong memory locations. This is one of the principle reasons
that *NO* virus is harmless -- two or three years from now, something
that appeared harmless in someone's home system may cause a massive
failure in the machines at a business or laboratory with a vastly
different set of configuration parameters.
> "The first virus was written by..."
> No one knows. However, if you were to ask me, I will say the first
> virus was written by the first person who made copy-protection.
Pure bullshit -- an apologist attempt to justify pirating and/or virus
writing. Many copy protection schemes bear no real resemblance to
viruses, and in any event they don't replicate themselves into other
software.
Ferbrache and I both have good evidence that the first PC viruses were
written in 1981 (2 years before Cohen thought of the idea). Many
people credit Ken Thompson with the first virus because of his Turing
Award lecture on trust. Others credit early core wars experimenters.
It depends on how you formally define virus. The definition I use
sides with the ones who credit Thompson.
[Dark Adept then claims that viruses aren't a problem because in all
his limited academic experience he has seen only a few cases of
viruses. This is like claiming that elephants don't exist because he
hasn't seen one in years while living in Illinois.
Business and government sites continue to report wide-spread and
continuing outbreaks. Viruses exist and they continue to be a
significant problem. It's not the end of the world, but it is not
getting better and it is real.]
> I just hoped I made this virus thing clearer. This is not based
> on any virus "expertise" I have, just a thorough knowledge of
> computers and my experience with them (which is extensive). I am not a
> "virus expert" nor am I a virus author. But next time someone tries to
> scare you or calls themselves a "virus professional" call them an idiot.
OKay, you're an idiot.
> They don't even want to format a hard drive, just have a little
> fun programming. Once in a while one of their "projects" might get out
> of hand, but they're not there to make your life miserable. Sure I'd be
> pissed at em if Flight Simulator got infected, but no biggie. Just clean
> up and reinstall.
Fun, hell. If I set fire to your house because I wanted to have a
little fun, don't get bent out of shape -- it's your own fault for not
having sprinklers, right? Just get the insurance money and move
somewhere else.
If the people who write viruses are so talented and bored, there are
lots of other things they could do that would be of benefit to others
around them and might be just as much fun. Committing indirect acts
of vandalism are not "fun" for the victims nor is it the fault of the
people who are conducting research or a business on the systems that
get hosed. There are people using their systems for more critical
efforts than "Flight Simulator" -- and they don't have time,
personnel, or resources to backup their systems every 10 minutes...nor
should they be forced to. Virus writing is nothing more than
vandalism and is solely the fault of the virus authors.
--spaf
------------------------------
Date: Tue, 13 Oct 92 08:09:24 EDT
From: "David M. Chess" <CHESS@YKTVMV.BITNET>
Subject: File 2--Re: CuD 4.49 - Viruses--Facts and Myths (2)
This is a brief reply to the file from The Dark Adept that appeared in
CuD 4.49. As an anti-virus weenie myself, I'm speaking from a rather
different point of view, obviously. On the other hand, I don't claim
to be speaking for the anti-virus weenie community as a whole; this is
just a few personal reactions, written during a sanity break from some
heavy debugging.
Most of the factual stuff in the Adept's file is generally correct
(and amusingly phrased!). A few notes:
- It's not really just .COM and .EXE files in DOS that can carry
viruses. Those are the most common vectors, but since there
is a DOS call that will execute a file of any name at all as
a program, and some viruses infect when that call is used,
you have to look in all your files during a cleanup operation.
For instance, if you have a game program in FINOGA.COM, and all
it really does is display the game-company logo and then run
FINOGA.BNX, some of the most common file-infecting viruses will
be able to infect FINOGA.BNX, and if you don't clean it up from
there, you're still infected.
- It's possible (just barely) to write a virus for a BAT file.
But no one's figured out how to do it in a reliable or non-obvious
way, so there are no BAT viruses "in the wild", and users don't
have to worry about them. The same applies to (for instance)
worksheet files for spreadsheet programs; since they can contain
things like autostart macros, it's theoretically possible to
write a virus that infects them, but there are none in the wild.
The Adept writes that viruses are more common on personal computers
because they "need access to memory that they shouldn't have, and on
a personal computer, there is nothing to stop them from getting it."
This is a common misconception. In fact, viruses *don't* need
access to memory that they shouldn't have; all they need to be able to
do is read and write program files (the same way that your compiler,
your patch program, your file manager, and so on, do). Experimental
viruses have been written for larger non-personal computers, and they
work just fine (ask your local librarian for a list of papers by Fred
Cohen from the computer science literature for some good details of
this sort of thing). The reason we don't see viruses for larger
computers is that software for them does not flow as freely as
software for personal computers. Quick, how many people reading this
have a diskette in some pocket? OK, now how many have a 9-track tape
reel?
The Adept's confidence about the cleanliness of store-purchased
software is, I fear, somewhat unfounded. There have been numerous
reports of legitimately-purchased software accidentally shipped (or
infected at the point of sale) with a virus. As software producers
and sellers become aware of the problem and better instrumented to
prevent it, we can hope it will become increasingly rare. But more
than one system has become virus infected even though "all I ever use
is shrink-wrapped software, honest!".
> Each virus has what the anti-virus geeks call a "footprint".
Actually, we anti-virus geeks call it a "signature" or a "scan-id".
Most of the rest of the Adept's comments are quite correct. I would
observe that most infections in the real world are caused by viruses
that have been out for some time, so it's not incredibly vital to have
this week's copy of your scanner. This quarter's copy is probably a
good idea, though! Also, modern scanners tend to be good at detecting
small variants of viruses that they have signatures for, so if someone
creates a "new" virus by the usual method of munging an old one, many
scanners will still find it.
One disadvantage of modification detectors that the Adept doesn't
mention is that they are prone to false positives. That is, when you
install a new version of HyperWunga, and it changes five-godzillion
programs on your disk, the next time you run your modification
detector it will of course tell you that lots of programs have
changed. How do you know that none of them were changed by a virus
rather than WungaInstall? You probably don't.
The Adept somewhat underestimates the abilities of virus removers. In
fact, a good remover will be able to restore almost all of the objects
infected by almost all common viruses to almost their original state;
it should *never* delete a file without asking your permission first.
Note all those "almost"s, though; many viruses are very buggy, and if
*I* had an actual infection on a machine I cared about, I would
restore the infected objects from backups, even if I had a remover
that claimed to work correctly on that virus. The other choice is to
trust both the virus and the remover not to have done anything wrong.
A good remover, of course, will know which viruses are buggy, and warn
you about the files that might be corrupted.
Microcomputer viruses probably don't matter much to the Net, as the
Adept points out. We should keep in mind, though, similar things that
matter more to the Net: there was this little worm the other December,
for instance! Spreading things can impact just about any kind of
computer system, if the culture and the connectivity are right.
Adept also offers the usual "virus writers are just nice guys who like
to write interesting programs" line. May be true; I don't know any
actual virus writers. I would, however, like to ask how all that
hard-disk-trashing code got in there. Did someone sneak into the Nice
Guys' rooms at night and type it in? The people who write destructive
viruses clearly have some maladjustments that need to be cleared up
before I'd let them near any of *my* offspring. Even viruses that
aren't meant to be destructive generally wreak havoc and cause pain as
they spread. I have no quarrel with someone who writes a virus just
to play with and takes reasonable measures to make sure it never gets
to anyone who doesn't want it. But the authors of the viruses that
are currently in the wild messing up machines (accidentally or on
purpose) don't qualify.
I certainly agree that there's been quite a bit of hype in the
anti-virus field. As usual, of course, one should blame the marketing
departments rather than the coding labs! *8) The world is certainly
not about to end, and the average user should probably take about the
same level of precautions against viruses that she does against, say,
a hard disk failure. Get a couple of good backup programs, and a
couple of good anti-virus programs, and use them well! And bring up
your kids to have something more interesting to do with a computer
than write code that hurts other folks...
------------------------------
Date: Wed, 21 Oct 92 03:23:28 EDT
From: mcmullen@MINDVOX.PHANTOM.COM(John F. McMullen)
Subject: File 3--Further Disclosures In 911/"Legion of Doom Case"
((MODERATORS' NOTE: We periodically reprint articles from
NEWSBYTES, which we consider the best single on-line source of
information on the nets. Barbara and John McMullen, the authors of
most of the articles we reprint, are perhaps the most capable and
incisive computer journalists in the country. They consistently
provide indepth, accurate, and comprehensive stories that provide an
antidote to the generally mediocre coverage of other media. We have
no formal way to commend them for their principled and thorough
stories other than say "Thanks!"
Newsbytes is a commercial news service with bureaus from Moscow to
Sydney, Australia. It publishes a minimum of 30 stories related to
technology 5 days a week. It reaches approximately 4.5 million people
through electronic distribution including Compuserve, GEnie, America
OnLine, AppleLink, DIALOG, Newsnet, Clarinet and various foreign
services.
It is also distributed to some individual BBS systes for a relatively
small charge.
For information on pricing, contact Wendy Woods 415 550-7334))
+++++
NEW YORK, NEW YORK, U.S.A., 1992 OCT 20(NB) -- In a discussion with
Newsbytes, Sgt. Kurt Leonard of the Chesterfield County, Virginia
Police Department disclosed further information concerning the
on-going investigation of alleged 911 disruption throughout the
eastern seaboard of the United States by individuals purporting to be
members of the hacker group "The Legion of Doom" (LOD).
Leonard identified the individual arrested in Newark, New Jersey,
previously referred to only as "Maverick", as Scott Maverick, 23.
Maverick has been charged with terroristic threats, obstruction of a
government function, and illegal access to a computer. He is presently
out on bail.
Leonard said that David Pluchino, 22 was charged to the same counts as
Maverick and an additional count of the possession of burglar tools.
Leonard said that Pluchino, the subject of a 1990 Secret Service
"search and seizure" action under the still on-going "Operation
SunDevil" investigation" possessed information linking him with
members of the Legion of Doom.
The Legion of Doom connection has become the subject of controversy
within the online community. Although Maverick has been quoted as
saying that he is a member of the group and that that the group's
intent was "to attempt to penetrate the 911 computer systems and
inflect them with viruses to cause havoc", members of the group have
disavowed and connection with those arrested. "Lex Luthor", one of the
original members of the group told Newsbytes when the initial report
of the arrests became public "As far as I am concerned the LOD has
been dead for a couple of years never to be revived. Maverick was
never in LOD. There have been 2 lists of members (one in phrack and
another in the lod tj) and those lists ar the final word on
membership. We obviously cannot prevent copy-cats from saying they
are in lod. When there was an LOD, our goals were to explore and leave
systems as we found them. The goals were to expose security flaws so
they could be fixed before REAL criminals and vandals such as this
Maverick character could do damage. If this Maverick character did
indeed disrupt E911 service he should be not only be charged with
computer trespassing but also attempted murder. 911 is serious
business."
Lex Luthor's comments, made before the names of the arrested were
released, were echoed by Chris Goggans, a/k/a "Erik Bloodaxe, and
Mark Abene, a/k/a Phiber Optik, both ex-LOD members and by Craig
Neidorf who chronicled the membership of LOD in his electronic
publication Phrack.
When the names of the arrested became public, Newsbytes again
contacted Lex Luthor to see if the names were familiar. Luthor replied
"Can't add anything, I never heard of them."
Phiber Optik, a New York resident told Newsbytes that he remembered
Pluchino as a person that ran a computer "chat" system called
"Interchat" based in New Jersey. Phiber added "They never were LOD
members and Pluchino was not known as a computer hacker. It sounds as
though they were LOD wanabees who are now, by going to jail, going to
get the attention they desire."
A law enforcement official, familiar with the SunDevil investigation
of Pluchino, agreed with Phiber, saying "there was no indication of
any connection with the Legion of Doom." The official, speaking under
the condition of anonymity, also told Newsbytes that the SunDevil
investigation of Pluchino is still proceeding and, as such, cannot be
commented on.
Leonard also told Newsbytes that the investigation has been a joint
effort of New Jersey, Maryland and Virginia police departments and
said that, in conjunction with the October 9th 2:00 AM arrests of
Pluchino and Maverick, a simultaneous "search and seizure" operation
was carried out at the Hanover, Maryland home of Zohar Shif, a/k/a
"Zeke", a 23 year-old who had also been the subject of a SunDevil
search and seizure.
Leonard also said that, in addition to computers taken from Pluchino,
material was found "establishing a link to the Legion of Doom." Told
of the comments by LOD members that the group did not exist anymore,
Leonard said "While the original members may have gone on to other
things, these people say they are the LOD and some of them have direct
connection to LOD members and have LOD materials."
Asked by Newsbytes to comment on Leonard's comments, Phiber Optik said
"The material he's referring to is probably text files that have been
floating around BBS's for years, Just because someone has downloaded
the files certainly doesn't mean that they are or ever were connected
with LOD."
(Barbara E. McMullen & John F. McMullen/19921020)
------------------------------
Date: Wed, 21 Oct 92 03:23:28 EDT
From: mcmullen@MINDVOX.PHANTOM.COM(John F. McMullen)
Subject: File 4--NY State Police Decriminalize the word "Hacker" (Newsbytes)
The following appeared on Newsbytes (10/21/92). Newsbytes is
a commercial service an its material is copyrighted. This piece is
reprinted with the express permission of the authors.
==========================================================
ALBANY, NEW YORK, U.S.A., 1992 OCT 21(NB) -- Senior investigator Ron
Stevens of the New York State Police Computer Unit has told Newsbytes
that it will be the practice of his unit to avoid the use of the term
"hacker" in describing those alleged to have committed computer
crimes.
Stevens told Newsbytes "We use the term computer criminal to describe
those who break the law using computers. While the lay person may have
come to understand the meaning of hacker as a computer criminal, the
term isn't accurate. The people in the early days of the computer
industry considered themselves hackers and they made the computer what
it is today. There are those today who consider themselves hackers and
do not commit illegal acts."
Stevens had made similar comments in a recent conversation with Albany
BBS operator Marty Winter. Winter told Newsbytes ""Hacker" is,
unfortunately an example of the media taking what used to be an
honorable term, and using it to describe an activity because they (the
media) are too damned lazy or stupid to come up with something else.
Who knows, maybe one day "computer delinquent" WILL be used, but I
sure ain't gonna hold my breath.
Stevens, together with investigator Dick Lynch and senior investigator
Donald Delaney, attended the March 1993 Computers, Freedom and Privacy
Conference (CFP-2) in Washington, DC and met such industry figures as
Glenn Tenney, congressional candidate and chairman of the WELL's
annual "Hacker Conference"; Craig Neidorf, founding editor and
publisher of Phrack; Steven Levy, author of "Hackers" and the recently
published "Artificial Life"; Bruce Sterling, author of the recently
published "The Hacker Crackdown"; Emmanuel Goldstein, editor and
publisher of 2600: The Hacker Quarterly and a number of well-known
"hackers". Stevens said "When I came home, I read as much of the
literature about the subject that I could and came to the conclusion
that a hacker is not necessarily a computer criminal."
The use of the term "hacker' to describe those alleged to have
committed computer crimes has long been an irritant to many in the
on-line community. When the the July 8th federal indictment of 5 New
York City individuals contained the definition of computer hacker as
"someone who uses a computer or a telephone to obtain unauthorized
access to other computers.", there was an outcry on such electronic
conferencing system as the WELL (Whole Earth 'Lectronic Link). Many of
the same people reacted quite favorably to the Stevens statement when
it was posted on the WELL.
(Barbara E. McMullen & John F. McMullen/19921021)
------------------------------
Date: Fri, 23 Oct 92 18:21:12 CDT
From: Moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 5--Update on Toronto Bust of Early October
When Toronto Metropolitan Police apprehended a 15 year old "computer
hacker" in the first week of October for disrupting the Toronto E911
system, the details about the extent of computer use was raised. From
initial reports, it appeared that the primary offense involved
repeated telephone hoaxes rather than an actual penetration of the
E911 computer system itself. Today, a spokesperson for the Toronto
Metropolitan Police, the agency in charge of the case, provided
further details.
The disruption of the system itself involved a series of hoax calls to
Toronto emergency services. However, the calls were made by "phone
phreaking," in which calls were routed through a series of
PBX-Alliance-Meridien systems in the United States. In addition to
theft of communication, the youth is being charged on 24 separate
counts of mischief and 10 counts of conveying false messages (false
alarms to the E911 system).
The spokesperson explained that under Canadian law, violations are
divided into indictable offenses and summary offenses. The former are
equivalent in the U.S. to felony charges, and the latter to
misdemeanor charges. The spokesperson indicated that the charges in
this case fall under provincial jurisdiction. The Canadian justice
system is somewhat different than that of the U.S., which has federal,
state, and local jurisdictions. In the U.S., computer crimes may fall
under federal jurisdiction involving the Secret Service (for most
telecommunications/computer crimes) or the F.B.I. (for crimes in which
a federal computer is involved). Although Canada also has tri-level
jurisdiction (federal, provincial--centralized authority in each
province, and municipal--the equivalent of city police in the U.S.),
computer crimes come under the jurisdiction of provincial or municipal
police. Because the youth is a minor, the trial will be held in camera
(closed session) and records will not be made public.
The spokesperson said that, judging from the existing evidence, the
youth was acting alone and the case was unrelated to the recent cases
in New York/New Jersey.
------------------------------
Date: 20 Oct 1992 18:00:41 -0800
From: "Stuart Hauser" <stuart_hauser@QM.SRI.COM>
Subject: File 6--SRI Seeks "Phreaks" for New Study
A team working with Donn Parker at the SRI is gathering information
about the perceived vulnerabilities (and related topics) of the
software and control systems of the public switched telephone and data
networks from the perspective of the hacker community and other
knowledgeable sources. It is an extension of prior research that Donn
has been carrying on over the past 20 years into the vulnerabilities
of end-user computer systems, also from the perspective of hackers.
Like the other projects, this is a pure research study.
Our objective is to gather our information through face-to-face,
telephone and keyboard interviews of members of the hacker community
and its observers in the next two to four weeks. We are not attempting
to identify and collect information on criminal activities, but rather
on what folks know or hear about the weaknesses and vulnerabilities of
the PSTN/PDNs. Below is a more complete brief on our interests.
Stuart Hauser
***********************************************************
Information Sheet for Participants in SRI's Study of the Public
Switched Telephone Network
October 1992
SRI International is conducting a study of the security aspects of
voice and data communications networks, referred to as "Cyberspace" by
some. Specifically, we are looking at the security of the public
switched telephone networks and public data networks (PSTN/PDN) from
the perspective of the vulnerability of the network management and
control software residing in the switching systems and the computers
that manage them. This study is part of SRI's ongoing research into
information and communications systems worldwide and how they are
viewed by the international "hacker" community. We are seeking the
views of many experts-including what we have called "good hackers" for
many years-on a number of issues relating to the security and
vulnerability of the PSTN/PDNs, and on the international "malicious
cracker" community.
We know that the security of the software that controls the PSTN/PDNs
is as important to most hackers as it is to everyone else who is
interested in exploring Cyberspace. Consequently, we believe that the
good hackers are as interested as we are in helping us and other
PSTN/PDN stakeholders understand what the really malicious crackers
might see as the weaknesses and vulnerabilities of these networks,
what new technologies-including the use of human engineering
techniques-they might be planning to use to gain access, and what they
might be planning to do next.
This study is being led and conducted by Donn B. Parker, who has been
conducting this type of research for SRI International and its clients
for the past 20 years, and is well known throughout both the good
hacker and malicious cracker communities. As in the case of the prior
field research of this kind, Mr. Parker and his associates will be
gathering information through face-to-face interviews of the members
of the hacker community in the United States, Canada, Europe, and
several other countries.
SRI International is a research and consulting organization that is
not owned by any business or government agency; we are not in the law
enforcement or criminal investigation business. This is a pure
research project to determine the vulnerability and security of the
software that manages and controls the PSTN/PDNs. Our interests are
very much the same as were those for earlier projects in which our
interests were focused on the vulnerability and security of the now
widely used computer information systems. We do not work with law
enforcement agencies to collect information on any individual or group
and we will not reveal the names of our information sources unless the
sources ask us to do so. A summary of our findings will be sent to
you on request after the study has been completed.
By working together in this way, SRI and cooperating information
professionals can help protect the major highways of Cyberspace for
our respective uses and interests.
Donn B. Parker
dparker@sri.com
(415) 859-2378
------------------------------
Date: Wed, 21 Oct 92 11:03:12 -0400
From: bx981@CLEVELAND.FREENET.EDU(Larry Schilling)
Subject: File 7--XIOX's Anti-Phone-Fraud Products (Press Release)
XIOX'S FORT KNOX PRODUCTS COMBAT PHONE FRAUD
EXPERIENCED BY U.S. BUSINESSES
NEW YORK (OCT. 20) BUSINESS WIRE - Xiox' Fort Knox line of products is
aimed directly at reducing the estimated $4 billion of losses to
telephone service theft experienced by American businesses each year.
And they are the first products that combat telephone "hacking"
without requiring businesses to shut off vulnerable PBX features.
According to John Hough, noted phone fraud expert and author of "Toll
Fraud and Telabuse," business losses from telephone fraud, or
"hacking," are estimated at $4 billion per year.
Hough, chairman of Telecommunications Advisors Inc. (a Portland, Ore.
consulting firm), indicates that the average loss per incident to
users exceeds $90,000. Hough's firm estimates that more than 35,000
users will become victims of toll fraud in 1992.
Xiox estimates that every business has a one in 18 chance of being
hacked. The implications for security, however serious they may be in
terms of stolen service costs, become even more formidable when the
risk to a company's data is factored in. Many organizations' computer
systems are accessible through the telephone lines, and their computer
data is only as secure as their phone system.
In addition to creating enormous business losses, hackers have forced
businesses to shut off valuable and convenient features such as Direct
Inward System Access (DISA), Remote System Access, home agent
connections and remote diagnostics lines.
All these PBX features became access paths to hackers, who re-sell the
illegally-obtained services. Businesses experience further "hidden
losses" because they can't use the telephone for critical purposes.
"Fort Knox products are the most straightforward and economical
approach I've seen to enable users to keep their telephone systems
both 'open and secure,'" said Ed Freyermuth, telecom manager for
PacTel/Meridien Systems.
One of the Fort Knox products, Hacker Tracker, gives users the ability
to track and trap hackers, opening up the possibility of apprehending
them.
"Hackers have proliferated over the past ten years, possibly because
of their connection to the illegal drug trade," said Wanda
Gamble-Braggs, manager of Systems Integrity, Western Division of MCI.
"Unlike most crimes, they leave no evidence and are at little risk of
being caught. The approach to security taken by the Xiox system is
the first one that MCI has seen that gives the user some hope of
catching the criminal instead of becoming the next victim."
The Fort Knox family of anti-hacker products includes:
-- Hacker Preventer, an automated, intelligent system that senses
deviation from "normal" telephone usage and cuts off access to
hacking attempts. It incorporates proprietary hardware- and
software-based technology which attaches to the user's PBX. Price:
$10,000 to $28,000, depending on the size of the system needing
protection.
-- Hacker Tracker is a specialized recording and reporting system
incorporating proprietary software for tracking and trapping hackers.
Price: $2,195.
-- Hacker Deadbolt is a proprietary hardware and software system
providing protection for remote maintenance and testing ports of a
PBX, voice mail system and other telephone equipment on the customer's
premises. It can be upgraded to become Hacker Preventer. Price:
$1,295.
These products may be purchased separately or together. When
installed, the Xiox Fort Knox products become an intelligent agent for
monitoring all telecommunications traffic in and out of a system.
"At Solectron, we've analyzed the risk of being hacked," commented
Dave Tichener, telecom manager for Solectron Inc. "The Fort Knox
system represents a very reasonably-priced insurance policy, compared
to the potential loss."
All Fort Knox anti-hacker products are immediately available.
CONTACT: Xiox Corp.
Michael O'Connell, 415/375-8188, ext. 228
or
Oak Ridge Public Relations, Cupertino, Calif.
Ford Kanzler, 408/253-5042
------------------------------
Date: Fri, 23 Oct 92 09:22:27 PDT
From: Lawrence Schilling <lschilling@IGC.APC.ORG>
Subject: File 8--CSC "Anti-Telecom Fraud" Device
Greetings. Another telecommunications security product. The
technology here is way over my head, so much so that I really don't
understand what this release is talking about. Nonetheless I'm
tempted to ask: Is the need for security as great as these purveyors
say and imply it is? Do these products solve problems or create them
or both? Regards. Larry Schilling
=START= XMT: 15:38 Thu Oct 22 EXP: 16:00 Sun Oct 25
CSC ANNOUNCES PRODUCT TO CUT FRAUD IN WIRELESS TELECOMMUNICATIONS INDUSTRY
EL SEGUNDO, CA (OCT. 22) BUSINESS WIRE - A new software product that
combats fraud in the wireless telecommunications industry was
announced Thursday by Computer Sciences Corp. (NYSE:CSC).
Called FraudBuster, the product was developed by Coral Systems Inc., a
Longmont, Colo.-based applications software firm serving the cellular
telecommunications market. CSC has exclusive marketing rights to the
product and is supporting software development.
According to John Sidgmore, president of CSC's telecommunications
business unit, CSC Intelicom, ''Right now, about $15 million worth of
cellular calls are being made in the U.S. each day -- and of that,
fraud is draining about $1.5 million daily from carriers' revenues.
FraudBuster is part of a series of offerings by CSC Intelicom and
Coral to support wireless carriers with software that addresses needs
such as billing, fraud and seamless roaming, which routes calls to a
cellular user at any location.
According to Coral President Eric Johnson, the teaming of CSC
Intelicom and Coral gives wireless carriers access to the full breadth
of technologies needed to support a nine-year-old industry that's
slated to reach $100 billion by the year 2000.
The industry's most compelling problem right now, said Johnson, is
fraud. But a second top concern among carriers is how to keep up with
fast-changing network technologies.
FraudBuster, he said, was designed to address both needs.
What makes FraudBuster unique, he noted, is its Unix open-systems
architecture that integrates with today's cellular networks and
evolving intelligent networks of the future. Proprietary and
DOS-based systems, he noted, don't offer that flexibility.
FraudBuster is also available now.
The product is also unique in its use of artificial intelligence to
track subscriber calling patterns. Using a complex set of algorithms,
FraudBuster creates a behavioral profile of each subscriber, based on
his or her historical usage patterns. Actual calls are then analyzed,
and network operators are immediately alerted when calls that are
markedly different from the norm occur.
The problem with most systems on the market today, said Johnson, is
their use of simple, across-the-board checks that don't take into
account the unique habits of each user. What's more, checks
themselves are too limited, reflecting a single variable -- such as
number of calls -- rather than the complex array of factors that can
accurately help carriers distinguish a real subscriber from an illegal
one.
By residing on a carrier's network and operating in real time,
FraudBuster can quickly alert a carrier to problems. Carriers can
also configure the product to fit their particular needs. For
example, FraudBuster's algorithms can be easily tuned to increase its
sensitivity to specific types of fraud occurring in a particular
market.
In addition to combating the most common types of fraud, including
clone phones and tumbler phones, FraudBuster can detect new types of
fraud as they develop. It can also operate in either a distributed or
centralized processing environment.
As part of a series of software products being offered by CSC and
Coral to the wireless industry. FraudBuster can be used on a stand-
alone basis or be integrated with other wireless software solutions
such as Coral's Home Locations Register, which offers carriers
seamless roaming and pre-call subscriber validation.
With headquarters in El Segundo, Computer Sciences is the largest
independent provider of information technology consulting, systems
integration and outsourcing to industry and government. CSC has more
than 26,500 employees worldwide and annual revenues of $2.3 billion.
CONTACT: Computer Sciences Corp., El Segundo
C. Bruce Plowman/Bill Lackey/Mary Rhodes, 310/615-0311.
------------------------------
Date: 21 Oct 92 20:02:13 EDT
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 9--The CU in the News (from Info Week)
Information Week (Oct 5, 1992 p10) reports that AT&T is suing the New
York Post for over $90,000 in unpaid long distance charges. The Post
claims the charges stem from fraudulent use of its PBX system, but
AT&T says that under current FCC regulations customers are responsible
for all charges on calls placed from their telephones, period. There
are 'rumblings' that a similar suit between AT&T and Mitsubishi is
about to be settled.
CONGRESS DECLARES SOFTWARE PIRACY A FELONY
The Software Copyright Protection Bill (S.893) has been sent to
President Bush for his signature. The bill provides for prison terms
of up to five years, and fines of up to $250K, for people convicted of
infringing at least 10 copies of a copyrighted program or programs
with a retail value of $2,500. This applies to both individuals and
corporations. (Information Week Oct. 12, 1992 pg 16)
MARSHALS GRAB COUNTERFEIT SOFTWARE
According to Microsoft Corp., U.S. marshals in California and New
Jersey have made the largest-ever seizure of unauthorized computer
software, impounding more than 150,000 counterfeit copies of its
MS-DOS operating system. The software retails for approximately $60 a
copy, bringing the value of the seizure to more than $9 million.
(From STReport #8.41)
------------------------------
End of Computer Underground Digest #4.53
************************************
Computer underground Digest Sun Oct 31, 1992 Volume 4 : Issue 54
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth / Ralph Sims
Copy Editor: Etaion Shrdleaux, Sr.
CONTENTS, #4.54 (Oct 31, 1992)
File 1--Two New Shadows
File 2--Some comments on NBC Dateline's "Hacker" Segment
File 3--Transcript of DATELINE NBC: ARE YOUR SECRETS SAFE
File 4--Somebody gets access to freeway callbox codes, runs up bill
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; in
Europe from the ComNet in Luxembourg BBS (++352) 466893; and using
anonymous FTP on the Internet from ftp.eff.org (192.88.144.4) in
/pub/cud, red.css.itd.umich.edu (141.211.182.91) in /cud, halcyon.com
(192.135.191.2) in /pub/mirror/cud, and ftp.ee.mu.oz.au (128.250.77.2)
in /pub/text/CuD. Back issues also may be obtained from the mail
server at mailserv@batpad.lgb.ca.us.
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Tue, 20 Oct 1992 18:20:24 -0400
From: Brendan Kehoe <brendan@EFF.ORG>
Subject: File 1--Two New Shadows
I'm pleased to announce the availability of two additional mirrors of
the Computer Underground Digest archives. The main archive at
ftp.eff.org is now replicated by:
IN THE US:
red.css.itd.umich.edu (141.211.182.91) in /cud(Michigan)
halcyon.com (192.135.191.2) in /pub/mirror/cud(Washington)
IN AUSTRALIA:
ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD
All three are exact copies of the archives stored on the EFF's machine.
Please save the bandwidth and visit the site closest to you.
A shadow in Europe or Scandinavia would also help (there's a lot of
interest from people in Finland, Sweden, Great Britain, and Germany
particularly).
Brendan Kehoe
cudarch@eff.org
------------------------------
Date: Sat, 31 Oct 92 16:11:58 CST
From: Jim Thomas <well@sf.ca.us>
Subject: File 2--Some comments on NBC Dateline's "Hacker" Segment
About a month ago, Susan Adams, producer of NBC's Dateline called me.
She indicated that Dateline was going to do a story on hackers, and
she wanted to know how many "hacker busts" had gone to court. She
limited the term "hacker" to teenaged computer intruders, and did not
seem interested in the more serious crimes of professional
criminals who ply their trade with computers or with computer abusers
who prey on their employers. Suspecting a pre-defined slant to the
story, I attempted to make it clear that, despite increased visibility
of attention to computer abuse, there have been relatively few
indictments. Operation Sun Devil, I explained, was mostly smoke and
served more to dramatize "hacker activity" far more than its success
in apprehending them. I provided some basic background in the Sun
Devil, Len Rose, and Phrack cases, some of which she seemed to know.
I emphasized the civil rights issues, the complexity of the "hacker
phenomenon," and the hyperbole of law enforcement and media that
distorts the nature of the problem and thereby obstructs solutions.
At some length I attempted to explain the problem of media
sensationalism, the problems of balancing Constitutional rights with
legitimate law enforcement interests and the potential for abuse that
created by an imbalance, and the need for responsible and incisive
reporting by the media. Ms. Adams indicated that she had talked to
Mike Godwin of the EFF, who I presumed would have told her the same
thing, and others who claimed to have been contacted by Dateline staff
indicated that they, too, cautioned against sensationalism. Believing
that NBC would like to think that its quality of programming exceeds
that of Geraldo's "Now it can be Told" (See CuD #3.37 special issue on
"Mad Hacker's Key Party"), I anticipated a balanced, accurate, and
non-sensationalized depiction of "hackers." To paraphrase H.L.
Mencken, nobody ever went broke underestimating the accuracy of tv
tabloid journalism. The program that aired on Tuesday, October 27,
1992, could have been worse, but that's hardly a sound way to evaluate
a program.
The teaser to the "Are Your Secrets Safe" segment framed the story
around the potential dangers that "hackers" pose: They can wipe-out
your bank account, crash the E911 system, and destroy the nation's
telephone networks. In case we missed the point, footage from
Sneaker's linked Ben Kingsly's scene, in which he discussed his mad
scheme of "bringing down the whole damn system" with the activities of
"hackers." The opening shot of a silhouetted young hacker identified
only under the pseudonym "Quintin" bragging about his exploits
reinforced the shadowy activities. Quintin demonstrated no skills,
and other than simply assert that he had previously engaged in vague
activities, his primary function on the show seemed to be little more
than as a dramatic prop that enabled the producers to shape the mood
of their recreation. Quintin may or may not be an arch-fiend, but he
neither did nor said anything that established credibility. Even the
screen shot of nic.ddn.mil and UFO information has a piscine
smell--there was no evidence that it was anything more than a file
readily obtained either by ftp or even (shades of Cliff Stoll) a file
inserted in a computer system to trap intruders. Either way, the
mystery of Quintin's identity seemed the message, and he provided
nothing of any substance not known to anybody who roams the Internet.
Brief interviews with Kent Alexander, the prosecutor in the "Atlanta
3" case, and with Scott Ticer of BellSouth, elicited the
corporate/law-enforcement view of hackers as dangerous criminals who
should be prosecuted. For them, the issues are black and white,
simple, and unequivocal. The solutions to the problem are clear, as
the Atlanta Legion of Doom cases indicated: Put 'em in prison.
The moderator, Jon Scott, then informed the audience that, to learn
more about the hacker world, he went "underground." Dramatic
terminology, but grossly inaccurate. To go "underground" presumably
would mean hooking up with people surreptitiously involved in on-going
intrusion who could clearly demonstrate how one might break into
military computers, access and re-program the E911 system, or shift
money from one bank account to another. Scott did none of this.
Instead, he interviewed two former LoD participants, both of whom are
visible and quite "above ground," and neither of whom demonstrated
much of value, let alone anything that could be considered dangerous.
Adam Grant, sentenced to a brief stint in Federal prison in the
"Atlanta 3" case, and Scott Chasin, a former LoD participant who, with
some LoD friends, were partners in ComSec, a short-lived computer
security consulting firm, demonstrated a few "hacker tricks," but
nothing that could even remotely be considered dangerous.
Grant explained "trashing"--rummaging through trash to find useful
information--to Scott. Grant took Scott to a BellSouth trashbin to
illustrate how he used to trash. Although BellSouth presumably
implemented policies requiring locks on trashbins, on one side of the
bin the lock was unlocked and there was no lock on the other side. One
presumes nothing of interest was found, or it would have become another
prop in the show. In Hacker Crackdown, Bruce Sterling provides an
account of his own trashing experience during a moment of boredom at a
law enforcement computer security conference (pp. 197-202) that was
far more interesting and produced far more detailed information.
The interview with Scott Chasin was equally misleading. Chasin typed
what appeared to by a simple "whois" command that lists the Internet
addresses of the target. "whois NSA" would produce a list of all
accessible NSA addresses. For example, typing "whois jthomas" would
produce the following addresses on military computers:
whois jthomas
Thomas, James (JT276)jthomas@TECNET1.JCTE.JCS.MIL
(703) 695-1565 225-1565
Thomas, James (JT5)jthomas@WSMR-EMH82.ARMY.MIL
(505) 678-5048 (DSN) 258-5048
Thomas, Jeffery (JT21)jthomas@TACHOST.AF.MIL
(804) 764-6610 (DSN)574-6610
Thomas, Jeffrey K. (JKT9)jthomas@WSMR-EMH02.ARMY.MIL
(505) 678-4597 (DSN) 258-4597
Thomas, Jennifer L. (JLT9)jthomas@APG-EMH5.APG.ARMY.MIL
(301) 671-2619 (DSN) 584-2619
Thomas, Joseph, Jr. (JT168)jthomas@REDSTONE-EMH2.ARMY.MIL
(205) 876-7407 (DSN) 746-7407
Thomasovich, John L. (JLT5)jthomas@PICA.ARMY.MIL
(201) 724-3760 (DSN) 880-3760
Or, "whois 162.45.0.0" would give:
Central Intelligence Agency (NET-CIA)
Central Intelligence Agency
OIT/ESG/DSED
Washington, DC 20505
Netname: CIA
Netnumber: 162.45.0.0
Coordinator:
703-281-8087
Record last updated on 22-Jul-92.
Or, "ftp nic.ddn.mil" would connect us to the Network Information
Center, which was shown on Quintin's screen, a military system that
allows anonymous ftp privileges, where the command "cd /pub ; ls"
would produce a list of the documents that one could (legally) rummage
through. One could "grep" or "find" "UFO" or any other key word
quite legitimately. Dateline did a major disservice to viewers by not
explaining at least minimal basics of computer technology and the
workings of Internet. Nothing portrayed by Chasin or Scott or on the
screen necessarily indicated wrong doing, and in fact it seemed
nothing more than a routine use of commands available to anyone with a
Unix system and Internet access. In fact, we learned nothing that
isn't explained in Krohl's "The Whole Internet" or Kehoe's "Zen and
the Art of the Internet." Dateline took basic information and made it
appear arcane, dangerous, and of special significance.
Chasin next demonstrated "social engineering," in which a telephone
caller attempts to con useful information from somebody through
deception. Chasin was given a week to access any point of a system
belonging to a corporation identified only as one of the "Fortune
500." Posing as a company computer operator, it took only a few calls
and 90 minutes (collapsed for dramatic effect into about a minute on
the program) to con a receptionist out of her password. Whether this
access would allow deeper penetration into the computers or simply
allow the intruder to read the secretary's private mail remains
unknown. Although a convincing demonstration of social engineering, it
also emphasizes a point that Dateline glossed over, which hackers and
security personnel have been saying for years: The greatest threat to
computer security is the individual user.
Computer crime is serious. It is unacceptable. Computer predations are
wrong. But, the Dateline description did little to illustrate its
nature and complexity and did much to re-inforce public technophobia
and fears of computer literate teenagers. The issue here isn't
whether the term "hacker" is again abused, whether "hackers" receive
good or bad press, or whether a program develops a slant that is
merely not to one's liking. Dateline's error was far more serious than
any of these trivial cavils. At root, Dateline presented
misinformation, seemed to have a story carved out in advance and
merely sought detail for it, and depicted little of substance in
contriving a fear-mongering story organized around assertion rather
than evidence. It only confused the nature of computer crime, and
confused perceptions lead to bad laws, bad law enforcement, and no
solutions.
As Adam Grant pointed out, the fact that people have the ability to
intrude upon a system or to shoot somebody does not mean they are
necessarily social threats. To exaggerate a "hacker threat" feeds the
folly of excessive punishment for computer delinquents, and it
suggests that the answer to the "hacker problem" is to apprehend the
hacker rather than address the broader questions of computer
responsibility, computer security, and computer literacy. Even with
its hyperbole, Dateline could have salvaged some respectability if it
had concluded by informing users that computer systems generally are
intended to be open, that *trust* is a crucial element of computer
use, and that users themselves can take significant steps to increase
security little effort.
Dateline seemed uninterested in its responsibility to the public. It
seemed more interested in presenting a sexy story. When Geraldo
presented "Mad Hacker's Key Party," the producer had the class to
engage in a dialogue with critics and seemed genuinely interested in
learning from criticism. I wonder if Susan Adams, producer of this
Dateline segment, will do the same?
------------------------------
Date: Wed, 28 Oct 92 10:00:55 MST
From: ahawks@NYX.CS.DU.EDU(we're tiny we're toony)
Subject: File 3--Transcript of DATELINE NBC: ARE YOUR SECRETS SAFE
>From the same guy that brought you a transcript of Geraldo's NOW IT
CAN BE TOLD, here's a transcript of last night's DATELINE NBC episode
which featured a segment called ARE YOUR SECRETS SAFE that dealt with
hackers:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Transcript of ARE YOUR SECRETS SAFE segment of
DATELINE NBC airing October 27, 1992
PRODUCER: SUSAN ADAMS
EDITOR: MARY ANN MARTIN
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Announcer: Well, when we come back, how computer hackers can make you
and me their victims. The computer underground can potentially shut
down our high-tech society. Our financial records, medical data,
communications systems, it's all at their finger tips. Jon Scott
reports. Next.
<Commercials>
Announcer: <first few words garbled: Paraphrased, "In the old
days when you faced breaking and entering">...you knew it. Today, it's
not that simple. In our high tech society, we can be targets of crime
and never suspect a thing. It's crime by computer hackers. They've
been glamorized by Hollywood most recently in the hit film "Sneakers."
But, how do real hackers operate, and just what kind of damage can
they do? Tonight, Jon Scott goes into their world to see how they
access ours.
[shot of computer screen, keys being pressed is the sound heard.
<Text on the screen reads: We don't want to scare you, but ...>
[FADE to silhouette of shadowed hacker, voice altered electronically]
"QUINTIN": I have accessed - you name it, really: credit card
companies, telephone companies, government installations, military
installations, political organizations, senators' computer systems.
JON SCOTT [reporter]<voice-over>: His voice is altered. His face
hidden. His name - an alias.
[fade to A HACKER {white male, approx. 14-18, wearing blue Yankess
hat backwards, t-shirt and jeans} sitting at small desk in front of a
laptop]
SCOTT: In fact we don't even know his real name. That's the only
way "Quintin" would agree to talk to us. Because "Quintin" is a
hacker: a computer genius who illegally breaks into computers for
fun.
[fade back to silhouette shot, camera shot alters between SCOTT
{reporter} and QUINTIN]
SCOTT: Have you ever shared information, say, about a company with
one of their competitors?
QUINTIN: That I have not done.
SCOTT: Have you ever been tempted to?
QUINTIN: Umm, there's always kind of the lurking temptation.
[fade to shot of QUINTIN's hands at keyboard]
SCOTT<voice-over>: It's a frightening thought: someone breaking
into your computer and roaming around in it with the potential to
share, sell, even alter what they see. That's what hackers can do.
Quintin told us he's read the private mail of a US Senator,
[close-up shot of laptop screen showing info from nic.ddn.mil
concerning UFO info at Wright-Patterson Air Force Base in Ohio]
browsed through secret government files on UFOs, and gone snooping in
our nation's military computers.
[fade back to silhouette shot again]
SCOTT: Do you recognize that what you do is illegal?
QUINTIN: <pause> Yeah, Yeah I do.
SCOTT: Is it immoral?
QUINTIN: To me, no.
[fade to shot standing in the midst of a room filled with computers]
SCOTT: More and more hackers like "Quintin" are out there, illegally
breaking into systems that could contain information about you.
Think about how much of your life is on a computer: your credit
rating, financial records, your paycheck at work - computers run your
telephone, your electricity, and your gas. In corporate America, it
seems, they run everything.
[fade to shot from the movie SNEAKERS - Ben Kingsley and Robert
Redford sitting and talking]
REDFORD: Stock market?
KINGSLEY: Yes.
REDFORD: Currency market?
KINGSLEY: Yes.
REDOFRD: Commodities market?
KINGSLEY: Yes?
REDFORD: Small countries?
KINGSLEY: <pause> I might even be able to crash the whole damn
system.
SCOTT<voice-over>: In the movie SNEAKERS, Ben Kingsley dreamed of
using a computer to dismantle the world's financial system. To some
it's not so far-fetched.
[fade to shot of Kent Alexander in empty courtroom]
KENT ALEXANDER: Most people think of this movie as science-fiction.
After prosecuting this case, I think of it as reality.
SCOTT: Former computer prosecuter Kent Alexander was one of the
first to win a conviction against computer hackers.
ALEXANDER: I've seen hackers who've tapped into phone systems and
litterally tapped into phone lines to listen in on telephone
conversations. Hackers have broken into credit bureaus to get
people's credit histories, hackers have broken into credit card
records to have money wired to themselves.
[shot of newspaper clippings related to the Atlanta 3 LoD case]
SCOTT<voice-over>: In a highly-publicized trial in 1990, Alexander
sent three Atlanta hackers to jail, among them - Adam Grant.
[fade to shot of Grant and Scott walking to BellSouth building at
night.]
SCOTT: So how often would you come over here?
GRANT: In the beginning as maybe as much as a couple times a week.
SCOTT<voice-over>: Adam belonged to an elite hacker club called the
Legion of Doom. One of the methods he used to obtain secret computer
codes was to rummage through the trash at BellSouth - the regional
phone company in Atlanta.
[they stop in front of a BFI trash dumpster and examine it]
GRANT: Back a few years ago they weren't locked. You could just
slide the doors open, reach in, grab a bag, leave. This one's not
even locked.
SCOTT<voice-over>: Using the information he found here Adam was able
to sit in front of his home computer and hack into the heart of
BellSouth.
SCOTT: They didn't learn something on this side [pointing to
unlocked dumpster - slides it open, it contains a bunch of folded up
cardboard boxes].
GRANT<voice-over>: At BellSouth we were able to get into all manner
of computers.
[fade to shot of Grant sitting and talking]
uh, the phone switches themselves.
SCOTT: In essence you got to the point where you could've turned off
everybody's phones in Georgia.
GRANT: About any one of a couple dozen of us could've done that.
[fade to shot of interior of BellSouth command center]
SCOTT<voice-over>: for more than a year, Adam and his friends had
free access to the inner workings of 12 BellSouth computer systems.
[back to previous shot]
SCOTT: They say you could've crashed or broken the 911 system.
GRANT: Mmm-hmm <nods>. The operative word for me is *could have*.
SCOTT: You could have done that?
GRANT: Yes. I could go out and shoot people. You can.
SCOTT: BellSouth cracked down hard on Adam and the others, even
though it acknowledges they never disrupted phone service or changed
any customer accounts.
[shot of US phone network display]
[fade to shot of BellSouth spokesman Scott Ticer]
TICER: We don't care what the motive may or may not be.
SCOTT<voice-over>: Scott Ticer is a corporate spokesman for
BellSouth.
TICER: We are not talking about Wally and the Beav, much less Eddie
Haskel. We're not dealing with a bunch of mischievous pranksters
playing in some high-tech toyland [possibly toilet, not clear]. This
is a crime.
[shot of skyscraper]
SCOTT<voice-over>: BellSouth is just one example of a company
stalked by hackers. In a recent New York case, members of a club
known as the Masters of Deception
[shots of MoD-related newspaper articles]
were indicted, accused of hacking into institutions like:
[corporate logos appear on computer monitor]
the Bank of America, Martin Marietta, PacificBell, SouthwesternBell,
New York Telephone, TRW, Information America, and New York
University. So how does a hacker get into these systems? To find
out, Dateline went underground into the hacker's world.
[fade to shot of Scott Chasin]
CHASIN: Power and ego have a lot to do with hacking.
SCOTT: 21 year-old Scott Chasin spent 9 years as a hacker. He says
his hacker days are behind him now, but he still keeps tabs on the
hacker underground.
[shot of monitor with a bunch of Account: and Password: 's]
CHASIN: Basically these are passwords for a university that somebody
has cracked.
SCOTT: Scott showed as a hacker's secret meeting place - a private
electronic bulletin board.
[shot of login to board called TCH]
individual hacker clubs set up these boards so members may swap
information.
<reads message on screen>"I need some help figuring out how to crash
my school's computer system"? Is he serious?
CHASIN: Sure. Why wouldn't he be?
[varying shots of crack screens from pirated software and hacking
utilities <password hackers, wardialers}]
SCOTT<voice-over>: Hacker clubs, some of whose logos you see here,
are very competitive. Sometimes its club v. club, sometimes its
member v. member.
[shot of Grant]
GRANT: You want to make yourself unique. And one of the best ways
of doing that is being forceful - being obnoxious.
[shot of Grant typing]
SCOTT: For many like Adam, the underground is the first place they
found where they felt like they had power.
GRANT: You think about: "I can do something that's really
different. I can do nothing that none of my friends can. I can do
something that most people anywhere can't. And that makes you stand
out - makes you want to do it." It's like a criminal olympics.
[shot of Chasin typing]
SCOTT<voice-over>: Hackers might break into a computer with your
name in it by accessing one of the computer networks which link
millions of computers world-wide. Scott showed us what he could
reach from his living room. We went looking for the top-secret
National Security Agency. We found it.
[shot of Chasin typing "NSA" on monitor, then:
National Security Agency (NSA)
Network Services Agency (NET-NSA)
Whois: _
]
Same with the Pentagon.
[shot of monitor:
PENTAGON-HQDADSS.ARMY.MIL
26
]
CHASIN: Let's do a search for NASA.
SCOTT: It's like searching the phonebook for someone's street
address and learning where they live.
[screen shows 'whois' output of NASA matches]
CHASIN: Found over 247 of 'em.
SCOTT: 247 NASA computers?
CHASIN: Computers and networks, that are on the Internet. Correct.
SCOTT: But each of these NASA computers has a lock on it, and only
authorized users like NASA employees are allowed to have th keys. To
"unlock" most computer systems, authorized employess type in their
username and then their password. Passwords and user names are
supposed to be kept secret, but hackers have ways of getting them.
[shot of Quintin]
QUINTIN: Sometimes it's as simple as a phone-call to the company and
portraying myself as another employee, to pulling telephone records,
to actually entering the building and places where I physically
should not be.
SCOTT: So on the one-hand you break into the building and then you
break into the computers?
QUINTIN: Yes.
[shot of Scott]
SCOTT: Most hackers don't resort to burglary - they can get the
information they need over the phone. They call it social
engineering - basically, it's a con job. We asked Scott, the former
hacker, to show us how it's done. Dateline obtained permission from
a Fortune 500 company to have Scott try and hack in. The company
gave him 1 week to land anywhere inside its computer system. Posing
as a fellow staff member, Scott began by making random calls to
unsuspecting employees.
[Chasin on phone, ringing]
CHASIN: Hi. My name's Scott Chasin and I'm calling from Business
Affairs. I'm at home right now and I'm wondering if there's a way I
could get into the network - I just bought a PC.
EMPLOYEE1: You have Crosstalk?
CHASIN: Yes I do.
SCOTT<voice-over>: Hist first call was to the computer department.
He's looking for the 800 number he needs to dial to have his computer
connect to the company's system.
CHASIN: What is the number it has to dial?
EMPLOYEE1: Your best bet is to dial the 800 number.
CHASIN: Right. But, I don't show that on my screen.
EMPLOYEE1: What do you show?
CHASIN: It just says xxx-xxx-xxxx, I think, yeah.
EMPLOYEE1: Oh, it's 800-***-****.
SCOTT<voice-over>: With the phone-numbers, he's at the company's
front door. Now he needs the "keys": a username and password, to
get inside.
[phone rings]
CHASIN: Hi, *****, this is Scott Chasin calling from the computer
center.
EMPLOYEE2: Hi.
CHASIN: How ya doin'?
EMPLOYEE2: Ok!
CHASIN: Is everything up and runnin' down there?
EMPLOYEE2: Uhhh, why? 'we sposed to be down?
CHASIN: Yeah we're having some problems, we've been having some
reoccuring problems since last night.
EMPLOYEE2: Believe me, I'm not a computer maven person. hahaha.
CHASIN: Hahah. That's all right, I'll help ya out! If you log out
and log back in, we'll go through the whole scenario so I can see if
everything's ok on my end. Can you do that for me?
EMPLOYEE2: I think so...hold on...
SCOTT<voice-over>: Bare in mind he [Chasin] still can't see anything
on his end - it's a ruse. All he wants is a username and a password.
Even if he only gets a username from someone, a hacker can make an
educated guess at a password.
[cut to interview of Chasin]
SCOTT: What are some common passwords that people use?
CHASIN: money, sex, love, secret, password. Mostly first names,
husband names, wife names, pet's names, social security numbers,
parts of their telephone....
[cut back]
SCOTT<voice-over>: But as we saw, most of the time a hacker doesn't
even have to guess.
CHASIN [on phone]: Why don't you tell me what your login id is cuz
I'm gonna watch you come across the network so I can see where the
problem's arising from.
EMPLOYEE3: What my login is?
CHASIN: Yeah.
EMPLOYEE3: ******
CHASIN: What password do you enter to get into the BIOS, [BIOC,
BIAC {unintelligible}]?
EMPLOYEE3: shy.
CHASIN: s-h-y is your password?
EMPLOYEE3: Yep.
CHASIN: s-h-y.
EMPLOYEE3: shy.
CHASIN: Ok, I'll tell ya what I'm gonna do, I'll go in there and see
if you have any stuck processes and I'll call ya back and tell ya
when it's all right.
SCOTT<voice-over>: Remember, he'd been given a week to break into
the system. It took him an hour-and-a-half.
CHASIN[on phone still]: Alright?
EMPLOYEE3: Thanx.
CHASIN: Ok, bye-bye.
CHASIN: I'm in.
SCOTT: So the receptionist, who simply hands you a password, might
be giving you access to the CEO's office.
CHASIN: Might be giving me the ability to shut down the company.
[cut to Quintin again]
SCOTT<voice-over>: The moral to computer users: don't give out your
password, and change it often. Hackers like Quintin are out there,
and to them it's a game - a challenge - to break into your system.
[cut to Grant again]
Just listen to Adam Grant, the guy who spent 7 months in jail for
Breaking into BellSouth's computers.
SCOTT: What's the lesson, in your story, for other hackers?
GRANT: Don't get caught.
SCOTT: Not "don't do it".
GRANT: People are going to do what they're going to do.
SCOTT: How do think it plays to people at home when you tell others,
simply, "don't get caught"?
GRANT: That's their own business. I don't think it's right for
other people to tell me how to live my life. So, I shouldn't tell
other people how to live their life.
SCOTT: And yet you acknowledge that hacking is wrong.
GRANT: Smoking is wrong. Taking drugs is wrong. People do it all
the time.
[FADE to computer monitor, showing:
Goodnight.
<Female announcer: If you're wondering about your home computer, you
don't really have much to worry about. If you don't use a modem, if
you aren't hooked up to a phone line, you have nothing to fear. And,
even if you are, hackers are not as interested in you as they are in,
say, your bank, or your credit union, or maybe the phone company.>
<end>
------------------------------
Date: Fri, 23 Oct 92 16:45:16 PDT
From: clarinews@CLARINET.COM(UPI)
Subject: File 4--Somebody gets access to freeway callbox codes, runs up bill
GARDEN GROVE, Calif. (UPI) -- Somebody apparently got hold of the
serial number and telephone number of a Southern California freeway
callbox, and used them to rack up nearly $2,000 in phone bills.
The Orange County Transportation Authority is trying to determine just
how the phone thief used the electronic serial number and telephone
number of the freeway emergency callbox to make 11,733 calls totaling
25,875 minutes, and who will foot the bill.
OCTA Executive Director Stan Oftelie said they got suspicious because
calls charged to the callboxes' supposedly secret numbers average
fewer than 100 a month.
Oftelie said OCTA officials also are trying to determine how the
freeway box could be used for in-state and out-of-state calls since
the boxes connect directly to California Highway Patrol dispatch
headquarters.
"We're concerned about it," Oftelie said. "They shouldn't be able to
call anywhere but Highway Patrol headquarters." OCTA said it has
tightened security measures, and is talking with GTE Cellular and L.A.
Cellular to determine who will pay the bill. The callbox is one of
1,100 solar cellular phone boxes in the county. Most average 10 to
100 calls per month from motorists in trouble.
------------------------------
End of Computer Underground Digest #4.54
************************************
Computer underground Digest Wed Nov 4, 1992 Volume 4 : Issue 55
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth / Ralph Sims
Copy Editor: Etaion Shrdlu, Jnuroir
CONTENTS, #4.55 (Nov 4, 1992)
File 1--More on "Little Black Book of Comp. Viruses"
File 2--Clinton Endorses Right to I
File 3--Electronic Privacy and Canadian Law
File 4--Computer Access Arrests In NY (NEWSBYTES reprint ((CR))
File 5--Tripwire "Integrity Monitor"
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; in
Europe from the ComNet in Luxembourg BBS (++352) 466893; and using
anonymous FTP on the Internet from ftp.eff.org (192.88.144.4) in
/pub/cud, red.css.itd.umich.edu (141.211.182.91) in /cud, halcyon.com
(192.135.191.2) in /pub/mirror/cud, and ftp.ee.mu.oz.au (128.250.77.2)
in /pub/text/CuD. Back issues also may be obtained from the mail
server at mailserv@batpad.lgb.ca.us.
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
From: jbcondat@ATTMAIL.COM
Date: 31 Dec 69 23:59:59 GMT
Subject: File 1--More on "Little Black Book of Comp. Viruses"
After the publication in CuD #4.52 (Sun Oct 18, 1992) of the "File
5--Making the news and Bookstands (Reprint)", I receive an incredible
number of well-argumented reactions. The French translation of the
Mark Ludwig's book, cited as followed in the Library of Congress'
general catalog
++++++
01351245 2092974XX STATUS: Active entry
TITLE: The Little Black Book of Computer Viruses, Vol. 1:
Technical Aspects
AUTHOR: *Ludwig, Mark A.*
PUBLISHER: Amer Eagle Pubns Inc PUBLICATION DATE: 02/1991 (910201)
EDITION: Orig. Ed. NO. OF PAGES: 192p.
LCCN: N/A
BINDING: pap. - $14.95
ISBN: 0-929408-02-0
VOLUME(S): N/A
ORDER NO.: N/A
IMPRINT: N/A
STATUS IN FILE: New (90-06)
SUBFILE: PB (Paperbound Books in Print); ST (Scientific and
Technical Books and Serials in Print)
PAPERBOUND BOOK SUBJECT HEADINGS: TECHNOLOGY- COMPUTERS AND
COMPUTER TECHNOLOGY (0000456X)
+++++
is already in France on of the most critical publication of this
winter. All weeks, some critics are available in the press... and the
Chaos Computer Club France is consider as an humor organization,
without any ethics :-)
Some e-mail reactions of so-called specialists of computer viruses are
absolute full of humor. I give you one overview of the style.
ACADEMIC AND WITHOUT REQUIRED-ANSWER
From: bontchev@fbihh.informatik.uni-hamburg.de (Vesselin Vladimirov Bontchev )
Date: Mon Oct 12 19:26:11 GMT 1992
> The CCCF are translate for a long times the book of Mark Ludwig you cited.
> It's not my PRIVATE initiative but one of my group.
I see... Not a good idea, IMHO...
> This book is forbidden in th US. This book will perhaps not be publish,
The book is NOT forbidden in the USA. Sorry, but your information is
wrong. I wish it were true, but it is effectively impossible to
prevent something from being published in the USA, except if it
threatens the National Security (sic) or contains plain lies (in the
latter case you still can publish it, but are running the risk to be
sued). This "freedom of press" is guaranteed by one of the amendments
to their Constitution.
In fact, Ludwig's book has been -already- published there. I have a
copy of it on my desk.
> Do you mean this French translation (proposed title: "C'est decide! J'ecris
> mon virus") will be an extremely bad think?
If you are asking about the title - I don't know. Why changing the
title? Why not just translating it to something like "Petit livre
noire de virus informatique" or something like that? (Sorry, my French
is horrible.)
If you are asking whether I think that the idea to translate the book
in French is a bad one - yes I definitively think so.
This book is harmful. There is nothing useful that the reader could
learn from it. S/he can only learn how to write viruses, and even this
is not taught properly... :-) The virus techniques described there are
old, silly, and barely work. But nevertheless they are dangerous.
Several years ago, a German called Ralf Burger has published here a
similar book, containing the sources of a few silly viruses. The virus
writing techniques discussed in Burger's book are even less effective
than the ones described in Ludwig's book. But nevertheless, the
viruses described there have been used to create hundreds of variants.
(Those viruses are Vienna, Burger, Number 1, Rush Hour...) The same
will happen with the viruses published in Mark Ludwig's book...
That's why, I consider any publicity of his "oeuvre" to be harmful. In
fact, if you translate and publish it, it will be harmful to your
reputation. After all, you are claiming that CCCF does NOT support
hacking (cracking) and virus writing, but is opposed to it. Even EICAR
might decide that you (as a member) do not conform to its constitution
and Code of Good Conduct... Remember, several years ago IFIP published
an appeal to everybody, including all publishers, to refrain from
publishing virus code.
John McAfee is master of the media shows... :-\ He does this much
better than fighting viruses... :-( The only thing that he does even
better is making money... :-)
My advice to you is: if you can stop the translation and the
publication of this book in France, do it.
VIOLATION OF PRIVACY
From: pelegrin@geocub.greco-prog.fr (Francois PELLEGRINI )
Date: Wed Oct 21 13:38:06 +0100 1992
I write you give you some comments about the mail you sent me about
the brand-new CCCF book.
I am in favor of the publication of such a book, in spite of some points
I find preoccupating:
I am in favor of free software and information, but my concern about viruses
is that they represent a violation of privacy, all the more when they have
harmful abilities. I would be *VERY* angry should a virus blast 2 years of
work done on a hard disk. Even reinstalling a partition is time-consuming,
all the more when you cannot install bought software because they have not
been un-installed before the system crashes! To sum-up, I am in favor of the
prosecution of authors of harmful viruses. To take an example in real life:
would you like someone to enter your apartment (just because you left a
window opened once) and crash all your CDs?
In spite of that, I find their principles of conception exceptionally
interesting and stimulating: as you must put all the replicative code on
as few bytes as possible, virus coding is to me great hack art. I believe
in such educational purposes.
The only point which cause problems is the idea of having lots of different
viruses (not in conception, since it will be based on the book's ideas, but
in code), so that maintaining anti-virus codes will be more and more
expensive in time. By reading such a book, hackers will have big fun and will
experiment new things, but I am afraid of mere-beginners, getting proud of
writing "their" virus, which will just be a copy of what is in the book.
As you talk of "1.500" viruses, I guess you mean PC viruses. As their input
can only happen, even in a local network area, from a magnetic media (I have
not heard about PC networks linked to the Internet), a check at the input
points (floppy-disk equipped machines) is rather secure.
Would you have talked about Internet viruses, the danger would have been
greater (exposing the mail bugs, or similar system faults is not harmless),
as no machine can resist to an invisible Net attack.
P.S.: Just a last idea: I have read some CCC propaganda (I have one of their
books, in French, "Danger: pirates informatiques), and sometimes they prone
free access to information. Does it mean that we are allowed to copy their
book on a copy-machine, rather than buying it? People have spent time
writing books, and expect some money to pay them back for it. It is the
same thing with programs: "Don't let a virus ruin your life!".
WITH DARKNESS
From: drkadpt@drktowr.chi.il.us (The Dark Adept )
Date: Sat Oct 17 13:12:42 GMT 1992
Why, why, why?!?!?!?
1) Anyone who wants to write a virus to hurt people will be able to find out
anyhow from other bad people.
2) The good people who want to learn how to stop viruses will not be able
to learn unless they see source code.
As you wrote before, the viruses in that book are easy to protect against.
They are not complicated, so they can do no real harm unless someone is
careless.
I see nothing wrong with what you did. I think you have helped people.
Sadly, we must use false names in the U.S. since clubs like CCCF make
people upset. They think Chaos, Legion of Doom, et cetera want to hurt
people. We both know this is false, but some people here think it true.
MILITARY STYLE
From: WHMurray@DOCKMASTER (William Hugh Murray )
Date: Mon Oct 19 17:43:45 GMT 1992
I am generally opposed to the publication of viruses in code or in
print. Viruses, like other ideas, once published cannot be easily
controlled. The author has almost no control.
Viruses in code can replicate without much human help or assistance. On the
other hand, they keep much of their design and intent concealed.
Currently, viruses in print cannot replicate without considerable human
help. However, their intent is to make their design and intent as
obvious as possible. This may result in even more destructive use of
the ideas.
I consider any publication of viruses in executable code to be
gratuitous at best, destructive at worst. Particularly in print, any
legitimate objectives can be met in psuedo code. Still, while opposed
to any publication, all other things being equal, I have a small
preference for publication in print if publish you will.
While I will attempt to discourage you from any such publication and
will shun you after the fact if you do so, I am opposed to the use of
the power of the state to restrain you. This has almost nothing to do
with how I feel about the essentially destructive nature of your
publication. Rather it is related to the potential for abuse of any
such power granted to the state. While forced to trust the state to
distinguish between classes of destructive behavior, my reading of
history leaves me temporarily convinced that the state should not be trusted
to judge ideas.
R&D ONLY
From: M.Rawidean1@lut.ac.uk (Mohamed Rawidean )
Date: Fri Oct 23 19:13:04 BST 1992
I think it's a good idea. Anyway the circulation should be limited to research
& academic purposes ONLY. This is my personal opinion.
From: mechalas@mentor.cc.purdue.edu (John Mechalas )
Date: Fri Oct 23 10:36:05 EST 1992
Hmmm...legally, I can't say there is anything wrong with what you propose,
although the ethical aspects do pose interesting questions. I would have no
objections so such a text being released in an academic environment, such as
for use as a textbook on virus and anti-virus theory, but I have misgivings
about a public release. There may be many potential virus writers who could
gain enough interest in the material to actually improve upon given code, or
even gain that insight needed to write their own code. Supposedly, in an
academic setting, the students would be considered more responsible than that.
(That's the theory anyway).
LIKE THE TECHNOLOGY OF ATOMIC BOMBS
From: tristan@la.tce.com (Tristan Savatier )
Date: Wed Oct 21 10:34:57 PDT 1992
I have nothing agains this. Computers are often not "safe", and it
is good that people get aware of this fact.
I personally spent a lot of time looking for books that would explain the
technology of atomic bombs, and was very disappointed to see that, in
the public libraries in France, the interesting pages had been
teared off.
What a shame!
THE DAMAGE IS ALREADY DONE
From: weber@vortex.ufrgs.br (Raul Fernando Weber )
Date: Mon Oct 19 11:25:28 EST 1992
I am not opposed to the publication of books about the problem of viruses
and other malicious programs. The end user should learn about the problem
that viruses represent to computer sciences in general. The user should
known the perils that such programs represent to his or her data. Knowing
your enemies is the best method of fighting against them.
But if a book contains source code of viruses, that is a real problem.
Anyone can then easily type the code or modify it, and very soon we will
have a greater number of new viruses to deal with. Any explanation about
viruses can easily be done in plain text or in pseudo code (without
explicit reference to a hardware platform or operating system). Authors of
such books should be discouraged to publish complete or partial
descriptions of viruses source code.
It doesn't matter if the code published is from viruses that can be
detected and eliminated by normal anti-virus programs. If this book is read
by someone that is not a "responsible adult"', and this person writes a
virus with the information he or she gets from the book, the damage is
already done. It doesn't matter if this virus works or not, if it is a "bad
replicator" or a "benign virus"'.
In the other way, I also believe that once such a book is published, there
is nothing we can do against it, except discourage any person from buying
it, or from using the ideas to write viruses. I am against any type of
censure. It is much better to give people a good education and sense of
ethics.
I wrote articles about computer viruses (in portuguese) and I use
high-level pseudo-code in order to explain the virus routines. For
instance, in order to explain how a bootstrap virus uses stealth
techniques, I explain that the virus has the following routine:
if trying_to_read_the boot_sector
then show_the_original_boot_sector
This art of pseudo-code lets the reader understand how the virus work
without teaching how to write a virus. Of course, a good programmer can
translate this to assembler and write such a virus for the IBM-PC, but he
needs to understand a lot about BIOS, DOS, etc.
Giving the code in assembler form enables an unexperienced user to write a
virus, and that is exactly the crucial point! With pseudo-code you need to
be a good and experienced programmer in order to write a virus, and I hope
that every such a programmer has also a good sense of ethics. But with
assembly listings almost everyone can, with a trial-and-error process, also
write a virus. And this kind of user can release a virus just for fun, to
see what happen with his neighbours. This possibility of "unwanted" spread
of virus scares me, and because this I am against the publication of
viruses code in general.
ABOUT AIDS AND PROSTITUTE
Date: Mon Oct 19 17:33:00 EDT 1992
From: doc@magna.com (Matthew J. D'Errico )
First of all, I have never read this book personally. Without that first hand
knowledge, it's difficult for me to comment on the content directly.
Secondly, I think it is wrong to publish any book which might place this
type of information in the hands of potentially malicious people. The true
"hacker" does not need this information, they've already gotten it through
other means, or they're creating it on their own.
While responsible people, such as my organization, now run regularly with
Anti-Virus software loaded on our systems, it is because of the malicious
intent of a precious few that we must. The argument that the virii
contained in the book are handled by the available Anti-Virus software,
in my opinion, is absolutely no guarantee that there is no potential
danger to release of this information.
Education, in my opinion, should be directed to the proper use of computer
technology, not the abuse of it. You don't educate someone about AIDS by
sending him to a prostitute, agreed? My opinion.
LOW QUALITY OF THE VIRUS CODE
From: frisk@complex.is (Fridrik Skulason )
Date: Sat Oct 17 11:05:15 WET 1992
My reaction will simply be the same as to the publication of the English
book - I will do my best to ignore it. There is nothing I can do to stop it -
it is not illegal, in if I went public, encouraging people not to buy it
or read it, it would have just the opposite effect. No, the only thing I
can really do is to talk about the low quality of the virus code in the
book - just call it "Junk"...
THE COUNTRY IS IRRELEVANT
From: hayes@urvax.urich.edu (Claude Bersano-Hayes )
Date: Tue Oct 20 04:52:00 EDT 1992
I first think the country is irrelevant. France, Italy, Bantoustan... or the
USA. The problem remains the same: shall we as a whole have access to the
information. You probably have informations I don't. I am less drastic than
you here. I think all depends of the info, and what one can do with it.
Knowing how to make a A-bomb is not critical, since getting plutonium is not
*that* easy. Creating computer viruses is another matter.
Publishing a "do-it-yourself" book about viruses is at best irresponsible, and
more than likely dangerous. But there are laws in France too. The book can be
published "legally" but its use can be dangerous for the user who get caught
creating and/or disseminating viruses. I am not a lawyer so you may want to
check with others, but it seems to me that the publisher may be sued if a book
entices someone to do something illegal. Suggestion: post that same message
to Usenet's soc.culture.french. You will probably get a few more replies.
But this does not mean I approved of the US publication either. I did not (but
was not asked <grin>). The self-proclamed "Dark Avenger" released his MtE
(Mutating Engine) which can be used to make "stealth" viruses (and it is
available on many BBS's here). Not a great idea either...
Since I don't know the state of computing in Europe in general, and France in
particular, I have no idea what the impact of this book will be.
If the book is aimed at computer professionals that's another story. These
people need to know how these little pests work. I have no problems there.
I don't think liberty has anything to do here. The problem is one of
publisher's resonsibility: will this book cause harm to the computer users
at large?
I myself ran into a similar problem here in the US. I moderate a virus-
awareness group on a local BBS and a fellow user wanted to give references
about some viruses (including source code and book titles). I refused (and was
called a fascist because of that).
There is no good answer to this problem <sigh>...
RUSSIAN'S OFFICIAL ANSWER
From: eugene@kami.npimsu.msk.su (Kaspersky Eugene Valentinovitch )
Date: Tue Oct 20 19:31:15 GMT 1992
I think that the publications of virus sources is very bad news for me
because:
1. The difficult virus (like a stealth, polymorphic, etc) is very interesting
to analyze it and it's a very interesting job to make antiviral for this
difficult virus. This virus can be produced only by high-class programmers.
But the high-class programmer can write the virus without any smb virus
sources, without any books with the virus sources.
So who will read this book? Only the -beginners- in programming and assembler.
And these beginners can't write the virus which will be interesting to me.
They can write the millions of Vienna, Burger, Tiny viruses. At this
moment the sources of Vienna and Burger viruses are printed in West,
the source of the virus Vienna was published ever in Russia!!!. Now there are
about 50 viruses of Vienna and 10 of Burger in my collection.
And I should to analyze them and add the information into my antiviral
database. And it's a lost time, because it's a non interesting work for me
and my boys.
It's a work for the rubbish-remover.
There is the word 'zolotarr' on Russian - it's a man who on very old years
cleaned the water-closets (on the old year there are 'closets' without
'water'). The analyze of the Vienna and Burger is the work of 'zolotarr'.
And now when I receive the new large portion of the viruses I say
for my boys: "Hey, zolotarrs! Come here! There is a new work!" :-)
So this is the 1st why the publication of the virus sources is very bad
to me: I receive a lot of not interesting work.
2. The publications of the virus sources will push some programmers to
the virus creation. If this is a beginner, see above. If it's a
good programmer he can write new very interesting virus. But I have
a lot of interesting virus! It's enough! It's about 900 analized viruses
in my collection and about 300 awaiting analyze.
So this is the 2nd: there are too much viruses, and I don't want to
receive another ones.
3. This publication is the hooliganism, because this paper can call
the damage for the computer users and not only to them. I think that it is
not needed to explain this.
It's the 3rd: I don't like the hooligans.
That's all.
About the virus-writers
+++++++++++++++++++++++
I think that the men who wrote this book are unhappy men, because they try
to make the work which is not needed to another men. They can't find
the more interesting job. It's unhappy.
I see from time to time the virus-writers. Practically all of them seens
like non-smiling boys, boys which don't like to girls...
So I think that the virus writes and virus-publishers are unfortunately
because the good man don't writes the viruses.
About France
++++++++++++
You asked me about France only. Why only France? I think it's a problem
of all the countries.
Yes, the France, Spain, ... are non-computer countries, I don't know why.
I remember 2 French programs only: exe-file-compresser LZEXE and the game ...
I forgot the name... the game about prisoner. Ha! the name of this game -EDEN.
That's all. I think that the love to computers - it is a national peculiarity.
The French programmers can write intelligent virus, but probability of
this is a little.
But the USA, UK, Russia (yes, Russia!) - there are the computer countries.
And there are a lot of high-level programmers, a lot of programmer-hooligans
too, especially in Russia :-(.
About free information
++++++++++++++++++++++
There are the range of the information freedom: from "don't write
about viruses!!!" till "write all about them including the source".
I think the better way for the virus information is the middle of this range.
I have about 10 publications in 2 books, Russian computer magazines, Russian
newspapers and I try to say the interesting information about viruses
but so that this information can't be used while programming the new viruses.
P.S. Sorry my English, all the people in Russia told only on Russian - I
don't know why... ;-)
POLYMORPHISM AND GLUT
From: 0004886415@mcimail.com (Joe Wells )
Date: Wed Oct 21 11:52:57 +1000 1992
At the mid-June NCSA conference in Washington DC, during the "Is there a
good virus" debate (moderated by Alan Solomon and in which the author of the
little Black Book defended his publication), I expressed my opinion on the
subject by stating that the publication of source code in the Burger book
had done more to worsten the virus problem than any other single thing.
The publishing of the vienna code led to the two worst problems we have today.
Polymorphism (Washburn based on vienna) and glut (many virus writers use the
code as their basis)
BECOMING UPSET, ANGRY AND HURT
From: mcafee@netcom.COM (McAfee Associates )
Date: Tue Oct 20 21:19:11 -0700 1992
I'm glad to be of assistance to you. I think that most people in the anti-
virus community view Mr. Ludwig's book with considerable distaste. Mr.
Ludwig does not seem to recognize the fact that he is making all of our
lives more difficult by teaching people how to write computer viruses. I
am not a programmer, nor am I a lawyer or a businessman. I provide technical
support for people who have a computer infected with a virus (or suspect that
they have one). These are people who become upset, angry, and hurt because
they have gotten a virus from some source. And I don't think people should
have to suffer just so someone can show off his (her) programming skills or
prove that he can print virus source code and sell it safely behind the laws
of his own country.
Please bear in mind that I am not a lawyer, nor do I have a background in
international shipping or publishing.
I would strongly recommend that you contact the U.S. Department of Commerce
or at least the U.S. consulate in Paris. They should be able to provide you
with all information required to import Mr. Ludwig's book into France and
publish it there.
I would also strongly recommend that you check with a lawyer that specializes
in high-tech crime issues as well as the high-tech crime bureau of your local
police department to make sure that no laws our broken by its publication. If
your local police department does not have a high-tech crime bureau, I would
recommend that you try contacting the national police.
When talking with your lawyer, I would recommend that you ask him (or her)
about your legal exposure: You (or CCCF) could be held responsible for
damages caused by the viruses, even if you include a disclaimer.
HOW TO POISON YOURSELF?
From: frasq@panafix.frcl.bull.fr (Eric-Gilles Companie )
Date: Thu Oct 22 14:39:29 +0100 1992
Publishing a book on how to build a virus on Unix seems to be like publishing
a book on how to commit suicide. In fact, such a recipe collection, actually a
cook book for the "how to poison yourself" chapter, was edited in the so
called land of liberty. A teenage boy purchased the book. There he found a way
to put an end to his human condition, without pain, as advertised. Good buy
thought the boy when he fell asleep. His father started an association of the
victims, of the victims' parents one should say. The author and the editor
were asked to withdraw the book from the stores. They claimed their book
brought relief to people who were desperately seeking means to cleanly kill
themselves. The boy's father didn't jump to their necks, he went to court,
and won. The book was censored. I don't regret it. You know, sometimes, my
spirits isn't so high.
IRRESPONSIBLE ATTITUDE
From: rslade@sfu.ca (Robert Slade )
Date: Sat Oct 17 13:20:55 PDT 1992
I am strongly tempted to reply that your posting is stupid, and an obvious
attempt to justify an irresponsible attitude. However, giving you the benefit
of the doubt, I will try to restrain myself.
You try to take the "high moral ground" by implying that the publication of
this book will assist users to protect themselves. While I acknowledge that
"good" books on protection against viral programs are hard to find, Ludwig's
book is definitely not the answer. It is certainly no better in that regard
than many other available works.
You attempt to downplay the damage that can be done is unrealistic. While
agreeing that Ludwig's code is simplistic and easily countered by reasonable
protection, but, as you note, the vast majority of users have *no* protection.
In addition, the new viral programs thus generated require a lot of extra
effort on the part of the anti-viral researchers to weed out these additional,
if stupid, viral programs.
PUBLISH THE BOOK
From: ygoland@SEAS.UCLA.EDU ("Yaron Y. Goland" )
Date: Tue Oct 20 22:13:39 PDT 1992
Accepting for the moment that it is indeed legal to publish this
book in France, the question at hand is if it is 'right' to publish
this book. I believe this is the wrong question. Is the computer
virtual community to act as a self censor? Should we not say what we
know for fear of 'educating' others? Any time we restrict ourselves
in this manner we limit our freedom and the freedom of everyone
around us. Information is, in itself, not dangerous. It simply is.
It is the use that the information is put to that determines it's
'correctness'. Publish the book. To not do so is to do nothing more
than carry on the irrational fear of viruses and more importantly it
will strike another blow against the various forms of 'self
censorship' which is now practiced within the community. Silence
breeds fear, not knowledge.
The Jester
CONCLUSIONS
From: Mark A. Ludwig
(Amer. Eagle Publications, Inc., PO Box 41401, Tucson, AZ 85717;
Phone: (602) 888-4957)
Date: Thu Oct 22 22:17:29 -0700 1992
So you have found out that _The Little black Book_ is controversial! If you
ask the so-called "experts" in viruses, guys like Skulason, or David Stang, or
Alan Solomon, they'll tell you they hate the book, and it shouldn't be
published. And they are smart enough to avoid saying "don't buy it" so they
use a classic Soviet-style disinformation tactic that they've dreamed up and
call the code in the book "junk," etc., to try to make people think it isn't
worth their while to buy it. That's a lie, and I've had people in the industry
tell me so, off the record. I know the code is good, and it works, period.
The only "bugs" are as discussed in the book. Now, there isn't anything cute
or tricky about the code, and maybe some people call it junk because it isn't
an attempt to intimidate the reader, as a Whale-style ultra-cryptic virus
would be, etc. These viruses were written purely as instructional examples,
and they are straightforward and functional examples, and not an attempt to
demonstrate to the world how clever I am.
My counter-tactic to this disinformation is to simply ignore the nay-sayers
and advertise the book. Plenty of people absolutely love it and buy it and
talk about it to their friends. The fact is the little guys who aren't
already virus experts want to become more expert in this area. They have good
reason for it. They need to understand viruses and be able to combat them from
a position of knowledge and not ignorance. The so-called experts don't want
the little guys to be expert. They'd rather the little guys keep feeding off
of them. And the more the little guys read the book, the more they will quit
trusting the establishment anti-viral types.
I can send you a packet of unsolicited letters from people who have really
liked the book if you or the publisher needs to see them before going ahead.
I can guarantee you that the book will probably be as controversial in France
as it has been in the US. People will love it and people will hate it. Nobody
will be indifferent. My goal in this whole thing is to win a battle with the
people who want to keep viruses secret, and I am going to do it.
I must say I was somewhat surprised that a major publisher like Eyrolles was
ready to buy into the book--if French publishers are anything like their
American counterparts. Technical publishers here are extremely conservative
and try to avoid controversy as much as possible. If they are having reserva-
tions about publishing it i would not be surprised.
Please publishe it!
From: jbcondat@attmail.com (Jean-Bernard Condat )
Date: Sat Oct 24 13:12:42 GMT 1992
I offer one free copy of _C'est decide! J'ecris mon virus_ to the 20 first
CuD's readers that give me their address :-)
======================================================================
Jean-Bernard CONDAT (General Secretary)++++++Chaos Computer Club France [CCCF]
B.P. 8005, 69351 Lyon Cedex 08// France //43 rue des Rosiers, 93400 Saint-Ouen
Phone: +33 1 40101775, Fax.: +33 1 40101764, Hacker's BBS (8x): +33 1 40102223
------------------------------
Date: Mon, 2 Nov 1992 12:57:36 EDT
From: Dave Banisar <banisar@WASHOFC.CPSR.ORG>
Subject: File 2--Clinton Endorses Right to I
Clinton Endorses Right to Information Privacy
Excerpts from - Clinton/Gore Campaign Pledges Strong Consumer Protections;
Blasts Bush/Quayle Record - Oct. 26
* * *
A Clinton/Gore Consumer Bill of Rights will include:
1. The Right to Safety - To be protected against the
marketing of goods which are hazardous to health or
life.
2. The Right to be Informed - To be protected against
fraudulent, deceitful, or grossly misleading
information, advertising, labeling or other practices,
and to be given the facts needed to make an informed
choice.
3. The Right to Choose - To be assured, whenever possible,
access to a variety of products and services at
competitive prices; and in those industries in which
competition is not workable and government regulation
substituted, an assurance of satisfactory quality and
services at fair prices.
4. The Right to be Heard - To be assured that consumer
interests will receive full and sympathetic
consideration in the formulation of government policy
and fair and expeditious treatment in its administrative
tribunals.
5. The Right to Consumer Education -- To help consumer
education become an integral part of regular school
instruction, community services and educational program
for people out of school; to ensure that consumers have
the assistance necessary to plan and use their resource
to their maximum potential and greatest personal
satisfaction.
6. The Right to Privacy - To not have information provided
by consumers for one purpose used for a separate purpose
without the consumer's knowledge and consent.
------------------------------
Date: Mon, 2 Nov 92 13:52:51 -0500
From: sross@CRAFT.CAMP.CLARKSON.EDU(SUSAN M. ROSS)
Subject: File 3--Electronic Privacy and Canadian Law
Recently in Canada, a cellular conversation between governmental
officials was recorded and the transcript given to a radio station
that scheduled a special program to air its contents. It dealt with
issues related to the recent constitutional referendum in Canada.
Although it has been ruled in Quebec that users of cellular phones
have no legitimate expectation of privacy, one of the officials got an
injunction (in Quebec) on the basis that broadcasting or publishing
the conversation would cause irreparable harm to intergovernmental
affairs. However, quotes were published by a newspaper in another
province. Then, a member of an academic list dedicated to Canadian
issues, posted (from the U.S.) a news story on the issue, including
quotes. List members are from the U.S., Canada (in and outside Quebec)
and elsewhere. The list owner and "home" mainframe are Quebec-based.
So, the list owner shut down operations for about a day, consulted
with lawyers, and reopened the list with a request that members not
post quotes from the transcript while the injunction stood. (The
listowner, by choice, does not pre-monitor postings.) Soon the
injunction was lifted because the content of the transcript was so
readily available that the judge believed the injunction wasn't doing
any good.
It appears that, in spite of the freedom of expression clause in the
Canadian Charter (Section 2-b that says everyone has freedom of
expression...in the press...and other media of communication), there
was a question whether laws in the criminal code, which may set limits
on expression "demonstrably justified in a free society" (Canadian
Charter, Section 1) applied to such electronic discussion groups.
Without actually contacting lawyers, I don't think I'll be able to
figure out whether the fact that Quebec hasn't ratified the Canadian
Charter was also at issue. Please note that *I am not a lawyer.*
If anybody has additional information on this case, perhaps they could
forward it along.
Susan Ross
Dept. of Tech. Comms.
Clarkson University, Potsdam, New York 13699-5760
sross@craft.camp.clarkson.edu
------------------------------
Date: Tue, 03 Nov 92 03:00:44 EST
From: mcmullen@MINDVOX.PHANTOM.COM(John F. McMullen)
Subject: File 4--Computer Access Arrests In NY (NEWSBYTES reprint ((CR))
GREENBURGH, NEW YORK, U.S.A., 1992 NOV 3 (NB) -- The Greenburgh, New
York Police Department has announced the arrest of three individuals,
Randy P. Sigman, 40; Ronald G. Pinz, Jr, 21; and Byron J. Woodard, 18
for the alleged crimes of Unauthorized Use Of A computer and Attempted
Computer Trespass, both misdemeanors. Also arrested was Jason A.
Britain, 22 in satisfaction of a State of Arizona Fugitive From
Justice warrant.
The arrests took place in the midst of an "OctoberCon" or "PumpCon"
party billed as a "hacker get-together" at the Marriott Courtyard
Hotel in Greenburgh. . The arrests were made at approximately 4:00 AM
on Sunday morning, November 1st. The three defendants arrested for
computer crimes were granted $1,000 bail and will be arraigned on
Friday, November 6th.
Newsbytes sources said that the get together, which had attracted up
to sixty people, had dwindled to approximately twenty-five when, at
10:00 Saturday night, the police, in response to noise complaints
arrived and allegedly found computers in use accessing systems over
telephone lines. The police held the twenty-five for questioning and
called in Westchester County Assistant District Attorney Kenneth
Citarella, a prosecutor versed in computer crime, for assistance.
During the questioning period, the information on Britain as a
fugitive from Arizona was obtained and at 4:00 the three alleged
criminal trespassers and Britain were charged.
Both Lt. DeCarlo of the Greenburgh police and Citarella told Newsbytes
that the investigation is continuing and that no further information
is available at this time.
(Barbara E. McMullen & John F. McMullen/19921103)
------------------------------
Date: Tue, 03 Nov 92 17:22:08 EST
From: Gene Spafford <spaf@CS.PURDUE.EDU>
Subject: File 5--Tripwire "Integrity Monitor"
This is to announce the first public release of "Tripwire."
Tripwire is an integrity-monitor for Unix systems. It uses several
checksum/signature routines to detect changes to files, as well as
monitoring selected items of system-maintained information. The
system also monitors for changes in permissions, links, and sizes of
files and directories. It can be made to detect additions or
deletions of files from watched directories.
The configuration of Tripwire is such that the system/security
administrator can easily specify files and directories to be monitored
or to be excluded from monitoring, and to specify files which are
allowed limited changes without generating a warning. Tripwire can
also be configured with customized signature routines for
site-specific checks.
Tripwire, once installed on a clean system, can detect changes from
intruder activity, unauthorized modification of files to introduce
backdoor or logic-bomb code, (if any were to exist) virus activity in
the Unix environment.
Tripwire is provided as source code with documentation. The system,
as delivered, performs no changes to system files and does not require
root privilege to run (in the general case). The code has been
beta-tested in a form close to that of this release at over 100 sites
world-wide. Tripwire should work on almost any version of Unix, from
Xenix on 80386-based machines to Cray and ETA-10 supercomputers.
Tripwire may be used without charge, but it may not be sold or
modified for sale. Tripwire was written as a project under the
auspices of the COAST Project at Purdue University. The primary
author was Gene Kim, with the aid and under the direction of Gene
Spafford (COAST director).
Copies of the Tripwire distribution may be ftp'd from
ftp.cs.purdue.edu from the directory pub/spaf/COAST/Tripwire. The
distribution is available as a compressed tar file, and as
uncompressed shar kits. The shar kit form of Tripwire version 1.0
will also be posted to comp.sources.unix on the Usenet. No mailserver
access currently exists for distribution, although we expect some
archive sites with such mechanisms will eventually provide access.
Questions, comments, complaints, bugfixes, etc may be directed to:
genek@mentor.cc.purdue.edu (Gene Kim)
spaf@cs.purdue.edu (Gene Spafford)
------------------------------
End of Computer Underground Digest #4.55
************************************
Computer underground Digest Sun Nov 8, 1992 Volume 4 : Issue 56
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Copy Editro: Etaion Shrdlu, Junior
CONTENTS, #4.56 (Nov 8, 1992)
File 1--Response to the Virus Discussion
File 2-- Carnegie Commission on S&T Policy and Long-Term Goals
File 3--THIRD ANNUAL XMASCON/H0H0CON
File 4--Re: Worship SPERF of be engulfed in SunDevil Jr. ][+
File 5--Computer Info off-limits to Federal Prisoners
File 6--These Computer Abusers Cost us nearly $100 Billion
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; in
Europe from the ComNet in Luxembourg BBS (++352) 466893; and using
anonymous FTP on the Internet from ftp.eff.org (192.88.144.4) in
/pub/cud, red.css.itd.umich.edu (141.211.182.91) in /cud, halcyon.com
(192.135.191.2) in /pub/mirror/cud, and ftp.ee.mu.oz.au (128.250.77.2)
in /pub/text/CuD.
European readers can access the ftp site at: nic.funet.fi pub/doc/cud.
Back issues also may be obtained from the mail
server at mailserv@batpad.lgb.ca.us.
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: 02 Nov 1992 16:07:19 -0500 (EST)
From: Guido Sanchez<guido@nunbeaters.anon.com>
Subject: File 1--Response to the Virus Discussion
I've some qualms about this article. It seems that The Dark Adept is,
while trying to clear up some common misconceptions, contributing to
the ignorance of the computer community at large. Perhaps this was his
goal in writing this article, I really don't know. As a writer of
viruses and a pillar of spam in the virus writing community <inside
joke, really>, I'd like to clear up some misconceptions on the points
raised by The Dark Adept.
Let's start off with his definition of viruses..
> What is a virus?
> ++++++++++++++++
> A virus is a tiny program that attaches itself to other programs. It does
> in fact operate as a biological virus does. It finds a victim program and
> infects it with a copy of itself. Then when the victim program is
> unsuspectingly run, the virus now inside it is activated. At this point,
> it can do one of two things: infect another program, or cause mischief.
This is innocent enough, but not altogether true. A virus doesn't
always attach itself to another program. If they merely did that, they
would be NoWhere <another inside joke.. I'd better watch myself> near
as virulent as the anti-viral community would like John Q. Netrunner
to believe. The only efficient way that we <viral community> are going
to get our stuff to spread <assuming that we even want that> is to
utilize the boot sector of a diskette to contain virulent code. Not
file infectors, but actual disk infectors. Once this diskette goes
into another computer, that system has a much higher risk than if a
mere infected program were to be run. Another array of misleading
points being:
> How do people catch viruses?
> ++++++++++++++++++++++++++++
> Yikes! Here's where all the rumors are! You cannot get a virus from a modem,
> a printer, a CRT, etc. Viruses only come from other programs. So, whenever
^^^^^^^^^^^^^^^^^^^
Wrong, as I said before
> you add a program to your hard disk or run one off of a floppy, you stand
> a chance of catching a virus. Data files (files that are not programs, like
> text for your wordprocessor) cannot contain viruses. Only programs can
> contain viruses. On IBM PC's, programs usually end in ".exe" or ".com" and
> are the files that you run. The programs are the only ones that can contain
> viruses.
Also overlooking the .SYS, .OVL, and .APP files to name a few which
can be infected by file infectors. The data files, true, cannot
contribute to the spread of a virus, but they might be corrupted or
overwritten with the virus signatures depending on the type of virus.
> The only way to activate the virus is to run the program. Say for example
> you got a new program called "game.exe". You put it on your hard drive,
> but you never run it (i.e., you never tried it). Even if game.exe has a virus
> in it, you WILL NOT catch it. The program has to be run at least once to make
> the virus active.
Wrong again, re the boot sector argument.
> Another thing is batch files. These are files on IBM PC's that end in ".bat".
> These DO NOT contain viruses. However, .bat files run other programs. So
> if the .bat file runs a program that has a virus, the virus WILL be activated.
> The cause is NOT the .bat file, but the program that was run BY the .bat
> file.
This is part fact, part ignorance. On Vx <Virus Exchange> BBSs, there
have been seen batch file viruses. That is a batch file which, when
run, would use the debug program and insert viral code into memory,
subsequently executing it. In this case and others, the cause is both
the .BAT file and the DEBUG.EXE program.
> What do viruses do?
> +++++++++++++++++++
> Well, a number of things. Some erase your disks. Others print silly
> messages to your screen. In any case, a virus is not written like other
> programs are. It uses things that other programs normally don't. If your
> computer is infected by a virus, whenever you turn on the machine that
> virus is in the memory, and even if all it does is print "I want a cookie,"
> it can still interfere with other programs since they don't expect it to
> be there.
Supposedly, there are some viruses and trojans <trojan horses being
merely programs which do something they aren't supposed to do, usually
destructive, but still not being able to replicate like viruses do>
which can cause physical damage to hardware. Example, the HEADKILL
Trojan which supposedly ruins the head of the victim hard drive <I ran
this trojan on a 1.2meg 5.25" disk, it registers as invalid media
now>. Some viruses could overwrite the disk as to not be recognizeable
as a DOS compatible disk at all. Taking advantage of a user's
ignorance, the STIFFY virus uses the Media Descriptor Table to
re-define A: to an 8 inch disk drive no matter what it previously was.
It inter-cepts COMMAND.COMs error message and prints a phallic insult,
and obviously the acceptable format could not be used, causing massive
efforts towards retrieving the 'lost' drive. The TURKEY virus
supposedly alters cathode ray dispersion to 'melt' the monitor. Point
being that there ARE some annoying little buggers out there, not all
of them mere data corruptors or spreaders.
> Tell me more about these things...
> ++++++++++++++++++++++++++++++++++
> Ok. Viruses can only be made for specific machines. By this I mean
> that a virus that infects IBM PC's will NOT be able to infect Macs.
> There may be a tiny tiny chance if your Mac is running something like
> an IBM Emulator that a virus may cause problems, but in general, if
> you have a non-IBM compatible computer, and you can't run IBM
software, > then you can't catch IBM viruses and vice-versa.
BIG misconception there, buddy. The SHIBOLETH virus, for example,
executes MAC code to test for machine type. If there is no error, it
runs the MAC section of the viral code. If so, it runs the IBM section
of the code. It's rather clumsy, but it DOES withstand transferral to
MAC from IBM and back.
> + It might miss some or give you false results, so don't rely on it
> completely.
You MIGHT say that. It takes maybe 4 seconds to render a virus
unscannable by McAfee's or Norton. Simply putting in a small NoWhere
loop <meaning point A's instructions are to loop back to point A for
an amount of time> or using an executable compression program <eg
PKLITE, LZEXE, DIET> and removing the header will usually get the
virus through scanners. What about the boot sector infectors mentioned
above? Usually on Vx BBSs a dropper program is given out that will
'drop' the virus into the boot sector of the designated drive. Yes,
they're THAT user friendly :).
> +++Detectors+++
> +++++++++++++++
> What the detectors do is watch for virus activity. For example, some
> viruses try and erase your hard disk. What a detector does is sit in
> the background and watches for an illegal or abnormal attempt to do
> something to the hard disk. Then all sorts of alarms and bells go off
> ("Warning Will Robinson! Warning!") and the detector tries to stop
> the virus from doing it. Some will also ask you if you want to allow
> whatever action is taking place since you might actually be trying to
> format your hard disk.
This is PARTLY true. What these memory resident things do is keep an
eye on specific DOS interrupts and notify the user if a certain
interrupt function is being attempted. More often than not these are
the interrupts 13h and 21h. Such memory resident alarms can be easily
disabled by handling the error quietly or grabbing the interrupt
before the memory resident alarm does.
> You must know that the detector only checks program files. It would be a
> real pain if every time you changed your term paper the detector went off.
> However, this is not a weakness since only program files can contain
> the viruses.
Again, partly true. Integrity Master v1.23 by Wolfgang Stiller keeps
track of the crcs of all files and stores them in files called ID.)(
<or something to that extent>. Changing the values in these files or
removing them altogether is a common virus technique.
> However, since I took a shot at McAfee, I must also state this: I have
> known people to use McAfee's software and be 100% satisfied with no
> complaints. They like McAfee's software and continue to use it. It
> works for them and meets their needs. I hate both McAfee and his software,
> and I refuse to use it ever, so you must decide for yourself.
Oh, leave John alone :). The least I can say is at least his product
is free <Central Point is supposed to be bought> to the public. I
myself prefer Fridrik Skulason's F-PROT program. Not only does it
check for more than one virus signature, the heuristic scan is
formidable to viruses. It checks for viral-like code, not signatures.
It's just one step closer to having a scanner disassemble the program.
> "BBS's are the major cause of virus spreading"
> ++++++++++++++++++++++++++++++++++++++++++++++
> FALSE FALSE FALSE!! The major cause of virus spreading is LAN's and
> also copying from friends. BBS's merely store programs that you can copy
> and most people who run BBS's try and make sure none of them have viruses.
> A BBS is just copying from a friend over a modem. BBS's do not need to
> be shut down or restricted because of viruses. It is up to *you* to
> protect yourself from *any* program contamination no matter where
> you copy the program from (i.e., a friend or BBS).
Well, I do acknowledge that the threat BBSs pose to virulence is
minimal, but only because 99% of the time only executable viruses are
downloaded and inadvertently run. It's not often an unsuspecting user
downloads a 900k TD0 file and gets infected :). Point being that
virulence in executable files is minimal compared to that of boot
sectors, hence the BBSs ineffectiveness.
> Some of you may have heard of Virus Exchange BBS's. Let me explain what
> this is:
>
> (etc...)
>
> Now on these virus exchange BBS's, they 99% of the time just have virus
> SOURCE FILES not virus programs. The source files CANNOT cause infection.
> They must be fed to an assembler or a compiler first to become a program.
> Remember that for a virus to become active it must be run as a program.
> These BBS's do not distribute virus programs, but virus source files.
When is the last time you've been on a Vx BBS? I would say that 99% of
them possess and strive for the executables, and couldn't care less
about the sources. The reason being that Vx sysops usually just care
about the power and prestige of having 100+ viruses. Rarely do they
actually run the viruses to see if they are. Point being <yes, again>
the WHORE! virus, a copy of COMMAND.COM renamed to show how
inefficient Vx sysops are at checking the authenticity of their files.
They're similar to pirate BBSs in a way, only caring about having the
viruses and most of the time not using them. The average pirate BBS
will have the latest releases and they'll be downloaded, etc, but
maybe 5% of the people downloading will actually use the programs.
Viruses are like this. They are usually just a commodity, and only the
small 1% <the virally elite, as Quayle would say> care about the
source and validity of the files.
> For right now, let me just say that in a nutshell, Virus Exchange BBS's do
> NOT DIRECTLY cause infections. I think even the so-called "experts" would
> agree with that.
But of course! Where do you think they get THEIR viruses? :)
> "The first virus was written by..."
> +++++++++++++++++++++++++++++++++++
> No one knows. However, if you were to ask me, I will say the first
> virus was written by the first person who made copy-protection. Why?
Or cares, really. I'm sure there are those out there that know of the
COREWARS story, so I'll spare relating it here.
> "They endanger National Security and the military!"
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> Hahahahahahaha! All I have to say is that most viruses (like 99.9%)
> attack only personal computers, and any military or government that depends
> on personal computers for national security and weaponry has more problems
> than viruses. And furthermore, what are they doing letting missile officers
> run MacPlaymate on the missile control computer anyhow?
Well, most govt. security installations <example : Treasury Dept> do
run LANs, and not only are they susceptible to viruses, there are
several viruses designed to seek out and foul up LAN systems. Frankly,
PCs are cheaper and more efficient than mainframes from the 80s, and
they are used in a wider scope than you'd believe.
Well, I'd say that the most likely place to find these virus authors,
in step with the end note, are echomail nets designed for virus
authors. Like..
* VX_NET - Virus Exchange NET, an up-and-coming non-partisan net. Directed
towards unity and making fun of the anti-viral community.
* Phalcon/Skism NET - The virus echos are a place for learning, and you can
contact the members on this net.
* [NuKE] Net - Another net from a virus group, get in contact with them on it.
* VIRUS_INFO on FIDO - Surprisingly enough, virus authors abound there with
fake names, contributing to confusion and getting a
good laugh at the expense of the anti-viral crew.
Interestingly enough, there's been some progression of rivalry between
the pro-viral and anti-viral communities <as the names indicate>. Way
back when, virus authors released their wares. Then, the anti-viral
communities recognized that they could either (i) be altruistic in
their ways and help their fellow man or (ii) make a quick buck off of
human suffering. They wrote anti-viral wares and organized. The virus
authors did not like this. They themselves organized and now have
become more Anti-Anti-Viral than Pro-Viral. I have no idea what
significance this progression has, and leave it to you capable readers
to determine what will happen. Yes, virus authors are in it now more
for making fun and avenging themselves of the anti-viral authors, who
in turn do the same in their programs. Etc, Etc, Etc.
So here's what I do. On my 'underground e-leet Vx' BBS, I make all
viruses and other files free on the first call. There's even a command
to download entire file bases. Meaning, if you release all of these
viruses to your users, they in turn set up BBSs and become Vx sysops
themselves. Hopefully, besides using viruses as a commodity, the
fledgling sysop will look at a few of the pro-viral utilities and some
of the source code. Perhaps the sysop will want to maybe get in on
this ASM thing and learn a thing or two, perhaps the sysop will become
a virus writer over time. Thus, like the viruses we propagate, we
propagate. We force nothing into the minds and computers of others,
it's all part of curiosity and voluntary. We help people to find their
calling <forgive me for sounding like a religious fanatic or cult
leader here..> in whatever field of modem-dom they like. I know it's
an empty desire, to want other sysops to do the same, but it's a
desire nonetheless.
In conclusion, I just wanted to clear up some things about both
viruses <yes, there are only two of them! surprise!> and the pro-viral
community. May you all find your calling and make it possible for
others to do the same, as that sysop long ago did the same, custom
made to do just that <I could not resist>.
In spirits,
Guido Sanchez
Oh yes, and if you are interested in the theory of thought viruses,
more information can be obtained on the BBS Nun-Beaters Anonymous,
708/251-5094. Thank you for your 'time'.
------------------------------
Date: Mon, 2 Nov 1992 08:20:24 -0500
From: "(Gary Chapman)" <chapman@SILVER.LCS.MIT.EDU>
Subject: File 2--Carnegie Commission on S&T Policy/Long-Term Goals
The Carnegie Commission on Science, Technology, and Government has
released a new report on democracy and science and technology policy,
entitled, "Enabling the Future: Linking Science and Technology to
Societal Goals" (September 1992). The report was prepared by a small
panel that was a subset of a larger group studying the entire range of
science and technology policy issues; the larger group's report has
not yet been released. The panel on long-term social goals was
chaired by H. Guyford Stever, who was director of the National Science
Foundation during the Ford administration, White House Science Adviser
to both Nixon and Ford, and president of Carnegie-Mellon University
from 1965 to 1972. Panel members included Harvey Brooks of Harvard
University; William D. Carey, former head of AAAS; John Gibbons,
director of the Congressional Office of Technology Assessment; Rodney
Nichols, head of the New York Academy of Sciences; James B.
Wyngaarden, foreign secretary of the National Academy of Sciences and
former head of the National Institutes of Health; and Charles Zracket,
former CEO of the MITRE Corporation and now a Scholar-in-Residence at
the Kennedy School at Harvard University.
This report begins as follows:
The end of the Cold War, the rise of other economically
and scientifically powerful nations, and competition
in the international economy present great opportunities
for the United States to address societal needs: policy-
makers may now focus more attention on social and econo-
mic concerns and less on potential military conflicts.
In the next decade and those that follow, the United
States will confront critical public policy issues that
are intimately connected with advances in science and
technology. . . . Policy issues will not be resolved by
citizens, scientists, business executives, or government
officials working alone; addressing them effectively will
require the concerted efforts of all sectors of society.
Further on, a passage worth quoting at some length:
We believe that American faces a clear choice. For too
long, our science and technology policies, apart from
support of basic research, have emphasized short-term
solutions while neglecting longer-term objectives. If
this emphasis continues, the problems we have encountered
in recent years, such as erosion of the nation's indust-
rial competitiveness and the difficulties of meeting
increasingly challenging standards of environmental
quality, could overwhelm promising opportunities for
progress. However, we believe there is an alternative.
The United States could base its S&T policies more firmly
on long-range considerations and link these policies to
societal goals through more comprehensive assessment
of opportunities, costs, and benefits.
We emphasize the necessity for choice because there is
nothing inevitable about the shape of the future: the
policy decisions we make today will determine whether
historic opportunities will be seized or squandered. . .
As Frank Press, President of the National Academy of
Sciences, said recently, "Without a vision of the future,
there is no basis for choosing policies in science and
technology that will be appropriate for the years ahead."
The panel says that their report does not propose societal goals that
should be met by changing S&T policy; "we believe this is primarily a
political process," the report says. The report instead addresses the
process of defining social goals and shaping policy to meet them.
There are five major recommendations of the panel:
1. Establishment of a nongovernmental National Forum on Science and
Technology Goals. This Forum, says the report, would "assemble a
broad-based and diverse group of individuals who are both critical and
innovative, and who can examine societal goals and the ways in which
science and technology can best contribute to their achievement."
This group would also sponsor meetings and research, and would
eventually propose "specific long-term S&T goals in both national and
international contexts, and identify milestones in achieving them."
The panel proposes two options for the convening of such a National
Forum: under the umbrella of the National Academies, or as a new,
independent, nongovernmental organization.
2. The panel says that "Congress should devote more explicit
attention to long-term S&T goals in its budget, authorization,
appropriation, and oversight procedures." The panel recommends annual
or biennial hearings on long-term S&T goals before the House Committee
on Science, Space, and Technology.
3. The panel suggests that federal government agencies supporting
science and technology policy should be directed to aid the Congress
in assessing long-term S&T goals, such as OTA and the Congressional
Budget Office.
4. The same goes for executive branch agencies, particularly the
White House Office of Science and Technology Policy and the Office of
Management and Budget.
5. Finally, federal departments and agencies should contribute to the
process of developing long-term goals by coordinating R&D efforts and
sponsoring extramural research that helps support analysis and vision.
The panel does propose some potential societal goals that might be
addressed through the process the report recommends. The goals are
very broad and include education; personal and public health; cultural
pluralism; economic growth; full employment; international
cooperation; worldwide sustainable development; and human rights,
among other very expansive goals.
The report also identifies the "players" that should be part of the
process of policymaking. These include the above-mentioned components
of the federal government, state governments, academia, industry, and
nongovernmental organizations. In the latter category, the panel
mentions professional societies in science and technology,
environmental organizations, and the National Academies complex, which
includes the National Academy of Sciences, the Institute of Medicine,
the National Academy of Engineering, and the National Research
Council.
The report very admirably concludes with a quote from Einstein: "The
concern for man and his destiny must always be the chief interest of
all technical effort: Never forget it among your diagrams and
equations."
Copies of the 72-page report are available for free from:
The Carnegie Commission on Science, Technology, and Government
10 Waverly Place, 2nd Floor
New York, NY 10003
(212) 998-2150 (voice)
(212) 995-3181 (fax)
Gary Chapman
Coordinator
The 21st Century Project
Computer Professionals for Social Responsibility
Cambridge, Massachusetts
chapman@lcs.mit.edu
------------------------------
Date: Mon, 2 Nov 92 21:58 CST
From: dfx@NUCHAT.SCCSI.COM(dFx International Digest)
Subject: File 3--THIRD ANNUAL XMASCON/H0H0CON
[Updated Announcement - October 27, 1992]
dFx International Digest and cDc - Cult Of The Dead Cow proudly present :
The Third Annual
X M A S C O N
AKA
H 0 H 0 C O N
"WE KAN'T BE ST0PPED!"
Who: All Hackers, Journalists, Security Personnel, Federal Agents,
Lawyers, Authors and Other Interested Parties.
Where: Allen Park Inn
2121 Allen Parkway
Houston, Texas 77019
U.S.A.
Tel: (800) 231-6310
Hou: (713) 521-9321
Fax: (713) 521-9321, Ext. 350
When: Friday December 18 through Sunday December 20, 1992
HoJo's Says NoNo To HoHo
~~~~~~~~~~~~~~~~~~~~~~~~
HAY!^@!*%!$1#&! We beat our own record! This year, thanks to one
certain person's complete stupidity and ignorance, we managed to get
kicked out of our first chosen hotel 4 months in advance. Needless to
say, this caused some serious confusion for those who called to make
reservations and were told the conference had been canceled. Well.. it
hasn't been. The story is long, but if you wish to read exactly what
happened, check out CuD 4.45.
The conference dates are still the same, but the hotel has changed
since what was originally reported in the first update, which made
it's way throughout Usenet and numerous other places, including CuD
4.40. If you haven't heard about the new location, please make a note
of the information listed above.
What Exactly Is HoHoCon?
~~~~~~~~~~~~~~~~~~~~~~~~
HoHoCon is something you have to experience to truly understand. It is
the largest annual gathering of those in, related to, or wishing to
know more about the computer underground (or those just looking for
another excuse to party). Attendees generally include some of the most
notable members of the "hacking/telecom" community, journalists,
authors, security professionals, lawyers, and a host of others. Last
year's speakers ranged from Bruce Sterling to Chris Goggans and Scot
Chasin of Comsec/LoD. The conference is also one of the very few that
is completely open to the public and we encourage anyone who is
interested to attend.
Or, as Jim Thomas put it in CuD 4.45:
"For the past few years, a conference called "XmasCon" (or HoHoCon)
has been held in Texas in December. As reported previously (CuD
#4.40), it will be held again this year from 18-21 December. For those
unfamiliar with it, XmasCon is a national meeting of curious computer
aficionados, journalists, scholars, computer professionals, and
others, who meet for three days and do what people do at other
conferences: Discuss common interests and relax."
Hotel Information ~~~~~~~~~~~~~~~~~
The Allen Park Inn is located along Buffalo Bayou and is approximately
three minutes away from Downtown Houston. The HoHoCon group room rates
are $49.00 plus tax (15%) per night, your choice of either single or
double. As usual, when making reservations you will need to tell the
hotel you are with the HoHoCon Conference to receive the group rate.
Unlike our previously chosen joke of a hotel, the Allen Park Inn is
not situated next to an airport and this may cause a small
inconvenience for those of you who will be flying to the conference.
The hotel is centrally located so you can fly in to either
Intercontinental or Hobby airport but we are recommending Hobby as it
is 15 miles closer and much easier to get to from the hotel. Here's
where it may get a little confusing -
If you arrive at Hobby, you will need to take the Downtown Hyatt
Airport Shuttle to the Hyatt, which departs every 30 minutes and will
cost you $6.00. When you get to the Hyatt, get out of the shuttle with
your luggage (for those who may not of figured that out yet) and use
any of the nearby payphones to call the Allen Park Inn (521-9321) and
tell them you need a ride. It's just like calling Mom when you need a
ride home from glee club! The hotel shuttle will be around shortly to
pick you up and take you to the aforementioned elite meeting place,
and that ride is free. If all this is too much for you, you can always
take a cab directly to the hotel which will run you about $20.
If you arrive at Intercontinental, you will need to board the Airport
Express bus and take it to the Downtown Hyatt ($9). Once there, just
follow the same instructions listed above.
We are in the process of trying to get the hotel to provide constant
airport transportation during the conference, but they've yet to give
us a definite answer. It is quite possible that we will have our own
shuttle to bus people between the airports and hotel, so if you'd
prefer a faster and more direct method of transportation, it would be
helpful to mail and let us know what time you'll be arriving and at
what airport. This will give us a chance to coordinate things more
efficiently.
Check-in is 3:00 p.m. and check-out is 12:00 noon. Earlier check-in is
available if there are unoccupied rooms ready. Free local calls are
provided, so bring dem 'puterz. I don't know if cable is free also, so
those who wish to rekindle the memories of yesteryear may want to
bring their screwdrivers. The hotel has both 24 hour room service, and
a 24 hour restaurant, The Nashville Room. Call it a wacky coincidence,
but the hotel bar is called the ATI room and like most of Houston's
similar establishments, closes at 2 a.m. Good thing Tony still works
at Spec's...
This time around, the hotel is placing the conference guests in the
rooms surrounding the courtyard/pool area. We are once again
encouraging people to make their reservations as soon as possible for
two reasons - first, we were told that if you wait too long and the
courtyard rooms are all taken, there is a chance that you'll be
situated at the complete opposite end of the hotel, which isn't so bad
if you don't mind walking all that way back and forth outside in
December. Secondly, there is no other hotel exactly next door to this
one (the closest is about 5 minutes away or so), so if for some odd
reason all the rooms get rented, you'll get to do some nifty traveling
every night.
Directions ~~~~~~~~~~
For those of you who will be driving to the conference, the following
is a list of directions on how to get to the hotel from most of
Houston's major freeways that bring traffic in from out of town:
I-45 North or South: Exit Allen Parkway on the inside (left side) of
the freeway. Take the Studemont/Montrose exit off Allen Parkway, then
make a u-turn at the bridge and head back towards downtown. The hotel
will be on the right hand side.
290: Take 290 to 610 South, then take I-10 East towards downtown. Exit
Studemont. Right on Studemont, left on Allen Parkway. The hotel will
be on the right hand side.
I-10 West: Exit Studemont. Right on Studemont, left on Allen Parkway.
The hotel will be on the right hand side.
I-10 East: Take I-10 East to I-45 South and follow the same directions
from I-45 listed above.
I-59 North or South: Take I-59 to I-45 North and follow the same
directions from I-45 listed above.
Call the hotel if these aren't complete enough or if you need
additional information.
Conference Details ~~~~~~~~~~~~~~~~~~
HoHoCon will last 3 days, with the actual conference being held on
Saturday, December 19 in the Hermitage Room, starting at 11:00 a.m.
and continuing until 5 p.m. or earlier depending on the number of
speakers.
We are still in the planning stages at the moment, primarily due to
time lost in finding a new hotel and getting contracts signed. We have
a number of speakers confirmed (yes, Goggans will be speaking again)
and will try to finalize the list and include it in the next update.
We are definitely still looking for people to speak and welcome
diverse topics (except for "The wonders and joys of ANSI, and how it
changed my life"). If you're interested in rattling away, please
contact us as soon as possible and let us know who you are, who you
represent (if anyone), the topic you wish to speak on, a rough
estimate of how long you will need, and whether or not you will be
needing any audio-visual aids.
We would like to have people bring interesting items and videos again
this year. If you have anything you think people would enjoy having
the chance to see, please let us know ahead of time, and tell us if
you will need any help getting it to the conference. If all else
fails, just bring it to the con and give it to us when you arrive. We
will also include a list of items and videos that will be present in a
future update.
If anyone requires any additional information, needs to ask any
questions, wants to RSVP, or would like to be added to the mailing
list to receive the HoHoCon updates, you may mail us at:
dfx@nuchat.sccsi.com
drunkfux@freeside.com
drunkfux@ashpool.freeside.com
359@7354 (WWIV Net)
or via sluggo mail at:
Freeside Data Network
Attn: HoHoCon/dFx
11504 Hughes Road
Suite 124
Houston, Texas
77089
We also have a VMB which includes all the conference information and
is probably the fastest way to get updated reports. The number is:
713-866-4884
You may also download any of the conference announcements and related
materials by calling 713-492-2783 and using the username "unix", which
is unpassworded. The files will be in the "hohocon" directory. Type
"biscuit" if you wish to gain an account on the system. You can find
us there too.
Conference information and updates will most likely also be found in
most computer underground related publications, including CuD,
Informatik, NIA, Mondo 2000, 2600, Phrack, World View, etc. We
completely encourage people to use, reprint, and distribute any
information in this file.
Stupid Ending Statement To Make Us Look Good
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HoHoCon '92 will be a priceless learning experience for professionals
(yeah, right) and gives journalists a chance to gather information and
ideas direct from the source. It is also one of the very few times
when all the members of the computer underground can come together for
a realistic purpose. We urge people not to miss out on an event of
this caliber, which doesn't happen very often. If you've ever wanted
to meet some of the most famous people from the hacking community,
this may be your one and only chance. Don't wait to read about it in
all the magazines and then wish you had been there, make your plans to
attend now! Be a part of what we hope to be our largest and greatest
conference ever.
Remember, to make your reservations, call (800) 231-6310 and tell them
you're with HoHoCon.
------------------------------
Date: Wed, 04 Nov 92 17:06:15 EST
From: anonymous@mindvox.phantom.com
Subject: File 4--Re: Worship SPERF of be engulfed in SunDevil Jr. ][+
((MODERATORS' NOTE: The following is in response to the
Greenburgh, NY, "computer hacker bust" reported in NEWSBYTES and
reprinted in CuD #4.55)).
Ok, Look... They were confused all right? If you were a teenager
with hormones, eating too much pizza and trying to master the art of
smoking cigarettes, you'd be confused too. But that's not the point
of this story, this is:
It was a dark and stormy night; a shot rang out; the door slowly
creaked open and a martian chick with three tits peered into the
darkly lit confines of the room casting a hellish green light upon the
masses of huddled hackerdom within. She drew open the door and
proclaimed: "Well, like you know you aren't supposed to be that many
guests in here right?"
10 cops burst in, no 50, yeah that's better, they drew uzi's as the
SWAT team swooped down from the sky; Yuri, knowing what he had to do,
ate the monitor and burnt the coded disks while the masses ran around
in little circles and swallowed the drugZ, booZe and Jelly donuts.
The police drew their guns, then took out their nightsticks instead
and beat on the hackers for the amusement value, making racial slurs
all the while as they forced the pre-teen girls to strip and let them
take photographs.
..meanwhile, unnoticed in the corner, DETH HEYD began an incantation
to summon SATAN and FUCK THEM ALL TO GODDAMN FUCKING HELL IN UPPERCASE
PhA<tZ:
50-65 People at Pump(on
25-35 Picked Up
4-5 processed / set to be arrainged
1 Not released on bail -- previous arrest warrant.
Generally dudes, drinking, taking drugs, and watching bad TV. Various
underage chiXx of unknown origin, 3-4 computers (Amigas of course)
complete with video games and other <o0L WheRez & Demos to watch while
high, along with an AT&T terminal, painted bright red and scortched
with the mark of the beast.
Dudez used k0dez, karDz and plAyeD with SwiTChez and did naughty
things. AT&T has said it "wants to persecute to the fullest extent
of its confusion" and will not stop until its nearly the end.
Yuri turned the channel and found himself dazed and Konfused in his
living room. This not being a foreign state to him (remember its his
living room), he sat down to eat ding dongs and cheeze whiz and
contemplate what it all meant; the phone rang, his friend has been
raided. His friend is lying but the smoke is coming out of Yuri's
ears since he is THE SECOND TO THE LAST M0[> MEMBER NOT YET IN BIG
TROUBLE AND THEY'RE COMING TO GET HIM, BECAUSE *THEY* WATCH WITH
UNBLINKING EYES AND _BIDE_ THEIR TIME UNTIL THE MOMENT IS RIGHT AND
THEN___ well we'll have none of that, so the world's first underground
BBS lives once more, and Yuri picks up the phone and RUN! calls us
and generally FLEE! says silly things with OH NO! the smoke still
coming out of his ears SHIT! because he is truly freaking out and
believes he will go to hell now.
Shit happens, ya know, sum of it is pretty bad, some of it ain't --it
is not quite as tragic as we were led to believe, because if you don't
believe in the power of THE WORD then what is there?
Sperf is EVIL
PaTriCK/legi!()n of PhAnt0mZ
ps: Hi! Lotta dudes got picked up over the weekend/Monday, including
the man we know and love as Murdering Thugly.
Grunt.
It seems to be largely ok, as in mild riot/teenage gang-bang, gone
slightly askew when k0dez karDz and K0kAine entered the picture. They
were naughty, naughty BAD BAD BAD.
()()f
z00m!
------------------------------
Date: 05 Nov 92 18:19:30 EST
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 5--Computer Info off-limits to Federal Prisoners
COMPUTER INFORMATION OFF LIMITS FOR FEDERAL PRISONERS
WINDOWS magazine reports John D. Caulfield, Warden of the Federal
Prison Camp at Eglin Air Force Base in Florida, has forbidden the
distribution of their publication to prisoners in his facility.
The publication received a letter from Warden Caulfield after sending
an issue to an un-named inmate. The complete letter is reprinted on
page 288 of the October 1992 issue. The letter says in part...
I have reviewed the publication entitled WINDOWS, the July
1992 issue, that was mailed to, (NAME REMOVED), a resident of
this facility, and have found the programming contents to be
unacceptable for introduction into this facility. Program
Statement 1232.3 entitled "Personal Computers" S13, PG,
states, "There will be no training in programming techniques,
programming languages, or computer repair."
Due to the information cited above, the July publication
entitled WINDOWS is not suited for introduction into this
facility.
No further explanation is given by the Warden. One wonders why the
institution feels the need to censor this information. It is true
that it is of limited usefulness while incarcerated, because the
inmate probably wouldn't have access to a computer to use, but if
anything this should _allow_ the distribution of technical
information, not inhibit it. Publications are often censored because
of the disruption they might cause within the facility. Clearly an
inmate attempting to learn C++ without access to a CPU is a threat to
no one. CuD intends to contact the Warden for more information
regarding this bizarre rule and will report any additional information
in a future issue.
------------------------------
Date: 04 Nov 92 18:32:54 EST
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 6--These Computer Abusers Cost us nearly $100 Billion
((MODERATOR'S NOTE: Software piracy, according to the SPA, represents
up to $4 billion in losses. "Hacker" crime constitutes a few billion
more, according to some law enforcment assessments. Insider computer
abuse constitutes at least $15-20 billion more, in the eyes of others.
Add them all up, and the costs fall far short of the most
devastatingly dangerous computer abuser of all: THE COMMON PC USER!
Perhaps it's time to legislate against this scourge of society,
organize federal dragnets in a national crackdown, and prosecute those
responsible for the following crimes to the fullest extent of the
law)).
+++++++
DOES THIS HELP PUT THE SOCIAL COSTS OF THE CU IN PERSPECTIVE?
Newsweek reports that approximately $97 Billion of the US gross
domestic product is being 'futzed away' by workers spending too much
time 'polishing' their work on PC's. SBT, a California software firm,
has found that playing around with fancy fonts, over elaborate
spreadsheets, overpolishing material with snazzy graphics, and endless
rounds of 'just one more re-write' are among the chief time wasters.
(From: Communications of the ACM. Nov '92 p. 13)
------------------------------
End of Computer Underground Digest #4.56
************************************
Computer underground Digest Wed Nov 11, 1992 Volume 4 : Issue 57
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Coyp Editor: Etaion Shrdlu, Junior
CONTENTS, #4.57 (Nov 11, 1992)
File 1--2600 Meeting Disrupted by Secret Service?
FIle 2--2600 Meeting Disrupted by Law Enforcement
FIle 3--Reports Of "Raid" On 2600 Washington Meeting
FIle 4--More first-hand Accounts
FIle 5--Confusion About Secret Service Role In "2600 Washington Raid"
FIle 6--Conflicting Stories In 2600 Raid; CRSR Files FOIA
FIle 7--Transcript from Al Johnson Interview
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; in
Europe from the ComNet in Luxembourg BBS (++352) 466893; and using
anonymous FTP on the Internet from ftp.eff.org (192.88.144.4) in
/pub/cud, red.css.itd.umich.edu (141.211.182.91) in /cud, halcyon.com
(192.135.191.2) in /pub/mirror/cud, and ftp.ee.mu.oz.au (128.250.77.2)
in /pub/text/CuD.
European readers can access the ftp site at: nic.funet.fi pub/doc/cud.
Back issues also may be obtained from the mail
server at mailserv@batpad.lgb.ca.us.
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Wed 11 Nov 1992 18:23:55
From: Moderators<tk0jut2@mvs.cso.niu.edu>
Subject: File 1--2600 Meeting Disrupted by Secret Service?
On Friday, November 6, the Washington, D.C. 2600 meeting took place at
the Pentagon City Mall, but was broken up by mall security police.
There is preliminary evidence that the disruption may have involved
the United States Secret Service. If the USSS was involved in using
private security forces to disrupt civilians, their action appears to
not only exceed its mandate, but to be blatantly illegal. The
followings posts describe the details, but the basic facts are these:
1. The Mall's private security police appeared to engage in a
well-organized and well-coordinated sweep of those participating in
the meeting. Although there are restrictions that may limit gatherings
on mall property, there was no apparent indication that the sweep was
prompted by such restrictions.
2. The Mall's head of security, Al Johnson (703-415-3410) claimed
that the FBI and USSS "ramrodded" the operation. Although he has since
denied making the claim, his comments were recorded by Brock Meeks, a
reporter for CommDaily. Meeks subsequently called both the FBI and
Secret Service. The FBI denied any participation. Meeks' report of
the USSS response suggests they were present at the time. We have read
a transcript of Al Johnson's response to Meeks, and Johnson explicitly
and unequivocally states that he considered it a USSS operation and
that as far as he's concerned, the mall police are "out of it," and he
referred Meeks to the USSS (See transcript in file #7).
3. Either Al Johnson is lying or Meeks fabricated the tape. Meeks is
a highly respected journalist known for accuracy and credibility. His
integrity has never been questioned, and we find it incomprehensible
that he fabricated the tape. It seems more likely that Johnson either
glibly named external agencies to cover up the actions of security
forces or that he initially spoke the truth then realized (or was
told) that he should not indicate external involvement. The USSS's
response, which appears to make them complicit in, if not initiaters
of, the action, indicates, as John McMullen's final article reveals,
that they were fully aware of the incident.
4. Computer Professionals for Social Responsibility (CPSR) has filed a
Freedom of Information request with the USSS in an attempt to obtain
further information of USSS involvement.
If, in fact, the USSS was involved, it reflects an outrageous and
totally unacceptable abuse of authority and power. If they were
involved, it indicates that they have learned little from the
Operation Sun Devil abuses and that it is time to curtail their power.
If they were involved, their actions represent a direct challenge to
Constitutional principles of freedom of speech and assembly.
If those attending the 2600 meeting violated mall policies against
assembly that limit the size and nature of public gatherings, it is
fully legitimate for mall security personnel to intervene. However,
if the intervention was a premediated action in which the USSS
participated, then the forces designated to protect the Constitution
have over-stepped their bounds and threaten once again to subvert the
principles they are sworn to protect.
This is not simply a cyberspace issue. If the USSS was involved, it
raises the issue of the relationship between government police actions
and the Constitutional freedoms that ostensibly protect us against
unwarranted control of basic rights. It is an issue that should be of
concern to everyone. Slippery slopes are highly dangerous terrain.
The following posts provide additional details. The Newsbytes pieces
are reproduced here with permission.
------------------------------
Date: Tue, 10 Nov 1992 08:52:13 -0500
From: emmanuel@well.sf.ca.us
Subject: File 2--2600 Meeting Disrupted by Law Enforcement
On Friday, November 6th, the 2600 meeting in Washington DC was
disrupted by assorted law enforcement people. Details are still coming
in at this point but there are some details that have been
corroborated by a number of people. This is what we know: Shortly
after the gathering commenced at the Pentagon City Mall, the 30 or so
people who were there were surrounded by mall security who demanded
that everyone consent to searches. They were told that if they refused
to be searched, they'd be arrested. Everyone's bags were gone through
and lots of personal property was confiscated including notebooks,
school work, various tools, a computer keyboard, and many other items.
The security guards were in radio contact with others on a balcony who
had been watching the group. One of the attendees was detained by
security who would neither arrest him nor let him go. After about 10
minutes, he was released. Some property was returned but much was not.
No receipts were given and, at one point, the security guards denied
having anything at all. They then said that if they did have anything,
the attendees would have to return the next week with proof of
ownership. The mall police were later joined by local Virginia police,
who told the group they would be arrested if they didn't leave the
mall immediately. In addition to searching everybody, the police took
down the names of everyone present.
At this point it doesn't look as if there was anything illegal going
on or anything illegal in anyone's possession. It also should be noted
that the mall police said they were acting on behalf of the Secret
Service. The local police would only say they were gathering
information for an "outside party".
The following is from Bob Stratton, one of our people on the scene:
I hope that someone like Inhuman might be able to fill in the details,
but just as a brief...
+++++
I showed up late to the 2600 meeting in DC tonight, and I found
everyone outside on the sidewalk instead of in the food court of the
normal meeting place. Evidently they were hassled severely by the mall
security officers, who took ID, confiscated all manner of property,
tore up the list of officers' names being compiled by one attendee,
and threatened to confiscate a camera being used by one attendee to
record the whole fiasco.
The real police were called, and evidently made but a cursory
appearance, though some comment about working with the Secret Service
was made. The worst thing is that the private security officers who
took property later denied it, and people are now in a quandary as to
the best mechanism for recovery of their property.
I was fortunate enough to have missed the worst of it, though I
do regret that I wasn't there earlier if only to tell the rent-a-cops
what I thought of them, and my knowledge of my rights.
I know that several of the attendees called up to New York, to
Emmanuel Goldstein, and I'm interested in hearing his take on things.
Film at 11.
--Strat
------------------------------
Date: Tue, 10 Nov 1992 09:17:34
From: jmcmullen@well.sf.ca.us
Subject: File 3--Reports Of "Raid" On 2600 Washington Meeting
((The following will appear on Newsbytes tomorrow. Newsbytes is a
commercial copyrighted service and this article is posted with the
express permission of the author (reposting is prohibited)))
WASHINGTON, D.C., U.S.A., 1992 NOV 7 (NB) -- Eric Corley, a/k/a
"Emmanuel Goldstein", editor and publisher of 2600 Magazine: The
Hacker Quarterly has told Newsbytes that the Friday, November November
6th 2600 meeting held in the Pentagon City Mall, outside of
Washington, DC. was disrupted by threats of arrest by mall security
officers and Arlington, VA police.
2600 Magazine promotes monthly meetings of hackers, press and other
interested parties throughout the country. The meetings are held in
public locations on the first Friday evening of the month and the
groups often contact each other by telephone during the meetings.
Corley told Newsbytes that meetings were held that evening in New
York, Washington, Philadelphia, Cambridge, St. Louis, Chicago, Los
Angeles and San Francisco. Corley said "While I am sure that meetings
have been observed by law enforcement agencies, this is the only time
that we have been harassed. It is definitely a freedom of speech
issue."
According to Craig Neidorf, who was present at the meeting handing out
applications for Computer Professionals For Social Responsibility
(CPSR), "I saw the security officers focusing on us. Then they started
to come toward us from a number of directions under what seemed to be
the direction of a person with a walkie-talkie on a balcony. When they
approached, I left the group and observed the security personnel
encircling the group of about 30 gatherers. The group was mainly
composed of high school and college students. The guards demanded to
search the knapsacks and bags of the gatherers. They confiscated
material, including CPSR applications, a copy of Mondo 2000 (a
magazine) and other material. They also confiscated film from a
person trying to take pictures of the guards and, when a hacker called
"HackRat" attempted to copy down the names of the guards, they took
his pencil and paper."
Neidorf continued, "I left to go outside and rejoined the group when
they were ejected from the mall. The guards continued challenging the
group and told them that they would be arrested if they returned. When
one of the people began to take pictures of the guards, the apparent
supervisor became excited and threatening but did not confiscate the
film."
Neidorf also said "I think that the raid was planned. They hit right
about 6:00 and they identified our group as "hackers" and said that
they knew that this group met every month."
Neidorf's story was supported by a Washington "hacker" called
"Inhuman", who told Newsbytes "I arrived at the meeting late and saw
the group being detained by the guards. I walked along with the group
as they were being ushered out and when I asked a person who seemed to
be in authority his name, he pointed at a badge with his name written
in script on it. I couldn't make out the name and, when I mentioned
that to the person, he said 'If you can't read it, too bad.' I did
read his name, 'C. Thomas', from another badge."
Inhuman also told Newsbytes that, while he did not hear it said, he
was told by a number of people that the guards said that they were
'acting on behalf of the Secret Service. "I was also told that there
were two police officers there from the Arlington County Police
present but I did not see them."
Another attendee, Doug Luce posted an account of his on an NY BBS and
gave Newsbytes permission to quote Luce wrote "I also got to the DC
meeting very late; 7:45 or so. It seemed like a coordinated harassment
episode, not geared toward busting anyone, but designed to get people
riled up, and maybe not come back to the mall. A couple of the things
I overheard: someone had brought a keyboard to sell, and the cops had
harassed him about it, saying 'You aren't selling anything in my mall
without a vendors permit!' Blaize (another attendee) says that maybe
his handcuffing Hack Rat might have set the cops off; or maybe it was
the Whisper 2000 that the cops were convinced was a stun gun. The word
is that there was stuff taken and not given back, wires and soldering
tools. There is also the rumor that the cops were going through
everyone's bags and belongings, and that some people were detained.
While the thrust of the effort seemed to be mall security, there are
conflicting reports about supporting personnel. Some people said that
the SS (Secret Service) might have been there, others thought the FBI
or plainclothes city officers were assisting (or coordinating).
Supposedly, several of them had removed their name tags before moving
in."
Luce's reference to possible Secret Service involvement was supported
by a 19 year-old college student known as the "Lithium Bandit", who
told Newsbytes "I got to the mall about 6:15 and saw the group being
detained by approximately 5 Arlington County police and 5 security
guards. When I walked over to see what was going on, a security guard
asked me for an ID and I refused to show it saying that I was about to
leave. The guard said that I couldn't leave and told me that I had to
see a police officer. When I did, the officer demanded ID and, when I
once again refused, informed me that I could be detained for up to 10
hours for refusing to produce identification. I gave in and produced
my school ID which the police gave to the security people who copied
down my name and social security number."
Lithium Bandit continued "When I asked the police what was behind this
action, I was told that they couldn't answer but that "the Secret
Service is involved and we are within our rights doing this. I and
some others later went to the Arlington police station to attempt to
get more information. I was told only that there was a report of the
use of a stolen credit card and 2 officers sent to investigate -- they
later admitted that it was 5. While I was detained, I heard no mention
of a credit card and there was no one arrested."
Marc Rotenberg, director of CPSR's Washington office, told Newsbytes
"I have really no details on the incident yet but I am very concerned
about the reports and confiscation of CPSR applications, if true, is
outrageous. I will find out more facts on Monday.
Newsbytes was told by the Pentagon City Mall office that any
information concerning the action would have to come from the director
of security, Al Johnson, who will not be available until Monday. The
Arlington Country Police referred Newsbytes to a "press briefing
recording" which had not been updated since the morning before the
incident.
Corley told Newsbytes "there have been no reports of misbehavior by
any of these people. They were obviously singled out because they were
hackers. It's as if they were being singled out as an ethnic group. I
admire the way the group responded -- in a courteous fashion but it is
inexcusable that it happened. I will be at the next Washington meeting
to insure that it doesn't happen again."
The manager of one of New York state's largest malls provided
background information to Newsbytes on the rights of malls to police
those on mall property, saying "The primary purpose of a mall is to
sell. The interior of the mall is private property and is subject to
the regulations of the mall. The only requirement is that the
regulations be enforced in an even-handed manner. I do not allow
political activities in my mall so I could not make an exception for
Democrats. We do allow community groups to meet but they must request
space at least two weeks before the meeting and must have proper
insurance. Our regulations also say that groups of more than 4 may not
congregate in the mall. We would ask groups larger than that to
disperse. We would also ask for identification from those who violate
our regulations so that we may bar them from the mall for a period of
6 months."
She added "Some people feel that mall atriums and food courts are
public space. They are not and the industry is united on this. If the
malls were to receive tax benefits for the common space and public
service in snow removal and the like, it could possibly be a public
area but malls are taxed on the entire space and are totally private
property, subject to their own regulations. If a group of 20 or more
congregated in my mall, they would be asked to leave."
------------------------------
Date: Tue, 10 Nov 1992 08:52:13 -0500
From: emmanuel@well.sf.ca.us
Subject: File 4--More first-hand Accounts
((MODERATORS NOTE: The following first-hand accounts were collected
by Emmanuel Goldstein, editor of 2600)).
***************
ACCOUNT #1:
This is my personal statement as to exactly what happened during the
DC 2600 raid on Friday, November 7th 1992. Granted I cannot remember
the exact dialogue that was exchanged, I will get the general meaning
of everything said and done, by both parties.
I arrived at the 2600 meeting, with Loki, at approximately
4:30pm. We headed towards the food court after looking throughout a
few electronics stores in interest to grab a bite to eat. After
eating, we proceeded to the fourth floor, to scope out on everything
before the meeting actually started. On the way up to the fourth
floor, we ran into Tomellicas. We consulted for a few minutes, and
then all went up to the fourth floor. We continued to hang out on the
fourth floor, and then we saw Albatross back down on the first floor,
so we hollered on got his attention, then proceeded back up to the
fourth floor. Shortly after, Psionic Nemesis arrived on the scene.
We continued to hang out, then proceeded back to the first floor.
After arriving down on the first floor, we moved tables together,
rearranged the seating layout, then proceeded with the meeting.
Knight Lightning arrived a little before 6:00 and handed out some
literature, along with a kooky little button. People slowly arrived,
and the meeting was underway.
At this point, the fed scene started to pick up drastically.
Tomellicas was snapping pictures of every single fed (or what appeared
to be) there. After chatting for awhile longer, Techno Caster, Hack
Rat, and a few others arrived (maybe not in that order). Hack Rat
came over to my table, or part of the table, where I slapped my
handcuffs that I had brought on him. At this time, Techno Caster had
showed his Whisper 2000 to Metal Head. Immediately there after,
several members of the Mall Security task force <chuckle> surrounded
the area, demanding to see the 'stun gun'. Naturally denying
everything about a stun gun, the hostility grew. Finally one of the
guards saw what they thought was the stun gun, and pointed at the
Whisper 2000, which was in the hands of (I think) Metal Head. Metal
Head told the officers "This? This is *the* Whisper 2000!", the guard
examined it, questioned what we had it for, and basically just
pestered us some more.
One of the guards (who seemed to be the leader at this point) came
over across the table from me, and was looking at the stuff on the
center of the table, in front of Loki and myself. Then, over his
walkie-talkie, I heard them say something about handcuffs. Without
hesitating, the guard said "Who has the handcuffs?", I then said "I
do." At this point the guard was examining my handcuffs, and
questioned me as to why I had them. Basically telling him just
because I felt like it, did nothing but aggravate him, and the
situation. He then asked me to produce identification. I asked as to
why and the discussion went on for about sixty seconds, when I just
decided to give him my ID because I was just plain sick of this
ignorant discussion. He copied everything down from it, and asked me
what my name was. I simply asked him if he was having trouble reading
it, and he sneered at me. At this point, the rest of the guards
started taking identification from others. The guard who had took my
ID had asked Loki, sitting right across one side of the table from me,
to see the contents of his backpack. Loki declined, and the guard
asked again. The guard switched topics, and asked Loki to produce
identification. Loki then handed him about 4 different forms of ID,
the only thing he was missing was a birth certificate. The guard
asked to see the contents of his bag, and once again Loki declined.
The argument went back and forth for another minute or two, when Loki
boldly exclaimed "You cannot search my bag, but I will show you what
is in it." Loki proceeded to show him everything in the bag at this
point. After pulling a few things that looked very suspicious to the
guard out of his bag (read: after pulling a few soldered connections,
a bundle of phone cable, and a couple of electronic devices out of his
bag...). At this time, I turned to my left to see a rather large guy
wearing a nice suit who appeared to be taking over the command of the
rent-a-cops. I immediately asked him his name, or two see some form
of identification after he was doing the same to other people at the
meeting. He flat out said "No.". So I just sighed at the entire
ignorance of the man. Tomellicas quickly snapped a few pictures of
him, and other guards there who wouldn't identify themselves. The
guard literally took the film out of Tomellicas's camera at this
point. Hack Rat had proceeded to make a list of the guards names who
were involved. After the guards noticed this, they took the list Hack
Rat had compiled, and ripped it up, keeping the shreds. At this
point, on the other side of my table, I watched Loki zipping his bag
back up after having a few things taken out of it. The big guy in the
suit came and studied the stuff that had been taken out of his bag and
asked Loki what he was doing with it. After exchanging words for
about 2 minutes, the big guy proceeded to research Loki's bag. Noted
that Loki gave no permission for the guy to search it, he just plain
started going through it. At this point I wanted my handcuffs back,
and I was out of there. I couldn't handle this sort of police
harassment and basic bullshit. I told the guard I wanted my handcuffs
back, and he refused. I asked for a receipt, and he refused. I said
"I'm leaving, I have better things to do than to be harassed by a
buncha rent-a-cops." <granted under my breath, but he still heard me>
he proceeded to say "Sit back down.". At this point I just figured I
might as well do whatever they wanted so I could just go home and see
the Bulls game.
This irrelevant search continued to go on for roughly a little
less than two hours. None of the guards would give us any reason for
why we were being detained, or why we were being searched. After
sitting there for roughly two hours, we were all starting to get a
little (lot) uptight about the whole situation and starting demanding
we know why we were being held there and searched. One of the guards
said that he thought we had a stun gun and that's why we were being
searched. I made it really clear to him that (a) stun guns are not
illegal in the state of virginia, and (b) after we showed him what he
(they) saw, and he saw that it was hardly a stun gun, but an amplified
sound device for deaf people, that he had no right to search us any
further, let alone everyone there.
Denying that these laws were infact true, he told me to shut up.
Laughing at his idiocy, I just sat there, preparing for hari-kari.
Finally, after about another thirty minutes of bullshit, we were told
to leave the mall immediately. Not understanding why, myself and
others questioned him as to why we were being detained, searched, and
kicked out. He gave no reason, except to say that this was private
property, and that if we did not leave, we would be arrested, by the
one Arlington County cop now on the scene. Just wanting to go see the
Bulls game, I proceeded to leave, with Hack Rat, Tomellicas, and
someone else who I forgot was at this time. We left the scene, and
proceeded to Crystal City Underground, where we met up with Techno
Caster and a couple others discussing the torment we had all just
experienced.
Let alone the embarrassment of all the people watching us over the
balcony.
Saturday, November 7th, 1992. Hack Rat and I thought it would be wise
to contact the Pentagon Mall Security office on three-way. I called
information, obtained the number (703/415-3410). I called the number
and a lady picked up on the other end. I told her that I would like
to speak with whoever was in charge, or present at the raid in the
food court last night. She told me that nobody was there, they were
either sick, or not working today. I told her "Out of the roughly 8
people there last night, they are all sick? That's bullshit. I want
to speak with someone who was there last night, or I want all of the
officers names, and the name of the person in charge." She told me
I'd have to call back in 30 minutes. I wait.
Thirty minutes later, Hack Rat and I call back. The same lady answers
and I ask to speak to someone present, or the man in charge of the
food court raid last night. She said please hold. I was transfered
somewhere. A man picked up the phone, this voice was very familiar,
and I could easily match it with the guy who took my handcuffs from
me, the one who told me to shut up. I asked him what his name was,
and the names of everyone there, and of whoever was in charge. He
said that he was not allowed to give that information out. After
dealing with the idiocy for another 5 minutes, tension grew along with
the hostility.
After a little more social engineering, I was able to bs a name out of
him. Al Johnson, who was supposedly the head of security.
After this, I called up Loki. We called Fenris Wolf on three way.
Fenris told us that one of his parental units called the mall security
office to find that Loki's bag had been 'turned over to federal
authorities'.
Loki, never given a receipt for his bag, even after asking, was
extremely pissed at this point.
The Mad Hatter
*************************************
ACCOUNT #2:
dead cow #16 @1 [imic]
Sun Nov 08 15:21:42 1992
here's my story, as i witnessed it.
i was coming down the escalator when i noticed that there were a
bunch of people standing around and all these cops in the center. so i
rushed up to the center and asked the cops what was going on. the cop
said "i have nothing to say to you" so i asked who i could talk to. he
said that nobody had anything to say, that no one would talk to me.
then i was questioned about my relation to this group. i denied any
relation. i was then asked to leave, at which point i moved over to a
group of 2600 people standing at a distance observing. i attempted to
ask them what was going on, but at that point the mall cop wearing a
bike outfit (what was with that guy?) asked us to leave. i walked most
of the way to the door then stopped to remove my camera from my bag,
meanwhile asking if i could stay long enough to use the bathroom. they
told me that i had to use the metro bathroom. i said that i didn't
think there was one. they said yes, ask the attendant. i then got my
camera out and asked if i could take a picture. the guard said, in a
threatening voice, that if i took his pic he would take my film. i put
the camera in my pocket. i had a couple of old motherboards in my
hands, they asked me what they were, i said they were old
motherboards, they asked each other if (some guy who's name i didn't
catch) would be interested in these. i said they could have them if
they wanted, they were worth about $2. they said, no, they weren't
gonna take them, just leave. i stalled a few more times, and then they
said that if i stalled one mor time i would be arrested. i left the
mall at that pt.
we then went up the metro escalator, and stood around in a group at
the top of the escalator. the mall cops were there, in the mall
driveway, in their car. at some point, a group of mall cops came out
and were very belligerent with someone. i stood back at a distance and
took a picture, then turned away and started walking. the cops yelled
after me, i gave my camera to another person. they wanted my film, i
said i didn't have the camera. gentry jumped in and started arguing
with the man, telling him that it was legal to take the picture. the
man became very angry with gentry, and then started yelling about how
he was here not to warn us about leaving the area, but to tell us to
move our cars (all our cars were parked someplace else) from the curb,
where there were SOME cars, because the arlington cops were coming. we
said that we didn't have any cars, and he ignored that and proceded to
warn us again. then he turned and gestured at gentry with his hand. at
the same point gentry brought his hand up to scratch his head, and the
hands met. the mall cop became very angry and told gentry that if he
touched the mall cop again he would do some thing (i forget the
threat) then we started talking about the camera, and the mall cop
denied that he had ever wanted the film. after that, the mall cop
left. then we left.
that's what happened..
dc
+++++++++++++
ACCOUNT #3:
Inhuman November 8th, 1992
What follows is my account of the events as I observed them at
Pentagon City Fashion Center Mall on the evening of Friday, November
6th.
I arrived at the mall around 6:45 p.m., almost two hours after the
meeting began. I recognized a group of people on the food court to be
part of the meeting and started heading towards them. At this point,
I noticed that there were several mall security personnel and perhaps
other law enforcement officials (I'm not sure) spread throughout the
meeting area. Most were just standing there, some were talking to the
meeting-goers.
Since nothing too dangerous seemed to be happening, I walked into
the middle of the meeting area, looking at all the guards. I asked
one of the meeting-goers what was going on and he said "We're being
detained." I then asked one of the guards (a young caucasian blonde
male in a blue spandex biking outfit) what was going on. He replied,
"You'll find out from your friends afterwards. Why don't you go wait
with your friends over there.", indicating the group of people I
entered the mall with.
I left the food court. Some of the guards looked slightly upset that
I was leaving, but made no move to stop me. I waited out-of-view of
the food court for about five minutes and then returned. At this
point, meeting-goers were just beginning to leave the food court area
in the direction of the mall exit, apparently having been released
from their detention. Guards remained on the outskirts of the group,
directing them towards the exit.
I asked one of the guards (a middle-aged heavy-set
african-american male) if we had to leave, and he said yes. When I
protested, he threatened to arrest me for trespassing since "this is
private property." When I asked what his name was, he pointed to his
name tag. The name tag had nothing more than a legal signature on it,
which was quite unreadable. When asked him what his name was again,
explaining that I couldn't read his name tag, he said, "You can't read
my name tag? Too bad." Then I noticed he had another name tag with
"C. Thomas" clearly printed on it. At this point, Dead Cow, who was
nearby, asked if he could take the guard's picture. The guard said
that if he did, he would take the film out of the camera. When then
left the mall, along with the rest of the group.
We waited in the Metrorail (D.C. public transportation) access
tunnel directly outside of the mall for a while, gathering information
from each other and deciding on a course of action.
We went upstairs and outside, to a small bank of payphones near
the Metro entrance and near the mall's outside entrance. One of the
meeting-goers, Lithium Bandit, called the Washington Post and
recounted the story, hoping to get a reporter to the scene. They said
they would call back if they were interested. Several suggestions
were made to call News Channel 8, a cable 24-hours-a-day local news
channel, but the call was never made. About twenty of us remained at
this point, there having been around forty total.
About ten minutes later, the mall security guards reappeared. I
was on the phone with Emmanuel Goldstein at the time, so I didn't see
the initial interactions, and I'm still not clear what they were
trying to tell us to do this time, as we were no longer on private
property. At some point, Dead Cow took his camera out and took a
couple pictures of the scene. At this, the guards, especially C.
Thomas, became incensed. Thomas demanded the film, somehow claiming
that Dead Cow was not allowed to take a picture of him. The film
remained in our possesion. Then Gentry, another meeting-goer, began
to get in an argument with C. Thomas over Dead Cow's right to take his
picture, and the general rights violations that had occured already.
At some point, Gentry apparently touched C. Thomas in an inadvertent
manner. Thomas then yelled very loudly, "Don't TOUCH me!" and made
some threat about what he would do if Gentry touched him again.
People began to leave now, to regroup at the Crystal City
Underground, including me, so thus ends my account.
------------------------------
Date: Tue, 10 Nov 1992 09:17:35
From: jmcmullen@well.sf.ca.us
Subject: File 5--Confusion About Secret Service Role D.C. "Raid"
((The following will appear on Newsbytes. Newsbytes is a copyrighted
commercial service and its material may not be reproduced. This
article is posted with the express permission of the authors.))
WASHINGTON, D.C., U.S.A., 1992 NOV 7 (NB) -- In the aftermath of an
action on Friday, November 6th by members of the Pentagon City Mall
Police and police from Arlington County, VA in which those attending a
2600 meeting at the mall were ordered from the premises, conflicting
stories continue to appear.
Attendees at the meeting have contended to Newsbytes that members of
the mall police told them that they were "acting on behalf of the
Secret Service.". They also maintain that the mall police confiscated
material from knapsacks and took film from someone attempting to
photograph the action and a list of the names of security officers
that one attendee was attempting to compile.
Al Johnson, chief of security for the mall, denied these allegations
to Newsbytes, saying "No one said that we were acting on behalf of the
Secret Service. We were merely enforcing our regulations. While the
group was not disruptive, it had pulled tables together and was having
a meeting in our food court area. The food court is for people eating
and is not for meetings. We therefore asked the people to leave."
Johnson denied that security personnel took away any film or lists and
further said "We did not confiscate any material. The group refused to
own up to who owned material on the tables and in the vicinity so we
collected it as lost material. If it turns out that anything did
belong to any of those people, they are welcome to come in and, after
making proper identification, take the material."
In a conversation early on November 9th, Robert Rasor, Secret Service
agent-in-charge of computer crime investigations, told Newsbytes that
having mall security forces represent the Secret Service is not
something that was done and, that to his knowledge, the Secret Service
had no involvement with any Pentagon City mall actions on the previous
Friday.
A Newsbytes call to the Arlington County police was returned by a
Detective Nuneville who said that her instructions were to refer all
questions concerning the matter to agent David Adams of the Secret
Service. She told Newsbytes that Adams would be providing all
information concerning the involvement of both the Arlington Police
and the Secret Service in the incident.
Adams told Newsbytes "The mall police were not acting as agents for
the Secret Service. Beyond that, I can not confirm or deny that there
is an ongoing investigation."
Adams also told Newsbytes that "While I cannot speak for the Arlington
police, I understand that their involvement was due to an incident
unrelated to the investigation."
Marc Rotenberg, director of the Washington office of Computer
Professionals for Social Responsibility (CPSR), told Newsbytes "CPSR
has reason to believe that the detention of people at the Pentagon
City Mall last Friday was undertaken at the behest of the Secret
Service, which is a federal agency. If that is the case, then there
was an illegal search of people at the mall. There was no warrant and
no indication of probable illegal activity. This raises constitutional
issues. We have undertaken the filing of a Freedom of Information Act
(FOIA) request to determine the scope, involvement and purpose of the
Secret Service in this action."
2600 meetings are held on the evening of the first Friday of each
month in public places and malls in New York City, Washington,
Philadelphia, Cambridge, St. Louis, Chicago, Los Angeles and San
Francisco. They are promoted by 2600 Magazine: The Hacker Quarterly
and are attended by a variety of persons interested in
telecommunications and so-called "hacker issues". The New York
meeting, the oldest of its kind, is regularly attended by Eric Corley
a/k/a Emmanuel Goldstein, editor and publisher of 2600, hackers,
journalists, corporate communications professionals and other
interested parties. It is known to have been the subject of
surveillance at various times by law enforcement agencies conducting
investigations into allegations of computer crime.
Corley told Newsbytes "While I'm sure that meetings have been observed
by law enforcement agencies, this is the only time that we have been
harassed. It's definitely a freedom of speech issue." Corley also that
he plans to be at the December meeting in Washington "to insure that
it doesn't happen again."
------------------------------
Date: Tue, 10 Nov 1992 09:17:34
From: jmcmullen@well.sf.ca.us
Subject: File 6--Conflicting Stories In 2600 Raid; CRSR Files FOIA
((The following will appear on Newsbytes. Newsbytes is a copyrighted
commercial service and its material may not be reproduced. This
article is posted with the express permission of the authors.))
WASHINGTON, D.C., U.S.A., 1992 NOV 11 (NB) -- In the on-going
investigation of possible Secret Service involvement in the Friday,
November 6th ejection of attendees at a "2600 meeting" from the
premises of the Pentagon City Mall, diametrically opposed statements
have come from the same source.
Al Johnson, chief of security for the Pentagon City Mall told
Newsbytes on Monday, November 9th "No one said that we were acting on
behalf of the Secret Service. We were merely enforcing our
regulations. While the group was not disruptive, it had pulled tables
together and was having a meeting in our food court area. The food
court is for people eating and is not for meetings. We therefore asked
the people to leave."
On the same day, Johnson was quoted was quoted in a Communications
Daily article by Brock Meeks as saying "As far as I'm concerned, we're
out of this. The Secret Service, the FBI, they're the ones that
ramrodded this whole thing."
Newsbytes contacted Meeks to discuss the discrepancies in the stories
and were informed that the conversation with Johnson had been taped
and was available for review. The Newsbytes reporter listened to the
tape (and reviewed a transcript). On the tape, Johnson was clearly
heard to make the statement quoted by Meeks.
He also said "maybe you outta call the Secret Service, they're
handling this whole thing. We, we were just here", and, in response
to a Meeks question about a Secret Service contact, "Ah.. you know, I
don't have a contact person. These people were working on their own,
undercover, we never got any names, but they definitely, we saw
identification, they were here."
Newsbytes contacted Johnson again on the morning of Wednesday,
November 11 and asked him once again whether there was any Secret
Service involvement in the action. Johnson said "No, I told you that
they were not involved." When it was mentioned that there was a story
in Communications Daily, quoting him to the contrary, Johnson said "I
never told Meeks that. There was no Secret Service involvement"
Informed of the possible existence of a tape quoting him to the
contrary. Johnson said "Meeks taped me? He can't do that. I'll show
him that I'm not fooling around. I'll have him arrested."
Johnson also said "He asked me if the Secret Service was involved; I
just told him that, if he thought they were, he should call them and
ask them."
Then Johnson again told Newsbytes that the incident was "just a mall
problem. There were too many people congregating."
[NOTE: Newsbytes stands by its accurate reporting of Johnson's
statements. It also affirms that the story by Meeks accurately
reflects the material taped during his interview]
In a related matter, Marc Rotenberg, director of the Washington office
of Computer Professionals For Social Responsibility (CPSR) has
announced that CPSR has filed a Freedom of Information Act (FOIA)
request with the Secret Service asking for information concerning
Secret Service involvement in the incident.
Rotenberg told Newsbytes that the Secret Service has 10 days to
respond to the request. He also said that CPSR "is exploring other
legal options in this matter."
The Secret Service, in earlier conversations with Newsbytes, has
denied that the mall security was working on its behalf.
In the incident itself, a group attending the informal meeting was
disbanded and, according to attendees, had property confiscated. They
also contend that security guards took film from someone photographing
the confiscation as well as a list that someone was making of the
guard's names. In his November 9th conversation with Newsbytes,
Johnson denied that security personnel took away any film or lists and
further said "We did not confiscate any material. The group refused to
own up to who owned material on the tables and in the vicinity so we
collected it as lost material. If it turns out that anything did
belong to any of those people, they are welcome to come in and, after
making proper identification, take the material."
2600 meetings are promoted by 2600 Magazine: The Hacker Quarterly and
are held on the evening of the first Friday of each month in public
places and malls in New York City, Washington, Philadelphia,
Cambridge, St. Louis, Chicago, Los Angeles and San Francisco. They
are regularly attended by a variety of persons interested in
telecommunications and so-called "hacker issues".
(Barbara E. McMullen & John F. McMullen/19921111)
------------------------------
Date: Wed 11 Nov 1992 19:34:56
From: Moderators<tk0jut2@mvs.cso.niu.edu>
Subject: File 7--Transcript from Al Johnson Interview
((MODERATORS' NOTE: Al Johnson, Director of Security for the Pentagon
City Mall, has denied saying that the US Secret Service was involved
in the 2600 disruption, and he has given other news sources a
different version than he gave to Brock Meeks. The following are Al
Johnson's original comments as transcribed from the original
conversation. We leave it to readers to decide for themselves what Al
Johnson said in the initial interview.))
Further information may be obtained from Brock Meeks at:
(202) 872-9202 ex. 271; or
2115 Ward Ct. NW, Washington, DC 20037
+++++
Transcript of interview with Mr. Al Johnson, Dir. Security for
Pentagon City Mall
B. Meeks: I'd like to ask you a few questions about an incident where
some of your security guards broke up a meeting of some hackers
on Friday (Nov. 6).
Al Johnson: They broke up some meeting of hackers?
B. Meeks: Yes.
AJ: I don't know about breaking any meeting up. Who... first of
all I can't talk to you on the phone, if you want to come in, I
don't talk to the press on the phone.
B. Meeks: OK
AJ: Ahh... maybe you outta call the Secret Service, they're
handling this whole thing. We, we were just here.
B. Meeks: the Secret Service was part of this?
AJ: Well, FBI, Secret Service, everybody was here, so you might
want to call their office and talk to them. There's not much I
can really tell you here.
B. Meeks: OK
AJ: Our involvement was minimum, you know, minimal.
B. Meeks: I see, but your folks were acting on...
AJ: We didn't break anything... I.. we didn't.. as far as I
know, well I can't say much on the phone. But I, well,
somebody's awfully paranoid apparently. Where'd you get this
information from?
B. Meeks: Umm.... from computer bulletin boards
AJ: Bulletin Boards?
B. Meeks: Yep.
AJ: When did you get it?
B. Meeks: I got it, ah, Sunday night.
AJ: Sunday night?
B. Meeks: Yep.
AJ: [small laugh] Ah, yeah, you gotta call the FBI and the
Secret Service there's not much I can do for you here.
B. Meeks: Ok. Al, if I come down there will you talk to me to down
there?
AJ: No. I can't talk to you at all. Fact is, there's nothing
to talk about. Our involvement in anything was minimal, I don't
know where this information came from as far as bulletin boards,
and breaking meetin's up and you know...
B. Meeks: Well, the Arlington police were down there too. I mean I've
talked to several of the kids that were involved.
AJ: Um-hmmm
B. Meeks: They said, that ah, members of your, of the mall security
forces, ah, or security staff, searched them, confiscated some
material and didn't give it back. Did any of this happen?
AJ: Like I said, I'm not, I'm not able to talk to you... we have
a policy that we don't talk to the press about anything like
that. You can call the Secret Service, call the FBI, they're the
ones that ramrodded this whole thing, and you talk to them, we're
out of this basically, you know, as far as I'm concerned here.
B. Meeks: Ok. Is there a contact person over there that you can...
AJ: Ah.. you know, I don't have a contact person. These people
were working on their own, undercover, we never got any names,
but they definitely, we saw identification, they were here.
B. Meeks: They were there. So it was all the Secret Service and none
of your men?
AJ: Ah, nah, that's not what I said. But they're the ones you
want to talk to. There's nothing I can really ya. Okay?
B. Meeks: Okay.
AJ: Thanks.
B. Meeks: Bye.
------------------------------
End of Computer Underground Digest #4.57
************************************
Computer underground Digest Sun Nov 15, 1992 Volume 4 : Issue 58
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Coop Eidolator: Etaion Shrdlu, Junior
CONTENTS, #4.58 (Nov 15, 1992)
File 1--Special Issue: A Computer & Information Technologies Platform
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; in
Europe from the ComNet in Luxembourg BBS (++352) 466893; and using
anonymous FTP on the Internet from ftp.eff.org (192.88.144.4) in
/pub/cud, red.css.itd.umich.edu (141.211.182.91) in /cud, halcyon.com
(192.135.191.2) in /pub/mirror/cud, and ftp.ee.mu.oz.au (128.250.77.2)
in /pub/text/CuD.
European readers can access the ftp site at: nic.funet.fi pub/doc/cud.
Back issues also may be obtained from the mail
server at mailserv@batpad.lgb.ca.us.
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Tue, 27 Oct 1992 22:00:03 -0800
From: James I. Davis <jdav@WELL.SF.CA.US>
Subject: File 1--A Computer & Information Technologies Platform
((MODERATORS' NOTE: The potential of computer technology to liberate
also carries with it the potential to repress. Computer applications
contain the risks of intruding on privacy, increasing our
vulnerability to crime, and altering the social sphere by revising
laws, class structure, and power/control systems. The consequences of
computer technology are *social* and affect us all. Responsibility for
recognizing the impact of expanding technology is not something that
should be left to others--to "experts"--but that should be
aggressively confronted by all of us.
This special issue presents a platform statement drafted by the
Computer Professionals for Social Responsibility's Berkeley chapter as
one way to begin recognizing the *political* implications of computer
technology. We invite responses to it with the intent of sharpening
the debates over the issues it raises.
The bibliography has been deleted because of spatial constraints.
Those interested can obtain the complete text, including biblio, from
the CuD ftp site (ftp.eff.org)).
+++++++++++++
A COMPUTER AND INFORMATION TECHNOLOGIES PLATFORM
Computer Professionals for Social Responsibility
Berkeley Chapter
Peace and Justice Working Group
*****************************************************************
INTRODUCTION
As computer and information technologies become all pervasive, they
touch more and more on the lives of everyone. Even so, their
development and deployment remains unruly, undemocratic and
unconcerned with the basic needs of humanity. Over the past 20 years,
new technologies have dramatically enhanced our ability to collect and
share information, to improve the quality of work, and to solve
pressing problems like hunger, homelessness and disease. Yet over the
same period we have witnessed a growing set of problems which are
eroding the quality of life in our country. We have seen the virtual
collapse of our public education system. Privacy has evaporated.
Workplace monitoring has increased in parallel with the de-skilling or
outright disappearance of work. Homelessness has reached new heights.
Dangerous chemicals poison our environment. And our health is
threatened by the growing pandemic of AIDS along with the resurgence
of 19th century diseases like cholera and tuberculosis.
As a society, we possess the technical know-how to resolve
homelessness, illiteracy, the absence of privacy, the skewed
distribution of information and knowledge, the lack of health care,
environmental damage, and poverty. These problems persist only because
of the way we prioritize research and development, implement
technologies, and distribute our social wealth. Determining social
priorities for research, development, implementation and distribution
is a political problem.
Political problems require political solutions. These are, of course,
everyone's responsibility. As human beings, we have tried to examine
these problems, and consider possible solutions. As people who design,
create, study, and use computer and information technologies, we have
taken the initiative to develop a political platform for these
technologies. This platform describes a plausible, possible program
for research, development, and implementation of computer and
information technologies that will move towards resolving our most
pressing social needs. This document also unites many groups and
voices behind a common call for change in the emphasis and application
of these technologies.
This platform addresses Computer and Information Technologies, because
we work with those technologies, and we are most familiar with the
issues and concerns related to those technologies. We do not address
other key technologies like bioengineering or materials science,
although some issues, for example, intellectual property rights or
research priorities, apply equally well to those areas. We would like
to see people familiar with those fields develop platforms as well.
Finally, we do not expect that this platform will ever be "finished."
The rate of scientific and technical development continues to
accelerate, and new issues will certainly emerge. Likewise, our
understanding of the issues outlined here will evolve and deepen. Your
comments are necessary for this document to be a relevant and useful
effort.
We encourage candidates, organizations and individuals to adopt the
provisions in this platform, and to take concrete steps towards making
them a reality.
Peace and Justice Working Group Computer Professionals for Social
Responsibility, Berkeley Chapter
August, 1992
*****************************************************************
PLATFORM GOALS
The goals of this platform are:
* To promote the use of Computer and Information Technologies to
improve the quality of human life and maximize human potential.
* To provide broad and equal access to Computers and Information
Technology tools.
* To raise consciousness about the effects of Computer and
Information Technologies among the community of people who create and
implement these technologies.
* To educate the general public about the effects Computers
and Information Technologies have on them.
* To focus public attention on the political agenda that determines
what gets researched, funded, developed and distributed in Computer
and Information Technologies.
* To democratize (that is, enhance the public participation in) the
process by which Computer and Information Technologies do or do not
get researched, funded, developed and distributed.
*****************************************************************
PLATFORM SUMMARY
A. ACCESS TO INFORMATION and INFORMATION TECHNOLOGIES
1. Universal access to education
2. Elimination of barriers to access to public information
3. An open National Data Traffic System
4. Expansion of the public library system
5. Expansion of public information treasury
6. Freedom of access to government data
7. Preservation of public information as a resource
8. Restoration of information as public property
B. CIVIL LIBERTIES and PRIVACY
1. Education on civil liberties, privacy, and the implications
of new technologies
2. Preservation of constitutional civil liberties
3. Right to privacy and the technology to ensure it
4. Community control of police and their technology
C. WORK, HEALTH and SAFETY
1. Guaranteed income for displaced workers
2. Improved quality of work through worker control of it
3. Emphasis on health and safety
4. Equal opportunity to work
5. Protection for the homeworker
6. Retraining for new technologies
D. THE ENVIRONMENT
1. Environmentally safe manufacturing
2. Planning for disposal or re-use of new products
3. Reclamation of the cultural environment as public space
E. INTERNATIONAL COOPERATION
1. Replacement of "national competitiveness" with "global
cooperation"
2. Global distribution of technical wealth
3. An end to the waste of technical resources embodied in the
international arms trade
4. A new international information order
5. Equitable international division of labor
F. RESPONSIBLE USE OF COMPUTERS and INFORMATION TECHNOLOGIES
1. New emphasis in technical research priorities
2. Conversion to a peacetime economy
3. Socially responsible engineering and science
*****************************************************************
THE PLATFORM
*****************************************************************
A. ACCESS TO INFORMATION and INFORMATION TECHNOLOGIES
The body of human knowledge is a social treasure collectively
assembled through history. It belongs to no one person, company, or
country. As a public treasure everyone must be guaranteed access to
its riches. We must move beyond the division between information
"consumer" and "provider" -- new information technologies enable each
of us to contribute to the social treasury as well. An active
democracy requires a well-informed citizenry with equal access to any
tools that facilitate democratic decision-making. This platform calls
for:
1. UNIVERSAL ACCESS TO EDUCATION: "23 Million adult Americans cannot
read above fifth-grade level."[1] We reaffirm that quality education
is a basic human right. We call for full funding for education through
the university level to insure that everyone obtains the education
they need to participate in and contribute to the "Information Age."
Education must remain a public resource. Training and retraining to
keep skills current with technology, and ease transition from old
technologies to new technologies must be readily available. All people
must have sufficient access to technology to ensure that there is no
"information elite" in this society. Computers should be seen as tools
to accomplish tasks, not ends in themselves. The public education
system must provide students with access to computers, as well as the
critical and analytical tools necessary to understand, evaluate and
use new technologies. Staffed and funded computer learning centers
should be set up in low-income urban and rural areas to provide such
access and education to adults as well as children. Teachers require
an understanding of the technology to use it effectively, and to
communicate its benefits and limitations to students. These skills
must be an integral part of the teacher training curriculum, and must
also be available for teachers to continue to upgrade their skills as
new tools become available. Finally, to learn, children need a
nurturing environment, including a home, an adequate diet, and quality
health care. Pitting "welfare" versus "education" is a vicious
prescription for social failure. We call for adequate social services
to ensure that our children have the environment in which they can
benefit from their education.
2. ELIMINATION OF BARRIERS TO ACCESS TO INFORMATION TECHNOLOGY:
Democracy requires an informed public, with generous access to
information. However, access to information increasingly requires
tools such as a computer and a modem, while only 13% of Americans own
a personal computer, and of them, only 10% own a modem.[2] In
addition, requiring fees to access databases locks out those without
money. We must assure access to needed technology via methods such as
a subsidized equipment program that can make basic computer and
information technologies available to all. We call for the
nationalization of research and public information databases, with
access fees kept to a minimum to ensure access to the data. In many
cases, the technology itself is a barrier to use of new technologies.
We strongly encourage the research and development of non-proprietary
interfaces and standards that simplify the use of new technology.
3. AN OPEN NATIONAL DATA TRAFFIC SYSTEM: An Information Society
generates and uses massive amounts of information. It requires an
infrastructure capable of handling that information. It also
determines how we communicate with each other, how we disseminate our
ideas, and how we learn from each other. The character of this system
will have profound effects on everyone. The openness and accessibility
of this network will determine the breadth and depth of the community
we can create.
We call for a "National Data Traffic System" that can accommodate all
traffic, not just corporate and large academic institution traffic, so
that everyone has access to public information, and has the ability to
add to the public information. This traffic system must be accessible
to all. The traffic system will include a "highway" component, major
information arteries connecting the country. We propose that the
highway adopt a model similar to the federal highway system -- that
is, a system built by and maintained publicly, as opposed to the
"railroad" model, where the government subsidizes private corporations
to build, maintain and control the system. The "highway model" will
guarantee that the system serves the public interest. At the local
level, the existing telephone and cable television systems can provide
the "feeder roads", the "streets" and the "alleys" and the "dirt
roads" of the data network through the adoption of an Integrated
Services Digital Network (ISDN) system, along the lines proposed by
the Electronic Frontier Foundation. The features proposed by EFF
include affordable, ubiquitous ISDN; breaking the private monopoly
control of the existing communication networks; short of public
takeover of the networks, affirmation of "common carrier" principles;
ease of use; a guarantee of personal privacy; and a guarantee of
equitable access to communications media.[3]
4. EXPANSION OF THE PUBLIC LIBRARY SYSTEM: The public library system
represents a public commitment to equal access to information,
supported by community resources. Yet libraries, in the era of
Computer and Information Technologies, are having their funding cut.
We call for adequate funding of public libraries and an extension of
the library system into neighborhoods. Librarians are the trained
facilitators of information access. As such, librarians have a unique,
strategic role to play in the "information society." We call for an
expansion of library training programs, for an increase in the number
of librarians, and for additional training for librarians so that they
can maximize the use of new information-retrieval technology by the
general public. Every public library must have, and provide to their
clientele, access to the national data highway.
5. EXPANSION OF THE PUBLIC INFORMATION TREASURY: A market economy
encourages the production of those commodities that the largest market
wants. As information becomes a commodity, information that serves a
small or specialized audience is in danger of not being collected, and
not being available. For example, the president of commercial database
vendor Dialog was quoted in 1986 as saying "We can't afford an
investment in databases that are not going to earn their keep and pay
back their development costs." When asked what areas were not paying
their development costs, he answered, "Humanities."[4] Information
collection should pro-actively meet broad social goals of equality and
democracy. We must ensure that the widest possible kinds of social
information are collected (not just those that have a ready and
substantial market), while ensuring that the privacy of the individual
is protected.
6. FREEDOM OF ACCESS TO GOVERNMENT DATA: Public records and economic
data are public resources. We must ensure that the principles of
"Freedom of Information" laws remain in place. Government agencies
must comply with these laws, and should be punished for
non-compliance. Government records that are kept in a digital format
must be available electronically to the general public, provided that
adequate guarantees are in place to protect the individual.
7. PROTECTION OF PUBLIC INFORMATION RESOURCES: Recently, we have seen
a dangerous trend in which the Federal government sells off or
licenses away rights to information collected at public expense, which
is then sold back to the public at a profit. Access to public data now
often requires paying an information-broker look-up fees.[5] Public
resources must be public. We call for a halt to the privatization of
public data.
8. RESTORATION OF INFORMATION AS PUBLIC PROPERTY: "Since new
information technology includes easy ways of reproducing information,
the existence of these [intellectual property] laws effectively
curtails the widest possible spread of this new form of wealth. Unlike
material objects, information can be shared widely without running
out."[6] The constitutional rationale for intellectual property rights
is to promote progress and creativity. The current mechanisms -- the
patent system and the copyright system -- are not required to ensure
progress. Other models exist for organizing and rewarding intellectual
work, that do not require proprietary title to the results. For
example, substantial and important research has been carried out by
government institutions and state-supported university research. A
rich library of public domain and "freeware" software exists. Peer or
public recognition, awards, altruism, the urge to create or
self-satisfaction in technical achievement are equally motivators for
creative activity.
Authors and inventors must be supported and rewarded for their work,
but the copyright and patent system per se does not ensure that. Most
patents, for example, are granted to corporations or to employees who
have had to sign agreements to turn the ownership over to the employer
through work-for-hire or other employment contracts as a condition of
employment. The company, not the creating team, owns the patent. In
addition, in many ways, patents and copyrights inhibit the development
and implementation of new technology. For example, proprietary
research is not shared, but is kept secret and needlessly duplicated
by competing companies or countries. Companies sue each other over
ownership of interfaces, with the consumer ultimately footing the
bill. Software developers must "code around" proprietary algorithms,
so as not to violate known patents; and they still run the risk of
violating patents they don't know about. We call for a moratorium on
software patents. We call for the abolition of property rights in
knowledge, including algorithms and designs. We call for social
funding of research and development, and the implementation of new
systems, such as public competitions, to spur development of socially
needed technology.
B. CIVIL LIBERTIES and PRIVACY
Advances in Computer and Information Technologies have facilitated
communications and the accumulation, storage and processing of data.
These same advances may be used to enlighten, empower and equalize but
also to monitor, invade and control. Alarmingly, we witness more
instances of the latter rather than of the former. This platform
calls for:
1. EDUCATION ON CIVIL LIBERTIES, PRIVACY, AND THE IMPLICATIONS OF NEW
TECHNOLOGIES: New technologies raise new opportunities and new
challenges to existing civil liberties. In the absence of
understanding and information about these technologies, dangerous
policies can take root. For example, police agencies and the news
media have portrayed certain computer users (often called "hackers")
as "pirates" out to damage and infect all networks. While some
computer crime of this sort does take place, such a demonization of
computer users overlooks actual practice and statistics. This
perception has led to an atmosphere of hysteria, opening the door to
fundamental challenges to civil liberties. Homes have been raided,
property has been confiscated, businesses have been shut down, all
without due process. Technology skills have taken on the quality of
"forbidden knowledge", where the possession of certain kinds of
information is considered a crime. In the case of "hackers", this is
largely due to a lack of understanding of the actual threat that
"hackers" pose. We must ensure that legislators, law-enforcement
agencies, the news media, and the general public understand Computer
and Information Technologies instead of striking out blindly at any
perceived threat. We must also ensure that policy caters to the
general public and not just corporate and government security
concerns.
2. PRESERVATION OF CONSTITUTIONAL CIVIL LIBERTIES: The U.S.
Constitution provides an admirable model for guaranteeing rights and
protections essential for a democratic society in the 18th century.
Although the new worlds opened up by Computer and Information
Technologies may require new interpretations and legislations, the
freedoms guaranteed in the Bill of Rights must continue no matter what
the technological method or medium. Steps must be taken to ensure that
the guarantees of the Constitution and its amendments are extended to
encompass the new technologies. For example, electronic transmission
or computer communications must be considered as a form of speech; and
information distributed on networked computers or other electronic
forms must be considered a form of publishing (thereby covered by
freedom of the press). The owner or operator of a computer or
electronic or telecommunications facility should be held harmless for
the content of information distributed by users of that facility,
except as the owner or operator may, by contract, control information
content. Those who author statements and those who have contractual
authority to control content shall be the parties singularly
responsible for such content. Freedom of assembly should be
automatically extended to computer-based electronic conferencing.
Search and seizure protections should be fully applicable to
electronic mail, computerized information and personal computer
systems.
3. RIGHT TO PRIVACY AND THE TECHNOLOGY TO ENSURE IT: Because Computer
and Information Technologies make data collection, processing and
manipulation easier, guaranteeing citizen privacy rights becomes
problematic. Computer and Information Technology make the job of those
who use data en-masse -- marketing firms, police, private data
collection firms -- easier. We need to develop policies that control
what, where, whom and for what reasons data is collected on an
individual. Institutions that collect data on individuals must be
responsible for the accuracy of the data they keep and must state how
the information they obtain will be used and to whom it will be made
available. Furthermore, we must establish penalties for
non-compliance with these provisions. Systems should be in place to
make it easy for individuals to know who has information about them,
and what that information is.
We must ensure that there is no implementation of any technological
means of tracking individuals in this country through their everyday
interactions. Technology exists that can ensure that electronic
transactions are not used to track individuals. Encrypted digital
keys, for example, provide the technical means to achieve anonymity in
electronic transactions while avoiding a universal identifier. Where
government financial assistance is now provided electronically, we
must ensure that these mechanisms help empower the recipient, and do
not become sophisticated means of tracking and policing behavior
(e.g., by tracking what is bought, when it is bought, where it is
bought, etc.).
The technology to effectively ensure private communications is
currently available. The adoption of a state-of-the-art standard has
been held up while the government pushes for mandatory "back-doors" so
that it can monitor communication. (Computer technology is treated
differently here; for example, we do not legislate how complex a lock
can be.) We must ensure that personal communication remains private by
adopting an effective, readily available, de-militarized encryption
standard.
4. COMMUNITY CONTROL OF POLICE AND THEIR TECHNOLOGY: New technologies
have expanded the ability of police departments to maintain control
over communities. The Los Angeles Police Department is perhaps an
extreme example: they have compiled massive databases on
African-American and Latino youth through "anti-gang" mass
detainments. These databases are augmented by FBI video and photo
analysis techniques. "But the real threat of these massive new
databases and information technologies is... their application on a
macro scale in the management of a criminalized population."[7] With
new satellite navigational technology, "we shall soon see police
departments with the technology to put the equivalent of an electronic
bracelet on entire social groups."[8] We call for rigorous community
control of police departments to protect the civil liberties of all
residents.
C. WORK, HEALTH and SAFETY
Computer and Information Technologies are having a dramatic effect on
work. New technologies are forcing a reorganization of work. The
changes affect millions of workers, and are of the same level and
magnitude as the Industrial Revolution 150 years ago. The effects have
been disastrous -- the loss of millions of manufacturing jobs, a fall
in wages over the past 15 years, the lengthening of the work week for
those who do have jobs, a rise in poverty and homelessness. Employed
Americans now work more hours each week that at any time since 1966,
while at this writing 9.5 million workers in the "official" workforce
are unemployed, and millions more have given up hope of ever finding
work.[9] Too often, products and profitability are given priority over
the needs and health of the workers who produce both. For example,
research is done on such matters as how humans contaminate the clean
room process,[10] not on how the chemicals used in chip manufacturing
poison the handlers. Or new technologies are implemented before
adequate research is carried out on how they will affect the worker.
This misplaced emphasis is wrong. This platform calls for:
1. GUARANTEED INCOME FOR DISPLACED WORKERS: New technologies mean an
end to scarcity. Producing goods to meet our needs is a conscious
human activity. Such production has been and is currently organized
with specific goals in mind, namely the generation of the greatest
possible profit for those who own the means of production. We can
re-organize production.
With production for private profit, corporations have implemented
robotics and computer systems to cut labor costs, primarily through
the elimination of jobs. Over the last ten years alone, one million
manufacturing jobs have disappeared in the U.S. Workers at the jobs
that remain are pressured to take wage and benefits cuts, to "compete"
in the global labor market made possible by digital telecommunications
and modern manufacturing techniques. Most new jobs have been created
in the low-pay service sector. As a result, earnings for most workers
have been falling.[11] The corporate transfer of jobs to low-wage
areas, including overseas, affects not only low-skill assembly line
work or data entry, but also computer programming and data analysis.
Wages and benefits must be preserved in the face of automation or
capital flight. Remaining work can be spread about by shortening the
work week while maintaining the weekly wage rate. At the same time,
steps must be taken to acknowledge that the nature of work is
changing. In the face of the new technologies' ever-increasing
productivity utilizing fewer and fewer workers, the distribution of
necessities can no longer be tied to work. We must provide for workers
who have lost their jobs due to automation or job flight, even if no
work is available, by guaranteeing a livable income and retraining
opportunities (see #6 below).
2. IMPROVED QUALITY OF WORK THROUGH WORKER CONTROL OF IT: Millions
work boring, undignified jobs as a direct result of computer and
information technology. Work is often degraded due to de-skilling,
made possible by robotics and crude artificial intelligence
technology; or by job-monitoring, made simple by digital technology.
(Two-thirds of all workers are monitored as they work.[12]) Workers
face greater difficulties in organizing to protect their rights.
Technologies are often foisted on the workers, ignoring the obvious
contributions the workers can make to the design process. The
resulting designs further deprive the worker of control over the work
process. In principle, tools should serve the workers, rather than the
workers serving the tools.
But new technologies could relieve humans of boring or dangerous work.
Technology enables us to expand the scope of human activity. We could
create the possibility of "work" becoming leisure. We call for the
removal of all barriers to labor organizing as the first step toward
giving workers the power to improve the quality of their work. Workers
must be protected from intrusive monitoring and the stress that
accompanies it. We must ensure worker involvement in the design
process. We must also improve the design of user interfaces so that
users can make full use of the power of the technology.
Furthermore, it is not enough just to "participate" in the design
process -- worker involvement must correspond with increased control
over the work process, goals, etc. In other words, we must ensure that
there is "no participation without power." Computer and Information
Technologies facilitate peer-to-peer work relationships and the
organization of work in new and challenging ways. Too often, though,
in practice we see a tightening of control, with management taking
more and more direct control over details on the shop floor. We must
ensure that new technologies improve rather than degrade the nature of
work.
3. EMPHASIS ON HEALTH AND SAFETY: Technologies are often developed
with little or no concern for their effect on the workers who
manufacture or use them.
Electronics manufacturing uses many toxic chemicals. These chemicals
are known to cause health problems such as cancer, birth defects and
immune system disorders. Workers are entitled to a safe working
environment, and must have the right to refuse unsafe work without
fear of penalty. Workers have the right to know what chemicals and
processes they work with and what their effects are. We call for
increased research into developing safe manufacturing processes. We
call for increased research into the effects of existing manufacturing
processes on workers, and increased funding for occupational safety
and health regulation enforcement.
The rate of repetitive motion disorders has risen with the
introduction of computers in the workplace -- they now account for
half of all occupational injuries, up from 18% in 1981.[13]
Musculo-skeletal disorders, eyestrain and stress are commonly
associated with computer use. There is still no conclusive study on
the harmful effects of VDT extremely low frequency (ELF) and very low
frequency (VLF) electromagnetic field emissions.[14] Together these
occupational health tragedies point to a failure by manufacturers,
employers and government to adequately research or implement policies
that protect workers. We call for funding of major studies on the
effects of computers in the workplace. We call for the immediate
adoption of ergonomic standards that protect the worker. We must
ensure that pro-active standards exist before new technologies are put
in place. Manufacturers and employers should pay now for research and
worker environment improvement rather than later, after the damage has
been done, in lawsuits and disability claims. We must ensure that
worker safety always comes first, not short-sighted, short-term
profits that blindly overlook future suffering, disabilities and
millions in medical bills.
4. EQUAL OPPORTUNITY TO WORK: Computer and Information Technology
institutions are overwhelmingly dominated by white males. Programs
must be adopted to increase the direct participation of
under-represented groups in the Computer and Information Technology
industries.
5. PROTECTION FOR THE HOMEWORKER: Computer and Information
Technologies have enabled new patterns of working. "Telecommuting" may
be preferred by many workers, it may expand opportunities for workers
who are homebound, and it would reduce the wastefulness of commuting.
At the same time, homework has traditionally increased the
exploitation of workers, deprived them of organizing opportunities,
and hidden them from the protection of health and safety regulations.
We must guarantee that crimes of the past do not reappear in an
electronic disguise. Computer and Information Technologies make
possible new forms of organization for work beyond homework, such as
neighborhood work centers: common spaces where people who work for
different enterprises can work from the same facility. Such
alternative structures should be supported.
6. RETRAINING FOR NEW TECHNOLOGIES: As new technologies develop, new
skills are required to utilize them. Workers are often expected to pay
for their own training and years of schooling at no cost to the
employer. Training workers in new skills must be a priority, the cost
of which must be shared by employers and the government, and not the
sole responsibility of the worker.
D. THE ENVIRONMENT
We share one planet. While our understanding of the environment
increases, and the impact of previous technologies and neglect become
more and more apparent, too little attention is paid to the effects of
new technologies, including Computer and Information Technologies, on
the environment, both physical and cultural. The creation of a global
sustainable economy must be a priority. This platform calls for:
1. ENVIRONMENTALLY SAFE MANUFACTURING: The manufacture of electronics
technology is among the most unhealthy and profoundly toxic human
enterprises ever undertaken.[15] The computer and information
technology industries must be cleaned up. Manufacturers cannot
continue their destruction of our environment for their profit. They
must be made to pay the actual cost of production, factoring in
environmental cleanup costs for manufacturing methods and products
that are environmentally unsafe. Priority must be placed on developing
and implementing new manufacturing techniques that are environmentally
safe, such as the "no-clean" systems which eliminate ozone-shredding
chlorofluorocarbons (CFCs) from the production of electronic circuit
boards.[16] We must ensure that these standards are adopted globally,
to prohibit unsafe technologies from migrating to other countries with
lax or non-existent environmental protection laws. No manufacturing
technique should be implemented unless it can be proven to be
environmentally safe. We must ensure industry's responsiveness to the
communities (and countries) in which they are located. Neighborhoods
and countries must participate in the planning process, and must be
informed of the environmental consequences of the industries that
surround them. They must have the right to shut down an enterprise or
require the enterprise to cleanup or change their manufacturing
processes.
2. PLANNING FOR DISPOSAL OR RE-USE OF NEW PRODUCTS: As new
technologies become commodities with a finite life-cycle, new
questions loom as to what happens to them when they are discarded.
Little is known about what happens to these products when they hit the
landfill. We must ensure that manufacturers and designers include
recycling and/or disposal in the design and distribution of their
products. Manufacturers must be responsible for the disposal of
commodities once their usefulness is exhausted. Manufacturers must
make every effort to ensure longevity and re-use of equipment. For
example, product specifications might be made public after a specified
period of time so that future users could continue to find support for
their systems. Or manufacturers might be responsible for ensuring that
spare parts continue to be available after a product is no longer
manufactured. Manufacturers could sponsor reclamation projects to
strip discarded systems and utilize the components for training
projects or new products, or they could facilitate getting old
equipment to people who can use it.
3. RECLAMATION OF THE CULTURAL ENVIRONMENT AS PUBLIC SPACE: We live
not only in a natural environment, but also in a cultural environment.
"The cultural environment is the system of stories and images that
cultivates much of who we are, what we think, what we do, and how we
conduct our affairs. Until recently, it was primarily hand-crafted,
home-made, community-inspired. It is that no longer."[17] Computers
and information technologies have facilitated a transformation so that
our culture is taken and then sold back to us via a media that is
dominated by a handful of corporations. At the same time, new
technologies promise new opportunities for creativity, and new
opportunities for reaching specific audiences. But both older (e.g.,
book and newspaper publishing) and newer (e.g., cable television and
computer games) media throughout the world are controlled by the same
multi-national corporations. We advocate computer and information
technology that fights the commodification of culture and nurtures and
protects diversity. This is only possible with a rigorous public
support for production and distribution of culture. We must use new
technologies to ensure the diverse points of view that are necessary
for a healthy society. We must ensure a media that is responsive to
the needs of the entire population. We must ensure true debate on
issues of importance to our communities. We must ensure that our
multi-faceted creativity has access to an audience. And we must also
recognize that in many cultural instances computer and information
technology tools are intrusive and inappropriate.[18]
*****************************************************************
E. INTERNATIONAL COOPERATION
Historically, information flow around the world has tended to be
one-way, and technology transfer from developed countries to
underdeveloped countries has been restricted. These policies have
reinforced the dependency of underdeveloped countries on the U.S.,
Japan and Western Europe. As international competition for markets and
resources intensifies, "national competitiveness" has become a
negative driving consideration in technology policy. This platform
calls for:
1. REPLACEMENT OF "NATIONAL COMPETITIVENESS" WITH "GLOBAL
COOPERATION": The most popular rationale for investing in high
technology in the United States is "national competitiveness." This is
an inappropriate rhetoric around which to organize technology policy.
It ignores the fact that the largest economic enterprises in the world
today are international, not national. "National competitiveness" is
also inappropriate in a world of increasing and accelerating global
interdependence and a detailed division of labor that now routinely
takes in the entire planet's workforce. Finally, "national
competitiveness" is inappropriate in a world in which two-thirds of
the world's population lives in abject poverty and environmental
collapse -- the rhetoric of "national competitiveness" should be
replaced by a rhetoric of "global cooperative development."
2. GLOBAL DISTRIBUTION OF TECHNICAL WEALTH: The global division of
labor is fostering a "brain drain" of scientists and engineers,
transferring badly-needed expertise from the developing world to the
industrialized world. Fully 40% of the engineering graduate students
in American universities are from foreign countries, typically from
countries with little or no advanced technological infrastructure. A
large majority of these graduate students stay in the U.S. when they
complete their studies. American immigration laws also favor
immigrants with advanced scientific or technical education. This
intensifies the disparity between the advanced countries and those
with widespread poverty. This concentration of technical expertise
reinforces a global hierarchy and dependence. Expertise on questions
of international import, such as global warming, toxic dumping, acid
rain, and protection of genetic diversity becomes the exclusive domain
of the developed countries. With so much of the world's scientific
and technical expertise located in the monoculture of the
industrialized world, the developing world has the disadvantage not
only of meager financial resources and dependence on foreign capital,
but the added disadvantage of living under the technical domination of
the rich countries. This platform calls for a conscious policy of
distributing scientific and technical talent around the world. For
example, incentives can be given to encourage emigration to countries
in need of technological talent.
3. AN END TO THE WASTE OF TECHNICAL RESOURCES EMBODIED IN THE
INTERNATIONAL ARMS TRADE: The world currently spends about $1 trillion
annually on weapons. This is a massive transfer of wealth to
arms-producing countries, and especially the United States, the
world's largest arms exporting nation.[19] Weapons of interest to all
countries are increasingly high tech, so a continuing disproportion of
international investments in high technology will be in weapons
systems. Weapons sales not only increase international tensions and
the likelihood of war, but they also reinforce authoritarian regimes,
deter democratic reform, support the abuse of human rights, divert
critical resources from urgent problems of human and environmental
need, and continue the accelerating disparity between rich and poor
nations. We call for a complete and permanent dismantling of the
global arms market.
4. A NEW INTERNATIONAL INFORMATION ORDER: The growing disparity
between "information rich" and "information poor" is by no means
limited to the U.S. Disparities within industrialized countries are
dwarfed by international disparities between the industrialized
countries and the developing world. A global telecommunications regime
has developed that favors the rich over the poor, and the gap is
growing steadily. As a simple example, rich countries are able to
deploy and use space-based technologies such as earth-surveillance
satellites and microwave telecommunications links to gather
intelligence and distribute information all over the globe. The
concentration of information power in single countries is even more
advanced when viewed internationally. We call for the placement of
international information collection and distribution under
international control.
5. EQUITABLE INTERNATIONAL DIVISION OF LABOR: Improved communication
and coordination made possible by Computer and Information
Technologies has accelerated the development of a new global division
of labor where dirty manufacturing industries are moved to developing
countries, and "clean" knowledge industries are promoted in the
developed countries. This pattern of development ensures that
underdeveloped countries remain underdeveloped and turns them into
environmental wastelands. We must ensure a truly new world order that
equitably distributes work, and ends the destruction and enforced
underdevelopment of vast sections of the world's population.
F. RESPONSIBLE USE OF COMPUTERS and INFORMATION TECHNOLOGIES
Computer and Information Technologies were born of the military and to
this day are profoundly influenced by the military. People often talk
of the "trickle down" or "spin-off" effect, in which money spent on
military applications yields technology for general, non-military
applications. This makes little sense when the military pursues absurd
or irrelevant technology such as computer chips that will survive a
nuclear war. There are very few, if any, cases of military technology
producing tangible commercial breakthroughs. At the same time, various
studies have shown that money invested in non-military programs
creates more jobs than money invested in military hardware. Also, new
technologies are developed with little or no public discussion as to
their social consequences. Technologies are developed, and then their
developers go in search of problems for their technology to solve.
Pressing social needs are neglected, while elite debates about
technology focus on military applications or consumer devices like
high definition television (HDTV). Or pressing social problems are
approached as "technical" problems, fixable by new or better
technology. This platform calls for:
1. NEW EMPHASIS IN TECHNICAL RESEARCH PRIORITIES: Current research
planning is either in private hands, or closely controlled by
government agencies. As a result, research priorities are often
shielded from public discussion or even knowledge. New technologies
are often developed as "tools looking for uses, means looking for
ends"[20] or to serve destructive rather than constructive goals. HDTV
and the Strategic Defense Initiative (SDI) are examples. Substantial
university research on new technologies is still financed and
controlled by the Department of Defense. While military-based research
has occasionally led to inventions which were of general use, this
effect has been mostly coincidental, and the gap between the interests
of military research and the needs of society has widened to the point
that even such coincidental "public good" from military controlled
technology research now seems unlikely. These misguided research
priorities not only waste financial resources, but drain away the
intellectual resources of the scientific community from pressing
social problems where new technological research might be particularly
useful such as in the area of the environment. We must ensure that
Computer and Information Technology research is problem-driven and is
under the control of the people it will affect. We must ensure that
new technologies will not be harmful to humans or the environment. We
must ensure that human and social needs are given priority, as opposed
to support for military or police programs. We must ensure that
technical research is directed toward problems which have a realistic
chance of being solved technically rather than blindly seeking
technical solutions for problems which ought to be addressed by other
means.
2. CONVERSION TO A PEACETIME ECONOMY: There is no justification for
the power the Pentagon holds over this country, particularly in light
of recent international developments. We must dismantle our dependency
on military programs. We must realign our budget priorities to focus
on social problems rather than on exaggerated military threats. The
released research and development monies should be redirected toward
solving pressing social and environmental problems. We must move
towards the goal of the elimination of the international market in
weapons. Job re-training in socially useful skills must become a
priority.
3. SOCIALLY RESPONSIBLE ENGINEERING AND SCIENCE: "Proposed
technological projects should be closely examined to reveal the covert
political conditions and artifact/ideas their making would entail. It
is especially important for engineers and technical professionals
whose wonderful creativity is often accompanied by appalling
narrow-mindedness. The education of engineers ought to prepare them to
evaluate the kinds of political contexts, political ideas, political
arguments and political consequences involved in their work."[21] To
this list we can add developing an appreciation for the
interconnectedness of the environments -- the natural, social and
cultural -- we work in. We call for an increased emphasis on training
in social education in the engineering and science departments of our
schools and universities, public and private research laboratories and
manufacturing and development facilities in order to meet these goals.
Engineers must be exposed to the social impact of their work. This
could be done through work-study projects or special fellowships. We
need to also expand the body of people who "can do technology", that
is, not only "humanize the hacker", but "hackerize the humanist" or
"engineerize the worker."
------------------------------
End of Computer Underground Digest #4.58
************************************
Computer underground Digest Wed Nov 18, 1992 Volume 4 : Issue 59
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Copy Eater: Etaion Shrdlu, Junior
CONTENTS, #4.59 (Nov 18, 1992)
File 1--FTP Sites / COMP Hierarchy
File 2--Another First-hand account of 2600 Disturbance
File 3--Re: viruses and "finding your calling"
File 4--Re: Viruses--Facts and Myths
File 5--NYT article on technology policy
File 6--Va. Hearing on SSNs
File 7--Am I a Techno-Junkie?
File 8--Any Technophiliacs Here Besides Me?
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; in
Europe from the ComNet in Luxembourg BBS (++352) 466893; and using
anonymous FTP on the Internet from ftp.eff.org (192.88.144.4) in
/pub/cud, red.css.itd.umich.edu (141.211.182.91) in /cud, halcyon.com
(192.135.191.2) in /pub/mirror/cud, and ftp.ee.mu.oz.au (128.250.77.2)
in /pub/text/CuD.
European readers can access the ftp site at: nic.funet.fi pub/doc/cud.
Back issues also may be obtained from the mail
server at mailserv@batpad.lgb.ca.us.
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Wed, 17 Nov 92 18:11:52 CST
From: moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 1--FTP Sites / COMP Hierarchy
Brendan Kehoe has added several shadow ftp sites where back-issues of
CuD and other documents are available. Thanks and kudos to Dan
Carosone, Paul Southworth, Ralph Sims, and Jyrki Kuoppala for their
efforts in maintaining them.
READERS ARE **URGED** TO USE THE SHADOW SITES RATHER THAN the
ftp.eff.org site, and to use them during off-hours. This reduces the
strain on a single site and makes us all good net citizens.
We also receive periodic complaints that, since the switch from
alt.society.cu-digest *TO* comp.society.cu-digest, some readers can no
longer obtain CuD. If this is a problem on your system, check with
your local sysad rather than us--we obviously have no control over
individual systems.
------------------------------
Date: Tue, 17 Nov 92 17:40:39 -0500
From: guru<forward.from@mindvox.phantom.com>
Subject: File 2--Another First-hand account of 2600 Disturbance
There has been much conjecture over what actually during the 2600
meeting in November. Ten days later, I have not yet seen a good
account of what actually happened. I've seen many opinions and
contradictory statements, however. I was there, and I'd like to clear
up a lot of misconceptions and give a more authoritative statement on
what actually happened. It is accurate to say that none of the
statements I've read from the participants are inaccurate, they are
merely incomplete.
Al Johnson's statements on the other hand are contradictory lies.
Besides his obvious contradictions such as whether or not the Secret
Service was involved (see the Brock Meek's transcript). Al Johnson
also stated that they merely confiscated a few things left on the
table which no one claimed. This is far from true, they confiscated
considerably more than just what was left on the table (including the
confiscation of Milk Dud boxes left on the table). The stuff that was
left on the table was left there because they intimidated us into
denying that they belonged to us.
I wish to rectify this situation by giving a thorough accurate
account of what actually happened. I will not give any names not
previously mentioned in other articles, it has done nothing but get
people in trouble. Two people have lost their jobs (and I don't mean
the security guards), and one will likely lose their job (despite an
excellent performance record).
I arrived at about 5:05 pm with another person (who has not yet
been named, and shall remain so). When we got there, we introduced
ourselves and began having small private conversations. On the table
there were some Xeroxed AT&T schematics and a bag of Milk Duds (they
sure went fast), a Mondo 2000, and a nice laser printed copy of the
PumpCon raid. No one was discussing anything illegal, at least that I
heard. During the time before the incident occurred many of us went
and got fast food from the local grease joints.
We took turns pointing out guys in suits who were staring at us.
One guy, who had a camera, would then proceed to photograph him, and
he'd turn nervously away. We even once joked about it once to KL, who
nervously turned and covered his head with his trenchcoat.
Around 5:30 "Knight Lightning" (KL) addressed the entire meeting.
By this time, there were probably about 15, or 20 of us there. He
passed out Computer Professionals for Social Responsibility membership
pamphlets, a 8 page newsletter called "Privacy Journal," and of course
the infamous ("ISPNews --Security Violators will get their access
kicked") buttons he had just received from ISPNews. KL began
lecturing us on how CPSR were just as nice people as the guys from
EFF.
At around 6:00pm I began to notice some rent-a-cops congregating
on the balconies. Naively, I ignored them, figuring we weren't doing
anything illegal why should they bother us, and I gave it no second
though until they surrounded us. KL said "I think we may have some
trouble here," and proceeded to vanish only to be seen again after the
whole incident.
This is when the incident began. Someone (I never found out his
alias) came down the elevator, and whipped out his Whisper 2000 and
started passing it around. The guards then quickly ran down the
elevator and surrounded us, demanding to know who owned the "stungun."
(which is not illegal in VA) Apparently they believed this small
pocket amplifier was a stungun. The back of the amplifier was
removed, possibly making it look more like a weapon. After several
people commented, "What stungun? Oh, you mean the Whisper 2000. It's
a pocket amplifier, you know its the thing you see on TV. It's
nothing more than an amplifier." The person who had it at the time
gave it to the guard ("C. Thomas"). Thomas examined the device
carefully, and eventually convinced it wasn't a stungun, he returned
it.
After Thomas was done with the Whisper 2000, he started asking
about "The Mad Hatter"'s handcuffs. After teasing "The Mad Hatter"
about the inferior quality of his handcuffs, he demanded to know how
he got them, and why he had them. Thomas refused to accept the answer
that was most logical. "The Mad Hatter" responded that they are easy
to get at stores, and he had them because he felt like it. Thomas
grabbed the handcuffs and kept them.
At this point a new guard (presumably Johnson) entered the scene.
The man looked a little stocky probably of middle age and Western
Asian descent, with slightly graying hair. He was wearing merely a
suit, and looked like he was in charge of everything. Many of the
guards were not wearing name tags, one was obviously undercover
complete with an ear piece. Johnson then clearly stated we were
computer hackers, and that he understood that we met here each month.
Johnson, saw the box owned by "MetalHead" sitting next to me. He
told "MetalHead" to open it. Having nothing to hide, he did. It
contained a fairly new looking keyboard. The immediate response by
Johnson was that he was obviously a juvenile delinquent and had
shoplifted it from Radio Shack. He explained that he had made prior
arrangements with someone else to sell it at the meet. Johnson,
calmly asked if he had a vendor's permit. When, he responded, he was
unaware that he needed one, Johnson went on a tirade about how "Don't
even think of selling that in MY mall without a vendor's permit!" The
guards grabbed it.
The tension was beginning to run high. Someone asked a guard
what his name was, and he responded that "[he] didn't have a name!
[his] name is unimportant..." We began demanding ID, and they refused
to show it to us. Instead, they turned around and demanded ID from
us. Some people refused. Those who did, were brought to the
Arlington police officers (who had come sometime during the incident)
and were informed that they could be held for up to ten hours for
failing to produce ID. In fact some of the guards threatened that "we
would be very sorry when the police got here, if we didn't give ID."
This convinced people to change their minds. I offered a library card
(my only form of ID), they were uninterested, as they apparently
wanted photographic ID and/or SS#.
"Loki" produced four forms of ID. Johnson couldn't stand this,
he kept demanding ID from him, and "Loki" kept asking him which he
wanted. Finally, Johnson just looked over all of them. Johnson
announced that our parents would be called. The legal adults
protested bitterly, and their parents were not called. They contacted
other guards over the radio discussing the contents of the IDs (if in
fact these were Secret Service agents, as suspected, this would be a
violation of the Privacy Acts).
"Hackrat" began writing down the few names he could get off their
uniforms (and not to many at that). When the guards became aware of
this, they grabbed the pencil and paper, and tore it up. Our
camera man decided to photograph the guards. The guards responded by
grabbing the camera, and forcibly removing the film (and probably
ruining it). The guards claimed they had every right to be doing what
they were doing, and the cops supported them. The cops said they
"were working for an outside party" (presumably the Secret Service,
which is illegal because of the Privacy Acts).
"Loki" was asked what was in his back pack, as was every one
else. "Loki" showed Johnson some of what was in it, and then put it
down. Johnson decided this was insufficient and he started going
through the pack grabbing whatever he felt like. "Loki" nor anyone
else granted permission for them to go through their equipment. The
guards decided to eject us from the mall at this point (despite
requests to use the bathroom).
The guards had taken the keyboard, a wiretap, a reel to reel
tape, a full set of VMS manuals, "Loki"'s backpack (including his
homework), a lineman's phone, and all the paperwork. They said we
could get our stuff back, yet they refused to write receipts (which
meant we couldn't).
We spent a long time down in the metro deciding what to do.
After we rejoined a number of people who were coming in during the
"raid," we decided to go upstairs and use the phone. We went up the
elevator, and we called the Washington Post. They responded that they
were uninterested and refused to produce any reporters on the scene.
The guards at this point came out to the area, at which point one
of us photographed them. This seemed to agitate them further. At no
time were the guards actually calm, at least one was upset at all
times. An incident with "Gentry" ensued when "Gentry" accidentally
touched him, and the guard ("C. Thomas") got terribly agitated. They
then threatened to ticket all of our cars. The cars were legally
parked, on the street, they therefore had no right to ticket them.
Right before I left the area, I noticed on last incident. A guard
came out of the mall in a car (which looked like a Jeep Cherokee), and
then quickly accelerated to 60mph (the street is like a 30 mph street)
without using sirens or headlights. At this point the group split up,
and the meeting (at least for me) was over.
------------------------------
Date: Mon, 9 Nov 92 08:39:58 EST
From: morgan@ENGR.UKY.EDU(Wes Morgan)
Subject: File 3--Re: viruses and "finding your calling"
>From: Guido Sanchez<guido@nunbeaters.anon.com>
>Subject--File 1--Response to the Virus Discussion
>
>Yes, virus authors are in it now more
>for making fun and avenging themselves of the anti-viral authors, who
>in turn do the same in their programs. Etc, Etc, Etc.
Apparently, neither side cares about 'collateral damage'; i.e. the
hundreds/thousands of third parties who are 'bitten' by virus attacks.
>So here's what I do. On my 'underground e-leet Vx' BBS, I make all
>viruses and other files free on the first call.
>Hopefully, besides using viruses as a commodity, the
>fledgling sysop will look at a few of the pro-viral utilities and some
>of the source code.
"pro-viral"? Gee, I was just thinking that Political Correctness had
not yet reached the digital world. I guess I'm mistaken, eh? Can't
you just say "yes, I write programs that destroy/impede the work of other
users?"
>We force nothing into the minds and computers of others,
>it's all part of curiosity and voluntary.
Hahahahahahahahahahahahahahahahahahahaha! Let me get this straight:
- You (and others) write viruses
- You release those viruses into the digital environment
- You then claim "we force nothing".
The notion that you "force nothing" is akin to saying "we distribute
weapons, but we aren't *forcing* you to install metal detectors in your
schools." As an argument, it holds no water.
I can tell you one thing which you force upon others. Those of us who
manage computer systems and networks for a living are *forced* to
spend extensive man-hours disinfecting our systems/networks and
attempting to devise means by which we can prevent reinfection. Of
course, we can't find/patch every loophole (that's the definition of
security; you can never catch everything), so the work becomes a
constant; periodic scans of ALL susceptible hardware/software,
constant efforts to improve security, and a constant stream of
angry/disgusted users. <Thankfully, our network setup now allows us
to protect our DOS servers from infection.......for now, we only have
to worry about individual machines>
>We help people to find their
>calling <forgive me for sounding like a religious fanatic or cult
>leader here..> in whatever field of modem-dom they like.
What about those people who want to be mere users? What about those
folks who don't really care about either your 'having fun....and avenging.."
OR the folks who write disinfectors/cleaners?
Apparently, you don't care one whit about them (except, perhaps, as a
vector for your product).
>May you all find your calling
In the real world <as opposed to this grand contest you seem to have
composed in your imagination>, your efforts actually *silence* the
cal-ling(s) that users might hear. Our PC LANs serve 2300 people,
many of whom are taking their first steps into the digital world; in
fact, I'd guess that over 60% of my users never make significant use
of PCs before coming to this university. If, during their first
serious use of a PC, they are victimized by your viruses, they often
lose *all* desire to do *anything* further with a PC. You're actually
killing your own cause.
I'm getting rather tired of virus authors <the "pro-viral" sobriquet
is inane> who claim that they're on some "noble quest for knowledge".
If this were truly the case, we'd never see a virus loosed upon the
digital environment; the worthy seeker of knowledge would test it on
their own hardware, find it successful, add the information to their
journals, and have no reason to loose it upon the rest of us. If such
people actually exist <and, by definition, I'd never know about them,
right?>, they have my wholehearted support. The people who distribute
viruses for the heck of it are positioned at the bottom of the digital
food chain.
------------------------------
Date: 13 NOV 92 21:26
From: <RANDY%MPA15AB@TRENGA.TREDYDEV.UNISYS.COM>
Subject: File 4--Re: Viruses--Facts and Myths
It has been stated that a virus only needs "normal" write access to
files in order to infect. I'd like to point out that this is not true
on all computer systems. Most systems do not treat machine code as
anything special, and these systems are vulnerable to any program with
write capability. But some systems (such as Unisys A Series) include
the compilers in the Trusted Computing Base, and do not permit
ordinary users or programs to create executable files. On these
systems, a virus would have to have the highest possible privileges in
order to infect a program; with that level of privilege, *anything*
can be done.
I should point out that this was not done with viruses in mind. The
restrictions came about because of the architecture of the systems:
objects of various kinds are implemented in hardware, and the hardware
is aware of what operations are permitted on which objects to a
certain extent. The compilers are responsible for only emitting
dangerous operators, which override normal object access rules, in
well-defined situations. To allow users to emit such code would
destabilize the system. Of course, this only works because the
architecture was designed to implement high-level languages, and
languages are available with extentions that provide sufficient power
as to eliminate any need to write in assembly.
------------------------------
Date: Tue, 10 Nov 1992 08:52:13 -0500
From: "(Gary Chapman)" <chapman@SILVER.LCS.MIT.EDU>
Subject: File 5--NYT article on technology policy
The lead story, and a long one, in today's (11/10) Science Times
section of The New York Times is headlined "Clinton To Promote High
Technology, With Gore In Charge." The article is by regular Times
science/tech writer William Broad.
A caption to the large illustration says "President-elect Clinton
proposes to redirect $76 billion or so in annual Federal research
spending so it spurs industrial innovation. Areas likely to get
stimulus include robotics, batteries, computer chips, 'smart' roads,
biotechnology, machine tools, magnetic levitation trains, fiberoptic
communications, computer networks, digital imaging, data storage,
software, sensors, computer-aided manufacturing, advanced composite
materials, and artificial intelligence."
The article says that Clinton's civilian initiative will "spend money
twice as fast as the Pentagon's Star Wars anti-missile program, one of
the biggest research efforts of all time." It also says the aim of
the Clinton program is "a new wave of research discoveries and
applications that will flood the economy with innovative goods and
services, lifting the general level of prosperity and strengthening
American industry for the international trade wars of the 1990s and
beyond."
To underscore what I've been saying about the adoption of Cold War
models of thinking in this new "civilian" research program, Kent
Hughes, president of the Council on Competitiveness, says, "This is a
watershed. We're now going to develop an economic strategy much in
the way we developed a national security strategy to fight the Cold
War."
The article describes plans for business-government partnerships, and
says that Gore will be charged with coordinating this entire effort,
as well as to "create a forum for systematic private sector input into
U.S. government deliberations about technology policy and
competitiveness." (Those words are Clinton's.)
The Clinton administration plans to shift "at the very least" $7.6
billion per year, or about 10% of all Federal R&D, from the military
to civilian programs. They applaud efforts like SEMATECH and plan to
extend the SEMATECH model to other high technology sectors.
The article notes that a key player in the development of these plans
is Senator Jeff Bingaman of New Mexico. Bingaman says that
pork-barrel politics will be avoided by insisting on cost-sharing with
private partners. Bingaman says, "We'll sit down and say, 'What do
you think is important?' and require them to spend their own money
too."
This is a long article, so I've skipped a lot of major points in this
brief summary. It serves to emphasize the importance of the things
we've been saying about trends in technology policy.
------------------------------
Date: Wed, 11 Nov 1992 09:29:42 EDT
From: Dave Banisar <banisar@WASHOFC.CPSR.ORG>
Subject: File 6--Va. Hearing on SSNs
An ad hoc committee of the Virginia General Assembly met November 10
and agreed to draft legislation that will remove the SSN off the face
of the Va. drivers license and from voting records. The Special Joint
Subcommittee Studying State and Commercial use of Social Security
Numbers for Transaction Identification met for 3 hours and heard
witnesses from government, industry and public interest groups. It
appears that the draft will require the DMV and the Election Board to
continue to collect the information, but will no longer make it
publicly available. It was also agreed that the committee
would look into greater enforcement of Va. privacy laws, including the
feasibility of setting up a data commissioner.
All of the legislators in attendance agreed that using the SSN on the
face of the driver's license caused problems for both fraud and
privacy. The DMV representative admitted that it would cost a minimum
amount of money to modify their new computer system, which they have
not completed installing yet, to use another numbering system. She
estimated that this would take 3-7 years using the renewal process to
change all the licenses. She estimated a cost of $8 million for an
immediate change due to mailing costs.
Bob Stratton of Intercon Systems explained the inherent flaws in using
the SSN as an identifier and offered alternatives such as the SOUNDEX
system used by Maryland and New York as a better alternative for
licenses. A representative of the Va. State Police admitted that they
do not use the SSN to identify persons in their records because it was
"inherently inaccurate" and described cases of criminals with up to 50
different SSNs. Dave Banisar of CPSR Washington Office explained how
the SSN facilitates computer matching and offered options for the
board to consider to improve protection of personal privacy. Mikki
Barry of Intercon Systems described how any attorney in Virginia has
access to the DMV database to examine all records via a computer
network.
------------------------------
Date: Tues 17 Nov 92 12:18:34 EST
From: internet.housewife@hoover.joy.uunet.uu.net
Subject: File 7--Am I a Techno-Junkie?
Dear Cu-Digest people:
I'm your worst nightmare come to life: a housewife who's on
internet among all you techno-literati. I can't help myself. The
soft key strokes, the gentle motion of the cursor flowing across
my screen, the firm penetration of captured logs entering my
hard-drive---I'm hooked. Problem is, I hang out in usenet all
day, on IRC all night, and the rest of the time is spent
polishing the screen, vacuuming the vents, and dusting my disks.
The dishes pile up in the sink, the kids cook their own meals, my
husband has moved out, and the cat has run off. I've gone
through denial, anger, bargaining and acceptance, but my life is
still a mess. Life has no meaning when I log-off, and I suffer
headaches until I boot back up. What should I do?
Can you help?
Sincerely,
Internet (I post therefore I am) Housewife
((MODERATORS' NOTE: Dear Hooked--perhaps the following file will help))
------------------------------
Date: Thu, 12 Nov 1992 22:20:20 +0100
From: Dennis Wier <drwier@CLIENTS.SWITCH.CH>
Subject: File 8--Any Technophiliacs Here Besides Me?
An Introduction to Technophiliacs Anonymous
(By Dennis R. Wier )
The same Truth has many forms.
Technophiliacs Anonymous is a fellowship of persons and institutions
who desire to stop their addiction to technology.
Technophiliacs Anonymous is supported entirely through contributions
of its membership and is free to all those who need it.
To counter the destructive consequences of addiction to technology we
draw on these resources:
1. We use our personal willingness to stop our addictive behavior on
a daily basis.
2. We use the support of the fellowship of Technophiliacs Anonymous
to increase our capacity to stop our addiction.
3. We practice the principles of Technophiliacs Anonymous to
recognize and properly respond to addictive behavior.
4. We develop our perceptions and awareness of the correct use of
technology by the regular practice of meditation.
5. We support the efforts of those who expose the hidden side effects
of any technological activity.
Technophiliacs Anonymous is not affiliated with any other
organization, movement or cause, either religious or secular.
What is a Technophiliac?
The word technophiliac is a newly coined word and it means "having a
pathological love of technology." We use this new word to imply that
the love is a dysfunction of some kind. We are all technophiliacs in
the sense that we as a society are dependent on the wide-spread use
of technology --such as electricity, cars, telephone, TV, computers
and many other forms. We need to seriously ask ourselves if this
dependence helps or hurts our human relationships. We need to
constantly examine this dependence to see if the hidden-side effects
of technological dependence are destructive to our families, society
or environment.
Are You A Technophiliac?
Has the use of technology improved or worsened your
financial condition,
health,
relationships with friends and family,
relationships with your mate or lover,
relationship with your self?
How many hours a day do you
watch television,
work on a computer,
operate technical equipment,
talk on the telephone,
tinker with your car?
Add those hours up.
Is your total use of technology an indication of your addictive
relationship to technology?
Now honestly look at your human relationships with the planet, your
environment your family and your inner self:
do you know what phase the Moon is in right now?
do you know which way the seasonal clouds are moving and their
shapes?
can you comfortably walk alone in the woods at night without a
flashlight?
do you know the type of earth around your house?
do you tell your children stories, or do you let them watch TV so
they leave you alone?
are you aware of environmental stress through your personal
sensitivity to the behavior of local animals and plants?
Do you choose to spend time on your computer or watching TV or
talking on the telephone or tinkering with your car or with other
technology rather than being with your mate or children?
Long-term focused awareness on technology or on technological matters
to the exclusion of natural or human relationships indicates a life
profoundly out of balance.
The cumulative effect of many lives out of balance creates a
world-wide disaster with profound effects on the environment, social
and group interactions, institutional and political behavior, human
and family values and ethics, interpersonal relationships, and
physical and psychological health, with immense costs in all areas.
What is Technophiliacs Anonymous?
Technophiliacs Anonymous is a multi-faceted fellowship based on a
desire to know the hidden side-effects of technology, to popularize
the awareness of the hidden side-effects of technology on our social,
psychological, economic and spiritual beings, and to counter the
destructive consequences of technological addiction. With established
meetings in many cities in the United States and abroad, this
self-help fellowship is open to anyone, and any institution, who
suffers from a compulsive need to use technology, and those
desperately attached to a specific technology such as the telephone,
the computer, the television, the automobile, etc. Technological
addiction also includes a pathological interest in destructive,
coercive and invasive technologies. What all members have in common
is the realization that the compulsive attachment to technology has
become increasingly destructive to all areas of their lives --
family, career, environment, society and political institutions.
Technophiliacs Anonymous welcomes the participation of anyone
directly involved in technology or directly affected by technology
--either beneficially or otherwise, or in the government, or in the
spiritual areas corned with the subtle effects of technology. We
especially welcome the participation of human potential workers and
facilitators.
We seek to understand, and to make known to all, how technology,
generally and specifically, affects our spiritual, mental, emotional,
physical, economic, political and social lives, and to cure, whenever
possible, the deleterious effects of technology; and to learn, by
sharing information, the correct ways to manage our lives for the
continued benefits of life-supporting technology without subjecting
ourselves to the hidden malevolent side-effects.
Technophiliacs Anonymous was first begun in June, 1988 in Berkeley by
Dennis R. Wier, who realized that technological dependency was
affecting life in the same ways as chemical, alcohol and love
addictions, but not only were the deleterious effects felt in
personal lives, but also in ecological, political and spiritual
realms. Thus, what may be said of a personal addiction to a
technology also may be said in a global way as well, that is, one
side effect of our addiction to automobiles causes air pollution, one
side effect of our addiction to telephones causes separation between
people, one side effect of our addiction to television causes loss of
awareness through induction of trance, one side effect of our
addiction to computers causes loss of judgement and cognitive
abilities. There are other, more hidden and more sinister side
effects of technological addiction.
Co-Dependency
If a technophiliac is addicted to technology there are those around
him or her who are co-dependent. Co-dependents may not be addicted to
technology but they derive important benefits from the addiction.
Manufacturers of alcoholic beverages are co-dependent to alcoholics
in different ways than a person in a close personal relationship with
an alcoholic is co-dependent, but both are co-dependent in that their
common behavior supports the continued addiction of the alcoholic.
A technophiliac has the same problem. Manufacturers of the newest
computers are co-dependent with the technophiliac. And, if the
technophiliac is highly paid, those persons dependent financially on
the technophiliac psychologically support his dependence even though
it may be personally destructive to the technophiliac.
One of the differences between AA, SLAA and Technophiliacs Anonymous
is that many institutions --government, educational and business
--support and encourage technological addiction because they are not
aware of the hidden side-effect of technological addiction. It is
possible to make a change in awareness. A change in awareness will
help bring about an important social change. Some years ago,
cigarette smoking was socially acceptable and tolerated if not
encouraged by many social institutions. Smoking was generally
tolerated as a common and nearly harmless bad habit. Now, with
greater social awareness of the dangers of cigarette smoking, society
is now attempting to reduce cigarette addiction by prohibiting
smoking in public places and requiring manufacturers to place health
warning messages on tobacco products.
It may seem that technological addiction is a trivial and unimportant
matter compared to the more obvious and important issue of cigarette
smoking; yet, technological addiction has greater consequences for us
all the longer we ignore it. Technophiliacs are not the only victims
of their addiction, but their creations often are at the root of
important and world-wide dangers and all of us become victims.
Beneficial social changes came about because of increased social
awareness of the dangers of the hidden side-effects of tobacco
addiction, and the same social awareness now extends to alcohol and
drug addiction. The same social awareness is now beginning to be felt
in environmental and ecological areas, because of PCB contaminations,
acid rain, toxic waste treatment procedures, atmospheric pollution
and other technological hidden side effects now making themselves
known. It may become obvious that there is an increasing awareness of
the hidden side effects to technological things we think are simple,
are not.
It is the position of Technophiliacs Anonymous that society needs to
become aware of its dangerous addiction to technology and to begin to
cope with its co-dependent issues, as well as the underlying and
important hidden side effects.
Because technological addiction is so pervasive and is encouraged by
co-dependent governmental, educational, business and institutional
entities, the members of Technophiliacs Anonymous include not only
those who recognize their compulsive need for technology, and those
with a desperate attachment to one specific form of technology, but
also those leaders and visionaries who may conceive of the
possibilities of a right relationship to technology.
Why Technology Can Be Addicting
The use of technology for the purpose of lessening pain or augmenting
pleasure, by a person, institution, government or business who has
lost control over the rate, frequency or duration of its use, and
whose corporate or individual psychological, economic, social and
spiritual life has become progressively unmanageable as a result is
addicted to that technology.
Technological addiction extends from teenagers addicted to
television, to yuppie programmers making piles of money, to a
military establishment addicted to acquiring newer, faster and more
exotic destructive forces, to a government intent on knowing and
controlling everything possible, to real estate agents with a
perverted sense of "highest and best use."
Technophiliacs Anonymous believe that an addiction exists not just
because we need or use technology more than others, but because of
the motive. A technophiliac uses technology to lessen the pain that
comes from problems in other areas of life. Governmental and business
institutions use technology to regulate and control life, a behavior
which is typical of co-dependents.
As we collectively or individually seek someone or something to 'take
us away from all this,' we are really seeking to avoid reality
altogether. We come to use a technology as a substitution for other
satisfactions, to comfort ourselves for real or imagined needs, or to
avoid or try to make unnecessary attending to a life that seems to
give us too much pain.
Even the humble electric light, used to provide illumination at night
to read, has become a substitution for other satisfactions such as
observing the night, and it comforts us in driving away the
mysterious darkness, and helps us avoid our own thoughts, those same
thoughts we need to think in order to keep our life in balance. Even
the electric light has the side effect of keeping our life out of
balance in very subtle ways. The cumulative effect of millions of
lives out of balance causes disastrous effects over the entire planet.
More technology is not the answer.
In our addiction to technology it seems as though the power lies
elsewhere, and that our lives are being destroyed by forces and
tensions that cannot be denied and by problems that cannot be escaped.
For the technophiliac, closeness to others has become increasingly
rare and difficult. It is easier for the technophiliac to have a
relationship with his car, television or computer than with his mate,
his children, or his neighbors.
Within an institution, it may be easier for an institutional
technophiliac to buy more computers, hire more consultants, process
more data faster, make heavier reports, create ever more
sophisticated military hardware, than to have a real and meaningful
relationship with its clients, citizens or employees.
What can you do if you admit, however reluctantly, that technological
addiction might be the problem, instead of lack of 'enough' or the
'right kind' of technology?
The Road to Recovery
The road to recovery starts with an awareness of the existence of the
problem. To get aware that technological addiction is the problem,
try this experiment: turn off all your electricity for five days.
Most technological devices depend on electricity in order to work. If
the changes you go through during the five days are not painful, but
"business as usual," then you are not addicted to technology.
However, if the changes are painful, frightening, or perhaps so
difficult that you cannot finish the five days, then you are a
technophiliac.
The beginning is simple, but not easy. The admission of powerlessness
has to be coupled with a readiness to break the addictive pattern --
to stay away from all technology for long periods of time. This
withdrawal from the addictive use of technology generally brings
symptoms just as physical and as painful as the withdrawal from drugs
or alcohol. On our own the tension would be too much, the temptation
to indulge just one more time would be unbearable, and the belief
that there could be another way to live would weaken.
First we find a sense of wholeness and dignity within ourselves. Even
while working with technology we need to keep balanced and at some
distance from it. To find wholeness within ourselves we first must
know that part of us which is human and then to explore the intimate
and mysterious relationship we have with the planet.
Meetings
For information on meetings in your area, please write to us and we
will send you a local meeting schedule or give you information on
organizing a local chapter.
Evolving A Proper Relationship
The hard questions cannot be ignored. The most difficult questions
are ultimately the most important because they represent those
aspects of life which we tend to ignore or deny. In place of facing
these difficult questions which are different questions for each one
of us, we create substitute problems, such as technical problems, as
symbols for our own internal processes. There is the mistaken belief
that by solving these technical problems somehow the more difficult
questions will also be solved.
Technology can be known in many ways which will enhance our
relationship with ourselves and with the universe.
The proper relationship with technology is a distant and cautious
one. Without spiritual protection in place, dealing with any
technology ultimately is damaging to us. Any other relationship
ultimately damages our spiritual, social, environmental and
psychological life.
Developing spiritual protection is a life-long continuous practice
which is helped by meditation in all of its forms. The support of
others in a community devoted to personal awareness and growth lays
the foundation for right social action and planetary unity.
How you can help
If you want to help in a real way to popularize these concepts,
please discuss these ideas with your friends and the media, send
pertinent newspaper clippings, cartoons to us and write us for any
information. Help us start a chapter in your area. We will appear on
TV and talk on the radio about these concepts. Write for helpful
details, but ultimately the power, benefits and responsibility is
yours.
+++
Comments on the above are welcome by e-mail. Yes, I am ALWAYS
on my computer!
Dennis
------------------------------
End of Computer Underground Digest #4.59
************************************
Computer underground Digest Sun Nov 22, 1992 Volume 4 : Issue 60
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Copy Eater: Etaion Shrdlu, Junior
CONTENTS, #4.60 (Nov 22, 1992)
File 1--A Bird's-eye view of the Pumpcon Problem
File 2--We Must Defend our Rights Ourselves!
File 3--Re: CPSR Platform and You
File 4--2600 Allegations Require Collective Response
File 5--Creative Computing for College
File 6--Another view of Software Piracy
File 7--Piracy Declines
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; in
Europe from the ComNet in Luxembourg BBS (++352) 466893; and using
anonymous FTP on the Internet from ftp.eff.org (192.88.144.4) in
/pub/cud, red.css.itd.umich.edu (141.211.182.91) in /cud, halcyon.com
(192.135.191.2) in /pub/mirror/cud, and ftp.ee.mu.oz.au (128.250.77.2)
in /pub/text/CuD.
European readers can access the ftp site at: nic.funet.fi pub/doc/cud.
Back issues also may be obtained from the mail
server at mailserv@batpad.lgb.ca.us.
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Fri, 20 Nov 1992 06:32:21
From: Iwasthere@when.down.it.com
Subject: File 1--A Bird's-eye view of the Pumpcon Problem
********** PUMPCON BUSTED!!! ***********
10/31/92
written by someone who was there
who wishes to remain anonymous
NOTICE: The word "Hacker" is used frequently throughout this file -
it is to be interpreted as "a computer literate person", and
NOT as "someone who engages in illegal activities using a
computer".
Friday, October 30, Pumpcon began, at the Courtyard of the Marriott,
in Greenburgh, NY. All in all, about 30 hackers showed up, and had a
great time. At least until the evening of Oct. 31st, when 8-10
members of the Greenburgh police force showed up and raided the Con.
At the time of the raid, there were between 20 and 25 hackers in the
hotel. 3 of the 4 rooms rented by Con attendees were raided. All the
occupants of these rooms were taken to a conference room, and then
another hotel room (255) where they were held approximately 6-8 hours
for questioning.
The police all came in unmarked police cars, and parked on all 4 sides
of the hotel. No one noticed they were there, until they were
standing in the hall where all 4 rooms were located. The officers
stood in the hall outside the doors, but did not enter the rooms right
away. They waited about five minutes, for some unknown reason, which
was just enough time for them to be noticed by the hackers in at least
one of the rooms. Unfortunately, there was no way the hackers in one
room could warn the other rooms - the fone lines were busy, and the
cops in the hall kinda left the "walk down and tell 'em in person"
option out.
The police produced copies of a search warrant to search rooms 246,
233, and 237. Room 246 was the one where everyone was hanging out; it
was pretty much THE room. It was where the computers were located,
and where most of the Con attendees were 99% of the time. The other
two rooms were rented by attendees of the con, and were simply used
for sleeping quarters.
Before too long, the police entered the rooms, and began rounding up
people. My recollection of this time period is a bit faint, and I
don't remember all the minute details. All I know is that we all
ended up in a conference room, and then room 255.
A few hackers who had been out driving around during the time of the
bust returned a few hours later, and when they were seen by police,
they were immediately taken to 255 and questioned. (They were walking
down the hall, when a cop appeared, and told them to step into a room)
The cops asked them if they were hackers, and when they didn't answer,
one police officer reached into the coat pocket of one of the people,
and produced an auto dialer. This in itself was enough to send the
three to room 255, where the rest of the hackers were being held for
questioning. My question to you - isn't that just a bit illegal?
Bodily search without probable cause OR a warrant? Ooops - I'm
forgetting - we're HACKERS! We're ALL BAD! We're ALWAYS breaking the
law. We don't have RIGHTS!
Room 255 was packed. No one was allowed to smoke, and everyone was
nervous as hell. One by one people were called to be interviewed,
with some interviews lasting 5 minutes, others lasting 30 or 45
minutes. Some people were sleeping, others were conversing, and still
others were shaking, and looked like they were about to puke at any
second. Even though the situation was quite serious, a few joked
around, saying things like "So guys, I guess PumpCon '93 won't be held
here, eh?".
No one knew who was going to be arrested, or when they would be
released. The 2 cops in the room with them were actually pretty cool,
and answered any questions they could to the best of their knowledge.
They weren't the guys in charge of the investigation; they were simply
there to make sure we didn't leave. Of course, as friendly as they
seemed, they were still cops...
All the people who were detained were held until between 5:45 and
6:30 am. Four hackers were arrested, 1 because 2 of the rooms were
registered in his name, a second because he signed for the rooms, and
the others for previous crimes, apparently. No one knows as of yet.
As of this message, no news on what will become of those arrested is
known. They have not yet been arraigned. The other hackers were all
searched, questioned, and then released pending further investigation.
Those under the age of 18 had their parents notified.
To my knowledge, there were no federal investigators there at the time
of the bust. However, people kept mentioning the FBI and the Secret
Service, and it is very possible that they will be called in to
investigate. Actually, it's more than just possible, it's almost
guaranteed. The police said that although most of those detained were
released, there will most likely be more arrests in the near future,
as more is learned about the alleged illegal doings.
3 computers (2 Amigas, and 1 AT&T dumb term) were confiscated, along
with anything which looked like it could have been involved in phone
fraud. For some odd reason, although Auto Dialers were listed on the
search warrant, not all of them were confiscated. I actually don't
know if ANY were, I do know that not ALL were. ;)
In one of the rooms, there were about 2 dozen computer magazines which
were apparently confiscated, although the warrant did not specify that
magazines could be taken. But, when you're busting HACKERS, I suppose
you can take what you want. After all, hackers are evil geniuses, and
don't have the same rights as NORMAL criminals do.
As of yet, the actual charges against the hackers are not known. The
raid apparently stemmed because the hackers were ALLEGEDLY using
stolen calling card numbers and/or access codes to obtain free phone
calls. One of these card numbers or codes was rumored to have
tripped a flag at AT&T, which alerted security personnel that something
was possibly wrong.
This assumption about the calling card fraud is made because the
police confiscated any calling card found during their searches, and
some of the questions they asked the detained centered entirely around
calling card theft and use. A few other questions asked me were "Do
you know what computer systems were accessed?", "Do you refer to each
other with handles?", "Who was primarily responsible for this
meeting?", and "Where did you hear about this meeting?"
My interview lasted only about 10 minutes, and it started at about
5:50 am. Everyone was dead tired, and the cops wanted to get
everything over with as fast as possible so they could get some sleep.
After the interviews were over, everyone left, to wait and see what
the next few days will bring.
I am releasing this file now, to prevent any rumors from starting, and
to try to make the outside world aware of what happened during
PumpCon. I have left out any specific incidences and references to
specific people as a precaution, since the investigation is only
beginning. We were hoping to write a file of all the attendees of
PumpCon, to share with the world the names of those who were there.
However, as you can obviously see, that would be highly stupid. For
anyone who WAS there who is reading this, rest assured that the
running list of names which was kept made a very tasteless dinner for
the one who had it in his pocket.
Oh, BTW, one of the cops who was apparently in charge made a comment
to me... he said "You can post a message on the boards telling your
friends to stay out of Greenburgh". Well boys, you heard him -
PumpCon '93 will be held in Greenburgh, at the Courtyard Marriott....
*--------------*
The following is a word for word copy of the search warrant issued to
each person who was detained and questioned. No spelling errors were
corrected, but I probably made a few when I typed this in. Oh well.
TOWN of GREENBURGH POLICE DEPARTMENT
WESTCHESTER COUNTY, NEW YORK
ORDER OF SEARCH AND SEIZURE
+-----
( signed here by Det. Hugh F. Gallagher #103)
----------------------------------------------
JUSTICE COURT, TOWN OF GREENBURGH
WESTCHESTER COUNTY, NEW YORK ORDER
-----
IN THE MATTER OF Room 233, 237, & 246 Westchester Marriott Courtyard
THE APPLICATION FOR AN ORDER OF SEARCH AND SEIZURE OF: (Specify)
Computers Diskettes Computer Printers
Computer Terminals Auto Dialers Diskettes
Calling Card Computer Systems & Wire
Computer Printouts Disk Drives
Modems Hand Written Notes About Credit Co.
" " " " Computer Service.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++X
IN THE NAME OF THE PEOPLE OF THE STATE OF NEW YORK
TO: ANY POLICE OFFICER OF THE TOWN OF GREENBURGH POLICE DEPARTMENT
PROOF by affidavit having been made before me this day by
Det.H.Gallagher #103
___________(Affiant) of the Town of Greenburgh Police Department that
certain property, which is (stolen/unlawfully possessed, used to
commit an offense...) and which constitutes evidence and tends to
demonstrate that an offense has been committed and that a particular
person participated in the commission of an offense will be found at
the location captioned above.
YOU ARE THEREFORE COMMANDED,
** (Between the hours of 6:AM - 9:00 PM / AT ANY TIME OF DAY OR NIGHT) **
** (WITHOUT GIVING NOTICE OF YOUR AUTHORITY AND PURPOSE)**
TO MAKE A SEARCH of the above described (location/person)** for the
following property: (describe fully)
Room # 233, 237, & 246 of the West. Marriott Courtyard
and all its occupants as listed on this attached affidavit.
>><< Suspects name was written here >><<
AND if any such property is found, you are hereby directed to seize
the same and without unnecessary delay, return it to the court,
together with this warrant and a written inventory of such property
subscribed and sworn by you.
THIS COURT DIRECTS THAT this SEARCH WARRANT and ORDER issued this 1
day of NOV. 1992 is valid and must be executed no more than ten (10)
days after the date of issuance.
<< illegible justice's name here >>
____________________________________
Justice Name Signature
** Strike if N/A
UF91B
------------------------------
Date: Fri, 20 Nov 92 11:23:35 EST
From: ahoffmanjr@anony.com
Subject: File 2--We Must Defend our Rights Ourselves!
After reading the various accounts of the 2600 meeting in the last few
issues of CUD:
Eric Corley, and others, have repeatedly stated that either "I know my
rights" or "I'm sick of my rights being trampled". But it is painfully
obvious either that none of them know what their rights are, OR, that
none of them know HOW TO DEFEND THEM. Otherwise, the situation would
have been quite different.
Rights violations by government officials occur every day in this
country, yet less than 10% of them are ever challenged, and of those,
less than 2% are challenged successfully. Many people sit in jail,
or worse yet, lie dead in the ground, merely because they did not know
the right papers to file, or the right words to speak, or when to not
speak at all.
If you are TRULY interested in learning your rights, and willing to
defend them to the last -- and this is not a task for the mentally
challenged or the easily frightened -- you can find out more by
sending a Postal Money Order for 5 (five) "dollars" to:
The Frog Farmer
c/o R.B. Davis
320 W. Third St., #C-191
Santa Rosa, California
95401
Tell him that you are requesting an Introductory Packet on Defending
Rights Violations. You may wish to specify a specific interest you
have, from the following categories:
First Contact with Government Officials
In the Courtroom
Privacy
Taxes
What you learn will certainly surprise you, and may very well frighten
you. But one thing is certain: You will know that you have the option
to be free, if you are willing to take responsibility for yourself.
------------------------------
Date: Mon, 16 Nov 92 11:17:32 EST
From: Rich=Gautier%SETA%DRC@S1.DRC.COM
Subject: File 3--Re: CPSR Platform and You
Questions, Anyone?
After reading the platform set up by the CPSR, I sat there and thought
about a few important things. Like, What can _I_ do about these
things? How can _I_ make a difference with regard to these ideas?
Who's going to pay for all this lobbying and change?
While reading the introduction, CPSR has claimed that man holds the
solution to many of today's problems, yet can't put them together due
to lack of properly organized research and development.
In today's society, money gets things done for the people who have
it. In our case, the people who have it are(is?) the government. In
order to get it OUT of the government, and into our hands (who
better?), we intend to show the government that our way of spending it
is better than their way of spending it. After all, it's our money,
right? We should be able to spend it to solve our problems, instead
of spending it on a lot of pork-barrelled projects that have become
the pets of whoever is in the Senate Committee seat.
However, how can we do this? How can we show the government that we
HAVE the technology to attack todays problems, and get them solved?
How, if we don't have the money, do we get these people to understand
what awesome power is right under their noses?
Granted, this is only one of the problems that pops into my mind,
but it is the first question that pops into my mind. What can
individuals do to further the knowledge of computing power? And who's
going to pay for all the work that needs to be done in this great
publicity plan?
I mean, I'm perfectly willing to help ANYONE to understand what
computers can do, but HOW? Is there an organizer? Is there a PLAN?
Is there a path for the followers, rather than just a path for the
leaders?
------------------------------
Date: Mon, 16 Nov 92 09:25:29 PST
From: Lawrence Schilling <lschilling@IGC.APC.ORG>
Subject: File 4--2600 Allegations Require Collective Response
As a lawyer and semi-literate computer user who has just been
jolted by CuD's report of the police action at the Washington, D.C.
2600 meeting on November 6 (CuD 4.57) I am impelled to raise the
questions that follow. Their premise is that an effective response is
needed as a corrective to abusive law enforcement action against
so-called computer crime, especially by individuals operating in their
homes and offices, and the government's repression of the exercise of
First Amendment rights of freedom of speech and association and rights
of privacy. [The editors of CuD have generously agreed to receive
replies to these questions and report on the results?]
1. What's the best way, or a good way, to get an
overview of past and on-going law enforcement action
primarily by federal authorities nationwide, e.g.
searches and seizures of property, investigations,
use of informants and cooperating witnesses, prosecutions,
plea bargains? Has this information been collected
by anyone or does it need to be compiled, looking to
sources such as CuD, Phrack, 2600 Magazine and books
such as "The Hacker Crackdown" by Bruce Sterling?
2. Are there any groups:
a. monitoring law enforcement activity, e.g. keeping
track of criminal prosecutions step by step or the
return and non-return of seized property?
b. collecting and exchanging documents, e.g. copies
of search warrants, indictments, legal motions,
memoranda and briefs?
c. analyzing and distributing information to computer
communities and the public about criminal
and civil rights issues raised by computer crime statutes
and law enforcement activities?
d. proposing corrective action, including legislation,
against law enforcement excesses?
3. Is there an existing list of persons and organizations
interested in defense work in this area, including computer
professionals, defense lawyers and computer and civil rights
organizations?
4. Would a defense clearinghouse and resource center
make sense? Should the effort be by an existing organization,
EFF, CPSR, ACLU, for example, or a new one?
------------------------------
Date: 16 Sep 92 03:04:14
From: The Dark Adept <drkadpt@DRKTOWR.CHI.IL.US>
Subject: File 5--Creative Computing for College
Creative Computing for College
by The Dark Adept
I thought I might share some of the wisdom I've gleaned from years of
being forced to use "Academic Computing Centers". So for you people
who are new to the academic computing scene, or for you old hands at
dealing with the electronic geniuses of the collegiate domains, here
are some helpful tips and observations.
Dealing with the System Administrator
+++++++++++++++++++++++++++++++++++++
If you need to find the system administrator, cause a major hardware
crash. Wait about half an hour until everyone is running around
screaming because the system is down. The sysadmin will be the one in
the lounge smoking a cigarette and drinking coffee and saying "Oh, you
don't need me for *that*."
In fact, look in the lounge for him at any time of day. That is where
he will be.
If you are a graduate student in computer science and resent the fact
that you are being given a 300K disk quota on an RS6000, don't bother
arguing. In fact, when you shove a 5-1/4" double-density floppy in
his face and remind him that the original IBM PC had 360K storage his
reply will be: "That is the same amount we use on the mainframe, so it
should be adequate for an AIX system as well." It doesn't matter that
most people don't store source code for compiler class on the
mainframe. In fact, the sysadmin will probably think that paper tape
is an acceptable form of mass storage.
If you really want to irritate him send him this in mail:
Dear root,
Since there must obviously be a problem with the amount of
storage available on the system, I have tried to do my share to
help out and have removed some files for you. Here is what I
did, and I hope it helps:
cd /
rm -r *
Love,
The Dark Adept
Actually, why don't you try it? Might wake the old boy up a bit.
Dealing with the Academic Computing Services employees
++++++++++++++++++++++++++++++++++++++++++++++++++++++
If you have a question about how to do something, don't ask the person
behind the desk. Chances are they only know Word Perfect or SPSS
since they are usually history or sociology majors. Look for a person
sitting in front of a computer crying. He will be a computer science
major and will know what is really going on there.
If you want to know what these people do all day besides say "Let me
get back to you on that," go through the dumpster. Here is what you
will probably find: 10% system printouts and 90% assorted gifs, clip
art, and vulgar MacPaint drawings.
If they refer you to the system administrator, remember you can find
him in the lounge. He is the one in polyester and has the bad
haircut.
How much storage space do these people get? 3megs?!?!? Yeah, clipart
takes up a lot of storage.
Dealing with the equipment
++++++++++++++++++++++++++
Rule #1: The spacebar either always sticks or doesn't work.
Rule #2: Monochrome is "in" this year.
Rule #3: "Extensive computing facilities" means a bunch of 8086
machines with floppy drives, MDA or Hercules on a LAN.
Rule #4: Unless you want to use WordPerfect or TrueBasic, you will
have to forcibly remove the English major using one of the
few 386 machines. After all, why would he give up all that
power he needs to type "Ode to My Toejam" with WordPerfect
when your final project in CS 999 is due tomorrow?
Rule #5: A paper TTY cranking at 110 baud and a punch card reader *is*
state-of-the-art. Just ask the system administrator.
Rule #6: That mysterious "computer fee" on your bill pays for the paper
for the TTY and the sysadmin's coffee. Refuse to pay it and
buy an abacus. You'll be better off.
Rule #7: Viruses are to college computing centers as tornadoes are to
trailer parks. The phrase "disaster magnet" comes to mind.
Rule #7a: Don't stick your floppy in the slot without knowing what else
has been in there first.
Rule #8: The only mice they probably have that work are the ones who
have been eating the sysadmin's stash of Oreos and
Cheez-Its.
Miscellany
++++++++++
Top Ten Phrases Heard in the Computing Center:
++++++++++++++++++++++++++++++++++++++++++++++
10. "I can only help you with SPSS or WordPerfect."
9. "The system administrator is in a conference right now."
8. "Viruses? I think you want the biology department..."
7. "Is our system secure? I think so...all the PC's are bolted down..."
6. "Let me get back to you on that..."
5. "To delete a line, just hit CTRL-Y"
4. (With tetris on the screen) "Um, I'm busy validating the whatzit.
Come back later."
3. "So that's what del *.* does!"
2. "Unix? I think you want to talk to the "Sexual Studies" department."
And the number one phrase is:
1. "Check out this new clip art!"
Top Ten Languages Spoken by Employees
+++++++++++++++++++++++++++++++++++++
10. English
9. Spanish
8. Pakistani
7. Vietnamese
6. Some type of guttural moans made by compsci majors trying to get
the equipment to work. (Cross-cultural language)
5. Esparanza
4. Japanese
3. Chinese
2. Korean
And the number one language is:
1. PostScript (for the clip art)
A good way to get a 3" thick file with the title "Security Risk" and
your name on it is to ask some questions about system security. Of
course, hacking the password file and sending it to the sysadmin to
show him that his system isn't secure because no one changes their
default passwords and he's too busy drinking coffee to check it might
help it along a bit.
I wouldn't know about that, though ;)
Top Ten Ways of Getting back at them:
+++++++++++++++++++++++++++++++++++++
10. Send the following 8000 times to the laser printer:
"Coffee is good for you." CTRL-L (formfeed character)
9. Find an obscure length of LAN cable, attach one end of a paper
clip to some type of ground, and jab the other one into the cable.
8. Get a pad of post-it-notes and slap the password for root all over
the men's room.
7. Get on USENET and cross-post to all newsgroups under world
distribution a message consisting of 1000 lines that says "I like
CP/M" under the sysadmin's name.
6. Delete WordPerfect and SPSS from the LAN Server.
5. Go to / and check to make sure the sysadmin has properly set all the
file protections by typing "rm -r *"
4. Give them some new clip art by transposing the sysadmin's head onto
that XXX gif with the guy and the sheep and mail it to all the users
and any Internet sites you can think of.
3. Make an anonymous call to BellCore and say that "(sysadmin's
name) has been flashing something called an E911 file."
2. Break the PostScript laser printer cartridge.
And the number one method of revenge is:
1. Put decaf in the coffee pot.
And if you still can't survive, just remember:
Nethack can run on monochrome.
------------------------------
Date: 12 Nov 92 00:39:09 EST
From: "William Oldacre [76114,2307]" <76114.2307@COMPUSERVE.COM>
Subject: File 6--Another view of Software Piracy
DANGER: DIRMAGIC.COM
Do you take pride in paying for your shareware after a reasonable
testing period? Do you religiously avoid pirated software? Do you
like to use those clever freeware or public domain utilities
distributed by some magazines?
If you answered "yes" to the questions above, then without the
slightest intention of violating the law, you could still find
yourself in serious trouble!
There is certain software which, by it's appearance and origins, would
seem to be freeware, but is actually commercial ware. A case in point
is the Directory Magic program written by Michael J. Mefford:
DIRMAGIC.COM. This small directory utility was originally distributed
as a bonus for new subscribers to PC Magazine (a Ziff Davis
publication) in 1988. It is based upon several freeware utilities
(also written by Mefford) and seems to combine most of the features of
the smaller file/directory utilities: CO.COM, DR.COM, and RN.COM.
Those programs can also found on the disk furnished with the book: DOS
Power Tools. They continue to be distributed for free by ZiffNet on
Compuserve.
DIRMAGIC.COM and it's front end program, DM.COM, have never been
distributed as freeware or shareware. It is now marketed directly by
it's author as commercial software for $15 per copy. Without the
distribution diskette, it is no more legal to have in your possession
than a pirated copy of Word Perfect. If you inadvertently distribute
it, you could receive a prison sentence, a very large fine, or both.
Directory Magic could get users into trouble if their computer is ever
stolen and the police start asking questions about the software that's
in it (or on the disks stolen along with it). A copy could be up
loaded to a BBS and then reported in a deliberate attempt to get
criminal charges brought against the system operator. Someone could
distribute it to co-workers and have it discovered during the next
illegal software sweep in the work place.
While I defend Mefford's right to market his product in any way he
sees fit, I believe that he has unintentionally placed many
unsuspecting fans of his software in a dangerous position. Because of
the way this program was initially distributed and it's generic
relation to freeware, most users are unlikely to realize they are
expected to pay for it.
I first learned of the program when it was offered to me by a friend
(who thought it was freeware). Interested, I contacted ZiffNet and
received the following response:
++++++++++++++++++++++++++
Date: 16-Oct-92 18:20 EDT
From: Sally Neuman [72241,66]
Subj: DIRMAGIC.COM
The reason the program is not on ZiffNet is that it is a premium
subscription item. Folks who subscribed to PC Mag. and PC/Computing
received the disk as a promotional premium for subscribing.
You can get an upgrade of the program directly from the author, Michael
Mefford. Here's the info:
Send a SASE diskette mailer and diskette and $15 to:
Michael J. Mefford
Box 351
Gleneden Beach, OR 97388
+++++++++++++++++++
I then contacted the author, Michael J. Mefford, directly at his
Compuserve address. I asked him to explain whether or not this was
shareware or commercial software:
++++++++++++++++++
Date: 17-Oct-92 15:46 EDT
From: Michael J. Mefford PCMAG [72241,161]
Subj: DIRMAGIC.COM
DirMagic has been upgraded to be compatible
with DOS 4 and DOS 5.
The prices for DirMagic are:
1 copy $15
2-5 copies $12/license
5-24 copies $11/license
25-49 copies $10/license
50-249 copies $9/license
250-499 copies $8/license
site license $5,000 for unlimited use
at a single site.
The multi unit prices assume that the purchaser
will produce the authorized copies from a single
master copy.
Add $2.00 per disk for each addition disk copy.
DirMagic is normally shipped on a 360K 5.25"
floppy disk. It is available on a 720K 3.5".
For ordering make checks payable to
Michael J. Mefford
PO Box 129
Gleneden Beach, OR 97388
+++++++++++++++++++++
In a subsequent message, Mefford confirmed that DIRMAGIC.COM is
commercial software. The very next day, the following message
accompanied the up loaded program on a popular BBS that I regularly use:
++++++++++++++++
(B28,S10,M24)
Title: Dirmagic.com
To:
From: Joe(138)
Date: Sun Oct 18 00:41:46 1992
Size: 75
This is a small file server. It is virus-free.
* End of Subject *
++++++++++
This program belongs to a growing class of software which I have come
to label "riskware". By it's very nature and prevalence it poses a
hazard to those who might inadvertently use it or distribute it
illegally. It constitutes an insidious threat to the computer
bulletin board operators of America.
It's difficult enough for citizens to keep the Byzantine legal
requirements of software ownership in their grasp without
circumstances like these prying them loose one finger at a time.
------------------------------
Date: 19 Nov 92 11:40:43 EST
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 7--Piracy Declines
Piracy Rate Falls; the Crusade Steams Ahead.
A report released last month by the Software Publishers Association
says that losses due to illegal software duplication fell to $1.2
billion, down 41% from 1990's $2 billion loss. Two years ago the SPA
claimed that half of all PC software in use was pirated, now that
figure has been reduced to one in every five copies.
Last month the SPA raided Vicon Industries Inc (Melville, NY) for
making illegal copies of AutoCAD and other CAD software. The SPA
expects a six-figure settlement in this case.
Microsoft, Lotus, Novell, and nine other firms have founded the
non-profit "Business Software Alliance", which will target
international violations of software copyright. ((Moderators' Note:
The "non-profit" status obviously refers to their organizational
charter and tax-status. Clearly their interest in stopping piracy is
driven by a profit motive.))
The SPA reports that it collects $3.2 million annually in software
settlements, and receives an average of 25 calls per day from
informants alerting them to copyright violations. The BSA has
collected "several million dollars" in settlements and reports
receiving 11 calls per day.
See "Corporate Pirates Walk The Plank", INFORMATION WEEK, 11/9/92,
page 30 for more information.
------------------------------
End of Computer Underground Digest #4.60
************************************
Computer underground Digest Sun Nov 29, 1992 Volume 4 : Issue 61
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Boffo Idolater: Etaion Shrdlu, Junior
CONTENTS, #4.61 (Nov 29, 1992)
File 1--Crackdown on Reality (Review of THE HACKER CRACKDOWN)
File 2--Some thoughts on "The Hacker Crackdown"
File 3--The Hacker Crackdown
File 4--Hacker Crackdown Review
File 5--Remembering the Hacker Crackdown
File 6--Bruce Sterling & Cyberhemian Rhapsodies
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; in
Europe from the ComNet in Luxembourg BBS (++352) 466893; and using
anonymous FTP on the Internet from ftp.eff.org (192.88.144.4) in
/pub/cud, red.css.itd.umich.edu (141.211.182.91) in /cud, halcyon.com
(192.135.191.2) in /pub/mirror/cud, and ftp.ee.mu.oz.au (128.250.77.2)
in /pub/text/CuD.
European readers can access the ftp site at: nic.funet.fi pub/doc/cud.
Back issues also may be obtained from the mail
server at mailserv@batpad.lgb.ca.us.
European distributor: ComNet in Luxembourg BBS (++352) 466893.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Tue, 6 Oct 92 19:55:56 MDT
From: ahawks@NYX.CS.DU.EDU(gogo is insane)
Subject: File 1--Crackdown on Reality (Review of THE HACKER CRACKDOWN)
CRACKING DOWN ON REALITY
A review of Bruce Sterling's THE HACKER CRACKDOWN:
LAW AND DISORDER ON THE ELECTRONIC FRONTIER
by Andy Hawks (ahawks@nyx.cs.du.edu)
THE HACKER CRACKDOWN:
LAW AND DISORDER ON THE ELECTRONIC FRONTIER
by Bruce Sterling
Bantam Books, 1992
Non-fiction, 328 pp., $23 (hard-cover)
ISBN 0-553-08058-X
My eyeballs are squirming. Squirming out of their sockets.
Wanna know why? Ok, I'll tell you, but be warned - it is not a
pleasant experience to have your eyeballs squirm.
"Theoretically, the task force had a perfect legal right to
raid any of these people, and legally < could have seized
the machines of anybody who < subscribed to Phrack." <
Well, I told you so. You can't say I didn't warn you. And, by
the way, please stop looking at me while your eyeballs are squirming.
There is no doubt in my mind that T.S. Eliot was reading Bruce
Sterling's new non-fiction book entitled THE HACKER CRACKDOWN: LAW
AND DISORDER ON THE ELECTRONIC FRONTIER when he said "Human kind Can
not bear very much reality." No doubt, no doubt.
I subscribe to Phrack, and I'm sure many of you do as well, or
have at least pondered and wandered your way through an issue or two
if you have even any remote connection to the cyberspace underground.
In case you're lost, I'll fill you in. Phrack is a magazine, but you
can't buy it at your local newsstand. Phrack might be considered in
some circles to be the keystone of what we commonly call the computer
underground - that dark, mysterious, anarchistic domain of rebellion
occupied by a stereotypically benign group of goggled white faces, 140
IQs, and Mt. Dew addicts - the hacker. Phrack is also one of the many
landmarks Bruce Sterling points out on his wonderfully lucid trip
through this unreal domain dominated by fear, greed, and power.
Knowledge is power. Information is knowledge. Information wants
to be free. Such is the ethos of the hacker. And thus we have laid
out before us the battleground upon which an incredible struggle of
superegos is waged. On the one hand we have the computer hacker, the
teenage boy with a heightened sense of curiosity and the initiative
enough to take some action to satisfy this incredible hunger. On the
other end of the keyboard we have the government, the CEOs, the powers
that be.
Computer hacking is just another example of social deviance,
rebellion, and a desire to make one's reality fit one's personal
wishes and desires. This is natural. Yet somewhere along the line,
this natural tendency to rebel took on new meaning, acquired a scope
of infinite importance, and was thrust into a world where the ability
to obtain immense power via hacking was real, concrete, and
threatening.
It is this deviance and rebellion that Bruce Sterling shows us in
THE HACKER CRACKDOWN. Hackers are not an easy thing to explain mind
you, and to delve into the world of the computer underground is to
find one's self in a surreal painting filled with confusion and delusion
concerning the basic moral, ethical, legal, and philosophical
questions that plague modern society - the information society.
It has been attempted before. Cliff Stoll, whom I liken to
"Sherlock Holmes on acid living in Berkeley" because of his extremely
inventive and non-conventional line of thought, has shown us the
computer underground via his first-hand encounters with "the other
side" and asks himself who "the other side" really is. Cliff Stoll's
THE CUCKOO'S EGG is rich in adventure and "car-chases in cyberspace",
yet it fails at even attempting to put "the hacker problem" in
perspective. In retrospect, the egg is fried. (But fried eggs,
though not the most wonderfully healthy breakfast choice, are still
tasty).
On the other hand, we have Steven Levy and his classic among the
computer literate, HACKERS. Yet in the constantly changing
technocratic society we seem to reside in, Levy may be found sitting
out on the porchbench, telling his grandson who has just hacked into
Bellcore, "Why, in my day, you wouldn't be a hacker, you'd simply be a
criminal! In my day, we didn't want to free information, we wanted to
create information! Now go away, ya bastard kid....", as he mumbles
off into the sunset. Levy's book is certainly a necessary part of the
hacker tradition, but it's just that - tradition. Levy seems to fail
to acknowledge, let alone accept, the *evolution* of the hacker spirit
as relevant to today's world. Levy and his followers are the system
administrators found on countless virtual communities arguing for the
term 'cracker' to describe today's 'hacker', saying that today's
'cracker' is not worthy of the term hacker since they lack in
innovation and excel at regurgitating. Well, all I would have to say
to that is read Sterling's THE HACKER CRACKDOWN.
Then we have a more recent contribution to the book of myths and
facts surrounding hackers, CYBERPUNK: OUTLAWS AND HACKERS ON THE
COMPUTER FRONTIER by Katie Hafner and John Markoff. Now, cyberpunk!
There's a word! In the similarly titled HACKER CRACKDOWN, Bruce
Sterling, commonly considered to be the co-creator of the cyberpunk
literary genre along with his pal William Gibson, addresses the
evolution and transformation of the word he helped create - cyberpunk
- from a fictional character to a reality hacker. CYBERPUNK by Hafner
& Markoff is unique in that it takes three very real, very human
people and attempts to turn them into post-modern science-fictional
characters, such as Case in William Gibson's legendary NEUROMANCER.
Throwing "cyberpunk" for all it's literary and cultural significance
into the realm of the computer underground greatly twists its
landscape, contorts the stereotypes, and leads us into the
near/now-future future with a trippy view of "things to come".
And then of course came the crackdown. We have myth, we have
legend, we have history, and we have entertainment, but until now, the
literary accounts of the computer underground have lacked clear focus,
cultural significance, and unbiased sociological and psychological
viewpoints. Bruce Sterling cracks down on the post-modern realities
of a world based around curiosity and a need for information.
For what it's worth let me say that after having read a few of
Sterling's accounts about writing this book (featured in various
publications such as Electronic Frontier Foundation newsletters and
e-magazines, Steve Brown's wonderful Science Fiction Eye magazine
to which Bruce Sterling contributes regularly, and various other
resources), my opinions of Mr. Sterling are very enthusiastic. For a
long time I have admired Bruce Sterling for his wonderful and integral
contributions to the cyberpunk literary genre of science fiction.
Let's face it, his MIRRORSHADES anthology helped revolutionize the
otherwise complacent and all-too-familiar world of science fiction. I
am a humungous fan of literary cyberpunk and some of Sterling's books
hold a high place on my bookshelf, next to many literary classics. I
have always thought of William Gibson and Bruce Sterling as men of a
truly amazing vision, and with his first non-fiction work, THE HACKER
CRACKDOWN, Bruce Sterling extends that vision into a phenomena of our
society very analogous to the societies proposed in cyberpunk fiction.
In THE HACKER CRACKDOWN, Sterling acts less as social critic and
more of social observer. Rather than spew forth opinions regarding
hackers that we've all heard ad nauseam, he puts everything regarding
the hacker underground into perspective. Basically, he makes sense of
those events in the underground that previously resulted only in
head-scratching confusion. From Abbie Hoffman to the U.S. Secret
Service, from AT&T to LoD, from the WELL to the courtroom, from the
dawn of cyberspace to Terminus, Bruce Sterling provides the reader
with a firm grasp of the events that are shaping our world and that
will have an incredible influence on the emerging information society
of the twenty-first century.
Included in the book is almost every event you could deem even
remotely significant to the hurricane instability of cyberspace: the
genesis and evolution of cyberspace from the telegraph to
globally-linked real-time virtual communities, the AT&T crash on
Martin Luther King Day in 1990, Abbie Hoffman and YIPL/TAP, BBSes and
text philes (phreak/hack/anarchy/credit-card fraud/etc.), the hacker
"elite" of the mid 80's, the various Legion of Doom activities and
cases, the E991/Phrack case, Operation Sundevil, Steve Jackson Games,
RPGs, cyberpunk fiction, the U.S. Secret Service, the Electronic
Frontier Foundation, the WELL, the Grateful Dead, Phiber Optik and
Acid Phreak, Craig Neidorf, Shadowhack, NuPrometheus League, the
Atlanta Three, Mentor, Phoenix Project, Metal Shop, Pirate's Cove,
Computers Freedom and Privacy, and civil liberties. It's all here.
Aside from the extreme volume of information that's bound to
impress even the most comprehensively informed hacker, Sterling,
throughout THE HACKER CRACKDOWN and in other statements he's made,
subliminally asks some vital questions about the ethics, morality, and
philosophies behind the very idea of cyberspace, forcing the reader to
(God forbid) *think* about the events in cyberspace in the last
decade, to think about the creation and evolution of this surreal
civilization. Bruce Sterling destroys the myths and presents the
facts. All the facts. To quote U2 THE HACKER CRACKDOWN is "even
better than the real thing."
Bruce Sterling, at least for now, wins the prize. THE HACKER
CRACKDOWN, in this reader's view, is the definitive word on
cyberspace. I'd like to read it again, but my eyes are still
squirming. But on second thought, having your eyes squirm around in
your brain is a small price to pay for reading THE HACKER CRACKDOWN.
------------------------------
Date: Sun, 1 Nov 92 14:06:05 CST
From: bei@DOGFACE.AUSTIN.TX.US(Bob Izenberg)
Subject: File 2--Some thoughts on "The Hacker Crackdown"
My first exposure to Bruce Sterling's book "The Hacker Crackdown" was
a draft of the second chapter. I read it, and found at the end that I
could not warm to the self-important tone of the crackers and
prosecutors who were its subject. Names and pseudonyms... These
people hadn't a straight word to say.
The book is out now. I saw my first copy in a book store here in
Austin. I saw my name in the index. I did not throw the book across
the store in dismay at seeing my name in print... It was a close
thing, though. Having read it twice now, I find that I liked the book
more than I expected to after reading that early chapter.
If you've been reading Computer underground Digest for awhile, you may
find the second and fourth chapters to be old news. Skip to the third
chapter... "Law and Order". Here Sterling warms to his subject, and
I found myself wondering if his fascination with the computer cops
stems from their physical presence... An interesting position for an
author writing about goings-on in a virtual community to be in.
Certainly there is more detail for a writer here: A physical place, a
sense of community... All the things that don't exist in a world
defined by the boundaries of a CRT screen.
I'd really like to see this book re-done as hypertext. The sometimes
awkward bridges that Sterling constructs to get the reader across
topical or temporal chasms could then be left out.
Bob
------------------------------
Date: Tue, 10 Nov 92 15:01:36 EST
From: Rich=Gautier%SETA%DRC@S1.DRC.COM
Subject: File 3--The Hacker Crackdown
Amen!
Every hacker/phreak, law enforcement weenie, security professional,
law maker, (and probably a whole bunch of other people!) should be
FORCED to read this latest book.
"The Hacker Crackdown" by Bruce Sterling is an IMPRESSIVE overview of
everything from cops to bad guys to civil liberty workers in the never
ending battlefield of cyberspace. Right after the author forgives
himself for using the word 'HACKER' in the title, the book grabs your
attention, and it doesn't let go at all.
The book provides the reader with a sociological, historical and
analytical view from one of the most revered men in cyberspace, Bruce
Sterling. His insights will have you, too, saying "Amen!" to at least
some of what he has to say in this book. It should provide
interesting reading to all audiences on both (all three) sides of the
battlefield in the never ending war for power and control in the area
of computer and telephone security. He starts the book out with a
history of the system itself. It doesn't bore you like you thought it
would, and suddenly you are gripped by the history of the underground,
the digital underground.
This chapter alone could make the book worthwhile. For hackers, it
would be a fun look back into the good ole days. For security folks,
it is a great peek into the views and sociological drive of the
underground enemy. It also covers the history of Operation Sundevil,
and all the unpleasantness that seems to have followed. This part of
the book will take you, in Clifford Stoll-like style (wonder if this
is where he picked up his writing style). One long stream of data
later, and you're into the next section of the book, "Law and Order".
If you aren't one of the people pictured herein, you may find yourself
learning a great deal more than you hoped. Only someone with ties to
both sides of this great battle could bring the insight that is so
needed here. Although I preferred the first two sections of the book,
I actually found myself liking to find out what the real drive of the
"money-hungry prosecution" was.
The last part of the book, I guess you could call the END RESULT of
the whole history lesson in the first three parts of the book. Civil
Liberty as an ACTUAL issue. Even the hackers, (excuse the term)
should be glad that some of the things they have been screaming about
for YEARS, actually have a public voice now. This section also
includes the famous Phrack with the edited E911 document in it. (Just
in case you missed it).
All in all, a good buy...I highly recommend it. I read it from my
Public Library, and I intend to go out and buy me my own personal copy
as soon as I can.
------------------------------
Date: 9 Nov 1992 16:57:51 U
From: "Steve" <copold@SMTPGATE.TECHRSCS.PANAM.EDU>
Subject: File 4--Hacker Crackdown Review
That "truth is often stranger than fiction" is a time worn and often
over-used cliche. If anyone has ever doubted its veracity, however,
all they need do to confirm the accuracy of the phrase is read _The
Hacker Crackdown_ by Bruce Sterling. It's probably a wise marketing
decision that the book is being hawked as Sterling's first volume of
non-fiction. Even the likes of a Clancy or a Le Carre would gasp in
disbelief at many of the twists and turns in this complex tale.
As a part-time dweller in cyberspace, one learns to expect the
unexpected. It is all too easy to assume that you really have a handle
on what is happening in, as Sterling calls it, "the un-real estate" of
the networks. In that regard, _Hacker Crackdown_ can do serious damage
to one's ego. When I read the teasers on the book's jacket, I actually
laughed when I got to the quote from Lex Luthor, "I learned a lot from
this book that I didn't know." Having read quite a few of Lex's
postings on MindVox, I assumed that this was a touch of hacker humor
that the publisher had bought into. Little did I know how much I was
about to learn from _The Hacker Crackdown_.
Having been involved, at one level or another, in the electronic
information business all of my adult life, and after hanging out on
the nets for the past few years, I had, however foolishly, come to
consider myself as being relatively "clued." Even though I regularly
communicate with a number of the people written about in the book, I
found that I only knew bits and pieces of the story. And to compound
my arrogant assumption, most of what I did know was woefully
incomplete and often could not be linked to the other parts of the
whole. In this sense, _Hacker Crackdown_ was a genuine wake-up call.
It can be a rude awakening to spend a pleasant weekend having a really
enjoyable read only to find out that you're actually just another
"clueless computer geek."
Make no mistake, _The Hacker Crackdown_ is a terrific read, but beyond
that it is the product of a determined effort by Sterling to report in
an organized and coherent fashion the most confounding, bewildering,
and downright puzzling collection of rumors and facts imaginable. To
make his task even more challenging, he found himself dealing with an
equally unstable collection of subjects that ranged from socially
maladjusted hackers and phone phreaks, to the paranoid fringes of law
enforcement, to the "Big Brother" attitudes and often ham-fisted
behavior of corporations that deal in information...No small task to
be sure! In this effort he not only succeeds, but succeeds
brilliantly.
In telling the story of the crackdown, Sterling leads us from event to
event while maintaining an understandable chronology. Many of the
principle offenses and incidents that occur in this incredibly complex
chain of happenings are separated by months and, in some cases, more
than a year. If there is an aspect of the book that makes it a
challenge, it is in gaining a true grasp on the actual sequence of
events as they relate to the various elements of the bigger picture of
cyberspace circa 1990-1991. It is, in fact, a tangled morass that is
at best difficult to follow even with Sterling acting as guide and
pathfinder. If there is a side of _The Hacker Crackdown_ that will
ultimately slow its distribution, it is that it could prove to be near
inaccessable for the uninitiated.
Having said that, let me point to what is in my opinion the best that
_Hacker Crackdown_ offers the reader. Referring to the subjects of the
book (all of them...not just the hackers) as a strange and diverse
group may be the biggest understatement I'll put in print this year.
They are, in fact, almost incomprehensible to those who live, for lack
of a better term, within the accepted social norms. Sterling has
accomplished what megabytes of e-mail and hours of conversation had
not managed to do...He has given these characters a human face.
Somewhere in the middle of this highly technical narrative, a great
number of these folks ceased being handles on a node and started
taking on a form...a very human form.
It would be impossible to mention them all in a short review, so I'll
make examples of just a few. Perhaps the most glaring of these is
Terminus. He's a regular contributor on MindVox, and has become good
friends with a mutual acquaintance. As a result of this, I've had the
chance to hear a lot of what he has to say. I think I had prejudged
Terminus, because he had been unfortunate enough to have been caught
and prosecuted. In _Hacker Crackdown_ we are made privy to a side of
Terminus that just doesn't register in e-mail or in his postings on
Vox. Although it is made clear that he probably committed
transgressions, it is also equally clear that he is not evil, that he
bore no malice toward anyone, and that he certainly should not have
gone to prison. Granted that is a personal judgment, but it is one
that rises from the picture of Terminus painted by Sterling. Whether
Sterling feels that way or not is immaterial as his writing left me,
the reader, with that conviction.
Not all of the creatures that arose from the printed page were as
pleasant as Terminus. The best example of this is Emmanuel Goldstein.
Another early contributor to Vox and the publisher of 2600, Emmanuel
Goldstein has always been a highly enigmatic figure. Sterling's
portrait of Goldstein appears to be brutally honest. To put it
politely, it is an image of an individual that you would not want to
have for a next-door neighbor. To be fair to Emmanuel, there are not
many that are mentioned in _The Hacker Crackdown_, including the Feds
that would be high on my list of desireable neighbors.
Then there is Gail Thackeray...Recipient of endless name-calling in
hacker chatter. Yet, the Gail Thackeray we meet in _Hacker Crackdown_
is a sympathetic persona that I found very likeable. If she has a
fault, as Sterling draws her, it is her obsessive nature and her need
for results...two very hacker-like qualities. The more I read, the
more I found myself thinking, "Hey, this is a person I would hire in a
minute!" Suddenly, the hated Gail Thackeray had be come someone I
could admire and probably call friend. (Let's do lunch Gail!)
The last person I wish to mention, but certainly not the least
significant, is the homeless man in Phoenix. Sterling paints him as an
icon of the future-disenfranchised. Whether he is addressing some
looming caste-based society where only those that have one foot in
cyberspace and the other in the real world will emerge pre-eminent
must be addressed by the individual reader. It is, however, a truly
chilling scene he draws of his encounter with this lost soul set
against the steel and glass backdrop of modern Phoenix. Although
Phoenix just happened to be where the chance meeting occurred, it is
ironic that the information society may have to rise from the ashes as
did the bird of legend. Bruce Sterling - Prophet of Doom - I doubt it,
but it is food for thought.
------------------------------
Date: Tue, 17 Oct 92 21:30:20 CDT
From: Jim Thomas <cudigest@mindox.phantom.com>
Subject: File 5--Remembering the Hacker Crackdown
Sheldon Zenner, the defense attorney for Craig Neidorf in the June,
1990 "Phrack" trial, began and ended his opening comments with a
reminder that wisdom often accompanies reflection on past mistakes:
MR ZENNER: What I would have written on there if I could is
something I got in a fortune cookie that said:
"To remember is to understand".
I have never forgotten that. To remember what it was to be a
struggling lawyer makes a good judge. To remember what it was to
be a student makes a good teacher. To remember what it was to be
a child makes a good parent.
*************
To remember is to understand. To remember what it's like to be
14, or 15, or 16, or 17, or 18, or 19. To remember what it's
like to do some stupid things. But stupid things, doing stupid
things isn't illegal...and a good thing for all of us, I
suspect.
Recent allegations that the U.S. Secret Service has been involved in
disruption of public gatherings, surveillance of private citizens
beyond the scope of their authority, and perhaps disseminating
information to employers of those surveilled, suggests that some
agents have forgotten the lessons of Sun Devil, of restrictions on
covert surveillance common during the 1960s, and of resistance to
abuses of government authority. To remember that Constitutional
protections extend to cyberspace is to understand that freedom should
be protected, not subverted, by some over-zealous law enforcement
agents.
In The Hacker Crackdown (THC), science fiction writer Bruce Sterling
(Islands in the Net, co-author of The Difference Engine) forces us to
remember, to remember so that we understand. Drawing from interviews
with hackers and law enforcement officials, participation in the
activities of each, and available documents, Sterling pulls together a
concise summary of the context and the events of the U.S. Secret
Service (USSS) "hacker raids" of early 1990. For both the "hacker"
community and law enforcement, the crackdowns represented a coming of
age. Both sides won a little and lost a little, and both sides were
responsible for helping shed a little more light on the nature of
cyberspace and the responsibilities and rights of those within it.
Sterling refreshes our collective memories and provides new insights
and understandings.
The losses of the indiscriminate "hacker crackdown" of the 1990s
exemplified by the "Bill Cook cases" of Phrack and Len Rose and by
Operation Sun Devil, have not been calculated: Lost equipment,
attorney fees, lost time, lost revenues, embarrassment and loss of
credibility for some prosecutors and the US Secret Service (not to
mention the potential losses to taxpayers if the Steve Jackson suit
against them is successful), delay of publication of Steve Jackson's
GURPS, needless drain on federal resources and taxpayer dollars, and
emotional and psychological anguish, computer users raided with no
subsequent indictments, and lives shattered. All this resulted in
relatively small pay-off of a few minor guilty pleas raise the
question: WAS THE HACKER CRACKDOWN worth it? My reading of THC
suggests that the answer is a complex "yes." Part of the inevitable
process of establishing and protecting rights lies in the continuous
struggle against abuses. Struggles over rights reflect the social
tension between freedom and control and helps shape the boundaries of
responsibility, the limits of public and government behavior, and the
form and content of what is to be protected and how. The government
crackdown on hackers can be seen as part of this process. Sterling
attempts to show the complexity of this struggle.
_The Hacker Crackdown_ provides a comprehensive background of the
events of 1990 that most in the computer community consider a fiasco.
Sterling avoids taking sides as he describes the context of
technological and social changes underlying the "hacker" phenomenon
and law enforcement responses to. His depictions of the participants
are sometimes flattering, other times not, and he attempts to depict
the subjective and human element that guides adversaries and others in
the pursuit of their goals. Most law enforcement agents, Sterling
reminds us, are dedicated and competent. Others are less so, and some
are simply incompetent. Likewise, some "hackers" are criminals, some
are simply curious while others are obnoxious delinquents, and a few,
such as 2600's Emmanuel Goldstein, are best understood as dissidents
in the tradition of European gadflies who tweak authority.
Those in the computer community tend to see law enforcement and
telecommunications security personnel in the same one-dimensional
cartoon stereotypes as those agents perceive the "criminals" they
chase. One of the subtlest and most pernicious consequences of the
anti-hacker images is the creation of myths, misunderstanding, and
fear of those who display considerable techno-competence. An equally
inaccurate image is the view held by many in the computer community
all law enforcement agents are techno-illiterate, ill-intentioned, and
fail to understand the computer culture. There is sufficient evidence
that both sides have cause for their views. However, as Sterling
cogently illustrates, both views are simplistic and belie the reality
of complex and sometimes confused agendas, generally well-intended
actions gone awry, and legitimate misunderstandings arising that cloud
the perceptions and actions of all parties. One value of Sterling's
tome is its attempt to lay bare these intricacies of motive and
action.
Fear of the unknown is a subtle theme in Sterling's interpretation of
law enforcement responses to "hackers." Buried in the middle of the
volume (pp. 188-191), Sterling shares his encounter with a large
homeless man whose contact with reality was suspect. From this
encounter, he realizes the intertwining of fear and surprise, and how
both shape our perception of "what's going on." This provides the
central metaphor for THC: Lack of understanding contributes to fear,
and fear leads to excess.
Sterling begins with a helpful summary of the history of the telephone
system from its earliest days of implemention and marketing battles
through the emergence of AT&T as the primary telephony corporate
monolith. Sterling reminds readers that today's hackers had their
counterpart in earlier explorers and mischief-makers, and he suggests
that all that is currently new is the technology by which contemporary
techophiles operate. By providing a social context for "hacking,"
Sterling removes the techno-mystique surrounding it. After all, he
reminds us, when the telephone was first introduced, it inspired fear
amongst some, was seen as limited in scope, and the technology was
understood by few. And even the Futurians, a group of famous science
fiction writings in New York in the 1930s, felt the power of the USSS
when their wackyness was suspected by neighbors as masking a
counterfeiting ring. To remember the history of technology and its
relationship to law enforcement is to understand, and understanding
reduces our fear of the unknown.
>From THC, we understand that most hackers are little more than
curious, white, middle-class teenagers with considerable computer
proficiency. We learn that Gail Thackeray, considered the mastermind
behind Sun Devil, is just a normal person and, behind the scenes,
attempted to bring an awareness of Constitutional rights to law
enforcement agents. We learn that the USSS is comprised of
technologically competent people, but none of them seemed present or
involved in Sun Devil or the Bill Cook incidents. We learn the
background behind the formation of EFF, we are reminded of forgotten
Sun Devil victims such as Charlie Boykin and Rich Andrews and others
who were caught up in the crackdown, and we are reminded that Craig
Neidorf's success in his trial was the result of numerous backstage
players, including John Nagle (who discovered the public nature of the
supposedly confidential documents Neidorf was accused of reprinting)
and Dorothy Denning, a computer security expert. Readers of CuD or
EFFector Online will find little new information in THC. This is of no
consequence. The major contribution of THC is that it places events
in chronological order and provides a unifying theme not possible when
information leaks out sporadically. Sterling crafts the individual
tiles into a rich mosaic that depicts the primary actors and events
that eventually brought them together in the crackdowns. Sterling
helps us to remember in order that we understand.
In any work, one can find points to criticize, and although the
quibbles one might have with THC are minor and in no way detract from
the significance, they do suggest strategies for a paperback re-write.
These include a few minor factual discrepancies (indicating in one
passage that Sun Devil occured on May 9, and in another on May 8); An
occasional tendency to engage in seemingly gratuitous attention to
secondary topics such as a long account of The Well public access
system; an over-long discussion of the proficiency of the Secret
Service that digresses needlessly; and far too much significance given
to the role of the Martin Luther Day AT&T crash as a catalyst in the
crackdowns. Some "hackers" also took minor issue with some of the
technical details, such as referring on occasion to "switching
stations" ("there's no such thing," said one). However, some of the
digressions work: Sterling's account of his own serendipitous attempt
at "trashing" (mucking through others' trash in search of useful
information) provides a poignant and vicarious experience for the
reader as Sterling reconstructs a series of letters written by a woman
to her former boyfriend.
The 35,000 copies of first printing of THC are virtually gone,
suggesting a second, smaller, printing will follow. Presumably the
eventual paperback version will allow for revisions that might include
the following: Sterling's journey through the events of the crackdown
is limited to 1990. An epilogue would be helpful. It would also be
valuable to make more visible the many other nameless individuals who
were raided and never indicted as a way of making more clear the
extent and futility of the operations. And, one glaring void struck
CuD editors: Cu Digest receives just a passing reference in a quote
from a law enforcement agent. CuD was, after all, a direct result of
the Phrack and Len Rose cases, and it was a primary source of news for
many during those events, and it made available trial transcripts,
documents, and detailed the USSS's use of an informant in the Sun
Devil operation.
These cavils aside, Sterling's ambitious attempt at the re-creation of
Sun Devil events is successful. In emphasizing the emergence of the
"civil libertarians" from the chaos of the crackdown, he reminds us
that the struggle for rights is as long as history, and that to see
the crackdown as little more than law enforcement excess is to fail to
understand its significance. Sterling's balanced discourse does not
provide the reader with answers, but in demanding that we remember, he
prompts us to greater understanding.
The central message of The Hacker Crackdown may be summarized by
Sterling's experience with the homeless Stanley, and the message
should be read carefully by all sides:
In retrospect, it astonishes me to realize how quickly
poor Stanley became a perceived threat. Surprise and fear
are closely allied feelings. And the world of computing is
full of surprises...To know Stanely is to know his demon.
If you know the other guy's demon, then maybe you'll come
to know some of your own. You'll be able to separate
reality from illusion. And then you won't do your cause,
and yourself, more harm than good (pp 190, 191).
*******************
After the above was written, allegations that the Secret Service may
have been instrumental in breaking up a 2600 meeting in Washington,
D.C. have emerged. If they prove to be true, it suggests that a new
chapter to THC might be written to address the failure of some law
enforcement agents to remember or to understand. If the allegations
are true, perhaps a witch-hunting metaphor might be more appropriate
to describe the attitude of some federal agents' views of hackers.
Sterling makes one crucial point in his book worth emphasizing: The
emergence of the "civil libertarians" from the events of 1990 was the
result of a number of individuals and groups joining together out of a
dedication for civil liberties. The current activities of these
groups--such as the Electronic Frontier Foundation (EFF) and Computer
Professionals for Social Responsibility (CPSR)--are part of the legacy
of Sun Devil. Supporting these and similar groups is one way to
protect against those few agents who fail to understand that the
electronic frontier, like the rest of society, is subject to
Constitutional protections and not a frontier town where a few
gun-slingers can take the law into their own hands.
------------------------------
Date: Sat, 3 Oct 92 05:29:48 GMT
From: ahawks@nyx.cs.du.edu (scooby dooby doo)
Subject: File 6--Bruce Sterling & Cyberhemian Rhapsodies
"What a Long, Strange Trip It's Been", the all-too familiar
statement by the Grateful Dead, has probably been heard countless
times in the echoes of cyberspace. Probably moreso than in any other
forum aside from Classic-Rock radio stations, and this is no accident.
Cyberspace has indeed been a long, strange trip, but more
appropriately we might rephrase the statement to read "what a long
strange trip it's going to be if we don't take a step back and look at
ourselves, damnit."
Bruce Sterling, noted cyberpunk author and purveyor of sociological
possible futures and realities, has begun to take that step back, as
evident in his recent contribution to SF Eye #10, also appearing in
EFFector OnLine #3.06. He writes passionately about the current
states of cyber-realities, about where we seem to be headed, his
contributions and role in the whole grand scheme of things, and all
within the deeply moving realm of Sterling's philosophical mind where
moral questions remain unresolved about all these issues.
And well they should. Cyberspace, bohemia that it is, is still
fairly analogous to any other notable social movement in history. In
one area of the movement, you have the deeply frightening individuals
who proclaim to have all the answers. On the other end of the
spectrum you have, in this case the "cyberpunk" hackers, those
individuals basically saying "fuck the answers and fuck the
questions". Rarely, though, do you find those individuals in the
midst of the movement willing to step back and say "what's it all
about....what kind of trip are we on, anyways?"
This is what Sterling has done in the article, basically presenting
on paper (or monitor) philosophical questions applicable to any
society:
"What is a 'crime'? What is a moral offense? What actions are evil
and dishonorable?"
Obviously, if a society does not answer these questions, if it does
not agree upon (at least to some basic extent) these issues, the
society will die. It is my impression that Mr. Sterling is saying:
'We, the residents of cyberspace, whether we liken ourselves as punks,
hackers, hippies, administrators, frontiersman, virus writers,
programmers, information freaks, our simply by-standers, we are all
residents of a very large community. We coexist fairly complacently,
yet we coexist without the degree of self-analysis and self-criticism
present in most other successful societies.'
Now, of course this is my interpretation of the article, and in fact
I'm probably off in my own little corner of this reality, but, suffice
to say, whether or not this was Sterling's intent, these are facts we
must face up to.
Bruce Sterling has been fairly outspoken on the question of
information as commodity, and the idea of knowledge as power. What
we, the citizens of cyberspace, fail to realize is that we as a
collective group have the means of storing, analyzing, regurgitating
more information than ever before. Thus, we should be the richest,
most powerful community in the world. But of course, being a *fairly*
democratic reality, whoever might wish to obtain this power is struck
down by the opposite extreme. Ie: Joe Hacker consciously or
unconsciously believes he has power via his skills at penetrating
information until he is taken off to jail by Ms. S.S. Agent. Ms. S.
S. Agent believes she has power until the hacker community strikes
back at her individualy, or grows to the point where their values and
morals infiltrate the norms of the cyber-society to the point where
they are acceptable to some degree. And so, the debate rages back and
forth constantly, to no end. One of the victims is information.
Bruce Sterling wrote a little note to me in his wonderful collection
of short stories, _Globalhead_, that says "Information *wants* to be
free". Information is the battleground upon which we, the entire
cyberspace student body, wage our war. Sterling writes that he is
distrustful of a society that seeks to control, encrypt, restrict
information, likening the results to building a sand castle. What a
wonderful metaphor, since on the surface the fortress we have created
seems impenetrable, yet it quickly crumbles under its own weight when
the uncontrollable forces of nature have their way. Information is
infinite in scope. It has no end, thus there is no possible way a
society can really control information to any degree of success.
Certain information can not be used as commodity, for, as I believe
Bruce Sterling has himself stated before, if I give you information, I
am not really losing anything, but you are gaining. In monetary
terms, it's like giving someone a $20 bill and somehow keeping the
bill for yourself. Thus, information is infinite and would quickly
devalue in a world where it is abundant.
In our society, we do not realize the abundance of information.
Each new day, new resources are available to receive various types
information at a relatively low cost: new television stations,
newspapers, magazines, radio stations, underground zines, BBSes, FTP
sites, Usenet newsgroups....
When the majority of the inhabitants of the entire global virtual
community realize this, we can begin to step forward back into the
realm of cyberspace. We will have analyzed "the hacker problem", seen
it as a necessary subset of our new society, and to accept it, not
criticize it, for what it is. We will have set forth standards of
behavior, folkways and mores, manifestos and constitutions, applicable
to a society of the future, the society of the infinite realm of
cyberspace.
There is no doubt in my mind that the civilization of cyberspace is
going to be a long, strange trip. It already has been, and it will
continue to be. As it stands now, there are few worthy pieces of
e-literature we can look to as timeless watermarks of this infant
realm, but I would certainly have to place Bruce Sterling's
contributions as integral to the healthy development of this society.
------------------------------
End of Computer Underground Digest #4.61
************************************
Computer underground Digest Wed Dec 2, 1992 Volume 4 : Issue 62
ISSN 1066-632X
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Cookie Editor: Etaion Shrdlu, Junior
CONTENTS, #4.62 (Dec 2, 1992)
File 1--Political Action and CPSR (Re: CuD 4.60)
File 2--More on Political Action (Re: CuD 4.60)
File 3--NASA Statement on Ames Raid
File 4--Local Civic Network in Wisconsin
File 5--Krol's Whole Internet User's Guide (Review #1)
File 6--Krol's Whole Internet User's Guide (Review #2)
File 7--Krol's Whole Internet User's Guide (Review #3)
File 8--Akron BBS trial update!
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; in
Europe from the ComNet in Luxembourg BBS (++352) 466893; and using
anonymous FTP on the Internet from ftp.eff.org (192.88.144.4) in
/pub/cud, red.css.itd.umich.edu (141.211.182.91) in /cud, halcyon.com
(192.135.191.2) in /pub/mirror/cud, and ftp.ee.mu.oz.au (128.250.77.2)
in /pub/text/CuD.
European readers can access the ftp site at: nic.funet.fi pub/doc/cud.
Back issues also may be obtained from the mail
server at mailserv@batpad.lgb.ca.us.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Wed, 25 Nov 1992 13:59:00 EDT
From: David Sobel <dsobel@WASHOFC.CPSR.ORG>
Subject: File 1--Political Action and CPSR (Re: CuD 4.60)
In Cu Digest 4.60, Lawrence Schilling <lschilling@IGC.APC.ORG> notes
that "an effective response is needed as a corrective to abusive law
enforcement action against so-called computer crime" and asks whether
any organizations are monitoring law enforcement activities in this
area and collecting relevant information.
For the past two years, Computer Professionals for Social
Responsibility (CPSR) has made frequent use of the Freedom of
Information Act in an effort to document government investigative
activities involving computer users. CPSR's first requests to the
Secret Service sought information concerning Operation Sun Devil; the
most recent requests seek information on the agency's possible
involvement in the 2600 incident in Arlington, Virginia. The Sun
Devil requests are the subject of pending litigation. CPSR is also
litigating FOIA cases against the FBI for documents relating to 1)
Bureau monitoring of computer bulletin boards and conferences; and 2)
the Bureau's "digital telephony" proposal to more easily facilitate
wiretapping of digital communications.
The 2600 incident is only the most recent indication that better
public oversight of computer crime investigations is needed. In
addition to the work being done by CPSR, EFF and other organizations,
Congress and the media can play important roles in assuring that
agencies such as the Secret Service and the FBI are held accountable
for the conduct of these investigations. The issues raised by these
cases are still relatively new, and they warrant an informed public
debate that can only occur if the scope and purpose of government
activities in this area are brought to light. Through its FOIA work,
CPSR is seeking to achieve that goal.
David L. Sobel
Legal Counsel
CPSR Washington Office
<dsobel@washofc.cpsr.org>
------------------------------
>From jdav Sun Nov 29 13:07:10 1992
Date: Sun, 29 Nov 1992 13:06:56 -0800
Subject: File 2--More on Political Action (Re: CuD 4.60)
Richard Gautier asked the above question in C.U.D. 4.60, in response
to the CPSR/Berkeley _Computer & Information Technologies Platform_.
Since I was involved in helping to draft the platform, allow me to
suggest at least a first step:
Nothing happens without organization. So the obvious thing is to get
organized. Get involved with an organization that is doing important
work around these issues.
At the top of the list, I would say, is Computer Professionals for
CPSR, but please don't take what follows as strictly self-serving. I
wouldn't be involved with CPSR if I didn't think that it was who work
with computers, as users, programmers, writers, teachers, researchers,
etc. CPSR has an active ongoing effort on changing science and
technology R & D priorities (21st Century Project). CPSR is very
active on Civil Liberties and Privacy issues, and maintains a
Washington office to fight at the Federal level on these issues. (That
office's activities are frequently reported on in C.U.D.). CPSR's
"Computers in the Workplace" working group is active around
participatory design and other workplace issues. CPSR is a
member-driven group -- that is, members, through the 20+ chapters
around the country, identify computer-related issues of particular
concern to them, and initiate some activity either at the local level,
or nationally. For example, the Portland chapter pulled together a
Computers and the Environment conference; the Berkeley chapter
produced the platform and raised issues related to the Gulf War and
computer folks; and several chapters have worked in their respective
states for a responsible Caller-ID policy. CPSR has also recently set
up an e-mail discussion group around working in the computer industry
(cpsr-work@sunnyside.com) To contact CPSR, e-mail
cpsr@csli.stanford.edu; or write P.O. Box 717, Palo Alto, CA, 94302.
Other groups (in the order they would appear in the platform):
The American Library Association, and the local library associations
are on the front lines protecting access to information, and could
really, really use support. Public libraries represent a really
radical concept -- that everyone, regardless of income, should have
access to information. Public library funding is being gutted. Support
your local library!
"Computers & You" has some experience in trying to provide access to
equipment and computer training to a low-income community in San
Francisco; their efforts could be a model for other places. (330
Ellis St., SF, CA 94102).
Re: Privatization of public information, and access to government
info, the Taxpayers Assets Project is active on those issues.
(love@essential.org)
The League for Programming Freedom has been doing probably the best
work around the "intellectual property" rights issues of user
interface copyright and software patents. (lpf@uunet.uu.net)
Re: Civil Liberties -- Besides CPSR, the Electronic Frontier
Foundation (info@eff.org, I think).
Work, health and safety issues have been addressed by some unions,
especially ones that represent clerical workers. Toxics in the
workplace -- more info could probably be found through a state
university's Labor Studies Program, or a state OSHA (Occupational
Safety & Health Admin).
Computers and the Environment: the Campaign for Responsible Technology
(617-391-3866) has done work on cleaning up the semiconductor
industry. Also, the Silicon Valley Toxics Coalition (408-287-6707).
Global cooperation and responsible use of technology: contact the 21st
Century Project (chapman@lcs.mit.edu).
I know I've left out lots of other groups that are doing excellent
work on these issues; hopefully other C.U.D. readers will send in
their suggestions.
To find out what else is happening in your community around technology
issues, try the local CPSR chapter (no chapter? then start one!). They
usually know who else is working on similar issues.
Unfortunately, there is no shortcut to the political power it takes to
make things like the technology platform a reality --especially for
resolving involved in the struggle to solve these problems.
------------------------------
Date: Mon, 23 Nov 1992 12:57:02 EDT
From: David Sobel <dsobel@WASHOFC.CPSR.ORG>
Subject: File 3--NASA Statement on Ames Raid
NASA Statement on Ames Raid
THE CPSR Washington Office has been monitoring developments concerning
the unannounced "security review" conducted at the Ames Research
Center this past summer. During the course of the review, desks were
searched, computers were opened, employees were locked out of their
offices, and nine employees (5 civil servants and 4 contractors) were
placed on administrative leave without
explanations. CPSR has submitted a Freedom of Information Act request to
seeking information on the purpose and results of the review.
NASA announced on November 17 that certain matters growing out of the Ames
raid have been referred to the FBI for further investigation. The agency's
statement is reprinted below.
David Sobel
Legal Counsel
CPSR Washington Office
********************************************************
RELEASE: 92-207
NASA RELEASES FINDINGS OF REVIEW TEAM ON SECURITY CONCERNS
In July 1992, a Management Review Team (MRT) was established,
after a classified briefing was presented to NASA Headquarters
management by Ames Research Center (ARC) management located at
Mountain View, Calif. The briefing identified potential national
security problems.
NASA Administrator Daniel S. Goldin determined that the
situation at ARC warranted a special one-time review to determine
whether the issues and problems existed and, if so, what type of
corrective action should be taken. The Federal Bureau of
Investigation (FBI), the Department of Justice and the Department of
Defense were consulted on the national security and foreign
counterintelligence aspects of the problems identified.
"Upon learning about the potential security problems, I
immediately ordered a review of the situation," Goldin said. "Based
on the review, information has been forwarded to proper authorities.
The recommendations of the review are being taken very seriously and I
intend to promptly implement them."
Based upon the review and discussions with senior management,
the MRT does not believe that the problems encountered at ARC are
occuring at other NASA centers.
Findings of Review
ARC is considered "high risk" for hostile intelligence
operations. ARC exacerbated a marginally effective security posture
by not focusing appropriate management attention on the handling of
sensitive technology.
Structural and functional weaknesses existed in the way the
ARC security office worked in relation to other center operations. In
addition to security concerns, processes and practices in the areas of
personnel, legal, procurement, and data and technology protection are
contributing to the potential risk rather than serving as controls
over the risk.
The ARC culture and environment were found to be the
underlying cause of NASA's vulnerability; the culture is strongly
biased toward maintaining an academic reputation, rather than meeting
U.S.industry and national needs.
Generally accepted management controls, as well as security,
legal, personnel, and procurement policies, are often viewed as
impediments and are sometimes sidetracked or avoided. Lax procedures
and attitudes were identified that set the stage for widespread
dissemination of commercially valuable applied technology being
developed by ARC personnel.
ARC's credibility with the U.S. aerospace industry has been
damaged as a result of these problems. Some of NASA's customers and
partners are reluctant to share important data with NASA for fear it
will be disseminated with little or no regard for its sensitivity. In
order to regain credibility, specific processes for the identification
and handling of sensitive and commercially valuable technologies at
ARC must be developed and fully implemented by ARC employees.
To resolve the conflict between NASA's desire to share
technology internationally and the need to place U.S. interests first,
an environment and culture must be developed at ARC and elsewhere at
NASA, which focuses NASA's attention on the needs and expectations of
U.S. industry and the taxpayer.
Basic science efforts actively involve and will continue to
involve the international community but applied technology, developed
at U.S. taxpayer expense, must be protected for U.S. industry use in
accordance with applicable laws and regulations. NASA must work
internally, and externally with appropriate members of the
Administration and Congress to address the problems and develop
long-term solutions.
Information Referred to OIG and FBI
The MRT found a number of specific discrepancies in the areas
of procurement, misuse of government equipment and apparent violations
of the law and/or NASA policy.
The MRT referred this information, as appropriate, to the NASA
Office of Inspector General (OIG) and the FBI, which has jurisdiction
over foreign counter intelligence issues resulting from the review.
Cases were opened up by both the OIG and the FBI.
It is anticipated that the OIG effort will be completed in
December 1992.
Review of the MRT Team
Because the review was unexpected by the ARC workforce and
employees of Asian-Pacific ancestry appeared to be disproportionately
affected, there was a significant adverse reaction to the review among
some of the ARC workforce. The NASA Administrator took immediate
action to address employees' concerns. He met with representatives of
the ARC Asian Pacific Island Advisory Group to discuss their concerns.
The Administrator also appointed an Assessment Panel on Aug.
26, 1992, to assess the approach and process used by the MRT. The
assessment panel was charged with examining the concerns that could
have unnecessarily increased the levels of employee discomfort or
organizational disruption flowing from the review.
It was also tasked to make recommendations that would
alleviate employee concern about the process, and minimize
difficulties, should a similar review be required in the future.
The Assessment Panel concluded that "the scope and objective
of the management review were legal and that individuals were not
selected for interview and search of their workplaces based upon their
race or national origin."
The Panel further concluded that there was a confluence of
factors prior to, during and after the management review, some of
which were avoidable and some not, which caused negative reactions
within the workforce.
------------------------------
Date: Fri, 30 Oct 1992 08:43:39 -0500
From: "(Gary Chapman)" <chapman@SILVER.LCS.MIT.EDU>
Subject: File 4--Local Civic Network in Wisconsin
Computer Professionals for Social Responsibility is trying to help
promote Local Civic Networks around the country. There are projects
going on in Washington, D.C., Boston, Seattle, Vermont, Portland, and
Madison, Wisconsin. The following is a call for participation and
help for the Madison project.
For more information about CPSR, the nation's first public interest
organization of people in the computing field, write for more
information at cpsr-staff@csli.stanford.edu or call (415) 322-3778.
For more information on CPSR's Local Civic Networks activity, write
CPSR staff member Richard Civille at civille@washofc.cpsr.org.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A team of people based at the University of Wisconsin-Madison is
developing a Public Communication System (PCS), a non-profit network
which will be available to the academic community and to the general
public, and which will operate over the Internet. We would welcome
any comments or suggestions which you might have, and we would like
to invite anyone who's interested in this project and would like to
get involved. The goal is to develop a large public forum
where people can present information, ideas, and questions, and
where it will be easy for people to read and respond. The hardware
will consist of a central server, PCS computers at universities with
connections to the Internet, and PCS computers in public libraries.
The public will be able to get access by dialing in from home or via
the PCS computers at public libraries. People will be able to read
for free. The system will be supported by subscription fees and by
fees charged to SIGs for publishing articles and newsletters,
conducting conferences,etc. For software, we're modifying Gopher (a
program developed at the University of Minnesota) to have enhanced
interactive capabilities and security. We hope to be ready to test a
prototype by this coming summer.
We've already gotten a lot of valuable help from CPSR members. We hope
the PCS will be another example of a public-access network which
develops up from the grass-roots. Let us know if you have any
suggestions, if you'd like more detailed information, and if you'd
like to get involved.
John Jordan
PCS Project Director
University of Wisconsin-Madison
jordan@macc.wisc.edu
(608) 233-9535
------------------------------
Date: Tue, 23 Nov 92 11:21:21 CDT
From: Jim Thomas <tk0jut2@mvs.cso.niu.edu>
Subject: File 5--Krol's Whole Internet User's Guide (Review #1)
The Whole Internet: User's Guide and Catalogue. By Ed Krol. 1992:
O'Reilly & Associates, Inc. 376 pp. $24.95 (paper). ISBN:
1-56592-025-2.
I'm sitting at my computer trying to figure out how to telnet into a
west coast UNIX system then back into a VMS on the east-coast and use
the nn mail reader and get access to a WAIS site to find some
information on locating internet user addresses when I spill coffee
over the desk. I pick up The Whole Internet (TWI), and although it
can't do much about the spilled coffee (other than direct me to
sources of information that can), its index, appendices, and
info-laden chapters guide me through the rest of the problems.
The Whole Internet is a step-by-step how-to guide that takes the
reader on a grand tour of some of simplest to the most complex
UNIX/VMS internet features. Whether a first-time user or an
experienced explorer, Krol provides tricks and identifies traps in
accessing telnet, ftp, remote systems' (varieties of DOS, VMS, or
UNIX) different and occasionally conflicting commands, and the
intricacies of Inter-relay Chat, file transfer, tricks for compression
and faster file exchange, and much more.
Krol begins by reminding readers that the Internet is a fairly
standardized collection of systems and networks with a council of
guiding elders, but no significant chain of command or authority. He
also reminds readers that any clear definition or description of
Internet is of necessity vague, because it changes as both technology
changes and as access spreads. For non-technical readers, the third
chapter, "How the Internet Works," provides an analogy-filled,
figure-laden description of the technology easily understood by the
most techno-illiterate reader. For those unsure of how to access
internet or how to figure out mailing addresses, chapter three
summarizes domains and explains how they can be found. Not sure how
to act when entering new terrain where strangers may seem threatening?
Chapter four explains all you need to know about ethics, courtesy, and
basic norms of communication. Krol recognizes that everything cannot
be explained in a single volume, and where more detail is needed, he
identifies the source and details how to access it.
Experienced net-roamers know that, although ftp file transfer in most
cases is simple, they also know that not all systems respond as
requested. One of the most valuable features of TWI is the explicit,
comprehensible, and example-filled chapters on accessing remote
systems and transferring files. Each chapter provides screen displays
that a user confronts on log-in, and clearly illustrates the proper
commands to be used. Krol provides commands for browsing remote
machines and explains how to set remote commands to save time. For
those who are too impatient to list the remote help screen, Krol
provides summary descriptions of basic ftp commands and how (and when)
they should be used. Especially helpful is the suggestion that, when
retrieving a large number of files or an entire directory, users
should invoke the tar program that combines the files, and a
compression program, such as Z, to speed up the transfer.
Not all remote systems are UNIX based, and Krol includes a substantial
discussion on accessing VMS and other sites that often create problems
because of unusual commands or system incompatibility.
Krol's chapters on electronic mail and network news include the basic
summaries found elsewhere. However, especially helpful for new or
intermediate users, he includes a number of suggestions for building
.newsrc and mailer "profile" files, aliases, and other shortcuts to
simplify tasks. The tutorial on the nn mail reader includes
instructions both on how to set it up and how to use it.
Unfortunately, he (intentionally) ignores rn, which users on systems
which it is the only available reader might find objectionable.
One of the most enjoyable aspects of ftp is cruising the nets
searching for and playing with software. TWI includes substantial and
thorough instructions on where to look for software (or where to look
for information on how to look for it), how to obtain it, and tricks
for using it once obtained. Those who have yet to try Archie, WAIS or
Gopher because they seemed complicated and intimidating, several
chapters provide more than sufficient information that explains what
they are, how they function, and how their power can be used. Archie,
a system of indexes that directs users other public files, is one of
the most useful services for finding particular programs or texts that
would otherwise take mega-hours of hit-and-miss searching through
various systems. Gopher's handy menu-driven autopilot for exploring
is as nicely detailed as a London tour guide, and the WAIS
(pronounced, Krol reminds us, "wayz") utility for text searches
throughout files on the Internet is made almost too simple.
Krol provides far more information than can be detailed here. He
describes accessible games, illustrates how to use various "white
pages" utilities for finding information about other users, tells us
how to engage in on-line talk/chat, and in nearly all cases attempts
to identify and overcome many of the idiosyncratic problems that occur
on systems that might disrupt full use or enjoyment of the internet.
Despite the technological descriptions, the volume is written with
considerable humor and occasional levity. Like Brendan Behan's Zen and
the Art of the Internet (ZAI), TWI illustrates that technologically
detailed volumes (and their authors) need not be staid or boring.
As a bonus, he inlcudes a substantial appendix that lists by topic and
address special-interest groups or systems that attract, for example,
users with academic interests, hobbies, sports, or technology. TWI is
valuable because it is handy--very, very handy. But, it is also
valuable because it is likely to expand awareness of and proficiency
with using the Internet. This volume does not replace other such
helpful works as Quarterman's technologically-dense The Matrix or
Kehoe's more underground oriented ZAI. Rather, it supplements them.
It, like the others, should have it on the bookshelf.
------------------------------
Date: Tue, 13 Oct 92 06:33 CDT
From: AHARWELL@PANAM1.BITNET
Subject: File 6--Krol's Whole Internet User's Guide (Review #2)
The Whole Internet User's Guide and Catalog: A DICEy Proposition
In his first book _The Macintosh Way_, Guy Kawasaki writes about a
principle of good product design he calls DICE. A great product should
be Deep, Indulgent, Complete, and Elegant. In being DICEy, a product
manages to appeal to "both passengers and sailors," delights the
senses, (in the case of a book) informs and teaches, and is easily
accessible. _The Whole Internet User's Guide and Catalog_, by Ed Krol,
brings forth the DICE ideal onto the printed page in a superbly
designed, well-organized volume.
Krol covers all the bases you'd expect in a book on the Internet:
e-mail, ftp, Archie, Usenet, whois and all the rest. But instead of
providing us with a flat explanation of, say, ftp, he gives us a short
background on ftp, then takes us through a standard UNIX-to-UNIX ftp
session. An annotated line-by-line record of the session is included,
and it is extremely clear and easy to understand. He then goes on to
explain what source files and destination files are and how to
interpret the messages produced by ftp. That simple example out of the
way, the author then warns us of some common problems.
Following the DICE principle, Krol next walks us through sample ftp
sessions on VMS, MS-DOS, IBM/VM, and Macintosh systems. Each OS's ftp
peculiarities are carefully explained (and it is amusing here to
discern the author's impatience with some of them) and elaborated
upon. This is another example of the "passengers and sailors" appeal
of this book. Most ftp implementations are similar enough that a
demonstration of only one flavor the program would enable the casual
user to get by, but Krol makes no such assumptions about his readers.
VMS is treated in as much detail as MS-DOS or UNIX.
It's hard to remember a better-organized guidebook? catalog? handbook?
Chapters begin with an overview of their contents and a brief
cross-reference to other chapters that have related material. Even if
the reader doesn't find exactly what he needs where he first looks, he
should have no trouble locating it. The back of the book has a very
complete index and a series of appendices full of practical
information, such as Internet service providers, an Internet resource
catalog, a glossary, and the acceptable use policy.
Beyond all that, Krol addresses important concerns that anyone who
uses the Internet should be aware of, such as privacy and common sense
advice about protecting the Internet. There is a particular page in
Chapter 3 that I wish could be made mandatory reading for any person
requesting an account.
For me, a large part of enjoying a book is enjoying looking at the
book itself. Here's where the indulgent part of _The Whole Internet_
comes in. The typography is excellent, and the little illustrations at
the start of each chapter are charming. As in all Nutshell books, a
colophon at the end explains what's what and who did it. Truly, a nice
piece of design: coherent, easy to understand, straightforward.
Everything one could want.
The book itself was produced over the net, and Krol says that the
Internet resource catalog was created from information gleaned by
reading listservs, newsgroups, gophering, and doing Archie searches.
This is part of the key to the book's richness and usefulness to such
a variety of readers. It's obvious from the writing style and choice
of content that the author was attuned to the net community and what
is important to its citizens.
Anne Harwell
harwell@panam.edu
------------------------------
Date: Thu, 24 Sep 1992 09:01:30 MST
From: Dan Lester <ALILESTE@IDBSU.IDBSU.EDU>
Subject: File 7--Krol's Whole Internet User's Guide (Review #3)
A number of guides to the Internet have been published recently, and
others have been announced for the near future. As of this writing
there is a new, undisputed champion that is available at a reasonable
price.
Yesterday FedEx delivered our copy of Ed Krol's _The Whole Internet
User's Guide & Catalog_ direct from the publisher, O'Reilly &
Associates, Inc. This latest publication in their renowned Nutshell
Handbook series is worth every penny of the $24.95 list price. The
ISBN is 1-56592-025-2. O'Reilly can be reached at 103 Morris St, Ste.
A, Sebastopol, CA 95472, or 800-998-9938.
Many are familiar with the Nutshell Handbooks that O'Reilly has
published, mostly for the Unix and X Window environments. This book
is a high quality paperback of 376 pages that is printed on acid-free
paper (not that it will need to last that long, considering the rate
of change of the Internet). Those not familiar with O'Reilly's
publications will be familiar with Krol's RFC 1118, "The Hitchhiker's
Guide to the Internet," which this new book updates and obsoletes.
To indicate how comprehensive and current the book is, I'll take the
liberty of listing the chapter titles:
1. What is this book about?
2. What is the Internet?
3. How the Internet works.
4. What's allowed on the Internet?
5. Remote login.
6. Moving files: FTP
7. Electronic mail
8. Network News
9. Finding software [all about Archie]
10. Finding someone
11. Tunneling through the Internet: Gopher
12. Searching Indexed databases: WAIS
13. Hypertext spanning the Internet: WWW
14. Other applications [fax, chatting, games, etc.]
15. Dealing with problems [error msgs, dealing with operations folks, etc.]
There are also appendices covering resources on the nets, how to get
connected, international connectivity, acceptable use, and other
matters. The glossary is adequate, but does not try to compare to the
_The New Hacker's Dictionary_. The index is very good.
In conclusion, I recommend this very highly. Although there are many
other competing works out there, this one covers almost everything
anyone could want to know, is well written for both the novice and the
experienced user, and is available now at a very reasonable price.
All who are reading this review should have a copy on their desk, and
a copy in their public, academic, or special library for reference by
other potential users.
Obligatory disclaimer: I do not know the author and have no business
or other connections with the author or publisher. I'm just a very
happy consumer.
------------------------------
Date: 02 Dec 92 11:49:08 EST
From: David Lehrer <71756.2116@COMPUSERVE.COM>
Subject: File 8--Akron BBS trial update!
Akron BBS trial update: Dangerous precedents in sysop prosecution
You may already know about the BBS 'sting' six months ago in Munroe
Falls, OH for "disseminating matter harmful to juveniles." Those
charges were dropped for lack of evidence. Now a trial date of 1/4/93
has been set after new felony charges were filed, although the
pretrial hearing revealed no proof that *any* illegal content ever
went out over the BBS, nor was *any* found on it.
For those unfamiliar with the case, here's a brief summary to date.
In May 1992 someone told Munroe Falls police they *thought* minors
could have been getting access to adult materials over the AKRON
ANOMALY BBS. Police began a 2-month investigation. They found a small
number of adult files in the non-adult area.
The sysop says he made a clerical error, causing those files to be
overlooked. Normally adult files were moved to a limited-access area
with proof of age required (i.e. photostat of a drivers license).
Police had no proof that any minor had actually accessed those files
so police logged onto the BBS using a fictitious account, started a
download, and borrowed a 15-year old boy just long enough to press the
return key. The boy had no knowledge of what was going on.
Police then obtained a search warrant and seized Lehrer's BBS system.
Eleven days later police arrested and charged sysop Mark Lehrer with
"disseminating matter harmful to juveniles," a misdemeanor usually
used on bookstore owners who sell the wrong book to a minor. However,
since the case involved a computer, police added a *felony* charge of
"possession of criminal tools" (i.e. "one computer system").
Note that "criminal tool" statutes were originally intended for
specialized tools such as burglar's tools or hacking paraphenalia used
by criminal 'specialists'. The word "tool" implies deliberate use to
commit a crime, whereas the evidence shows (at most) an oversight.
This raises the Constitutional issue of equal protection under the law
(14'th Amendment). Why should a computer hobbyist be charged with a
felony when anyone else would be charged with a misdemeanor?
At the pretrial hearing, the judge warned the prosecutor that they'd
need "a lot more evidence than this" to convict. However the judge
allowed the case to be referred to a Summit County grand jury, though
there was no proof the sysop had actually "disseminated", or even
intended to disseminate any adult material "recklessly, with knowledge
of its character or content", as the statute requires. Indeed, the
sysop had a long history of *removing* such content from the non-adult
area whenever he became aware of it. This came out at the hearing.
The prosecution then went on a fishing expedition. According to the
Cleveland Plain Dealer (7/21/92)
"[Police chief] Stahl said computer experts with the Ohio Bureau
of Criminal Identification and Investigation are reviewing the
hundreds of computer files seized from Lehrer's home. Stahl said it's
possible that some of the games and movies are being accessed in
violation of copyright laws."
Obviously the police believe they have carte blanche to search
unrelated personal files, simply by lumping all the floppies and files
in with the computer as a "criminal tool." That raises Constitutional
issues of whether the search and seizure was legal. That's a
precedent which, if not challenged, has far-reaching implications for
*every* computer owner.
Also, BBS access was *not* sold for money, as the Cleveland Plain
Dealer reports. The BBS wasn't a business, but rather a free community
service, running on Lehrer's own computer, although extra time on the
system could be had for a donation to help offset some of the
operating costs. 98% of data on the BBS consists of shareware
programs, utilities, E-mail, etc.
The police chief also stated:
"I'm not saying it's obscene because I'm not getting into that
battle, but it's certainly not appropriate for kids, especially
without parental permission," Stahl said.
Note the police chief's admission that obscenity wasn't an issue at
the time the warrant was issued.
Here the case *radically* changes direction. The charges above were
dropped. However, while searching the 600 floppy disks seized along
with the BBS, police found five picture files they think *could* be
depictions of borderline underage women; although poor picture quality
makes it difficult to tell.
The sysop had *removed* these unsolicited files from the BBS hard
drive after a user uploaded them. However the sysop didn't think to
destroy the floppy disk backup, which was tossed into a cardboard box
with hundreds of others. This backup was made before he erased the
files off the hard drive.
The prosecution, lacking any other charges that would stick, is using
these several floppy disks to charge the sysop with two new
second-degree felonies, "Pandering Obscenity Involving A Minor", and
"Pandering Sexually Oriented Matter Involving A Minor" (i.e. kiddie
porn, prison sentence of up to 25 years).
The prosecution produced no evidence the files were ever "pandered".
There's no solid expert testimony that the pictures depict minors. All
they've got is the opinion of a local pediatrician. All five pictures
have such poor resolution that there's no way to tell for sure to what
extent makeup or retouching was used. A digitized image doesn't have
the fine shadings or dot density of a photograph, which means there's
very little detail on which to base an expert opinion. The
digitization process also modifies and distorts the image during
compression.
The prosecutor has offered to plea-bargain these charges down to
"possession" of child porn, a 4'th degree felony sex crime punishable
by one year in prison. The sysop refuses to plead guilty to a sex
crime. Mark Lehrer had discarded the images for which the City of
Munroe Falls adamantly demands a felony conviction. This means the
first "pandering" case involving a BBS is going to trial in *one*
month, Jan 4th.
The child porn statutes named in the charges contain a special
exemption for libraries, as does the original "dissemination to
juveniles" statute (ORC # 2907.321 & 2). The exemption presumably
includes public and privately owned libraries available to the public,
and their disk collections. This protects library owners when an adult
item is misplaced or loaned to a minor. (i.e. 8 year olds can rent
R-rated movies from a public library).
Yet although this sysop was running a file library larger than a small
public library, he did not receive equal protection under the law, as
guaranteed by the 14'th Amendment. Neither will any other BBS, if this
becomes precedent. The 'library defense' was allowed for large
systems in Cubby versus CompuServe, based on a previous obscenity case
(Smith vs. California), in which the Supreme Court ruled it generally
unconstitutional to hold bookstore owners liable for content, because
that would place an undue burden on bookstores to review every book
they carry, thereby 'chilling' the distribution of books and
infringing the First Amendment.
If the sysop beats the bogus "pandering" charge, there's still
"possession", even though he was *totally unaware* of what was on an
old backup floppy, unsolicited in the first place, found unused in a
cardboard box. "Possession" does not require knowledge that the person
depicted is underage. The law presumes anyone in possession of such
files must be a pedophile. The framers of the law never anticipated
sysops,or that a sysop would routinely be receiving over 10,000 files
from over 1,000 users.
The case could set a far ranging statewide and nationwide precedent
whether or not the sysop is innocent or guilty, since he and his
family might lack the funds to fight this--after battling to get this
far.
These kinds of issues are normally resolved in the higher courts--and
*need* to be resolved, lest this becomes commonplace anytime the
police or a prosecutor want to intimidate a BBS, snoop through users'
electronic mail, or "just appropriate someone's computer for their own
use."
You, the reader, probably know a sysop like Mark Lehrer. You and your
family have probably enjoyed the benefits of BBS'ing. You may even
have put one over on a busy sysop now and then.
In this case; the sysop is a sober and responsible college student,
studying computer science and working to put himself through school.
He kept his board a lot cleaner than could be reasonably expected, so
much so that the prosecution can find very little to fault him for.
*Important* Please consider a small contribution to ensure a fair
trial and precedent, with standards of evidence upheld, so that mere
possession of a computer is not grounds for a witch hunt.
These issues must not be decided by the tactics of a 'war of
attrition'; *however far* in the court system this needs to go. For
this reason, an independent, legal defense trust fund has been set up
by concerned area computer users, CPA's, attorneys,etc.
Mark Lehrer First Amendment Legal Defense Fund
(or just: MLFALDF)
Lockbox No. 901287
Cleveland, OH 44190-1287
*All* unused defense funds go to the Electronic Frontier
Foundation, a nonprofit, 501c3 organization, to defend BBS's and
First Amendment rights.
Help get the word out. If you're not sure about all this, ask your
local sysops what this precedent could mean, who the EFF is--and ask
them to keep you informed of further developments in this case.
Please copy this file and send it to whoever may be interested. This
case *needs* to be watchdogged.
Please send any questions, ideas or comments directly to the sysop:
Mark Lehrer
CompuServe: 71756,2116 InterNet: 71756.2116@compuserve.com
Modem: (216) 688-6383 USPO: P.O. Box 275
Munroe Falls, OH 44262
------------------------------
End of Computer Underground Digest #4.62
************************************
Computer underground Digest Sun Dec 6, 1992 Volume 4 : Issue 63
ISSN 1066-632X
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Copy Editor: Etaion Shrdlu, Junior
CONTENTS, #4.63 (Dec 6, 1992)
File 1--Taking a Look at the SPA
File 2--What is the Software Publishers' Association (SPA)?
File 3--SPA "Rap Video" - "Don't Copy that Floppy"
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; in
Europe from the ComNet in Luxembourg BBS (++352) 466893; and using
anonymous FTP on the Internet from ftp.eff.org (192.88.144.4) in
/pub/cud, red.css.itd.umich.edu (141.211.182.91) in /cud, halcyon.com
(192.135.191.2) in /pub/mirror/cud, and ftp.ee.mu.oz.au (128.250.77.2)
in /pub/text/CuD.
European readers can access the ftp site at: nic.funet.fi pub/doc/cud.
Back issues also may be obtained from the mail
server at mailserv@batpad.lgb.ca.us.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Sun, 6 Dec 92 11:43:38 CST
From: Jim Thomas <tk0jut2@mvs.cso.niu.edu>
Subject: File 1--Taking a Look at the SPA
Software piracy--the unauthorized reproduction of copyright
software--raises *complex* ethical and legal questions. Piracy ranges
from mass reproduction and distribution of unauthorized programs or
disks intended for re-sale--some call this "bootlegging" rather than
piracy--to simply copying a game one has legitimately obtained so that
it may be played on a computer in both the den and bedroom.
The Software Publishers' Association (SPA) is an organization as
dedicated to eradicating "piracy" as the most hawkish cold warrior was
to erasing the "Evil Empire." The SPA argues that any reproduction of
a copyright program is theft and those who engage in such copying are
criminals. Their strict interpretation of "one program per machine"
would make a criminal of the father who purchases a game for his child
and installs it on two home computers. Their advertisements in trade
journals and elsewhere raises the threat of severe criminal penalties
for copying. For example, a full-page color ad in PC Magazine depicts
three burly and mean looking prisoners surrounding a small, meek,
middle-aged nerd with the caption: "The S.P.A. wants you to pay for
your network software one way or the other." In another trade journal,
a full-page black-and-white ad shows a pair of handcuffs under the
caption: "Copy software illegally and you could get this hardware
absolutely free." The June 17, 1991, cover of Information Week depicts
a 1940s' style super-hero style drawing of an SPA agent bursting
through the office doors, saying: "Nobody move! Keep your hands away
from those keyboards!" A male officer worker says: "Oh my gosh! It's
the SPA!!" His female companion responds: "QUICK! Stash the disks!!"
The messages clearly convey the impression that the SPA has attempted
to establish itself as a para-legal police force with powers to
apprehend and prosecute. Some critics view this as techno-vigilante
justice and feel that the SPA oversteps ethical boundaries by
encouraging informants and by indiscriminately criminalizing *all*
forms of "unauthorized" copying. SPA supporters argue that such
tactics are necessary to protect program authors from rip-off.
The SPA has aggressively taken its position to the public through
press releases and news stories. Two recent articles typify how the
organization has staked out the terrain of the debate and shaped the
issues. A recent New York Times story ("As Piracy Grows, the Software
Industry Counterattacks," NYT, Nov. 8, 1992. P. F-12, by Peter F.
Lewis) contends that software "thievery" will cost the industry the
software industry $10 to $12 billion in 1992. The validity of the
calculation of the costs goes unchallenged, the distinction between
the casual copier and professional bootleggers is ignored, and the
emphasis of the story focuses on the home copier. The story relies on
SPA information and spokespersons, particularly Ken Wasch, executive
director of the SPA. The terms "theft" and "stealing" are liberally
used, and there is no attempt to present alternative views of the
serious issues that software piracy raises.
A small town paper (DeKalb (Ill.) Daily Chronical: "Software Police
can come Knocking Quickly," Nov. 15, 1992: p. 25) presents a grimmer
picture of piracy. It focuses on the extreme cases of gross abuse of
software copying that the SPA investigated and settled, and then
shifts to the small user. It cites SPA figures indicating that since
its founding in 1984, the SPA has conducted 75 raids and filed 300
lawsuits.
Both articles, and others like them, frame the piracy problem as one
of theft and emphasize the "police power" of the SPA. The message is
simple: If you copy software, you risk criminal penalties.
If a software program, whether conventional copyright or shareware, is
used regularly, then the user is ethically obligated to pay for it.
But, the SPA's narrow interpretation of shrink-wrap licenses, "one
machine, one program," and "theft" raise many questions. CuD's
position is that there are clear boundaries between acceptable and
unacceptable copying, and much gray area in between. For us, there is
considerable room for debate over that gray area and where the lines
should be drawn. There are a number of solid reasons why reproduction
or sharing of others' copyright software should be allowed, just as
reproduction of videos, zeroxing articles, taping audio cassette
music, and other forms of reproduction are considered acceptable.
In this issue, CuD reproduces the SPA's statement of purpose (File 2)
and excerpts from its anti-piracy "rap" video (File 3). In coming
issues, we will examine the issues and philosophy underlying the SPA's
tactics in protecting copyright. Our goal is to encourage debate and
we welcome readers' thoughts on the subject.
------------------------------
Date: Sun, 6 Dec 92 11:22:38 CST
From: Jim Thomas <tk0jut2@mvs.cso.niu.edu>
Subject: File 2--What is the Software Publishers' Association (SPA)?
((MODERATORS' NOTE: The following description of the SPA is a file
written by the SPA and available for downloading from the SPA
forum on Compuserve)).
++++++
What Is the Software Publishers Association?
The Software Publishers Association (SPA) is the principal trade
association of the microcomputer software industry. Founded in 1984 by
25 firms, the SPA now has more than 900 members, which include the
major business, consumer and education software companies and smaller
firms with annual revenues of less than $1 million. The SPA is
committed to promoting the industry and protecting the interests of
its membership.
The SPA has two membership categories: full and associate. Software
firms that produce, release, develop or license microcomputer software
and are principally responsible for the marketing and sales of that
software are eligible to apply for full membership status. Firms that
develop software but do not publish are also eligible. Associate
membership is open to firms that do not publish software, but provide
services to software companies. These members include vendors,
consultants, market research firms, distributors and hardware
manufacturers.
Business, Consumer, and Education Sections
Full SPA members can choose to be part of the Business, Consumer, and
Education Sections by contributing 25% of their dues to one or more of
these specialized subgroups. Section participation comes free with
membership, and it entitles members to information on a specific
segment of the industry. Many members devote all 25% of their dues to
one section, and some elect to join all three sections. Either way,
you will be invited to participate in section meetings, projects, the
planning of SPA meeting sessions, and other activities related to
specific software markets.
Business Section: The Business Section comprises the largest subgroup
of the SPA membership, with representative companies ranging from
small start-ups to some of the largest software firms. The group
focuses many of its activities and meetings on licensing and managing
software assets, as well as tax-related issues. The Business Section
also played an integral role in developing the SPA Resource Guide for
Developing Your Software Business, which is collection of articles
covering key issues in the industry such as marketing, distribution,
PR, and finance.
Consumer Section: The Consumer Section is comprised of publishers of
consumer games, recreation software, home productivity programs, as
well as other companies specializing in consumer software. The
Consumer Section will be offering free to its members the results of
its End-User survey, which will scrutinize hardware and software
purchases of 1500 households with computers. The Section also
publishes a quarterly newsletter focusing on consumer software issues.
The group meets several times a year at SPA meetings and trade shows,
including Summer and Winter CES, to discuss projects and issues
affecting the consumer software industry.
Education Section: With member companies publishing software for the
K-12 and higher-education markets, the Education Section plays an
active role in this segment of the industry. Past projects have
included a School Software Survey, the Education LAN Survey, the
Report on the Effectiveness of Microcomputers in Schools, among
others. Programs are also being developed to promote awareness of
software piracy amongst teachers and students. The Education Section
comes together at SPA meetings and other educational conferences
throughout the year.
International Activities
SPA Europe was created to promote and provide services to the European
software industry. Now in its second full year of operation, SPA
Europe represents more than 100 European software publishers,
re-publishers, distributors, SPU manufacturers, and other
industry-related firms, in 15 different countries from Iceland to
Turkey. Companies interested in joining SPA Europe should contact the
membership department at:
SPA Europe
2 Place de la Defense
World Trade Center, CNIT BP 416
92053 Paris La Defense, France
Tel: 33-(1) 46 92 27 03/04 Fax: 33-(1) 46 92 25 31
Programs and Benefits
SPA Semiannual Conferences: The SPA meets twice a year, on the east
coast in the Fall and on the west coast in the Spring. The
conferences, which attract more than 1000 attendees, offer members an
opportunity to meet with industry leaders and executives. Attendees
participate in informative sessions, discuss issues and mobilize their
efforts in committee meetings, which focus on the consumer, education
and business markets.
European Conference: The European conference, hosted by SPA Europe,
is an opportunity to meet with more than 350 peers in an informal
setting. It also offers a chance to learn more about the European
software industry and the forces that drive international markets.
For the past 3 year, the European Conference has been held in Cannes,
France.
Market Research Program: Each month, participating publishers receive
detailed market sales reports. Members use the SPA's monthly
aggregate sales reports to track software industry trends, the
relative sizes of market segments and their own market share. Members
that participate in this market research program submit sales figures
and information to the national accounting firm of Arthur Andersen &
Co. in Washington, D.C., The reports are available only to the SPA
members who share their confidential sales figures and information.
Individual company sales data is not disclosed. According to many of
the SPA's members, the reports are the most reliable source of market
data available to the industry.
Salary Survey: The SPA conducts the software industry's most
extensive salary survey. The annual survey focuses on human resource
practices, and short and long term compensation for more than 30
positions common to companies in our industry. Participants receive
the survey results free of charge.
CEO Roundtable: Chief Executive Officers of member companies meet in
small groups with other CEOs of non-competitive firms to discuss
informally a wide range of business problems including marketing,
personnel and breaking into the distribution channel.
Contracts Reference Disk and Manual: The Contracts Reference Disk and
Manual (CRD) is a compendium of legal contracts used in the software
industry. Although it is not intended to replace an attorney, it is an
indispensable tool that includes everything from nondisclosure
agreements to site-licensing agreements. It costs $300 for nonmembers,
but is free to members.
Lobbying: The SPA provides industry representation before the U.S.
Congress and the executive branch of government and keeps members
up-to-date on events in Washington, D.C., that effect them. The fight
against software piracy is among its top priorities. The SPA is the
industry's primary defense against software copyright violators both
in the United States and abroad. Litigation and an ongoing advertising
campaign are ways in which the SPA strives to protect the copyrights
of its members.
SPA Newsletter and Complimentary Subscriptions: Members receive the
SPA News on a monthly basis. The newsletter updates members on SPA
programs and activities. Special features include start-up success
stories and "country profiles" covering international marketing and
distribution issues. In addition, members receive complimentary
subscriptions to industry publications, including Jeffrey Tarter's
Soft*letter, Digital Information Group's Software Industry Bulletin
and Broadview Associates' Perspectives.
Award Programs: The SPA Excellence in Software Awards recognize
products that have achieved a high level of excellence, as determined
by the SPA members. They are the software industry's version of the
movie industry's Oscars. Members vote to award prizes in 25
categories, including best software program, best entertainment, best
business application, best home learning and best new use of a
computer. The winners receive national publicity.
The Sales Certification Program awards certifications to software
products that reach outstanding sales levels of 500,000; 250,000;
100,000; and 50,000 units sold. Gelfand, Renner & Feldman, the
accounting firm that manages the Recording Industry of America's
certifications, conducts the sales audits for the SPA.
Special Interest Groups (SIG) All SPA members may choose to join any
number of Special Interest Groups (SIGs). Each SIG maintains
individual memberships (unlike the SPA membership, which is corporate)
with dues of at least $100 per person per SIG.
All SIGs are member driven. While some SIGs have chosen to produce
reports, initiate projects, and assemble sessions at SPA conferences,
others use the group as a forum for information exchange, discussion
and networking. Refer to each SIG description for its specific
activities. All SIGs meet formally at least twice a year at SPA
conferences. Some SIGs meet more frequently at other industry trade
shows, such as COMDEX and CES.
CD SIG: The CD SIG was formed to promote the CD as a viable medium in
the computer industry. Through a better understanding of the
implications of this emerging technology, this SIG plans to assist
members in planning and profitably executing CD programs.
International SIG: As a coalition of software publishers and
distributors involved in international markets, the International SIG
seeks to provide members with information on creating partnerships and
business alliances in overseas markets. The SIG aims to help its
members develop and sustain profitable international sales and
operations through reports, resource guides and international sessions
at SPA conferences.
Macintosh SIG: The Macintosh SIG consists of Macintosh software
vendors that work to facilitate the sharing of information and
resources. The SIG promotes the common business interests of
companies developing, publishing, marketing or reporting on products
for the Apple Macintosh computer.
Marketing SIG: The Marketing SIGs goal is to promote successful
marketing in the PC software industry by allowing participants to
share information and ideas regarding relevant marketing issues. SIG
projects have included a biannual marketing newsletter, planning the
marketing bootcamps at SPA conferences, and a collection of 450 tips
called "The Do's and Don'ts of PC Software Marketing."
Pen Computing SIG: The Pen Computing SIG offers players in this
emerging market an opportunity to network and discuss issues relevant
to pen computing. The SIG aims to promote awareness of pen computing
in the industry and acts as an information source for companies
involved in this emerging technology.
Public Relations SIG: The PR SIG offers public relations
professionals within the SPA and the software industry an opportunity
to share information, network and discuss common concerns.
Software Production Services SIG: Formerly the Packaging SIG, the
Software Production Services SIG was recently reorganized to meet the
needs of packagers and publishers alike. The group intends to act as
an information source for its members, and broaden its focus to
include translation, distribution, project management, as well as
packaging issues.
Workgroup Computing SIG: The newly-formed Workgroup Computing SIG
aims to foster the growth of groupware capabilities and market
acceptance by enabling vendors of PC LAN products to share information
on issues related to this emerging segment of the industry. The
Workgroup SIG is currently soliciting new members who have an interest
in groupware technology.
Is it Okay to copy my colleague's software?
No, it's not okay to copy your colleague's software. Software is
protected by federal copyright law, which says that you can't make
such additional copies without the permission of the copyright holder.
By protecting the investment of computer software companies in
software development, the copyright law serves the cause of promoting
broad public availability of new, creative, and innovative products.
These companies devote large portions of their earnings to the
creation of new software products and they deserve a fair return on
their investment. The creative teams who develop the software
programmers, writers, graphic artists and others also deserve fair
compensation for their efforts. Without the protection given by our
copyright laws, they would be unable to produce the valuable programs
that have become so important in our daily lives: educational
software that teaches us much needed skills; business software that
allows us to save time, effort and money; and entertainment and
personal productivity software that enhances leisure time.
That makes sense, but what do I get out of purchasing my own software?
When you purchase authorized copies of software programs, you receive
user guides and tutorials, quick reference cards, the opportunity to
purchase upgrades, and technical support from the software publishers.
For most software programs, you can read about user benefits in the
registration brochure or upgrade flyer in the product box.
What exactly does the law say about copying software?
The law says that anyone who purchases a copy of software has the
right to load that copy onto a single computer and to make another
copy "for archival purposes only." It is illegal to use that software
on more than one computer or to make or distribute copies of that
software for any other purpose unless specific permission has been
obtained from the copyright owner. If you pirate software, you may
face not only a civil suit for damages and other relief, but criminal
liability as well, including fines and jail terms of up to one year.
So I'm never allowed to copy software for any other reason?
That's correct. Other than copying the software you purchase onto a
single computer and making another copy "for archival purposes only,"
the copyright law prohibits you from making additional copies of the
software for any other reason unless you obtain the permission of the
software company. At my company, we pass disks around all the time.
We all assume that this must be okay since it was the company that
purchased the software in the first place.
Many employees don't realize that corporations are bound by the
copyright laws, just like everyone else. Such conduct exposes the
company (and possibly the persons involved) to liability for copyright
infringement. Consequently, more and more corporations concerned
about their liability have written policies against such
"softlifting". Employees may face disciplinary action if they make
extra copies of the company's software for use at home or on
additional computers within the office. A good rule to remember is
that there must be one authorized copy of a software product for every
computer upon which it is run.
Do the same rules apply to bulletin boards and user groups? I always
thought that the reason they got together was to share software.
Yes. Bulletin boards and user groups are bound by the copyright law
just as individuals and corporations. However, to the extent they
offer shareware or public domain software, this is a perfectly
acceptable practice. Similarly, some software companies offer
bulletin boards and user groups special demonstration versions of
their products, which in some instances may be copied. In any event,
it is the responsibility of the bulletin board operator or user group
to respect copyright law and to ensure that it is not used as a
vehicle for unauthorized copying or distribution.
What about schools and professional training organizations?
The same copyright responsibilities that apply to individuals and
corporations apply to schools and professional training organizations.
No one is exempt from the copyright law.
I'll bet most of the people who copy software don't even know that
they're breaking the law.
Because the software industry is relatively new, and because copying
software is so easy, many people are either unaware of the laws
governing software use or choose to ignore them. It is the
responsibility of each and every software user to understand and
adhere to copyright law. Ignorance of the law is no excuse. If you
are part of an organization, see what you can do to initiate a policy
statement that everyone respects. Also, suggest that your management
consider conducting a software audit. Finally, as an individual, help
spread the word that the users should be "software legal."
The Software Publishers Association produces a Self-Audit Kit that
describes procedures appropriate for ensuring that a business or
organization is "software legal." For a free copy of the Self-Audit
Kit, including a sample corporate policy statement and "SPAudit," a
software management tool, please write to the following address.
Please specify the format (DOS or Macintosh) and disk size (3.5" or
5.25" for DOS) with your request.
"Self-Audit Kit"
Software Publishers Association
1730 M Street, NW, Suite 700
Washington, D.C. 20036
(800) 388-7478
Special thanks to Aldus Corporation for their contribution to this
brochure. We urge you to make as many copies as you would like in
order to help us spread the word that unauthorized coping of software
is illegal.
THE LAW
Software is automatically protected by federal copyright law from the
moment of its creation. The rights granted to the owner of a
copyright are clearly stated in the Copyright Act, which is found at
Title 17 of the US Code. The Act gives the owner of the copyright the
exclusive rights to "reproduce the copyrighted work" and "to
distribute copies ... of the copyrighted work" (Section 106). It also
states that "anyone who violates any of the exclusive rights of the
copyright owner ... is an infringer of the copyright" (Section 501),
and sets forth several penalties for such conduct. Persons who
purchase a copy of software have no right to make additional copies
without the permission of the copyright owner, except for the rights
to (i) copy the software onto a single computer and to (ii) make
"another copy for archival purposes only, which are specifically
provided in the Copyright Act (Section 117).
Software creates unique problems for copyright owners because it is so
easy to duplicate, and the copy is usually as good as the original.
This fact, however, does not make it legal to violate the rights of
the copyright owner. Although software is a new medium of
intellectual property, its protection is grounded in the
long-established copyright rules that govern other more familiar
media, such as records, books, and films. The unauthorized
duplication of software constitutes copyright infringement regardless
of whether it is done for sale, for free distribution, or for the
copier's own use. Moreover, copiers are liable for the resulting
copyright infringement whether or not they knew their conduct violated
federal law. Penalties include liability for damages suffered by the
copyright owner plus any profits of the infringer that are
attributable to the copying, or statutory damages of up to $100,000
for each work infringed. The unauthorized duplication of software is
also a Federal crime if done "willfully and for purposes of commercial
advantage or private financial gain." Criminal penalties include
fines of as much as $250,000 and jail terms of up to 5 years.
USE OF SOFTWARE
Anyone who purchases a copy of software has the right to load it onto
a single computer and to make another copy "for archival purposes
only." It is illegal to load that software onto more than one computer
or to make copies of that software for any other purpose unless
specific permission has been obtained from the copyright owner. The
law applies equally, for example, to a $25 game and a $750 project
management program. Each product reflects a substantial investment of
time and money by many individuals. Software development involves a
team effort that blends the creative talents of writers, programmers
and graphic artists. Piracy diminishes the value of a program and
further, deprives the developers of fair compensation.
Software piracy inhibits innovation. The software industry is filled
with new developers trying to break into a crowded market. They can
survive only if their products are purchased. Each theft makes staying
in business more difficult.
RENTAL OF SOFTWARE
It has always been illegal to rent unauthorized copies of software.
However, concern over the fact that the rental of authorized or
original software frequently resulted in the creation of pirated
software led Congress to enact the Software Rental Amendments Act of
1990 (Public Law 101-650), which now prohibits the rental, leasing, or
lending of original copies of any software without the express
permission of the copyright owner. Consequently, it is important to
recognize and comply with this clarification of the copyright law.
USE OF SOFTWARE BY SCHOOLS
Public or private educational institutions are not exempt from the
copyright laws. To the contrary, because of their unique position of
influence, schools must remain committed to upholding the copyright
laws. Just as it would be wrong to buy one textbook and photocopy it
for use by other students, it is wrong for a school to duplicate
software (or to allow its faculty or students to do so) without
authority from the publisher.
Some people claim that software publishers should allow schools to
copy programs because it is the only way some school systems can
afford to provide enough software for their students. However, the
acquisition of software is no different than any other product or
service required by a school. Schools purchase books, audio-visual
equipment and classroom furniture, and they pay a fair price for them.
Newer and better software can be developed only if the software
development team receives a fair price for its efforts.
Many software firms offer special sales arrangements to schools.
These include discounts for additional copies of programs,
reduced-priced lab packs (a quantity of programs sold together) and
site license agreements (an arrangement that allows a school to make a
specified number of copies for one location at a fixed price).
Schools should make every effort to uphold the law, because it is by
their example that students will learn to have respect for
intellectual property.
USER GROUPS
The personal computer industry owes much of its success to the
proliferation of user groups. These groups provide a valuable service
as forums for sharing computing experience and expertise. User groups
should, however, ensure that their meetings are not used to promote
illegal duplication or distribution of software.
The unauthorized duplication or distribution of software by user
groups or at user group meetings places many people in a vulnerable
position. The individuals who duplicate or distribute software, as
well as the user group itself and the owner of the meeting place, may
be held responsible as copyright violators.
A close relationship between user groups and the software publishing
community is mutually beneficial. User groups should encourage
ethical software use among their members. Likewise, software
publishers should respond to users' needs for proper support and
updates.
BUSINESS USERS
In the workplace, softlifting is characterized by two common
incidents: extra copies of software are made for employees to take
home, and extra copies are made for the office. Both situations mean
a greater number of computers can run more copies of the software than
were originally purchased.
Unless a special arrangement has been made between the business user
and the publisher, the user must follow a simple rule: one software
package per computer. This means that a copy of software should be
purchased for every computer on which it will be used. For example,
if the business has 10 computers on which employees use spreadsheet
software, it must purchase 10 copies of such software. If there are
25 secretaries using word processing software on their computers, each
secretary must have a purchased copy, etc.
Another option that has proven successful is for firms to enter into
special site licensing purchase agreements with publishers. These
agreements compensate the publishers for the lost sales they might
have made on a package-by-package basis because the company agrees to
pay a certain amount for a specific number of copies they will make
and not exceed on site. At the same time, they eliminate the
possibility that copyright violations will occur. By buying as many
programs as it will need, a company removes the incentive for
employees to make unauthorized copies. Adhering to these rules will
pay off in the long run, because a firm that illegally duplicates
software exposes itself to tremendous liability.
Many software applications are sold in "Local Area Network" (LAN)
versions. If your company has a LAN, be sure to follow the
publisher's guidelines for the use of software on the LAN. It is a
violation of the copyright laws and most license agreements to allow a
single-copy version of software on a LAN to be simultaneously accessed
by more than one user.
Finally, it has been found that when companies enact a policy
statement stating their intention to ensure employee compliance with
copyright regulations, the risk of software piracy is reduced. A
sample corporate policy statement is included on the back panel of
this brochure.
REPORTING COPYRIGHT VIOLATIONS
The SPA has established a special toll free number for reports of
copyright violations: 1-800-388-7478. The SPA has filed many lawsuits
against individuals and companies engaged in the unauthorized
duplication of PC software and will continue to do so when it becomes
aware of situations that warrant such action.
SPA MATERIALS
The SPA has a variety of materials about the legal use of software.
Our Self-Audit Kit describes procedures appropriate for ensuring that
a business or organization is "software legal." The Kit includes
SPAudit, a software management tool, and is available free of charge
to businesses and organizations (DOS or Macintosh versions). In
addition, the SPA has a 12 minute videotape on the subject of software
piracy entitled "Its Just Not Worth The Risk." The video is a useful
tool for instructing business users about the legal use of software
products and is available for $10. We also publish additional
brochures and a poster on the subject of software piracy. Please call
or write the SPA if you are interested in obtaining any of these
materials.
CONCLUSION
Most people do not purposely break the law. They would never consider
stealing money from someones pocket. But those who copy software
without authorization are stealing intellectual property and they
should understand the consequences of their actions.
If you are an individual user, don't break the law. Everyone pays for
your crime. If you are part of an organization, see to it that your
organization complies with the law, and that it issues an appropriate
policy statement that is signed and respected by all involved.
SAMPLE CORPORATE POLICY STATEMENT
Company/Agency Policy Regarding the Use of Microcomputer Software
1. (Company/Agency) purchases or licenses the use of copies of
computer software from a variety of outside companies.
(Company/Agency) does not own the copyright to this software or its
related documentation and, unless authorized by the software
developer, does not have the right to reproduce it for use on more
than one computer.
2. With regard to use on local area networks or on multiple machines,
(Company/Agency) employees shall use the software only in accordance
with the license agreement.
3. (Company/Agency) employees learning of any misuse of software or
related documentation within the company shall notify the department
manager or (Company's/Agency's) legal counsel.
4. According to the US. Copyright Law, illegal reproduction of
software can be subject to civil damages of as much as $100,000 per
work copied, and criminal penalties, including fines and imprisonment.
(Company/Agency) employees who make, acquire or use unauthorized
copies of computer software shall be disciplined as appropriate under
the circumstances. Such discipline may include termination.
(Company/Agency) does not condone the illegal duplication of software.
I am fully aware of the software protection policies of
(Company/Agent) and agree to uphold those policies.
Employee Signature and Date
SOFTWARE PUBLISHERS ASSOCIATION
1730 M St., NW, Suite 700
Washington, D.C. 20036
Phone: 202-452-1600 Fax: 202-223-8756
Piracy Hotline-1-800-388-7478
Everyone benefits from a healthy computer software industry.
With each passing year, evolving software technology brings us faster,
more sophisticated, versatile and easy-to-use products. Business
software allows companies to save time, effort and money. Educational
computer programs teach basic skills and sophisticated subjects. Home
software now includes a wide array of programs that enhance the user's
productivity and creativity. Computer graphics have turned PCs into a
veritable artist's palette, and new games are increasingly inventive.
The industry is thriving and users stand to benefit along with the
publishers.
Along the way, however, the problem of software theft has developed,
and threatens to impede the development of new software products.
Romantically called "piracy," the unauthorized duplication of software
is a Federal offense that affects everyone: large and small software
publishers and legitimate users. Even the users of unlawful copies
suffer from their own illegal actions. They receive no documentation,
no customer support and no information about product updates.
When a few people steal software, everyone loses.
This guide is intended to provide a basic understanding of the issues
involved in ethical software use. It will tell you what the laws are,
how to follow them and why you should adhere to them. We encourage
you to make and distribute copies of this brochure.
This guide is only one component of an ongoing effort by the Software
Publishers Association to increase public awareness of software
piracy. If you have any questions about the legal use of software, or
would like additional copies of this pamphlet, please call the
Software Publishers Association at (202) 452-1600.
------------------------------
Date: Sun, 6 Dec 92 11:21:54 CST
From: Jim Thomas <tk0jut2@mvs.cso.niu.edu>
Subject: File 3--SPA "Rap Video" - "Don't Copy that Floppy"
((MODERATORS' NOTE: We share with the SPA the need to educate the
future generation of computer users about computer ethics. However,
the video "Don't Copy that Floppy" reminded us of the cyber version of
"Reefer Madness," the camp anti-marijuana film of the 1930s. What
follows are excerpts from their video, although parts of the rap were
audibly unintelligible. The central thesis of the video is that if
people copy floppies, the computer industry will die. The accuracy of
this claim will be examined in a future issue, but it should be noted
that the games the video chooses as examples, including tetris and the
Where is...Carmen series are among the most copies and among the most
successful games, suggesting that their claim is somewhat over-stated.
The question we raise is this: If we agree that computer ethics should
be taught in the schools, what should the content be and how should it
be delivered? We are rather uncomfortable with "propagandizing" being
"taught" without competing views and without raising the seriousness
of the issues. We invite comments)).
+++++++++
DON'T COPY THAT FLOPPY
<Opening scene: Two mid-teenagers, one a black female, the other a
white male. They are playing on a computer game on a classroom
computer. The male madly punches keys to portray frenetic action. He
is loses the game to the female. Frustrated, he wants to play her
again, but she has >.
Female: It's almost fourth period, and I do not want to get caught in
here.
Male: But Jane, hold up. Look. I brought a disk, and we could *copy*
this, and we could play it on my brother's computer.
Female: OK, no problem. All we gotta do is <she slips the blank disk
in and simulates starting to copy. The screen brightens and strange
noises come from the computer>
Male: Are you *sure you know what you're doing?
<A black "rapper's" face appears on the computer terminal, expanding
to take up the tv screen. He sings a rap lyric against copying:
Rapper:
Did I hear you right?
Did I hear you saying?
That you're gonna make a copy
of a game without payin'?
Come on guys.......
I thought you knew better.
Don't copy that floppy.
Male: Hey, wait a minute. Who the heck are you anyway?
Female: Yeh. And what are you doing in our computer?
Rapper:
I'm your MC double-dare--DP.
That's a disk protector
for you and the posse....
That's for artists, writers, designers and programmers
That puts up the images for games and grammar
That lets you learn, but also play,
The games you came here for today.
<drum interlude>
Now I know you love the game
and that's all right to do,
Because the posse who makes them,
they love them too.
But if you start stealin', there's no more they can do....
<drum beat>
Male: But I just wanted to make one copy.
Rapper:
You say I'll just make a copy
for me and a friend.
Then he'll make one and she'll make one
and where will it end?
One leads to another,
then they make more
And no one buys anything from the store.
So no one gets paid, and they *can't* make more.
The posse <does something, but whatever it is is
unintelligible>
Don't copy.....
Don't copy...that floppy!
So let me break this down for you.
No Carmen San Diego,
No more Oregon Trail.
Tetris and the others,
They're all going to fail.
Not because we want it,
but because you been takin' it,
Disrespectin' of the folks who are making it.
<a few more verses proclaiming that "stealing" games by copying them
will lead to the end of software and the end of the "computer age."
*****
The rap music is mercifully short, but it's interspersed with
interview/documentaries of software manufacturers. They explain how
games are made, indicating that creating a game can involve 20 to 30
people integrating the various parts, and working on documentation,
technical support, and marketing. The point is that if sales are low,
the authors may decide that the game is unpopular and stop making it.
SPA Attorney: Although the licenses may vary, the law is very simple.
The copyright law says that when you buy a piece of software, you can
put that piece of software on one computer. And that's it. You can
make a backup copy of the software, but you can't give that backup
copy to a friend, and you can't put it on another computer. Every
program that you buy, that's one program for one computer.
<The rap continues, interspersed liberally with "don't copy that
floppy" and urging viewers to buy a copy of the program for every
computer they use. "Anything else is like going to the story, taking
that disk and walking out the door.">
The male and female discuss the issues for a few minutes, and the
female argues that copying is wrong and against the law. The rapper
returns, urging viewers to buy more software and that doing so will
build the future. The male announces that he has some money left from
his summer job, suggesting that he will use it to go out and buy a
computer game (with a manual). And, fourth period be damned, they play
another game (on presumably is a pirated game on the school computer).
(end of video)
------------------------------
End of Computer Underground Digest #4.63
************************************
Computer underground Digest Wed Dec 9, 1992 Volume 4 : Issue 64
ISSN 1066-642X
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Copy Editor: Etaion Shrdlu, Junior
CONTENTS, #4.64 (Dec 9, 1992)
File 1--December's D.C. 2600 Meeting Summary
File 2--HoHoCon and the SS
File 3--Message from Solitude - (Re: CuD 4.57)
File 4--H0H0CON (Xmascon) Update
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; in
Europe from the ComNet in Luxembourg BBS (++352) 466893; and using
anonymous FTP on the Internet from ftp.eff.org (192.88.144.4) in
/pub/cud, red.css.itd.umich.edu (141.211.182.91) in /cud, halcyon.com
(192.135.191.2) in /pub/mirror/cud, and ftp.ee.mu.oz.au (128.250.77.2)
in /pub/text/CuD.
European readers can access the ftp site at: nic.funet.fi pub/doc/cud.
Back issues also may be obtained from the mail
server at mailserv@batpad.lgb.ca.us.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Mon, 7 Nov 92 18:52:31 PST
From: Brock Meeks <brock@well.sf.ca.us>
Subject: File 1--December's D.C. 2600 Meeting Summary
((MODERATORS' NOTE: Brock Meeks, the reporter who broke the story of
possible U.S. Secret Service involvement in the November 2600 meetings
in Washington D.C. (see CuD #4.57), attended the December 2600
meetings. Here is his account as he related it on The Well))
Well, we did have a few fireworks at the D.C. meeting. Some crazed
journalist went off and did unthinkable: He tried to get some straight
answers out of the folks in charge.
A crime for which has threatened with arrest and physically removed
from the mall.
The fact that I was physically escorted from Pentagon City Mall last
night, under direct threat of being arrested made up for that had been
an incredible slow news day.
My paper had just that day run a major investigative story I'd written
about the National Science Foundation's continued fuck ups in regards
to their computer network, NSFNet. I was cruising through my morning.
Hell, I'd earned it. Two months of investigation take a lot out of
you. I was expecting a blast of irate phone calls from NSF and all
parties involved. I got none. "Suits me," I thought.
Besides... that evening I was heading to the D.C. 2600 meeting. I had
an agenda: First, confront Al Johnson and ask him why he'd lied to
others about what he said to me. Second, reintroduce myself to the
hacker underground, a culture I have a true affinity for and one which
I'd been out of touch for too long. This was my foray back in and I
wanted to play it for all it was worth.
The day ground through its gears and by 5 p.m. I'd written enough copy
to satisfy my editors so I blew off the Daily and headed for the
Pentagon City mall. I didn't know who I was looking, what any of the
kids looked like. "You'll know who we are," said Inhuman, who'd
called earlier to make sure I was clued in.
He was right. I spotted them right off, but opted to circle the
group, cruising the mall, doing my own impromptu version of "spot the
Fed" while scouting for the Mall Administrative offices and looking
for the Security offices.
Those objectives accomplished, I waded into the group introduced
myself to about 30 pairs of skeptical eyes. The handles flew at me
fast and furious, names I'd heard before, others new.
I sat watching and listening to these guys, most of them a couple of
generations younger than myself. The dichotomy was striking: Me in
an uptown grey pin-stripped suit with leather suspenders. They in an
eclectic blend of street hip, anti-authority, "don't fuck with me"
cloths. I didn't tell them, but I'd much rather have been dressed
like them. So much for the trade-offs of legitimate journalism: The
corporate garb.
But the skins we wore peeled away nicely and I shifted through several
different conversations as if I'd been a member of this fraternity for
ages. I had at 15 years on most of them and yet it was they who were
mentoring me: Education, real time. I was eating it up.
A writer for Village Voice wandered over and I decided that he and I
would be allies for night. It wasn't in my planned agenda, but fuck
agendas and plans and go with the flow. I decided that any
confrontations would be better off if I had someone at my back and
another journalist was all the better.
I tagged Julian (the VV writer) to help me hunt down Al Johnson.
We never found him. Gone for the night. "Didn't even come in today,"
said some mall flunky when Julian and I crash the Mall administrative
offices, looking for him.
All the mall security people denied knowing anything about the events
of last month. Shit, they don't even lie well, I thought to myself.
So, back to the food court for more hang time. But it's getting a bit
slow. It's become obvious to me that the authorities are away on this
night and that they don't want confrontation. But this is all going
too smooth for me. I came here to ask some legitimate questions. So
I went seeking someone to answer them.
I found Santa Claus.
Well, Santa Claus is what he eventually told me his name was. In
reality he is Lowell Davis, part of the Mall's Administrative
management team. Last night, he was "MOD" Manager on Duty. And he
was the one I cornered to ask my questions.
Julian and I had spotted him before; he was painfully obvious: Older
greying overweight white male: A heart attack in a cheap polyester
suit. We'd actually thought he might be Secret Service. Ok, we got
one wrong.
Julian and I had dogged him to the mall office, but he wouldn't come
out. So, when we spotted him standing up on the second floor,
watching the meeting along side a security guard, we raced up the
escalator to confront him.
I introduced myself, shaking his clammy, meaty palm: "Hi. I'm Brock
Meeks, reporter for Communications Daily."
"I'm happy for you," Davis said. "Are you associated with the mall
somehow?" I asked. "I'm associated with everybody. I just want...
listen, before I talk to you guys, turn off those tape recorders..."
Yes, we had recorders, but they weren't turned on.
"Look I just want everyone to be happy, buy stuff, that's all,"
Davis said. "You can quote me on that."
I said fine, but I'd have to have a name to quote. "You don't
need my name."
"OK, but I didn't catch your title, what's your job?"
"I work for one of the stores here."
"Which one?"
"None of your business. I don't have to tell you that."
A few more minutes of conversation revealed nothing more. I
asked Davis if he knew about the events of last month. "I'm
shocked such a thing would happen! I don't know anything about
it."
"Then you don't approve of such actions taking place?" I asked.
"Certainly not, I don't support anybody's rights being violated,"
Davis said.
I asked him his name again, and he said, "Santa Claus, as far as
your concerned."
I pressed him some more about what relation he had to the mall and he
told me: "I'm responsible for making sure the food court is clean and
that everyone has a good safe time."
"Oh, so you're in management then... I thought you said you worked for
a store?" I said.
At that point he refused to talk to me. "Just stop. Stop it now.
I'm through answering questions. You're harassing me. Leave me
alone."
At that point the security guard told me to leave or I'd be in
trespassing. "Why?" I asked. "A shopper has complained about you
and I'm telling you to leave."
security guard wouldn't listen and immediately called for the
uniformed Arlington Police who were already in the mall.
"What are you going to do, arrest me?" I asked the security guard.
"No, he won't, but I will," said the Arlington Officer.
And I left.
The story's not over, folks... just delayed...
------------------------------
Date: Mon, 30 Nov 92 13:50:17 -0500
From: Doctor Math <root@SANGER.CHEM.ND.EDU>
Subject: File 2--HoHoCon and the SS
The recent "shadow" SS raids on both PumpCon and the 2600 meeting
scare me. The implications are chilling. In both cases, the law
enforcement conducting the raid had "legitimate" reasons for doing so
- the raid could stand up in court if it had to, all by itself. So the
SS (and who else? FBI? DIA? CIA?) gets the best of both worlds:
meetings of the "Underground Hacker Menace" are broken up while the SS
doesn't have to take bad press for it; most mainstream media doesn't
mention the SS if there's any coverage of
the incident at all.
I really wanted to go to HoHoCon this year. I was even prepared to be
photographed by whichever federal agencies decided to attend. More
notes for my file, at least. This didn't bother me, since I don't do
anything interesting or "dangerous" enough to get myself investigated
(at least not for the past couple of years). A little surveillance, no
big deal. Now I'm not so sure I want to go given that it appears
likely that some sort of law enforcement will be there conducting some
sort of raid and making some sort of arrest... later they will deny
any involvement of any federal agencies, claiming that they had their
own investigation into the (pick one or more: stolen property, illegal
K0DEZ, underaged participants, hijacked source code, proprietary
documents...) and that the bust stands on its own merit. Right.
Another note: Was the 2600 meeting that got raided the only one to
occur on private property? I think the Bill of Rights says something
about the right of citizens to peaceably assemble, but the Mall was
indeed private property and they could theoretically suspend this
right. Of course, that should have amounted to "chasing off a bunch of
kids" as it almost always does, not "detain and confiscate". Would it
have been any different if the meeting was being held in a public
park, assuming that the park was open and that the participants
weren't breaking any local ordinances about noise or failure to obtain
permits for a meeting of greater than X people (yes, there are
ordinances like that in some cities) ? Would it be any different if
the meeting was held in someone's house (other than perhaps generating
additional liability for the host) ?
Pipe dream: Secretly replace the attendants of a given conference with
lawyers at the last minute. Install hidden cameras and microphones at
the site of the convention. Make sure that the "attendees" aren't
doing anything that is even slightly illegal. Wait for raid. After
raid, sue.
------------------------------
Date: Fri, 04 Dec 92 22:42:00 PDT
From: Eagle.Runner@SOLITUD.FIDONET.ORG(Eagle Runner)
Subject: File 3--Message from Solitude - (Re: CuD 4.57)
Whew! After reading the CUD-457, which gave a pretty good account of
the USSS and property seizures, I didn't know whether to "laugh" at
the ridiculous behavior, or "cry", because of what it seems to
indicate about the current State of the Union.
Obviously, folks at N.S.A., D.I.A., F.B.I., and probably C.I.A., are
all becoming rather `paranoid' of the so-called "hacker threat" to
national security. I see corruption, abuses of authority, extreme
incompetence well-beyond Peter Principle levels in Government, but
this is indicative of incredible malfunctioning by decision makers in
high places. It isn't likely some low-level USSS person authorized
this, without somebody higher up the chain's knowledge.
Sounds like we're in for some Dzerzhinski style `hijinks' with regard
to the intelligence community in this country, beyond what most
American's are ready to believe is really happening. The real danger
with this stuff is that, given the relatively large segment of the
public that already "fears" the computer, or is "ignorant" of how far
or how limited the technology is, it's likely that there won't be a
large enough voice of "dissent" over this incident, or other's. It's
scary that this Gestapo-like garbage can be condoned in ANY so-called
democracy, let alone one with a Constitution and a Bill of Right's, as
we have. What next?? Already, I've had my telephone `tapped' without
writ or court order, by `corrupt' law-enforcement people here in
Arizona, both state and federal, and often wonder when they'll just
break the door down, jerk my computer up by the wires, and depart.
All it takes is to stand-up and "just say no" to the incredible
Orwellian fascism we're living, and boy, you can kiss your
Constitutional rights `adios'.
I have read a lot of stuff that `sickened' me, but I think with all of
the other naivete that I've had jerked off of me like a well worn in
security blanket, things of this nature really make me ask myself
"why" I served in the military during the Vietnam conflict, only to
find out that communism isn't so much a red flag with a hammer and
sickle on it, as it is a government that is totalitarian in nature, as
ours has certainly become.
This `incident' at the mall ought to serve as a wake-up call to every
single American with a computer, and perhaps anyone with views
contrary to the politically correct ones. I remember reading volumes
of books about Germany, post WWI, and incredibly enough, this nation
is increasingly looking a lot like the Germany I'd read about, from
about 1934, onwards. Ronald Reagan and George Bush must've copied
their scripts straight out of Mein Kampf.
Anyway, I didn't want to rant and rave about how bad-off we are, but
sit at the computer tonight, asking myself how much longer it will be
before we find ourselves sitting around, computer-less, absolutely no
guarantee whatsoever that our telephones, if we still have them,
aren't tapped, and that any dissenting comment we might make, about
any governmental entity, might ultimately be used as an excuse, as the
term "hacker" has, to "threaten," "intimidate" and without due
process, confiscate our property?
It is perhaps time for you to think seriously about getting this story
a lot wider dissemination into the press, s the rest of the nation
can, if it isn't lobotomized yet, realize that something went horribly
"wrong" in Washington, D.C. on the 7th of ((November)), and that
nothing less than a full-blown accounting for it by the D.O.J. and
F.B.I ought to be mandated by the public.
Thanks for your time, and I hope that if there ever was a time when the
alert lags ought to be flown, this was one of them.
------------------------------
Date: Tue, 8 Dec 92 23:15:12 CST
From: HoHoCon Information Account <hohocon@KIDPORN.FREESIDE.COM>
Subject: File 4--H0H0CON (Xmascon) Update
[Updated Announcement #2 - December 4, 1992]
dFx International Digest and cDc - Cult Of The Dead Cow proudly present :
The Third Annual
X M A S C O N
AKA
H 0 H 0 C O N
"G0T ANY K0DEZ?!!"
Who: All Hackers, Journalists, Security Personnel, Federal Agents,
Lawyers, Authors and Other Interested Parties.
Where: Allen Park Inn
2121 Allen Parkway
Houston, Texas 77019
U.S.A.
Tel: (800) 231-6310
Hou: (713) 521-9321
Fax: (713) 521-9321, Ext. 350
When: Friday December 18 through Sunday December 20, 1992
Fee: Five Dollars (Optional Donation)
Two Weeks And Counting!
~~~~~~~~~~~~~~~~~~~~~~~
It's starting to creep up on us... HoHoCon '92 is right around the
corner and it looks like we're going to surpass our attendance
expectations in a BIG way. We figured we were going to lose a lot of
people when we had to change hotels, but such was not the case. All
the designated HoHoCon rooms at the Allen Park Inn were called for by
the third week of November. Luckily, the hotel opened up another wing
for us. That means it's not too late to reserve a room and make plans
to attend. Another big plus for everyone is that the airlines are
engaging in a price war again which will hopefully help some people
make it.
This update contains some of the new conference revelations as well as
general information from the last announcement. Believe it or not, we
are still in the process of getting everything finalized so we're not
able to give every exact detail of the conference as we don't know
them all yet. If you need additional information or a question
answered, just contact us and we'll try to help you out.
Which brings me to something. Unfortunately, our voice mail system
automatically deletes messages on a three day basis so we weren't able
to get back to some people who wanted us to call them. Before anyone
had a chance to write the phone numbers down, the messages were
erased. If you left a message asking us to call you and you haven't
heard from us yet, please call back again.
On with the new info...
Will HoHoCon Get Raided Like PumpCon & The 2600 Meeting?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I've not only been asked this a million times, but I've recently seen
messages across Usenet and smaller bbs nets from people stating they
wouldn't be attending to HoHoCon because of the recent happenings on
the east coast. Those who say they're not coming because they know the
fEdZ, Secret Service, bUnk0 sKwaD, CIA, SPA, Twinkie Police, CERT and
Sha Na Na are planning to arrest everyone in attendance, are not only
stupid but also the ones who'll be missing out as the feds are not
coming to take anyone away. You can believe what you wish but the
following is taken from a conversation we had with a fairly high
ranking federal computer crime investigator (a.k.a the FeDs
themselves) -
"There's a big difference between your conference and what was going
on up North. First of all, the 2600 thing was handled by mall cops,
not the government and the PumpCon people attracted attention to
themselves by doing some really stupid stuff and not thinking. There
was no pre thought in that anyhow.. nobody drew up a game plan
beforehand to sweep the hotel. Plus, those were private little
meetings where the people really didn't have the means of fighting
back even if they thought the interruptions were unjust. Hopefully,
nobody within this organization is going to be stupid enough to break
in the doors of a very well known public meeting of 400 potential
witnesses, a nice percentage of whom are the two people feds hate
most - Journalists and Lawyers. And we do know about the ones who are
going to be there waiting for us to show up, guns in hand. They'll be
waiting a while. You're talking about the weekend before Christmas,
if I'm not at the mall, my wife's gonna kick my ass. You can tell
your people to sleep easy, we're not coming."
Direct from the source.
Speakers ~~~~~~~~
The big question on people's minds seems to be "Who will be speaking
at the conference?" There are currently twelve speakers slated for
Saturday, and that number is undoubtedly sure to increase within the
next two weeks. We have a number of proposed speakers who are still in
the "trying to make it" stages. Definite speakers at this time include
Scott Chasin (Doc Holiday) and Chris Goggans (Erik Bloodaxe) of
LoD/Comsec, John Draper (Cap'n Crunch), Ray Kaplan, Byron (Louis
Cypher), Mike (Bootleg), Steve Ryan (Brian O'Blivion), and a host of
others including representatives from a fair share of today's computer
underground related publications.
Hardly anything is etched in stone, and some of the speakers are still
deciding exactly what they're going to talk about. Proposed topics at
this time include "The Federal Government Taught Me How to
Counterfeit", "The Computer Underground of the Former Soviet Union",
"The Implementation of a System and Network Security-Related Incident
Tracking and Vulnerability Reporting Database", and, of course,
"bLiNKeEZ!"
We are still entertaining offers from anyone who would like to speak.
Please contact us if you wish to do so.
Will Bruce Sterling Be There?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
We've received a few dozen letters from people asking if Bruce would
be attending and speaking (and if he'd also sign their books). The
honest answer is nobody knows. I haven't heard a definite answer yet.
Bruce did speak last year and he does live in Austin, so there is a
decent chance he may attend. Although.. a few people think he may be
wary of coming due to the fact that he was hit in the head with a
flying 'partyball (tm)' last year. Karl says "Sorry about that Bruce."
Who Was That Guy On Dateline?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Don't ask me why, but we've also received a large number of letters
from people asking this particular question. The social engineering
extra-ordinare was Scott Chasin and, yes, he will be attending and
speaking. A few of you asked us some other questions about Scott that
were very odd. As far as we know, he is from Earth and has never been
abducted by aliens. You may want to ask him yourself though.
A Conference Fee? ~~~~~~~~~~~~~~~~~
Yes, but not exactly. There is no designated cost to attend, but we
are gladly accepting donations. We talked to a number of the people
coming and everyone seemed to agree that five dollars ($5) was a
reasonable figure to ask for. Of course, this is completely optional,
but there will be definite benefits to those who donate such as better
seats, better service, cheaper shirt prices, and... prepare
yourself... raffle tickets. That's right, a raffle! It'll be more fun
than bingo with Granny! Everyone who donates five dollars gets a
raffle ticket, and anyone who donates over that will get more. We'll
hold the raffle during the last part of Saturday's conference. Anyone
wishing to donate prizes (or really stupid items) for the raffle
should just let us know or bring it with you. Prizes at this time
include shirts, an autographed copy of Bruce Sterling's 'The Hacker
Crackdown', autographed copies of Steve Jackson's 'Hacker' and 'Gurp
Cyberpunk' games, an autographed Comsec brochure (woo!), Chris
Goggans' UofH parking sticker, SunOs 4.1.3 on CD, a year's
subscription to Mondo 2000, some screwdrivers, a photocopy of Omar and
E.T., and other assorted gOOdeez.
Anyone planning on selling shirts, buttons or other items should also
plan on giving up two of each item. One to myself and one to the
raffle.
Where Does The Money Go?
~~~~~~~~~~~~~~~~~~~~~~~~
A reasonable and expected question. Some people don't realize how much
time, effort and $money$ it takes to put on a conference of this size.
It's no secret that hotels will sometimes increase conference room
costs in December because so many businesses hold their Christmas
parties in them. Given that, and the fact that we had to practically
call every hotel in town and haggle like hell to house the con after
HoJo's backed out, you can rest assured knowing we're dropping a nice
amount on the conference room. Anyone doubting this should feel free
to call some hotels in their area and inquire as to what their room
rental is for the same weekend. The going rate in town is about $300.
We've also spent a bit of money on calling not only the media and
speakers, but everyone else who requested we call to answer questions
or fax information to them. Other people wanted us to mail the
information to them. Mail needs stamps. Stamps cost money.
Then there is the fact that immediately after we released the first
announcement, our local Unix site (the only local free site) changed
over to a pay-per-minute scale. We're still receiving and sending
endless letters regarding the conference. We were finally able to set
up our own site last week, but the previous charges still remain.
The only possible way for all of us to be compensated for what we
spent in time organizing this whole thing would be to charge what some
other security conferences do... about fifty times what we're
suggesting.
Transcripts ~~~~~~~~~~~
Those not able to attend have inquired about obtaining transcripts of
the conference. Written transcripts would not only be huge, but next
to impossible to produce and audio transcripts would take up too many
tapes. So, we will be offering "HoHoCon '92 : The Movie" starting the
first week of January. The conference footage will be shot and edited
with professional equipment and will include not only what happened on
Saturday, but Friday and Sunday as well.
You can also get the official HoHoCon '92 T-shirt even if you can't
make it. The shirts are black and have the following on the back:
dFx & cDc Present:
HOHOCON '92
December 18-20
Allen Park Inn
Houston, Texas
There is a keen, elite message on the front that we're waiting to
unveil at the conference. The shirts will be available at the same
time the video is. Anyone needing additional information or wishing
to purchase either item should contact us (e-mail is best).
How You Can Help? ~~~~~~~~~~~~~~~~~
Some folks, most from the Houston and Austin area have offered their
services and we've had a hard time thinking of exactly what we needed.
The following is a list of items we are currently in need of :
A *large* tv for use in the conference room, a tripod, blank Hi-8 and
VHS tapes, volunteers to help work the door on Saturday morning,
interesting items for the raffle, and countless other things I can't
recall.
We're also looking for someone in Houston who may wish to spend a day
with the infamous Cap'n Crunch (John Draper). John is arriving a day
early and needs a place to stay on Thursday night. I can guarantee
you'll hear many interesting stories about the very early days and
telecom and phreaking. You'll probably pick up a few swell exercising
tips too!
Starting Time ~~~~~~~~~~~~~
Saturday's conference will not start like last year where we opened
the doors and everyone sort of piled in. The door will be open at
approximately 10 a.m. at which point you can sign the conference
registrar, make a donation if you wish and enter the conference room.
The conference starts promptly at 11 a.m. (no renditions of SummerCon
please). Plan for this in advance as we won't be moving the starting
time like last year.
Ending Notes ~~~~~~~~~~~~
Everything after this paragraph is taken from the last announcement.
If anyone wants it in full just mail us and we'll send it to you. The
"Howard Johnson's Story" is attached with it in CuD 4.45. If, for some
reason, you can't get CuD and want to read about, we can send that to
you too. That should just about wrap everything up. You know what to
do if you need anything else. Hopefully, we'll see you at the con!
dFx of cDc
+++++++++++++
What Exactly Is HoHoCon?
~~~~~~~~~~~~~~~~~~~~~~~~
HoHoCon is something you have to experience to truly understand. It is
the largest annual gathering of those in, related to, or wishing to
know more about the computer underground (or those just looking for
another excuse to party). Attendees generally include some of the most
notable members of the "hacking/telecom" community, journalists,
authors, security professionals, lawyers, and a host of others. Last
year's speakers ranged from Bruce Sterling to Chris Goggans and Scot
Chasin of Comsec/LoD. The conference is also one of the very few that
is completely open to the public and we encourage anyone who is
interested to attend.
Hotel Information ~~~~~~~~~~~~~~~~~
The Allen Park Inn is located along Buffalo Bayou and is approximately
three minutes away from Downtown Houston. The HoHoCon group room rates
are $49.00 plus tax (15%) per night, your choice of either single or
double. As usual, when making reservations you will need to tell the
hotel you are with the HoHoCon Conference to receive the group rate.
Unlike our previously chosen joke of a hotel, the Allen Park Inn is
not situated next to an airport and this may cause a small
inconvenience for those of you who will be flying to the conference.
The hotel is centrally located so you can fly in to either
Intercontinental or Hobby airport but we are recommending Hobby as it
is 15 miles closer and much easier to get to from the hotel. Here's
where it may get a little confusing -
If you arrive at Hobby, you will need to take the Downtown Hyatt
Airport Shuttle to the Hyatt, which departs every 30 minutes and will
cost you $6.00. When you get to the Hyatt, get out of the shuttle with
your luggage (for those who may not of figured that out yet) and use
any of the nearby pay phones to call the Allen Park Inn (521-9321) and
tell them you need a ride. It's just like calling Mom when you need a
ride home from glee club! The hotel shuttle will be around shortly to
pick you up and take you to the aforementioned elite meeting place,
and that ride is free. If all this is too much for you, you can always
take a cab directly to the hotel which will run you about $20.
If you arrive at Intercontinental, you will need to board the Airport
Express bus and take it to the Downtown Hyatt ($9). Once there, just
follow the same instructions listed above.
Check-in is 3:00 p.m. and check-out is 12:00 noon. Earlier check-in is
available if there are unoccupied rooms ready. Free local calls are
provided, so bring dem 'puterz. I don't know if cable is free also, so
those who wish to rekindle the memories of yesteryear may want to
bring their screwdrivers. The hotel has both 24 hour room service, and
a 24 hour restaurant, The Nashville Room. Call it a wacky coincidence,
but the hotel bar is called the ATI room and like most of Houston's
similar establishments, closes at 2 a.m. Good thing Tony still works
at Spec's...
Directions ~~~~~~~~~~
For those of you who will be driving to the conference, the following
is a list of directions on how to get to the hotel from most of
Houston's major freeways that bring traffic in from out of town:
I-45 North or South: Exit Allen Parkway on the inside (left side) of
the freeway. Take the Studemont/Montrose exit off Allen Parkway, then
make a U-turn at the bridge and head back towards downtown. The hotel
will be on the right hand side.
290: Take 290 to 610 South, then take I-10 East towards downtown. Exit
Studemont. Right on Studemont, left on Allen Parkway. The hotel will
be on the right hand side.
I-10 West: Exit Studemont. Right on Studemont, left on Allen Parkway.
The hotel will be on the right hand side.
I-10 East: Take I-10 East to I-45 South and follow the same directions
from I-45 listed above.
US-59 North or South: Take US-59 to I-45 North and follow the same
directions from I-45 listed above.
Call the hotel if these aren't complete enough or if you need
additional information.
Conference Details ~~~~~~~~~~~~~~~~~~
HoHoCon will last 3 days, with the actual conference being held on
Saturday, December 19 in the Hermitage Room, starting at 11:00 a.m.
and continuing until 5 p.m. or earlier depending on the number of
speakers.
We are still in the planning stages at the moment, primarily due to
time lost in finding a new hotel and getting contracts signed. We have
a number of speakers confirmed (yes, Goggans will be speaking again)
and will try to finalize the list and include it in the next update.
We are definitely still looking for people to speak and welcome
diverse topics (except for "The wonders and joys of ANSI, and how it
changed my life"). If you're interested in rattling away, please
contact us as soon as possible and let us know who you are, who you
represent (if anyone), the topic you wish to speak on, a rough
estimate of how long you will need, and whether or not you will be
needing any audio-visual aids.
We would like to have people bring interesting items and videos again
this year. If you have anything you think people would enjoy having
the chance to see, please let us know ahead of time, and tell us if
you will need any help getting it to the conference. If all else
fails, just bring it to the con and give it to us when you arrive. We
will also include a list of items and videos that will be present in a
future update.
If anyone requires any additional information, needs to ask any
questions, wants to RSVP, or would like to be added to the mailing
list to receive the HoHoCon updates, you may mail us at:
dfx@nuchat.sccsi.com
drunkfux@kidporn.freeside.com
drunkfux@freeside.com
359@7354 (WWIV Net)
or via sluggo mail at:
Freeside Data Network
Attn: HoHoCon/dFx
11504 Hughes Road
Suite 124
Houston, Texas
77089
We also have a VMB which includes all the conference information and
is probably the fastest way to get updated reports. The number is:
713-866-4884
You may also download any of the conference announcements and related
materials by calling 713-492-2783 and using the user name "unix",
which is unpassworded. The files will be in the "/pub/h0h0" directory.
Type "biscuit" if you wish to gain an account on the system. You can
find us there too.
Conference information and updates will most likely also be found in
most computer underground related publications, including CuD,
Informatik, NIA, Mondo 2000, 2600, Phrack, World View, etc. We
completely encourage people to use, reprint, and distribute any
information in this file.
Stupid Ending Statement To Make Us Look Good
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HoHoCon '92 will be a priceless learning experience for professionals
and gives journalists a chance to gather information and ideas direct
from the source. It is also one of the very few times when all the
members of the computer underground can come together for a realistic
purpose. We urge people not to miss out on an event of this caliber,
which doesn't happen very often. If you've ever wanted to meet some of
the most famous people from the hacking community, this may be your
one and only chance. Don't wait to read about it in all the magazines
and then wish you had been there, make your plans to attend now! Be a
part of what we hope to be our largest and greatest conference ever.
Remember, to make your reservations, call (800) 231-6310 and tell them
you're with HoHoCon.
------------------------------
End of Computer Underground Digest #4.64
************************************
Computer underground Digest Sun Dec 13, 1992 Volume 4 : Issue 65
ISSN 1066-652X
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Copy Editor: Etaion Shrdlu, Junior
CONTENTS, #4.65 (Dec 13, 1992)
File 1--DOJ Authorizes Keystroke Monitoring
File 2--Teen "Computer Whiz" Strikes Store
File 3--Enviro. Tech. Policy
File 4--DELPHI Announces Full Access to the Internet
File 5--Virus Destroyed Report on Drug Lord
File 6--COM DAILY ON F.C.C. TRANSITION
File 7--Virus Conference (ACMBUL) Call for Papers
File 8--GRAY AREAS -- 'Zine Review
File 9--Bibliography on codes and ciphers
File 10--Comments on the Nov. 2600 Disruption in D.C.
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; in
Europe from the ComNet in Luxembourg BBS (++352) 466893; and using
anonymous FTP on the Internet from ftp.eff.org (192.88.144.4) in
/pub/cud, red.css.itd.umich.edu (141.211.182.91) in /cud, halcyon.com
(192.135.191.2) in /pub/mirror/cud, and ftp.ee.mu.oz.au (128.250.77.2)
in /pub/text/CuD.
European readers can access the ftp site at: nic.funet.fi pub/doc/cud.
Back issues also may be obtained from the mail
server at mailserv@batpad.lgb.ca.us.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Mon, 7 Dec 1992 22:48:06 +0000
From: Dave Banisar <banisar@WASHOFC.CPSR.ORG>
Subject: File 1--DOJ Authorizes Keystroke Monitoring
CA-92:19 CERT Advisory
December 7, 1992
Keystroke Logging Banner
The CERT Coordination Center has received information from the United
States Department of Justice, General Litigation and Legal Advice
Section, Criminal Division, regarding keystroke monitoring by
computer systems administrators, as a method of protecting computer
systems from unauthorized access.
The information that follows is based on the Justice Department's
advice to all federal agencies. CERT strongly suggests adding a
notice banner such as the one included below to all systems. Sites
not covered by U.S. law should consult their legal counsel.
+++++++++++++++++++
The legality of such monitoring is governed by 18 U.S.C. section
2510 et seq. That statute was last amended in 1986, years before
the words "virus" and "worm" became part of our everyday
vocabulary. Therefore, not surprisingly, the statute does not
directly address the propriety of keystroke monitoring by system
administrators.
Attorneys for the Department have engaged in a review of the
statute and its legislative history. We believe that such
keystroke monitoring of intruders may be defensible under the
statute. However, the statute does not expressly authorize such
monitoring. Moreover, no court has yet had an opportunity to
rule on this issue. If the courts were to decide that such
monitoring is improper, it would potentially give rise to both
criminal and civil liability for system administrators.
Therefore, absent clear guidance from the courts, we believe it
is advisable for system administrators who will be engaged in
such monitoring to give notice to those who would be subject to
monitoring that, by using the system, they are expressly
consenting to such monitoring. Since it is important that
unauthorized intruders be given notice, some form of banner
notice at the time of signing on to the system is required.
Simply providing written notice in advance to only authorized
users will not be sufficient to place outside hackers on notice.
An agency's banner should give clear and unequivocal notice to
intruders that by signing onto the system they are expressly
consenting to such monitoring. The banner should also indicate
to authorized users that they may be monitored during the effort
to monitor the intruder (e.g., if a hacker is downloading a
user's file, keystroke monitoring will intercept both the
hacker's download command and the authorized user's file). We
also understand that system administrators may in some cases
monitor authorized users in the course of routine system
maintenance. If this is the case, the banner should indicate
this fact. An example of an appropriate banner might be as
follows:
This system is for the use of authorized users only.
Individuals using this computer system without authority,
or in excess of their authority, are subject to having
all of their activities on this system monitored and
recorded by system personnel.
In the course of monitoring individuals improperly using
this system, or in the course of system maintenance, the
activities of authorized users may also be monitored.
Anyone using this system expressly consents to such
monitoring and is advised that if such monitoring reveals
possible evidence of criminal activity, system personnel
may provide the evidence of such monitoring to law
enforcement officials.
++++++++++++++++++++
Each site using this suggested banner should tailor it to their
precise needs. Any questions should be directed to your
organization's legal counsel.
++++++++++++++++++++
The CERT Coordination Center wishes to thank Robert S. Mueller, III,
Scott Charney and Marty Stansell-Gamm from the United States
Department of Justice for their help in preparing this Advisory.
If you believe that your system has been compromised, contact the
CERT Coordination Center or your representative in FIRST (Forum of
Incident Response and Security Teams).
Internet E-mail: cert@cert.org
Telephone: 412-268-7090 (24-hour hotline)
CERT personnel answer 7:30 a.m.-6:00 p.m. EST(GMT-5)/EDT(GMT-4),
on call for emergencies during other hours.
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890
------------------------------
Date: Thu, 26 Nov 92 10:57:18 CST
From: ICEMAN@CCU.UMANITOBA.CA
Subject: File 2--Teen "Computer Whiz" Strikes Store
From--Winnipeg Free Press (Winnipeg,Manitoba,Canada) on Nov 26,1992:
STAFF THREATENED, FILES RUINED AS TEEN COMPUTER WHIZ STRIKES
By George Nikides
Staff Reporter
A teen hacker uncovered a hole in a downtown software shop's
computer system and went on a rampage, destroying every file and
threatening employees.
"It's an ego thing. 'Boy look what i've accomplished,' " said
Sgt. Dennis Loupin of the Winnipeg police fraud unit. "He's very,
very intelligent. He's got a tremendous future in the computer world."
An 18 year-old, who can't be named because he's charged under the
Young Offender's Act, faces fraud charges.
Police say a hacker discovered a "hole" - an opening that allows
a user to circumvent a computer system's passwords - in the bulletin
board program at Adventure Software Ltd., a Hargrave Street software
shop.
The computer whiz unlocked the program several times, at one
point destroying every file.
Bulletin Board
The hacking is believed to have been carried out with an
IBM-style computer from a home.
Adventure Software offers a computer bulletin board where
customers can communicate, read about news products, or leave messages
from their home systems. The system has about 400 users, police say.
An Adventure Software employee, who asked not to be identified,
said threatening messages were left in the system, some suggesting
that selling software was immoral. Some messages attacked a store
employee. The system was out of operation at one point for 3 1/2
weeks, he said.
But the employee said police are overstating the hacker's skills.
"It doesn't take a genius to hear about a 'hole' in the program," said
the man.
The system was infiltrated four to six times, he said.
"It's not crippling. It's just extremely annoying, " the employee
said. By breaking into the system the computer bandit found home
phone numbers and addresses, he said.
Police say they are also investigating the teen in connection
with break-ins at other systems across North America.
Mischief
"He's now going to have to face the consequences of something he
thought was just a challenge but it's more than that - it's a crime, "
said Loupin.
A Victor Street teenager was arrested Tuesday night and charged
with using a computer service to commit mischief, an offence that
carries a maximum 10-year sentence.
The teen is now 18, but police say he was 17 when the alleged
crimes occured.
------------------------------
Date: Fri, 4 Dec 1992 14:33:31 EDT
From: Rick Crawford <crawford@CS.UCDAVIS.EDU>
Subject: File 3--Enviro. Tech. Policy
Saw this on the net and found much of it relevant to various
efforts to develop an explicit national technology policy
(vs. a default, pork-barrel-driven policy vacuum).
-rick
++++++++++
From--tgray@igc.apc.org (Tom Gray)
Newsgroups--sci.environment
Subject----Renewables Critical, Says WRI
Date--2 Nov 92 15:49:00 GMT
RENEWABLE ENERGY 'ENVIRONMENTALLY CRITICAL', SAYS NEW WRI REPORT
Renewable energy technologies are part of a list of "environmentally
critical" technologies that the federal government should support,
according to a new report from the World Resources Institute, a
Washington, DC, policy organization.
The report, entitled Backs to the Future: U.S. Government Policy
Toward Environmentally Critical Technology, was authored by George
Heatton and Robert Repetto, and is billed by the Institute as "the
first attempt in this country to define and identify areas of
technological advance that would markedly reduce the environmental
burdens of economic progress."
The authors focus on government policy because it strongly influences
the development of new technologies, "from research dollars and
procurement decisions to infrastructure design and standard-setting,"
an Institute news release added.
"Among the most promising environmental R&D areas," it said, " . . .
are methods of non-fossil fuel energy production and use ... and
hydrogen and other storage methods. Many such technologies, now in
early stages of development, would yield large social returns from
technical advances ... "
Backs to the Future's recommendations, the release said, include the
creating of a national research and development (R&D) institute,
altering the missions of the national laboratories, and changing
criteria for funding environmental R&D.
Copies of Backs to the Future can be obtained for $9.95 plus $3
shipping and handling from WRI Publications, PO Box 4852, Hampden
Station, Baltimore, MD 21211, USA, phone (800) 822-0504.
------------------------------
Date: 09 Dec 1992 00:13:55 -0500 (EST)
From: "WALT HOWE, DELPHI INTERNET SIG MANAGER" <WALTHOWE@DELPHI.COM>
Subject: File 4--DELPHI Announces Full Access to the Internet
FOR IMMEDIATE RELEASE:
DELPHI Online Service Announces Full Access to the Internet
Cambridge MA, December 9, 1992 -- DELPHI, an international online
service, today announced full access to the Internet including
real-time electronic mail, file transfers with "FTP," and remote
log-ins to other Internet hosts using "Telnet." With this
announcement, DELPHI becomes the only leading consumer online service
to offer such a wide variety of Internet features.
Russell Williams, DELPHI's general manager, explains the significance
of this announcement. "Prior to now, anyone interested in accessing
the Internet had a very limited number of options. In most cases you
had to be connected directly through your company or school. DELPHI
is now an important low-cost access option available to home computer
users. Anyone can connect to DELPHI with a local call from over 600
cities and towns throughout the US and in many other countries."
The Internet is considered the world's largest computer network. It
is comprised of thousands of companies, colleges, schools, government
agencies, and other organizations. There are currently an estimated 4
million users. "This incredible collection of resources will mean
better and more specialized services for all users" adds Mr. Williams.
"For example, users can take electronic courses conducted by leading
universities, access databases and reports from government agencies,
and get product information and support directly from companies. There
are also mailing lists and discussion groups for almost every special
interest imaginable. Electronic mail can be used to send private
messages to anyone on the Internet and even many commercial networks
like Compuserve and MCI Mail."
DELPHI's connection to the Internet works both ways: In addition to
offering access out to other networks, DELPHI provides value-added
services to people already on the Internet. Any user of the Internet
can access DELPHI to use services such as Grolier's Academic American
Encyclopedia, the Dictionary of Cultural Literacy, Reuters and UPI
newswires, stock quotes, computer support, travel reservations,
special interest groups, real-time conferencing, downloadable
programs, and multi-player games. All these services can be reached
through the Internet simply by joining DELPHI and then telnetting to
the address "delphi.com" via the commercial Internet.
In order to help new users with questions related to the Internet,
DELPHI has an area online to provide support. The Internet Special
Interest Group (SIG) includes an active message forum where members
and staff can exchange useful information. Comprehensive guide books,
downloadable software, and information files are also available.
DELPHI has two membership plans: the 10/4 Plan is $10 per month and
includes the first 4 hours of use; additional use is $4 per hour. The
20/20 Advantage Plan is $20 per month, includes 20 hours of use, and
is only $1.80 per hour for additional time. The Internet service
option is an extra $3 per month and includes a generous transfer
allocation of 10 megabytes (the equivalent of about 3,000 type-written
pages). Access during business hours via Sprintnet or Tymnet carries
a surcharge.
Through a special trial membership offer, anyone interested in
learning more about DELPHI and the Internet can receive 5 hours of
access for free. To join, dial by modem, 1-800-365-4636 (current
Internet users should telnet to "delphi.com" instead). After
connecting, press return once or twice. At the Username prompt, enter
JOINDELPHI and at the password prompt, type INTERNETSIG. DELPHI Member
Service Representatives can also be reached by voice at
1-800-695-4005.
DELPHI is a service of General Videotex Corporation, a leading
developer of interactive and online services based in Cambridge,
Massachusetts. For more information, call either of the above numbers
or send email to Walt Howe, Internet SIG manager at
walthowe@delphi.com.
------------------------------
Date: 05 Dec 92 15:51:46 EST
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 5--Virus Destroyed Report on Drug Lord
Virus Destroyed Report on Drug Lord Say Colombian Officials
Colombian politicians allege a mysterious computer virus this week
wiped out conclusions of a Senate investigation into the jailbreak of
cocaine king Pablo Escobar just hours before the data was due to be
presented.
Reports from various committee members call the virus the "ghost of
La Catedral," a reference to the prison from which Escobar and nine
of his lieutenants escaped on July 22 during a bungled military
operation to transfer them to another prison.
"The committee's conclusions, reached after more than two months of
investigation, supposedly held top military officials, ministers and
former ministers responsible for the escape." REPRINTED FROM STREPORT
#8.46 WITH PERMISSION
------------------------------
Date: Tue, 8 Dec 1992 12:27:28 CST
From: LOVE%TEMPLEVM@PSUVM.PSU.EDU
Subject: File 6--COM DAILY ON F.C.C. TRANSITION
>From Discussion of Government Document Issues <GOVDOC-L@PSUVM.BITNET>
* Communications Daily article on Clinton transition
appointment for Federal Communications Commission
(F.C.C.)
The following article, written by Art Brodsky (202/872-9202, x252), is
reprinted from the December 7, 1992 issue of Communications Daily,
with permission. Communications Daily is published by Warren
Publishing, Inc., 2115 Ward Court, N.W. Washington, DC 20037.
`Far End of Spectrum'
PLESSER TRANSITION APPOINTMENT DRAWS FIRE
Public interest groups friday criticized naming of Washington
attorney Ronald Plesser to head up communications issues for Clinton
transition effort (CD Dec4, p1). Groups said Plesser, partner in
Washington office of Baltimore law firm Piper & Marbury, represents
clients that characterize Washington special interests. As might be
expected, Plesser's appointment was defended by Clinton confidants.
Plesser will head one of 2 groups in science and technology
transition section led by ex-astronaut Sally Ride. Other group in
Ride's section will evaluate hard science agencies such as NASA and
National Science Foundation. Those transition groups were established
to assess policies and agencies, not to make appointment
recommendations. Personnel matters for permanent jobs are to be
handled by ex-S.C. Gov. Richard Riley (CD Nov 20 p1).
Clinton confidants praised Plesser's designation. "He's the
right guy," we were told. "He'll take a snapshot of the agency,"
covering budget needs, personnel and similar matters. Transition team
"will look to Ron for insights. He's the guy." Referring to much
speculation in press about what Clinton has in mind and who his
appointments might be, source said: "I wonder what on earth motivates
some of this stuff...most of which is wildly inaccurate."
Most criticism of Plesser centers on his advocacy on behalf of
Direct Marketing Assn. (DMA) and Information Industry Assn. (IIA),
particularly for advocating private sector control of databases
constructed by public agencies. Taxpayer Assets Project Dir. James
Love said Plesser "himself is the architect of the basic privatization
policies that came about in the Reagan Administration." Plesser, he
said, is "most ferocious opponent of librarians, citizen groups and
the research community, who want to broaden public access to
government, taxpayer-supported information systems. He's the devil
himself when it comes to government information policy."
Similarly, Marc Rotenberg, dir. of Washington office of Computer
Professionals for Social Responsibility (CPSR), said that "while there
is personal regard for Ron Plesser, there is not happiness about this
decision." Rotenberg said that Plesser's clients have great deal at
stake at FCC, including decisions on 800 number portability and
automatic number identification (ANI) that affect direct marketers, as
well as on video dial tone and access to networks. Plesser represents
"a far end of the spectrum in the policy debates," Rotenberg said. He
said CPSR's main concerns are in areas of privacy protection, public
access to govt. information, communications infrastructure. In each
of those areas, "Ron has been from our viewpoint on the opposite side
of the issue."
Rotenberg said that if transition effort is merely to be brief
fact-finding exercise, Clinton team could have sought out "someone
with less bias," perhaps in academic community. Jeff Chester, co-dir.
of Center for Media Education, said his group is "very concerned"
about Plesser because "of the special interest lobbying baggage he
carries with him." Chester said his group believes that Plesser's
appointment "places an extra burden, a double duty on the Clinton
Administration, to find people for the FCC and other
telecommunications policy positions who don't come with any kind of
lobbying baggage and reflect the kind of public interest concerns the
Commission definitely needs."
Transition team still having difficulty deciding how to apply its
proposed tough ethics requirements for Presidential appointees (CD Nov
5 p1). There's still been no decision as "to how deep the 5-year
restriction will be applied," we're told. That means, according to
sources, restrictions--when they finally come out--may not go below
Cabinet level. As for FCC appointees and top staffers (such as bureau
chiefs) brought in, it hasn't been decided whether attempt will be
made to extend period they couldn't practice or lobby agency to 5
years from one year. Proposal has been roundly criticized by
Democrats who are know to be, or expect to be, in line for top jobs in
Clinton Administration.
------------------------------
Date: Thu, 10 Dec 92 17:28:07 EST
From: sara@GATOR.USE.COM(Sara Gordon)
Subject: File 7--Virus Conference (ACMBUL) Call for Papers
C A L L F O R P A P E R S
ACMBUL's 1st INTERNATIONAL COMPUTER VIRUS PROBLEMS AND
ALTERNATIVES CONFERENCE
April, 1993 - Varna, Bulgaria
The purpose of the 1993 International Computer Virus Conference is to
provide a forum for anti-virus product developers, researchers and
academicians to exchange information among themselves, the students,
the public and the industry. ICVC'93 will consist of open forums,
distinguished keynote speakers, and the presentation of high-quality
accepted papers. A high degree of interaction and discussion among
Conference participants is expected, as a workshop-like setting is
promoted.
Because ICVC'93 is a not-for-profit activity funded primarily by
registration fees, all participants are expected to have their
organizations bear the costs of their expenses and registration.
Accommodations will be available at reduced rates for conference
participants.
WHO SHOULD ATTEND
The conference is intended for computer security researchers,
managers, advisors, EDP auditors, network administrators, and help
desk personnel from government and industry, as well as other
information technology professionals interested in computer security.
CONFERENCE THEME
This Conference, devoted to advances in virus prevention, will
encompass developments in both theory and practice. Papers are
invited in the areas shown and may be theoretical, conceptual,
tutorial or descriptive in nature. Submitted papers will be refereed,
and those presented at the Conference will be included in the
proceedings.
Possible topics of submissions include, but are not restricted to:
o Virus Detection o Virus Trends and Forecast
o Virus Removal o Virus Prevention Policies
o Recovering from Viruses o Incident Reporting
o Viruses on various platforms o Emergency Response
(Windows, Unix, LANs, WANs, etc.) o Viruses and the Law
o Virus Genealogy o Education & Training
o The "Virusology" as scientific o Costs of virus protection
discipline o Communications and viruses
o Psychological aspects of computer
viruses
THE REFEREEING PROCESS
All papers and panel proposals received by the submission deadline and
which meet submission requirements will be considered for presentation
at the Conference.
All papers presented at ICVC'93 will be included in the Conference
proceedings, copies of which will be provided to Conference attendees.
All papers presented, will also be included in proceedings to be published
by the ACMBUL.
INSTRUCTIONS TO AUTHORS
[1] Two (2) copies of the full paper, consisting of up-to 20
double-spaced, typewritten quality pages, including diagrams, must
be received no later than 28 February 1993.
[2] The language of the Conference is English.
[3] The first page of the manuscript should include the title of
the paper, full name of all authors, their complete addresses
including affiliation, telephone numbers and e-mail addresses,
as well as an abstract of the paper.
[4] Authors willing to submit their manuscripts electronically
should contact the Organizering Committee at the address below.
IMPORTANT DATES
o Full papers to be received in camera-ready form by the Organizing
Committee by 28 February 1993.
o Notification of accepted papers will be mailed to the author on
or before 10 March 1993.
o Conference: 5-11 April 1993, St. Konstantine Resort, Varna, Bulgaria
WHOM TO CONTACT
Questions or matters related to the Conference Program should be directed
to the ACMBUL:
ICVC'93
Attn: Mr. Nickolay Lyutov
ACMBUL Office
Varna University of Economics
77 Boris I Blvd, 9002 P.O.Box 3
Varna
Bulgaria
Telephone/Fax: +359-52-236213
ICVC93@acmbul.bg
+++++
# "talk to me about computer viruses............"
# fax/voice: 219-277-8599 sara@gator.use.com
# data 219-273-2431 SGordon@Dockmaster.ncsc.mil
# fidomail 1:227/190 vfr@netcom.com
------------------------------
Date: Sun, 13 Dec 92 20:38:01 EST
From: Moderators <Cudigest@mindvox.phantom.com>
Subject: File 8--GRAY AREAS -- 'Zine Review
We've come across another new periodical, GRAY AREAS, that promises to
be a useful resource for anybody interested in counter-culture or
alternative lifestyles. As the name implies, GRAY AREAS intends to
focus on a broad range of topics that normally fall between the cracks
of conventional magazines, especially in the realm of technology,
music, video, art, and other snippets of (unconventional) culture.
According to the editorial statement of purpose:
GRAY AREAS exists to examine the gray areas of life. We hope
to unite people involved in all sorts of alternative
lifestyles and deviant subcultures. We are everywhere! We
feel that the government has done a great job of splitting
people up so that we do not identify with other minority
groups anymore. There are so many causes now that we often
do not talk to others not directly involved in our chosen
causes. We believe that the methods used to catch criminals
are the same regardless of the crime and that much can be
learned by studying how crimes in general are prosecuted and
how people's morals are judged. It is our mission to educate
people so they begin to care more about the world around
them. Please join our efforts by subscribing, advertising
your business with us and by spreading the word about what
we're up to.
The first issue (Fall, 1992) includes snippets of news, reviews of
books, alternative magazines, music, and videos, and other nifty
esoteria. Two feature-interviews captivated us. The first, with John
Barlow (by editor and publisher Netta Gilboa), is incisive and ranges
from The Grateful Dead to the EFF. The second, also by Gilboa, is
with former "X-rated" movie queen Kay Parker. The latter is a
sensitive look at the changes she has gone through in the past 20
years. The tenor of both interviews, as with much of the magazine
itself, is about personal and social transformation as we, and
society, move through a succession of phases as we age and change.
Upcoming features include an article on Howard Stern (New York
"shock-DJ"), audio sampling, law enforcement search & seizure,
interviews with John Trubee about prank phone calls, Jefferson
Airplane/Hot Tuna guitarist Jorma Kaukonen, porn director Candida
Royalle, criminal attorney and professional musician Barry Melton (an
original member of Country Joe & The Fish), and an interview with Bob
Dobbs. Some of the items reviewed in issue 2 will include a tape sold
to police departments on how to seize computers, and Bruce Sterling's
_Speaking_ _For_ _The_ _Unspeakable_, Mystic Fire's _Cyberpunk_.
The editors also plan to include an on-going series on viruses
and offer anonymity to virus writers and software crackers willing to
discuss their views of the issues.
The type of topics--rock music, films, off-beat cultural
interests--are the type that easily encourage fluff pieces and
superficial treatment. But, if the first issue of GRAY AREAS is
representative of what's to follow, there will be no fluff here. The
'Zine seems targeted to BBWBs (baby-boomers with brains) and appears
intended to reflect changing times with commentary and analysis by
those making the changes.
A one-year (four issue) subscription is available for $18 (US) or $24
(foreign), and a twelve-issue sub is $50 (US) or $75 (foreign). The
editors, Netta Gilboa and Alan Sheckter, can be contacted through
e-mail at GRAYAREA@WELL.SF.CA.US
For subscriptions, submissions, or other information, write:
GRAY AREAS
PO Box 808
Broomall, PA 19008-0808
------------------------------
Date: Sun, 6 Dec 92 07:47 EST
From: "Michael E. Marotta" <MERCURY@LCC.EDU>
Subject: File 9--Bibliography on codes and ciphers
number 006 CLACKER'S DIGEST December 6, 1992.
philosophy and applications for analytical engines
+++++++++++++++++++++++++
A Cryptography Bibliography by mercury@well.sf.ca.us
(Technically, cryptography is MAKING codes while cryptanalysis is
BREAKING them. Both are subsumed under cryptology. A CIPHER is a
regular transposition such as A=Z, B=Y, etc., while a CODE is a table
of arbitrary symbols.)
Kahn, David, THE CODEBREAKERS, MacMillan, 1967. The MOST complete
history with specific examples. Written before public keys, RSA,
etc., but still THE place to start.
Marotta, Michael, THE CODE BOOK, Loompanics, 1987, Overview of history
and post-1967 developments.
Sinkov, Abraham, ELEMENTARY CRYPTANALYSIS: A MATHEMATICAL APPROACH,
Random House, 1968. Sinkov worked for Friedman on the breaking of
Purple. First rate.
Gaines, Helen Fouche, CRYPTANALYSIS, Dover, 1956. A classic work. The
first step to breaking codes and ciphers.
Lysing, Henry, SECRET WRITING, Dover, 1974. Another reprint of
another classic.
Smith, Laurence Dwight, CRYPTOGRAPHY, Dover, 1955. Ditto.
Konheim, Alan G., CRYPTOGRAPHY: A PRIMER, John Wiley, 1981. Textbook
for mathematicians from IBM's Watson Center. Includes public keys,
digital signatures.
Meyer, Carl H., and Matyas Stephen M., CRYPTOGRAPHY, John Wiley, 1982.
From IBM Cryptography Competency Center. For computers, includes
public keys, digital signatures.
Weber, Ralph E., UNITED STATES DIPLOMATIC CODES AND CIPHERS 1775-1938,
Precedent, 1979. Not just a history! The appendix contains the
all the keys!!
Chadwick, THE DECIPHERMENT OF LINEAR B, Vintage, 1958. Worked with
Michael Ventris on unraveling Minoan script.
Yardley, Herbert O., THE AMERICAN BLACK CHAMBER, Ballantine 1981,
Random House, 1931. Yardley broke German ciphers in WWI and then
Japanese ciphers of 1920, and was fired in 1931 because "Gentlemen
don't read each other's mail."
(anonymous), THE DATA ENCRYPTION STANDARD, National Bureau of
Standards, January 1977, NTIS NBS-FIPS PUB 46.
(anonymous), DATA SECURITY AND THE DATA ENCRYPTION STANDARD,
National Bureau of Standards, 1978, Pub 500-27; CODEN: XNBSAV.
Rivest, Ronald L., Shamir, A., and Adleman, L., "A Method for
Obtaining Digital Signatures and Public-key Cryptosystems,"
COMMUNICATIONS OF THE ACM, February, 1979. The last word.
------------------------------
Date: 13 Dec 92 14:00:21 EST
From: Emmanuel Goldstein <emmanuel@well.sf.ca.us>
Subject: File 10--Comments on the Nov. 2600 Disruption in D.C.
((MODERATORS' NOTE: Following is a letter to the editor of the
Washington Post that they chose not to print as a "Viewpoint."
The author, Emmanuel Goldstein, is editor of the magazine 2600,
which can be contacted at 2600 Magazine - PO Box 752 -
Middle Island, NY 11953. A yearly subscription is only $21 (US)).
While managing to convey some of the facts concerning the Pentagon
City Mall hacker incident on November 6, "Hackers Allege Harassment at
Mall" (November 13, page A1) fails to focus on the startling
revelation of federal government involvement and the ominous
implications of such an action. The article also does little to lessen
the near hysteria that is pumped into the general public every time
the word "hacker" is mentioned. Let us take a good look at what has
been confirmed so far. A group of computer hackers gathered at a local
mall as they do once a month. Similar meetings have been going on in
other cities for years without incident. This gathering was not for
the purposes of causing trouble and nobody has accused the hackers of
doing anything wrong. Rather, the gathering was simply a place to meet
and socialize. This is what people seem to do in food courts and it
was the hackers' intention to do nothing more.
When mall security personnel surrounded the group and demanded that
they all submit to a search, it became very clear that something
bizarre was happening. Those who resisted were threatened with arrest.
Everyone's names were written down, everyone's bags gone through. One
person attempted to write down the badge numbers of the people doing
this. The list was snatched out of his hand and ripped to pieces.
Another hacker attempted to catch the episode on film. He was
apprehended and the film was ripped from his camera. School books,
notepads, and personal property were seized. Much of it has still not
been returned. The group was held for close to an hour and then told
to stay out of the mall or be arrested.
This kind of treatment is enough to shock most people, particularly
when coupled with the overwhelming evidence and eyewitness accounts
confirming no unusual or disruptive behavior on the part of the group.
It is against everything that our society stands for to subject people
to random searches and official intimidation, simply because of their
interests, lifestyles, or the way they look. This occurrence alone
would warrant condemnation of a blatant abuse of power. But the story
doesn't end there.
The harassment of the hackers by the mall police was only the most
obvious element. Where the most attention should be focused at this
point is on the United States Secret Service which, according to Al
Johnson, head of mall security, "ramrodded" the whole thing. Other
media sources, such as the industry newsletter Communications Daily,
were told by Johnson that the Secret Service was all over the mall
that day and that they had, in effect, ordered the harassment.
Arlington police confirm that the Secret Service was at the mall that
day.
It is understood that the Secret Service, as a branch of the Treasury
Department, investigates credit card fraud. Credit card fraud, in
turn, can be accomplished through computer crime. Some computer
hackers could conceivably use their talents to accomplish computer
crime. Thus we arrive at the current Secret Service policy, which
appears to treat everybody in the hacker world as if they were a
proven counterfeiter. This feeling is grounded in misperceptions and
an apprehension that borders on panic. Not helping the situation any
is the everpresent generation gap - most hackers are young and most
government officials are not.
Apart from being disturbed by the gross generalizations that comprise
their policy, it seems a tremendous waste of resources to use our
Secret Service to spy on public gatherings in shopping malls. It seems
certain to be a violation of our rights to allow them to disrupt these
meetings and intimidate the participants, albeit indirectly. Like any
other governmental agency, it is expected that the Secret Service
follow the rules and not violate the constitutional rights of
citizens.
If such actions are not publicly condemned, we will in effect be
granting a license for their continuance and expansion. The incident
above sounds like something from the darkest days of the Soviet Union
when human rights activists were intimidated by government agents and
their subordinates. True, these are technology enthusiasts, not
activists. But who they are is not the issue. We cannot permit
governmental abuse of any person or group simply because they may be
controversial.
Why do hackers evoke such controversy? Their mere presence is an
inconvenience to those who want so desperately to believe the emperor
is wearing clothes. Hackers have a tendency of pointing out the
obvious inadequacies of the computer systems we entrust with such a
large and growing part of our lives. Many people don't want to be told
how flimsily these various systems are held together and how so much
personal data is readily available to so many. Because hackers manage
to demonstrate how simple it is to get and manipulate this
information, they are held fully responsible for the security holes
themselves. But, contrary to most media perceptions, hackers have very
little interest in looking at other people's personal files.
Ironically, they tend to value privacy more than the rest of us
because they know firsthand how vulnerable it is. Over the years,
hackers have gone to the media to expose weaknesses in our credit
reporting agencies, the grading system for New York City public
schools, military computer systems, voice mail systems, and even
commonly used pushbutton locks that give a false sense of security.
Not one of these examples resulted in significant media attention and,
consequently, adequate security was either delayed or not implemented
at all. Conversely, whenever the government chooses to prosecute a
hacker, most media attention focuses on what the hacker "could have
done" had he been malicious. This reinforces the inaccurate depiction
of hackers as the major threat to our privacy and completely ignores
the failure of the system itself.
By coming out publicly and meeting with other hackers and non-hackers
in an open atmosphere, we have dispelled many of the myths and helped
foster an environment conducive to learning. But the message we
received at the Pentagon City Mall tells us to hide, be secretive, and
not trust anybody. Perhaps that's how the Secret Service wants hackers
to behave. But we are not criminals and we refuse to act as such
simply because we are perceived that way by uninformed bureaucrats.
Regardless of our individual outlooks on the hacker issue, we should
be outraged and extremely frightened to see the Secret Service act as
they did. Whether or not we believe that hackers are decent people, we
must agree that they are entitled to the same constitutional freedoms
the rest of us take for granted. Any less is tantamount to a very
dangerous and ill-advised precedent.
------------------------------
End of Computer Underground Digest #4.65
************************************
Computer underground Digest Wed Dec 16, 1992 Volume 4 : Issue 66
ISSN 1066-662X
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Copy Editor: Etaion Shrdlu, Junior
CONTENTS, #4.66 (Dec 16, 1992)
File 1-- CPSR and the Transition
File 2--Cellular Phone Fraud Techniques & Countermeasures (CU News)
File 3--Police Hackers / Computer Privacy Survey (Cu News)
File 4--EFF Nominations for PIONEER AWARDS
File 5--Organizational Changes at the EFF
File 6--Response to CERT advisory (Re: CuD 4.65)
File 7--CuD's 1992 MEDIA HYPE award to FORBES MAGAZINE
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; in
Europe from the ComNet in Luxembourg BBS (++352) 466893; and using
anonymous FTP on the Internet from ftp.eff.org (192.88.144.4) in
/pub/cud, red.css.itd.umich.edu (141.211.182.91) in /cud, halcyon.com
(192.135.191.2) in /pub/mirror/cud, and ftp.ee.mu.oz.au (128.250.77.2)
in /pub/text/CuD.
European readers can access the ftp site at: nic.funet.fi pub/doc/cud.
Back issues also may be obtained from the mail
server at mailserv@batpad.lgb.ca.us.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Tue, 15 Dec 1992 13:13:39 EDT
From: Marc Rotenberg <Marc_Rotenberg@WASHOFC.CPSR.ORG>
Subject: File 1-- CPSR and the Transition
Over the last several years CPSR has worked extensively on access to
government information, the Freedom of Information Act, computer
security policy, and privacy protection.
We have now sent the following recommendations to several transition
team groups. (The "(b)(1) exemption" in the first recommendation
refers to the national security exemption in the Freedom of
Information Act.)
We hope that the new administration will give our proposals full
consideration.
Marc Rotenberg, Director
CPSR Washington Office
rotenberg@washofc.cpsr.org
=============================================
FROM--Marc Rotenberg, CPSR
RE--Classification, Computer Security, Privacy
CC--Policy Group, Justice Cluster
DATE--December 10, 1992
Three issues that the Executive Order Project should
address:
1) Rescind E.O. 12356 (1982 Reagan Order on classification)
The Reagan Order on classification is the bane of the FOIA and
science communities. It has led to enormous overclassification,
frustrated government accountability, and skewed national priorities.
It should be rescinded.
A new E.O. should narrow the scope of classification
authority. It should reduce the classification bureaucracy. And it
should reflect the economic cost of classifying scientific and
technical information, i.e. such information should be presumptively
available. In the FOIA context, the new E.O. should also require
agencies to identify "an ascertainable harm" before invoking the
(b)(1) exemption.
2) Rescind NSD-42 (1991 Bush Directive on computer security
authority)
This directive undermined a fairly good 1987 law (the Computer
Security Act) and transferred authority for computer security from the
civilian sector to the intelligence community. It led to several bad
decisions in the area of technical standard setting (e.g. network
standards that facilitate surveillance rather than promoting security)
and has made it more difficult to ensure agency accountability. It
should be rescinded.
The President could either leave the 1987 Act in place and
issue no new E.O. or he could revise the E.O. consistent with the aims
of the 1987 law, recognizing the recent problems with technical
standard setting by the intelligence community.
3) Establish a task force on privacy protection
The new administration should move quickly on the privacy
front, particularly in the telecommunications arena. The United
States currently lags behind Canada, Japan, and the EC on telecomm
privacy policy. These policies are necessary for the development of
new services and the protection of consumer interests.
An Executive Order on privacy should include the following
elements: (1) the creation of an intra-agency task force with public
participation, (2) a report to the President within 180 days with
legislative recommendations, (3) a procedure for ongoing review and
coordination with Justice, Commerce, State, and OSTP.
------------------------------
Date: 13 Dec 92 14:00:21 EST
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 2--Cellular Phone Fraud & Countermeasures (CU News)
Industry sponsored studies on the amount of money lost to fraudulent
calls vary, as they do with estimates of computer crime and software
piracy, but one figure from the Cellular Telecommunications Industry
Association (CTIA) places the cost at somewhere between 100 and $300
million annually. Other estimates are as high at $600 million.
Typical methods used to obtain service for free include paying off
company employees to provide the all-essential ESN (Electronic Serial
Number, a unique identifier transmitted with each call that identifies
who is placing the call.), to 'cloning' ESN's from existing phones,
sometimes using radio receivers to evesdrop on cellular traffic and
copy the ESN from other calls.
Earlier this year the Secret Service raided homes in Phoenix and
confiscated 35 phones, 10,000 microchips, and other equipment used to
steal cellular service.
The El Segundo based Computer Sciences Corp has recently released an
Artificial Intelligence based device that attempts to thwart
fraudulent activity by maintaining a data base of calling patterns for
a particular ESN. When the pattern of activity changes, the cellular
company is notified that the ESN may have been compromised.
The CTIA has set up a fraud task force, with an annual budget of $4
million dollars, to help fight the problem. Individual cellular
companies have also established their own fraud investigation units.
Unlike the long-distance industry, cellular companies do not have a
policy of holding the customer responsible for fraudulent calls.
For more information read "Stop, Thief!", Information Week,
November 30, 1992. pg. 32
------------------------------
Date: 13 Dec 92 14:00:21 EST
From: Gordon Meyer <72307.1502@COMPUSERVE.COM>
Subject: File 3--Police Hackers / Computer Privacy Survey (Cu News)
According to news reports, up to 45 members (since 1989) of the Los
Angeles Police Department have been disciplined for using for
unauthorized use of police databases. They have been freely digging
up information on everyone from potential baby sitters to local
celebrities. There are reportedly some cases of using the databases
to file false insurance claims as well.
For more information see Karen M. Carriol's "Was Police Search
Warranted? Information Week. Nov 23 1992 pg 79
=============
Privacy vs Computers Survey.
Equifax's June '92 update to their "Consumers in the Information Age"
study shows some interesting survey results. Of the 1200+ people
surveyed, 80% said that computers improved the overall quality of
life, but nearly 70% agree that present uses of computers threaten
their personal privacy.
Other results include:
- Just over 75% worry that consumers have lost
all control over how businesses use and circulate personal
information.
- About half see no signs of improving this, saying that
protection of individual consumer data will weaken over the next ten
years.
- Almost 70% agree that if privacy is to be preserved, the use
of computers must be sharply restricted in the future.
For more information refer to: "The Databases That Knew Too Much",
Information Week. 12/7/92 pg 22
------------------------------
Date: Fri, 11 Dec 92 15:01:26 EST
From: Rita Marie Rouvalis <rita@EFF.ORG>
Subject: File 4--EFF Nominations for PIONEER AWARDS
THE SECOND ANNUAL INTERNATIONAL EFF PIONEER AWARDS:
CALL FOR NOMINATIONS
Deadline: December 31,1992
In every field of human endeavor,there are those dedicated to
expanding knowledge, freedom, efficiency and utility. Along the
electronic frontier, this is especially true. To recognize this,the
Electronic Frontier Foundation has established the Pioneer Awards for
deserving individuals and organizations.
The Pioneer Awards are international and nominations are open to all.
In March of 1992, the first EFF Pioneer Awards were given in
Washington D.C. The winners were: Douglas C. Engelbart of Fremont,
California; Robert Kahn of Reston, Virginia; Jim Warren of Woodside,
California; Tom Jennings of San Francisco, California; and Andrzej
Smereczynski of Warsaw, Poland.
The Second Annual Pioneer Awards will be given in San Francisco,
California at the 3rd Conference on Computers, Freedom, and Privacy in
March of 1993.
All valid nominations will be reviewed by a panel of impartial judges
chosen for their knowledge of computer-based communications and the
technical, legal, and social issues involved in networking.
There are no specific categories for the Pioneer Awards, but the
following guidelines apply:
1) The nominees must have made a substantial contribution to the
health, growth, accessibility, or freedom of computer-based
communications.
2) The contribution may be technical, social, economic or cultural.
3) Nominations may be of individuals, systems, or organizations in
the private or public sectors.
4) Nominations are open to all, and you may nominate more than one
recipient. You may nominate yourself or your organization.
5) All nominations, to be valid, must contain your reasons, however
brief, on why you are nominating the individual or organization,
along with a means of contacting the nominee, and your own
contact number. No anonymous nominations will be allowed.
6) Every person or organization, with the single exception of EFF
staff members, are eligible for Pioneer Awards.
7) Persons or representatives of organizations receiving a Pioneer
Award will be invited to attend the ceremony at the Foundation's
expense.
You may nominate as many as you wish, but please use one form per
nomination. You may return the forms to us via email to
pioneer@eff.org
You may mail them to us at:
Pioneer Awards, EFF,
155 Second Street
Cambridge MA 02141.
You may FAX them to us at:
+1 617 864 0866
Just tell us the name of the nominee, the phone number or email
address at which the nominee can be reached, and, most important, why
you feel the nominee deserves the award. You may attach supporting
documentation. Please include your own name, address, and phone
number.
We're looking for the Pioneers of the Electronic Frontier that have
made and are making a difference. Thanks for helping us find them,
The Electronic Frontier Foundation
-------EFF Pioneer Awards Nomination Form------
Please return to the Electronic Frontier Foundation
via email to: pioneer@eff.org
via surface mail to EFF 155 Second Street, Cambridge, MA 02141 USA;
via FAX to +1 617 864 0866
Nominee:
Title:
Company/Organization:
Contact number or email address:
Reason for nomination:
Your name and contact information:
Extra documentation attached:
DEADLINE: ALL NOMINATIONS MUST BE RECEIVE BY THE ELECTRONIC FRONTIER
FOUNDATION BY MIDNIGHT, EASTERN STANDARD TIME U.S., DECEMBER 31,1992.
------------------------------
Date: Mon, 14 Dec 92 14:47:43 EST
From: Rita Marie Rouvalis <rita@EFF.ORG>
Subject: File 5--Organizational Changes at the EFF
EFF EXPLAINS ORGANIZATIONAL CHANGES
Mitchell Kapor, Chairman and President of the Electronic Frontier
Foundation (EFF), today explained several organizational moves and
initiatives approved by the EFF Board at its November 10, 1992
meeting in San Francisco. According to Kapor, "they are designed to
increase our effectiveness in making EFF into a national public
education, advocacy, membership, and chapters organization that
represents and serves our growing constituency on the electronic
frontier."
Berman Becomes Acting Executive Director
Kapor stated that "Jerry Berman, who currently heads our Washington
Office, has been designated by the EFF board to serve as the interim
Executive Director of EFF with present overall responsibility for
managing the activities of our Cambridge and Washington, D.C. offices.
In this capacity, he will oversee EFF's public policy, membership, and
chapter building activities."
Berman said: "I am delighted to be working with Cliff Figallo, our
Cambridge Office Director and the entire EFF staff and Board. In the
next two months we will be making a concerted effort to develop a plan
to make EFF into a more effective and powerful public interest
organization."
Chapters Summit
On January, 23 and 24, 1993, EFF will hold a "chapters summit" in
Atlanta, Georgia. Dave Farber, EFF Board Member, stated that the
meeting would be "an open, candid sharing of views about chapter
relations with EFF and EFF's relations with chapters with the goal of
making the chapters an integral part of the EFF mission." The meeting
is being organized by a steering committee made up of Cliff Figallo,
Jerry Berman, Dave Farber and representatives from chapters and
potential chapters including Mitch Ratcliffe and Jon Lebkowsky .
Mitchell Kapor to Chair EFF Board and Oversee Critical Policy Studies
and Initiatives
Mitchell Kapor, who serves as Chairman of the EFF Board, has turned
over management functions to Berman and Figallo to devote his energy
and talents to developing EFF strategy and public policy initiatives,
such as a pragmatic program for achieving an open broadband
communications network and an exploration of the potential role of the
cable television network in serving as a interactive, multimedia
electronic communications highway. Kapor will also continue to lead
EFF's current public policy initiative to develop a near term digital
path to the home designed to maximize free speech, innovation, and
privacy.
Permanent Executive Director
The EFF Board, once it has developed and approved an overall strategic
plan in January, will proceed with an open search for a permanent
Executive Director for the organization.
------------------------------
Date: 15 Dec 92 15:11:24
From: Louis Giliberto <magus@DRKTOWR.CHI.IL.US>
Subject: File 6--Response to CERT advisory (Re: CuD 4.65)
In CuD #4.65 this CERT advisory appeared:
> CA-92:19 CERT Advisory
> December 7, 1992
> Keystroke Logging Banner
There are several issues that need to be considered before
implementing a system such as this, the last of which should be
defensibility. Killing in self-defense is defensible, but there are
other considerations involved. The point? Just because someone *can*
do something does not mean someone *should* do something.
Who should/could be monitored?
+++++++++++++++
This advisory seems to give free license to the system administrator to
monitor as he/she sees fit. What if you own a company, and your
administrator logs and monitors all activity as outlined? Then he
leaves your company and joins your competitor. He has read over every
piece of information typed into your system. Obviously this causes
problems if the computer is used for proprietary information.
However, let us assume the administrator can be trusted. Who does he
decide to log? The fairest way would be to log everyone. However,
this is near impossible since the resources required would be
overwhelming. More resources would be spent on logging than on
computation. One might suggest that he log only those accounts that
have had illegal logon attempts or suspicious activity. But this
brings up two points: 1) If the logs are catching the activity, is
keystroke monitoring needed to secure the system? 2) In the cases
where keystroke monitoring would be most effective (i.e., determining
the method of intrustion) the logs are most likely doctored in some
way, so the determination of which account to monitor could not even
be made.
Therefore the most effective use of keystroke logging would be 1)
monitor those accounts with suspicious activity and 2) monitor at
random. In this manner, illegal entries not caught in the logs or
other security measures may be picked up in the keystroke loggings.
But this brings up even more questions:
What type of notification should there be? +++++++++++++++++++++ Is
the banner enough? Is more notification needed? Way back when, it
was determined system administrators should give notice (in the form
of a banner or some such publicly visible medium) that e-mail and
files are not secure on the system and are open to incidental
inspection by the system administrator in the course of system
maintenance. Most people expect this and trust the system
administrator enough to feel that he is not reading their mail for
kicks. The banner is enough of a notification in this instance since
monitoring does not take place in real-time. Unlike monitoring on the
phone system where it happens as the voice is transmitted, e-mail and
file monitoring takes place often when the user is not on so that
instant notification is not possible (or even warranted in most cases
when it happens in the course of system maintenance).
Keystroke logging differs in that it takes place in real-time while
the user is logged on. Is a banner enough notification?
I would argue no. While using the phone system, if an operator comes
into your call, his/her presence is announced with several tones and
the name of the company. The law requires that any taping of
conversations to be accompanied by a tone every so often of a specific
duration. The logging of keystrokes is the same type of monitoring,
and should be subject to the same requirements. The user should be
notified in real-time that he is being monitored in real-time. Any
type of monitoring without such a warning is usually called
"wiretapping," and such monitoring is illegal except by law
enforcement agencies with a court order allowing the event after cause
is shown.
Many people would contend: "But this is a privately owned system, not
a public utility." Yes, but there is reasonable expectation of
privacy allowed even in the workplace. I'm too lazy to look up the
court cases (and I'm not a lawyer, so I don't care either), but there
are multiple instances where searches of employee desks and lockers
and the like were determined to be a violation of privacy rights. A
company could clearly not monitor the voice transmissions of an
employee's telephone but could log the number he called. In the same
way, a system administrator could log login attempts, but should not
be given free license to monitor the actual keystrokes. It violates
the reasonable rights of the employee. Even high school students are
given reasonable rights in the expectation of privacy of the contents
of their lockers and person. Well, unless you went to Catholic high
school like I did + never tell a Jesuit he can't do something (unless
you like corporal punishment).
Extensions of keystroke monitoring
+++++++++++++++++
Given the fact that keystrokes are passed over the internet in the
form of IP packets generated by telnet (and other comparable
applications), does this allow keystroke monitoring at a remote site?
In other words, can routing centers sniff packets at will if they
inform the other sites they are going to? According to the
interpretation given by the justice department, yes, they can. They
can monitor keystrokes. The argument would be there is a reasonable
expectation for keystrokes to appear in an IP packet, so all of them
are open to examination if a banner is presented or prior notification
given. Does apple.com want ibm.com to monitor its packets? Nope. Does
a prof at Purdue want a prof at Champaign to monitor his? Nope.
However, if a packet goes through someone's machine (possible since
many machines are used for gatewaying and routing) he could argue that
he had the right to sniff it.
Can pay services monitor your keystrokes legally? Say CompuServe or
America Online or Prodigy or another fine reputable <can you feel the
sarcasm?> service put this measure in place. These services are
comparable to a public service such as a bookstore (which was proven
in litigation with CompuServe) or a phone company. Don't they then
have the responsibility to respect the privacy of the customers? If
you walk into K-Mart they can't strip search you at their whim. The
phone company can't (legally) listen into your conversations. Is
keystroke monitoring without real time notification to be allowed on
these systems as well?
An argument may be: "But security cameras are allowed to videotape
customers" Ah, yes! But that is a different scenario: 1) The
videotaping does not center on a specific individual. As stated
before, to monitor the keystrokes of everyone would be
near-impossible. 2) The store is a publically accessible place, and
there is no reasonable expectation of privacy except to your person.
Why is there a reasonable expectation of privacy on a computer system?
Well, what are file permissions for? To keep one's files and stuff
private. Just as a lock on a desk or a closed door intimates privacy,
so do file permissions. If a system is truly public as a Sears or
WalMart, there would be no file permissions. There would be no
accounts with names on them giving ownership. Ownership implies a
right to security from trespass and interference. There are many
arguments to be made for privacy expectations on computer systems that
I won't go into here. Let me just clarify "truly public" as I used it
in describing Sears and WalMart. By "truly public" I mean that they
may not turn away anyone entering their property without good reason.
They may not discriminate, and being employed by them is not a
criteria for entering their sales area. Customers are allowed to move
unimpeded throughout the sales area, and customers do not get lockers
to put stuff in on a daily basis which are provided by the store. In
other words, their is no private ownership on the part of the customer
within the store except for what he carries on his person. This is
comparable to being in a public area. The comparison I am making
believes that being inside a computer system is not comparable to
being in a public area if ownership of files and accounts are given.
Conclusion
+++++
While I realize that CERT was merely passing on the findings of the
Justice Department, I have to question 1) the presentation of those
findings including giving almost a "non-liability kit" in their
advisory, and, 2) the findings themselves. Anything is defensible.
Charles Manson had a defense. However, even if the act is defensible,
it may still be illegal. Defensible merely means "there is a
reasonable expectation that consideration will be given to your side."
I think CERT went a bit too far in suggesting a banner and not
bringing up possible consequences. I tried to "balance" the situation
here. For any company, I would seriously advise you to consult an
attorney before you implement this type of monitoring, and to think
about what effects it could have. It may weaken security rather than
improve it.
As a system administrator (albeit a tiny system consisting of myself,
4 friends, my sister, and my girlfriend) I would not implement such a
scheme since I feel that it would be illegal without real-time
notification, and such real-time notification is, quite frankly, a
pain to give to someone using an editor without disrupting their
session or their train of thought.
In a nutshell, the point is this: just because it's defensible does
not mean it's legal, and in this case I feel that it just might be
illegal.
------------------------------
Date: 15 Dec 92 18:48:01 CST
From: Jim Thomas <cudigest@mindvox.phantom.com>
Subject: File 7--CuD's 1992 MEDIA HYPE award to FORBES MAGAZINE
In recent years, media depiction of "hackers" has been criticized for
inaccurate and slanted reporting that exaggerates the public dangers
of the dread "hacker menace." As a result, CuD annually recogizes the
year's most egregious example of media hype.
The 1992 annual CuD GERALDO RIVERA MEDIA HYPE award goes to WILLIAM G.
FLANAGAN AND BRIGID McMENAMIN for their article "The Playground
Bullies are Learning how to Type" in the 21 December issue of Forbes
(pp 184-189). The authors improved upon last year's winner, Geraldo
himself, in inflammatory rhetoric and distorted narrative that seems
more appropriate for a segment of "Inside Edition" during sweeps week
than for a mainstream conservative periodical.
The Forbes piece is the hands-down winner for two reasons.
First, one reporter of the story, Brigid McMenamin, was exceptionally
successful in creating for herself an image as clueless and obnoxious.
Second, the story itself was based on faulty logic, rumors, and some
impressive leaps of induction. Consider the following.
The Reporter: Brigid McMenamin
It's not only the story's gross errors, hyperbole, and irresponsible
distortion that deserve commendation/condemnation, but the way that
Forbes reporter Brigid McMenamin tried to sell herself to solicit
information.
One individual contacted by Brigid McM claimed she called him several
times "bugging" him for information, asking for names, and complaining
because "hackers" never called her back. He reports that she
explicitly stated that her interest was limited to the "illegal stuff"
and the "crime aspect" and was oblivious to facts or issues
that did not bear upon hackers-as-criminals.
Some persons present at the November 2600 meeting at Citicorp, which
she attended, suggested the possibility that she used another reporter
as a credibility prop, followed some of the participants to dinner
after the meeting, and was interested in talking only about illegal
activities. One observer indicated that those who were willing to talk
to her might not be the most credible informants. Perhaps this is one
reason for her curious language in describing the 2600 meeting.
Another person she contacted indicated that she called him wanting
names of people to talk to and indicated that because Forbes is a
business magazine, it only publishes the "truth." Yet, she seemed not
so much interested in "truth," but in finding "evidence" to fit a
story. He reports that he attempted to explain that hackers generally
are interested in Unix and she asked if she could make free phone
calls if she knew Unix. Although the reporter stated to me several
times that she had done her homework, my own conversation with her
contradicted her claims, and if the reports of others are accurate,
here claims of preparation seem disturbingly exaggerated.
I also had a rather unpleasant exchange with Ms. McM. She was rude,
abrasive, and was interested in obtaining the names of "hackers" who
worked for or as "criminals." Her "angle" was clearly the
hacker-as-demon. Her questions suggested that she did not understand
the culture about which she was writing. She would ask questions and
then argue about the answer, and was resistant to any "facts" or
responses that failed to focus on "the hacker criminal." She dropped
Emmanuel Goldstein's name in a way that I interpreted as indicating a
closer relationship than she had--an incidental sentence, but one not
without import--which I later discovered was either an inadvertently
misleading choice of words or a deliberate attempt to deceptively
establish credentials. She claimed she was an avowed civil
libertarian. I asked why, then, she didn't incorporate some of those
issues. She invoked publisher pressure. Forbes is a business magazine,
she said, and the story should be of interest to readers. She
indicated that civil liberties weren't related to "business." She
struck me as exceptionally ill-informed and not particularly good at
soliciting information. She also left a post on Mindvox inviting
"hackers" who had been contacted by "criminals" for services to
contact her.
>Post: 150 of 161
>Subject: Hacking for Profit?
>From: forbes (Forbes Reporter)
>Date: Tue, 17 Nov 92 13:17:34 EST
>
>Hacking for Profit? Has anyone ever offered to pay you (or
>a friend) to get into a certain system and alter, destroy or
>retrieve information? Can you earn money hacking credit
>card numbers, access codes or other information? Do you know
>where to sell it? Then I'd like to hear from you. I'm
>doing research for a magazine article. We don't need you
>name. But I do want to hear your story. Please contact me.
>Forbes@mindvox.phantom.com.
However, apparently she wasn't over-zealous about following up her
post or reading the Mindvox conferences. When I finally agreed to
send her some information about CuD, she insisted it be faxed rather
than sent to Mindvox because she was rarely on it. Logs indicate that
she made only six calls to the board, none of which occured after
November 24.
My own experience with the Forbes reporter was consistent with those
of others. She emphasized "truth" and "fact-checkers," but the story
seems short on both. She emphasized explicitly that her story would
*not* be sensationalistic. She implied that she wanted to focus on
criminals and that the story would have the effect of presenting the
distinction between "hackers" and real criminals. Another of her
contacts also appeared to have the same impression. After our
less-than-cordial discussion, she reported it to the contact, and he
attempted to intercede on her behalf in the belief that her intent was
to dispel many of the media inaccuracies about "hacking." If his
interpretation is correct, then she deceived him as well, because her
portrayal of him in the story was unfavorably misleading.
In CuD 4.45 (File #3), we ran Mike Godwin's article on "How to
Talk to the Press," which should be required reading.
His guidelines included:
1) TRY TO THINK LIKE THE REPORTER YOU'RE TALKING TO.
2) IF YOU'RE GOING TO MEET THE REPORTER IN PERSON, TRY TO
BRING SOMETHING ON PAPER.
3) GIVE THE REPORTER OTHER PEOPLE TO TALK TO, IF POSSIBLE.
4) DON'T ASSUME THAT THE REPORTER WILL COVER THE STORY THE WAY
YOU'D LIKE HER TO.
Other experienced observers contend that discussing "hacking" with the
press should be avoided unless one knows the reporter well or if the
reporter has established sufficient credentials as accurate and
non-sensationalist. Using these criteria, it will probably be a long
while before any competent cybernaught again speaks to Brigid
McMenamin.
The Story
Rather than present a coherent and factual story about the types of
computer crime, the authors instead make "hackers" the focal point and
use a narrative strategy that conflates all computer crime with
"hackers."
The story implies that Len Rose is part of the "hacker hood" crowd.
The lead reports Rose's prison experience and relates his feeling that
he was "made an example of" by federal prosecutors. But, asks the
narrative, if this is so, then why is the government cracking down?
Whatever else one might think of Len Rose, no one ever has implied
that he as a "playground bully" or "hacker hood." The story also
states that 2600 Magazine editor Emmanuel Goldstein "hands copies <of
2600> out free of charge to kids. Then they get arrested." (p. 188--a
quote attributed to Don Delaney), and distorts (or fabricates) facts
to fit the slant:
According to one knowledgeable source, another hacker brags
that he recently found a way to get into Citibank's
computers. For three months he says he quietly skimmed off a
penny or so from each account. Once he had $200,000, he quit.
Citibank says it has no evidence of this incident and we
cannot confirm the hacker's story. But, says computer crime
expert Donn Parker of consultants SRI International: "Such a
'salami attack' is definitely possible, especially for an
insider" (p. 186).
Has anybody calculated how many accounts one would have to "skim" a
few pennies from before obtaining $200,000? At a dime apiece, that's
over 2 million. If I'm figuring correctly, at one minute per account,
60 accounts per minute non-stop for 24 hours a day all year, it would
take nearly 4 straight years of on-line computer work for an
out-sider. According to the story, it took only 3 months. At 20
cents an account, that's over a million accounts.
Although no names or evidence are given, the story quotes Donn Parker
of SRI as saying that the story is a "definite possibility." Over the
years, there have been cases of skimming, but as I remember the
various incidents, all have been inside jobs and few, if any, involved
hackers. The story is suspiciously reminiscent of the infamous "bank
cracking" article published in Phrack as a spoof several years ago.
The basis for the claim that "hacker hoods" (former "playground
bullies") are now dangerous is based on a series of second and
third-hand rumors and myths. The authors then list from "generally
reliable press reports" a half-dozen or so non-hacker fraud cases
that, in context, would seem to the casual reader to be part of the
"hacker menace." I counted in the article at least 24 instances of
half-truths, inaccuracies, distortions, questionable/spurious links,
or misleading claims that are reminiscent of 80s media hype. For
example, the article attributes to Phiber Optik counts in the MOD
indictment that do not include him, misleads on the Len Rose
indictment and guilty plea, uses second and third hand information
as "fact" without checking the reliability, and presents facts out
of context (such as attributing the Morris Internet worm to
"hackers).
Featured as a key "hacker hood" is "Kimble," a German hacker said by
some to be sufficiently media-hungry and self-serving that he is
ostracized by other German hackers. His major crime reported in the
story is hacking into PBXes. While clearly wrong, his "crime" hardly
qualifies him for the "hacker hood/organized crime" danger that's the
focus of the story. Perhaps he is engaged in other activities
unreported by the authors, but it appears he is simply a
run-of-the-mill petty rip-off artist. In fact, the authors do not make
much of his crimes. Instead, they leap to the conclusion that
"hackers" do the same thing and sell the numbers "increasingly" to
criminals without a shred of evidence for the leap. To be sure the
reader understands the menace, the authors also invoke unsubstantiated
images of a hacker/Turkish Mafia connection and suggest that during
the Gulf war, one hacker was paid "millions" to invade a Pentagon
computer and retrieve information from a spy satellite (p. 186).
Criminals use computers for crime. Some criminals may purchase numbers
from others. But the story paints a broader picture, and equates all
computer crime with "hacking." The authors' logic seems to be that if
a crime is committed with a computer, it's a hacking crime, and
therefore computer crime and "hackers" are synonymous. The story
ignores the fact that most computer crime is an "inside job" and it
says nothing about the problem of security and how the greatest danger
to computer systems is careless users.
One short paragraph near the end mentions the concerns about civil
liberties, and the next paragraph mentions that EFF was formed to
address these concerns. However, nothing in the article articulates
the bases for these concerns. Instead, the piece promotes the "hacker
as demon" mystique quite creatively.
The use of terms such as "new hoods on the block," "playground
bullies," and "hacker hoods" suggests that the purpose of the story
was to find facts to fit a slant.
In one sense, the authors might be able to claim that some of their
"facts" were accurate. For example, the "playground bullies" phrase is
attributed to Chesire Catalyst. "Gee, *we* didn't say it!" But, they
don't identify whether it's the original CC or not. The phrase sounds
like a term used in recent internecine "hacker group" bickering, and
if this was the context, it hardly describes any new "hacker culture."
Even so, the use of the phrase would be akin to a critic of the Forbes
article refering to it as the product of "media whores who are now
getting paid for doing what they used to do for free," and then
applying the term "whores" to the authors because, hey, I didn't
make up the term, somebody else did, and I'm just reporting (and using
it as my central metaphor) just the way it was told to me. However, I
suspect that neither Forbes' author would take kindly to being called
a whore because of the perception that they prostituted journalistic
integrity for the pay-off of a sexy story. And this is what's wrong
with the article: The authors take rumors and catch-phrases, "merely
report" the phrases, but then construct premises around the phrases
*as if* they were true with little (if any) evidence. They take an
unconfirmed "truth" (where are fact checkers when you need them) or an
unrelated "fact" (such as an example of insider fraud) and generalize
from a discrete fact to a larger population. The article is an
excellent bit of creative writing.
Why Does It All Matter?
Computer crime is serious, costly, and must not be tolerated.
Rip-off is no joke. But, it helps to understand a problem before it
can be solved, and lack of understanding can lead to policies and laws
that are not only ineffective, but also a threat to civil liberties.
The public should be accurately informed of the dangers of computer
crime and how it can be prevented. However, little will be served by
creating demons and falsely attributing to them the sins of others. It
is bad enough that the meaning" of the term "hacker" has been used to
apply both to both computer delinquents and creative explorers without
also having the label extended to include all other forms of computer
criminals as well.
CPSR, the EFF, CuD, and many, many others have worked, with some
success, to educate the media about both dangers of computer crime and
the dangers of inaccurately reporting it and attributing it to
"hackers." Some, perhaps most, reporters take their work seriously,
let the facts speak to them, and at least make a good-faith effort not
to fit their "facts" into a narrative that--by one authors' indication
at least--seems to have been predetermined.
Contrary to billing, there was no evidence in the story, other than
questionable rumor, of "hacker" connection to organized crime. Yet,
this type of article has been used by legislators and some law
enforcement agents to justify a "crackdown" on conventional hackers as
if they were the ultimate menace to society. Forbes, with a paid
circulation of over 735,000 (compared to CuDs unpaid circulation of
only 40,000), reaches a significant and influential population.
Hysterical stories create hysterical images, and these create
hysteria-based laws that threaten the rights of law-abiding users.
When a problem is defined by irresponsibly produced images and then
fed to the public, it becomes more difficult to overcome policies and
laws that restrict rights in cyberspace.
The issue is not whether "hackers" are or are not portrayed favorably.
Rather, the issue is whether images re-inforce a witch-hunt mentality
that leads to the excesses of Operation Sun Devil, the Steve Jackson
Games fiasco, or excessive sentences for those who are either
law-abiding or are set up as scapegoats. The danger of the Forbes
article is that it contributes to the persecution of those who are
stigmatized not so much for their acts, but rather for the signs they
bear.
------------------------------
End of Computer Underground Digest #4.66
************************************
Computer underground Digest Sun Dec 20, 1992 Volume 4 : Issue 67
ISSN 1067-672X
Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Copy Iditor: Etaion Shrdlu, Junior
CONTENTS, #4.67 (Dec 20, 1992)
File 1--Thanks to all and see ya Jan 9th
File 2--Secret Service Raids Dorm
File 3--Tales From the Crackdown
File 4--SYSLAW (Review #1)
File 5--SYSLAW (Review #2)
File 6--Model BBS/User Contract (from SYSLAW)
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; in
Europe from the ComNet in Luxembourg BBS (++352) 466893; and using
anonymous FTP on the Internet from ftp.eff.org (192.88.144.4) in
/pub/cud, red.css.itd.umich.edu (141.211.182.91) in /cud, halcyon.com
(192.135.191.2) in /pub/mirror/cud, and ftp.ee.mu.oz.au (128.250.77.2)
in /pub/text/CuD.
European readers can access the ftp site at: nic.funet.fi pub/doc/cud.
Back issues also may be obtained from the mail
server at mailserv@batpad.lgb.ca.us.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
----------------------------------------------------------------------
Date: Sat, 19 Dec 92 23:18:21 CST
From: Moderators <tk0jut2@mvs.cso.niu.edu>
Subject: File 1--Thanks to all and see ya Jan 9th
CuD will be on vacation from 23 December through about 8 January.
Issue #5.01 will be out about January 9. We will, however, continue to
answer mail and take subs over break.
A special year's end THANKS!!! goes out to the gang who have
maintained the CuD ftp sites: DAN (beware of flaming sambuca snorters)
CAROSONE, PAUL (even if he is from the "other" university in Michigan)
SOUTHWORTH, RALPH (the quiet one) SIMS, JYRKI (who will never be
accused of lurking) KUOPOLLA, and the guy who makes it all possible
BRENDAN (the only Zen net-meister we now) KEHOE. And, special thanks
to the mailserv meister at mailserv@batpad.lgb.ca.us. He's too young
to mention his name, but he's done a fine job in keeping the mailserv
going.
As usal, the proof reeding and coyp editor, Etaion Shrdlu, Junior, has
kept CuD texts error-free ofspelling and typo errors.
And, of course, thanks to everybody who sent in articles (and to those
who read them).
The January issues will include several on the Software Publishers'
Association (SPA), including interviews, commentary, and other stuff.
So, see ya'll about a week after New Year's.
Jim and Gordon
------------------------------
Date: Thu, 17 Dec 92 16:08:10 CST
From: Joe.Abernathy@HOUSTON.CHRON.COM(Joe Abernathy)
Subject: File 2--Secret Service Raids Dorm
Federal Agents Raid Dorm, Seize Computer Equipment
By JOE ABERNATHY Copyright 1992, Houston Chronicle
The Secret Service has raided a dorm room at Texas Tech University,
seizing the computers of two Houston-area students who allegedly used
an international computer network to steal computer software.
Agents refused to release the names of the two area men and a third
from Austin, who were not arrested in the late-morning raid Monday at
the university in Lubbock. Their cases will be presented to a grand
jury in January.
They are expected to be charged with computer crime, interstate
transport of stolen property and copyright infringement.
"The university detected it," said Resident Agent R. David Freriks of
the Secret Service office in Dallas, which handled the case. He said
that Texas Tech computer system operators contacted the Secret Service
when personal credit information was found mixed with the software
mysteriously filling up their fixed-disk data storage devices.
The raid is the first to fall under a much broader felony definition
of computer software piracy that could affect many Americans. This
October revision to the copyright law was hotly debated by computer
experts, who contended that it sets the felony threshold far too low.
Agents allege that the three used a chat system hosted on the Internet
computer network, which connects up to 15 million people in more than
40 nations, to make contacts with whom they could trade pirated
software. The software was transferred over the network, into Texas
Tech's computers, and eventually into their personal computers. The
Secret Service seized those three personal computers and associated
peripherals which an agent valued at roughly $5,000.
The software Publishers Association, a software industry group
chartered to fight piracy, contends that the industry lost $1.2
billion in sales in 1991 to pirates.
Although these figures are widely questioned for their accuracy,
piracy is widespread among Houston's 450-plus computer bulletin
boards, and even more so on the global Internet.
"There are a lot of underground sites on the Internet run by
university system administrators, and they have tons of pirated
software available to download -- gigabytes of software," said Scott
Chasin, a former computer hacker who is now a computer security
consultant. "There's no way that one agency or authority can go
through and try to sweep all the bad software off the Internet,
because the Internet's too big."
The mission of the Secret Service does not normally include the
pursuit of software piracy, but rather the use of "electronic access
devices" such as passwords in the commission of a crime. This gives
the service purview over many computer and telecommunications crimes,
which often go hand-in-hand, with occasional bleedover into other
areas.
Freriks said that the investigation falls under a revision of the
copyright laws that allows felony charges to be brought against anyone
who trades more than 10 pieces of copyrighted software -- a threshold
that would cover many millions of Americans who may trade copies of
computer programs with their friends.
"The ink is barely dry on the amendment, and you've already got law
enforcement in there, guns blazing, because somebody's got a dozen
copies of stolen software," said Marc Rotenberg, director of Computer
Professionals for Social Responsibility, in Washington, D.C. "That was
a bad provision when it was passed, and was considered bad for
precisely this reason, giving a justification for over-reaching by law
enforcement."
Freriks noted that the raid also involved one of the first uses of an
expanded right to use forfeiture against computer crime, although he
was unable to state from where this authority evolved after a civil
rights lawyer questioned his assertion that it was contained in the
copyright law revision.
"One of our complaints has always been that you catch 'em, slap 'em on
the wrist, and then hand back the smoking gun," he said. "Now all that
equipment belongs to the government."
------------------------------
Date: Thu, 17 Dec 92 16:32:11 CST
From: Joe.Abernathy@HOUSTON.CHRON.COM(Joe Abernathy)
Subject: File 3--Tales From the Crackdown
Have you been accused, falsely or with cause, of a computer crime?
Have you been the victim of a computer crime? Are you a law
enforcement professional who would like to set the record straight?
If you fit any of these, or if you're a knowledgeable, qualified
observer, the Houston Chronicle would like to talk with you. We're
doing a completely different kind of hacker story from the kind you're
used to reading, but we need your help. We need to know about cases
with which you've been involved, what went right and what went wrong.
Don't be shy. We don't promise to edit reality, but you can count on
us to get your story right, no matter which side of the aisle you
tread, and to try to sympathize with your beliefs and objectives.
More details will be forthcoming out of the glare of our competition's
eyes :-) so let's talk:
Joe Abernathy Joe.Abernathy@chron.com
Special Projects P.O. Box 4260
The Houston Chronicle Houston, Texas 77210
(800) 735-3820 Ext 6845 (713) 220-6845
------------------------------
Date: Wed, 11 Nov 92 14:13:30 CST
From: Mike.Riddle@IVGATE.OMAHUG.ORG(Mike Riddle)
Subject: File 4--SYSLAW (Review #1)
SYSLAW (Second Edition). By Lance Rose and Jonathan Wallace. Winona
(Minn.): PC Information Group, Inc. 306 pp. $34.95 (paper).
The old truism that law follows technology comes as no surprise to
readers of the Computer Underground Digest. Many, if not most, of the
(horror) stories we hear about "evil hackers", or the (sometimes)
excesses of various law enforcement agencies, can be understood much
better when we realize the lack of computer knowledge within society
at large. System operators, be they sysadmins at a large university
or commercial site, or sysops of a PC-based bulletin board in a
basement or closet, increasingly have questions about their legal
rights and responsibilities. Can I delete that user? Should (or can
I legally) censor or delete that message or file? How can I protect
myself from civil or criminal liability? Can my equipment be seized
because of something a user does?
SYSLAW is an attempt to explore the gap between statutes and case law
on the one side, and technological reality on the other. Since the
law works slowly, many of the questions about the intersection of law
and technology do not have textbook answers. But "the smallest
journey begins with a step." Messrs. Rose and Wallace have made a
substantial step down that path.
While the courts have yet to rule on many of the questions posed by
sysops, sysadmins, and others, we still have fundamental principles of
constitutional and communications law to rely upon. Rose and Wallace
begin by exploring Sysop rights within the traditional framework of
Constitutional law, particularly the First Amendment.
After discussing the Constitutional principles that apply to Sysops,
they then go on to explore the contractual nature of computer
communications. Contracts are legally enforceable agreements, and we
find them everywhere in daily life. Sometimes we even realize that a
contract is involved, and a small fraction of those contracts are
important enough to be written down.
Bulletin boards are the same way. Explicit or implied contracts are
established when a user logs on to a bulletin board. Rose and Wallace
suggest the wise sysop recognize this reality, and explicitly lay out
a contract for use. They also include a sample as an appendix.
Another area of concern is the law of intellectual property. Who owns
the posts? Does a moderator (either usenet or Fido style) have any
ownership in the overall newsgroup or echo? When can messages legally
be copied? What about files and executable code? While the context
may be new, many of the questions are old and have relatively
well-established answers.
What about "injurious materials" on a bulletin board? Is the sysop
liable? What did _Cubby v. Compuserve_ really decide? What are the
rules on search and seizure, and what has actually happened in the few
cases we know about? Does the sysop have an obligation to search for
and/or warn about viruses? What about sexually explicit material?
Many of these areas do not have clear answers, and one of the
strengths of SYSLAW is that the authors do not attempt to invent law
where it doesn't exist. But in the places where the law is unsettled,
they do a good job explaining the legal, social and sometimes moral
considerations that a court would consider if the question arose.
They sometimes tell you what they think the result might be, or what
they think it should be. They caution at the start that until courts
consider several cases, and/or until we get appellate decisions, the
users and operators incur some degree of risk in engaging in certain
activities. The reader is left with a better understanding of the
issues involved, and reasonable actions sysops might take to insulate
themselves from liability of one sort or another.
SysLaw is available from PC Information Group, 800-321-8285 or
507-452-2824, and located at 1126 East Broadway, Winona, MN 55987.
You may order by credit card or by mail. Price is $34.95 plus $3.00
shipping and (if applicable) sales tax. Price is subject to change
after January 1, 1993. For additional information, please
------------------------------
Date: Sat, 28 Nov 92 10:19:54 CDT
From: Jim Thomas <tk0jut2@mvs.cso.niu.edu>
Subject: File 5--SYSLAW (Review #2)
The U.S. Secret Service's "crackdown" on hackers in the past two years
has included seizures of computer hardware running BBSes. This raises
significant questions for the legal obligations of both users and
sysops. The "Phrack trial," Operation Sun Devil, and--more
recently--the alleged USSS involvement in disrupting law-abiding 2600
meetings underscore the importance of establishing unequivocal
Constitutional protections of BBSes. SYSLAW, a comprehensive summary
of the legal liabilities and obligations of BBS sysops, is mistitled:
It's not simply a legal handbook for sysops, but a helpful compendium
of laws and practices relevant to BBS users as well. Although both
Lance Rose and Jonathan Wallace (R&W) are attorneys, the volume is
written clearly and without overwhelming legal jargon, and even the
casual BBS user should derive sufficient information from the volume
to understand the problems sysops confront in running a board.
Rose and Wallace accomplish their stated goals (p. xxii) of
familiarizing readers with the kinds of legal questions arising in a
BBS context, providing sysops with a legal overview of laws bearing on
BBS operations, and identifying the legal ambiguities in which the law
appears to provide no clear guidelines for operation, yet may place a
sysop at legal risk. Syslaw is divided into nine chapters and 10
hefty appendices. The core issues in the book are 1) First Amendment
and speech, 2) privacy, 3) sysop liabilities to users, and 4)
sysop/user relations.
In the first chapter, the authors emphasize that the question of the
relationship of a BBS to the First Amendment remains unsettled, and
this relationship generates considerable discussion in BBS forums and
on Usenet (eg, comp.org.eff.talk). While noting that BBSs create new
challenges or Constitutional interpretation, R&W identify two reasons
why BBSs deserve "the full protection from legal interference granted
by the First Amendment under its express protections of "speech,"
"press," "peaceable assembly," and "petitioning the government" (p.
2). First, BBSs are focal points for creating, collecting and
disseminating information, and as such, electronic speech is
"perfectly analogous to printed materials which are universally
acknowledge as protected under the First Amendment." Second, R&W argue
that BBSs are analogous to physical printing presses and promote the
growth of alternative publishers with diverse points of view. Just as
technology has expanded rights from print media other media, such
broadcast radio and television, BBSs also reflect an emergent
technology that functions in much the same way as the older media:
BBS's ((sic)) powerfully fulfill the goal of the First
Amendment by enabling effective publishing and distribution of
diverse points of view, many of which never before had a voice.
Protecting BBS's should be one of the primary functions of the
First Amendment today (p. 3).
R&W argue that there are three main ways that the First Amendment
protects BBSs:
(1) it sharply limits the kinds of speech that can be considered
illegal on BBS', (2) it assures that the overall legal burdens on
sysops will be kept light enough that they can keep their BBS'
running to distribute their own speech and others', and (3) it
limits the government's ability to search or seize BBS' where it
would interfere with BBS' ability to distribute speech.
The authors identify three kinds of BBS operations that, for First
Amendment purposes, qualify for various types and amounts of
protection (p. 8-17): They are simultaneously publishers, distributors,
and shared message networks.
The authors emphasize that speech protections are an issue between the
government and the citizens, not the sysops and their users. Sysops,
they remind us, can--within the law--run their boards and censor as
they wish. The danger, R&W suggest, is that over-cautious sysops may
engage in unnecessary self-censorship in fear of government
intervention. Their goal is to provide the BBS community with
guidelines that help distinguish legal from illegal speech (and
files).
The remaining chapters address topics such as sysop liability when
injurious activities or materials occur on a BBS, the sysops
obligations when obviously illegal behavior is discovered, the
"problem" of sexual explicit materials, and searches and seizures. Of
special interest is the chapter on contractual obligations between
sysop and users (chapter 2) in which they suggest that one way around
many of the potential legal liabilities a sysop might face with users
is to require a binding "caller contract" that explicitly delineates
the rights and obligations of each party. They provide a sample
contract (Appendix A) that, if implemented at the first-call in screen
progression format (any unwillingness to agree to the terms of the
contract prevents the caller from progressing into the system) that
they judge to be legally binding if the caller completes the contract
by agreeing to its terms.
The Appendixes also include a number of federal statutes that provide a
handy reference for readers. These include statues on child
pornography, state computer crime laws, and federal computer fraud and
abuse acts.
My one, in fact my only, objection to the book was to a rather
hyperbolic swipe at "pirate boards:"
Only a tiny minority of BBS's operate as "pirate
boards" for swapping stolen software, computer access codes,
viruses etc. When these criminal boards are seized and shut
down by the authorities everyone benefits (p. 6).
This rather excessive and simplistic view of "piracy" seems to
contradict both their intent to improve understanding of new
technology and corresponding behaviors by avoiding such extreme words
as "stolen software" and to clarify the nuances in various forms of
behavior in ways that distinguish between, for example, casual
swapping of copyright files and profiteering.
This, however, is a minor quibble (and will be taken up in future
issues of CuD focusing on piracy and the Software Publishers'
Association).
Syslaw should be required reading for all BBSers. Unfortunately, it is
available *only* from PC Information group, Inc. Those wishing to
obtain a copy can write the publisher at:
1125 East Broadway
Winona, MN 55987
Voice: (800-321-8285 / 507-452-2824
Fax: 507-452-0037
If ordering directly, add $3.00 (US) to the $34.95 price for shipping.
------------------------------
Date: 01 Dec 92 10:33:25 EST
From: Lance Rose <72230.2044@COMPUSERVE.COM>
Subject: File 6--Model BBS/User Contract (from SYSLAW)
Appendix A
Sample Caller Contract (from SysLaw)
The following sample contract provides some guidelines for a sysop's
contract with his or her callers. Everyone's BBS and services are a
little different, so it is not recommended that readers use this
sample in "plain vanilla" form as their own contract. If possible, ask
a lawyer comfortable with online activities to review the form and
recommend any changes necessary for your particular BBS.
BULLETIN BOARD SERVICES AGREEMENT
A. Introduction
We start every new caller relationship with a contract. It spells out
what you can expect from us, and what we expect from you. We do not
know each caller personally, so it is important to set out the ground
rules clearly in advance.
If you agree to what you read below, welcome to our system! An
instruction screen at the end of the contract will show you how to
sign up.
If you have any questions about any part of the contract, please send
us an e-mail about it! We will be glad to explain why these contract
provisions are important for our system. We are willing to work with
you on making changes if you can show us you have a better approach.
Please remember - until you and we have an agreement in place, you
will not receive full access to our system.
B. Access and Services.
(1) Access - We will give you full access to all file and message
areas on our system. Currently, these include:
Public message areas - reading and posting messages. We are also a
member of Fidonet, which means you can join in public discussions with
callers of other bulletin boards around the world.
File transfer areas - uploading, downloading files and browsing files
E-mail - sending and receiving messages (please see the section on
privacy, below)
Chat areas - real-time discussions with other callers who are online
at the same time as you
Gateways - permitting you to send e-mail to systems on other computer
networks. Currently, we have an Internet gateway in place, and we
operate as a Fidonet node.
(2) Services - We offer a variety of services to our callers, and are
adding more all the time. Our current services include:
Daily electronic news from nationally syndicated news services. Free
classified advertising for our callers, in an area subdivided into
different product categories.
Virus hotline - an area with frequently updated news on computer virus
outbreaks, new forms of virus detected, new ways to protect your
computer, and other matters of interest.
QMail (TM) services, allowing you to upload and download all messages
you are interested in batch form.
If you would like to set up a private discussion area on our system
for a group, we will be glad to do so for fees and terms to be
discussed.
(3) We may change or discontinue certain access or services on our
system for time to time. We will try to let you know about such
changes a month or more in advance.
C. Price and Payment
(1) We will charge you a monthly fee for using our system. For $15
per month, you can use our system each month for up to 40 hours of
connect time, and you can send up to 200 electronic mail messages. For
additional use, you will be required to pay additional charges of 50
cents an hour, and 10 cents per electronic mail message.
(2) Certain services on our system require additional fees. Please
review the complete price list in the Caller Information area before
signing up for any such services. The price list will tell you which
services are included in the standard monthly fee, and which are
extra.
(3) You may pay by check or by credit card. You will be given the
opportunity to choose the payment method when you sign up.
If you choose to pay by credit card, we will automatically bill the
amount due to your credit card account at the end of every month.
If you choose to pay by check, we will send you an invoice at the end
of every month. Payment is due within twenty days after we send your
invoice.
(4) We can change the prices and fees at any time, except that our
existing customers will receive two months notice of any change. All
price changes will be announced in opening screen bulletins.
D. System Rules
Besides payment, the only thing we ask from you is that you follow the
rules we set for use of the system. You will find our rules in two
places: in the following list here in the contract, and in the
bulletins posted at various points in the system.
Here are some of the basic rules for our system:
Respect other callers of the system. Feel free to express yourself,
but do not do anything to injure or harm others. In particular, if you
dislike someone else's ideas, you can attack the ideas, but not the
person.
We want people to speak freely on our system. But if you misuse that
freedom to abuse others, we will take the liberty of cutting that
discussion short.
Do not use our system for anything that might be illegal. This system
may not be used to encourage anything to do with illegal drugs,
gambling, pornography, prostitution, child pornography, robbery,
spreading computer viruses, cracking into private computer systems,
software infringement, trafficking in credit card codes, or other
crimes.
People sometimes have trouble figuring out whether certain activities
are illegal. It's usually not that hard. If it's illegal out there,
it's illegal in here! Using a bulletin board system to commit a crime
does not make it less of a crime. In fact, if you use a bulletin board
system to commit a crime, you're exposing the operators of the system,
and its other callers, to legal risks that should be yours alone.
If you genuinely do not know whether something you'd like to do is
legal or illegal, please discuss it with us before you proceed. And
if we tell you we do not want you to pursue your plans on our system,
please respect our decision.
Respect the security of our system. Do not try to gain access to
system areas private to ourselves, or to other callers. Some callers
try to crack system security just to show it can be done. Don't try to
demonstrate this on our system.
E. Privacy
We offer private electronic mail on our system as a service to our
callers. We will endeavor to keep all of your e-mail private,
viewable only by you and the person to whom you address it, except:
We, as system operators, may need to look at your electronic mail if
we believe it is necessary to protect ourselves or other callers from
injury or damage. For example, if we have reason to believe a caller
is involved in illegal activities, which creates a risk that our
system could be seized by the authorities, we will review his or her
electronic mail for our own protection. We will not, however, monitor
electronic mail unless we believe it is being misused.
We will not deliberately disclose electronic mail to other callers.
If we believe certain electronic mail is connected with illegal
activities, we may disclose it to the authorities to protect our
system, ourselves and other callers.
Remember that the person to whom you send electronic mail does not
need to keep it secret. The sender or receiver of electronic mail has
the right to make it public.
If the authorities ever search or seize our system, they may gain
access to your private electronic mail. In that case, we cannot assure
they will not review it. Remember that you have personal rights of
privacy that even the government cannot legally violate, though you
may have to go to court to enforce those rights.
F. Editorial Control
We want our system to be a worthwhile place for all of our callers.
This does not mean everyone can do whatever they choose on this
system, regardless of its effect on others. It is our job to
accommodate the common needs of all callers while striving to meet our
own goals for the system.
We will not monitor all messages and file transfers. We want to keep
the message and file traffic moving quickly and smoothly - this goal
would be defeated if we monitored everything on the system. However,
if we see (or hear about) messages or other activities that violate
the rules, threaten the order or security of the system, or use the
system in ways we do not agree with, we will take appropriate action.
Our editorial control includes normal housekeeping activities like
changing subject headers and deleting profanities in public messages
and selecting among uploaded files for those we wish to make available
for download. It also goes beyond that.
If a caller persists in posting messages or transferring files that we
previously warned him should not be on the system, those messages will
be deleted, and he or she may be locked out. If we discover any caller
violating the rules, especially the prohibition against illegal
activities, we will act firmly and swiftly. Depending on the
circumstances, the caller involved will be warned, or simply locked
out. If the caller has done anything to put us or other callers in
jeopardy, we may contact the authorities.
We do not plan on doing any of these things. If all callers act with
respect and regard for us and for other callers, there will never be
any problems. But if problems arise, we will assert control over our
system against any caller who threatens it. And in this Agreement, you
acknowledge that control.
G. Ownership of Materials
You shall retain all rights to all original messages you post and all
original files you upload. Likewise, you must respect the ownership
rights of others in their own messages and files. You may not post or
upload any messages or files unless you own them, or you have full
authority to transmit them to this system.
We own certain things you will find on this system, including the
"look and feel" of the system, the name of our system, and the
collective work copyright in sequences of public messages on our
system. You cannot reproduce any message thread from our system,
either electronically or in print, without our permission and the
permission of all participants in the thread. This is not a complete
list - other things on the system are also our property. Before you
copy anything from our system with plans of reproducing it or
distributing it, contact us about it.
H. Limitation of Liability and Indemnity.
The great danger for us, and for all operators of bulletin board
systems, is that we might be held accountable for the wrongful actions
of our callers. If one caller libels another caller, the injured
caller might blame us, even though the first caller was really at
fault. If a caller uploads a program with a computer virus, and other
callers' computers are damaged, we might be blamed even though the
virus was left on our board by a caller. If a caller transfers
illegal credit card information to another caller through private
electronic mail, we might be blamed even though we did nothing more
than unknowingly carry the message from one caller to another.
We did not start this system to take the blame for others' actions,
and we cannot afford to operate it if we must take that blame.
Accordingly, we need all callers to accept responsibility for their
own acts, and to accept that an act by another caller that damages
them must not be blamed on us, but on the other caller. These needs
are accomplished by the following paragraph:
You agree that we will not be responsible to you for any indirect,
consequential, special or punitive damages or losses you may incur in
connection with our system or any of the data or other materials
transmitted through or residing on our system, even if we have been
advised of the possibility of such damage or loss. In addition, you
agree to defend and indemnify us and hold us harmless from and against
any and all claims, proceedings, damages, injuries, liabilities,
losses, costs and expenses (including reasonable attorneys fees)
relating to any acts by you or materials or information transmitted by
you in connection with our system leading wholly or partially to
claims against us or our system by other callers or third parties.
I. Choice of Law
Our bulletin board system can be reached by callers from all fifty
states, and around the world. Each of these places has a different set
of laws. Since we cannot keep track of all these laws and their
requirements, you agree that the law of our own state, ________, will
apply to all matters relating to this Agreement and to our bulletin
board system. In addition, you agree and consent that if you ever take
legal action against us, the courts of our own state, _______, will
have exclusive jurisdiction over any such legal actions.
J. General
This agreement is the entire understanding between you and us
regarding your relationship to our bulletin board system. If either
you or we fail to notify the other of any violations of this
agreement, this will not mean that you or we cannot notify the other
of future violations of any part of this agreement.
[Contract sign-up process]
------------------------------
End of Computer Underground Digest #4.67
************************************
