**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 3, Issue #3.06 (February 23, 1991) ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet) ARCHIVISTS: Bob Krause / Alex Smith / Bob Kusumoto ROUTER AWAITER: Brendan Kehoe USENET readers can currently receive CuD as alt.society.cu-digest. Back issues are also available on Compuserve (in: DL0 of the IBMBBS sig), PC-EXEC BBS (414-789-4210), and at 1:100/345 for those on FIDOnet. Anonymous ftp sites: (1) ftp.cs.widener.edu (temporarily down); (2) cudarch@chsun1.uchicago.edu E-mail server: archive-server@chsun1.uchicago.edu. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. Some authors, however, do copyright their material, and those authors should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to the Computer Underground. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ CONTENTS THIS ISSUE: Subject: Moderators' Corner Subject: From the Mailbag Subject: message for help about archive server Subject: Felony Charges Dropped against Phiber Optik Subject: The FBI Comes Rapping, Rapping at Your BBS Subject: Some Thoughts on Government Actions ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ---------------------------------------------------------------------- ******************************************************************** *** CuD #3.06, File 1 of 6: Moderator's corner *** ******************************************************************** From: Moderators Subject: Moderators' Corner Date: February 23, 1991 A few comments in list format: 1) The Len Rose case is still pending. It is currently on a day-by-day status as discussions occur. More on this later. 2) The concern about privacy and First Amendment issues in cyberspace continues. We are re-printing Brock Meeks' original "FBI" article (see file 5 below) because it has aroused renewed interest. Brock also wrote a recent story on the FBI running "sting"-type operations which we encourage all to read. The concern impels us to do a special issue on it all within the next few weeks. 3) For the next month or so, CuD will be coming out about bi-weekly because of time constraints. Gordon has been transferred to Pennsylvania, but will be commuting between the east and west coasts every two weeks as part of his employment. Jim's publishers have lost all sense of humor and are demanding the two promised books, long past deadline. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Moderators Subject: From the Mailbag Date: 23 February, 1991 ******************************************************************** *** CuD #3.06: File 2 of 6: From the Mailbag *** ******************************************************************** From: louisg Subject: posttocomp.org.eff.talk Date: Thu, 21 Feb 91 1:48:12 CST Has anyone seen the announcement for the Ides of March computer conference? The reason it caught my attention is that one of the speakers is Gail Thackery. My question is: why? Why is Gail speaking at a computer conference? What does she know about computers? She probably does know a lot about prosecution, I don't doubt her ability as a lawyer, but what does she know about computer crime specifically? Ok. We all know what she was involved in, but that just proves my point further. Those aren't exactly what you would call "clean" busts. And with Sundevil, there weren't even that many (any?) busts made. It doesn't say much for her ability to prosecute computer crime. What exactly is she going to speak about? I can't figure that out. Maybe she's going to explain what KERMIT is or something. Though, she should explain that to law enforcement officials. See, that's where I have this problem. Here we have an individual speaking at an industry conference, and this individual is not in the industry. She does not affect the industry except in destructive ways (if you want a list on how it's been destructive, E-mail me. It's too long for here). And with her being on the Well and all, and now there's a rumor of her getting some type of "honor" with Barlow at the Comps, Sec, and Priv conference, I'm beginning to wonder how one becomes an authority on computers. Why not honor some beat cops who find some stolen PC's? They have about as much to do with computer crime and how it relates to the industry as Gail. This is ridiculous. Does anyone else see politics or something coming into play here or is it just me? If what law enforcement says is true, that most computer crime goes unreported since companies don't want to publicly admit that they have security problems, then aren't the companies bigger authorities on computer crime than lawyers and cops and feds and what have you? What can Gail tell an employee of AT&T or IBM or DEC or Maxis or Sierra or whoever that they don't already know, and probably know better? She can't tell them how systems are broken into. She can't tell them about a "ring" of hackers/phreaks since there is no such animal. She probably can't even tell them what a macro is. Just what we need. The few decent people in the industry jumping in bed with fascists. Ha! I'm conservative and a capitalist and all that, but I still wouldn't throw what few morals I have out the door for an extra buck or my name in lights or anything. See, I agree with companies when they say that they don't want some punks breaking into their computers. I can even agree with arresting people who do. What I can't agree with is persecuting people (ala Len Rose) or widespread terror tactics (ala Sundevil). If I were a hacker I'd rather have AT&T's internal security knocking at my door rather than Gail & Co. seeing what they've done to people. The only reason I can see for Gail to be there is to bury the hatchet. Well, when you bury the hatchet with people who are experts at wielding one, you can bet it'll end up in your back in the end. Flames gratefully accepted. Louis Giliberto louisg@vpnet.chi.il.us ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From: pmccurdy@CUP.PORTAL.COM Subject: CompuSec in the news Date: Fri, 15 Feb 91 16:29:52 PST Here in Northern California we have a free computer magazine called Microtimes. It is in a 10 1/2 x 13" format computer mag that has picked up quite a bit of popularity over the last couple of years. It used to be just a place to read advertisements, but these days it has occasional interesting articles, too. The latest issue has a cover suite on computer security. From the table of contents: *Computer Crime: Beyond The Headlines An Interview With Dorothy Denning* by John Perry Barlow Computer security expert Denning and self-proclaimed cognitive dissident Barlow discuss system break-ins, hacker culture, recent court cases, and long-term issues. *Why Defend Hackers?* by Mitch Kapor Lotus founder and Electronic Frontier Foundation chairman Kapor explains what the fledgling EFF organization is up to, and why. *Realizable Fantasies* by Jim Warren Computers, freedom, and privacy - new technology poses new problems and questions. *Cliff Stoll's Practical Security Tips* by Mary Eisenhart *Security In the Single-PC Office* by Paul Hoffman *Risk Assessment For Your Computer System* by Mikael Blaisdell How to determine your security needs and solve them in a cost-effective manner. *Bulletin Boards and the Virus Plague* by Jack Rickard *Computer Security: Information Without Hysteria* by B. McMullen and John McMullen [A review of two new books; *Computers Under Attack*, Peter J. Denning (ACM), and *Computers At Risk*, National Academy Press. Both sound worth reading.] ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From: decwrl!fernwood!well!jwarren@LLL-WINKEN.LLNL.GOV(Jim Warren) Subject: CompFreePriv Conf Reg Scholarships Date: Thu, 21 Feb 91 21:39:22 pst TEN FULL REGISTRATION SCHOLARSHIPS FOR COMPUTERS, FREEDOM & PRIVACY CONF John Gilmore of Cygnus Support has offered (and prepaid) ten full Registration Scholarships for college and university students wishing to attend the four-day First Conference on Computers, Freedom & Privacy, March 25-28, 1991, at the SFO Marriott near the San Francisco International Airport in Burlingame, California. Students wishing to apply for one of these full-paid registrations should send a *one*-page-only request, to arrive no later than March 10th. They should concisely provide the following information in that one page: 1. Personal information (name, address, phones, possible fax#, etc.) 2. Current college or university, major, areas of special interest, grad/undergrad status and expected graduation date. We are especially seeking students majoring in law, law enforcement, political science, journalism, business, information science and related disciplines. 3. A specific statement that they are certain they can arrange all needed travel and accomodations for the four-day event. 4. A specific statement that they will attend the full four days of the event from Monday, 9am, to Thursday, 5:30pm, including the Tuesday and Wednesday dinner sessions (also prepaid). 5. A paragraph stating why they are interested in attending the event. 6. A paragraph stating what they might, or hope to, do with information and insights gleaned from this Conference. The one-page letter or fax should arrive no later than March 10th, sent to: John Gilmore Liberty Scholarships (fax is fine) CFP Conference, 345 Swett Road, Woodside CA 94062; fax/415-851-2814 The ten recipients will be notified no later than March 15th, but may be notified much earlier. (Due to the very tight time constraints, we reserve the right to grant awards to especially deserving applicants before the March 10th deadline.) P.S. -- MAKE HOTEL RESERVATIONS *SOON*! If you are planning on attending the CFP Conference, but have not yet made your reservations at the Marriott (800-228-9290 #3), you should do so ASAP, if you wish to be assured the special $99 Conference discount rate. As we approach the March 25th Conference opening, the Marriott is permitted to release unbooked rooms -- which means they either won't be available, or may require much higher rates (rack rates are $140). Use it or loose it! :-) --Jim Warren, CFP Conference Chair ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From: The Friendly Folk at NIA (Network Information Access) Subject: What is NIA? From: samp@NUCHAT.SCCSI.COM(Sam Parikh) Date: Fri, 1 Date: Feb 91 15:48 CST Network Information Access is a text magazine, that relates to the underground telecom industry. Articles range from Unix, Vax, and such systems. Covering everything from computer crime down to the latest computer bug that is floating around. If you have ever read Phrack, LOD, PHUN, and magazines of that type of nature, we are somewhat like that. But more/less reframed then those. Currently we have 69 issues out, around the middle/end of each month we will mail off the next current issue. All BACK ISSUES can be found at the CUD (Computer Underground Digest) archive site, please refer to CUD for more information or subscribe to their echo at comp.alt.society.cu-digest. There is no actual "deadline" for articles, reports or papers to be submitted, so if you HAVE anything, or are WORKING on something, please think of us first. If you have anything to send to NIA, send the completed work, as YOU WANT it to appear in our newsletter and after reviewing your article, checking to see if we can include it in our NEXT mailing it will go out when our next issue is released. All articles are to be sent to elisem@nuchat.sccsi.com. All addresses sent to NIA to be added to our mailing list is kept in the stricket confidence, we do NOT give out our list, So YOUR ADDRESS is kept confidential and private, and so as not to have your address flooded w/ hundreds of "Please subscribe to MY newsletter" type mailings. If an address bounces back as "UNKNOWN" or to such, we will delete that address off of our list, so if you change your address, make sure you notify us of the change or you will loose the next issue. If your mailer can NOT handle files in range of 200k send a note of that to us, so that we can make the appropriate changes and get you the latest copy. I hope that this explains to you what NIA is and hopefully you'll continue to read us, pass us around, and heck, recommend us to a friend. Creators: Judge Dredd and Guardian Of Time elisem@nuchat.sccsi.com ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: kusumoto@CHSUN1.UCHICAGO.EDU(Bob Kusumoto) Subject: message for help about archive server Date: Wed, 20 Feb 91 19:12:07 CST ******************************************************************** *** CuD #3.06: File 3 of 6: CuD Archive Server *** ******************************************************************** Some people seem to be having problems using the email archive server based here. Here are some helpful hints: a) place all commands to the archive server in the BODY of the message. The server will ignore commands on the subject line. b) do not use any slashes ('/') in any command. The server does not know how to handle commands with slashes in the command. c) use the "path" command. Although we do have a fairly smart mailer, it's not foolproof. This is especially true for sites that are not directly on the Internet. UUCP sites should locate a node on the Internet (like uunet) and use it as a base. Bitnet sites should add the suffix .bitnet to the end of their hostname. For example: path uunet.uu.net!nexthost!myhost!me path me@bithost.bitnet This should eliminate problems getting to you. d) If you're asking for many files, it helps to break up the send command into multiple files. This is especially true for large files. For example: send cud cud1.01 send cud cud1.02 send cud cud1.03 is better than send cud cud1.01 cud1.02 cud1.03 e) Some helpful commands that the server knows: index index cud send cud cud-arch send cud chsun1.email.files Also, try and keep the files you request per send command to under 45000 bytes. Anything much larger than that will not be sent. If you want very large files, send a special request to archive-management@chsun1.uchicago.edu and special arrangements will be made. f) This is not the address for requesting futures issues of CuD to be mailed to you. You should send those requests to: TK0JUT2@NIU.bitnet and place the address for being placed on the mailing list. Thanks, Bob Kusumoto chsun1 archive management ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: NEWSBYTES (reprint) by John F. McMullen Subject: Felony Charges Dropped against Phiber Optik Date: February 20, 1991 ******************************************************************** *** CuD #3.06: File 4 of 6: No Felony Charges against Phiber O. *** ******************************************************************** FELONY CHARGES DROPPED AGAINST "HACKER" 2/20/91 NEW YORK, NEW YORK, U.S.A., 1991 FEB 20(NB) -- The felony charges of computer tampering and computer trespass have been dropped against Mark Abene, known throughout the "hacker world" as "Phiber Optic". Abene pleaded guilty to a misdemeanor charge of unauthorized use of a computer and will be sentenced on April 4th on that count. The arrest of Abene by New York State Police on February 5th followed over a year of uncertainty for Abene who had computer equipment and notes seized during the execution of a search warrant on January 24th, 1990. At the time of the arrest, it was alleged that Abene had electronically invaded a New York Telephone Company computer and activated an unused telephone number. He then supposedly arranged call forwarding to a "900" number to provide free access to an otherwise chargeable service. These allegations led to Abene being charged with the two felonies and a misdemeanor for theft of services. The dropping of the felony charges on February 19th in New York state court was accompanied by a changing of the theft of services charge to one alleging unauthorized use of a computer and it was the new charge to which Abene pleaded guilty. Abene's attorney, Carol Grumbach of the firm of Levinson & Kaplan told Newsbytes that she expects the April 4th sentencing to result in Abene being granted youthful offender status and court records sealed as a result. She also expects the remaining charge to be conditionally discharged based on Abene's performance of community service activities. Abene, commenting on the resolution of the case, told Newsbytes "I'm very glad that this is over. At least now, I know where I stand and that's much better than it's been for the last year." Abene also said that the computer equipment seized is still in the custody of the authorities and that it is, as yet, unclear when it is to be returned. On the same day in 1990 that the Abene's equipment was seized, search warrants were also executed by New York State Police and United States Secret Service agents on three other New York residents known by the hacker names "Acid Phreak", "Scorpion" and "Flash". Newsbytes was told by informed sources that Acid Phreak and Scorpion have been notified by the United States Attorney for the Eastern District of New York that they are to be charged under federal statutes for computer-related crimes. Newsbytes was also told at the time of the Abene arrest that it was decided to charge him under state law because his age at the time of the alleged incident would have resulted in his classification as a minor under federal law. He was charged as an adult under New York law. Flash was arrested on February 13th by New York State Police and U.S. Secret Service agents. was identified as Albert Kong, 23 and charged with felony counts of computer trespass and 2nd degree grand larceny. At the time of the arrest, New York State Police Senior Investigator Donald Delaney told Newsbytes that there was no apparent connection between the Kong case and the other cases. (Barbara E. McMullen & John F. McMullen ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Brock Meeks (Reprinted with permission) Subject: The FBI Comes Rapping, Rapping at Your BBS Date: February 21, 1991 ******************************************************************** *** CuD #3.06: File 5 of 6: The FBI Comes Rapping..... *** ******************************************************************** COPYRIGHT (C) 1991 BROCK N. MEEKS INDIVIDUALS MAY COPY THIS ARTICLE TO DISK FOR PERSONAL USE. TRANSMISSION OF ANY KIND IS PROHIBITED WITHOUT CONSENT OF AUTHOR The FBI Comes Rapping, Rapping At Your BBS by Brock N. Meeks (first published in MICROTIMES #44, June 1988) If that new user on your local bulletin board system (BBS) seems to be asking a few too many personal questions, you might want to reconsider answering, unless of course, you don't mind your answers being stored in a database maintained by the Federal Bureau of Investigation (FBI). That new user just might be a member of a special FBI task force scouring the nation's electronic landscape. Or so contends Glen L. Roberts, director of _The FBI Project_ which publishes _The FBI and Your BBS_ and a privacy/surveillance newsletter called _Full Disclosure_. "Now wait a minute," you say, "That smacks of radical LaRouche-type paranoid rhetoric!" OK, so I was a bit leery, too. After all the FBI is such an easy target. Then I started rummaging through an old, coffee cup-ringed file labeled only "FBI/Computer Squad." In there I found several old clippings and other documentation that started to back up Roberts' statements. If You Dig, You Hit Dirt ========================= In 1984 a short series of discreet advertisements. placed by the FBI, appeared in a few computer trade publications and in _The Wall Street Journal_. The message was simple, and went something like: "We're looking for computer literate persons to join the Bureau." There was no mention of any special task force; however, it was clear that the Bureau wanted to upgrade their high-tech prowess. Although the FBI won't confirm the existance of a computerized "hit squad," a public relations officer from the Bureau did confirm that they "have made an extraordinary effort to recruit more technically oriented personnel" since 1984. If you dig hard enough, you'll find substantial evidence that the FBI is most definitely working overtime in its efforts to monitor the electronic community. "They are desperately wary of the way information flows so freely in this medium," says Roberts. There was a number scrawled on the inside flap of that dog-earred folder. It was annotated "Former agent; possible source." I called the number; I got a story. "I was recruited in 1983 by the FBI for my computer skills," the former agent told me. Because he stills does some consulting for the Bureau, he asked not to be identified, but he laid out a very specific plan by the FBI to increase their knowledge of the electronic communications world. He confided, "If the Bureau is monitoring BBSs, it's a small group." Much more likely, he offered, the FBI is drawing on the expertise of a small band of high-tech freelance snoops to augment their staff, until their skills are honed. One member of this freelance team is the well-known John Maxfield. He's appeared in everything from the _Washington Post_ to the Today Show to _MicroTimes_, bragging about his undercover infiltration of "criminal BBSs" on behalf of the FBI. (When I asked a 17-year-old hacker from Texas why no one's taken out Maxfield, via computer, the kid told me: "He's too visible; he's guarded pretty well as far as his computer records go; we've tried.") Tradition ========= Certainly the FBI has a tradition of "investigating" groups of people it deems "unsavory" or threatening. Recent published reports told of how the FBI has gathered files on several pro- Sandanista groups here in the U.S. This type of information gathering process seems to be standard operating procedure for them. The _New York Times_ broke a story last year on its front page that detailed how FBI agents were visiting New York city libraries and asking the librarians to monitor certain people and keep a record of the books they checked out; the list would be given to the agent at a later date. NYC librarians flatly declined the FBI offer. Perhaps the most startling aspect of the story was the "it doesn't hurt to ask" attitude that flowed from the FBI when they were confronted and asked for an explanation. In Roberts' _The FBI and Your BBS_, the a brief history of the FBI's willingness to gather all known information on a target group is outlined. Pulling from the Final Report of the Select (Senate) Committee to Study Governmental Operations with respect to Intelligence Activities, Book IV, Supplemenatry Reports on Intelligence Activities, Roberts includes this excerpt: "Detectives were sent to local radical publishing houses to take their books. In addition, they were to find every private collection or library in the possession of any radical, and to make the arrangements for obtaining them in their entirety. Thus, when the GID (General Intelligence Division) discovered an obscure Italian born philosopher who had a unique collection of books on the theory of anarchism, his lodgings were raided by the Bureau and his valuable collection become one more involuntary contribution to the huge and ever-growing library of the GID. [pages 87-88]." Change "any radical" to "any BBS" and "book" to "disk" and quite suddenly the electronic landscape turns into a winter still-life. Data Collection ================ Roberts, quoting from his report, says, "Unlike other communications media, information on a BBS does not get read by anyone before its instantaneous publication. Therefore, the FBI has much less of a possibility of intimidateing the owner of a BBS into _not_ publishing certain information. The FBI also acts as if BBSs have a monopoly on the distribution of so-called 'illegal information.' The FBI often uses this 'danger' as justification to monitor the activities on these systems. In reality, however, BBSs transfer much less 'illegal information' than the phone system." Roberts statements are worth noting in light of the government's increased interest in the marriage of criminal activity and electronic communications. A 455-page report issued by the President's Commission on Organized Crime, dealing with drug abuse and traffiking cites that fact that crime has moved into the high-tech arena. The report states "To the extent that law enforcement agencies' capabilities and equipment are inferior to those of drug traffickers, immediate steps should be taken to rectify the situation." The report then recommends that _data-gathering_ efforts of several agencies (including the FBI) should be tied together in one "all-source intelligence and operations center." The spirit of that document is being embraced by the long-distance phone companies. Tired of the multi-million dollar losses due to stolen or illegally acquired access codes, these companies are circling the wagons in a spirit of high-tech cooperative surveillance never before experienced in the commercial world. Quoting from a _Washington Post_ article, here's what Robert Fox, US Sprint's director of security, says: "To shut down theft, the companies use each other's security services and the help of local law enforcement officials, the Secret Service and the Federal Bureau of Investigation. Your major toll carriers may be competitors, but in this one instance we share information and resourses. We do everything from technical to on-street surveillance." Evidence that the FBI is actively monitoring BBSs also came to light in the case of a Denver talk show host that was assassinated by a neo-Nazi group, white supremacy group. When it was discovered that Robert Miles, one of the defendants, was a "computer wizard" the FBI began tracking his communications with other neo-nazi groups; the FBI found out, and mapped, an intricate network of BBSs, by placing a bug in his home. Where was bug placed? Inside Miles' modem. Why there? Simple. Any calls he made with his modem would be to other online sources; in this way, the FBI reasoned, they could chart the (nationwide) network of neo-nazi BBSs, thus following their standing tradition of "keeping tabs" on organizations, much like they did in the '60s when they had agents infiltrate several radical organizations. Any Problem Here? ================= There are no laws prohibiting the FBI (or other agencies) from monitoring the public message traffic on a BBS; the Electronic Communications Privacy Act of 1986 protects private messages and privately stored files only. But what about an FBI agent monitoring a BBS solely for the purpose of gathering information on the board's users? Any problem here? The former FBI agent I spoke with raised the concern that such casual monitoring might be a violation of the 1968 Wiretap Act. "In order for a wire tap, you have to get a court order. Now if an FBI agent is monitoring a BBS to gather information, that becomes an interesting question, because there are very specific federal rules 'At what point does monitoring turn into a wiretap-like act?'" Good point. And the upshot is: there are no rules. Unless that agent is asking for private message traffic, he can, without impunity, monitor, store, and otherwise manipulate your public messages as he sees fit. Roberts points out that a BBS with public access is fair game for any kind of governmental snooping. But there is a way to make such casual snooping by a federal agent a crime. "If you want your BBS readily accessible to the public but want to protect against unwarranted monitoring, you have to provide a warning to prospective users," says Roberts. "It should read: 'This BBS is a private system. Only private citizens who are not involved in government or law enforcement activities are authorized to use it. The users are not authorized to divulge any information gained from this system to any government or law enforcement agency or employee.'" This does two things. It makes the board "private" in that the sysop decides who gets access and who does not. This isn't so unusual; most BBSs now have some sort of validation anyway. Second, it makes any kind of monitoring by the FBI (or other agencies, such as the Secret Service) a criminal offense, and forces them to use the established guidelines of gaining information via a court ordered search warrant. The warning also protects you in another way: it stops "freelancers" from doing the Bureau's work. Get Real ========= How real is the possibility of the FBI monitoring your BBS? _Slim_. Unless of course you happen to run a board dedicated to say, the Sanctity Movement, or one that supports the Sandanistas or . . . any topic perceived to be of a questionable nature by the FBI. The stories provided here bear out, if nothing else, an increased interest by the FBI in electronic messaging. How extensive is the FBI's actual fact gathering by monitoring BBSs? No one knows really knows. However, given the history of Bureau, and the hard facts that crime in the information age makes full use of all the technology it can get its hands on, it's a small leap to believe that at least specific monitoring, of certain target groups, is taking place. (Given the manpower shortage of the Bureau, and its overwhelming case load, I would find it hard to argue for large-scale indiscriminate monitoring.) Where does that leave you and me in all this? Back to square one, watching carefully what we say online. If you're a member of a "controversial" BBS, you might pass the concerns of Roberts on to your sysop. If you are a sysop, you might want to consider adding a bit of protection to the board . . . for the rest of us. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Brock Meeks is a San Diego-based columnist. His favorite radical BBS is . . . well . . . private. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: pmccurdy@CUP.PORTAL.COM Subject: Some Thoughts on Government Actions Date: Fri, 22 Feb 91 07:36:12 PST ******************************************************************** *** CuD #3.06: File 6 of 6: Some Thoughts on Gov't Actions *** ******************************************************************** In CuD 2.15, the moderators ask "What is the relationship between law enforcement and the media?" Later, they state "One of our goals is to expand their literacy." I have combined (and slightly modified) these two ideas and arrived at the central theme of this article. THE NATURE OF THE BEAST We of the CU tend to see our cyberworld as an extension of the real world. Even the terminology in use among computer folks supports this. By merely sitting at your system and striking keys or manipulating your rodent, you can "enter" another system, "take" or "move" files and programs. Beyond the way we picture these things and the terminology we use, the courts have enacted laws (at all levels of government) that give a legal basis to the idea that the whole of a computer file is more than merely the sum of its individual electronic bits. Let's look at this idea from another angle. No one will dispute that an author should be able to copyright a book or that an inventor should be able to patent a widget. But what is a program (or text file) other than a new means of representing the author's printed word or the work of a clever inventor? So, aside from a few subtle issues (thoughtfully discoursed by the likes of Dark Adept, Offer Inbar, David Daniels, et al), we all agree on the need for laws that protect electronic property and privacy just as we have laws that protect personal property and privacy. THE ABUSES OF LAW ENFORCEMENT AGENCIES (LEAs) As a self-styled libertarian, it makes me sick to read about the continued abuses perpetrated by overzealous LEAs upon the members of the computing community. I am an optimist at heart and I find it hard to believe that the people who work in these LEAs are as vindictive, or at least as ignorant, as they at first glance appear. As ever more reports of their abuses mount, however, I find it hard to maintain a positive attitude. No reader of this journal needs to be reminded of all the LEA abuses of the last few years. Two acts, however, stand out in my mind as worth recounting. The first involves the seizure of, among many other things of questionable use to an investigation, a laser printer at Steve Jackson Games. The reason given buy the US Secret Service (SS) for its confiscation was that it had RAM. One of two things must be true here. Either the agents serving the warrant were so ignorant of computer technology that they believed that printer RAM could be used in illegal activities (in which case they shouldn't have been working on this type of case), or the seizure of the printer was committed as a punitive act against the EMPLOYER of a SUSPECTED perpetrator of a criminal act. If the latter is the case, and I believe it is, then it is an utterly reprehensible (and possibly illegal) act. The second act that stands out in my mind is the use by the SS of a paid, volunteer informant in the E911 case. The details about the exact nature of how the SS used this informant are not yet clear. From what is currently known, however (see CuD 3.02), it appears that the SS's use of this miscreant borders very closely on entrapment. I won't even get myself started commenting on the kind of detestable SLIME that would *volunteer* to due this kind of work. AN EXAMINATION OF WHAT MOTIVATES LEA'S To say that LEAs have been overzealous in their investigations of computer crime is a gross understatement. It won't do us any good merely to point fingers at the first "bad guy" we see; identifying the culprit won't solve the problem. We need to look beyond the immediate problem; we need to look at the underlying causes of the problem if we are to discover what we can do to improve the situation. LEAs are run by Directors who sit in Washington fighting for funds with which to run their organizations. Inasmuch, they are heavily influenced by politicians on Capitol Hill who are, in turn, primarily influenced by public opinion. Now, on the subject of computer crime (among many others), the public is predominantly influenced by the media. Therein lies the problem. The media have seldom shied away from writing about a subject, even when the facts are slim or when their understanding of an issue is nil. This becomes painfully apparent when you read articles about computer crime, viruses, hackers, etc. Until last year, I worked in security, concentrating on computer security. I considered it a professional responsibility to read every article I could find on topics relating to computer security. With few exceptions, these articles merely rehashed material from previous articles, perpetuated misconceptions, and consistently fed the public hysteria that computer hackers were hell-bent on destroying Western Civilization. I am reminded of a line from the movie Ghostbusters. After informing the group that it would be "bad" to cross the beams on their nuclear accelerators, Egon is asked to define "bad." "Imagine every molecule in your body exploding at the speed of light" he explains, "and all life as we know it ceasing to exist." It is in just such a manner that the media portrays the issue of computer crime. So that is the scenario: A uninformed media has whipped an ignorant public into a frenzy. The public puts pressure on politicians (who are genetically incapable of accepting responsibility) who, in turn, pressure LEAs for results. LEAs, no more computer literate than the media or public, react by seeking immediate results. Civil rights are trodden upon. THE CRUX OF THE MATTER The underlying theme in the scenario that I have described is ignorance or a lack of even a minimal amount of computer literacy. The media, the public, and the LEAs are all ignorant of the technologies, as well as the associated social issues, relevant to this matter. These social issues in particular can only be truly appreciated and understood by those with a level of computer literacy that is plainly absent in most of the parties to this problem. I have now stretched the blame for this problem from the LEAs, to politicians, and on to the media and public. But the responsibility for the problem does not entirely end there. A good argument can be made that we in the computing community, too, must take a measure of responsibility. For too long we have been content to live in our own little piece of cyberspace, enjoying the blinding pace of advances in computing technologies, and ignoring the problems and issues that accompanied these technologies. We can no longer sit on the sidelines and watch. These issues are real, they affect us all, and we must all work to solve them. WHAT WE CAN DO So what can we, as individuals, do to help solve this problem? If you accept the premise that a lack of computer literacy (including the related social issues) is the underlying problem, then the answer is clear. It is incumbent upon us to educate the uneducated. In summing up his article in CUD 2.15, Dark Adept enjoined us to help out the EFF, fight for our rights using only legal means, not to hack security but to build public access systems, and to expose the truth every chance we get. I couldn't agree with him more. In his excellent book "The Cuckoo's Egg", Cliff Stoll makes the point that the mere *impression* of computer crime endangers the thin veil of trust upon which most networks are built. We cannot be content with merely maintaining current networks, we need to encourage creation of more and larger networks. We must lead exemplary electronic lives; we cannot tolerate criminal activity or any other activity that puts at risk our access to information networks. Beyond this, however, we must strive to educate all others involved with this issue: the media, the public, and the government. "But that's everyone!", you say? That's right. We have to do our best to raise everyone's level of computer literacy to the point where the average Joe (or Jane) on the street would experience the same level of disgust as the rest of us at acts such as the seizure of a laser printer. IN SUMMARY So there it is. We must continue to discuss these issues (hats off to CUD), keep our electronic delvings legal, and educate the world. The first two are easy. Educating the world will be the real challenge. To once again quote Dark Adept, "The only way to conclusively affect the existence of the underground is to affect society." ******************************************************************** ------------------------------ **END OF CuD #3.06** ********************************************************************