Computer underground Digest Sun Apr 4 1993 Volume 5 : Issue 25
ISSN 1004-042X

Editors: Jim Thomas and Gordon Meyer ([email protected])
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Copp Editor: Etaoin Shrdlu, Senior

CONTENTS, #5.25 (Apr 4 1993)
File 1--CPSR Wins SSN Privacy Case
File 2--Re: Debating the Virus contest - 1 (#5.23)
File 3--Re: Debating the Virus contest - 2 (#5.23)
File 4--Re: Debating the Virus contest - 3 (#5.23)
File 5--USPS Freedom of Information Act Requests
File 6--Collecting Cu Files (From "LOD")
File 7--CU in the news
File 8--Comments on SJG Decision (GRID News)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically from [email protected]. The
editors may be contacted by voice (815-753-6430), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115.

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on the PC-EXEC BBS at (414) 789-4210;
in Europe from the ComNet in Luxembourg BBS (++352) 466893;

ANONYMOUS FTP SITES:
UNITED STATES: ftp.eff.org (192.88.144.4) in /pub/cud
uglymouse.css.itd.umich.edu (141.211.182.53) in /pub/CuD/cud
halcyon.com( 202.135.191.2) in /pub/mirror/cud
AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD.
EUROPE: nic.funet.fi in pub/doc/cud. (Finland)
ftp.warwick.ac.uk in pub/cud (United Kingdom)

Back issues also may be obtained through mailservers at:
[email protected] or [email protected]

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.

----------------------------------------------------------------------

Date: Fri, 26 Mar 1993 17:03:43 EST
From: Marc Rotenberg
Subject: File 1--CPSR Wins SSN Privacy Case

CPSR Wins SSN Privacy Case

PRESS RELEASE

March 26, 1993

"FEDERAL APPEALS COURT UPHOLDS PRIVACY:
USE OF SOCIAL SECURITY NUMBER LIMITED
- - - -
CPSR Expresses Support for Decision"

A federal court of appeals has ruled that Virginia's divulgence of the
Social Security numbers of registered voters violates the
Constitution. The Court said that Virginia's registration scheme
places an "intolerable burden" on the right to vote.

The result comes nearly two years after Marc Greidinger, a
resident of Falmouth, Virginia, first tried to register to vote. Mr.
Greidinger said that he found it nearly impossible to obtain a
driver's license, open accounts with local utilities or even rent a
video without encountering demands for his Social Security number.

Mr. Greidinger told the New York Times this week that when the
State of Virginia refused to register him as a voter unless he
provided his Social Security number he decided to take action. He
brought suit against the state, and argued that Virginia should stop
publishing the Social Security numbers of voters.

This week a federal appeals court in Richmond, Virginia ruled
that the state's practice constituted "a profound invasion of privacy"
and emphasized the "egregiousness of the harm" that could result from
dissemination of an individual's SSN.

Computer Professionals for Social Responsibility (CPSR), a
national membership organization of professionals in the computing
field, joined with Mr. Greidinger in the effort to change the Virginia
system. CPSR, which had testified before the U.S. Congress and the
state legislature in Virginia about growing problems with the misuse
of the SSN, provided both technical and legal support to Mr.
Greidinger. CPSR also worked with Paul Wolfson of the Public Citizen
Litigation Group, who argued the case for Mr. Greidinger.

In an amicus brief filed with the court, CPSR noted the
long-standing interest of the computing profession in the design of
safe information systems and the particular concerns about the misuse
of the SSN. The CPSR brief traced the history of the SSN provisions
in the 1974 Privacy Act. The brief also described how the widespread
use of SSNs had led to a proliferation of banking and credit crime and
how SSNs were used to fraudulently obtain credit records and federal
benefits.

CPSR argued that the privacy risk created by Virginia's
collection and disclosure of Social Security numbers was unnecessary
and that other procedures could address the State's concerns about
records management.

This week the court of appeals ruled that the state of
Virginia must discontinue the publication of the Social Security
numbers of registered voters. The
court noted that when Congress passed the Privacy Act of 1974 to
restrict the use of the Social Security number, the misuse of the SSN
was "one of the most serious manifestations of privacy concerns in the
Nation."

The Court then said that since 1974, concerns about SSN
confidentiality have "become significantly more compelling. For
example, armed with one's SSN, an unscrupulous individual could obtain
a person's welfare benefits, or Social Security benefits, order new
checks at a new address, obtain credit cards, or even obtain the
person's paycheck."

The Court said that Virginia's voter registration scheme would
"compel a would-be voter in Virginia to consent to the possibility of
a profound invasion of privacy when exercising the fundamental right
to vote."

The Court held that Virginia must either stop collecting the
SSN or stop publicly disclosing it.

Marc Rotenberg, director of the CPSR Washington office said,
"We are extremely pleased with the Court's decision. It is a
remarkable case, and a real tribute to Marc Greidinger's efforts.
Still, there are many concerns remaining about the misuse of the
Social Security number. We would like to see public and private
organizations find other forms of identification for their computing
systems. As the federal court made clear, there are real risks in the
misuse of the Social Security number."

Mr. Rotenberg also said that he hoped the White House task
force currently studying plans for a national health care claims
payment system would develop an identification scheme that did not
rely on the Social Security Number. "The privacy concerns with
medical records are particularly acute. It would be a serious design
error to use the SSN," said Mr. Rotenberg.

Cable News Network (CNN) will run a special segment on the
Social Security number and the significance of the Greidinger case on
Sunday evening, March 28, 1993. The Court's opinion is available from
the CPSR Internet Library via Gopher/ftp/WAIS. The file name is
"cpsr/ssn/greidinger_opinion.txt". The CPSR amicus brief is available
as "cpsr/ssn/greidinger_brief.txt".

CPSR is a national membership organization, based in Palo
Alto, California. CPSR conducts many activities to protect privacy
and civil liberties. Membership is open to the public and support is
welcome. For more information about CPSR, please contact, CPSR, P.O.
Box 717, Palo Alto, CA 94302, call 415/322-3778 or email
[email protected].

------------------------------

Date: Mon, 29 Mar 1993 13:29:18 -0500 (CST)
From: THe ADvocate
Subject: File 2--Re: Debating the Virus contest - 1 (#5.23)

In CuD #5.23, roy%[email protected](Roy) writes:

> Let's just say I decided to have a bomb making contest. This is for
> the purely scientific purpose of studying how bombs work, and allowing
> people to study different ways to defuse bombs. I am going to award
> some cash to the winner and publish the plans for making the bomb in
> my soon-to-be-released book called "The Little Black Book of Bomb
> Making Techniques".

This man has obviously never heard of the Anarchists cookbook.
The poor Mans James Bond or even Army Pub NN-XX Unconventional Munitions.
All available at a bookstore near you:-)

> So, the book gets published and sells lots of copies. Mark Ludwig
> arrives home one day to find that his place of residence has been
> destroyed by a huge bomb. It just so happens that the type of bomb
> used is the same award winning explosive device as I published in my
> book.

Kinda like the peoples whose homes get blown up by White supremacists
or clinics bombed by anti-abortion fanatics?

> Surely, Mr. Ludwig would not hold me responsible for the destruction
> of his home caused by someone who decided to implement the plans I
> presented purely for "scientific research purposes".

Too date, no case has been carried against a publisher for this
kind of material. Soldier of fortune magazine was struck in a
case for libel regarding publishing an ad for Murder for Hire
services. I am not sure of the status of the case.

> Roy Batchelor / Burn This Flag BBS / San Jose, CA / 408-363-9766 /

Apparently mr Batchelor is not aware of the first amendment of this
country. Publishing of ideas, is encouraged, even when they can lead to
harmful activities. After all the founding fathers were
publishing materials on how to overturn an empire and slaughter
Government soldiers.

Todays revolutionary is often times tomorrows government leader. Look
at Begin in Israel or Mandela in South Africa. Our own government
gets plenty cozy with numerous Armed revolutionaries.

If something is a crime, the justice system will cope. And if it
can't why am I paying taxes? Men like mr Batchelor would like to
destroy the first amendment on the basis of protecting society.

Drugs are a serious problem. Mnay of them are easily synthesized.
Would you prohibit publication of books that show how to synthesize
organic molecules because someone might make some drugs that some
addict may get hooked on and later burglarize your home looking for
cash?

Solid police work and solid education are the methods of a civilized
society. Not puritanical methods.

THe ADvocate.


------------------------------

Date: Mon, 29 Mar 93 11:15:00 PST
From: [email protected](Erik Nilsson)
Subject: File 3--Re: Debating the Virus contest - 2 (#5.23)

Roy Batchelor Writes:

> Surely, Mr. Ludwig would not hold me responsible for the
> destruction of his home caused by someone who decided to implement
> the plans I presented purely for "scientific research purposes".

And Mr. Ludwig would be right. In fact, there are lots of Little
Black Books of Bomb Making Techniques in existence, and a News
conference (Alt.rec.fireworks) that could also fairly be named
Alt.rec.explosives.manufacture or Alt.rec.bombs. Yes, people do blow
things up for the fun of it, and it turns out that we live in some
facsimile of a free society where you can say and think a pretty wide
range of things, and even do a pretty wide range of things, without
much more than applying for a permit without drooling on yourself.

If I write a book on gravity, and someone tries to drop a piano on
you, do you think you have a case for some reason?

For me, the analogy with viri is imperfect, because I can't imagine
why someone would waste their time writing one. Of course, people
could fairly wonder why I get several dozen of my friends together at
least once a year to burn, detonate, and obliterate objects of varying
artistic value.

In any case, I consider credit databases, CNID, and the FBI wiretap
proposal far more dangerous to my way of life than computer viri.

Oh yes, here's a simple bomb:

1. Apply for an explosives handling permit from your state Fire
Marshall. Tell them you have a few stumps that you need to get rid
of.

2. Take the permit and your driver's license to your local farm supply
store, and buy the following:
- Explosive of your choice. Dynamite has a quaint charm, but the
plastic stuff is better.
- A blasting cap.
- A firing kit.
- Several pounds of concrete anchors.
- A roll of duct tape.

3. If it isn't obvious what to do from here, you shouldn't be making
bombs.

4. Modern explosives are probably a lot more powerful than you think.
Start with small amounts, a LONG WAYS away from where you are.
Wear ear and eye protection. Be careful, etc, etc.

A friendly warning: this is not a good way to make a bomb that is
really going to upset anyone, since commercial explosives are widely
reputed to have impurities imbedded in them for tracing.


Here's the infamous "Dry Ice Bomb," this version off of
Alt.Rec.Fireworks (posted by Eric Donaldson):

- dry ice
- water
- container
- a cap that fits tightly on the container

- Mix in an open environment.
- [apply the cap & run like hell (always "like hell" on
principle, you never "run laconically" from an imminent
explosion)]
- Wait somewhere btw 1-30 minutes.
- and do not go near unless you want to risk your life.

I'd like to emphasize this last point. It's a good idea to have some
sort of firearm handy to trigger the thing if it fails to go off by
itself, so you don't spend all afternoon throwing rocks at it (you can
NOT just leave it for someone to find.). I personally would not do
this with a glass container, 2 liter plastic bottles work just fine.
Dry ice bombs are pretty safe, unless you have a short attention span.

Do not handle dry ice with your bare hands.

You might want to check local laws before making one of these, as they
are major illegal in some places.

For more info, try Alt.Rec.Fireworks, Protechnic Guild International
(18021 Baseline Avenue, Jordan, MN 55352), or American Fireworks News
(Star Route Box 30, Dingmans Ferry, PA 18328).

Here's an older list of pyro BBSs:

Name Phone Number Location
Evergreen Micro (206)452-2012 Port Angles, WA
Exchange of Byte(206)692-7301 Silverdale, WA
Jimby BBS (206)698-1044 Brownsville, WA
West Coast Pyro (209)661-5355 Madera, CA
Sundial (509)545-1789 Pasco, WA
Spokane Data (509)747-5199 Spokane, WA
The Hideaway (509)586-0104 Kennewick, WA
Strikezone (509)586-6803 Kennewick, WA
FOG-Line (515)964-7937 Des Moines, IA
Empire BBS (516)325-0827 Eastport, NY
VAXCat (603)424-0923 Merrimack, NH
Babble Board (603)267-5921 Belmont, NH
Nuke-Zone (603)474-8915 Seabrook, NH
jBBS (619)221-0311 San Diego, CA
Starhelm (619)479-3006 San Diego, CA

Maybe somebody has a newer list, I'm not sure how many of these are
still up. I fergit who I got most of this info from, but thanks
anyway.

I hope this helps.

------------------------------

Date: Mon, 29 Mar 1993 18:12:35 -0500
From: Mike McNally
Subject: File 4--Re: Debating the Virus contest - 3 (#5.23)

In article <[email protected]> "Roy Batchelor" writes:

>This note is in reference to the current issue of CuD and the all the
>discussion of Mark Ludwigs' virus writing contest.
>
[...]
>
>So, the book gets published and sells lots of copies. Mark Ludwig
>arrives home one day to find that his place of residence has been
>destroyed by a huge bomb. It just so happens that the type of bomb
>used is the same award winning explosive device as I published in my
>book.
>
>Surely, Mr. Ludwig would not hold me responsible for the destruction
>of his home caused by someone who decided to implement the plans I
>presented purely for "scientific research purposes".

Though I'm sure you meant this sarcastically, I'll take it at face
value. In such a situation *I* wouldn't blame you, I'd blame the
person responsible for setting the bomb. If you were run over by a
drunk driver, who would you blame? Henry Ford? Jack Daniels? Mobil
Oil, for selling the driver the gas the car needed to run?

The responsibility for such an action belongs completely to the
person who initiates the action, not the thousands of people involved
in making the whole situation possible. Why not blame the authors of
MS-DOS for writing an OS that's such an easy host for viruses?

------------------------------

Date: Fri, 2 Apr 93 21:28:37 MST
From: [email protected](Michael Rosen)
Subject: File 5--USPS Freedom of Information Act Requests

In issue #42 of Phrack there was an article about the USPS' practice
of selling change of address information without consumer consent. I
sent the supplied form letter and carbon copied my congressman and
senators. Today I received a reply from the USPS Records Office.

April 1, 1993

Dear Mr. Rosen:

This concerns your recent Privacy Act request for accountings of
disclosure of mail forwarding information you have provided to
the Postal Service.

Disclosure of your forwarding address might have been made to
individual requesters by post offices or to subscribers to the
National Change of Address File (NCOA) by an NCOA licensee. The
NCOA is a consolidated file of all forwarding information
provided by postal customers and stored on automated media.
Listholders may subscribe to NCOA to obtain the new addresses of
individuals for whom they already have in their possession the
old address.

For disclosures made by post offices, we are in the process of
querying the Washington, DC postmaster for any accountings.

For disclosures made from the NCOA system, we will begin querying
NCOA licensees all of which keep logs identifying the particular
subscribers to whom they have given NCOA information. This
accounting will not identify with certainty the subscribers who
have in fact received your new address, but will give you a list
of all subscribers receiving NCOA service for the relevant time
period and thus might have received your address.

Because a large number of requests like yours are being received,
there will be a delay in responding. Requests are being
processed in order of receipt and you will be sent the
accountings as soon as possible. Your patience is appreciated.

------------------------------

Date: Tue, 30 Mar 93 22:39:29 EST
From: [email protected](LOD Communications)
Subject: File 6--Collecting Cu Files (From "LOD")

Thank you for requesting information about the Hack/Phreak
Underground BBS Message Base Files. The first Price Listing of
completed message base Files will be sent to you via email in early to
mid April 1993. Until then, the following background information
should provide you with a better picture of this undertaking.

A significant portion of now retired computer underground
participants (hackers and phone phreaks) have expressed an interest in
seeing all of those old messages they posted on various underground
hacker bulletin boards during their respective 'careers'. This is
especially the case for those who never downloaded the messages; sold,
gave away, or chucked their disks; and those who were visited by law
enforcement officials who TOOK EVERYTHING including that suspicious
looking toaster 8-/. In addition to this crowd, those who have come to
the 'scene' relatively recently are keenly interested in what their
'forefathers' talked about and what computer systems and networks they
were into. This interest, and the growing curiosity of corporations,
security professionals, and the general public to know what all those
'hacker kids' were REALLY up to (starting World War III of course!) is
the reasoning behind this undertaking.

Basically, LOD Communications is creating a Historical Library of
the dark portion of Cyberspace. Throughout history physical objects
have been preserved for posterity for the benefit of the next
generation of humans. Cyberspace however, isn't very physical; data
contained on floppy diskettes has a finite lifetime as does the
technology to retrieve that data. Most of the underground systems
operated at a time when TRS80's, VIC-20's, Commodore 64's, and
Apple //'s were state of the art. Today, it's difficult to find
anyone who has one of these machines in operating condition not to
mention the brain cells left to recall how to operate them. 🙁

The aim of the project is to acquire as much information as
possible which was contained on the underground hack/phreak bulletin
boards that were in operation during a decade long period dating from
the beginnings (1979, 80 - MOM: Modem Over Manhattan and 8BBS) to the
legendary OSUNY, Plovernet, Legion of Doom!, Metal Shop, etc. up
through the Phoenix Project circa 1989. Currently messages from over
40 different BBS's have been dug up although very few message bases
are 100% complete. Not having a complete 'set' does not diminish their
value however.

As happens with most projects, the effort and monetary investment
turned out to be substantially more than originally anticipated.
Literally hundreds of man-hours have been spent copying dusty apple ][
disks, transferring them to IBM (or typing in hard copy versions when
electronic versions were unavailable), organizing the over one
thousand individual files according to what BBS the messages were
originally posted on, and splicing the files together. Also, after
consulting with the appropriate civil liberties organizations and
actual legal counsel, a very slight editing of the messages restricted
to long distance access codes, phone numbers, and computer passwords
had to be made to ensure that there is nothing illegal contained
within the messages. Every effort was made to keep the messages in
their pristine condition: 40 columns, ALL CAPS, spelling errors,
inaccuracies of various kinds, and ALL.

In order to at least break even, a dollar value has been attached
to each set of message bases. The dollar values were determined based
on the following conglomeration: the number of years ago the BBS
operated, its popularity and message content, whether the BBS or
portions thereof were deemed 'Elite' (and therefore restricted access
to but a small number of users), and the total number of messages
compiled. The prices were kept as low as possible and range from $1.00
to $9.00 for each Copyrighted (c) 1993 by LOD Communications, H/P BBS
message base set. Most sets include [in addition to the messages
themselves]: a historical background and description of the BBS, any
tutorials aka "G-Philes" that were online as well as downloaded
userlists if available. Due to the economics involved in diskettes,
snail mail costs, and filling orders, a minimum order of $20.00 is
required. Corporations and Government agencies must order the complete
set and pay a moderately higher rate. The files will be available in
IBM (5.25 or 3.5 inch), Amiga, and Apple MacIntosh formats and orders
are expected to arrive at the requestors' physical mail box in 2-4
weeks upon receipt of the order. Paper versions can be ordered but
cost double (many messages are of 40 column format and therefore
wastes lots of paper) and take twice the time to deliver.

These Files will hopefully provide those who were not part of the
underground experience to learn what it was all about instead of
relying on those often slanted (negatively) accounts found in the
press. How much did the hackers and phone phreaks who used these
bulletin boards know and how did they find it out? Did they have the
capability to shut down phone service of Area Code proportions, could
they ruin someone's credit, could they 'move satellites in the
heavens', could they monitor packet switching network conversations?
The answers lay within the messages which were painstakingly collected
and are currently being organized into Files. Your patience is
appreciated.

LOD Communications: Leaders in Engineering, Social and Otherwise

Email: [email protected]
Voice Mail: 512-448-5098
Snail Mail: LOD Communications
603 W. 13th
Suite 1A-278
Austin, Texas 78701

------------------------------

Date: 28 Mar 93 15:37:16 EST
From: Gordon Meyer <[email protected]>
Subject: File 7--CU in the news

Virus Advert Censored
=====================
The British Advertising Standards Authority has asked Total Control
Ltd (U.K.) to stop running a particular ad for the VIS Anti Virus
Utilities package. The ad appeared in a March 1992 edition of PC
Week. ((Moderators' note: yes, 1992)

The ad features two diskettes lying on pillows next to each other
in bed. The headline read ''Before you put it in...make sure you
know where it's been!''. The Authority found this to be offensive.
(Infosecurity News. March/April 1993. Page 8)

Tiger Team Penetrate IRS Computers
===================================
A so-called ''Tiger Team'' of internal security agents has successfully
penetrated two IRS computers, and were active in the system for seven
days without being detected, according to a Knight-Ridder report.

Agents posed as IRS employees ((not too difficult, considering they
were! just kidding. - Moderators')) and entered facilities at Memphis,
Tenn. and Ogden, Utah locations. Once inside they installed programs
to steal passwords by capturing keystrokes. Later they used the
stolen passwords to infiltrate the systems.
(Infosecurity News. March/April 1993. Page 8)

Computer Sabotage By Employees
==============================
The March 8, 1993 issue of Information Week has a lengthy excerpt from
_Sabotage In The American Workplace_. (Pressure Drop Press, San
Francisco) Although the book has anecdotes from all types of workers,
the Information Week extracts focus on those involving the use of
computers.
The following five stories are featured:
- A programmer who planted a logic bomb.
- A technician who undermined sales efforts.
- A technical writer who works on outside projects during
throughout the day.
- A system designer who resolves problems by erasing data.
- A stockbroker who generates random buy/sell transactions
to see how the market will react.

For more information see "Sabotage: They're Mad, They're Bad, They
Just Don't Care. Workers Tell How They Use Computers to Strike
Back". Pages 34-48

Price Waterhouse's Hackers For Hire
===================================
The Big Six accounting firm of Price Waterhouse is offering clients
a "Security Penetration Study" in which former hackers and computer
security experts will assess a systems security by attempting to
break into it. Other services, such as employee awareness programs,
are also offered.
(Information Week. March 15, 1993. Page 8)

PC's and Households
===================
A Software Publishers Association (SPA) survey of 672 US households
found that college graduates were twice as likely to have personal
computers as non-graduates. Of the homes that had PC's, 56% boasted
a household income in excess of $50,000. The survey also found that
75% of home computers are MS-DOS based, with more than half of those
being 386 or 486 machines. Respondents also admitted that 40% of
their entertainment software had been copied from friends, work, or
school.
{Moderators' Note: We'd speculate that much more than 40% of business
software used at home is copied from others.}
(Information Week. March 15, 1993. Page 66)

AT&T Collects from Jiffy Lube
=============================
A US District Judge in Maryland has ruled that the automobile service
company Jiffy Lube is responsible for fifty thousand dollars in
unauthorized phone calls placed on its 800-number. Jiffy Lube had
argued that it shouldn't be held liable for calls it did not authorize
nor place, but the judge found that AT&T's tarrifs specify that
customers are responsible for all calls.
(Information Week. March 22, 1993. Page ??)

Piracy Down, Jobs Still Lost
============================
Windows Magazine (March 1993, pg 32) reports that although the SPA
says business software piracy fell by 41% in 1992, it still represents
a $1.2 Billion loss to the industry. That money is great than the
cumulative revenue of 81 of the top 100 independent software developers.
The SPA also estimates that stolen software cost 60,000 jobs in the
industry.

------------------------------

Date: Tue, 30 Mar 93 08:53 EST
From: "Michael E. Marotta"
Subject: File 8--Comments on SJG Decision (GRID News)

GRID News. March 30, 1993.
ISSN 1054-9315. vol 4 nu 2.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
(74 lines) Reflections of an Author and Publisher
on Judge Sam Sparks' Decision
by Michael E. Marotta [email protected]

Grid News was launched in 1989. While Jolnet and PHRACK were
being busted, I was a participant in the White House Conference on
Library and Information Services. As a result of that bust, I
applied for and received the ISSN designator from the Library of
Congress. I wanted it perfectly clear that Grid News is a
publication. (After its first volume, I obtained an ISSN for
HERMES, a cybercast periodical for economic topics.)

What disturbs me about Judge Sparks's ruling are these words:

In any event, the Court declines to find from a
preponderance of the evidence that on March 1, 1990,
Agent Foley or any other employee or agent of the United
States had reason to believe that property seized would
be the work product materials of a person believed to
have a purpose to disseminate to the public a newspaper,
book, broadcast or other similar form of public
communication.

Foley and Kluepfel were recognized by the court to be experts in
computers. Yet, the court did not expect them to recognize a BBS
as a "form of public communication." This is disturbing. Earlier
this week, I received a file from Bitnic about the "Clinton-Gore
Initiative." That we can link everyone in America to the same
fiberoptic network and not have "public communication" is beyond
reason.

I wrote a book about codes and ciphers (available from Loompanics,
P. O. Box 1197, Port Townsend, WA 98368. $13.95 w/s&h). This
week, I have the proceedings from Crypto 85 and Crypto 86 and I
enjoyed reading Adleman's attack on Shamir's quadratics. However,
these guys should be warned that merely attempting to break
someone else's cipher is suspect in the eyes of the law.

Judge Sparks said: "Kluepfel had legitimate concerns, both about
the 911 document stolen from Bell South and the possibility of a
decryption system which could utilize passwords in rapid fashion
and could result in intrusions of computer systems, including those
of the Bell System." And later, he ruled: "If the Secret Service,
in the performance of executing Court order, had only obtained and
taken the 911 document or alleged decryption materials,
application of the definitions of "documentary materials" and
"work product materials" would logically result in no violation of
the statute under the circumstances of this case."

It seems that merely attempting decryption can make you the target
of a Secret Service bust. Someone better warn the SETI folks and
maybe Dr. Lilly ... (:-)

The darkest shadow is cast by these words from the conclusion of
the ruling: "It may well be, as the Government Defendants contend,
these statutes relied upon by the Plaintiffs should not apply to
the facts of this case, as these holdings may result in the
government having great difficulties in obtaining information or
computer documents representing illegal activities. But this Court
cannot amend or rewrite the statutes involved. The Secret Service
must go to the Congress for relief. Until that time, this Court
recommends better education, investigation and strict compliance
with the statutes as written."

I suggest that the Secret Service and the telcos will in fact
devote their resources to lobbying Congress for tougher laws and
will not spend much effort on education within their ranks.
Caveat computor.

------------------------------

End of Computer Underground Digest #5.25
************************************