Dec 152017
 
Electronic Frontier Foundation News issue #1.00.
File EFFN100.ZIP from The Programmer’s Corner in
Category Tutorials + Patches
Electronic Frontier Foundation News issue #1.00.
File Name File Size Zip Size Zip Type
EFFN100.TXT 40697 14601 deflated

Download File EFFN100.ZIP Here

Contents of the EFFN100.TXT file



************************************************************
************************************************************
*** EFF News #1.00 (December 10, 1990) ***
*** The Electronic Frontier Foundation, Inc. ***
*** Welcome ***
************************************************************
************************************************************


Editors: Mitch Kapor ([email protected])
Mike Godwin ([email protected])

REPRINT PERMISSION GRANTED: Material in EFF News may be reprinted if you
cite the source. Where an individual author has asserted copyright in
an article, please contact her directly for permission to reproduce.

E-mail subscription requests: [email protected]
Editorial submissions: [email protected]

We can also be reached at:

Electronic Frontier Foundation
155 Second St.
Cambridge, MA 02141

(617) 864-0665
(617) 864-0866 (fax)

USENET readers are encouraged to read this publication in the moderated
newsgroup comp.org.eff.news. Unmoderated discussion of topics discussed
here is found in comp.org.eff.talk.

This publication is also distributed to members of the mailing list
[email protected].

************************************************************

The EFF has been established to help civilize the electronic frontier;
to make it truly useful and beneficial to everyone, not just an elite;
and to do this in a way that is in keeping with our society's highest
traditions of the free and open flow of information and communication.

EFF News will present news, information, and discussion about the world
of computer-based communications media that constitute the electronic
frontier. It will cover issues such as freedom of speech in digital
media, privacy rights, censorship, standards of responsibility for users
and operators of computer systems, policy issues such as the development
of national information infrastructure, and intellectual property.


Views of individual authors represent their own opinions, not
necessarily those of the EFF.


************************************************************
*** EFF News #1.00: Table of Contents ***
************************************************************

Article 1: Who's Doing What at the EFF

Article 2: EFF Current Activities - Fall 1990

Article 3: Contributing to the EFF

Article 4: CPSR Computing and Civil Liberties Project
(Marc Rotenberg, Computer Professionals for Social
Responsibility)

Article 5: Why Defend Hackers? (Mitch Kapor)

Article 6: The Lessons of the Prodigy Controversy

Article 7: How Prosecutors Misrepresented the Atlanta Hackers

************************************************************
*** EFF News #1.00: Article 1 of 7: ***
*** Who's Doing What at the EFF ***
************************************************************

The EFF has hired its first full-time staff member, Mike Godwin.
Mike is serving as the EFF's staff counsel and will be coordinating the
ongoing legal work of the EFF as well. Mike is a recent graduate of
the University of Texas Law School. Previously he served as editor-in-
chief of The Daily Texan student newspaper. He has been a frequent
contributor to the discussions of computing and civil liberties on the
net. Welcome, Mike.

As the scope of EFF activities increase, we anticipate hiring
another full-time professional staff person at EFF. The new position is
in the process of being defined, but the responsibilities are likely to
include involvement with our print and online publications as well as
the administrative tasks associated with raising contributions and
responding to our constituents.

We have gotten settled in our remodelled quarters. Leila
Gallagher has joined us as an office volunteer helping with duplicating,
mailing, and other administrative matters.

There are currently additional volunteer opportunities at the
EFF's Cambridge office. Anyone with experience with PageMaker and
FileMaker who is interested in helping us with our print newsletter and
creating a inquiries database is encouraged to contact Mike Godwin.

Gerard van der Leun ([email protected]) has volunteered to
organize and edit the first issue of the EFF's print newsletter, the
EFFector. He is getting lots of help from Dan Sokol and Rick Doherty.
Look for a first issue this winter.

Mitch Kapor is working full-time on public interest computing
issues, including the EFF, where he is currently serving as Acting
Executive Director. John Barlow ([email protected]) is actively
engaged in writing and speaking about issues on the electronic frontier.

Harvey Silverglate and Sharon Beckman ([email protected]) of
the law firm of Silverglate and Good and Terry Gross
([email protected]) of the Rabinowitz, Boudin, Standard, Krinsky, and
Lieberman are the EFF's litigation counsel.




************************************************************
*** EFF News #1.00: Article 2 of 7: ***
*** EFF Current Activities - Fall 1990 ***
************************************************************

>>>LEGAL EFFORTS<<<

The EFF is continuing to investigate legal opportunities for
helping to establish the First and Fourth Amendment rights of computer
users and sysops. We are closely tracking the known cases of BBS-related
seizures and arrests that have arisen as the result of Operation Sun
Devil and the computer-crime operation based in the Chicago U.S.
Attorney's office. These cases may provide us with critical
opportunities to defend the rights of computer users and BBS operators.

We are continuing to track other cases of alleged computer-related
crimes, many of which arose prior to the two federal operations
mentioned above, but in which the EFF may be able to play some formal or
informal role.

The EFF has also been following the Prodigy case and has been
investigating the cases in which universities may have been ordered by
NSF officials to remove graphics files from their systems. We have been
increasing our media presence through our cooperation with trade-
publication and mainstream journalists, who now know to call the EFF
offices for feedback on computer-related news items.

We are increasing our contacts with attorneys around the country
who are involved in computer-related cases. It is hoped that these
attorneys may ultimately become part of a network of attorneys whnterests.

Previously, a completely different version of the bill had passed both
houses of the Massachusetts legislature and was sent to the Governor for
his signature. Thanks to the efforts of the Governor's Office and the
Massachusetts Software Council, the bill came to our attention and we
were able to persuade the Governor that, as originally written, it had a
number of fundamental flaws, not the least of which was the unproven
assumption that a bill that broadly criminalized whole ranges of
computer-related activities was even called for.

In fact, the original bill appeared to operate from the same set of
assumptions that we have seen too often in other EFF activities: an
untested belief that more regulation is necessarily better and a
disregard for the consequences of such an approach in stifling free
speech and ordinary commerce. The result was a bill which was both
unwise as well as unconstitutional.

The preamble of the new bill explicitly recognizes that the integrity
of computer systems must be protected in a way that does not infringe on
the rights of users of computer technology, including freedoms of
speech, association, and privacy.

In its first provision, the bill makes it a crime to knowingly and
without authorization access a controlled computer system with the
intention of causing damage and actually cause damage in excess of
$10,000. The second provision of the bill is identical to the one above
except that it covers activities undertaken with reckless disregard of
the consequences as opposed to intent to cause damage, and it carries a
lesser penalty.

The bill breaks new ground in the area of enforcement. Prosecutions may
be brought only by the Attorney General and only after guidelines are
established to assure that searches of electronic media do not
unnecessarily infringe on speech and privacy rights. These guidelines
must be consistent with the concerns stated in the preamble.

The bill also establishes a 17-person commission charged with
recommending future legislation in this area.

Now that the Governor has sent the revised bill back to the Legislature,
it is up to them. We have met with the House and Senate sponsors of the
bill and are cautiously optimistic that the bill can be passed in the
waning days of the current legislative session.


>>>MEETINGS<<<

On September 18 Mitch Kapor made a presentation about the EFF to
the Computer Science and Telecommunications Board of the National
Academy of Science and Engineering, of which he is a new member. The
Board is constituted to advise the government on technological issues
with great social impact and generally consists of department chairs of
well-known computer science departments and vice-presidents of research
at major corporations.

The CSTB viewed the issues raised as extremely important and
wanted to contribute to the advancement of the positions advocated by
the EFF. Mitch is working on follow-up proposal ideas, including the
CSTB conducting a national "strategic forum" on computing and civil
liberties. This venue is potentially very important because
recommendation of the CSTB carry a great deal of weight in the Congress.

On September 26, Steve Jackson (Austin game publisher whose BBS
and computer equipment was seized in a Secret Service raid), Terry Gross
(EFF attorney), and Sheldon Zenner (the lawyer who represented Craig
Neidorf) appeared on a panel at a general meeting of the Boston Computer
Society to discuss computing and civil liberties. They were very well
received by an enthusiastic audience.

On September 27, Mitch Kapor and Sheldon Zenner made a
presentation to the I4 group. This is a select organization of 50 large
corporations who support a program in computer security research at SRI,
which is run by Donn Parker. This was an important bridge-building
session with the corporate world. Dorothy Denning participated in the
panel discussion which followed the presentations.

On October 3-4, Dorothy Denning and Craig Neidorf attended the
National Conference on Computer Security, Washington D.C.

On October 20th John Barlow gave a major address at the annual
meeting of Computer Professionals for Social Responsibility in San
Fransisco on "Civilizing Cyberspace: Computers, Civil Liberties, and
Freedom".

On October 29, Harvey Silverglate and Mitch Kapor participated in
a panel sponsored by Harvard's Office of Information Technology on
"Electronic Communication and Political Freedom". Gene Spafford of
USENET fame was also present. There was an audience of approximately
100 people.

On October 30th Mitch appeared on a well-attended panel at MIT on
intellectual-property reform.

On November 7 Mitch spoke before the American Society for
Information Science annual meeting in Montreal on EFF issues.

John, Mitch, Steve Jackson, John Gilmore and Rick Doherty all
attended Hackers 6.0, held this year at Lake Tahoe, on November 16-18.
There was a very active session devoted to the EFF on Sunday, which
generated much interest and converted a few skeptics.

-end-


************************************************************
*** EFF News #1.00: Article 3 of 7: ***
*** Contributing to the EFF ***
************************************************************

We have filed a 501c3 application with the Internal Revenue
Service to qualify for eligibility to receive tax-deductible
contributions. We expect to hear from the service within a few months.
In the meantime, we can accept contributions now which will qualify for
deductibility once our exemption is granted.

-end-


************************************************************
*** EFF News #1.00: Article 4 of 7: ***
*** CPSR COMPUTING AND CIVIL LIBERTIES PROJECT ***
*** by Marc Rotenberg ***
*** ([email protected]) ***
************************************************************


>>> UPCOMING CPSR POLICY ROUNDTABLE <<<

CPSR will host the first Computing and Civil Liberties policy
roundtable on February 21 and 22, 1991 at the American Association for
the Advancement of Science in Washington, DC. The purpose of the
roundtable will be to bring together leading experts to explore two
issues: free speech and computer networks, and searches of computer
bulletin boards. What speech restrictions currently exist? Should
federal agencies or private companies be allowed to restrict the content
of a computer message and, if so, in what circumstances?

The second issue is the investigation of computer bulletin boards
by law enforcement agents. Are there any restrictions on the ways that
police may monitor computer communications and computer bulletin boards?
If not, should such restrictions be developed?

The conference is the first in a series of policy roundtables
that will be held in Washington, DC and that are made possible with
funding from the Electronic Frontier Foundation

-end-


************************************************************
*** EFF News #1.00: Article 5 of 7: ***
*** Why Defend Hackers? ***
*** by Mitch Kapor ***
************************************************************


An all-too-common perception of the EFF that prevails in the
computer industry and those who report on it--from John Sculley to the
Wall St. Journal--is that the EFF is an organization that has "something
to do with hackers." (They use "hackers" as a term not of approbation
but of rebuke). Most of these sometime colleagues and associates of
mine are puzzled as to why I would be doing such a thing. (A few think
I've just become a loony.) Anyway, they've heard about the terrible
problems caused by hackers who break into computer systems, they worry
that I'm out to defend such practices, and they disapprove.

But their disapproval is based on the pure misconception that the
EFF's purpose is to defend people's right to break into computer
systems. Let me clear up that misconception now.

I regard unauthorized entry into computer systems as wrong and
deserving of punishment. People who break into computer systems and
cause harm should be held accountable for their actions. We need to
make appropriate distinctions in the legal code among various forms of
computer crime based on such factors as intent and the degree of actual
damage. In fact, the EFF has drafted a bill that has the backing of the
Governor and Attorney General of Massachusetts and that embodies these
principles.

But if the EFF isn't trying to advance the cause of computer
hackers, you may ask, what is it doing and why? What is it that was
sufficiently powerful to motivate me to help start a whole organization?

As I began to find out the real story behind government raids and
indictments last summer, I became incensed at the fact that innocent
individuals were getting caught up in the blundering machinations of
certain law enforcement agencies and large corporations. These were
kids really, young people with whom I identified, who faced the prospect
of having their lives ruined.

Take Craig Neidorf, for example. Neidorf, a 20-year-old college
student and the publisher of an electronic newsletter, was indicted on
felony charges of wire fraud and interstate transportation of stolen
property. Neidorf had published a document about administrative
procedures used in the 911 emergency response telephone system that
someone else had removed from a BellSouth computer. On the fourth day
of the trial, the prosecution dropped the case after it became clear
that the information in the "highly confidential" BellSouth document at
issue was publicly available for less than $20.

Justice was served by the government's decision to drop the case,
but it was expensive justice. Neidorf and his family face $100,000 in
legal bills, to say nothing of the disruption and suffering caused by
the trial for an action that should never have been brought against him
to begin with. And the prosecution has had a chilling effect on
Neidorf, who has stopped publishing PHRACK.

In a second case, the EFF continues to assist Steve Jackson, a
game manufacturer in Austin, Texas, who has suffered substantial
business losses after a Secret Service raid in early March resulted in
the seizure of his BBS and of his forthcoming fantasy gamebook GURPS
Cyberpunk. The seizure of Jackson's computer equipment caused him to
lay off nearly half of his staff and threatened the survival of the
business. As subsequent revelations have showed, there was no good
reason for this raid. It never should have been permitted to occur in
the first place.

While helping defend the innocent is one role for the EFF to play,
there is more at stake than trying to prevent individuals from being
wronged. It is also a matter of rights for all of us.

The actions taken against Craig Neidorf and Steve Jackson -- the
prosecution of an electronic publisher and the seizure of a BBS and an
electronically stored book-in-progress -- demonstrate governmental
disregard of the fundamental constitutional right of freedom of speech
I believe it is terribly important to extend to these new digital media
the same strong First Amendment protections of freedom of speech and
freedom of expression which we enjoy in our own lives and in the print
media. The government should not be able to seize a bulletin board any
more easily than they can seize a printing press. We must find ways for
law enforcement to do its job in protecting the property interests of
some of us without violating the freedom of speech of the rest of us.
This is clearly a matter of protecting civil liberties and thus familiar
to those who take an interest in upholding the Bill of Rights, but it
is also more than that.

These embryonic media of electronic mail, computer bulletin boards
and conferencing systems, provide open forums of communication. They
are a healthy antidote to the corrosive effects of the power of large,
centralized institutions, private and public, and to the numbness
induced by one-way, least-common-denominator mass media.

In the physical world, our sense of community withers. Urban
centers as places to live are being abandoned by all who can afford to
leave. In the global suburbs in which more and more of us live, one's
horizon is limited to the immediate family. Even close neighbors are
often anonymous.

In the realities that can be created within digital media there
are opportunities for the formation of virtual communities--voluntary
groups who come together not on the basis of geographical proximity but
through a common interests. Computer and telecommunications systems
represent an enabling technology for the formation of community, but
only if we make it so. I believe it is urgent, as a matter of national
policy, that we encourage and further stimulate the social experiments
and developing infrastructure that are taking place on the Net every
day. The ultimate mission of the EFF is to help articulate this vision
and play a constructive role in the working out of the new legal and
social norms which we are faced with developing.

As John Barlow and I meditated together last June on the broader
implications of the initial events --a meditation that catalyzed the
formation of the EFF--we could see that what was at stake was not merely
seeing justice be served in the case of a few individuals, nor simply
the preservation of the civil liberties of all of us, although these
goals are vitally important.

The larger issue is how our society will come to terms with the
onrush of transformative technology. If we take the right steps now--and
EFF is working to take those steps--new and increasing access to
information technology will enhance rather than inhibit the positive
growth and development of individuals, of communities, and of society as
a whole.

-end-



************************************************************
*** EFF News #1.00: Article 6 of 7: ***
*** The Lessons of the Prodigy Controversy ***
************************************************************


Many EFF supporters have asked what position, if any, the
Electronic Frontier Foundation has taken with regard to the recent
dispute between the online service Prodigy and a large, vocal subset of
its users.

Although EFF is not involved at the moment in any activities
directly relating to the Prodigy dispute, we believe that the dispute
touches some basic issues with which we are very concerned, and that it
illustrates the potential dangers of allowing private entities such as
large corporations to try and dictate the market for online electronic
services.

Although Prodigy, a joint project sponsored by Sears and IBM, has
been available in some cities since October 1988, national availability
of the service and a big advertising campaign only began this fall. New
users who signed on during the membership push would receive, for a
single monthly fee of $12.95, access to all Prodigy services, which
included online shopping, a news service, and a flight-scheduling
service. The flat monthly rate was a major selling point.

Prodigy was originally intended to become an electronic shopping
mall,, where consumers could directly order goods and services. While
the top portion of a Prodigy user's computer display is dedicated to
whatever information Prodigy is providing the user (an encyclopedia,
say, or a summary of the day's news), an area along the bottom of the
screen is devoted to advertising various consumer goods and services.

Among the services Prodigy provides is a public conferencing
system, analogous in some ways to a computer bulletin-board system
(BBS), but national in scope. Users can carry on public discussions of
topics ranging from politics to health issues.

Prodigy management has hired editors "with journalistic
backgrounds" to review messages for suitability before they are allowed
to be publicly posted. The member agreement allows the management to
limit public discussions of topics and to edit postings of individual
members for obscenity or illegal content ... or for anything else, at
Prodigy's discretion.

The result of this broad management prerogative? One member is
reported to have had his posting about population problems in Catholic
countries censored, presumably out of the editors' fear that Catholic
users would be offended. More significantly, some whole discussion
topics, including a debate between Christian fundamentalists and gay
activists, have been removed without warning from the conferences.

But what bothers the Prodigy protesters is not just that
particular topics are censored--it's that the censorship is capricious.
"That's one of the most frustrating things--you can't even predict
what's going to be censored and what isn't," says Henry Niman, a cancer
researcher who later become one of the leaders of a user protest of
Prodigy.

The initial solution to the censorship problem was simple: Take
the discussions to e-mail. Prodigy users began to rely on a mailing-list
feature of the program to continue their (now-uncensored) discussions.

But soon a crisis had brewed. The Prodigy users who had been told
to take their no-longer-welcome public discussions to e-mail were now
being told that they wouldn't be able to use the e-mail service at the
flat rate any longer. Instead, each account would get 30 free messages
per month, with a charge of 25 cents per message thereafter. This
meant, in effect, the end of the mailing lists, since just a few
mailings could exhaust a user's free-message quota and rack up sizable
charges. And it was disappointing as well to many non-mailing-list
users, some of whom are disabled, who rely on Prodigy as a major social
outlet.

The result of this policy change was predictable: irate Prodigy
users began to protest, complaining on Prodigy's public boards about the
new usage fee and attempting to organize a write-in campaign notifying
Prodigy's management and--when management turned a deaf ear to their
protests--its advertisers of their disaffection. Prodigy management
responded by terminating the accounts of 12 of the protestors, claiming
that the protestors had violated their membership agreements, which
forbade "harassment."

Prodigy management justifies the usage fees by arguing that their
original hardware setup couldn't support the increases in electronic
traffic. The new policies were adopted to curb what management
perceived as flagrant abuses of electronic mail privileges by a tiny
minority of users. And, a Prodigy spokesman insists, the time Prodigy
customers spend in e-mail is time that they aren't buying from Prodigy's
advertisers. (Prodigy claims that ads are not visible during electronic
mail; Prodigy users say this claim is misleading, and that while ads are
invisible at some points while editing and reading e-mail, they're
nevertheless visible elsewhere during e-mail sessions.)

Of course, in many ways the issue of the fees for e-mail is a
superficial one. The only reason a significant fraction of users began
to rely on mass mailings is that they were barred from public discussion
of issues on Prodigy's public message bases.

The Prodigy experience to date reveals a serious mismatch between
the expectations of Prodigy's management and its customers. Here the
market clearly seemed to want unrestricted public conferencing and
electronic mail. But as demand for these features has mounted, the
supplier, rather than trying to satisfy its customers, has cut back on
the features' availability because it did not correspond to or fit with
the company's view of the purpose of the service. To the extent to
which this type of thinking is representative of the general way large
commercial interests may offer on-line services, it clearly represents a
turning away from the use of digital media as open forums of public
communication. In the extreme case, in a situation in which Prodigy and
its commercial competition all choose to censor and control
communication on their services, the public interest will not be well
served.

"It is necessary to consider decisions that Prodigy is making
carefully," Jerry Berman, director of the American Civil Liberties
Union's Information Technology Project, told the New York Times last
month. "We have no comparable models in the computer era," he said, "but
we should be concerned if systems such as Prodigy become the rule.
Instead of expanding speech, we'll have electronic forums that are quite
limited."

It is clear that Prodigy management is uncomfortable with the
notion of a free forum; they have chosen to describe their service as a
"publication" rather than as a forum precisely because they want to have
an editor's prerogatives to dictate, absolutely, what the content of the
"publication" will be.

We at EFF do not dispute that Prodigy is acting within its rights
as a private concern when it dictates restrictions on how its system is
used. We do think, however, that the Prodigy experience has a bearing on
EFF interests in a couple of ways.

First, it demonstrates that there is a market--a perceived public
need--for services that provide electronic mail and public conferencing.

Second, it illustrates the fallacy that "pure" market forces
always can be relied upon to move manufacturers and service providers in
the direction of open communications. A better solution, we believe, is
a national network-access policy that, at the very least, encourages
private providers to generate the kind of open and unrestricted network
and mail services that the growing computer-literate public clearly
wants.

-end-

************************************************************
*** EFF News #1.00: Article 7 of 7: ***
*** How Prosecutors Misrepresented the Atlanta Hackers ***
************************************************************


Although the Electronic Frontier Foundation is opposed to
unauthorized computer entry, we are deeply disturbed by the recent
sentencing of Bell South hackers/crackers Riggs, Darden, and
Grant. Not only are the sentences disproportionate to the nature
of the offenses these young men committed, but, to the extent the
judge's sentence was based on the prosecution's sentencing
memorandum, it relied on a document filled with
misrepresentations.

Robert J. Riggs, Franklin E. Darden, Jr., and Adam E. Grant
were sentenced Friday, November 16 in federal court in Atlanta.
Darden and Riggs had each pled guilty to a conspiracy to commit
computer fraud, wire fraud, access-code fraud, and interstate
transportation of stolen property. Grant had pled guilty to a
separate count of possession of access codes with intent to
defraud.

All received prison terms; Grant and Darden, according to a
Department of Justice news release, "each received a sentence of
14 months incarceration (7 in a half-way house) with restitution
payments of $233,000." Riggs, said the release, "received a
sentence of 21 months incarceration and $233,000 in restitution."
In addition, each is forbidden to use a computer, except insofar
as such use may be related to employment, during his post-
incarceration supervision.

The facts of the case, as related by the prosecution in its
sentencing memorandum, indicate that the defendants gained free
telephone service and unauthorized access to BellSouth computers,
primarily in order to gain knowledge about the phone system.
Damage to the systems was either minimal or nonexistent.
Although it is well-documented that the typical motivation of
phone-system hackers is curiosity and the desire to master complex
systems (see, e.g., HACKERS: HEROES OF THE COMPUTER REVOLUTION,
Steven Levy, 1984), the prosecution attempts to characterize the
crackers as major criminals, and misrepresents facts in doing so.

Examples of such misrepresentation include:

1) Misrepresenting the E911 file.

The E911 file, an administrative document, was copied by
Robert Riggs and eventually published by Craig Neidorf in the
electronic magazine PHRACK. Says the prosecution: "This file,
which is the subject of the Chicago [Craig Neidorf] indictment, is
noteworthy because it contains the program for the emergency 911
dialing system. As the Court knows, any damage to that very
sensitive system could result in a dangerous breakdown in police,
fire, and ambulance services. The evidence indicates that Riggs
stole the E911 program from BellSouth's centralized automation
system (i.e., free run of the system). Bob Kibler of BellSouth
Security estimates the value of the E911 file, based on R&D costs,
is $24,639.05."

This statement by prosecutors is clearly false. Defense
witnesses in the Neidorf case were prepared to testify that the
E911 document was not a program, that it could not be used to
disrupt 911 service, and that the same information could be
ordered from Bell South at a cost of less than $20. Under cross-
examination, the prosecution's own witness admitted that the
information in the E911 file was available in public documents,
that the notice placed on the document stating that it was
proprietary was placed on all Bell South documents (without any
prior review to determine whether the notice was proper), and that
the document did not pose a danger to the functioning of the 911
system.

2) Guilt by association.

The prosecution begins its memorandum by detailing two
crimes: 1) a plot to plant "logic bombs" that would disrupt phone
service in several states, and 2) a prank involving the rerouting
of calls from a probation office in Florida to "a New York Dial-A-
Porn number."

Only after going to some length describing these two crimes
does the prosecution state, in passing, that *the defendants were
not implicated in these crimes.*

3) Misrepresentation of motives.

As we noted above, it has been documented that young phone-
system hackers are typically motivated by the desire to understand
and master large systems, not to inflict harm or to enrich
themselves materially. Although the prosecution concedes that
"[d]efendants claimed that they never personally profited from
their hacking activities, with the exception of getting
unauthorized long distance and data network service," the
prosecutors nevertheless characterize the hackers' motives as
similar to those of extortionists: "Their main motivation [was to]
obtain power through information and intimidation." The
prosecutors add that "In essence, stolen information equalled
power, and by that definition, all three defendants were becoming
frighteningly powerful."

The prosecution goes to great lengths describing the crimes the
defendants *could* have committed with the kind of knowledge they had
gathered.The prosecution does not mention, however, that the mere
possession of *dangerous* (and non-proprietary) information is not a
crime, nor does it admit, explicitly, that the defendants never
conspired to cause such damage to the phone system.

Elsewhere in the memorandum, the prosecution attempts to
suggest the defendants' responsibility in another person's crime.
Because the defendants "freely and recklessly disseminated access
information they had stolen," says the memorandum, a 15-year-old
hacker committed $10,000 in electronic theft. Even though the
prosecution does not say the defendants intended to facilitate
that 15-year-old's alleged theft, the memorandum seeks to
implicate the defendants in that theft.

4) Failure to acknowledge the outcome of the Craig Neidorf
case.

In evaluating defendants' cooperation in the prosecution of
Craig Neidorf, the college student who was prosecuted for his
publication of the E911 text file in an electronic newsletter, the
government singles out Riggs as being less helpful than the other
two defendants, and recommends less leniency because of this. Says
the memorandum: "The testimony was somewhat helpful, though the
prosecutors felt defendant Riggs was holding back and not being as
open as he had been in the earlier meeting." The memorandum fails
to mention, however, that Riggs's testimony tended to support
Neidorf's defense that he had never conspired with Riggs to engage
in the interstate transportation of stolen property or that the
case against Neidorf was dropped. Riggs's failure to implicate
Neidorf in a crime he did not commit appears to have been taken by
prosecutors as a lack of cooperation, even though Riggs was simply
telling the truth.

Sending a Message to Hackers?

Perhaps the most egregious aspect of the government's
memorandum is the argument that Riggs, Grant, and Darden should be
imprisoned, not for what *they* have done, but send the right
"message to the hacking community." The government focuses on the
case of Robert J. Morris Jr., the computer-science graduate
student who was sentenced to a term of probation in May of this
year for his reckless release of the worm program that disrupted
many computers connected to the Internet. Urging the court to
imprison the three defendants, the government remarked that
"hackers and computer experts recall general hacker jubilation
when the judge imposed a probated sentence. Clearly, the sentence
had little effect on defendants Grant, Riggs, and Darden."

The government's criticism is particularly unfair in light
of the fact that the Morris sentencing took place almost a year
*after* the activities leading to the defendants' convictions! (To
have been deterred by the Morris sentencing the Atlanta defendants
would have to have been able to foretell the future.)

The memorandum raises other questions besides those of the
prosecutors' biased presentation of the facts. The most
significant of these is the government's uncritical acceptance of
BellSouth's statement of the damage the defendants did to its
computer system. The memorandum states that "In all, [the
defendants] stole approximately $233,880 worth of logins/passwords
and connect addresses (i.e., access information) from BellSouth.
BellSouth spend approximately $1.5 million in identifying the
intruders into their system and has since then spent roughly $3
million more to further secure their network."

It is unclear how these figures were derived. The stated
cost of the passwords is highly questionable: What is the dollar
value of a password? What is the dollar cost of replacing a
password?

And it's similarly unclear that the defendants caused
BellSouth to spend $4.5 million more than they normally would have
spent in a similar period to identify intruders and secure their
network. Although the government's memorandum states that "[t]he
defendants ... have literally caused BellSouth millions of dollars
in expenses by their actions," the actual facts as presented in
the memorandum suggest that BellSouth had *already embarked upon
the expenditure of millions of dollars* before it had heard
anything about the crimes the defendants ultimately were alleged
to have committed. Moreover, if the network was insecure to begin
with, wouldn't BellSouth have had to spend money to secure it
regardless of whether the security flaws were exploited by
defendants?

The Neidorf case provides an instructive example of what
happens when prosecutors fail to question the valuations a
telephone company puts on its damages. But the example may not
have been sufficiently instructive for the federal prosecutors in
Atlanta.

Not only are there questions about the justice of the
restitution requirement in the sentencing of Riggs, Darden, and
Grant, but there also are Constitutional issues raised by the
prohibition of access to computers. The Court's sentencing
suggests a belief that anything the defendants do with computers
is likely to be illegal; it ignores the fact that computers are a
communications medium, and that the prohibition goes beyond
preventing future crimes by the defendants--it treads upon their
rights to engage in lawful speech and association.

EFF does not support the proposition that computer intrusion
and long-distance theft should go unpunished. But we find highly
disturbing the misrepresentations of facts in the prosecutors'
sentencing memorandum as they seek disproportionate sentences for
Riggs, Darden, and Grant--stiff sentences that supposedly will
"send a message" to the hackers and crackers.

The message this memorandum really sends is that the
government's presentation of the facts of this case has been been
heavily biased by its eagerness to appear to be deterring future
computer crime.


-end EFF News #1.00-



 December 15, 2017  Add comments

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)