****************************************************************************
                  >C O M P U T E R   U N D E R G R O U N D<
                                >D I G E S T<
              ***  Volume 1, Issue #1.21 (July 8, 1990)   **
  ****************************************************************************

MODERATORS:   Jim Thomas / Gordon Meyer
ARCHIVISTS:   Bob Krause / Alex Smith
REPLY TO:     TK0JUT2@NIU.bitnet

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.
--------------------------------------------------------------------
DISCLAIMER: The views represented herein do not necessarily represent the
            views of the moderators. Contributors assume all responsibility
            for assuring that articles submitted do not violate copyright
            protections.
--------------------------------------------------------------------



File 1:  Moderators' Comments
File 2:  From the Mailbag
File 3:  On the Problems of Evidence in Computer Investigation
File 4:  Response to Mitch Kapors Critics (E. Goldstein)
File 5:  The CU in the News: Excerpts from Computerworld article
--------------------------------------------------------------------


***************************************************************
***  CuD #1.21, File 1 of 5: Moderators' Comments           ***
***************************************************************

----------
In this file:
  1) The CU and Freedom of Speech
  2) CuD's readership (and survey request)
  3) New archive policy
-----------------------------
FREEDOM OF SPEECH AND THE CU
-----------------------------

The moderators and most contributors have consistently criticized federal
agents' investigation and prosecution of the computer underground because
of its chilling effect on free speech and what we see as dangerous and
unacceptable encroachments on the First Amendment. We find any constraints
on the freedom to express ideas (including art, information sharing, or
political views) improper. It is not without some irony that we sense
another barrier to free exchange of ideas.

The author a file below (File 3) requested anonymity because s/he has
experienced harassment in the past from those who object to the content of
those ideas. In this case, the harassment included disruptive early morning
phone calls and other breaches that exceeded the bounds of even prankish
incivility. If the author's experiences were isolated, they would require
little comment. Unfortunately, those of us who identify with the CU can be
an aggressive and self-righteous lot, and we receive a number of complaints
by CU critics of a variety of intrusions on their life that, if the
positions were reversed, we would enrage us.

The climate of fear that limits exchange of information and ideas seems to
be a two-edged sword. Both critics and advocates seem unwilling to express
themselves openly for fear of retaliation.  When a single voice is silenced
through fear, we all suffer.  Most CU types recognize this, but, if lines
between "them" and "us" (whoever constitutes each side) become sharper, if
passions increase without a productive outlet, and as we come to feel more
threatened by each other, we begin to re-create the conditions that most of
us are struggling to eliminate.  Freedom of speech simply cannot exist in a
climate of distrust.

We recognize the bulk of the readers of CuD are professionals and would
not themselves intentionally stifle the right of another to speak. But,
perhaps we are not doing enough to remove the barriers that seem to exist
between various groups.  As young computerists enter the modem/CU culture,
the more experienced among us can continually remind users through message
logs, hotline communiques, papers, articles, and other forums, that
retaliation for simply voicing unpopular ideas is wrong. Flamez are one
thing, but accessing accounts, phone threats, actions that disrupt family
life, and similar reactions cannot be tolerated. We find it sad that we
feel it necessary to take a position on this, but the comments of would-be
contributors indicate that there is a problem, and we should be sure our
own house is in order if we intend to maintain credibility.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

-------------------------------
WHO READS CuD? (IMPORTANT: PLEASE READ)
-------------------------------

Some readers indicate that one reason they do not submit articles to us is
because of the impression that CuD's readers are hackers, young, and
perhaps irresponsible, and the message would be lost.  These people are
surprised when we give them a sense of the demographics. We do not keep
records (other than the mailing list and back issues), but over the months
we have gather a rough profile of subscribers from mailing addresses and
responses.  We assume here that the characteristics of those who do not
respond or others give no cue of who they are or what they think are
randomly distributed.

**NOW--HERE'S THE IMPORTANT PART**:
Bob Krause, who helps with many of the CuD duties, would like to do a
survey of the readership. But, before sending out a survey to the readers,
we would like some feedback. If people find e-mail surveys offensive, they
can simply delete them. We are more concerned with what people think of the
propriety of it.  It would be short (3 minutes to complete), and we agree
with Bob that the information could be helpful.  Bob is a computer
applications programmer in upstate New York, and is also a graduate student
interested in computer security.

We feel bob has several good reasons that justify his project.

1. His primary reason is to establish some floor-base figures, from CuD and
other sources, to examine the demographics of the "computer underground."
It would be useful to show the readers who "they" are on the list and also
display that those on the list are not all criminally insane teenagers lead
by a dangerous 60's-type moderator.

2. A survey limited to CuD readers would give us a better sense of the
readership so we can assure ambivalent readers that they are in the
majority.

3. Bob's goal is to eventually gather sufficient data for a paper on the
composition of the CU that would be appropriate for the National Computer
Security Conference in 1991.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

-------------
ARCHIVES
-------------

With regret, we are NO LONGER ABLE to send archives from the TK0JUT2@NIU
site, and we request that readers obtain them FTP or from Bob Krause. We
are under no pressure of any kind to stop, nor is our decision the result
of the "chilling effect." The problem is time: JT is getting nasty "why
isn't your book" finished notes from the publisher, and GM's commute
between Chicago and the suburbs leaves little spare time.


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+                               END THIS FILE                                +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=


***************************************************************
***  CuD #1.21, File 2 of 5: From the Mailbag               ***
***************************************************************

In this file:  1) Dorothy Denning's paper on hackers
               2) Legal info on the ECPA from Mike Godwin
--------------------------------------------------------------------

Date: 25 Jun 1990 1021-PDT (Monday)
To: tk0jut2%niu.bitnet@uicvm.uic.edu
Cc: denning, 72307.1502@compuserve.com
Subject: Paper on Hackers


The following is the title and abstract of a paper that I will be
presenting at the 13th National Computer Security Conference in Washington,
D.C., Oct. 1-4, 1990.  A copy of the full paper can be obtained from me or
the CuD archives.


       Concerning Hackers Who Break into Computer Systems

   A diffuse group of people often called %%hackers'' has been
   characterized as unethical, irresponsible, and a serious danger to
   society for actions related to breaking into computer systems.  This
   paper attempts to construct a picture of hackers, their concerns, and
   the discourse in which hacking takes place.  My initial findings suggest
   that hackers are learners and explorers who want to help rather than
   cause damage, and who often have very high standards of behavior.  My
   findings also suggest that the discourse surrounding hacking belongs at
   the very least to the gray areas between larger conflicts that we are
   experiencing at every level of society and business in an information
   age where many are not computer literate.  These conflicts are between
   the idea that information cannot be owned and the idea that it can, and
   between law enforcement and the First and Fourth Amendments.  Hackers
   have raised serious issues about values and practices in an information
   society.  Based on my findings, I recommend that we work closely with
   hackers, and suggest several actions that might be taken.

Dorothy Denning, Digital Equipment Corp., denning@src.dec.com

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Date: Fri, 6 Jul 90 15:09:33 -0500
From: mnemonic@ccwf.cc.utexas.edu(Mike Godwin)
Subject: The Electronic Communications Privacy Act


John, you asked whether 18 USC 1343 comprised all or part of the Electronic
Communications Privacy Act. I've already sent you one reply, but I meant to
add that the Act you're asking about is set out in 18 USC 2701 et seq.

The first thing I noticed (which is to say, the first thing I looked for)
was the penalties subsection, which lists penalties that are generally much
less than those available under the wire-fraud statute, 18 USC 1343.

So, one wonders, why isn't the government prosecuting the Legion of Doom
under Secs. 2701 et seq. rather than under 1343? I have some speculations
on this issue:

a) The ECPA protects explicitly protects "communications," which probably
excludes source code and which arguably excludes the E911 "help file"
(since it wasn't written to be communicated via e-mail).  So, the feds have
a colorable argument that these statutes weren't intended to deal with
"hacking" at all.

b) By characterizing the LoD activities as theft and fraud rather than
merely as invasion of privacy, the government gets to threaten far more
serious penalties, making the whole sting operation more media-worthy. The
more media coverage of a major show trial, the more deterrent effect on
hackers, the feds may think.

c) Prosecution for more serious crimes is politically necessary for the
government to justify the resources it devoted to the Legion of Doom sting
and other investigations/prosecutions.  Only four arrests as of John
Schwartz's last NEWSWEEK article.

FYI, the first-offense penalties for unauthorized access to "stored
communications" under 18 USC 2701 are a maximum of one year in prison and
$250,000 in fines if the access was sought for commercial or destructive
purposes, and a maximum of six months in prison and $5000 in fines "in any
other case."


--Mike


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+                               END THIS FILE                                +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=


***************************************************************
***  CuD #1.21, File 3 of 5: On the Problems of Evidence    ***
***************************************************************


Please post this without attribution to me (anonymously).  I've gotten
too much hate mail and nuisance phone calls from hackers to want more,
and from the postings I've seen here, that type of person may be the
majority of your audience.

-------------------------------------------------------------------

Following are various random thoughts and reactions of a retired
semi-hacker to things that have appeared in the digest of late:

1) Quoting the maximum possible penalty for various crimes is not "fair" in
the sense that those maximum sentences are seldom imposed.  Saying that the
LoD folks, with no prior record, and (apparently) minimal or no damage
caused, are going to face 50 years in prison, is an attempt to incite the
reader.  Most of those laws specify a range of penalties that reflect the
severity of the crime.  For instance, Robert Morris (who did more damage
than the LoD folks, as near as I can tell) only got a token fine and a
probated sentence.  If the LoD folks even get convicted (doubtful, I would
guess), then their sentence cannot possibly be the maximum.  Federal
sentencing guidelines would not allow it, and no judicial review would
uphold it.

The extreme penalties are in place for extreme crimes.  If someone mucked
about with a computer and caused multiple deaths, or crashed the FedWire
computers for a half day -- that would be more deserving of a major
sentence.

The law is written to cover a range.  Let's try to be more realistic about
this aspect of things, okay?


2) Confiscation of equipment during search warrants.  Well, how would YOU
do it?  Pretend you are a Federal agent. Figure that you have to search for
evidence of wrong-doing on the computer system of someone who you (rightly
or wrongly) suspect has been involved in illegal computer activity.

Let's leave behind the question of whether the search warrants of late are
justified or not, or whether the agents involved have been overzealous.  It
doesn't matter for this little exercise.  Instead, put yourself in the role
of the person who has sufficient reason so suspect someone of a crime that
it is your duty to investigate.  You need to be thorough, and find the
evidence if it is there.  You are a Fed with a valid, fair search warrant.

Consider some of the problems:

    *  There may be gigabytes of information on disks, tapes, and optical
media that has to be searched, file by file.
    *   You also have to search the "free list" where files may have been
deleted, because sometimes evidence is found there.  You need to do this on
every disk, using something like Norton Utilities.
    *   You may have to try to decrypt some files, or figure out what
format they use.
    *    Some evidence may be hidden in other ways on the machine (use your
imagination a little here -- I'm sure you can think of some ways to do it).
You have to search it out.

You've only got one or two people to search the machine, but those persons
are also assigned to a dozen other cases.  Could you do a comprehensive
search in a few days?  A week?  To do an effective search of that much
material would probably take many, many weeks.  And remember, the person
whose equipment you are searching is somewhat (or very) knowledgeable, and
has probably tried to hide the information in some way, so you have to work
extra hard to search.  Sure they're bitching and moaning about how they
can't continue their business without their equipment, but what can *you*
do about it if you are going to do your job right?

Then there are other problems:
   *  The machine you are searching may have non-standard hardware and
software.  You can't just transfer the disks to another machine and read
them.  If nothing else, the heads may be out of alignment on the suspect's
machine, making the disks unreadable anywhere else.
   *  The machines you are searching may require special peripherals to
print/run/read data.  Your system doesn't have an optical disk, or 8mm tape
unit, or maybe even a 3.25 disk drive.
   *  You have a small budget for equipment and don't have anything big
enough or fast enough to search the data created by complex machines being
searched.
   * You don't have the budget or time to make copies of all the data and
take the data with you (even in bulk quantities and high speed, how much
would it take for you to copy 500Mb onto floppies?)
   *  Because of chain of custody requirements for the search, you have to
be able to certify that the evidence was under the control of responsible
people the whole time from the execution of the warrant up until the
introduction of trial.  That means you can't go home for the night, then
come back the next day.
   *  You can't ask the suspect to help -- he may have function keys,
booby-traps, or other things in place to erase or alter the evidence you're
after.  You can't let him near the system, or even near anything that might
signal to the system.

How do you address these issues?  By taking the whole set of equipment
involved in the search and using it to do the searching and printing.  You
know it is compatible with the data you are searching, and it probably has
sufficient capacity to do the search.

Suppose you find incriminating evidence, or at least material that needs to
be presented as evidence.  What do you do?  Well, you can't just print it
out or make a floppy copy and then hand the machine back. There is a
concept of "best evidence" involved that means you probably need the
original form.  Plus, naive jurors have a hard time relating the data, the
original computer, and copies of the data; defense lawyers like to
capitalize on that.  Take a copy into court, and an ignorant judge might
rule that it can't be used in evidence.

How to address the problem?  Keep the machine and storage until after the
trial.

It is very easy for people to criticize the law enforcement personnel for
their searches.  Perhaps they *should* be criticized for their selection of
suspects and their flair for dramatics, in some (many?) cases.  But if you
are going to criticize, then come up with a *reasonable* alternative that
can be used.

I originally thought that seizure of the equipment was too extreme, but the
more I thought about the problem, the more I realized that in many cases
the authorities have no choice if they are to do a thorough and useful
search.  I know that if someone wanted to search my systems, it would take
them weeks.  Heck, I have so much stuff on disk and tape, it sometimes
takes me more than a day to find what I want, and I'm the one who organized
it all!

3)  Prosecution, etc.

Suppose you have evidence that someone had broken into the computers at
Bank XYZ and made copies of a few harmless files.  What do you do?

Well, one thing is for certain.  You don't believe them if they say they
were only looking around.  If you did, then *everyone* caught trespassing
or committing larceny would use the same line.  Everybody "casing" the
system for a later. major theft would make the same claim -- they were just
looking.  How do you prove otherwise?

So, do you wait for them to get back on and steal something important or
cause major damage?

No, that has obvious drawbacks, too.  If you have the evidence that a crime
has been committed, then you prosecute it before a larger crime is
committed.  It may look petty, but you don't take chances with other
people's property or lives.

I'm not going to start a debate on whether or not charges in a certain case
are too extreme, or whether the law provides too harsh a penalty for some
transgressions.  Besides, we might all agree on that. :-) However, from a
standpoint of security, you never want to allow unauthorized people to
snoop on your system, whether they are causing harm or not; from a law
enforcement view, you don't wait for people to commit repeated major
felonies if you can nail them on what they've already done.

Because people steal and lie, it makes it impossible to give the benefit of
the doubt to the majority who really don't mean much harm.  My machine has
been broken into and sabotaged; as such, I will never again believe anyone
who claims they were "just looking" and I will prosecute trespassers if I
can.  That's too bad for the harmless hacker, but the harmless hacker had
better realize that assholes have spoiled the environment we all once
enjoyed.  The more people keep breaking into systems, or worse, the more
the lawmakers and law enforcement types are going to press back and make
noise about the problems.   Think it's bad now?  Then just keep hacking
into systems and provide ammunition to the know-nothings who may start
suggesting laws like registration of modems or licensing people to have
PCs.

4) Definitions, the law, etc.

First of all, I'm not surprised that you have so little comment in this
list from law enforcement types and others of their mind-set.  Part of that
may be due to the fact that they don't have network access.  Believe it or
not, there are only a few dozen Fed agents with the computer expertise to
know how to access the net.  And the US Govt has not allocated much in the
way of funds to build up computers and technology for law enforcement.
Just because they're the govt doesn't mean they have lots of equipment,
personnel, or training.  Believe me, I speak from first-hand experience on
this.

There's another reason, too, and it's related to my request to post this
anonymously.  I believe myself to be fairly middle of the road on many of
these legal issues, and what I've read so far in this digest is very
extreme (and sometimes insulting) to people in law enforcement.  I wonder
if people on this list can be objective enough to try to see the other side
of the issue -- is it worth my while to try to suggest even so much as
balance here?

Again, it is very easy to criticize, but I don't see anyone trying to think
objectively about the underlying problems and try to suggest better
solutions.  The base problem isn't that there are "evil" law enforcement
people out there trying to bash computer users.  It's because there are
irresponsible people breaking the law, and the law enforcement folks are
unsophisticated and uneducated about what they're trying to stop.

Yes, there is no question that there are abuses of the law and the system.
Yes, there is no question that there are some problems with the system.
Yes, there is no question that there are some stuck-up people in the legal
system who enjoy bullying others.

BUT

There are also people breaking into systems they have no right to
access...and it doesn't matter why they do it or whether they harm
anything, it is wrong and illegal.  There are people committing fraud
against banks, credit card companies, and telecommunications companies --
against all of us.  There are instances of industrial and political
espionage going on.  There are computer-run racist hate groups, kiddie porn
rings, and conspiracies to commit all kinds of awful things.

How would you write the laws so that illegal activity could be prosecuted
appropriately without endangering the rights of the innocent?  Instead of
being critical, let's see some of you "authorities" apply your expertise to
something constructive!  Suggest how we can write good laws that work but
can't be abused.  This would be a good forum for that.  If we come up with
some good suggestions, I suspect we could even get them into more
appropriate forums.  But we have to have reasonable ideas, first, not
simply cries of "foul" that fail to acknowledge that there are real
criminals out there amongst the rest of us.


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+                               END THIS FILE                                +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=


***************************************************************
***  CuD #1.21, File 4 of 5: On Mitch Kapor's Critics       ***
***************************************************************

--------------
The following originally appeared in TELECOM Digest, #467.
--------------

Date: Tue, 3 Jul 90 23:04:32 CDT
From: TELECOM Moderator <telecom@eecs.nwu.edu>
Subject: TELECOM Digest V10 #467

Date: Wed, 4 Jul 90 00:00:00 gmt
From: dunike!isis!well!emmanuel (Emmanuel Goldstein)
Subject: Mitch Kapor and "Sun Devil"


It's real disturbing to read the comments that have been posted recently on
TELECOM Digest concerning Operation Sun Devil and Mitch Kapor's
involvement.  While I think the moderator has been chastised sufficiently,
there are still a few remarks I want to make.

First of all, I understand the point he was trying to get across. But I
think he shot from the hip without rationalizing his point first, thereby
leaving many of us in a kind of stunned silence. If I understand it
correctly, the argument is: Kapor says he wants to help people that the
Moderator believes are thieves. Therefore, using that logic, it's okay to
steal from Kapor.

Well, I don't agree. Obviously, Kapor DOESN'T believe these people are
criminals. Even if one or two of them ARE criminals, he is concerned with
all of the innocent bystanders that are being victimized here.  And make no
mistake about that - there are many innocent bystanders here. I've spoken
to quite a few of them. Steve Jackson, Craig Neidorf, the friends and
families of people who've had armed agents of the federal government storm
into their homes and offices. It's a very frightening scenario - one that
I've been through myself.  And when it happens there are permanent scars
and a fear that never quite leaves.  For drug dealers, murderers, hardened
criminals, it's an acceptable price in my view. But a 14 year old kid who
doesn't know when to stop exploring a computer system? Let's get real. Do
we really want to mess up someone's life just to send a message?

I've been a hacker for a good part of my life. Years ago, I was what you
would call an "active" hacker, that is, I wandered about on computer
systems and explored. Throughout it all, I knew it would be wrong to mess
up data or do something that would cause harm to a system. I was taught to
respect tangible objects; extending that to encompass intangible objects
was not very hard to do. And most, if not all, of the people I explored
with felt the same way. Nobody sold their knowledge. The only profit we got
was an education that far surpassed any computer class or manual.

Eventually, though, I was caught. But fortunately for me, the witch-hunt
mentality hadn't caught on yet. I cooperated with the authorities,
explained how the systems I used were flawed, and proved that there was no
harm done. I had to pay for the computer time I used and if I stayed out of
trouble, I would have no criminal record. They didn't crush my spirit. And
the computers I used became more secure.  Except for the fear and
intimidation that occurred during my series of raids, I think I was dealt
with fairly.

Now I publish a hacker magazine. And in a way, it's an extension of that
experience. The hackers are able to learn all about many different computer
and phone systems. And those running the systems, IF THEY ARE SMART, listen
to what is being said and learn valuable lessons before it's too late.
Because sooner or later, someone will figure out a way to get in. And you'd
better hope it's a hacker who can help you figure out ways to improve the
system and not an ex-employee with a monumental grudge.

In all fairness, I've been hacked myself. Someone figured out a way to
break the code for my answering machine once. Sure, I was angry -- at the
company.  They had no conception of what security was. I bought a new
machine from a different company, but not before letting a lot of people
know EXACTLY what happened. And I've had people figure out my calling card
numbers. This gave me firsthand knowledge of the ineptitude of the phone
companies. And I used to think they understood their own field! My point
is: you're only a victim if you refuse to learn. If I do something stupid
like empty my china cabinet on the front lawn and leave it there for three
weeks, I don't think many people will feel sympathetic if it doesn't quite
work out. And I don't think we should be sympathetic towards companies and
organizations that obviously don't know the first thing about security and
very often are entrusted with important data.

The oldest hacker analogy is the
walking-in-through-the-front-door-and-rummaging-through-my-personal-belongings
one. I believe the Moderator recently asked a critic if he would leave his
door unlocked so he could drop in and rummage. The one fact that always
seems to be missed with this analogy is that an individual's belongings are
just not interesting to someone who simply wants to learn. But they ARE
interesting to someone who wants to steal. A big corporation's computer
system is not interesting to someone who wants to steal, UNLESS they have
very specific knowledge as to how to do this (which eliminates the hacker
aspect). But that system is a treasure trove for those interested in
LEARNING. To those that insist on using this old analogy, I say at least be
consistent. You wouldn't threaten somebody with 30 years in jail for taking
something from a house. What's especially ironic is that your personal
belongings are probably much more secure than the data in the nation's
largest computer systems!

When you refer to hacking as "burglary and theft", as the Moderator
frequently does, it becomes easy to think of these people as hardened
criminals. But it's just not the case. I don't know any burglars or
thieves, yet I hang out with an awful lot of hackers. It serves a definite
purpose to blur the distinction, just as pro-democracy demonstrators are
referred to as rioters by nervous leaders. Those who have staked a claim in
the industry fear that the hackers will reveal vulnerabilities in their
systems that they would just as soon forget about. It would have been very
easy for Mitch Kapor to join the bandwagon on this. The fact that he didn't
tells me something about his character. And he's not the only one.

Since we published what was, to the best of my knowledge, the first
pro-hacker article on all of these raids, we've been startled by the
intensity of the feedback we've gotten. A lot of people are angry, upset,
and frightened by what the Secret Service is doing. They're speaking out
and communicating their outrage to other people who we could never have
reached. And they've apparently had these feelings for some time. Is this
the anti-government bias our Moderator accused another writer of harboring?
Hardly. This is America at its finest.


Emmanuel Goldstein
Editor, 2600 Magazine - The Hacker Quarterly

emmanuel@well.sf.ca.us          po box 752, middle island, ny 11953


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+                               END THIS FILE                                +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=


***************************************************************
***  CuD #1.21, File 5 of 5: Excerpts from Computerworld    ***
***************************************************************

Date:         Sun, 01 Jul 90 15:59:43 EDT
From:         Michael Rosen <CM193C@GWUVM>
Subject:      Re: articles
To:           Computer Underground Digest <TK0JUT2>


---------------
%The following was excerpted from:  Computerworld, 6/25/90 (pp. 1,6).  The
author is Michael Alexander (CW Staff).%
---------------

"...civil libertarians asserted last week that authorities have crossed the
bounds of the Constitution in carrying out searches..

...Mitch Kapor, founder of Lotus Development Corp. and On Technology, Inc.,
and John Barlow an author and lyricist for the Grateful Dead, will announce
the official launch of a computer hacker defense team "within a few weeks,"
as a result of the government's crackdown on computer crime, Kapor said
last week.

Two Law firms, Rabinowitz Boudin Standard Krinsky & Lieberman in New York
and Silverglate Gertner Fine & Good in Boston, are the other members of the
planned hacker defense team.

...Government agents have intimidated some hackers who sought legal counsel
and stampeded over their constitutional rights to free speech by illegally
seizing computers used to operate bulletin-board systems, said Terry Gross,
an attorney at Rabinowitz Boudin Standard Krinsky & Lieberman.  The firm is
noted for its expertise in handling cases that it believes are deliberate
attacks on constitutional rights.  For example, it defended Daniel Ellsberg
in the celebrated Pentagon Papers case.

Computerworld learned last week that Rabinowitz Boudin Standard Krinsky &
Lieberman is already providing legal assistance in the defence of Craig
Neidorf, a 20-year-old hacker and newsletter editor who has been indicted
in Chicago in a scheme to steal Bellsouth Corp. documentation for an
enhanced 911 emergency telephone system.

"I personally asked the attorneys to provide some informal advice in these
matters, and that is obviously a logical precursor to more formal
involvment," Kapor said in an interview.

The defense team is in the midst of setting up a formal structure and
strategy for the organization, Kapor said.  Asked if the group will provide
funds to pay legal fees for computer hackers, Kapor replied: "I contemplate
doing that very strongly, but none of these decisions are final or public."

..."The government is overreacting," said Sheldon Zenner, Neidorf's
attorney and a member of the katten Muchin & Zavis law firm in Chicago.
"They are grappling with legitimate concerns of computer crime but are
trampling constitutional rights at the same time."

Zenner said that he will file First Amendment motions this week on his
client's behalf.  Neidorf was slated to go to trial in federal district
court in Chicago last week, but the trial was rescheduled for next month to
allow the defense to file new motions.

"Craig is a 20-year-old nebish, so they don't mind going after him," Zenner
said.  "They didn't think that it would raise the same issues as if they
went after _The New York Times_ or _The Wall Street Journal_."

Neidorf, who recently completed his junior year at the University of
Missouri, is a co-editor of "Phrack," a newsletter for computer hackers.
He has admitted to publishing an edited version of 911 documentation but
contended that he did not know the information had been stolen.

Federal and state law enforcers have maintained that it is necessary to
seize a computer to evaluate its contents for evidence of a crime, not to
block publication of any information on a bulletin board.

"I don't see this as a First Amendment issue," said Kirk Tabbey, a Michigan
assistant prosecuting attorney and coordinating legal counsel to the
Michigan Computer Crime Task Force.

"It is an intrusion only as far as we need to prove the crime," Tabbey
said.  "You try to take only what you need because you have to comply with
the Fourth Amendment, which limits illegal searches and seizures."

Steve Jackson, founder of Steve Jackson Games in Austin, Texas, said he
thinks otherwise.  In March, the Secret Service raided his office and the
home of an employee and seized computers that it said contained a "handbok
on computer crime," Jackson said.  The handbook was in fact a game, he
said."


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
+                               END CuD, 1.21                                +
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=