****************************************************************************
                  >C O M P U T E R   U N D E R G R O U N D<
                                >D I G E S T<
              ***  Volume 3, Issue #3.12 (April 15, 1991)   **
  ****************************************************************************

MODERATORS:   Jim Thomas / Gordon Meyer  (TK0JUT2@NIU.bitnet)
ARCHIVISTS:   Bob Krause / Alex Smith / Bob Kusumoto
POETICA OBSCIVORUM REI: Brendan Kehoe

            +++++     +++++     +++++     +++++     +++++

CONTENTS THIS ISSUE:
File 1: Moderators' Corner
File 2: From the Mailbag
File 3: Business Week Article on The Dread Hacker Menace
File 4: Using the CuD email archive server
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

USENET readers can currently receive CuD as alt.society.cu-digest.
Back issues are also available on Compuserve (in: DL0 of the IBMBBS sig),
PC-EXEC BBS (414-789-4210), and at 1:100/345 for those on FIDOnet.
Anonymous ftp sites: (1) ftp.cs.widener.edu (192.55.239.132);
                     (2) cudarch@chsun1.uchicago.edu;
                     (3)  dagon.acc.stolaf.edu (130.71.192.18).
E-mail server: archive-server@chsun1.uchicago.edu.

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may be reprinted as long as the source is
cited.  Some authors, however, do copyright their material, and those
authors should be contacted for reprint permission.  It is assumed
that non-personal mail to the moderators may be reprinted unless
otherwise specified. Readers are encouraged to submit reasoned
articles relating to the Computer Underground.  Articles are preferred
to short responses.  Please avoid quoting previous posts unless
absolutely necessary.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Contributors assume all
            responsibility for assuring that articles submitted do not
            violate copyright protections.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

------------------------------

From: Moderators
Subject: Moderators' Corner
Date: 15 April, 1991

********************************************************************
***  CuD #3.12: File 1 of 4: From the Moderators                 ***
********************************************************************

+++++++++++++
NEW FTP SITE
+++++++++++++

Another ftp site has been added where back issues of CuD, Phrack, and
other documents can be obtained.
Anonymous ftp to: dagon.acc.stolaf.edu
(130.71.192.18 is the IP address for dagon).
CD to the 'Next-ug/phrack' directory.

NOTE:  *!PLEASE!* use only between 1700-0600 (5 pm and 6 am)!
We depend on courtesy of users to keep the sites running. Thanks.
And thanks to the new ftpmaster for setting this up!

For those wanting additional instructions on using the mail
server, see file # 4 below.

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

------------------------------

From: Assorted
Subject: From the Mailbag
Date: April 15, 1991

********************************************************************
***  CuD #3.12: File 2 of 4: From the Mailbag                    ***
********************************************************************

Subject: Len Rose, licenses, and piracy
From: peter@TARONGA.HACKERCORP.COM(Peter da Silva)
Date: Sun, 7 Apr 91 13:44:05 CDT

We have some odd numbers here: could someone explain them?

> The UNIX operating system, which is
> licensed by AT&T at $77,000 per license,

Last time I checked the UNIX source code was considerably more than
this.  The version of UNIX that was licenced for $77,000 for source is
no longer offered.

> The login program is licensed by AT&T at $27,000 per license.

Is this true, that "login" is licensed separately? If so, it's
unlikely that it was licensed separately back in V7 days.

So what's the story? Is AT&T actually lowering the estimated value of
UNIX here, or inventing a separate license for the login program, or
is there actually some boilerplate license for portions of the UNIX
source?

In any case, the people claiming that the 77,000 figure is "obviously"
just another exaggerated pricing are mistaken: that figure is an
extreme understatement of the value of teh UNIX source. The price on
the login.c program, $27,000, does seem out of line though.

Finally, I would like to note that unlike many of the posters here I'm
not going to try to excuse Rose's adding trapdoors to login.c as
either educational or providing support to AT&T customers. His
posession of this code was definitely illegal. His use of it was,
while perhaps protected under the first amendment, hardly wise.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Subject: Len Rose
From: jrbd@CRAYCOS.COM(James Davies)
Date: Mon, 8 Apr 91 14:15:51 MDT

Keith Hansen and Arel Lucas in CuD #3.11 shared with us their letter
to AT&T expressing their anger at the arrest and conviction of Len
Rose (among other things).  Well, I have to disagree with their
conclusions in this case -- Len Rose is not an innocent martyr,
crucified by an evil corporation for benevolently giving unpaid
support to AT&T software users, as Hansen and Lucas attempted to
portray him.  The press release published earlier in the same CuD
issue makes it clear that Rose's intent was to steal passwords and
invade systems.  While the possession of AT&T source code was the
charge of which Rose was convicted, his actual crime (in a moral
sense) was the equivalent of manufacturing burglar's tools, or perhaps
of breaking and entering (although there isn't any evidence that he
actually did any of this, his intent was clearly to help others do
so).  Nothing makes this more obvious than Rose's own words, as quoted
from the comments in his modified login.c by the Secret Service press
release:

   Hacked by Terminus to enable stealing passwords.
   This is obviously not a tool to be used for initial
   system penetration, but instead will allow you to
   collect passwords and accounts once it's been
   installed.  (I)deal for situations where you have a
   one-shot opportunity for super user privileges..
   This source code is not public domain..(so don't get
   caught with it).

I'm sorry, but these aren't the words of an innocent man.

Personally, I think that Rose is guilty of the exact same sort of
behaviour that gives hackers a bad name in the press, and I think that
you're crazy to be supporting him in this.  Save your indignation for
true misjustices, ok?

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++=

Subject: Re: Computers and Freedom of Speech
From: elroy!grian!alex@AMES.ARC.NASA.GOV(Alex Pournelle)
Date: Tue, 9 Apr 1991 09:02:53 GMT

In CuD 3.11, works!LC1%das@HARVUNXW.BITNET wrote:

>In response to an article in CuD 3.09 on computer publications...

>What gives people the right to censor and deem something illegal in
>the electronic media when paper, TV, radio, and the spoken word is
>perfectly legal and protected by the first amendment.

Why am I having to answer this?  Wasn't this mentioned ten times in the
past?  I'll repeat: TV and radio are federally-minded resources "of the
people", which have guidelines set up by the FCC, nominally in the
interest by/for/of the people.  (The rationale for the government
minding the spectrum is that it's a scarce resource and one prone to
huge abuse if not minded.  That argument cuts both ways, doesn't it?)

Telephones are covered by "common-carrier" laws, which prevent
Pac*Bell from being confiscated because someone plans a murder over the
wires.  Ditto for cellular, Tymnet, telegraph and everything like them.
This is a two-edged sword: the telcos have to give access to anyone who
carries money, whether they "like" them or not.  And they can have
nothing (well, little--see "The Cuckoo's Egg" for one exception) to do
with the content of what they carry.

BBSes and for-pay services are NOT covered by common-carrier: THEY ARE
PRIVATE SERVICES.  The reason that CompuServe and BIX aren't confiscated
every month is because H&R Block and McGraw-Hill have more lawyers than
the Dept. of Justice--and they'd sue like crazy, and the government knows
it.  But since they're private, Prodigy can take off whatever messages
it wants to.  Whether it's violating privacy laws by reading people's
mail is a matter I am not qualified to discuss.

%I have, in fits of anger, wanted to take this "too big to confiscate"
argument another step--say, building the computer into the foundation of
a house, or better yet, into the foundation of an apartment building
whose owner I didn't like.  Or running it on an H-P 3000, the old kind
that takes up an entire garage.  And videotaping the attempts to remove
the thing.  But I digress.%

>Q: Shouldn't electronic publications be protected under the same
>article of the constitution that allows free presses?

If they can be shown to be the same thing.  Can you make this stand in a
court of law?  I can't; the EFF is trying to.  It's incredibly
important, no doubt.

>A: Most definitly. [sic]

Why?  Stand right there and tell the judge why your PC and a modem
should be accorded the same shield laws as the L.A. Times.  Then explain
that to the same L.A. Times, in short words, and get it printed.

>The question now is why aren't they?

No, that's only one question.  Ignorance is probably the main reason for
this state of affairs; ignorance that spawns "YOUR KIDS COULD BE TARGETS
OF WHITE-SUPREMACIST PEDERASTS WHO NUKE DOLPHINS WHILE EATING
HIGH-CHOLESTERAL FATS!!!!   SCENES OF THEIR ILLICIT IMMORAL COMPUTER
NETWORK LIVE FROM THE SCENE!!!  FILM AT ELEVEN, RIGHT AFTER THE MISS NUDE
BIKINI CONTEST WINNER INTERVIEW!!!!" so-called journalism on television.

But that same ignorance, I'm afraid, pervades this very conference.  If
the Sixties, that period of unbounded and unfocussed optimism, taught me
anything by hindsight, it's this: Know Reality.  Wishful thinking won't
change a thing.  If you're concerned about the issues of electronic
freedom--and we all should--Know Reality.  That means understanding
RCCs, RFCs, PSTNs, POTS, CLASS, CLIDs and FOIAs.  For that scary future
we can't stop _will_ be based on the past.  It is up to us to make sure
it is based on the right parts.

            Sincerely,
               Alex Pournelle

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++=

From: chron!magic322!edtjda@UUNET.UU.NET(Joe Abernathy)
Subject: Defining Hackers for the Media
Date: Wed, 10 Apr 91 19:31:01 CDT

From the you asked for it, you got it department:

We've decided to do a brief sidebar treatment of the controversy over
the use of words such as hacker, cracker, phreaker, codez kids, etc.

Your brief, to-the-point comments are hereby invited for publication.
Please fully identify yourself and your organization (or whatever job
description best qualifies you to have an opinion on the subject).

Please respond via electronic mail to:

edtjda@chron.com   or  %nearbybighost%!uunet!chron!edtjda

If there is an overwhelming volume of responses, I will not make
individual acknowledgements. The resulting story will in any case be
submitted for possible distribution in cud; and will be available
electronically to those submitting their thoughts on the subject.

Thanks in advance.

Joe Abernathy
Houston Chronicle
(800) 735-3820

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++=

From: kadie@EFF.ORG(Carl Kadie)
Subject: Computers and Academic Freedom - a new mailing list
Date: Wed, 10 Apr 91 12:05:43 EDT

Announcing a new mailing list: comp-academic-freedom-talk

Purpose: To discuss questions such as: How should general principles
of academic freedom (such as freedom of expression, freedom to read,
due process, and privacy) be applied to university computers and
networks? How are these principles actually being applied? How can the
principles of academic freedom as applied to computers and networks be
defended?

To join: send email to listserv@eff.org. The body of the note should
contain the line
  add comp-academic-freedom-talk
To leave the list, send email with the line
  delete comp-academic-freedom-talk
For more information about listserv, sent email with the line
  help

After you join the list, to send a note to everyone on the
list, send email to comp-academic-freedom-talk@eff.org (or caf-talk@org).

The long version:
When my grandmother attended the University of Illinois fifty-five
years ago, academic freedom meant the right to speak up in class, to
created student organizations, to listen to controversial speakers, to
read "dangerous" books in the library, and to be protected from random
searches of your dorm room.

Today these rights are guaranteed by most universities. These days,
however, my academic life very different from my grandmother's. Her
academic life was centered on the classroom and the student union.
Mine centers on the computer and the computer network. In the new
academia, my academic freedom is much less secure.

It is time for a discussion of computers and academic freedom.  I've
been in contact with Mitch Kapor. He has given the discussion a home on
the eff.org machine.

The suppression of academic freedom on computers is common. At least
once a month, someone posts on plea on Usenet for help. The most
common complaint is that a newsgroup has been banned because of its
content (usually alt.sex). In January, a sysadmin at the University of
Wisconsin didn't ban any newsgroups directly. Instead, he reduced the
newsgroup expiration time so that reading groups such as alt.sex is
almost impossible. Last month, a sysadmin at Case Western killed
a note that a student had posted to a local newsgroup.  The sysadmin
said the information in the note could be misused. In other cases,
university employees may be reading e-mail or looking through user
files. This may happen with or without some prior notice that e-mail
and files are fair game.

In many of these cases the legality of the suppression is unclear. It
may depend on user expectation, prior announcements, and whether the
university is public or private.

The legality is, however, irrelevant. The duty of the University is
not to suppress everything it legally can; rather it is to support the
free and open investigation and expression of ideas. This is the ideal
of academic freedom. In this role, the University acts a model of how
the wider world should be. (In the world of computers, universities are
perhaps the most important model of how things should be).

If you are interested in discussing this issues, or if you have
first-hand experience with academic supression on computers or
networks, please join the mailing list.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++=

From: Anonymous
Subject: Fox Broadcasting, Hollywood Hacker, and Evil-doings
Date: Sat, 7 Apr 91 19:18:15 MDT

Given what Fox Television did to the Hollywood Hacker, I thought
this might be of interest if anybody wants to read it. The following
story appeared in the New York Times today:

"Guns Found at Airport During Visit by Bush"

      LOS ANGELES, April 6 (AP)--Two television employees were detained
      but not arrested Friday night after two .22 caliber pistols were
      found intheir vehicles as they tried to enter an area at Los
      Angeles Airport that was secured for President Bush's departure.

      It was the first time that firearms had been found so close to a
      President, the White House spokesman, Marlin Fitzwater, said.

      --(stuff omitted)

      The two men were a cameraman from Fox Television and a courier for
      Cable News Network. Neither was identified.

The article concludes by saying that the gun was carried in violation
of company policy.

Now, I ask this: If the HH was set up, I wonder if it's possible that
Fox was maybe trying to do a sting of its own to see how close they
could get The Prez without being caught?

Did this story make the same splash on Fox that the HH story did?  Did
Fox come up with a cute name for these guys? Why didn't it have
television cameras present when they got caught? Seems to me that
getting caught with weapons so near the President is far more serious
than logging on to a computer somewhere. I just wonder if Fox
terminated its employee, and applied the same standards of fairness,
lose as they may be, to these guys as they did to the HH?  It's all
gotta make ya wonder about Fox's credibility, doesn't it?

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++=

FROM: cybrview@EFF.ORG
Subject: Looking at CyberSpace from Within
Date:    Thu, 11 Apr 91 16:20 CDT

Looking At CyberSpace From Within


On January 18, 1990, Craig Neidorf was visited by the United States
Secret Service.  Shortly afterwards he became the first victim in a
war to preserve the rights guaranteed to all by the United States
Constitution.  He would not be alone.  Steve Jackson Games, though not
a target of any criminal investigation, was treated worse than most
criminals when his company was inexplicably raided by the Secret
Service.

A dangerous trend was in evidence throughout the nation when Secret
Service agents -- during Operation Sun-Devil and other related cases
-- acted as if the interests of corporations like Bellcore are more
important than those of individual citizens.

Mitch Kapor, John Barlow, and others banded together to meet the
challenge.  They became the Electronic Frontier Foundation and they
set forth to not only defend those wrongly accused of crimes, but to
educate the public and law enforcement in general about computers and
today's technology.

EFF participated in a large public forum in March 1991.  It was the
first conference on Computers, Freedom, & Privacy, which was in
general an opportunity to teach and learn from law enforcement
officials, defense attorneys, and others with a more professional
interest in the field.  Now it is time to change gears a little and
focus on a different group of people.

Announcing...
                                 CyberView '91
                              St. Louis, Missouri
                        The Weekend of June 21-23, 1991

A face-to-face opportunity to learn views, perspectives, and ideas
from the people who live in CyberSpace on a day-to-day basis.

CyberView '91 is a conference to discuss civil liberties in CyberSpace
with the group of people that have been affected the most -- Hackers.
It is not a forum to discuss computer or telecommunications systems in
the context of security or accessibility.  Instead this is the chance
for the people who call themselves hackers to meet the Electronic
Frontier Foundation in person and share their feelings with the people
who might be able to make a difference and hopefully learn a few
things at the same time.

This conference is by INVITATION ONLY.  If you are interested in
attending this noteworthy event please leave electronic mail to
"cybrview@EFF.ORG."

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++=

From: cosell@BBN.COM(Bernie Cosell)
Subject: Re: Is hacking the same as Breaking and Entering?
Date: 10 Apr 91 13:15:09 GMT

The Works BBS Admin <works!root@UUNET.UU.NET> writes:

%In response to the question: "Is computer hacking the same as B&E?"

%Not by far. Breaking and entering has malicious intent, and usually is
%solely to steal things and/or hurt something.  Hacking although
%portrayed negatively in the press is not like this at all. It is
%merely looking around at what is in various systems, and learning from
%it. ...

While I'm sure this is sincerely felt, it so egregiously distorts the
real issues involved it makes one wonder if Mr "root" even UNDERSTANDS
what the dispute is all about.

Consider: it is the middle of summer and you happen to be climbing in
the mountains and see a pack of teenagers roaming around an
abandoned-until-snow ski resort.  There is no question of physical
harm to a person, since there will be no people around for months.
They are methodically searching EVERY truck, building, outbuilding,
shed, etc,.  Trying EVERY window, trying to pick EVERY lock.  When they
find something they can open, they wander into it, and emerge a while
later.  From your vantage point, you can see no actual evidence of any
theft or vandalism, but then you can't actually see what they're doing
while they're inside whatever-it-is.

Should you call the cops?  What should the charge be?  Would the answer
be different if you OWNED the ski resort and it was YOUR stuff they
were sifting through?  I grant you that one should temper the crime
with the assessment of the ACTUAL intent and the ACTUAL harm done, but
that certainly doesn't argue that the intrusion, itself, shouldn't be a
crime.

%... the majority of
%hackers (in my opinion) are not trying to hurt anything, and only
%allow themselves a little room to look at, and possible a small chair

What a load of crap....  If you want a room and a chair, ask one of your
friends for one, but include me out.

% Say you find an unknown account
%mysteriously pop up? Why not find out who it is, and what they are
%looking for first, because as odds go, if they got in there once,
%they can do it again, no matter what you do.

For two reasons:

  1) just because YOU have such a totally bankrupt sense of ethics and
  propriety, that shouldn't put a burden on *me* to have to waste my
  time deailing with it.  Life is short enough to not have it
  gratuitously wasted on self-righteous, immature fools.

  2) I'm just as happy having that kind of "finding out" done by the
  police and the courts --- that's their job and I'd just as soon not
  get involved in the messy business [even if I could spare the time].
  If you can't learn to act like a reasonable member of society for its
  own sake, perhaps somewhat more painful measures will dissuade you
  from "doing it again".

If you want to 'play' on my system, you can ASK me, try to convince me
*a*priori* of the innocence of your intent, and if I say "no" you
should just go away.  And playing without asking is, and should be,
criminal; I have no obligation, nor any interest, in being compelled to
provide a playpen for bozos who are so jaded that they cannot amuse
themselves in some non-offensive way.

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

------------------------------

From: Moderators, J&B McMullen, and H. Silverglate and S. Beckman
Subject: Business Week Article on The Dread Hacker Menace
Date:  April 15, 1991

********************************************************************
***  CuD #3.12: File 3 of 4: Responses to Business Week Article  ***
********************************************************************

In the April 15, 1991, issue of BUSINESS WEEK (p. 31), Mark Lewyn and
Evan I. Schwartz combined to write "Why 'the Legion of Doom' has
Little Fear of the Feds." The article has been criticized by
attorneys, journalists, and computer professionals for its flagrant
inaccuracies, potentially libelous commentary, and distortion of facts
and issues. A superficial reading of the article might lead others to
agree with the criticisms we print below.  We, however, rather like
the article and find it a refreshing narrative. Clearly, as we read
Lewyn and Schwartz, they were writing satire. The article is obviously
an attempt at postmodernist fiction in which truth is inverted and
juxtaposed in playful irony in an attempt to illustrate the failure of
Operation Sun Devil.  The clever use of fiction underscores the abuses
of federal and other agents in pursuing DHs ("Dreaded Hackers") by
reproducing the symbols of bad acts (as found in government press
releases, indictments and search affidavits) *as if* they were real in
a deconstructionist style in which the simulacra--the non-real--become
the substance.

Let's take a few examples:

In a table listing the suspect, the alleged crime, and the outcome
of five hackers to show the "latest in a a series of setbacks
for the government's highly publicized drive against computer
crime (table)," the table lists Robert Morris, Steve Jackson,
Craig Neidorf, the Atlanta Three, and Len Rose. Steve Jackson
was not charged with a crime, even though the table tells us the
case was dismissed for lack of evidence.  The article calls Craig
Neidorf a hacker (he was never charged with, nor is there any
indication whatsoever, that he ever engaged in hacking activity), and
fails to mention that the case was dropped because there was, in fact,
no case to prosecute.  We interpret this as a subtle way of saying
that all innocent computerists could be accused of a crime, even if
there were no evidence to do so, and then be considered a computer
criminal. This, and other factual errors of readily accessable and
common public knowledge suggests to us that the table is a rhetorical
ploy to show the dangerous procedures used by the Secret Service.  Why
else would the authors risk a libel suit?

In another clever bit of satirical prose, the authors write:

      Jerome R. Dalton, American Telephone & Telegraph Co.'s corporate
      security manager, is convinced that the feds simply can't
      convict.  He points to Leonard Rose Jr., a computer consultant
      who pleaded guilty on Mar. 22 to wire-fraud charges in Chicago and
      Baltimore. Prosecutors said he sent illegal copies of a $77,000
      AT&T computer-operating system known as Unix to hackers around
      the country after modifying it so it could be used to invade
      corporate and government systems.

The article adds that Dalton

      contends that without AT&T's help, the government wouldn't have had a
      case. It was AT&T--not the feds--that verified that Rose wasn't a
      licensed Unix user and that the program had been modified to make
      breaking into computer systems easier."

Now, this could be considered an innocuous statement, but the
subtleness is obvious. To us, the authors are obviously saying that
AT&T helped the feds by inflating the value of material available for
about $13.95 to an astronomical value of $78,000 (later lowered to
$23,000).  And, why should the feds know who Unix is licensed to? Last
we checked, AT&T, not the government, was responsible for keeping
track of its business records, and AT&T was responsible for pursuing
the charges. The Len Rose case was not a hacker case, the program was
not sent to other "hackers," there was no evidence (or charges) that
anybody had even tried to use the login.c program that allegedly was
modified, and the case was not a hacker case at all, but rather a case
about unlicensed software. So, it seems to us that the authors are
trying to illustrate the arrogance of AT&T and the evidentiary
aerobics used to try to secure indictments or convictions in cases
that are more appropriately civil, rather than criminal matters.

So, we say congrats to the authors for taking the risk to write news
as fiction, and suggest that perhaps they should consider changing
their career line.

But, we recognize that others might interpret article as
irresponsible, ignorant, and journalistically bankrupt. We reprint
(with permission) two letters sent to Business Week in response to the
article.

Others wishing either to complain to BW or to commend their
reporters on their fiction writing can fax letters to Business
Week at (212) 512-4464.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

MCMULLEN & MCMULLEN, INC


April 9, 1991

Readers Report
Business Week
1221 Avenue of the Americas
New York, NY 10020

Dear Madam or Sir,

As a long time admirer of your coverage of technological issues, I was
dismayed to find an appalling number of inaccuracies in "Why 'The
Legion OF Doom' Has Little Fear Of The Feds" (BW, 04/15/91). The
article, unfortunately, shows little attention to detail in its
presentation of "facts" and winds up being unfair to those "accused"
and law enforcement officials alike.

The article states that Steve Jackson, "President of computer-game
maker accused of publishing a 'handbook of computer crime' had his
"case dismissed because of lack of evidence." In fact, Steve Jackson
was never accused of anything (there was a remark made by a Secret
Service Agent that the game about to be published read like a
"handbook of computer crime" -- the game is a role playing game set in
a future totalitarian society). Steve Jackson's computers, diskettes
and printed records were seized pursuant to an investigation of one of
his employees who was thought to be a recipient of information related
to the investigation of Craig Neidorf's electronic publishing
activities. Jackson's equipment has since been returned and law
enforcement officials attending the recent "Computers, Freedom &
Privacy" conference in San Francisco referred to the Jackson case as
one that should not have happened (One of the authors of your piece,
Evan Schwartz, was listed as an attendee at the conference. Copies of
the search warrant used in obtaining Jackson's equipment were
available to all attendees at the conference. The warrants clearly
indicate that Jackson was not a subject of the investigation. It is my
information that Jackson will shortly file suit against the government
as a result of the damage that the "search and seizure" did to his
business.

I suggest that you, by your description, have made Jackson fit the
public image of John Gotti -- a person "everyone knows is guilty" but
for whom insufficient evidence exists to make him pay his just
deserts. In Jackson's case, nothing could be further from the truth.

The article states that Franklin Darden, Jr, Adam Grant and Robert
Riggs were "each sentenced to one year split between a half-way house
and probation." In fact, Riggs received 21 months in prison while
Grant and Darden received 14 months with the stipulation that 7 may be
served in a half-way house. Additionally, the three were ordered to
jointly and/or separately make restitution to BellSouth for $233,000.
After reading the article, I spoke to Kent Alexander, US Attorney
responsible for the prosecution of Riggs, Darden and Grant to confirm
the sentences. Alexander not only confirmed the sentences; he objected
to the calling of the cases as other than a victory for the government
(There are many in the computer community who feel that the sentence
was, in fact, too harsh. None would consider it other than a
government "victory".). Alexander also affirmed that each of the
defendants is actually doing prison time, rather than the type of
split sentence mentioned in the article. Alexander also told me, by
the way, that he believes that he sent a copy of the sentencing
memorandum to one of your reporters.

The actual sentences imposed on Riggs, Darden and Grant also, of
course, makes the article's statement that Rose's one-year sentence is
"by far the stiffest to date" incorrect.

The treatment of the Neidorf case, while perhaps not factually
incorrect, was superficial to the point of dereliction.  Neidorf, the
publisher of an electronic newsletter, Phrack, was accused of
publishing, as part of his newsletter, a document which later was
proven to be unlawfully obtained by Riggs, Darden and Grant -- an
activity that many saw as similar to the Pentagon Papers case. The
case was, in fact, eventually dropped when it turned out that the
document in question was publicly available for under $20. Many
believe that the case should never have been brought to trian in the
first place and it is to this kind of electronic publishing activity
that Professor Tribe's constitutional amendment attempts to protect.

It is a bit of a reach to call Neidorf a "hacker". He is a college
senior with an interest in hacking who published a newsletter about
the activities and interest of hackers. It is totally inaccurate to
call Jackson a hacker, no matter what definition of that oft-misused
terms is applied.

The article further states that the target of the Sundevil
investigation was the "Legion of Doom". According to Gail Thackeray,
ex-Assistant Attorney General of the State of Arizona and one of the
key players in the Sundevil investigation, and the aforementioned Kent
Alexander (both in conversations with me and, in Thackeray's case, in
published statements), this is untrue. The Legion of Doom was a
loosely constructed network of persons who, it has been alleged and,
in some cases, proven, illegally accessed computers to obtain
information considered proprietary. The subjects of the Sundevil
investigations were those suspected of credit card fraud and other
crime for profit activities. On April 1st, commenting on the first
major Sundevil indictment, Thackeray was quoted by the Newsbytes News
Service as saying "The Sundevil project was started in response to a
high level of complaint of communications crimes, credit card fraud
and other incidents relating to large financial losses. These were not
cases of persons accessing computers 'just to look around' or even
cases like the Atlanta 'Legion of Doom' one in which the individuals
admitted obtaining information through illegal access. They are rather
cases in which the accused allegedly used computers to facilitate
theft of substantial goods and services."

The article further, by concentrating on a small number of cases,
gives the reader the impression that so-called "hackers' are free to
do whatever they like in the global network that connects businesses,
government and educational institutions. There have been many arrests
and convictions in recent months for computer crime. In New York State
alone, there have been arrests for unlawful entries into PBX's,
criminal vandalism, illegal access to computers, etc. Heightened law
enforcement activity, greater corporate and government concern with
security and a better understanding by "hackers" of acceptable limits
are, if anything, making a safer climate for the global net while the
concern of civil libertarians coupled with greater understanding by
law enforcement officials seems to be reducing the possibility of
frivolous arrests and overreaching. This improved climate, as
evidenced by the recent conference on "Computers, Freedom and
Privacy", is a far cry from the negative atmosphere evidenced in the
conclusion of your article.

I have spent the last few years discussing the issues of computer
crime, access to information and reasonable law enforcement procedures
with a wide range of individuals --police officers, prosecutors,
defense attorneys, "hackers", civil libertarians, lawmakers, science
fiction writers, etc. and have found that their opinions, while often
quite different, warrant presentation to the general public.
Unfortunately, your article with its factual errors and misleading
conclusions takes away from this dialog rather than providing
enlightenment; it is a great disappointment to one who has come to
expect accuracy and insightful analysis from Business Week. I urge you
to publish an article explaining these issues in full and correcting
the many errors in the April 15th piece.

Yours truly,


John F. McMullen
Executive Vice President

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Response #2
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


                                   April 8, 1991

Readers Report
Business Week
1221 Avenue of the Americas
New York, NY 10020

Dear Editor,

Mark Lewyn and Evan Schwartz are correct that the Secret Service's
"Operation Sundevil" has been a disaster ("Why %The Legion of Doom'
has little fear of the Feds", BW April 15th), but the rest of their
article completely misses the point.  The problem with the
government's war on computers is not that "it's much harder to nail
hackers for electronic mayhem than prosecutors ever imagined," but
rather, that lack of computer sophistication has caused prosecutors
and investigators to treat law-abiding citizens like criminals.  Their
reporting on Steve Jackson Games is particularly egregious.  To call
Steve Jackson a "suspect" in the "war on hackers" is to allege
criminal conduct that even the government never alleged.

Steve Jackson Games is a nationally known and respected, award-winning
publisher of books, magazines, and adventure company was ever accused
of any criminal activity.  The government has verified that Jackson is
not the target of any investigation, including "Operation Sundevil."
There was no criminal case "dismissed because of lack of evidence"
--there simply was no criminal case at all.

Lewyn and Schwartz missed the real story here.  Based on allegations
by government agents and employees of Bellcore and AT&T, the
government obtained a warrant to seize all of the company's computer
hardware and software, and all documentation related to its computer
system.  Many of the allegations were false, but even if they had been
true, they did not provide any basis for believing that evidence of
criminal activity would be found at Steve Jackson Games.

The Secret Service raid caused the company considerable harm.  Some of
the equipment and data seized was "lost" or damaged.  One of the
seized computers ran an electronic conferencing system used by
individuals across the country to discuss adventure games and related
literary genres.  The company used the system to communicate with its
customers and writers and to get feedback on new game ideas.  The
seizure shut the conferencing system down for over a month.  Also
seized were all of the current drafts of the company's
about-to-be-released book, GURPS Cyberpunk.  The resulting delay in
the publication of the book caused the company considerable financial
harm, forcing it to lay off half of its employees.

Jackson has resuscitated his electronic conferencing system and his
business.  GURPS Cyberpunk was partially reconstructed from old drafts
and eventually published.  It has been nominated for a prestigious
game industry award and is assigned reading in at least one college
literature course.

But what happened at Steve Jackson Games demonstrates the
vulnerability of computer users -- whether corporate or individual --
to government ineptitude and overreaching.  What the Secret Service
called a "handbook for computer crime" was really a fantasy
role playing game book, something most twelve-year-olds would have
recognized after reading the first page.

                           Sincerely,


                           Harvey A. Silverglate
                           Sharon L. Beckman
                           Silverglate & Good
                           Boston, Massachusetts
                           Counsel for Steve Jackson Games

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

------------------------------

From: kusumoto@CHSUN1.UCHICAGO.EDU(Bob Kusumoto)
Subject: Using the CuD email archive server
Date: Mon, 8 Apr 91 18:23:52 CDT

********************************************************************
***  CuD #3.12: File 4 of 4: Using the CuD mailserver            ***
********************************************************************

A note about the e-mail archive server at chsun1.uchicago.edu:

please send any and all requests for files/help to:
        archive-server@chsun1.uchicago.edu

this is not the address for receiving the latest issue of CuD from the
mailing list.  Either subscribe to alt.society.cu-digest on USEnet or
send mail to TK0JUT2@NIU.BITNET (although I'm not sure, you might be able
to do uunet!NIU.BITNET!TK0JUT2 if you do not have a definition for .BITNET
sites).

The archive server is automated and it only understands a few commands placed
in the body of the message you send.  These commands are HELP, INDEX, SEND,
and PATH (case doesn't matter).  In short:

help:   sends a help file describing each command in detail
index:  sends an index of available topics.  If the topic is on the same
        line, it will send a detailed index of that topic.  Available CuD
        topics are:

          ane ati bootlegger chalisti cud hnet law lod narc network
          nia papers phantasy phrack phun pirate school synd tap
send:   sends a file.  Commands for send must be in the following format:
           send topic filename
           send topic filename1 filename2 filename3 ...

        Please note that the arguments are separated by spaces, not slashes
        or any other characters.  Also, some mailers between this site and
        yours might not be able to handle mail messages larger than 50k in
        size.  You will have to make special arrangements to receive these
        files (see address below).
path:   This command forces a specified return path.  Normally, the server
        will guess what the return address should be (most of the time,
        successfully), but in some cases, it will cause the requested
        files to bounce, leaving you without your files.  If this is the
        case, you should use the path command to set the return address.
        Please note, the mailer here cannot handle .uucp addresses, these
        addresses must be fully expanded.  Here are some examples:
           path user@host.bitnet         [for BITNET hosts, direct]
           path user%hosta.major.domain@hostb.major.domain
           path hosta!hostb!hostc@uunet.uu.net

some useful commands to give to the server (once you know your mailing
address is OK) are:

send cud cud-arch
      which sends the master Index for the CuD archive.
send cud chsun1.email.files
      which sends a directory of all files that are in the CuD archives by
      topic, filename, size of the file, and other less useful information.
      This file is updated whenever new files are added to the archives.

If you have any problems and wish to have someone help you with the server,
please send mail to:
        archive-management@chsun1.uchicago.edu
(also   cudarch@chsun1.uchicago.edu)

Bob Kusumoto
chsun1 archive manager

********************************************************************

------------------------------

                         **END OF CuD #3.12**
********************************************************************