****************************************************************************
                  >C O M P U T E R   U N D E R G R O U N D<
                                >D I G E S T<
              ***  Volume 3, Issue #3.24 (July 3, 1991)   **
  ****************************************************************************

MODERATORS:   Jim Thomas / Gordon Meyer  (TK0JUT2@NIU.bitnet)
PHILEMEISTER: Bob Krause // VACATIONMEISTER: Bob Kusumoto
MEISTERMEISTER: Brendan Kehoe

            +++++     +++++     +++++     +++++     +++++

CONTENTS THIS ISSUE:
File 1: From the Mailbag  (Response to "Cyberpunk" definition)
File 2: Bill Vajk, Len Rose, Gene Spafford
File 3: Comsec Security Press Release
File 4: Comments on ComSec Data Security
File 5: Police Confiscations and Police Profit
File 6: House Crime Bill (1400) and its Threat to Modemers
File 7: Law Panel Recommends Computer Search Procedures
File 8: The CU in the News (data erasing; cellular fraud)
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
CuD is available via electronic mail at no cost. Hard copies are available
through subscription or single issue requests for the costs of reproduction
and mailing.

USENET readers can currently receive CuD as alt.society.cu-digest.
   Back issues of Computer Underground Digest on CompuServe can be found
in these forums:
            IBMBBS, DL0 (new uploads) and DL4 (BBS Management)
            LAWSIG, DL1 (Computer Law)
            TELECOM, DL0 (New Uploads) and DL12 (Electronic Frontier)
Back issues are also available from:
GEnie, PC-EXEC BBS (414-789-4210), and at 1:100/345 for those on FIDOnet.
Anonymous ftp sites: (1) ftp.cs.widener.edu (192.55.239.132);
                     (2) cudarch@chsun1.uchicago.edu;
                     (3) dagon.acc.stolaf.edu (130.71.192.18).
E-mail server: archive-server@chsun1.uchicago.edu.

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may be reprinted as long as the source is
cited.  Some authors, however, do copyright their material, and those
authors should be contacted for reprint permission.  It is assumed
that non-personal mail to the moderators may be reprinted unless
otherwise specified. Readers are encouraged to submit reasoned
articles relating to the Computer Underground.  Articles are preferred
to short responses.  Please avoid quoting previous posts unless
absolutely necessary.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Contributors assume all
            responsibility for assuring that articles submitted do not
            violate copyright protections.

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

----------------------------------------------------------------------

Date: July 3, 1991
From: Various
Subject: From the Mailbag  (Response to "Cyberpunk" definition)

********************************************************************
***  CuD #3.24: File 1 of 8: From the Mailbag                   ***
********************************************************************

Date: Tue, 2 Jul 91 12:44:22 cdt
From:  <accidentally garbled by editors>
Subject: Brad Hicks and Cyber Definitions

I commend Brad Hicks for his generally concise set of definitions of
definitions of computer underground types which make it clear that
there are many different motivations and categories.  However, I would
modify his following definition:

> CYBERPUNK: (n)  A cyberpunk is to hackers/phreaks/crackers/crashers
> what a terrorist is to a serial killer; someone who insists that their
> crimes are in the public interest and for the common good, a
> computerized "freedom fighter" if you will.

In the works of Bruce Sterling, William Gibson, and others, cyberpunks
are not terrorists in the conventional sense of the term, and the
analogy to serial killers strikes me as a bit extreme. Cyberpunks are
characterized by their resistance to oppressive authority (which makes
them a form of freedom fighter), but the resistance tends to be highly
individualistic. I wonder if cyberpunks might be based on the
anti-hero model of westerns (Shane) or earlier science fiction in
which the marginal but basically decent outsider steps in to use
marginal skills to save the town, country, or civilization?

I hope Mr. Hicks' comments generate some needed discussion along these
lines.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Date: Tue, 2 Jul 91 14:34:38 edt
From: wex@PWS.BULL.COM
Subject: Cyberpunks (response to Brad Hicks in Cu Digest, #3.23)

Hicks' gratuitous slap at cyberpunks tacked on to the end of his
definitions of hackers, crackers and phreaks should not be allowed to
pass.

He refers to cyberpunks as being more extreme forms of the above, with
an added dash of morality.  I'd love to know where he got this idea.

The cyberpunks I know are those who, as the word implies, have taken
the punk ethic of disrespect for authority (and often for self, even
to the point of nihilism) and applied it to the cyber world.
Cyberpunks are those who think that the street has its own uses for
technology (they're out there decoding the signals from Mattel
Powergloves).  They think that corporations are often a bigger threat
than governments, though they dis both - sometimes to the point of
breaking laws.

The only freedom these people are interested in is the freedom to be
left alone, both physically and, in the data world, to be left out of
the ubiquitous info files being accumulated on us all.

This combination often leads to a "fuck you, jack" attitude, not the
platitudinous %%freedom fighter'' ethos Hicks talks about.

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

------------------------------

Date: Mon, 24 Jun 91 23:58:37 EDT
From: Jerry Leichter <@mp.cs.niu.edu:leichter@LRW.COM>
Subject: Bill Vajk, Len Rose, Gene Spafford

********************************************************************
***  CuD #3.24: File 2 of 8: Vill Vajk, Len Rose, Gene Spafford  ***
********************************************************************

In CuD 3.22, Bill Vajk writes an (overly long, repetitive) note in
response to an earlier note of Gene Spafford's.  I don't want to go
into the details of everything he has to say; I'll make one comment on
fact, and another a general observation.

On fact:  Vajk tries to attack the claim that Rose violated a trade
secret or copyright of AT&T's by saying that AT&T claims both trade
secret and copyright protection on the Unix source code, and they are
incompatible because copyright protection requires deposit of a copy
of the code with the Library of Congress, where the copy is available
freely to the public.

This is dead wrong.  First of all, deposit is required within 3 months
of PUBLICATION; however, even unpublished material can be protected by
copyright, and AT&T can reasonably claim that they never published the
source code.

Second, there are exceptions to the requirements for deposit which
will usually cover software.  In any case, as a matter of law, even if
the copyright owner disregards the deposit requirement, the copyright
remains enforceable (though the owner may be subject to fines or other
penalties.)

Third, even where deposit is required - as when one wishes to register
the copyright, a necessary first step in defending it in court - the
Copyright Office has recognized the issue of trade secrecy, and does
not require the entire program to be deposited.  There are a couple of
choices - e.g., you can deposit the entire first and last 10 pages of
source code, or the first and last 25 pages with no more than half of
the text blacked out, etc.  (Note:  This is taken from a Notice of
Proposed Rulemaking issued in 1986, as quoted in a 1990 book.
Apparently it is the policy that is being followed, although it has
yet to be made completely official.)

Finally, while it is true that copyright infringement as such is not a
criminal matter, the copyright law does provide criminal penalties for
fraudulent copyright notices and false representation.  Also, going
beyond copyrights as such, once a property right exists, it can be
stolen.  Depending on the circumstances, the theft may or may not be a
criminal matter.  If you leave your car at my service station for some
repair work and I start using it and refuse to return it, you can sue
me civilly for conversion; I am probably also guilty of auto theft.
Civil and criminal law are not necessarily mutually exclusive.

On philosophy:  Vajk is right in commenting that some of the pain
people are feeling is from seeing the law applied to "nice middle
class white kids" in a way it is usually applied to poor black ones.
The fact of the matter is that, for the most part, the law leaves the
nice white middle class alone.  Its instincts and modes of operation
are developed for a much rougher atmosphere, where a kid being
rousted, whether for good reasons or bad, is quite likely to be armed,
or at least potentially dangerous.  Sure, a cracker - or a whitecolor
criminal - is unlikely to attack the police who've arrested him; but
policy says that those under arrest will be handcuffed, because it's
safer (for the police) that way, and their safety outweighs the
arrestee's dignity.

Presumption of innocence or no, the gut feeling that police,
prosecuters, and probably most defense attornies have is that those
arrested are probably guilty, if not of the particular offense
charged, then of SOME offense.  Guilt and innocence are of much less
importance than making sure the legal rules are followed - and those
legal rules can and do play rough.  Innocent or guilty, you DON'T want
to be caught up in the criminal justice system.

Vajk is incensed that police officers are "learning on the job" how to
deal with computers.  In "To Engineer is Human", a wonderful book,
Henry Petrofsky points out that engineering never learns much from
successes, only from failures.  The law acts the same way.  It's not
only police officers and prosecutors and judges who are "learning on
the job"; it's the entire legal system.  Much of the law is based on
precedent; before a precedent is established, there IS no settled law
in a particular area.  Even law that is based on statute doesn't come
out of nowhere:  Laws are usually drafted in response to perceived
problems.  Only rarely are they anticipatory, and then they often turn
out to be wrong.

What we are seeing right now is the legal system learning what the
right way to deal with "computer crimes" is.  It tried ignoring them;
that eventually proved unsatisfactory.  Now it is reacting, and as is
to be expected, it is doing so by pushing as hard as it can.  The
eventual boundaries of the law will be determined by the sum of the
various pushes - by overzealous prosecuters, by defense attornies, by
citizens enraged by computer crimes and citizens enraged by government
over-reaction.  One way or the other, the Steve Jackson case will
establish some of the boundaries of search and seizure of computers.
Had the Neidorf case gone through a full trial, it might well have
established something about First Amendment protections for electronic
publication.  As it is, it made the prosecuters look stupid and AT&T
look like liars.  The next time around, a prosecuter will think twice
about putting his reputation on the line based on some unverifiable
AT&T claims.  That, too, is part of the education of the legal system.

The courts deliberately avoid deciding issues until they are forced to
by actual cases.  (There are some minor exceptions to this rule.)  In
practice, this means that if you want to challenge, say, an abortion
law in court, you have to violate it - and be prepared to go to jail
(as many challengers did) if your challenge fails.  This method has
worked reasonably well over hundreds of years, but it has the
unfortunate property that while the boundaries of the law are being
paved, some people will end up in the wrong place at the wrong time
and will end up being squashed by an on-coming steamroller.  The
steamroller may have to roll back later, but that doesn't do the
flattened fellow much good.

So ... don't look at the current problems as a sign that the legal
system is incapable of dealing with computer and communication
technology.  That's not at all what is going on.  Within a couple of
years we'll be on pretty firm ground on these issues.  The important
things to do now are (a) help provide pressure to push the law in the
right directions before it "sets"; (b) help support the relatively few
casualties of the process.  I applaud EFF's efforts to do (a) (even if
I don't always agree with the particular positions they may choose to
take).  As far as I can see, EFF isn't deliberately doing (b), though
that will be a side-effect of some of their other actions; but in
general (b) is more effectively done by concerned individuals in any
case.

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

------------------------------

Date: June 11, 1991
From: COMSEC Press Release
Subject: Comsec Security Press Release

********************************************************************
***  CuD #3.24: File 3 of 8: Comsec Security Press Release       ***
********************************************************************


                           COMSEC PRESS RELEASE

 June 11, 1991

 For future release

 Contact Scott Chasin or Chris Goggins
 713-721-6500

 Houston, TX, Comsec Data Security announced its entrance into the
 field of computer security consulting.  Comsec, comprised mainly of
 the now defunct computer group "The Legion of Doom," plans to offer a
 full-scale security package to private industry.

 The firm's officers are Scott Chasin, Robert Cupps, Chris Goggins and
 Ken Shulman.  The three key computer specialists Chasin, Goggins and
 Shulman, all ex-members of LOD, each have over eight years experience
 dealing with computer security.  Cupps, a graduate of Emory School of
 Business and former securities trader, will operate as the firm's
 administrative partner and concentrate on the firm's marketing
 efforts.

 Since it's formation in the summer of 1984, the Legion of Doom had
 been the object of much controversy in the media.  Often referred to
 as "the most notorious hacker group in America," LOD underwent four
 major reorganizations of members.  Goggins, one of the original nine
 founding members of the group said of the final reorganization, "we
 were looking for individuals who had the skills and desire to move
 the group specifically to this point.

 "We feel that we are bringing a fresh approach to security consulting
 in the corporate marketplace.  We were all the cream of the crop of
 the computer underground and know precisely how systems are
 compromised and what actions to take to secure them," said Goggins.
 In fact, the group feels its success rate in the area of system
 penetration is 80 to 85 percent.

 Comsec will offer security penetration testing and full auditing
 services to corporate clients.  In addition, the firm aims to endorse
 a wide range of software and hardware security products. "Our firm
 has taken a unique approach to its sales strategy and is confident
 that contracts currently under negotiation will firm up within the
 next 30 days," said Cupps.

 Aware of the possible shockwave among the hacking underground over
 this venture, the firm maintains that they are security consultants
 and not informants or hacker-trackers.  "We are not going to go after
 people, we are going to ensure that no one, hacker or corporate spy,
 can compromise the security of our clients computers," said Chasin.

 Comsec is ready to assume normal operations and is looking to provide
 the business community with a much needed service.  Comsec is located
 at 60 Braeswood Square, in Houston, Texas, and can be reached at
 713-721-6500 or 713-683-5742 (A/ hrs).

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

------------------------------

Date: Tue, 25 Jun 91 14:12:25 EST
From: Gene Spafford <spaf@CS.PURDUE.EDU>
Subject: Comments on ComSec Data Security

********************************************************************
***  CuD #3.24: File 4 of 8: Comments on ComSec                  ***
********************************************************************

I have a quick comment on the report of the start-up of Comsec Data
Security.  I have been quoted as asking people if they would hire a
confessed/convicted arsonist to install their fire alarm system when
talking about hiring "reformed" system crackers to do computer
security.  Personally and professionally, I think it is a dangerous
decision from a business perspective and from a professional
perspective.

From a business perspective, you need to ask yourself the following
questions:
   * If these guys know how to break through certain kinds of
   security, does that prove they know how to make the security
   better?

Using an analogy to start with, does someone who has experience
putting sugar in the gas tank know how to tune the engine?  Or, more
closely, does someone who has shown expertise at stealing cars with
the keys left in the ignition know how to tell you something more
valuable than not to leave the keys in the ignition?  They can guess
at telling you to leave the doors locked and windows rolled up.  But
can they tell you about car alarms, various forms of
insurance, removable stereos, LoJac (sic?) tracers, cost/benefit of
using various other models of car, etc?

Likewise, with computer security, because some people have had good
luck breaking weak passwords and circumventing poorly-placed controls,
that does not make them experts in security.  What do these guys know
about formal risk assessment models, information theoretical background
of ComSec evaluation, formal legal requirements for security, business
resumption planning, employee training, biometric systems, .....?

   *  How do you know they are reformed?

Just because they claim they have reformed and hang a shingle out,
does that mean they have *really* reformed?  If your business presents
a very tempting target, how do you know they aren't casing the system
to make a single big haul and then skip town?  How do you know they
aren't going to traffic info on your system with their friends?  One
big haul and a quick trip to another country with no extradition, and
that's it.

The literature is full of instances where people with clean records
couldn't resist the temptation to take advantage of their access to
the system to make a quick buck.  How much more can you trust people
who have already shown they aren't particularly interested in niceties
of the law and ethics?

Ask the folks at SRI if hiring "reformed" crackers/phreakers is
ultimately a sound business decision....

   * Can you be sure if these guys find some of their former
     associates playing with your system, they will act in your best
     interests?

This is a standard problem in a new realm -- will these guys really
turn in their former buddies if they find that they have penetrated a
client's system?

   * If they miss a problem, or cause a problem, will your business
insurance pay off?  Will you be immune from prosecution or
stock-holder's lawsuits?

These guys and others like them have a checkered history.  Hiring them
to protect your systems against loss could be grounds for negligence
suits in the case of loss, or be sufficient to cause non-payment of
insurance policies.  In the case of various state & federal laws, you
might be responsible for not showing a concerted effort to really
protect your data.

Are these guys bondable?  If so, for how much?  Can they receive
security clearances?

The decision is also a bad one professionally.  What kind of statement
does hiring these guys send to the rest of the world?  It says "Gee,
build up some experience hacking into other people's (or our ) systems
without permission, and we'll give you a job!"

That's a bad statement to make.

Furthermore, it says to the true professionals in the field, the
people who study the material, act professionally and ethically their
whole careers, and who make every attempt to be responsible: "We will
hire people who behave improperly instead; your training is equivalent
(or less than) experience gained from acting unethically."

That is a worse statement to make.  Most of the professionals in the
field could easily break in to business systems because of lax
security, but would never dream of doing so.  To prefer confessed
crackers over honorable professionals is quite an insult.

As a professional, I would refuse to do business with firms who hire
these guys as security consultants.  They show surprisingly poor
business sense, and an (indirect) contempt for the people who work
hard and *ethically* their whole careers.

Note that I'm not stating that these three, in particular, are less
than honorable now or will commit any crimes in the future.  I'm
stating that, in the general case, such "reformed" individuals are a
very poor choice for security consulting.  Neither am I making the
statement (incorrectly attributed to me in CACM a year ago) that
people like these three should never be employed in computing-related
jobs.    I am disturbed, however, that they would be hired *because*
of their unethical and illegal behavior-past.

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

------------------------------

Date: June 30, 1991
From: Moderators
Subject: Police Confiscations and Police Profit

********************************************************************
***  CuD #3.24: File 5 of 8: Police Confiscations and Profit     ***
********************************************************************

The policy of indiscriminant confiscation of computer property in
search and seizure operations has drawn criticism. The roots of the
policy stem from RICO and anti-drug enforcement policies.  A recent
article in _Law Enforcement News_ suggests that the police may be
significant beneficiaries of seized assets when they are "donated" to
the seizing agency. This creates the risk of police expansion of the
(ab)use of seizure power by providing an incentive to increase the
stockpiles of "forfeited" assets.  The risky logic might run something
like this: "Our agency is need, so if we seize enough assets that we
can use, we can meet our needs." Although the seizure of assets in
drug raids far exceeds seizures in computer raids, the danger remains
the same: There is incentive for police to confiscate as much as they
can if they will be the ultimate recipients.  Two blurbs from _Law
Enforcement News_ (April 30, 1991, p. 1, "Seized-asset funds prove
tempting") underscore this point.

One article subhead, "Mass. city seeks drug funds to avert layoffs of
officers," begins:

     "The Mayor of a Massachusetts city says revenue shortfalls
     are forcing him to lay off police officers, and he believes
     he has a temporary solution to the bind: using forfeited
     assets and cash from drug busts to forestall layoffs or
     rehire furloughed officers."

According to the article, Somerville Mayoer Michael Capuano
introduced a petition to the Massachusetts Legislation in April to
allow police agencies to use funds for personnel. Fund are currently
restricted to drug enforcement expenditures.

A second subhead, "Illinois audit eyes using funds to upgrade
police wardrobe," indicates that:

     "The Illinois State Police spent $408,000 in seized drug
     assets to buy new uniforms--in an apparent violation of
     provisions of the state's asset-forfeiture laws--but State
     Police officials defended the purchase on the grounds that
     the money was spent before an amendment went into effect
     last year to require that such funds be spent only for drug
     enforcement."

Liberal interpretation of law, expansion of policies intended for one
type of crime (drugs) to other types of crime (e.g., computers), and
the possibility that those who do the seizing have the most to gain by
incentives that reward more seizures, poses a threat to Constitutional
protections against deprivation of property.  Given the erosion of
First and Fourth Amendment protections in a variety of areas, the
broader definitions of "criminal behavior" related to computer
behavior, and the sweeping scope of equipment eligible for seizure in
computer cases, expanding the profit motive for law enforcement
agencies strikes us as a continuation of the danger trend of "Big
Brotherism."

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

------------------------------

Date: June 30, 1991
From: Moderators
Subject: House Crime Bill (1400) and its Threat to Modemers

********************************************************************
***  CuD #3.24: File 6 of 8: Threat of HR 1400 to Modemers       ***
********************************************************************

Why should modemers be concerned about the Bush "war on crime?"
Proposed anti-crime legislation could, if passed, increase the risk
of intrusion of government into the lives of law-abiding citizens.
Among the provisions of HR 1400 (_The Comprehensive Violent Crime
Control Act of 1991_) is a change in 18 USSC (sect) 2709 that expands
the power of the FBI to intrude into the privacy of citizens. An
article in _First Principles_ (June, 1991, p. 6) describes the
proposed revision this way:

     "Sections 743 and 744 %of HR 1400% would grant the FBI
     authority to obtain subscriber information on persons with
     nonpublished telephone numbers, as well as credit records,
     simply by certifying in writing to the telephone company
     or credit bureau that such information is relevant to an
     authorized foreign counterintelligence investigation. The
     proposals would seriously erode current privacy protections
     by giving the FBI authority to obtain these records without
     a subpoena or court order and without notice to the
     individuals that their records have been obtained by
     the bureau."

    %/%/%/%/%/%/%/%/%/%/%/%/Current law%/%%/%/%/%/%/%/%/%/%/%/%/%

  CHAPTER 121.  STORED WIRE AND ELECTRONIC COMMUNICATIONS AND
                  TRANSACTIONAL RECORDS ACCESS

s 2709.  Counterintelligence access to telephone toll and
transactional records

(a) Duty to provide. A wire or electronic communication service
provider shall comply with a request for subscriber information and
toll billing records information, or electronic communication
transactional records in its custody or possession made by the
Director of the Federal Bureau of Investigation under subsection
(b) of this section.

(b) Required certification. The Director of the Federal Bureau of
Investigation (or an individual within the Federal Bureau of
Investigation designated for this purpose by the Director) may
request any such information and records if the Director (or the
Director's designee) certifies in writing to the wire or electronic
communication service provider to which the request is made that

   (1) the information sought is relevant to an authorized foreign
counterintelligence investigation; and

   (2) there are specific and articulable facts giving reason to
believe that the person or entity to whom the information sought
pertains is a foreign power  or an agent of a foreign power as
defined in section 101 of the Foreign Intelligence Surveillance Act
of 1978 (50 U.S.C. 1801).

(c) Prohibition of certain disclosure. No wire or electronic
communication service provider, or officer, employee, or agent
thereof, shall disclose to any  person that the Federal Bureau of
Investigation has sought or obtained access to information or
records under this section.

(d) Dissemination by bureau. The Federal Bureau of Investigation
may disseminate information and records obtained under this section
only as provided in guidelines approved by the Attorney General for
foreign intelligence collection  and foreign counterintelligence
investigations conducted by the Federal Bureau of Investigation,
and, with respect to dissemination to an agency of the United
States, only if such information is clearly relevant to the
authorized responsibilities of such agency.

(e) Requirement that certain Congressional bodies be informed. On
a semiannual basis the Director of the Federal Bureau of
Investigation shall fully inform the Permanent Select Committee on
Intelligence of the House of Representatives and the Select
Committee on Intelligence of the Senate concerning all requests
made  under subsection (b) of this section.


%/%/%/%/%/%/%/%/%/%/%/%proposed law%/%/%/%/%/%/%/%/%/%/%/%/%


SEC. 743. COUNTERINTELLIGENCE ACCESS TO TELEPHONE RECORDS.

  Section 2709 of title 18 of the United States Code is amended by-

      (1) striking out subsections (b) and (c); and

      (2) inserting the following new subsections (b) and (c):

  "(b) REQUIRED CERTIFICATION.-The Director of the Federal Bureau of

Investigation (or an individual within the Federal Bureau of

Investigation designated for this purpose by the Director) may:

      "(1) request any such information and records if the Director (or

    the Director's designee) certifies in writing to the wire or

    electronic communication service provider to which the request is

    made that-

          "(A) the information sought is relevant to an authorized

        foreign counterintelligence investigation; and

          "(B) there are specific and articulable facts giving reason to

        believe that the person or entity about whom information is

        sought is a foreign power or an agent of a foreign power as

        defined in section 101 of the Foreign Intelligence Surveillance

        Act of 1978 (50 U.S.C. 1801);

      "(2) request subscriber information regarding a person or entity if

    the Director (or the Director's designee certifies in writing to the

    wire or electronic communications service provider to which the

    request is made that-

          "(A) the information sought is relevant to an authorized

        foreign counterintelligence investigation; and

          "(B) that information available to the FBI indicates there is

        reason to believe that communication facilities registered in the

        name of the person or entity have been used, through the services

        of such provider, in communication with a foreign power or an

        agent of a foreign power as defined in section 101 of the Foreign

        Intelligence Surveillance Act of 1978 (50 U.S.C. 1801).

  "(c) PENALTY FOR DISCLOSURE.-No wire or electronic communication

service provider, or officer, employee, or agent thereof, shall disclose

to any person that the Federal Bureau of Investigation has sought or

obtained access to information under this section. A knowing violation of

this section is punishable as a class A misdemeanor.".

            /%/%/%/%/%//%//%the end/%/%/%/%/%/%/%/%/%/%//%

David Cole (_The Nation_, May 6, 1991, "The Secret Tribunal", p. 581)
describes aspects of the Crime Bill as a return to the seventeenth
century Star Chamber.  We agree with his concern that the expanded
interpretation of the word "terrorism" creates new categories of
people vulnerable to investigation--not on the basis of what they have
done--but rather on the basis of who they may have associated with.
Although looking at a different, but related, provision of the Bill,
Cole's warning is sound: The current crime Bill contains changes that
expand the power of government to curtail fundamental rights.  In
cloaking the rationale and the language in fears of terrorism,
something most rationale people oppose, the Bill, if passed, reduces
jeopardizes a broader number of law-abiding citizens to intrusion and
potential harm by zealous law enforcement agents, and makes it a crime
for other citizens to warn innocent folk of their vulnerability.
Secret police tactics are not the way to create a safe society in
a Constitutional democracy.

Questions about HR1400 can be directed to Ted Vandermede, staff attorney
for the House Criminal Justice subcommittee, at (202) 225-0600.

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

------------------------------

Date: July 2, 1991
From: Barbara E. McMullen and John F. McMullen (Newsbytes Reprint)
Subject: Law Panel Recommends Computer Search Procedures

********************************************************************
***  CuD #3.24: File 7 of 8: Law Panel and Search Procedures     ***
********************************************************************

 LAW PANEL RECOMMENDS COMPUTER SEARCH PROCEDURES

 WASHINGTON, D.C., U.S.A., 1991 JULY 2 (NB) -- A panel of lawyers and
 civil libertarians, meeting at the Computer Professionals for Social
 Responsibility (CPSR) Washington roundtable, "Civilizing Cyberspace",
 have proposed procedures for police searches and seizures which they
 feel will both allow adequate investigations and protect the
 constitutional rights of the subject of the investigation.

 The panel, composed of Mike Godwin, staff counsel of Electronic
 Frontier Foundation; Sharon Beckman attorney with  Silverglate &
 Good; David Sobel of CPSR, Jane Macht, attorney with Catterton, Kemp
 and Mason; and Anne Branscomb of Harvard University, based its
 proposals on the assumption that a person, in his use of computer
 equipment, has protection under both the Fourth Amendment and the
 free speech and association provisions of the first amendment.

 The panel first addressed the requirements for a specific warrant
 authorizing the search and recommended that the following guidelines
 be observed:

 1. The warrant must contain facts establishing probable cause to
 believe that evidence of a particular crime or crimes will be found
 in the computers or disks sought to be searched.

 2. The warrant must describe with particularity both the data to be
 seized and the place where it is to be found ("with particularity" is
 underlined).

 3. The search warrant must be executed so as to minimize the
 intrusion of privacy, speech and association.

 4. Officers may search for and seize only the data, software, and
 equipment specified in the warrant.

 5. The search should be conducted on-site.

 6. Officers must employ available technology to minimize the
 intrusive of data searches.

 The panel then recommended limitations on the ability of officials to
 actually seize equipment by recommending that "Officers may not seize
 hardware unless there is probable cause to believe that the computer
 is used primarily as an instrumentality of a crime or is the fruit of
 a crime; or the hardware is unique and required to read the data; or
 examination of hardware is otherwise required." The panel further
 recommended that, in the event hardware or an original and only copy
 of data has been seized, an adversary post-seizure hearing be held
 before a judge within 72 hours of the seizure.

 Panel member Sharon Beckman commented to Newsbytes on the
 recommendations, saying "It is important that we move now to the
 implementation of these guidelines. They may be implemented either by
 the agencies themselves through self-regulation or through case law
 or legislation. It would be a good thing for the agencies t o take
 the initiative."

 The panels recommendations come at a time in which procedures used in
 computer investigations have come under criticism from computer and
 civil liberties groups. The seizure of equipment by the United Secret
 Service from Steve Jackson Games has become the subject of litigation
 while the holding of equipment belonging to New York hacker "Phiber
 Optic" for more than a year before his indictment has prompted calls
 from law enforcement personnel as well as civil liberties for better
 procedures and technologies.

********************************************************************
                           >> END OF THIS FILE <<
***************************************************************************

------------------------------

Date: July 3, 1991
From: Various
Subject: The CU in the News (data erasing; cellular fraud)

********************************************************************
***  CuD #3.24: File 8 of 8: The CU in the News                  ***
********************************************************************

From: <garbled>
Subject: Ex-employee Attacks Data-base
Date: Thu, 27 Jun 91 17:19:23 CDT

"Ex-Employee Guilty of Erasing Data"
By Joseph Sjostrom
CHICAGO TRIBUNE, June 27, 1991, Section 2, p. 2

A computer technician pleaded guilty Wednesday in Du Page County Court
to erasing portions of his former employer's database last November in
anger over the firing of his girlfriend.

Robert J. Stone, 30, of 505 W. Front St., Wheaton, entered the plea on
a charge of computer fraud to Associate Judge Ronald Mehling.  In
exchange for the guilty plea, prosecutors dismissed a burglary charge.
Mehling scheduled sentencing for Aug. 8.

Defense lawyer Craig Randall said after the hearing that Stone still
has a 30-day appeal period during which he can seek to withdraw the
guilty plea.

"I don't think he erased anything as alleged, and I don't think the
%prosecution% would be able to prove that he did," Randall said.

Stone was indicted last January for one count of burglary and one
count of computer fraud for entering the office of his former
employer, RJN Environmental, 202 W. Front St., Wheaton, and deleting
eight programs from the company computer.

Assistant Du Page County State's Atty. David Bayer, who prosecuted the
case along with Assistant State's Atty. Brian Ruxton, said the progams
were part of a company project for the state of Florida in which RJN
was, in effect, redrawing maps in digital form and storing them in a
computer.

Bayer said Stone had left the company the previous April and that his
girlfriend, who was not identified, worked there too but was fired in
November.

Bayer said Stone entered the firm's office last Nov. 24, a Saturday
when nobody else was there.

Employees who came to work on Sunday discovered that data had been
erased and a quantity of data storage disks were missing.

Bayer said the disks contained several months' worth of work, but were
recovered. It took about a week to restore the rest of the missing
computer information, Bayer said.

Bayer said Wheaton police Detective Kenneth Watt interviewed Stone the
following Monday, and said Stone admitted to erasing data and taking
the disks. Bayer said Stone told the detective where to find the disks,
which he had left under a stairwell at RJN.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Date: Tue, Jul 2, 1991 (22:30)
From: Barbara E. McMullen and John F. McMullen (Newsbytes Reprint)
Subject: Arrests in "Multi-Million" Cellular Phone Fraud

 ****ARRESTS IN "MULTI-MILLION" CELLULAR PHONE FRAUD 07/01/91

 ALBANY, NEW YORK U.S.A., 1991 JUL 1 (NB) -- The New York State Attorney
 General's office has announced the arrest and arraignment of four individuals
 for allegedly illegally utilizing Metro One's cellular service for
 calls totalling in excess of $1 million per month.

 According to the charges, the arrested individuals duplicated a Metro
 One customer's electronic serial number (ESN) -- the serial number
 that facilitates customer billing -- and installed the chip in a
 number of cellular phones. Th defendants then allegedly installed the
 phones in cars which they parked in a location near a Metro One cell
 site in the Elmhurst section of Queens in New York City.

 From these cars, the defendants allegedly sold long distance service
 to individuals, typically charging $10 for a 20 minute call. Metro
 One told investigators that many of the calls were made to South
 American locations an that its records indicate that more than $1
 million worth of calls were made in this manner in May 1991.

 The arrests were made by a joint law enforcement force composed of
 investigators from The New York State Police, New York City Police
 Special Frauds Squad, United States Service, and New York State
 Attorney General's office. The arrests were made after undercover
 officers, posing as customers, made phone calls from the cellular
 phones to out-of-state locations. The arrests were, according to a
 release from the Attorney General's office, the culmination of an
 investigation begun in September 1990 as the result of complaints
 from Metro One.

 The defendants, Carlos Portilla, 29, of Woodside, NY; Wilson
 Villfane, 33, of Jackson Heights, NY; Jaime Renjio-Alvarez, 29, of
 Jackson Heights, NY and Carlos Cardona, 40, of Jackson Heights, NY,
 were charged with computer tampering in the first degree and
 falsifying business records in the first degree, both Class E
 felonies,- and theft of services, a Class A misdemeanor.
 Additionally, Portilla and Villfane were charged were possession of
 burglar tools, also a Class A misdemeanor. At the arraignment,
 Portilla and Renjio-Alvarez pleaded guilty to computer tampering and
 the additional charges against those individuals were dropped.

 New York State Police Senior Investigator Donald Delaney, commenting
 on the case to Newsbytes, said "This arrest is but the tip of the
 iceberg. There is an on-going investigation in the area of cellular
 phone fraud and we are looking for those that are organizing this
 type of criminal activity."

 (Barbara E. McMullen & John F. McMullen/Press Contact: Edward
 Barbini, NYS Department of Law, 518-473-5525/19910701)

********************************************************************

------------------------------

                         **END OF CuD #3.24**
********************************************************************