Computer underground Digest Thur Aug 20, 1992 Volume 4 : Issue 37 Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Copy Editor: Etaion Shrdlu, III Archivist: Brendan Kehoe Shadow-Archivist: Dan Carosone CONTENTS, #4.37 (Aug 20, 1992) File 1--Re: Cu Digest, #4.36 File 2--Ripco the Victim of Misinformation? File 3--Response to Privacy Times Article File 4--Re: Quick reality check..... File 5--Pager Fraud Conviction (Telecom Digest Reprint) File 6--Calif. Woman Convicted in Computerized Tax Refund Scheme File 7--EFF Receives Dvorak/Zoom Award File 8--Pac-Bell's Privacy Rings False (CPSR Press Release) File 9--CPSR 1992 Annual Meeting Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT libraries; from America Online in the PC Telecom forum under "computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; and by anonymous ftp from ftp.eff.org (192.88.144.4) and ftp.ee.mu.oz.au European distributor: ComNet in Luxembourg BBS (++352) 466893. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. Some authors do copyright their material, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Sun, 16 Aug 92 19:13:54 -0700 From: nelson@BOLYARD.WPD.SGI.COM(Nelson Bolyard) Subject: File 1--Re: Cu Digest, #4.36 In article <1992Aug16.202305.16708@chinacat.unicom.com> john@ZYGOT.ATI.COM(John Higdon) writes: >After having eight of my residence phone numbers changed, I suddenly >realized that my Pac*Bell Calling Card was invalid. I called the >business office and explained that I wanted a new card. No problem. In >fact, I could select my own PIN. And if I did so, the card would >become usable almost immediately. >Do you see where I am going with this? No effort was made to verify >that I was who I claimed to be, even though my accounts are all >flagged with a password. (When I reminded the rep that she forgot to >ask for my password, she was highly embarrassed.) If I had been Joe >Crook, I would have a nice new Calling Card, complete with PIN, of >which the bill-paying sucker (me) would not have had any knowledge. By >the time the smoke cleared, how many calls to the Dominican Republic >could have been made? To which jmcarli@SRV.PACBELL.COM(Jerry M. Carlin) replies: >All I can say is that we're trying. As I pointed out earlier in this >conversation, it all comes down to people. A mistake was made, no >doubt about it. Can be do a better job than we are doing? We're >trying to. Is being Ok enough? As the current advertising slogan says >"Good enough isn't". This slogan has to translate into real action. What Rubbish! It doesn't "come down to people". At least, it need not. The _computer_ should enforce the right password to modify the account, not the customer rep, and the rep should never SEE the customer's password. The way PACBELL's existing account "password" program apparently works, (information gleaned entirely from public sources of information, including postings to TELECOM-digest and the CU digest) the account holder's password is displayed on a screen, and it is a human's job to verify that the customer speaks the right value. This system was obviously designed by someone who didn't have a CLUE about security. The system should have been designed so that when an account has a password, ANY attempt by a customer service representative to access or modify the account will be blocked until the password is entered by the rep (who presumably has just gotten it from the person on the phone, the alleged customer). I suppose some "supervisor override" password might exist so accounts could be managed when the real customer was dead, but any transactions done using the override password would render the user of that password (e.g. supervisor) _personally_ liable if the actions proved fraudulent (not properly authorized). One final note to all this whining about "we're trying". I'm reminded of parents who teach their children that it's OK to fail "as long as you tried your best". Not one of us who holds a job is ever held up to that ridiculously low standard of performance. No business ever survives by holding itself to that standard. It's galling that PacBell should expect us to apply that standard to them, especially given their regulated monopoly. If PacBell had any competition as a LEC, and that competitor used real (not pretend) password account security, they'd stop this whining and do something about it pronto, while customers went to the competitor in droves. -- Nelson Bolyard MTS Advanced OS Lab Silicon Graphics, Inc. nelson@sgi.COM %decwrl,sun%!sgi!whizzer!nelson 415-390-1919 Disclaimer: I do not speak for my employer. -- ------------------------------ Date: Mon, 17 Aug 1992 19:27:13 PDT From: Jim Thomas <jthomas@well.sf.ca.us> Subject: File 2--Ripco the Victim of Misinformation? The dangers of erroneous or fraudulent information can be demonstrated in the abuses of Operation Sun Devil and the "Bill Cook cases." Inaccurate interpretations, questionable "facts" and glib language of posts were used to weave an imagery of a dangerous national conspiracy of hackers intent in disrupting or destroying Life-As-We-Know-It. The Secret Service claimed that a post describing Kermit as a 7-bit protocol was evidence of a conspiracy; Bill Cook described publicly available documents as a map of the E911 system, implying that those who possessed it could endanger national safety and security; Henry Kluepfel identitied to the Secret Service "hackers" who are presumably the CuD moderators; BellSouth claimed that information available in a document costing under $15 was worth several hundred thousand dollars. These claims were used as the basis for raids, indictments, prosecutions, and the disruption of lives and business enterprises who fell victim to the abuse of misinformation. Ripco BBS was a victim of the Sun Devil raids in May, 1990. Although there was no evidence that the sysop, Dr. Ripco, ever engaged in the crimes for which he and others were suspected, and no user of his board was indicted for the suspected crimes, and no material on his board was ever adduced in court in the prosecution of others, he lost equipment, books, posters, and other items. Dr. Ripco was victim of misinformation. Because of the manner in which law enforcement has written search affidavits and indictments drawing from inaccurate information, gross reporting of potentially damaging "facts" cannot go without response. An article appearing in the July 30 issue of Privacy Times (PT), written by Evan Hendricks the editor, is the kind of article that requires a swift reaction. The article is "Hacker 'Manual' Tells 'Wannabes' how to Penetrate TRW Database." Although Ripco is mentioned in only one sentence, it is a damaging choice of words. The article itself describes a "hacker file" detailing how to obtain access to a TRW account, login to the TRW system, find and download information, and interpret the information once obtained. The author(s) of the TRW file, dated April, 1992, write in the style of the juvenile anarchists who fantasize mindless destruction of "The System," and who self-define themselves as "great criminal minds." The PT article itself is well-intended: The goal seems to be to raise the visibility of the security weaknesses of the TRW data base and simultaneously to dramatize the sociopathic tendencies of those who, as Cliff Stoll might say, put razor blades in the sand. But there is one dangerously inaccurate line in the PT story that cannot go without response: "Entitled 'TRW.Masterfile,' the manual was published on the 'Ripco' bulletin board by two authors who identify themselves as 'CitiZen-One" and "Evil Priest." Dr. Ripco responds to this in the following file. But, as a long-time user of Ripco BBS, I searched my own files and discovered the following: 1) There is *NO* such TRW file listed in the file lists 2) There is one Evile Priest and one citizen-0ne listed, but neither are regular users. As of August 15th, the former has not signed on since January, 1992, and the latter hasn't signed on since April, 1992. Neither was listed logs prior to January, 1992 that I could find. The TRW file in question can probably be found on a number of boards. Assuming that the copy I have obtained is identical to the file reported in PT, it would appear to contain no illegal information. Although a "how to" manual, it falls within literature protected under the First Amendment. Although it is poorly written (a Grammatik check rates it as incomprehensible), poorly conceived and argued, childishly simplistic, and quite silly, it reveals little about TRW and contains no proprietary information. To its credit, PT does not sensationalize the document, and the point of the TRW story is not to create hysteria about the dangers of hackers, but appears instead to be simply describing a variant of "anarckidz." However, CuD *strongly* condemns the unsubstantiated allegation that the file was "published" on Ripco. This is a distortion of how files are created and disseminated and implicates a BBS and its sysop in activities over which the sysop has no knowledge. This creates an association between illegal behaviors and Ripco that is not only erroneous, but dangerous. It puts the board and its users at risk for continued law enforcement excesses on the basis of what appears to be unsubstantiated claims of the kind that have been previous justifications for searches and seizures. Misinformation also creates the possibility that the line will be picked up by other media and repeated as true. This occured with the Privacy Times article. James Daley, of Computerword, received a fax of the PT piece, and repeated the allegation in his own column in the August 17 issue of Computerworld without checking the accuracy, without calling Evan Hendricks at Privacy Times, and without calling Ripco. Daley writes: "Two unidentified persons have used the "Ripco" bulletin board to electronically publish a detailed manual, complete with dial-up numbers, geographical codes and methods for conning bureau subscribers into divulging their passwords, for penetrating TRW's credit bureau data base." (p. 47) Seemingly trivial one-liners, like viruses, have a way of spreading their destructiveness. And, just parenthetically, if, in a term paper, a student reproduced material without acknowledging the original source, as the Computerworld article did in reproducing the Privacy Times piece without acknowledging the original author, I would raise the question of plagiarism. If I am correct in my belief that the files were never available on Ripco, I wonder why PT (and Computerworld) made the claim that they were? From what source *did* the writer of the PT article obtain the files? If the article's allusion to Ripco was based on a line in the file itself indicating that the authors of the file could be contacted on Ripco, then why wasn't mention made of other boards (in Florida) also mentioned? Why did the writer of the PT article make no attempt to contact Dr. Ripco? He is accessible, articulate, and quite open. Ripco's number was included in the file, making contact readily possible if the author tried. I contacted the author of the PT article, editor Evan Hendricks. Evan shared my concern that if the facts were as I presented them, then the choice of words was unfortunate. He explained that, especially in technical matters relating to computer technology, he relies on informants. In this case, his informants indicated that the files were "published" (and available) on Ripco. He indicated that he would have to check with his informants to clarify the apparent discrepancy between their account and ours. I agree (and fully sympathize) with Evan on one point: Sometimes secondary facts that are not immediately relevant to the primary focus of a story appears too minor to check. I am convinced of Evan's good faith, and readers of Privacy Times informed CuD that Evan has taken an aggressive and principled stand against excesses of the Secret Service in Steve Jackson games. I also agree that the offending sentence is of the kind that is normally innocuous and the result of a seemingly minor informant error translated into a vague phrase. In this case, however, the phrase could possibly re-appear in an indictment. Evan must, of course, check the accuracy of my account in challenging the availability of the TRW file on Ripco. However, he assured me that if my account is accurate, he will correct the mistake. The intent here is not simply to criticize Privacy Times or its editor. Evan impressed me as concerned, sincere, and highly interested in many of the same issues as CuD, EFF, and others. Of broader relevance is the way that the media often represent the computer culture and the ways in which the participants in that culture respond. In my own experience, most reporters and editors appreciate being informed of alternative interpretations and accurate facts. Sometimes "corrections" are over minor and inconsequential details of no import. At other times, they can be vitally important to rectifying potentially damaging depictions. Either way, gentle but explicit dialogue with the media is crucial to reducing the misunderstandings offered to the public. In this case, I am confident that Privacy Digest and Computerworld will "do the right thing" by checking the accuracy of their allegations. If they find they were in error, I am equally confident that they will retract it. ((Despite my criticism of this particular article, Privacy Times is considered a reputable and helpful source of information on law, government policy, and other issues related to intrusions into and protections of Constitutional rights. It is subscriber-sustained and contains no advertising. Examination copies are available, and subscriptions run $225 a year. For more information, contact Evan Hendricks, Editor; Privacy Times; PO Box 21501; Washington, D.C., ((ADDENDUM: Media persons wishing to contact Ripco BBS may do so at (312) 528-5020. If the lines are busy, which they often are because of its nearly 1,300 users, messages sent to Dr. Ripco at tk0jut2@mvs.cso.niu.edu will be immediately forwarded)) ------------------------------ Date: Sun, 17 Aug 92 19:31:08 CDT From: Dr Ripco <Ripco BBS> Subject: File 3--Response to Privacy Times Article In the July 30, 1992 issue of Privacy Times (v12, #15), a story appears on page one entitled "Hacker 'Manual' Tells Wannabes How To Penetrate TRW Database'. Within this article my board, "Ripco" is mentioned in a manner that implies "the manual" is either available or was sanctioned by myself or the system. This is totally false. The way I see it, the author of the article either failed to check facts or simply irresponsibly reported misinformation. No one from this newsletter has ever contacted me and to the best of my knowledge ever attempted the same. The first sentence of paragraph two reads as follows: >"Entitled 'TRW Masterfile,' the manual was published recently on >the 'Ripco' bulletin board by two authors who identify themselves >as 'CitiZen-One' and 'Evil Priest.'" This document has never been "published", distributed or been available in any other form on my system. By checking the logs I have determined that a user by the name of Evile Preist did call the system once in January of 92 but no activity was shown on the account. In April of 92 a user by the name of Citizen-0ne called 5 times and did in fact upload a file called "TRW_MAST.TXT" on or around April 28th. That file was immediately removed from the uploads directory by myself under the strict rules I self-imposed after being victimized by Operation Sundevil. The uploads on my system are locked and cannot be downloaded by anyone until I clear the lock. Therefore, it was impossible for it to be downloaded during th time it was first uploaded and removed. The logs, which I examined using the bulletin board program that generates a complete listing of uploads and downloads, support my claim. A record is made every time a file is either uploaded or downloaded. This file shows one upload, no downloads. Citizen-0ne and Evile Preist were never regular users of the board. I do not know either one of them and never have had any contact with them that I am aware of. Within the TRW_MAST.TXT file, my system along with its phone number is mentioned but I have no idea why. The cDc (Cult of the Dead Cow) is also mentioned but this does not appear in the article. I cannot control being mentioned in any file. Bulletin board names as far as I know are not copyrighted or trademarked and it's been a tradition for people who write files to stick a plug in for their favorite system or two. Why my system is mentioned by authors who appear to rarely use it is beyond me. I have doubled checked most (if not all) of the files on my system including a telecommunications newsletter and neither this file nor any part of it is or ever on my system available to the users. The two words "published recently" on the Ripco bulletin board contained in the Privacy Times newsletter (p. 1) is absolutely, unequivocally, and egregiously false. Besides, the correct name of the system is "Ripco ][", because the original "Ripco" was removed from service by the Secret Service on May 8 of 1990. Dr. Ripco ------------------------------ Date: Wed, 12 Aug 92 15:57:02 EDT From: Kim Clancy <clancy@CSRC.NCSL.NIST.GOV> Subject: File 4--AIS (Dept of Treasury) BBS (review) ((MODERATORS' NOTE: We heard about the AIS BBS from several readers, and checked it out. We we impressed by the collection of text files, the attempt to bring different groups together for the common purposes of security and civilizing the cyber frontier, and the professionalism with which the board is run. AIS BBS is a first-rate resource for security personnel who are concerned with protecting their systems. We sent 10 questions to the sysop, and here are the replies). 1. What is this Board? (name, number, who runs it (dept & sysop). What kind of software are you using? When did the Board go on-line? The Bulletin Board System (BBS) is run by the Bureau of the Public Debt's, Office of Automated Information System's Security Branch. The mission of the Bureau is to administer Treasury's debt finance operations and account for the resulting debt. The OAIS security branch is responsible for managing Public Debt's computer systems security. The AIS BBS is open to the public and the phone number for the Board is (304) 420-6083. There are three sysops, who manage the Remote Access software. The BBS operates on a stand-alone pc and is not connected to any of other Public Debt systems. The Board is not used to disseminate sensitive information, and has been up operating for the past 15 months. 2. What are the goals and purposes of the Board? The BBS was established to help manage Public Debt's security program. Security managers are located throughout Public Debt's offices in Parkersburg, WV and Washington DC. The security programmers saw a need to disseminate large amounts of information and provide for communication between program participants in different locations. Because the Board was established for internal purposes, the phone number was not published. However, the number was provided to others in the computer security community who could provide information and make suggestions to help improve the bureau's security program. Gradually, others became aware of the Board's existence. 3. What kinds of files and/or programs do you have on the Board? Why/how do you choose the files you have on-line? There is a wide variety of files posted. In the beginning, we posted policy documents, newsletter articles from our internal security newsletter, bulletins issued by CERT, such as virus warnings, and others for internal use. I located some "underground" files that described techniques for circumventing security on one of the systems we manage. The information, from Phrack magazine, was posted for our security managers to use to strengthen security. When we were called by others with the same systems, we would direct them to those files as well. Unexpectedly, the "hacker" that had written the file contacted me through our BBS. In his article he mentioned several automated tools that had helped him take advantage of the system. I requested that he pass on copies of the programs for our use. He agreed. This is how our "hacker file areas" came to be. Other hackers have done the same, and have we also received many files that may be useful. It is, indeed, an unusual situation when hackers and security professionals work together to help secure systems. However, this communication has been beneficial in strengthening an already secure system. 4. Since you and the Secret Service are both part of the U.S. Treasury, was the Board set up to catch "hackers?" No, the BBS was designed to manage our internal security program. We do not allow individuals to sign on with "handles." We do not know if people are hackers when they sign on unless they identify themselves. 5. How did you get the idea to set it up? The security branch accesses many BBSs on a daily basis for research purposes, information retrieval and to communicate with others. Since our security program is decentralized, the BBS seemed to be an effective way of communicating with program participants in diverse locations. 6. What distinguishes your board from sources like CERT, or from "underground" BBSes? First, there is a wide diversity to our files, ranging from CERT advisories to the 40Hex newsletters. Also, many of the files on our system are posted as a resource we use for the implementation of our security program. For example, the Board lists computer based training modules that we have developed, policy documents, and position descriptions. These are files that other security programs can use to implement or help start their programs. On the message side of the BBS, what distinguishes it would have to be the open interaction between hackers, virus writers, phone phreaks and the security community. 7. What kinds of difficulties or problems have you encountered, either from superiors or from users, in operating the Board? I can recall few, if any, difficulties from anyone, users or superiors. Upper management understands the value of the technology and has been extremely supportive. All users have been courteous, professional, and supportive. Security professionals constantly thank us for providing "underground" information for them. It allows others in the field to gain access to valuable information without having to access "underground" systems. Users appreciate the opportunity to share their knowledge with others and seem grateful to have an avenue to communicate with security professionals who will listen to "hackers" experiences. 8. Can you describe any unusual or humorous experiences you have had with users while running the Board? It is unusual for "hackers" and security professionals to work together to help secure systems, but that is what is occurring on our system. I have had requests from other government agencies asking for resumes of "hackers" that may assist them. I have been contacted by numerous government and private agencies asking for our "contacts." I just direct them to the BBS and advise that they post messages regarding the questions they need answered. If anyone is interested in helping, they will respond. It is an unusual situation, but, in my opinion, I can attest that the information we have received has been very useful to our security program. 9. What future plans do you have for improving the hardware, such as upgrading modem, number of lines, or storage capacity, or for developing the services of the Board? Starting July 13th, the Board will be down periodically for system upgrades. We are adding an additional phone line, and a 315 mb hard drive. Also, we are going to make a few changes to reorganize files. It is hoped that group information will be more efficient in this manner. We are also adding RIME relay net conferences and will carry topics such as Data Protection. 10. What should potential users know about the Board or your policies before attempting to receive access? Users must be aware that we do not allow handles on the BBS. If they sign on with a handle it will be deleted. We also reserve the right to review all E-mail, public and private. All users have access to the BBS upon sign on. If a user wants access to the "hacker" file area, they need to send a message to the sysop requesting access. Potential users should know they are welcome to call in and communicate with us and others. ------------------------------ Date: 16 Aug 92 16:40:07 GMT From: 1012breuckma@vmsf.csd.mu.edu Subject: File 5--Pager Fraud Conviction (Telecom Digest Reprint) Angry Callers Help Convict Man Behind Beeper Scheme From %The Milwaukee Journal% 8/16/92 New York, N.Y. - A Manhattan man has been convicted of leaving messages on thousands of beepers for a telephone number that cost $55 to call. While the defendant, Michael Brown, 23, never made a dime, prosecutors said he stood to make millions before he was caught last year. They said he tried to defraud thousand of potential victims. US Atty. Otto Obermaier said Brown hooked up two computers in his apartment and then attached them to two telephone lines. On one line, the computer placed more than 4,000 calls a day to pagers that people carry with them. A message said that a return call for telephone-based informational services should be made to a special 540 number on Brown's second line tied to the second computer. What the unsuspecting people who returned the calls were not advised is that it would cost them $55 a call, in violation of a New York State Public Service Commission regulation requiring operators of toll numbers to advise incoming callers of the cost so they can hang up before being charged. But Brown devised a scheme in which the computer kept callers on the line for at least 20 seconds, the time required so they could be billed for $55 by the telephone company. In a six-day period in February 1991, the first computer spewed out a total of 26,000 calls. But the fraud did not last long because irate subscribers inundated New York Telephone with complaints of the $55 charge. By the time the company notified federal prosecutors and disconnected Brown's two lines, he had billed a total of $198,000. But prosecutors said that he never collected a dime, and that New York Telephone made no efforts to collect the bills. After his conviction last week, Brown faces up to five years in prison and a fine of $250,000 when he is sentenced on Oct. 28. He is free on $30,000 bail. ------------------------------ Date: Tue, 18 Aug 92 23:46:20 EDT From: <Nigel.Allen@LAMBADA.OIT.UNC.EDU> Subject: File 6--Calif. Woman Convicted in Computerized Tax Refund Scheme California Woman Convicted in Income Tax Refund Scheme Press release from the U.S. Justice Department. To: National Desk, California Correspondent Contact: U.S. Department of Justice, 202-514-2007 FRESNO, Calif., Aug. 18 /U.S. Newswire/ -- Acting Assistant Attorney General James A. Bruton and the United States Attorney for the Eastern District of California, George L. O'Connell, announced Monday, Aug. 17, that Enedina Ochoa of Turlock, Calif., 26, was convicted by a federal jury on Friday, Aug. 14, of one count of conspiracy to defraud the government and 20 counts of assisting others in filing false income tax refund claims with the Internal Revenue Service. The jury trial lasted four days before United States District Judge Oliver W. Wanger. Wanger ordered Ochoa held in custody pending sentencing. Ochoa's scheme exploited the Internal Revenue Service's newly implemented electronic filing system, which allows filers of refund claims to receive their refund checks in one or two days. By causing large numbers of false refund claims to be electronically filed, Ochoa and her co-conspirator, Karleena Pulido, fraudulently obtained approximately $100,000 from the Internal Revenue Service. Most of the criminal activity involved 1991 federal income tax returns filed earlier this year. Ochoa and Pulido, a Turlock income tax preparer who pled guilty two weeks ago to conspiracy to defraud the government and 29 counts of assisting others in filing false claims for income tax refunds, engaged in a scheme to electronically file false refund claims with the I.R.S. by recruiting individuals to provide their real names and social security numbers for use by Pulido on false Forms W-2 which Pulido fabricated. Ochoa then assisted the recruited individuals in electronically filing these false refund claims with the I.R.S. from electronic return transmitters such as Cash-N-Dash, an income tax transmittal and check cashing service headquartered in Fresno. Ochoa and Pulido then divided divided the refund proceeds among themselves and the individuals they recruited. The long-standing I.R.S. system of filing paper returns requires a taxpayer to wait several weeks before receiving a refund check. Ochoa and Pulido face a maximum sentence of ten years imprisonment and a fine of $250,000 for the conspiracy convictions and five years imprisonment for each conviction of assisting in the filing of a false claim. Sentencing is set for Oct. 19, and Oct. 26, for Pulido and Ochoa, respectively, before Wanger. The case is the result of an extensive and ongoing investigation of electronic filing fraud by special agents of the Internal Revenue Service's Criminal Investigation Division, and was prosecuted by Department of Justice Tax Division Trial Attorneys Eric C. Lisann and Floyd J. Miller. It is the first prosecution of this type of crime in this judicial district, and is one of only a very few such cases that have gone to trial anywhere in the United States since the inception of the Internal Revenue Service's electronic filing system. Acting Assistant Attorney General James Bruton stated, "This conviction serves as notice that the federal government is committed to early detection and prosecution of electronic filing schemes. Blatant abuse of the Internal Revenue Service's computerized refund program will not be tolerated." According to Rick Speier, chief of the Internal Revenue Service's Criminal Investigation Division in San Jose and Fresno, "as the use of electronic filing increases, the Internal Revenue Service will continue to be vigilant in identifying electronic filing schemes organized by unscrupulousindividuals who seek to exploit the system for criminal purposes." ------------------------------ From: Rita Marie Rouvalis <rita@EFF.ORG> Subject: File 7--EFF Receives Dvorak/Zoom Award Date: Tue, 18 Aug 92 16:01:17 EDT EFF AWARDED DVORAK/ZOOM AWARD FOR EXCELLENCE IN TELECOMMUNICATIONS AT ONE BBSCON IN DENVER On August 13, the Electronic Frontier Foundation was the recipient of one of twelve Dvorak/Zoom Telecommunications Awards. The Dvorak/Zoom awards are to be given annually in order to recognize individuals and organizations that have made a difference to telecommunications and the BBS conferencing industry. The awards were given for the first time at a presentation ceremony during One BBSCON in Denver. The EFF was cited for "helping to keep telecommunications safe from the potential perils of out-of-control legal departments and over zealous law enforcement agencies." The award also noted that the EFF has become "an extremely important advocacy group for online telecommunications users." Also honored in the awards ceremony were: The WELL Channel 1 BBS Tom Jennings of Fidonet Chuck Forsberg for Zmodem John Friel III for Qmodem Phil Katz for PKZip Ward Christensen for Xmodem Ward Christensen and Randy Seuss for BBS 1 Tom Smith for Procomm for Windows Marshall Dudley for Doorway The Rockwell Design Team for First Single Package V.32N.32bis Chipset A more detailed report on the activities of ONE BBSCON will be the subject of a forthcoming edition of EFFector Online. ------------------------------ Date: Mon, 10 Aug 1992 15:59:31 PDT From: Nikki Draper <draper@CSLI.STANFORD.EDU> Subject: File 8--Pac-Bell's Privacy Rings False (CPSR Press Release) PACIFIC BELL'S PHONE PRIVACY RINGS FALSE, SAYS COMPUTER PROFESSIONALS FOR SOCIAL RESPONSIBILITY PALO ALTO, Calif., August 10, 1992 -- Computer Professionals for Social Responsibility (CPSR), a national alliance of professionals concerned with the impact of technology on society based here, expressed deep concern over Pacific Bell's attempt to gut a recent California Public Utility Commission (PUC) order on Calling-Number Identification (CNID). Pacific Bell has requested a rehearing on the PUC restrictions. PacBell's proposal will eliminate important safety and privacy protections in the Commission's order, CPSR charged. CNID allows businesses to collect the phone numbers of customers who call them. The Commission's order guarantees privacy protections for all Californians. PacBell proposes to eliminate a key privacy protection called Per-Line Blocking with Per-Call Unblocking. This feature prevents home numbers from being collected by businesses, unless the caller decides to give it to them. Phone companies would prefer to only offer per-call blocking, a scheme in which caller numbers are always given out unless the caller remembers to dial a blocking code before dialing the desired number. "If this happens, Californians will inevitably receive more junk mail, more annoying phone calls, and greater invasions of their privacy, some of which may be dangerous," said CPSR Chair and user interface expert, Dr. Jeff Johnson. PacBell claims that CNID would give people more control over their privacy by providing the phone number from the calling phone. This is the wrong technological answer to the problem according to Johnson. "What people want to know is who is calling, not what phone is being used. If my wife's car breaks down and she calls me from a pay phone, that's a call I want to answer. CNID doesn't give me any information that will help me do that." In PUC hearings held last year, Johnson accused the phone companies of designing a service that is more useful for businesses in gathering marketing data than for consumers in screening calls. Phone companies are opposed to per-line blocking because it would presumably result in more numbers being kept private, thereby reducing the value of the CNID service to business subscribers. "Phone companies don't want you to block your phone number when you call movie theaters or appliance stores. The more times your number is revealed to businesses, the better! So they oppose reasonable blocking options and are pushing an error-prone one," he said. If only per-call blocking were available, residential phone customers -- or their children, parents, grandparents, guests -- would often forget to dial their blocking code before making a call, resulting in frequent disclosure of private information to businesses without the consent, and sometimes even without the knowledge, of the caller. "Unless PacBell is willing to live within the very reasonable bounds set by the PUC decision, the concerns of Californians will be far better served if CNID is simply not offered at all," said Johnson. "Subscriber privacy is more important that Pacific Bell's profits." Founded in 1981, CPSR is a public interest alliance of computer scientists and other professionals interested in the impact of computer technology on society. As technical experts and informed citizens, CPSR members provide the public and policy makers with realistic assessments of the power, promise, and limitations of computer technology. It is a national organization, with 21 chapters throughout the United States. The organization also has program offices in Washington D.C. and Cambridge, MA. For information on CPSR, contact the national office at 415-322-3778 or cpsr@csli.stanford.edu. ------------------------------ Date: Tue, 18 Aug 1992 15:22:45 PDT From: Nikki Draper <draper@CSLI.STANFORD.EDU> Subject: File 9--CPSR 1992 Annual Meeting COMPUTER PROFESSIONALS FOR SOCIAL RESPONSIBILITY 1992 ANNUAL MEETING OCTOBER 17TH AND 18TH STANFORD UNIVERSITY PALO ALTO, CALIFORNIA In the heat of a presidential campaign, CPSR asks computer professionals to take a critical look at how politics affects technology and how technology affects the political process. Computer scientists from across the country will rigorously examine this years techno - speak to find the substance amid the line noise. Our annual meeting is open to everyone who has an interest in computers, communication, and our role as citizens in a high-tech society. Computer Professionals for Social Responsibility is a national alliance of professionals dedicated to promoting the responsible use of computer technology, ensuring that information technology plays a positive role in society. *********************************************************************** SATURDAY, OCTOBER 17TH 8 a.m. - 9 a.m. Registration and Continental Breakfast 9:00 - 9:15 Welcome 9:15 - 10:45 Teledemocracy & Citizen Participation: Beyond the Electronic Town Meeting Electronic media allow politicians and the general public to communicate in new ways. An election year look at the dangers and the opportunities of electronic democracy. 10:45 - 11:00 Break 11:00-12:30 The Politics of Cryptography Cryptography is a means of ensuring the privacy and integrity of electronically transmitted information. The military/intelligence establishment has traditionally restricted the development and dissemination of this technology. With the end of the Cold War and the rapid expansion of the electronic network, government policy in cryptography has come to the forefront. This panel examines the current issues. Moderated by David Sobel, Legal Counsel for CPSR. 12:30 - 2:00 Lunch break 2:00 - 3:30 Everything's Digital! Media Convergence: Hope, Hell, or Hype? Big industry players are promoting multimedia convergence as the next technological frontier. There's smoke, but is there fire? As all forms of information congeal into a digital soup, convergence raises issues of ownership, authorship, integrity and access. Is convergence television to the 10th power, a consumer nightmare, or a true vision of a new creativity? Moderated by Amy Pearl of Sun Microsystems. 3:30-3:45 Break 3:45-5:00 Envisioning Technology Policy in a Democratic Society How do we translate our vision of technology's promise into democratic reality? A panel of activists looks at the development of American technology policy and asks the crucial question: Is it the vision thing or deep doodoo? CPSR Board member, Jim Davis moderates. 5:00-7:30 Break 7:30-8:30 No Host Bar at Ming's Villa 8:30-10:30 Banquet at Ming's Villa Dave Liddle of Interval Research speaks on Computing in the 21st Century. Announcement and presentation of the Norbert Wiener Award for Social and Professional Responsibility in Computing. SUNDAY, OCTOBER 18TH 8 a.m. - 9 a.m. Continental Breakfast 9:00 - 9:15 Welcome 9:15- 10:30 CPSR: How We Have Impact and Why We Win For over a decade, CPSR has had an important impact on national, international, state and local technology policy. To continue our success, CPSR activists share case studies of our of public policy successes. By understanding why we win, we can maximize our impact in the future. 10:30-10:45 Break 10:45-12:15 Organizing for the Future A plenary discussion of CPSR's program areas - defining the issues, building consensus, and setting the agenda. 12:15-2 p.m. Lunch 2:00-3:00 CPSR Working Groups Break out groups, based on the morning's plenary, allow participants to chart CPSR's plans on key program issues: civil liberties, privacy, 21st Century, reliability and risk, workplace issues, and more. 5 minute break 3:00 - 4:00 Leadership Development Workshops Break out sessions on leadership development, organizing on the net, chapter development, and more. 4:00-4:15 Break 4:15-5:30 Reports, evaluation, and President's message. *********************************************************************** Name _____________________________________________________ Address ___________________________________________________ City__________________________State ________Zip Code_________ Telephone__________________________________________________ Important: Registration is on a first come, first serve basis. We expect these events will sell out, so it is important that you return the registration form as soon as possible to guarantee places at the meeting and banquet. EARLY REGISTRATION (received by 10/9/92) CPSR Member Meeting and banquet $85 Meeting only $45 Banquet only $40 Nonmember Meeting and banquet $95 Meeting only $50 Banquet only $45 By adding $40 for a one-year CPSR membership, you can become eligible for member prices. CPSR also offers a sliding scale fee for registration to the meeting. If you are interested, call the National Office at 415-322-3778, for details or send us email at cpsr@csli.stanford.edu LATE REGISTRATION (received after 10/9/92) CPSR Member Meeting and banquet $95 Meeting only $50 Banquet only $45 Nonmember Meeting and banquet $105 Meeting only $55 Banquet only $50 I want a vegetarian dinner at the Banquet. _____YES ______NO BRING SOMEONE WHO IS NOT A CPSR MEMBER TO THE ANNUAL MEETING, AND GET $5.00 OFF YOUR REGISTRATION FEE!! I can't attend the Annual Meeting, but I want to support the work of CPSR. I've enclosed a tax deductible contribution to help create a successful organization. Total enclosed $___________ Please send me _____ brochures to hand out to my friends and colleagues. Make check payable to CPSR. Mail to: CPSR P.O. Box 717, Palo Alto, CA 94301 For more information on CPSR call 415-322-3778 or send email to cpsr@csli.stanford.edu ------------------------------ End of Computer Underground Digest #4.37 ************************************