Computer underground Digest Sun May 15, 1994 Volume 6 : Issue 41 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Retiring Shadow Archivist: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Covey Editors: D. Bannaducci & S. Jones CONTENTS, #6.41 (May 15, 1994) File 1--Further info on the Tony Davis affair. File 2--Fidonet Crackdown in Italy File 3--hacker crackdown takes place in Italy File 4--German CDROM cracked File 5--PGP 2.5 available from EFF ftp site File 6--MTV SUES CURRY File 7--AOL Chat Rooms (In re: CuD 6.40) File 8--Re: "Child Abuse in Cyberspace" File 9--Re: CuD 6.27 -- Response to E. Weykers (in re 2600 Mag) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send a one-line message: SUB CUDIGEST your name Send it to LISTSERV@UIUCVMD.BITNET or LISTSERV@VMD.CSO.UIUC.EDU The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (203) 832-8441. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893; In ITALY: Bits against the Empire BBS: +39-461-980493 FTP: UNITED STATES: etext.archive.umich.edu (141.211.164.18) in /pub/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ EUROPE: nic.funet.fi in pub/doc/cud/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) JAPAN: ftp.glocom.ac.jp /mirror/ftp.eff.org/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Sat, 14 May 94 18:05:00 -0600 Message-Id: <125.372.27.0C3F6D46@irs.com> Subject: File 1--Further info on the Tony Davis affair. Have heard little mentioned on the net regarding this case recently. Saw a recent AP report on it though. Below is a summarized version. ***** Jury Finds man guilty in computer porn case. (05-05-94) Anthony Davis faces up to five years in prison after an Oklahoma jury found him guilty of distributing obscene material on computer discs. District Attorney Robert Macy praised the work of the Oklahoma City Police Department's vice unit, which arrested Mr. Davis in July 1993 during a raid at his software publishing business in south Oklahoma City. The jury found Mr. Davis guilty of two counts of distributing obscene material, one count of possession of obscene material, one count of trafficking in obscene pictures, and one count of illegal use of a computer. In addition to the prison sentence, Mr. Davis was fined about $33,000 and forfeited nine modems, two CD-ROM changers, four CD-ROM drives, two keyboards, two monitors, four power strips, two power boards, and two computers. Prosecutors say he is appealing the forfeiture. District Judge Richard Freedman considered dismissing the case because of concern that computerized images were not specifically included in the state's obscenity statutes. He allowed the trial to continue after prosecuters argued the obscenity statute cites "writings" and that CD-ROMs are writings contained in computer code. The statute also includes the term "pictures" and the images in question are computer reconstructions of pictures, the prosecution argued. Judge Freeman allowed Mr. Davis to remain free on bond pending formal sentencing on June 17. ***** The article did not detail many of the pertinent facts regarding the case such as the excessive overreaching of the OK PD in seizing so much material when the warrant was *specifically* for CD-ROM disks only. The fact that Mr. Davis is a publisher of legitimate computer software and the CD-ROMs in question were from a third party supplier, Mr. Davis was acting as a distributor only of those CD's. No information was given as to the status of any suits Mr. Davis might have initiated against the authorities in question, regarding violations of the ECPA or the PPA. ------------------------------ Date: Sun, 15 May 1994 11:37:04 -0700 From: Bernardo Parrella <berny@WELL.SF.CA.US> Subject: File 2--Fidonet Crackdown in Italy On May 10-12 1994, the first nationwide crackdown on telecom nets was operated by Italian police. Acting after a warrant issued by a Prosecutor in Pesaro, about 60 Bullentin Board Systems throughout the country have been visited and searched by police officials. Dozens of people were formally accused of "distribution of illegally copied software and appropriation of secret passwords" under the law approved by Italian Parliament in January this year. In several cases police officials didn't know what to search for, thus seizing computers, floppy disks, modems along with electric outlets, answering machines, audiotapes, personal effects. The raids also hit private houses and belongings, and in some places sleeping people were abruptly woken up facing machine guns. After searching probably around one third of the entire network - that includes more than 300 BBSes - police officials closed several Fidonet nodes, but no arrests were made. A still inaccurate figure of people were charged with software piracy, and dozens of computers and related devices were seized - along with thousands of floppy disks, CD-Roms, W.O.R.M.S. Moving after a suspected software piracy ring run by people involved in a Fidonet node, the crackdown started in the night between May 10 and 11 in Milano, targeting in the two following days BBSes in Pesaro, Modena, Bologna, Ancona, Pisa and other cities. Fidonet Italia, member of the worldwide Fidonet network, is a non-profit organization devoted to distribution of shareware and freeware programs as well as to electronic forums on topics ranging from technological to social issues. An essential communication tool for several groups and individuals throughout the country, Fidonet Italia became an active multi-cultural vessel and distributor of several different nodes dedicated to specific issues: Peacelink (solidarity, human rights), Cybernet (cyberpunk), Ludonet (games), Scoutnet, Amynet, and others. For thousands of Italian people, Fidonet BBSes today are invaluable tools of information-exchange, social activism and professional activities. The network policy strictly prohibits any distribution of illegally copied software and fraudulent appropriation of secret passwords. Also, Fidonet is one of the few International organizations which has always stated and pursued a clear position against unauthorized copying software. At the moment, the raids seems to be motivated by accusations against two people involved in a Pesaro-based BBS who were using Fidonet contacts to allegedly distribute illegal copies of computer programs. However, there are no reasons for such a vast law enforcement operation. Most likely the prosecutor acted simply on the basis of the Fidonet telephone numbers list (publicly available) owned by the two suspected of software piracy. The vast majority of the people searched don't have any kind of relationship with the suspected, and many of the search warrants stated a generic "conspiracy with unknown" for the crime of software piracy. Particularly, the random and arbitrary seizures of floppy disks and personal computers are completely unmotivated, because every BBS is a completely independent structure and each sysop is running his/her own hardware and software. The seizures will resolve in a great economic loss for these people and their professional activities will be surely affected from negative publicity. Some of them own small computer-related companies while others are physicians, hobbyists, students who risk personal savings to run their services. Because police officials also seized electronic and paper archives containing data and numbers of the people who logged onto Fidonet nodes, it is evident that investigations are going even further - thus violating the constitutional right to privacy. The first result of this crackdown is that many Fidonet operators decided to shut down immediately their systems all over the country, fearing heavier police intrusions in both their public activities and private lives. While the Italian Parliament recently approved specific laws about copyright and piracy of computer software, there are still no rules to protect personal privacy in the electronic medium. This legislative void inevitably makes the sysop the only responsible person about anything happens onto and around his/her own BBS. Fidonet operators do not want and can not be the target of undiscriminated raids that, forcing them to closing down their activities, cause serious damages to themselves as well as to the entire community. In an article published Friday 13 by the newspaper "La Repubblica", Alessandro Marescotti, Peacelink spokesperson, said: "Just when the worldwide BBS scene is gaining general respect for its important role at the community level, in Italy the law hits those networks that have always been strongly against software piracy. Charging dozens of honest operators with unmotivated accusations, the main goal of this crackdown is directed against the social activities of small community nets - thus clearing the space for commercial networking." While terms and figures of the entire operation should still be clarified, on Sunday 15 Fidonet Italia operators will meet in Bologna to study any possible legal counter-action. ------------------------------ Date: Fri, 13 May 1994 12:09:50 -0500 (CDT) From: David Smith <bladex@BGA.COM> Subject: File 3--hacker crackdown takes place in Italy ---------- Forwarded message ---------- Date--Fri, 13 May 94 11:23:02 EET From--Riccardo Pizzi <staff@ita.it> Subject--Busted!! things are getting really bad here... On Wednesday, 11th of May, at 3:30 pm, the italian Feds came into my house while I was out of town for a consulting business. They went into my bedroom and seized all my equipment, diskettes, tapes. This action was part of a nationwide raid against software piracy that hit some other 40+ FIDONET sites (yes, they seem to have used a Fido nodelist to find out about sites to investigate). Needless to say, I didn't even had DOS on my disk drives, let alone any copyrighted software. Anyway, they have now all my work of the latest 5 (five) years, including all backup copies of UniBoard and related stuff.. and I don't know if I will be ever able to have all my stuff back. I have also lost my nervous.com email address, but I can be reached here as <staff@ita.it>; I will try to keep you informed about this (very bad) story. Please, forward this to the alt.bbs.* groups, since I do not have news access here, and am also missing all the email addresses of my customers and friends.. Wish me luck, Rick Riccardo Pizzi, SysAdmin Tel-- +39 71 204046 I.T.A. Informatica e Fax-- +39 71 2073033 Tecnologie Avanzate s.r.l. E-Mail--staff@ita.it ------------------------------ Date: Sun, 8 May 94 22:25:00 UTC From: grmeyer@GENIE.GEIS.COM Subject: File 4--German CDROM cracked The Fairytale of Data-Encryption or How to Crack a CD ROM full of Commercial Software by HOWARD FUHS 100120.502@compuserve.com ((MODERATORS' NOTE: The following article details the events of a CD-ROM "software sampler" that was promptly cracked by some German programmers. We've edited the article slightly, but for the most part have left it as it was submitted. Please note that English is not the first language of the author.)) Once upon a time a company decided that the world might be ready and so they tried to invent a new way of distribution for commercial software. It was a few weeks before the CeBit Computer Fair in Hannover and the company sent out merry men to talk to the giants of the software industry. The software giants listened well and thought it might be a very good idea. They accepted and so they started to distribute their good and expensive software in an encrypted form on a CD ROM. The encryption software was especially programmed for the inventive distributor and he believed that the encryption was so secure that even a evil hacker can't get access to the software. According to an official statement of the company, the encryption method is similar to DES and as secure as DES. His project has to become a success so he gave away the CD ROM for a fee of 10 DM ( $ 6.-) and the Ziff Verlag (German office of the Ziff Publishers with own magazines in the german language) distributed the CD ROM for free as an inlet in one of their magazines. And, really, the CD ROM was a success. But that's not enough. To complete the total success of the project, the CD ROM was given away on the CeBIT Computer Fair. What a success! About 300 000 CD ROMs were produced. Most of them were given away. The distributing company claimed in some public statements that this might be the future way to distribute commercial software and they will lead the pack. The content of the CD ROM was the "Who is Who" of the software giants. Novell, Microsoft, Lotus, Borland and so on. The software giants claimed that the total value of the software is more than 100 000 DM (70 000 $) and they all were pretty sure that this concept will be very successful. The future concept was to generate a checksum with a program which was also the content of the CD ROM. This checksum was calculated especially for that program the daring user wanted to buy. The user just had to call a hotline number of the distributing company and tell the operator the software package he wanted to purchase. The operator asked for the generated checksum and the credit card number. After verification the operator gave away the golden key to decrypt the desired software. For using the golden key the user had to start the decryption program which was also stored on the CD ROM. The decryption program asked for the key, and voila, the decrypted commercial software can be stored on diskettes ready for installation. Life can be so easy. What a challenge for a really bad, mean and intelligent hacker. First of all, he checked the content of the CD ROM - and found a strange DLL file. After a close look at the DLL file the Gentleman started his debugger and checked the whole decryption program. And after a few days of work he was able to write a program to calculate the decryption codes. He still refuses to tell the public in which way he was able to crack the encryption of the software. Members from the Chaos Computer Club in Hamburg claim that the intend was to show how easy it is to crack the encryption and not to get access to the commercial software. The fact was told to the distribution company and the Ziff Verlag during the CeBIT and was demonstrated in front of an audience. Both companies stopped the distribution of the CD ROM immediately. The results of the crack: Everybody is looking for the CD ROM. People are willing to pay more than 100.- DM for the CD ROM and are looking for crack codes or the crack program. The first crack codes are appearing in the FIDO Net. And a lot of cracks are working almost fine. Two persons tried to sell faked crack programs for 200.- DM each. The giants of the software industry are checking the possibility to charge the distribution company for the amount of more than 3 Billion US$. In an official statement the giants are claiming that they will lose more than 3 Billion US$. If it is necessary they will bring the case to court. There is no official statement from the distribution company. Each and every newspaper or news service was selling the story all over Germany. Even if they have not the faintest idea what they are talking about. Depending on the point of view, the CD ROM and the distribution concept were very successful. ==end== ------------------------------ Date: Wed, 11 May 1994 16:46:49 -0400 (EDT) From: Stanton McCandlish <mech@EFF.ORG> Subject: File 5--PGP 2.5 available from EFF ftp site With the early May announcement of the availability of the new version of PGP (Pretty Good Privacy) a free encryption program for email and other files, EFF has decided to provide PGP and other cryptographic material to users of the Internet. EFF applauds and congratulates the PGP development team, MIT (who initially made PGP 2.5 available), and RSA Data Security (patent holders of the RSA and RSAREF encryption code) for coming to an agreement and providing this new version of the most popular email encryption program in the world - a free version that is finally legal in the US. Previous versions of PGP arguably violated US patent law, with the exception of ViaCrypt's commercial PGP 2.4, but the new 2.5 is built upon the free RSAREF encryption functions, rather than the previous RSA functions which required a special licensing arrangement for use in applications like PGP. Despite the patent & licensing issues being resolved, PGP is still not legally exportable from the United States (except to Canada), due to ITAR export restrictions which categorize cryptographic materials as weapons of war. Thus, EFF can only make PGP and other crypto tools and source code available to US and Canadian nationals currently residing in the US or Canada and connecting to EFF's site from a US or Canadian site. PGP and similar material is available from EFF's ftp site in a hidden directory, and only to Americans and Canadians. Access to this directory can be obtained by reading and following the instructions in the README.Dist file at: ftp.eff.org, /pub/Net_info/Tools/Crypto/ gopher.eff.org, 1/Net_info/Tools/Crypto gopher://gopher.eff.org/11/Net_info/Tools/Crypto http://www.eff.org/pub/Net_info/Tools/Crypto/ PGP can only be obtained from EFF via ftp currently. Gopher and WWW access to the material itself is not supported at this time. Only the DOS and Unix versions of PGP 2.5 have been released so far. The Unix version is in source code form, and so can be readily ported to VMS, NeXT and many other operating systems. A Macintosh version has yet to be released. If you would like to see US export restrictions on cryptography removed, please send a message supporting Rep. Cantwell's export reform act (bill HR3627) to cantwell@eff.org, ask your Representatives to co-sponsor this bill, and ask your Senators to co-sponsor Sen. Murray's companion bill (S1846) in the US Senate. Congress contact information is available from ftp.eff.org, /pub/EFF/Issues/Activism/govt_contact.list ------------------------------ Date: 10 May 1994 03:44:36 -0400 From: curryco@PANIX.COM(Adam Curry) Subject: File 6--MTV SUES CURRY [IMAGE] MTV SUES CURRY =============================================================== Last update: May 10 1994 _New Jersey, May 10 1994_ I had planned to keep the following quiet until more information was available, but since several journalists have already caught wind of it, I decided to get it out into the open so my side of the story is heard as well. The domain I maintain and operate on the Internet, mtv.com was founded approximately one year ago. At that time I registered mtv.com with the InterNIC, purely because it was a cool address to have, and it was available. What a great "vanity plate"! The site quickly became a frequently accessed "hangout" on the net, with an average of 35000 accesses daily from Mosaic clients alone. During the start up months I had many conversations with executives at MTV Networks about my endeavors, which btw, were all financed out of my own pocket, and vps from MTV Programming as well as Viacom New Media were aware of what I was doing on the internet, and although they stated "MTV has no interest in the internet" they gave me their blessing and supported my efforts. This was enforced when I set up several email accounts on mtv.com for use in MTV's on-air programming. Ever since the summer of '93, popquiz@mtv.com was used for trivia quiz questions, that were then aired on MTV's "Most Wanted" a program I hosted at the time. Solicitations were made on the air, and the address was shown on the screen. For MTV's annual Valentines video dedications, viewers were offered the choice of calling in their dedications, or sending them via email to elove@mtv.com. I never charged MTV Networks for this service, I purely saw it as a cool feature to introduce to MTV's programming, spreading the "gospel", so to speak. Then I started to get a lot of press about mtv.com, and some people started to wake up at 1515 Broadway (MTV's HQ in New York City). And I was served with a "Cease and desist" on the use of mtv.com. MTV's attorneys claimed that there could be "confusion" for users of the internet, when connecting to *anything* that had the letters mtv in the address, and then receiving music and entertainment information. I was obviously hurt by this move, but did see what point they were driving at, an asked if we could settle this matter amicably. The situation cooled down for a couple of months, but when I resigned on-air from my job as a VJ, which MTV chose not to air btw, things started to get ugly. Long story short, MTV Networks has filed a lawsuit against me, for copyright infringement of their "trademark", that being their "MTV" call letters, as well as having information online that was MTVN "property". In this case they are referring to several press releases I put up on mtv.com, such a an announcement about Beavis and Butthead's "experience" cd release. Understand that MTVN sent me these releases over their own internal computer network for this very purpose! Again, I was only doing this to promote the channel, not for my own personal gain..after all...mtv.com is free access for all, no charge. Throughout all of this I have offered to maintain the site specifically for mtv, but again they said "we're not interested". Of course I have no problem whatsoever removing all references to MTV Networks and it's projects from mtv.com, no that I don't work there anymore gives me even more reason to want to do this, but the kicker is they are moving for an injunction to make me stop using the internet address mtv.com! This is ofcourse totally unacceptable, I registered the domain name, and I don't plan on giving it up. Sure MTV and their parent company Viacom have a vast legal team, but david also nailed goliath, so I have faith. In the long run, everyone knows that the only *true* winners will be the lawyers. There are many different viewpoints on this situation, but I feel that the use of mtv in an addressing scheme can't be seen as an infringement of intellectual property laws, and a search of the InterNIC database shows at least 15 domain names registered with mtv in the address. Irony is that I incorporated a company called ON RAMP, Inc (tm) and onramp.com was already registered to someone else, but I'm not suing them :) It appears to me that MTV has their mind set on the address mtv.com, maybe not for now, but possibly for future use, and I feel extremely used, in that I built up quite an audience for that address, and they are basically saying "thank you very much, you may go". A pre-motion hearing is scheduled for this thursday morning at 11am, wit the honourable Judge McKenna presiding, in an attempt to get an injunction to make me stop using the address mtv.com. I will update the situation as it unfolds. Adam Curry, adam@mtv.com ------------------------------ Date: 9 May 94 17:48:36 GMT From: dbatterson@ATTMAIL.COM(David Batterson) Subject: File 7--AOL Chat Rooms (In re: CuD 6.40) This is a followup to Howard Rheingold's article, "Why Censoring Cyberspace Is Futile," Cud #6.40. Young Gay Chat Rooms on America Online by David Batterson America Online (AOL) took some heavy media hits over the widely reported story involving a 14-year-old boy and an adult male he met through the online service. As a result, AOL's TOS (Terms Of Service) dept.--also known as TOSAdvisor--began a crackdown on certain Member Rooms. As a clarification, chat rooms on AOL consist of three types: Public, Member and Private. Public Rooms are as described, and explicit language of a sexual, "vulgar" or "bashing" nature is now allowed under TOS guidelines. AOL has volunteers called Guides who help keep order. Member Rooms are created by AOL users who want to meet others, generally for "dating" and sexual reasons. More explicit language is tolerated in such rooms, since users specifically go looking for these rooms. Examples of Member Rooms are "Married but not dead," "Yng Men 4 Older Women," "Men 4 Men," "Bi F 4 Bi F," "Men's Locker Room," "Fantasies and Dreams" and so forth. Guides can enter Member Rooms, but don't do so as much as they do Public Rooms. When AOL users want total privacy, they can create a Private Room where even Guides and TOS representatives cannot enter. Because AOL came under pressure, TOS started removing rooms from the Member Rooms list with names such as "Yng M 4 Yng M." Such rooms are frequented by gay and bisexual teens and young adults, although older adults may also access the rooms too. After complaints against TOS by a number of users--and a petition campaign launched by a teen AOL subscriber, and a request from me to TOS for an explanation, I received the following e-mail: "To avoid giving the impression that we allow solicitation of minors online, we are very cautious in allowing room names referencing youth. Anything that could possibly be construed as sexual is usually made private. 'Yng M 4 Yng M falls under this category. It is ambiguous in that 'M' could mean 'male', hence underage male. You may create the room 'Yng Men 4 Yng Men', which specifically states that the occupants seek to meet adults. I hope this clears up our position on this." The letter was signed by Pete, Terms of Service Advisor, America Online, Inc. # NOTE: Following is an excerpt of e-mail from the person who circulated the petition on AOL. It speaks for itself. He wishes to remain anonymous, for obvious reasons. Subj: Re: TOSAdvisor hysteria Date: 94-05-07 21:45:46 EDT From: KC 16M To: Dbatterson Posted on: America Online I hope you find relevant remarks contained herein for anything you wish to write. Feel free to forward it as an example of how not everyone's writing skills have been damaged by the American Educational System. :-) In making any statement of position, I strongly believe that I echo the views of teenagers, both gay, bi, and straight. WHO I AM I am soon to be a 17 year old male. I'm from down-state New York. I am a president of a prominent nationwide youth group and a former vice-president of an honor student's organization. I have a number of years experience in dealing with peer counseling and in active leadership roles. I have never been a gay rights activist. I am a teen activist and am involved currently with 3 organizations. I don't have time for a typical social life, because I am dedicated to my interests. While this has a number of low points (I can only be on AOL at midnight, and sometimes fall asleep while typing), it has many very lofty rewards that I enjoy. I have received certificates, awards, and many thank you cards in the last 3 years. I am an honors student, and have a particular interest in education techniques, cognitive and behavioral psychology, and human sexuality. I have audited college classes on those topics for 2 years (at night!). WHY I'M GETTING INVOLVED IN A PETITION As a high school student, I am well aware of the discrimination that affects my generation. I have many gay friends online as a result of my own exploration of sexual identity and have not settled on any singularity of attraction yet. While I don't limit my online friends to any particular group, I identify with the struggle that fellow teens have in keeping a room open for discussion and FUN of relevant issues. If an issue so immediate as sexuality can be considered a relevant issue, then rooms should be available for it. To state it simply: If it can be available for adults, why should there be a limit in what is available for teens? Don't even bother with the law, as it cannot be enforced in a domain where people won't give out more than their screen names to strangers. What about the dumb kids who give out personal information? Well, don't worry about them; they are just as likely to drown in a bowl of cereal. WHY PETITION? A petition will demonstrate to AOL that there is an interest in it, by teens FOR TEENS. We are not stockholders. We are customers. AOL provides a computer and networking system....we use it. AOL gives ground rules for using it....we follow them. AOL requires payment...we pay. Customers want something done....business doesn't respond. Notice the problem? :-) There are many admirable aspects of the system. What we want is the huge corporate entity to respond to its customers, as any other company must. All of us who use AOL have money at our disposal, and we use it freely. HOW WE INTERPRET AOL's POSITION ON TEEN ROOMS: It seems highly hypocritical for an organization, for-profit especially, to discriminate against gay teenage males simply for their age. Notice, we are not discussing the issue of homosexuality, per se, because it is obvious that AOL is a gay-friendly employer and company." It is hypocritical for a few reasons: 1) There already exists "teen chat" rooms. If the policy of AOL was to protect minors from untoward sexual advances from perverts/adults in those rooms, they would not exist. 2) There already exists "gay adult" rooms. There are "adult chat" areas. Now that we've established that there are teen rooms, adult rooms, and adult gay rooms, the question we should think about is, "Why aren't there gay teen rooms?" 3) Screen names make it impossible for adults and teens to tell each other apart. One method we use is discussion of relevant issues (including sex); those who are unable to relate to the discussion are "Pervs" who we know to avoid. 4) There are procedures for dealing with perverts, which most teens (in contrast with most of the adults we've encountered) are familiar with. Flooding e-mail boxes of annoying perverts, IGNORE'ing them in chat rooms, and shutting off our Instant Message'ing are all very effective methods. In addition, there already exists many corporate techniques of handling jerks, such as "GuidePager" and TOS. 5) We are not defenseless, nor innocent. Most, though not all, o the teenage users of AOL have extensive "modeming/BBSing" experience. We are neither ignorant of the protection that AOL provides through screen names, or of how to handle an annoying person. In essence, the issue is one of age discrimination for teenagers who do not need protection. Another user on AOL wrote: "a request has already been made to the GLCF (Gay Lesbian Community Forum) on AOL to have an adult-monitored teen room for outreach, networking and discussion." I don't wish to sound arrogant or resentful, but that is an adult-centered approach. It doesn't recognize the fact that most teenagers, sexually explorative or not, are uncomfortable by any adult presence. If teens know that an adult is present, we will IM (Instant Message) each other, and go to a private room. Further, to assume that perverted adults will not enter that room i s to dismiss that they are just as capable of creating phony profiles as anyone else...a foolish assumption by any person. Some of what is written below is repetitive, but may serve to further clarify our position. Because QUIRK [GLCF Forum Host] took the time to write out specific logistical questions, I'll repeat them with answers that I hope you both can use (IN KEEPING WITH THE SPIRIT OF QUIRK'S NAME, MY ANSWERS ARE IN CAPS): * How can AOL insure that such a space will not become a magnet for chickenhawks? THEY CAN'T. NOR, FROM A LEGAL PERSPECTIVE, EVEN TRY. ONCE AN ORGANIZATION TAKES A POSITION WHEREBY IT SEEKS TO "PROTECT" ITS CUSTOMERS, IT BECOMES LIABLE FOR INFRACTIONS. THE SMARTEST APPROACH WOULD BE TO ACKNOWLEDGE THAT AOL IS A DATABASE AND NETWORKING SYSTEM, NOT A SOCIAL AGENCY. IN DOING THAT THEY DISCLAIM AND INDEMNIFY THEMSELVES FROM ANY LIABILITY RESULTING FROM ABUSES OF THAT NETWORK, WHERE USE OF THE NETWORK CONSTITUTES A VIOLATION OF LAW. * What restrictions/rules are teens willing to generate and adhere to that will keep adult predators out of the area? A FEW BASIC ONES. PRIMARILY, WE WOULD AGREE TO LIMIT EXPLICIT SEXUAL DISCUSSIONS TO INSTANT MESSAGES AND PRIVATE ROOMS. WE WOULD AGREE THAT THE "TOS" RULES WILL REMAIN IN EFFECT FOR PUBLIC CHATTING. WE WOULD AGREE THAT AN ADULT'S PRESENCE, AS DEFINED BY THE ROLE OF "GUIDES", IS TOLERABLE. IN PRACTICE AND THEORY, GUIDES ARE NOTIFIED ONLY WHEN THERE IS JUSTIFIABLE NEED, THOUGH THEY ARE SOCIAL CREATURES WHO LIKE TO POP INTO "TEEN ROOMS" ANYWAY. HOWEVER, WE WOULD NO MORE APPRECIATE A CONTINUOUS PRESENCE THAN ANYONE OF ANY OTHER GROUP WOULD. * How will you verify the age of the teens using such a space? WE CAN'T, NOR SHOULD. AOL SHOULD DISCLAIM ITSELF OF ANY ABILITY TO VERIFY AGE. WE ARE ALL CUSTOMERS OF AOL FOR 3 COMMON REASONS: 1) CONVENIENCE/ACCESSIBILITY, 2) AFFORDABILITY, 3) ANONYMITY. * Who will monitor the area to make sure the it remains "youth only" ? OFFHAND RESPONSE: THE THOUGHT POLICE. REAL RESPONSE: WE WILL. IT IS WITHIN OUR ABILITY TO IGNORE MAIL, IGNORE PEOPLE IN CHAT ROOMS, AND IGNORE INSTANT MESSAGES. AOL IS NO MORE DANGEROUS THAN SPITTING OFF A BRIDGE. THE TIME IS NOW TO SHOW AOL THAT WE DON'T WANT, OR NEED, TO BE PROTECTED FROM OURSELVES. -KC 16M ------------------------------ Date: Mon, 9 May 1994 23:47:52 -0700 From: jonpugh@NETCOM.COM(Jon Pugh) Subject: File 8--Re: "Child Abuse in Cyberspace" >The story continues with the case of Donald Deatherage, 27, of >Cupertino, Calif. Deatherage, known as "HeadShaver" on America Online, >was accused by police of using his computer to prey on a 14-year old >boy with whom he had struck up an on-line conversation. Deatherage was >accused of eventually meeting the youth, handcuffing, shackling, and >blindfolding him, and spanking him with a leather belt (among other >more serious acts). I'm not really sure what to say here, but I know Matt Deatherage from work. I used to work for Apple in the same group as Matt (that's his middle name and the one he goes by). I haven't spoken with him since his arrest, but I have talked with his boss who has spoken with him and I know a few more details than are represented in the above excerpt. My wife asked me if Matt was "normal". I can't really say. So few of us in the computer business qualify in the strictest sense. He's a big guy who kept his hair really short, like some athletes do. That must be where he got his login name from. He's been into computers since the early Apple II and was doing Macintosh technical support until his 6 week sabbatical during which he was arrested. I don't really know him very well, but he has helped me on a number of complicated technical problems and was always willing to assist. I always liked him for that. Matt has been in jail on a half million dollars bail since his arrest. He has pleaded no contest to the charges and is currently awaiting sentencing. A number of the people that he has helped over the years have gathered an online petition asking the judge to show leniency. According to reports I have read and heard, Matt did not abduct the 14 year old boy he was charged with molesting. The kid told his parents he was going to a party in Santa Cruz and then met Matt instead. The only way this was even discovered was when the boy's father read through his email at some later date. Now, I'm certainly not advocating, endorsing or even justifying Matt's actions, but I definitely think that there is a difference between voluntary and involuntary actions. There is no indication that Matt forced this boy into anything. In that regard, I support the request for leniency for Matt. I don't really believe that he is dangerous or a threat. I'm just afraid that given a beginning as outrageous as $500,000 bail, Matt is finding out about the harsh side of the law. Jon ------------------------------ Date: Thu, 12 May 1994 18:00:34 -0400 (ADT) From: The Advocate <cudigest@mindvox.phantom.com> Subject: File 9--Re: CuD 6.27 -- Response to E. Weykers (in re 2600 Mag) Dennis Weyker here responding to Emmanuel Goldstein: >CORPORATE RULES >. . . This puts us at direct odds with many organizations, who believe >that everything they do is "proprietary" and that the public has no >right to know how the public networks work. In July of 1992 we were >threatened with legal action by Bellcore (the research arm of the >Regional Bell Operating Companies) for revealing security weaknesses >inherent in Busy Line Verification (BLV) trunks. The information had >been leaked to us and we did not feel compelled to join Bellcore's >conspiracy of silence. !See my earlier comments about publishing security holes or sharing !them with hackers before letting the sysadmins have adequate warning !and time to fix the hole. Instant publication of holes is not socially !responsible. ! No more "Ir-responsible" then the producer of a commercial product producing something that is defective. 2600 has no fiduciary duty to customers, while the manufacturers do. The fact is most vendors take a fiddle while rome burns approach to product quality. WHy don't you remind them to get their acts together first. !Also, publishing one company's private data can in some cases create a !competitive disadvantage relative to that company's competitors with !real economic effects. If Phrack runs a long series of articles about !"how to hack the new Fujitsu switches", the communications engineer at !BellAtlantic deciding what brand of switch to buy may decide to buy !some other brand of switch besides Fujitsu. And he might be doing this !solely of the publication of those articles makes him think (rightly !or wrongly) that the Fujitsu's switch is more likely to get hacked !into than, say, Northern Telecom's. Phrack has just transferred wealth !from Fujitsu to Northern Telecom and possibly influenced the telco !into buying the less competitive switch (which could wind up !increasing telco operating costs and users' rates) out of fear of !getting hacked. ! !Moral: not all arguments about the social and commercial value of !keeping proprietary information secret are bogus. Spoken words of wisdom from a man who has obviously never been involved in a procurement decision. 90% of the product reviews i saw in trade rags were utter and complete Horse Feces. I saw one review signed by a person in my chain of command that gave glowing remarks to a development product. Our internal review had so scathed it, that it was removed from the system so we could get real work done. If 2600 points out the truth for once, it is the continuation of Diogenes trek with the lantern looking for one honest man, or in this case, one honest vendor. The rest of weykers comments aren't even worth responding to. Your Friend The Advocate. ------------------------------ End of Computer Underground Digest #6.41 ************************************