Computer underground Digest    Wed  Mar 16, 1995   Volume 7 : Issue 21
                           ISSN  1004-042X

       Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET)
       Archivist: Brendan Kehoe
       Semi-retiring Shadow Archivist: Stanton McCandlish
       Correspondent Extra-ordinaire:  David Smith
       Shadow-Archivists: Dan Carosone / Paul Southworth
                          Ralph Sims / Jyrki Kuoppala
                          Ian Dickinson
       Monster Editor:    Loch Nesshrdlu

CONTENTS, #7.21 (Wed, Mar 16, 1995)

File 1--CuD Listserv at UIUC having some problems
File 2--Seizure of italian BBS - UPDATE
File 3--(fwd) U. of Pittsburgh Netnews Policy (fwd)
File 4--S. 314, Realism, Unanswered Questions
File 5-- Dutch Hacker Arrested
File 6--(fwd) Eyewitness account of 2/21 San Jose hearing, by C. Kaun
File 7--Cu Digest Header Info (unchanged since 26 Feb, 1995)

CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.

----------------------------------------------------------------------

Date: Fri, 10 Mar 1995 15:24:43 (CST)
From: CuD Moderators <cudigest@sun.soci.niu.edu>
Subject: File 1--CuD Listserv at UIUC having some problems

The UIUC Listserv is having some problems. People subscribing to
CuD with standard internet addresses should be relatively
unaffected. Those with BITNET addresses will likely not
receive CuD this (or next) issue.

Sorry for the inconvenience.......



Jim and Gordon

------------------------------

Date: Wed, 15 Mar 1995 11:07:11 +0000 (CUT)
From: Luc Pac <lpaccagn@RISC1.GELSO.UNITN.IT>
Subject: File 2--Seizure of italian BBS - UPDATE

Press Release 13 March 1995

BITS Against the Empire BBS, a node of the Italian Cybernet computer
network), remains shut down due to police investigations. According
to the authorities, the bulletin board's activities in pursuit of
free communication and counter-information represent a danger to the
democratic order.

Ten days after police raids on the homes of a dozen activists, all
hard copy materials, along with one of the computers seized, have been
returned. The authorities remain in possession of the bulletin board
computer itself, however, as well as all the floppy disks
appropriated, in order that they might pursue a 'deeper analysis' of
such electronic material.

Clearly no-one has explained to them that hard disks and diskettes
can be copied in a matter of minutes. Meanwhile, those facing
prosecution, as well as the hundreds of users of the BITS Against the
Empire BBS, must continue to wait as the police force's computer
experts work to uncover not only the DOS 'copy' command, but also
that very dangerous information - from publicly available electronic
journals, articles and academic essays on the social use of new
technology, to publicly accessible electronic discussion groups -
which has inspired the charge of subversive association  with
terrorist intent (associazione eversiva con finalita' di terrorismo -
art. 270 bis of the Italian penal code).

BITS Against the Empire Labs
Underground Research & Documentation
Italy

CyberNet 65:1400/1 (currently down)
ECN 45:1917/2
Fidonet 2:333/412 (currently down)
Internet lpaccagn@risc1.gelso.unitn.it

------------------------------

Date: Mon, 6 Mar 1995 01:27:49 -0600 (CST)
From: David Smith <bladex@BGA.COM>
Subject: File 3--(fwd) U. of Pittsburgh Netnews Policy (fwd)

               ---------- Forwarded message ----------

PITT ADOPTS NEW COMPUTER ACCESS POLICY

PITTSBURGH, March 2 -- The University of Pittsburgh will establish a
standing committee to help determine which of the more than 10,000
USENET news groups on the Internet will be carried on the University's
computer network.  This is one aspect of a new policy, approved by the
University's senior administration, that was developed by the ad hoc
committee formed to review the use of University computer resources to
access, display, post or print materials that may have obscene or
sexually explicit content.

    The policy addresses the need to provide appropriate protection
for First Amendment rights, while, at the same time, adhering to
federal and state statutes governing obscenity and sexually explicit
material.

    The new standing committee, which will have faculty, staff and
student members, will be charged with developing guidelines for use by
the University's Computing and Information Services staff when making
decisions about adding, deleting or retaining news groups.  The
guidelines will be content-neutral, except with respect to obscenity,
or other speech not protected by the First Amendment.

    The committee will also formulate guidelines for separating the
news groups into two categories:  1) those with content, as defined by
state or federal law, that is likely to be obscene or sexually
explicit and harmful to minors, and 2) those without such content.
All authorized users under the age of 18 would be granted access only
to the second group.

    The new policy also calls for the suspension of computing
privileges as well as the possible imposition of additional sanctions
upon anyone who is found to have employed University computer
resources to use obscene or sexually explicit material in a way that
violates University policies and guidelines.  At the ad hoc
committee's suggestion, the University will review its existing
policies regarding "Computer Access and Use," "Sexual Harrassment,"
and "Computing Ethics and Guidelines" to make sure that they
adequately deal with issues such as the display of obscene or sexually
explicit materials on computer screens.

                                    # # #


AD HOC COMMITTEE PROPOSAL

Accepted as University Policy by Executive Staff
January, 1995

For use until formally issued as a University policy.

Our group has been charged with recommending a policy to ECAC
regarding the use of University computer resources to access, display,
post, and print materials which have possibly obscene and/or sexually
explicit content.  There exist both Federal and Pennsylvania statutes
which govern obscene and/or sexually explicit material.  Pitt is a
state-related University, and, as such, must support and protect First
Amendment rights.

1. We suggest that University of Pittsburgh Policies 10-02-05
(Computer Access and Use) and 07-06-04 (Sexual Harassment Policy), and
CIS' "Computing Ethics and Guidelines," be reviewed by the University
to make sure that they adequately deal with issues such as the display
of obscene and/or sexually explicit materials on computer screens.

2. There are approximately 10,000 USENET news groups on the Internet,
the vast majority of which do not deal with obscene and/or sexually
explicit material.  CIS resource limitations prevent us from carrying
all of those groups, even if we would want to do so.  While the topics
discussed by a group are generally assumed to be well described by the
group's name and statements about its purpose, a group is the
electronic analogue of a large bulletin board with open access.
Anyone may post anything he/she wishes on the board; thus obscene
and/or sexually explicit material may well exist in news groups with
innocuous titles.  It is impossible to review the content of all
groups Pitt carries, even if we wished to do so.  We propose that the
University form a standing committee, with faculty, staff, student,
and Office of General Counsel representation, which will draft,
review, and update guidelines, on the basis of which a CIS staff
member will add, delete, and retain news groups on the CIS system.
Except with respect to obscenity, or other speech not protected by the
First Amendment, the guidelines will be content-neutral.  CIS
currently has a process for selecting news groups; our proposal
broadens the group involved in setting the policies to be followed and
enhances legal safeguards to the policy-making process.

3. We recommend that the standing committee mentioned in the paragraph
above formulate guidelines, on the basis of which CIS will segregate
news groups into two categories:  (1) those with content which is
likely to be obscene or sexually explicit and harmful to minors, as
defined by Federal and State law, and (2) those without.  Matriculated
students, faculty, and staff, age 18 and older, would automatically be
granted access to all news groups being carried.  All those under age
18 would normally be granted access to only the second news group.  We
recommend the establishment of a process and a set of guidelines by
which those persons could apply for access to the other set of news
groups under appropriate circumstances.

4. Computing privileges may be suspended or other sanctions imposed
upon anyone found to have used University resources to display, print,
or circulate obscene material, where "obscene" is defined by Federal
and State law; anyone who circulates, to persons under the age of 18,
sexually explicit materials which are defined by law as being harmful
to minors; and anyone found to have used University resources to use
obscene and/or sexually explicit material in a way which violates
University policies and guidelines.  The standing committee mentioned
above will make recommendations to CIS for suspension of computing
privileges or other sanctions in each case involving faculty or staff
members.  In cases involving students, the existing Student Judiciary
Board will have jurisdiction.  In addition, as noted in the August
1993 "Computing Ethics and Guidelines," "... failure to adhere to
these guidelines can result in the suspension of computing privileges
and prosecution under Federal and State law, where applicable."  The
University will fully cooperate with all such prosecutions.

------------------------------

From: timk@WORLD.STD.COM(Tim King)
Subject: File 4--S. 314, Realism, Unanswered Questions
Date: Fri, 10 Mar 1995 13:19:13 -0500 (EST)

Brad Hicks wrote:

> If you want it to be legal for people to use [the Internet for
> transmitting hard-core pornographic material in a manner which
> would be illegal over a phone line under the existing law]...
> well, then say so!

To which Rhys Weatherley replied:

> Very few free speech supporters, myself included, want that
> kind of crap distributed on the Internet or anywhere...

Um... Er...  This does seem to be the point.  The question is not
whether anyone _wants_ it to happen.  I'm sure that no one _wants_ it
to happen.  The question is whether or not "you want it to be legal."
But, it appears, Brad thinks that the objections to S. 314 have been
blown way out of proportion in an attempt to dodge the real issue.
Now, far be it from me to assume to know Brad's thoughts and motives.
Nevertheless, if I am correct in this interpretation, his assessment
would seem to me to be a plausable one.

There are several points that I have not yet seen addressed, but which
appear to be intimately applicable to the debate.  The first is that
the current law seems to already apply to any service provider that
makes obscene material avaiable over telephone lines.  What
differentiates any Internet provider or BBS operator from anyone else
who "makes (directly or by recording device) any obscene [telephone]
communication for commercial purposes to any person?"  Now we can
discuss whether or not the current law is appropriate for modern
computer-based communication, but it still seems that Sen. Exon's bill
would have negligible effect on many service providers.

Secondly, how does the current law apply to pay-services, like singles
lines, that provide PRIVATE messaging facilities?  I've never actually
used such a service, but my understanding is that they allow users to
leave voice messages for other users.  Now, when one user leaves an
obscene message for another user, is the service provider deemed
responsible?  Or does someone really listen to every message left by
every user before forwarding it to its destination voice mailbox?
However the law applies, we can still discuss whether or not it is
appropriate.  But it seems to me that any requirements that can
reasonably be made relating to private voice-mail messages can
reasonably pertain to private email as well.

Furthermore, the current law gives seemingly special protection to
"common carriers."  It is my understanding, however, that network
operators, Internet providers, and BBS operators do not fall into this
category.  If so, isn't this point of more paramount concern?  In
other words, if this bill is going to be considered by congress,
shouldn't it at least include provisions to restrict the liability of
telecommunications services for data that they did not publish?

I would be most grateful if someone could enlighten me with informed
answers to these questions.

------------------------------

Date: Tue, 14 Mar 1995 18:25:21 EST
From: "Rob Slade, Social Convener to the Net" <roberts@MUKLUK.DECUS.CA>

VIRETHIC

Viral Morality: A Call for Discussion

"Computer ethics" has been an ongoing study in the technical world.
On the one hand is the study of the ethical, moral, or proper use of
computers.  On the other, is the study of computer crime and
vandalism.  Lately, I have noted a rather desperate interest in
courses or training in computer ethics, as well as an increase in the
frequency and depth of discussions regarding the ethics of virus
writing.  I would like to address this latter topic, specifically.

One problem with current discussions and literature regarding the
ethics of virus writing and distribution is the lack of dialogue
between two opposing camps.  This paper is not intended to present any
final answer, nor to add to the literature in the field, but to open
the field for comment.  My purpose in writing this is to provide an
initial overview and to elicit feedback from any and all concerned
with the topic.

For those of traditional moral stance, the current situation is
discouraging.  Peter Denning's "Computers Under Attack" (cf.
BKDENING.RVW) has a very thorough survey of the field, but it provides
little in the way of answers or hope.  Deborah Johnson's work
"Computer Ethics" (cf. BKCMPETH.RVW) is pre-eminent in the field, but
serves only to clarify the problem.  Sarah Gordon's interviews with
computer students show responses typical of almost all such studies.
The base attitude appears to be, "If I find it interesting, and I can
do it, why do you say I shouldn't?"

The proponents of security-breaking activities often question the
traditional ethical position by asking, "Where's the harm?"  This
query is directly relevant to discussions of the morality of virus
writing.

I should begin by defining two generally opposed groups in this area.
First is the "antivirus", or "AV", research community.  Many, though
not all, of the members of this group would be involved in producing
antiviral software.  All would study viral programs with a view to
eliminating viral programs in the normal computing environment.  They
take a rather paranoid, and almost obsessive, position with regard to
the sharing and distribution of viral code.  (They would rejoin this
last by pointing out that it isn't paranoia if someone is *really* out
to get you.)

The AV community is not really opposed to the writing of viral
programs.  It is seen as a trivial, and therefore pointless, exercise;
but not necessarily evil, in itself.  The communication of viral
program code is also a normal professional and academic activity, as
long as it is limited, done for a stated purpose, and the recipients
are known.  It is the unregulated exchange of virus code and source,
providing open access to anyone with a computer and a modem, that is
upsetting.  The opposing group is therefore described as the virus
exchange community, or "vx" for short.  (This designation was first
used by Sarah Gordon.)  For the purposes of this paper, therefore,
references to "virus writing", "virus exchange" or "vx" will mean the
uncontrolled or unregulated exchange or provision of access to virus
source and object code.

(This does not necessarily mean deliberate distribution of infected
programs by such means as infecting a legitimate program and then
posting it, without warning, to a bulletin board system.
"Trojanizing" of normal software or malicious invasion of systems is
certainly happening in some areas, but it is not needed in the current
computing situation.  While there is debate over the relative
contribution of "natural spread" and virus exchange to the current
virus problem, it is known that code made available only as openly
published material does eventually infect machines in the normal
computing environment.  The term vx does not, therefore, require any
imputation of sinister motives or hidden activity for the purposes of
this discussion.)

There are some grey areas between these two poles.  Some people have
both written antiviral software *and* contributed to viral spread.
Given, however, that one could expect a continuum of opinion, those in
the middle are remarkably few.  Either you are for virus exchange, or
against it.

One other, separate, group should be noted.  Viral programs are often
cited as an example of "artificial life", and the research community
in that field, both professional and amateur, have a legitimate
interest in viral programming.  Work in the a-life field, however,
does not justify unregulated code and source exchange.  For one thing,
current viral programs "in the wild" (those which are to be found in
normal home and business computers, as opposed to those which exist
only in a research or laboratory environment) have only the most
tenuous claim to artificial life.  Common viral programs are
simplistic snippets of code without anything like the complexity of
the simplest known natural life forms.  In addition, those who really
do work in the artificial life area will be well aware that it does
carry possible dangers, and that research should be subject to
controls similar to those imposed on biological and genetic study.

The most common argument for virus-writing tends to boil down to, "You
can't stop me."  Many promote virus writing on the grounds of freedom
of speech, a rather curious position in light of the incoherence of
the arguments.  (The most vocal of these tend to be Americans, who
frequently cite "First Amendment Rights".  This refers to the first
amendment to the U.S. Constitution, which Americans tend to see as
some universal law, rather than an arbitrary political document,
however desirable.)

Rights, though, carry with them a weight of responsibility.  As is
often quoted, your "right" to swing your fist ceases at the end of my
nose.  You have a "right" to free speech--so long as you are
responsible and do not perpetrate fraud.  You have a "right" to study
whatever you like--so long  as you are responsible enough not to carry
out experiments in poison with human subjects.  No PC is an island--at
least, not where viral programs are concerned.  Therefore, your
"right" to study, write and distribute viral programs carries the
responsibility to ensure that your creations do not--ever--run on
machines where they are not authorized.

One of the most confusing aspects of the "exchange/no exchange" debate
is the concept of the "good" virus.  There is nothing inherently evil
in the concept of reproduction.  (Dangerous, yes.)  In fact, the very
earliest experiment with self-reproducing programs was the Xerox Worm
of Shoch and Hupp.  This was designed to spawn "segments" of the
central program on other machines in the network, thus bringing the
power of many processors to bear on a single problem.  Thus, in
theory, viral programming could represent the same level of advanced
technology in software that parallel processing represents in
hardware.

That's the theory.  And it is promoted by no less eminent a researcher
than Dr. Fred Cohen, who did seminal work on the security-breaking
class of viral programs in a thesis, in 1984, and dissertation, in
1986.  Unfortunately, the theory founders on some rather hard facts.

There are three questions to ask of a new, inherently dangerous,
technology.  Has it a useful application?  Can it fulfil that
application better than current technologies?  And, can the danger,
either inherently, or effectively, be controlled?

To date, no one has answered those three questions.  While a variety
of uses have been proposed for viral programs, there are none which
are not effectively being done by other means.  No viral programs
have, indeed, been seen to be as effective as normal systems.
Operating system upgrades could not guarantee universal coverage.
Network management tasks could not promise reliable feedback.
Automated utilities would confuse novice level users, who never run
utilities anyway.  The most useful function is still that proposed by
Shoch and Hupp--and their programs were not, strictly speaking, viral.

(Vesselin Bontchev's examination of this question is the most detailed
to date, and is required reading for all who want to join the debate.
His proposals, while demonstrating good ideas for safety and control,
are still primarily an advanced automated distribution system.  The
necessity for viral functions in this regard is still unproven.)

Those in the vx camp will point to two current viral programs which,
they say, do have useful functions.  One of these programs produces
compressed executable files, thus saving disk space, while the other
performs encryption on files.  However, both of these functions are
provided by other programs--from which, indeed, code was stolen for
those two "good" virals.  Neither of the viral programs are as easy to
use or control as the original programs, and both have bugs which must
place them firmly in the malware grouping, for nuisance value, if
nothing else.

Currently, therefore, the utility of viral programs is very much
unproven.  This would, though, mean only that they are neutral, were
it not for the lack of any demonstrable control.  Methods of control
have been discussed primarily by Fred Cohen, but even he remains
unconvincing.  The mechanisms generally are limited to environmental
checks which can either fail, or be easily cut out of the program.
Some have proposed "hunter" virals, to go after programs which "turn
rogue", but a program which is corrupted will behave in unpredictable
ways and a hunter program would likely consume a lot of resources,
fail, or (most likely) both.

(Cohen frequently cites viral "programs which have been running since
1986 with no ill effects" and speaks of a VCE (viral computing
environment).  There are two points to be noted here.  One is that
Cohen has not yet described his viral programs in anything like the
detail he put into his earlier work, so there can be no independent
assessment of his claims.  The second point is that the very term,
VCE, implies that a viral computing environment is substantially
different, and should be kept separate, from the "normal" computing
environment as it is currently known.  A VCE may very well be a
powerful entity, but it is still an unknown and unproven concept.)

Computer viral programs have an inherent danger:  that of reproduction
and spread.  If you study explosives, and pass along that knowledge,
you also have to pass along the materials before there is any risk of
a blast.  Even then, the materials do not multiply themselves:  when
exhausted, another supply must be found.  The same is *not* true of
viral programs.  These entities are *designed* to reproduce.  And,
unlike the study of dangerous animals, or even germ warfare, viral
programs are built to reproduce, multiply and spread without the aid
of a skilled, or even aware, operator.  If you are careless with a
deadly animal or weapon, it is still only a single danger in a
localized area.  If you are careless with a computer virus, it can
spread world-wide.

We do not use computers because they are smart.  Computers *aren't*
smart.  Sometimes we use them because they can do calculations very
quickly, but even this is only a special case of the real value of
computers.  Computers always do the same thing in the same way.  They
are repeatable.  They are, in this manner, reliable.  Even a computer
error can be useful to us--so long as it always happens the same way.

Consider, then, the computer virus.  In order to reproduce without the
informed assistance of the user, the virus must be, in the computer
sense, transparent.  It must operate without alerting the operator, or
interfering with the operator's interaction with the computer.  If the
virus even posts a notice ("Hi! I am infecting object X!"), it has a
nuisance value and is, therefore, not good.  (Vesselin Bontchev notes
that even such a notice, by possibly delaying a process, may have
grave consequences far beyond annoyance.)

If, however, the virus does *not* notify the operator, then the
operator is not aware of some additional code in the machine.  This
extra code will have an unknown, and inherently unknowable, effect on
the computer.  The operations of the computer are, therefore, no
longer repeatable.  This is a Bad Thing (TM).

Some will protest that I have overblown the danger of both the
notification messages and the possibility of conflicts.  The point
that I am trying to make is that you cannot predict the harm which may
arise from interference either with the operator or the programs.
Software is digital, and is subject to catastrophic collapse without
prior warning.  For those without a background in computer risk
assessment, an excellent overview for the non-professional is found in
Lauren Wiener's "Digital Woes" (cf. BKDGTLWO.RVW).  An intriguing
compilation of the types of things that can go wrong is to be found in
Peter Neumann's "Computer Related Risks" (cf. BKCMRLRS.RVW).  At the
very least, as Sarah Gordon points out, the virus is an autonomous
agent, making decisions and carrying out activities according to it's
own internal constructs and the intention of its programmer.  This is
very likely not in correspondence with your own intention, and is
therefore an invasion of privacy.

A number of virus writers will object that their creations simply are
not harmful.  Not only is it impossible to guarantee that your virus
will not conflict with existing systems, you also cannot guarantee
that a given system will not conflict with your virus.  Almost all
file infecting viral programs will interfere with applications which
have an internal integrity checksum or a non-standard loader, and will
cause those applications to fail.  (An example of this is that Windows
programs infected with DOS viral programs always fail to load.)  The
"Ohio" virus (a prior version of Den Zuk) was not intended to carry
any destructive payload, but an unusual interaction with a certain
network operating system caused fatal disk corruption.  Since both
Ohio and Den Zuk are examples of the often proposed "virus hunter
virus", it should be clear that the concept of using a viral program
to hunt down and disinfect other viral programs is not a good one.

Historically, and statistically, virus exchange people have been
careless and incompetent programmers.  Remember that we are talking
vx, here, and those viral programs which have been released into the
wild.  There may be, carefully hidden in the desk of a virus writer,
the "perfect" and harmless virus.  If so, we haven't seen it yet.  The
majority have obvious bugs, sloppy coding and derivative programming.
Less than one percent are interesting for *any* reason; only a handful
have unique styles of algorithms.  And even these last have
programming pathologies.

There are two other reasons often given to justify virus exchange.
The first is generally described as experimentation and education.
The second is described as antiviral research, or, more commonly,
assessment of antiviral programs.  These arguments *do* have some
validity, and should be examined.  Ultimately, though, the reality
fails to support the claim.

The call for experimentation is somewhat tied to the argument for a
"good" virus.  Current viral technology may be crude and ridiculous,
but how can it be improved if there isn't any work or sharing of
results?  Quite true.  The vx community, however, have obviously not
read or noted any programming journals or texts.  Discussions of
programming and algorithms are supported by well-annotated code
fragments.  You don't present a whole program to discuss a specific
function any more than you send an entire car with a manual on auto
repair.  You certainly don't use encoded or "DEBUG script" object
code:  that has no explanatory value at all.

And I have yet to see, in the vx materials, any discussion of
legitimate and positive uses for viral technology, any discussion of
control technology, or any discussion directed at ensuring that viral
programs do not create conflicts.

In regard to education, it is true that a study of viral programs is
related to a knowledge of operating system internals, as well as
assembly language programming.  However, viral study *requires* such
knowledge, rather than providing it.  Giving someone a virus and
expecting them to learn from it is akin to "teaching" a surgeon by
handing him a scalpel and pointing at a patient.  Even the vx "old
guard" are beginning to realize this.  Viral programs use normal
computer functions.  If you understand computers, a virus is trivial.
If you don't, well ...

As far as virus exchange tutorials go, well, let me put it this way.
I am a teacher.  Many of you will also know that I review technical
books on a daily basis.  Some are great, enough are good, many are bad
and some are just plain awful.  Only a few are worse, in terms of
tutorial effectiveness, than vx "zines" (electronic periodicals).

Recently, someone who makes his living pushing virus source code
promoted a collection of viral programs by suggesting you could test
antiviral programs with it.  This, superficially, sounds like a good
idea--if you don't know what *real* software testing is like.  What do
we know about the quality of this "zoo" (set of virus samples)?  What
do we know about the structure, organization, documentation and so
forth?  How many duplicates are there?  Of course, we *do* want
duplicates in some cases; we want every possible variation on
polymorphs.  (For Tremor, that works out to almost six billion files.)
But then, this collection was on a CD-ROM.  What a pity.  The most
successful viral programs are boot sector infectors, and you need to
have real, infected disks to truly test for them.  At a minimum, you'd
want all seven "common" disk formats, in both system and non-system
versions.  That's fourteen disks--for *each* BSI.

For all the length of this piece, it is still only an overview.  And,
for all it's length, it probably hasn't convinced anyone.  Ethics
education (it used to be called "values education"), in whatever form
and however presented, has very little to show that it works.  There
are various theories and models of moral training, the most
sophisticated probably being Lawrence Kohlberg's "Moral Development"
schema.  All, though, basically boil down to sitting around talking
about ethical dilemmas.  They may develop debating skills and
rhetorical sophistry, but there is no evidence to suggest that any of
these programs leads to any significant change in behaviour.

While Kohlberg's model of moral development has the most detailed
construction, its utility is questionable.  His system is not so much
one of values education as of values measurement.  It is, therefore, a
guideline for evaluating other ethical training methods rather than a
means of instruction and change.  Moral development is a six stage
structure, assessing the type of reasoning which goes into ethical
choices.  The stages range from "fear of punishment" to "internal
ethical principles".  There is great difficulty, however, in
determining the "stage" of a given individual.  Most ethical
discussions will be judged as having reasoning at all of stages three,
four and five.  This entire document, for example, could be dismissed
as being level one reasoning since it mentions the possibility of the
danger of virus distribution and could therefore be seen as a "fear of
punishment" (negative consequences) on my part.  On the other hand,
most of Kohlberg's proponents dismiss level six, since even a
psychopath could be said to be acting from internal principles.
Kohlberg, himself, has stated that he does not know if anyone
consistently acts from stage six reasoning.

Probably the major reason for this is that modern society has no
fundamental moral foundation.  The most widely cited (and Johnson
gives an excellent critique of it) is utilitarianism--"the greatest
good for the greatest number".  Leaving aside the difficulties of
assessing such a measure, utilitarianism, along with all the other
modern "humanistic" philosophies, has nothing to support itself.  Why
is "the greatest good for the greatest number" to be chosen over "what
*I* want"?  An alternative is deontology; ethical principles derived
from the concept of duty.  (Ironically, this philosophy, while
arguably superior to utilitarianism, is limited to Kohlberg's stage
four almost by definition.)  Again, however, there is no underpinning
to the concept of duty, itself.

Ironically, the much maligned "Judeo-Christian Ethic" did have such a
foundation for moral standards--God.  The theistic universe may yet
have the last laugh over the mechanical universe of B. F. Skinner's
"Beyond Freedom and Dignity".  Maybe Jesus *is* the answer--or there
may be no answer.

Bibliography

Bontchev, "Are `Good' Viruses Still a Bad Idea?", Proceedings of the EICAR '94
Conference, pp.25-47, also
ftp://ftp.informatik.uni-hamburg.de/pub/virus/texts/viruses/goodvir.zip

Clarkson, "Windows Hothouse", 1994, 0-201-62669-1, U$34.95/C$44.95 - lots of
artificial life fun with Visual C++

Cohen, "It's Alive!", 1994, 0-471-00860-5, U$39.95 - an intriguing, provoking
and practical exploration of computer programs as "artificial life", but
somewhat narrow

Denning, ed., "Computers Under Attack", 1990, 0-201-53067-8 - collection of
essays roughly related to security, also "the net"

Ermann/Williams/Gutierrez, "Computers, ethics and society" - textbook for
computer ethics course: not great

Gordon, "Technologically Enabled Crime", 1994

Forester/Morrison, "Computer Ethics", 1994, 0-262-56073-9 - lots of great
stories, but short on analytical depth

Johnson, "Computer Ethics", 1994, 0-13-290339-3 - the basic work in the field,
thorough coverage and good discussion starter

Levy, "Artificial Life", 1992, 0-679-73489-8, U$13.00/C$17.00 - an interesting
wander through fields studying artificial life but no strong points

Neumann, "Computer-Related Risks", 1994, 0-201-55805-X, U$24.75 - exhaustive
examples from the RISKS-FORUM Digest of potential technological perils

Slade, "Robert Slade's Guide to Computer Viruses", 1994,
0-387-94311-0/3-540-94311-0, U$29.95 - chapter seven looks at the computer
virus and society

Thro, "Artificial Life Explorer's Kit", 1993, 0-672-30301-9, U$24.95/C$31.95 -
good fun, but little analysis

Wiener, "Digital Woes", 1993, 0-201-62609-8, U$22.95/C$29.95 - excellent
introduction to the risks of software

(A fuller bibliography on values education readings is available for those
demonstrating a willingness to put some effort into it, since, frankly, it's a
really disappointing field.  Sarah Gordon's "Generic Virus Writer" paper has
significant resources here.)

copyright Robert M. Slade, 1995
Permission is granted to post this file, in full, on any system.

======================
DECUS Canada Communications, Desktop, Education and Security group newsletters
Editor and/or reviewer ROBERTS@decus.ca, RSlade@sfu.ca, Rob Slade at 1:153/733
Author "Robert Slade's Guide to Computer Viruses" (US contact 1-800-SPRINGER)

------------------------------

Date:     Thu, 9 Mar 95 12:52:26 MST
From:     Chris McDonald <cmcdonal@WSMR-EMH34.ARMY.MIL>
Subject: File 5-- Dutch Hacker Arrested

            --------------Original message----------------

UTRECHT, THE NETHERLANDS, 1995 MAR 6 (NB) -- A Dutch student has
become the first person to be convicted of computer hacking in the
Netherlands. Ronald Oosteveen, a 22 year old Utrecht computer science
student, was handed down a six month suspended sentence by
magistrates last week, and was fined around $3,200

Oosteveen was accused of breaking into university, corporate and
government computers, following his arrested in March, 1993, just
three weeks after new Dutch anti-hacking legislation came into force.

Oosteveen was caught in the act of trying to hack into the computer
lines of a technical university in Delft near The Hague. He is also
thought to have been responsible for previous hacking attacks which
occurred before the new legislation came into force.

In court, prosecutors said that he was challenged by university staff
monitoring the computers, and police traced Oosteveen back to his
home. There, police found computer disks with evidence that he had
gained unauthorized access into the computer systems of several
companies and government offices in the Netherlands, Norway, and
Iceland.

Handing down its verdict, the court said computers were vital to a
modern society and it was "essential that information networks
not be violated."

------------------------------

Date: Sat, 25 Feb 1995 21:10:26 -0600 (CST)
From: David Smith <bladex@BGA.COM>
Subject: File 6--(fwd) Eyewitness account of 2/21 San Jose hearing, by C. Kaun

               ---------- Forwarded message ----------
[Reposted from misc.legal.computing]

From--ckaun@deimos.ads.com (Carl Kaun)
Subject--Religious Technology vs. Netcom-On-Line
Date--22 Feb 1995 23:38:17 GMT

Apologies if this turns out to be a duplicate post.  It was supposed
to go out yesterday, but I think there were problems.

I attended the hearing described below.  I did not take notes at the
hearing, and not being a lawyer, do not fully understand the nature of
the legal comments.  Still, my recollections may have some benefit,
and are provided in that event.  Question marks indicate where I did
not hear or cannot recall clearly what was said, or where I have a
question.  Perhaps someone with legal background can answer some of
these.  Where I am adding commentary should be clear from the use of
the first person, or by other qualifications.  Full rights to
reproduce or reuse in any form are granted.

                             ============

C-95-20091:  Religious Technology vs. Netcom-on-Line, Judge Ronald Whyte
   presiding -- 2/21/95 hearing at Federal Court in San Jose (10:00-11:00)

Plaintiffs: Attys McShane, Small, Korbin, others whose names I didn't
   catch (5 total).
Defendants: Atty for Netcom and associate, Atty for Klemesrud
   (operator of BBoard), Dennis Erlich

The purpose of the hearing was to show cause re. a preliminary
injunction (same as temporary restraining order or 'TRO'?).

Judge Whyte had initial concerns about whether the scope of the
seizure order was exceeded.  He asked what material (on a list
provided by plaintiff, allegedly an inventory of materials taken in
the seizure) was trade secret, and what was copyrighted.  Plaintiffs
could not identify which was what, and were given until Feb 24th to
provide that identification.  There was some discussion about sealing
exhibits (presumably documents containing trade secrets), but no
materials to be sealed were identified.

Small made initial remarks, talking about the execution of the seizure
order and items taken.  He said that Netcom could "write a program to
identify publications from sites (purportedly) publishing copyrighted
materials, to enable a more in-depth review of these".  Plaintiff did
not seem to make many points with Judge Whyte.

Erlich provided a statement to the court, and made additional comments
to the effect that:
(1) materials in his possession were obtained legally, being
    provided by various mechanisms including given or loaned by others
    (presumably obtained legally by them?), being purchased, or obtained
    as part of being a minister in the Church of Scientology.  He
    called the judge's attention particularly to documents identified
    as being hardcopies in this regard.
(2) no materials were identified to him as trade secrets.
(3) postings to internet were made in form of commentary or satire (the
    word 'satire' was a significant element in comments during the
    early parts of the hearing), and were paragraphs or at most a
    couple of pages, and constituted fair use of the materials.
(4) his use of the materials was not for monetary profit or gain
    (inferring that it was therefore beyond the scope of copyright law?).
(5) (execution of?) the seizure order violated his 1st and 4th Amendment
    rights, making him the aggrieved party, on which basis he was
    entering suit (against the Church of Scientology and individuals
    involved in the seizure).
(6) he was not permitted to monitor removal of materials, nor was
    he provided an inventory of items taken, except as a single
    unsigned page, and that because the materials were deleted, he
    has no way to verify what was claimed to have been seized (had in
    fact been in his possession?)
(7) he had indicated his willingness to cease publication of and
    delete from his files any copyrighted or trade secret materials,
    and had requested plaintiff provide a means to identify/verify
    these, which plaintiff had not done.

The Attorney for Klemesrud submitted a brief to the court, and in
commment cited various precedent why Klemesrud should not be included
in the suit; and indicated the impact of requiring Klemesrud to comply
with what plaintiff wanted would be to shut down the B-board, thereby
removing access to Internet for some 500 users.

The Attorney for Netcom submitted a brief to the court, and in comment
merely indicated Netcom's role as essentially a common carrier, with
no control over content, and having no more liability than a
bookseller would have.

Somewhere along the line, attorneys for both Netcom and Klemesrud
indicated they were filing motions for dismissal.  Small tried to
argue why they should not be dismissed with some sort of analogy about
how a private toll booth operator should deny highway access to a
particular car that had been described to the operator.  I hope the
judge thought it as ridiculous as I did.

In subsequent comment, the attorney for Netcom made what I thought the
neatest point of the day.  He pointed out that plaintiff could not
there in the court identify what was or was not copyrighted from a list
of materials in his possession, yet plaintiff was asking Netcom to
make that same determination nearly instantaneously on a very great
volume of material.  The only alternative to this would be to block
access to individuals, for which there is absolutely no precedent.

Late in the hearing, Small tried to make some point about how Erlich
had initially cooperated with the seizure, but later on tried to block
it "when he had called the press and guzzled some beer".  You had to
be there!  Such inappropos slander attempts come across almost as CoS
signature.  He also tried to express outrage that Erlich had a scanner and
was copying whole documents into his computer (even if it could be
established what was being scanned, aren't backup copies of
copyrighted materials allowed under various conditions?).

Judge Whyte released Netcom and Klemesrud from the injunction/TRO
"without prejudice" (??), and indicated he would replace the TRO
against Erlich with a more carefully worded one.  A further hearing
with Erlich, etc. will occur on March 3rd. This might "take place
by telephone, to alleviate travel costs" (aren't hearings like this
supposed to be public, and doesn't a telephone conference preclude that?)

                                 ====

I was not impressed by any crispness in the arguments, e.g. to
establish any standards or boundaries (perhaps it is too
early for this).  Indeed, I have seen clearer commmenting on the net.

One thing kind of surprised me -- I would have thought the court would
take possession of the purportedly copyrighted materials to insure
there was no tampering with "the evidence", especially given CoS'
reputation. This was not done, nor was there any suggestion made to do
so.

------------------------------

Date: Sun, 26 Feb 1995 22:51:01 CDT
From: CuD Moderators <cudigest@sun.soci.niu.edu>
Subject: File 7--Cu Digest Header Info (unchanged since 26 Feb, 1995)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup: comp.society.cu-digest

Or, to subscribe, send a one-line message:  SUB CUDIGEST  your name
Send it to LISTSERV@UIUCVMD.BITNET or LISTSERV@VMD.CSO.UIUC.EDU
The editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at:  Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message:   UNSUB <your name>
Send it to LISTSERV@UIUCVMD.BITNET or LISTSERV@VMD.CSO.UIUC.EDU
(NOTE: The address you unsub must correspond to your From: line)

Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on RIPCO BBS (312) 528-5020 (and via Ripco on  internet);
and on Rune Stone BBS (IIRGWHQ) (203) 832-8441.
CuD is also available via Fidonet File Request from
1:11/70; unlisted nodes and points welcome.

EUROPE:  In BELGIUM: Virtual Access BBS:  +32-69-844-019 (ringdown)
         In ITALY: Bits against the Empire BBS:  +39-464-435189
         In LUXEMBOURG: ComNet BBS:  +352-466893

  UNITED STATES:  etext.archive.umich.edu (192.131.22.8)  in /pub/CuD/
                  ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/
                  aql.gatech.edu (128.61.10.53) in /pub/eff/cud/
                  world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/
                  uceng.uc.edu in /pub/wuarchive/doc/EFF/Publications/CuD/
                  wuarchive.wustl.edu in /doc/EFF/Publications/CuD/
  EUROPE:         nic.funet.fi in pub/doc/cud/ (Finland)
                  ftp.warwick.ac.uk in pub/cud/ (United Kingdom)

  JAPAN:          ftp.glocom.ac.jp /mirror/ftp.eff.org/Publications/CuD
                  ftp://www.rcac.tdi.co.jp/pub/mirror/CuD

The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:
  URL: http://www.soci.niu.edu:80/~cudigest

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may  be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission.  It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified.  Readers are encouraged to submit reasoned articles
relating to computer culture and communication.  Articles are
preferred to short responses.  Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Digest contributors assume all
            responsibility for ensuring that articles submitted do not
            violate copyright protections.

------------------------------

End of Computer Underground Digest #7.21
************************************