Combat Arms
2869 Grove Way
Castro Valley, California 94546-6709
Telephone (415) 538-6544
BBS: (415) 537-1777
December 5, 1990
The FBI Comes Rapping, Rapping At Your BBS
by
Brock N. Meeks
The dog-eared manila envelope spilled a coffee stained
report onto my cluttered desk. The title, "The FBI and Your BBS"
sounded a little too nefarious, even for this curmudgeon of the
information age. But I figured the report was worth at least a
quick read. After all, somebody had gone to the effort to track
down my address and forward a copy of the report to me. That
someone turns out to be the report's author, Glen L. Roberts,
director of The FBI Project an organization which publishes a
newsletter, Full Disclosure, under the self defined category
"privacy/surveillance."
The report is chilling, almost paranoid. And if more people
had known about its existence, a lot of grief might have been
saved. As I read I remembered an old, coffee-ringed file folder
I'd squirreled away. I remembered something about it's containing
information on what I'd off-handedly labeled "FBI Computer Hit
Squad." When I found the file, Roberts' report didn't seem so
paranoid and knew I was in for a long night of research and bunch
of early morning wake up interviews.
IF YOU DIG, YOU HIT DIRT
In 1984 a short series of discreet advertisements, placed by
the FBI, appeared in a few computer trade publications and in The
Wall Street Journal. The message was simple, and went something
like: "We're looking for computer literate persons to join the
Bureau." There was no mention of any special task force; however,
it was clear that the Bureau wanted to upgrade their high-tech
prowess.
Although the FBI won't confirm the existence of a
computerized "hit squad," an FBI public relations officer did
confirm that they "have made an extraordinary effort to recruit
more technically oriented personnel" since 1984.
If you dig hard enough, you'll find substantial evidence
that the FBI is most definitely working overtime in its efforts
to monitor the electronic community. "They are desperately wary
of the way information flows so freely in this medium," says
Roberts. Indeed, one has only to recall this past May when some
150 Secret Service agents, assisted by local police (backed up
with electronic "intelligence" gathered and provided by the FBI)
served some 27 search warrants in a dozen cities across the U.S.
The bust, code-named Operation Sun Devil, was patterned
after the tactics used to take down suspected drug rings:
simultaneous busts, synchronized arrests. All in an effort to
preclude any "early warnings" reaching the West via grapevine
information moving from the East.
I was curious about all these high tech hit tactics and
armed with my file folder and Roberts' report I called a number
scrawled on the inside flap of my file folder. It was annotated
"Former agent; possible source." I called the number, and got a
story.
"I was recruited in 1983 by the FBI for my computer skills,"
the former agent told me. Because he still does some consulting
for the Bureau, he asked not to be identified, but he laid out a
very specific plan by the FBI to increase their knowledge of the
electronic communications world. He confided, "During my time the
Bureau's monitoring of BBSs was extremely limited; we just didn't
know how." In those days, he said, the FBI drew on the expertise
of a small band of high-tech freelance snoops to augment their
staff, "while we all honed our own skills."
TRADITION
Certainly the FBI has a tradition of "investigating" groups
of people it deems "unsavory" or threatening.
In Roberts' The FBI and Your BBS, there's a brief history of
the FBl's willingness to gather all known information on a target
group. Pulling from the Final Report of the Select (Senate)
Committee to Study Governmental Operations with respect to
Intelligence Activities, Book IV, Supplementary Reports on
Intelligence Activities, Roberts includes this excerpt:
"Detectives were sent to local radical publishing houses to
take their books. In addition, they were to find every private
collection or library in the possession of any radical, and to
make the arrangements for obtaining them in their entirety. Thus,
when the GID (General Intelligence Division) discovered an
obscure Italian born philosopher who had a unique collection of
books on the theory of anarchism, his lodgings were raided by the
Bureau and his valuable collection become one more involuntary
contribution to the huge and ever-growing library of the GID.
[pages 87-88]."
Change "any radical" to "any BBS" and "book" to "disk" and
quite suddenly the electronic landscape turns into a winter
still-life.
DATA COLLECTION
Roberts, quoting from his report, says, "Unlike other
communications media, information on a BBS does not get read by
anyone before its instantaneous publication. Therefore, the FBI
has much less of a possibility of intimidating the owner of a BBS
into not publishing certain information. The FBI also acts as if
BBSs have a monopoly on the distribution of so-called 'illegal
information.' The FBI often uses this 'danger' as justification
to monitor the activities on these systems. In reality, however,
BBSs transfer much less 'illegal information' than the phone
system."
Roberts statements are worth noting in light of the
government's increased interest in the marriage of criminal
activity and electronic communications.
A 455-page report issued by the President's Commission on
Organized Crime, dealing with drug abuse and trafficking cites
that fact that crime has moved into the high-tech arena. The
report states "To the extent that law enforcement agencies'
capabilities and equipment are inferior to those of drug
traffickers, immediate steps should be taken to rectify the
situation." The report then recommends that data-gathering
efforts of several agencies (including the FBI) should be tied
together in one "all-source intelligence and operations center."
ANY PROBLEM HERE?
There are no laws prohibiting the FBI (or other agencies)
from monitoring the public message traffic on a BBS; the
Electronic Communications Privacy Act of 1986 protects private
messages and privately stored files only. But what about an FBI
agent monitoring a BBS solely for the purpose of gathering
information on the board's users? Any problem here?
The former FBI agent I spoke with raised the concern that
such casual monitoring might be a violation of the 1968 Wiretap
Act. "In order for a wire tap, you have to get a court order. Now
if an FBI agent is monitoring a BBS to gather information, that
becomes an interesting question, because there are very specific
federal rules about a wire tap. My question to you about a BBS
[being monitored] is: "At what point does monitoring turn into a
wiretap-like act?"
Good point. The reality is, however, that there are no
rules. Unless that agent is asking for private message traffic,
he can, without impunity, monitor, store, and otherwise
manipulate your public messages as he sees fit.
Roberts points out that a BBS with public access is fair
game for any kind of governmental snooping. But there is a way to
make such casual snooping by a federal agent a crime.
"If you want your BBS readily accessible to the public but
want to protect against unwarranted monitoring, you have to
provide a warning to prospective users," says Roberts. "It should
read: 'This BBS is a private system. Only private citizens who
are not involved in government or law enforcement activities are
authorized to use it. The users are not authorized to divulge any
information gained from this system to any government or law
enforcement agency or employee."'
This does two things. It makes the entire board "private."
Second, it makes any kind of monitoring by the FBl (or other
agencies, such as the Secret Service) a criminal offense (because
they are would be guilty of unauthorized access; it also forces
them to use the established guidelines of gaining information via
a court ordered search warrant. The warning also protects you in
another way: it stops "freelancers" from doing the Bureau's work.
GET REAL
How real is the possibility of the FBI monitoring your BBS?
Much more than I'd like to believe. Although details of Operation
Sun Devil are still sketchy, it's clear that the FBI, working in
tandem with the Secret Service, is monitoring several hundred
"suspected" boards across the electronic landscape. What kind of
board is a potential monitoring target? "Any board that advocates
hacking," said a Secret Service spokesman. Yet when I asked for a
definition of hacking, all I was told was "illegal activity."
The information provided here bears out, if nothing else, an
increased interest by the FBI in the hard ball practice of going
after electronic criminals. But are the "good guys" getting
caught up with the bad?
How extensive is the FBl's actual fact gathering by
monitoring BBSs? No one knows really knows. However, given the
history of Bureau, and the hard facts that crime in the
information age makes full use of all the technology it can get
its hands on, it's a small leap to believe that at least specific
monitoring, of certain target groups, is taking place.
Where does that leave you and me in all this? Back to square
one, watching carefully what we say online. If you're a member of
a "controversial" BBS, you might pass the concerns of Roberts on
to your sysop. If you are a sysop, you might want to consider
adding a bit of protection to the board . . . for the rest of us.
Brock Meeks is a Washington, D.C. based columnist whose
articles have appeared in several publications including Byte
Magazine. His favorite radical BBS is ... well...private.
-= RESPONSE FROM MUSTANG SOFTWARE REGARDING THIS ISSUE =-
Msg #: 107 Area: Wildcat_BBS Sent: 30 Nov 90 07:39:29
From: Rick Heming <Mustang Software>
To: All
Topic: Policy Statement - Mustang Software, Inc.
This text is available in the file POLICY2.TXT on the Mustang Software,
Inc. HQ BBS for registered WILDCAT! sysops.
-------------------------------
SOFTWARE COPYRIGHT, PIRACY, AND THE BBS COMMUNITY
Mustang Software, Inc. - 11/29/90
Recently several computer trade publications have published
reports of computer software piracy through the use of bulletin
board systems. The articles in question briefly outline the
confiscation of computer hardware from several BBS system
operators as a result of a year-long investigation by the FBI.
This investigation solicited support from several software
developers, including Novell, Inc. and Mustang Software, Inc.
This policy statement is designed to clarify the activities and
position of Mustang Software, Inc. in these activities.
1. In the fall of 1989 Mustang Software was approached by the
FBI regarding an investigation they were conducting into the
activities of several bulletin boards in the Nashville area.
The agents indicated that they were in contact with Novell,
Inc. as a part of their investigation and requested
information on how BBS were operated in general. Our contact
with the agents consisted of verbal telephone contacts on
several occasions throughout the following year, during
which we offered technical support and inquired as to the
progress of the investigation.
2. At no time during the FBI's independent investigation did
anyone connected with Mustang Software initiate or receive
any BBS or modem-related calls for investigative purposes.
We made absolutely no calls to any other BBS, WILDCAT! or
otherwise, other than test calls requested by registered
sysops of our technical support staff. Furthermore, Mustang
Software was not involved in any verbal contacts or
telephone call to any sysops with regard to this activity.
3. According to affidavits filed with the U.S. Attorney's
Office in Nashville, the FBI gained access to the BBSs in
question through paid memberships and by convincing the
sysops that they were interested in exchanging copyrighted
material. Access to the BBS systems involved was not gained
using a back-door, trojan program, or a security breach. The
WILDCAT! BBS has never incorporated code to allow access
through a "back door", nor would such a provision be added
for investigative purposes in the future. As a matter of
record, the BBS software in operation on the systems in
question was not WILDCAT! when the "sting" was conducted.
Mustang Software, Inc. has every intention of continuing to
strengthen our position as the fastest growing BBS in the
world. To do so, we must rely heavily on our reputation in
the international BBS community. We would not compromise
that reputation for anything. You can continue to trust that
WILDCAT!'s source code has no undocumented features which
would compromise the security aspects of our product.
The above statements are presented to provide factual
information regarding Mustang Software's physical activities
during the period of the FBI's investigation. Apart from our
participation, it is also important to understand our company
position on the matter of software copyright, piracy, and the BBS
community.
BBS systems have many potential applications, most of which
are legitimate endeavors. We realize however that there are some
uses which may be looked upon as questionable, and others which
are clearly illegal. Mustang Software does not believe it is not
our function to concern ourselves with the use to which our
product is placed, nor will we ever become involved in gathering
this information from system operators. We do however adhere to
the principals and guidelines of Software Publishers Association
(SPA) regarding software piracy, and cannot condone this type of
activity when it is brought to our attention. Our cooperation
with the FBI investigation is an example of our response when
such activity becomes apparent. Should such an investigation
request information beyond simple conversation and technical
support in the future, we will provide it in response to a proper
legal request. The FBI investigation represents the possible
consequences when a BBS operator openly engages in activities of
questionable legality, and does so over a long period of time.
A more common situation is one which arises almost monthly
at Mustang Software. We are often advised by sysops that WILDCAT!
is being used without proper registration, or that a particular
BBS has made the registered release of our product available for
download. Our response is always a simple phone call to the
system operator bringing the matter to his attention. This call
is all that is needed 98% of the time, and others are cleared-up
with a standard form letter. We have never had to resort to legal
action when handling a copyright issue with any BBS operator or
other individual. This cooperation by responsible sysops is in
direct contrast to the blatant pirating of a wide range of titles
alleged in the FBI affidavit.
Mustang Software, Inc. has invested a great deal of time
during the past 2 years in an attempt to integrate BBS Software
and communications software to the level of other applications
such as database software, word processing software, or
spreadsheet software. This effort was undertaken to help move
away from the common misconception that BBSs are primarily
operated by individuals not a part of the mainstream. We believe
this representation of sysops as roguish computer hackers is
inaccurate, and does not lend credibility to the
telecommunications aspect of the PC marketplace. The BBS
community has made great strides in this regard during the past
year. Many software and hardware manufacturers have implemented
BBS support systems, major corporations are installing BBSs for
employee support and communication, and retailers such as
Software Etc. now carry BBS software on store shelves nationwide.
Software piracy using BBSs hurts us all. We firmly believe
that the vast majority of system operators try to operate their
BBS in a responsible manner, and avoid activities which violate
the rights of others. In order to prevent encroachment and
limitation of our telecommunication activities, we must make it
clear that the activities of a small minority of BBS operators do
NOT represent those of the masses. One of the best ways to
accomplish this is to stand united against software piracy and to
let the press know that BBS operators in general do not engage in
this activity.
We appreciate your time in reviewing this policy statement,
and hope it has answered any questions on your mind.
Sincerely,
Mustang Software, Inc.
P.O. Box 2264
Bakersfield, CA 93303