Kurt Guntheroth <kurt@tc.fluke.com> (06/20/91)
Alex Barnum, Mercury Staff Writer says: > "Other critics charge that Thrifty Tel is deliberately haiting hackers > with antiquated switching technology and short access codes that are > easier to hack than the more modern, secure technology and 14-digit > access codes of the major long-distance carriers." John Higdon says: > Mr. Barnum has all the quotes from Ms. Bigley that the {LA Times} > article had, which essentially contain the circular argument that it > costs money to upgrade to FGD and why should Thrifty have to spend > that money on account of "thugs and criminals" while whining about all > the losses suffered at the hands of the hackers. Thrifty's technique > looks more like a profit center than hacker "prevention". Let's suppose ThriftyTel is deliberately baiting hackers (though using older equipment because it is cheap sounds more reasonable to me). How can this be considered more reprehensible than stealing network services in the first place? I find it quite just that a company should hang hackers with their own rope. If ThriftyTel was posting the access codes on pirate BBS's, this might be going a bit too far on the entrappment side, but there is no evidence this is happening. And whoever asked whether ThriftyTel was inducing minors to enter into an unenforceable contract, or an ex-post-facto contract, this may be true. The hackers do have the option of refusing the contract and letting ThriftyTel make good on its threat to initiate criminal proceedings if it can. Probably most hackers, caught crouched over the body with the smoking gun in their hand, and with the knowledge of their guilt in mind, are reluctant to test their luck in court. Record me as a supporter of ThriftyTel.
"Dennis G. Rears (FSAC)" <drears@pica.army.mil> (06/21/91)
Kurt Guntheroth <kurt@tc.fluke.com> writes: > John Higdon says: >> Mr. Barnum has all the quotes from Ms. Bigley that the {LA Times} >> article had, which essentially contain the circular argument that it >> costs money to upgrade to FGD and why should Thrifty have to spend >> that money on account of "thugs and criminals" while whining about all >> the losses suffered at the hands of the hackers. Thrifty's technique >> looks more like a profit center than hacker "prevention". > Let's suppose ThriftyTel is deliberately baiting hackers (though using > older equipment because it is cheap sounds more reasonable to me). > How can this be considered more reprehensible than stealing network > services in the first place? I find it quite just that a company > should hang hackers with their own rope. If ThriftyTel was posting > the access codes on pirate BBS's, this might be going a bit too far on > the entrappment side, but there is no evidence this is happening. Have you ever heard of an attractive nuisance? Granted it may be stretching a point, but hey we are talking about California? :-) It could be argued that ThriftyTel has created an attractive nuisance by not securing their systems in accordance with industry standards; just like the homeowner who does not build a secure enough fence to keep the little cretins out of his/her pool. > And whoever asked whether ThriftyTel was inducing minors to enter into > an unenforceable contract, or an ex-post-facto contract, this may be > true. The hackers do have the option of refusing the contract and > letting ThriftyTel make good on its threat to initiate criminal > proceedings if it can. Probably most hackers, caught crouched over > the body with the smoking gun in their hand, and with the knowledge of > their guilt in mind, are reluctant to test their luck in court. Contract, hell it is extortion. As any first year law student could tell you the following must exist to be a contract: o legality of object # OK o mutual consideration # OK o contractual capacity # OK; minors create # a voidable contract o manifestion of consent (offer/acceptance) # NO o meeting of the minds The hacker is not aware of the offer (tariff), there is no manifestion of consent, and there is not meeting of the minds. Another point, California has the Uniform Commercial Code, thus the statue of frauds would apply. This means the contract (including acceptance) must be in writing for amount of over $500.00. One last point if they are saying a contract was formed, it becomes a civil matter only not a criminal. Either it is a contract in all cases or a contract in no cases. If they decide it is a contract they have to sue for breach of contract; they can't have criminal charges too. They must be consistent. BTW, I don't approve of what the hackers/phreakers are doing either, but ThriftyTel response is just as abusive of the laws as hackers/phreakers. We are still innocent until proven guilty, and there is no way I can tolerate any company or govertment "official" altering this. dennis
john@mojave.ati.com (John Higdon) (06/22/91)
Kurt Guntheroth <kurt@tc.fluke.com> writes: > Record me as a supporter of ThriftyTel. You are overlooking a major flaw in Thrifty Tel's scam. In the United States, the system of jurisprudence requires the plaintiff in a civil case to 1.) prove damages and 2.) show mitigation of damages. Thrifty Tel does neither. In a five-day period, Thrifty Tel whisked a "Hacker Tariff" through the CPUC without comment, showing, documentation, or any justification WHATSOEVER. This tariff, which provides for "charges" that are around three hundred times the company's going rate for services, is then used in civil suits to claim damages. Thrifty Tel sits back in court, presents the logs showing the intruder's usage and then holds up this bogus tariff. In other words, TT has at no time ever proved its claim for the extortion it pulls on the "criminals and thugs" that it so actively crusades against. Concerning point two, let me give you an analogy. Let us suppose that I have decided to go into the banking business, but find that the cost of constructing a vault is prohibitively expensive. So I leave all the cash sitting around in the tellers' drawers. Word gets around that my bank is an easy mark, and consequently I find that frequently the cash has been cleaned out by thieves the night before. To combat this, I install a very sophisticated intrusion detection system with cameras and the like. I am now able to identify the theives and I manage to get a law passed that allows my bank to claim damages against the burglars at about three hundred times the value of the cash stolen. Obviously, a bank vault would solve the lion's share of my problem, but why should I have to pay for a vault when it is "criminals and thugs" that are at the root of my "losses"? This is precisely the argument that TT uses when it is suggested that it upgrade its equipment and use FGD instead of FGB. Of course, FGD would not allow it to skim intraLATA traffic from Pac*Bell as it now does, but that is a different matter altogether. Believe me when I tell you that Thrifty Tel has no moral high ground to stand on. John Higdon <john@zygot.ati.com> (hiding out in the desert)
Stuart Lynne <sl@wimsey.bc.ca> (06/23/91)
In article <telecom11.476.7@eecs.nwu.edu> drears@pica.army.mil (Dennis G. Rears (FSAC)) writes: > Kurt Guntheroth <kurt@tc.fluke.com> writes: > Contract, hell it is extortion. As any first year law student > could tell you the following must exist to be a contract: > o legality of object # OK > o mutual consideration # OK > o contractual capacity # OK; minors create > # a voidable contract > o manifestion of consent > (offer/acceptance) # NO > o meeting of the minds > > The hacker is not aware of the offer (tariff), there is no > manifestion of consent, and there is not meeting of the minds. > Another point, California has the Uniform Commercial Code, thus the > statue of frauds would apply. This means the contract (including > acceptance) must be in writing for amount of over $500.00. I wonder to what extent their status as a common carrier affects the normal course of forming a contract with them. All of the above would be pretty standard stuff between any two random non regulated parties, but to what extent is it altered by statute (in this case the statutes granting Thrifty common carrier status). Presumably their are both new requirements (to entering into a contract) and new restrictions (for example only tariffs filed with regulating body can be charged). Stuart Lynne Computer Signal Corporation, Canada ...!van-bc!sl 604-937-7785 604-937-7718(fax) sl@wimsey.bc.ca [Moderator's Note: In addition to ThriftyTel, I have to wonder how 'contracts' and the Uniform Commercial Code apply to 900 calls in general where minors are concerned. PAT]
Macy Hallock <macy@fmsys.uucp> (06/23/91)
Regarding the thread on CA's Thrifty Tel and its hacker oriented tarriffs: While not a utility lawyer myself, I have paid for the services of a couple, and been taught some expensive lessons by others ... So let me advance a few of points in this discussion: The granting of common carrier status and filing of tariffs which have been approved by the PUC make the utility a slightly different contractual entity in the eyes of the courts. Generally speaking, the PUC acts as an agent for the public in structuring the contract with the utility. This means that use of the utility's service in a voluntary (or sometimes involuntary) fashion binds you to payment of the under the terms of contract. (Which is contained in the utility's tariff structure.) Now, gross negligence, fraud, or malicious acts are never permissable under any contract in any state I know of. Other than that, the utility is afforded protections that most normal businesses do not enjoy. (Try suing a phone company sometime, you will receive an education concerning their special status under regulatory and utility laws.) If the tariff was filed in a manner which deceived the PUC, then the tariff and its protections can be invalidated. If the PUC acted in a manner contrary to their authority under the law, then the tariff can be invalid, also. This also means that many parts of the UCC are not directly applicable to a regulated utility acting under their filed tariffs. Speaking in general terms, that would seem to mean Thrifty Tel has a basis to enforce their tariffs. Remember, part of the status of common carrier requires that the tariffs be published and available to the public for inspection, and in fact these are often published in newspapers of record at some point. The fact is: the use of Thrifty Tel's FGB access code constitues voluntary use of their services under their currently published tariff structure. Analogy: just because you do not agree with MCI's rate does not mean you do not have to pay for the call when you dial 10222+ (a rather simple, widely distributed code) and make a call. As for the posting of TT's codes in local bulletin boards ... sounds like unpaid advertising or word-of-mouth. The public posting or even paid advertising of a common carriers service availability has never been illegal. Would you ask for a rebate if you neighbor said dial 900-RIP-OFFF and you then got a bill? I doubt the PUC would agree ... I know of many people who have been bound to pay for their own and their children's activities using telephones that ran up large long distance bills out of their own ignorance. The PUC holds that the bills are still valid and the courts seem inclined to agree. Once in a while, a telco or carrier will grant a billing adjustment in a case such as this, but there is usually a provision in their tariff that allows them to do this under certain circumstances, and at their sole discression. They are specifically not bound to do this in all similar cases. The only trend that counters this concerns telco billing of services provided by others (such as 900, AOS's and OCC's). In those cases, the telco's have found it expidient to limit their tariffs to allowing themselves to act only as billing agents, and now do not want to act as collection agents. This is primarily due to political pressure from consumer groups and the newspapers. As a result, its very unlikely that you will have your local telephone service cut off due to an unpaid 900 bill. The phone company will return the billing uncollected to the provider, who must then pursue its own collection against you. From the descriptions provided by the readers of the Digest, it appears that this is exactly what Thrifty Tel is doing. Based on my past experiences, Thrify Tel is working on the fringe of regulatory law, but within it. My prediction: either the PUC or legislature will amend PUC regulations to make Thrifty Tel change their tariff when the political or consumer pressure increases. It has happened before! Common sense has nothing to do with this process. Personal opinion: Thrifty Tel has found an interesting approach to making long distance resale profitable. I am always wary when an industry has to use lawyers and lawsuits to conduct business, though. TT will do wonders to increase the public's awareness of the potential cost of phone hacking. I wish the newspapers would take same tone of voice they use when reporting drug related activity when reporting hacking, though. Guess I was just not innnovative enough when I tried to put together a long distance reseller in the early 80's .... Macy M Hallock Jr N8OBG 216.725.4764 macy@fmsystm.uucp macy@fmsystm.ncoast.org [No disclaimer, but I have no real idea what I'm saying or why I'm telling you]
jgd@gatech.edu> (06/24/91)
john@mojave.ati.com (John Higdon) writes: > In a five-day period, Thrifty Tel whisked a "Hacker Tariff" through > the CPUC without comment, showing, documentation, or any justification > WHATSOEVER. This tariff, which provides for "charges" that are around > three hundred times the company's going rate for services, is then > used in civil suits to claim damages. I consider that tariff a stroke of genius. I think that is the way to handle most similiar problems. > Concerning point two, let me give you an analogy. Let us suppose that > I have decided to go into the banking business, but find that the cost > of constructing a vault is prohibitively expensive. So I leave all the > cash sitting around in the tellers' drawers. Word gets around that my > bank is an easy mark, and consequently I find that frequently the cash > has been cleaned out by thieves the night before. To combat this, I > install a very sophisticated intrusion detection system with cameras > and the like. I am now able to identify the theives and I manage to > get a law passed that allows my bank to claim damages against the > burglars at about three hundred times the value of the cash stolen. > Obviously, a bank vault would solve the lion's share of my problem, > but why should I have to pay for a vault when it is "criminals and > thugs" that are at the root of my "losses"? This is precisely the > argument that TT uses when it is suggested that it upgrade its > equipment and use FGD instead of FGB. > Of course, FGD would not allow it to skim intraLATA traffic from You analogy of a bank vault is a good one but it makes the case more forcefully for ThriftyTell. Assuming that all bank robbers had the net worth to permit such a system to work, consider what positive effects there would be for the regular legitimate customers. I as a legitimate customer could simply walk in and get my money without having to hassle with a teller. I would find that to be much more convenient. Yet if a scumbag grabbed money that was not his or even if a customer accidently took too much, the bank could recover it and in the case of the scumbag, could punish him. In other words, the scumbags get punished and the regular customers get less hassles. What a refreshing concept! In the case of ThriftyTell, if you never hack their system, you'll never encounter that tariff. A perfect solution, all the blather about attractive nuisance notwithstanding. To me the concept of an attractive nuisance really means "I can't manage my {life, kids} so I want the law to do it for me." If you don't do the hack, you don't catch the flak :-) I don't see the problem. John
john@mojave.ati.com (John Higdon) (06/26/91)
"John G. DeArmond" <emory!Dixie.Com!jgd@gatech.edu> writes: > john@mojave.ati.com (John Higdon) writes: >> In a five-day period, Thrifty Tel whisked a "Hacker Tariff" through >> the CPUC without comment, showing, documentation, or any justification >> WHATSOEVER. > I consider that tariff a stroke of genius. I think that is the way to > handle most similiar problems. A little consistency, please. I just read an article of yours decrying AOS and sleazy practices that came from lack of regulatory attention. Now you seem to advocate that any sleazebag reseller should be able to, without justification or documentation such as that required of all legitimate telcos, make up any fantasy charges it wants and then use that fantasy in a court of law to "prove" damages. Your attitude of justice seems somewhat whimsical. > If you don't do the hack, you don't catch the flak :-) No, make that Neandrathal. How about forty years for petty theft? Hey, man, if you don't do the crime then you won't do the time, right? John Higdon <john@zygot.ati.com> (hiding out in the desert) [Moderator's Note: While it is true Thrifty Tel's tactics are extreme, and of questionable legality by USA standards, we should note that in countries with 'neandrathal' schedules of punishment (i.e. Saudi Arabia, where public floggings, beheadings, and amputation of body parts appropriate to the crime committed -- shoplifting, sexual assault, etc -- are routine events), the crime rate is *extremely* low. If Thrifty Tel doesn't break Some People of their Bad Habits, I don't know what will. PAT]
Nick Sayer <mrapple@quack.sac.ca.us> (06/26/91)
Our esteemed <oderater writes: > [Moderator's Note: While it is true Thrifty Tel's tactics are extreme, > and of questionable legality by USA standards, we should note that in > countries with 'neandrathal' schedules of punishment (i.e. Saudi > Arabia, where public floggings, beheadings, and amputation of body > parts appropriate to the crime committed -- shoplifting, sexual > assault, etc -- are routine events), the crime rate is *extremely* > low. So if there was a death penalty for parking violations people would be less likely to park in front of hydrants. Very good, comerade. You understand the Soviet legal system perfectly. By combining outlandish penalties for small crimes with secret police organizations without restrictions of law we can achieve a perfect social order regardless of what the constitution says. > If Thrifty Tel doesn't break Some People of their Bad Habits, I > don't know what will. PAT] Nothing will. They will simply (A) get better at it and (B) phreack from phone booths. No, I don't condone phreacking. No, I don't normally come to their defense. Nevertheless, ThriftyTel's tactics smack of entrapment. Like puting a "Rob me" sign on the front lawn, then shooting tresspassers. Nick Sayer mrapple@quack.sac.ca.us N6QQQ 209-952-5347 (Telebit)