mis@seiden.com (Mark Seiden) (07/20/90)
Patrick: I've just received the governments's response to the motions of Electronic Frontier Foundation and the defendant Neidorf to dismiss the indictment. You may not be aware that an article by you in Phrack 21, entitled "Non-Published Numbers" is mentioned in a recitation of the icky and allegedly felonious stuff Neidorf has been indicted for distributing. I quote: "On November 4, 1988, "Phrack 21" was published containing a tutorial on how to obtain non-published numbers from Illinois Bell, and an article by Neidorf outlining the critical role played by the telephone company's Network Management Center in telecommunications and "the protection of essential services such as 911, during abnormal network situations."... etc. The government lies. I just read the article. What it says is that if there's an emergency (or some other nontrivial reason) there is a *procedure* by which an authorized intermediary will get in touch with a nonpublished number and ask them if they want to talk to you, either by calling you back or by releasing their number for you to call them. I see no mechanism shown by which a nonpublished number can be obtained without the consent of the subscriber. I'm surprised you haven't been indicted over this one. Mark Seiden, mis@seiden.com, 203 329 2722 [Moderator's Note: There is nothing indictable about it. As you point out, that very old article by me (I stress this, since the procedures have changed somewhat in recent years), was a discussion of the procedure to follow in making emergency contact with a subscriber with a non-pub number, and the efforts taken by telcos (or at least IBT) to protect the privacy of their customers. Several years ago, much of the same information was distributed as a form letter response to people who called or wrote to complain, "why can't I get the number of so-and-so because my call is very important, etc". Interestingly enough, no, I did not know that it was picked up by Phrack and used in an issue of that publication. Since I was never a reader of Phrack, I really would not know what all of mine they published in the past. Truth be told, I can't remember now *who* I wrote that article for; I can't find it in the old issues of the Digest, however the Telecom Archives prior to October, 1988 is missing many old issues. I think I originally wrote it in 1982/83 for the BBS I sysopped briefly for the Chicago Public Library. I don't even have a copy of it in my old files, or I would re-run it here. The essence of it was that the Non-Pub Number Bureau was the keeper of subscriber phone numbers of that type. The Non-Pub Number Bureau itself had a non-pub number, available to a few employees at IBT with a 'need to know'. If such a number was needed in a dire emergency; i.e. a death in the family, a fire, something of catastrophic proportions, then the person needing to make contact could plead his case to a Directory Assistance supervisor. The supervisor would take the matter to the Chief Operator. Their stock answer was "don't call us, we'll call you back later", and after someone conferred with the non-pub subscriber, giving them *your name* and *your number*, then you would be called back and advised (a) of the phone number you were seeking, or (b) that the non-pub party had been alerted to your request and elected to call you instead, or (c) chose to ignore your request. PT]
john@bovine.ati.com (John Higdon) (07/22/90)
Mark Seiden <mis@seiden.com> writes: > You may not be aware that an article by you in Phrack 21, entitled > "Non-Published Numbers" is mentioned in a recitation of the icky and > allegedly felonious stuff Neidorf has been indicted for distributing. Taken out of context, most of what appears in TELECOM Digest is at least as incriminating as the material published in Phrack. Think about it: over the past year alone there have been discussions of 911, telco plant security, billing procedures, unlisted numbers, "infinity transmitters", credit card verification and security, telco account records security, cellular billing and call verification procedures, campus phone systems, police mobile data systems, and much more. Some of the contributors have submitted detailed articles discussing these things. Now that I have seen what a flimsy case exists against Craig Neidorf, my paranoia has reached new heights. Never mind that my book shelves are filled with communication reference books. Never mind that my file cabinets are packed with Pac*Bell technical data. Never mind that my garage is filled with manuals for dozens of PBXes. Never mind that there are Bellcore books under the bed. What's really evil is that "secret and sensitive" material stored in my computer known as Cud, TELECOM Digest, and (probably) the USENET spool. If you think I'm over-reacting, consider Mr. DeArmond's detailed article on how to conduct clandestine surveilance. Or how about Mr. Townson's articles on how to program cellular phones to "get free service"? Just those two examples make the material in the Neidorf case look like a first grade class on how to use the telephone. Notice how just a slight shift in wording can change the entire context? Five minutes with vi and some bozo could make life very miserable for many Digest contributors. Now, for the moment, forget about the chilling effect on all of us die-hard telecom nerds. Consider instead the question: "Why is electronic communications treated in such an unwarranted manner by the government and law enforcement?" If I was inclined to be an auto mechanic, I would be trying to find out all I could about cars. If I was an aspiring banker or financier, I would be hanging around financial institutions, learning all I could about money. If photography turned me on, much of my conscious life would be spent around cameras and photographic equipment, as well as any professionals that would spare me their time. But those interested in computers and telephony are looked upon as sinister beings. Any digging for information is viewed as preparatory to an attack on the system. And heaven forbid that a telecompunerd would actually use the technology related to his interests to learn more more about it. For some reason, information on a computer disk is more sensitive, valuable, dangerous, and proprietary than the exact same information in a dusty book on a library shelf. Why is that? And now for a really scary question: What makes the information in Phrack more "criminal" than the information in the Digest? Wait until the Keystone Kops discovers THIS international ring of telephone hackers. Where are they going to store all the computers they seize that have Digest messages on them? IMHO, the Neidorf case could very well be a major turning point in the future of the freedom of electronic communications. We should all be watching this one very closely. John Higdon | P. O. Box 7648 | +1 408 723 1395 john@bovine.ati.com | San Jose, CA 95150 | M o o ! [Moderator's Note: You say it might well be 'a major turning point in the future of electronic communications', but I don't think it will be quite that dramatic. It may well (I think it already has) be the impetus which forces small electronic publishers to maintain the same (generally) responsible standards in publishing observed by the larger operations, i.e. Compuserve, Dow Jones, etc. You have to take an overview of the entire purpose, scope and production of an electronic publication; the individual articles won't tell the whole story. The name 'Phrack' seems to be a combination of the two words 'phreak' and 'hack', two words with a derogatory inference even to many of the people who use them to describe themselves. It is almost as though it was being stuck up under the government's nose with the attitude 'see if you can stop us'. And how do you address security flaws in telecom systems without at the same time giving hints to the no-goods who would abuse the system? You can't, so the question becomes one of intent: are the articles mainly there to educate the no-goods under the guise of 'improving security'? You do not need to print actual code numbers and complete descriptions of successful attacks to alert the security concious to the problem. You did not see any in-depth information about *which* phone numbers were exempt from serial checking in the cell phone articles, nor will you see that sort of detail here. Another thing that annoys the government and the telcos is the constant (and I think sick) swapping out of /f/ with /ph/ on words out of some misplaced reverence to the telephone network. This is a whole topic in itself: the swapping of /f/ and /ph/ to make some point to readers could be discussed in detail. PT]
bakerj@ncar.ucar.edu (Jon Baker) (07/26/90)
In article <9995@accuvax.nwu.edu>, john@bovine.ati.com (John Higdon) writes: > bla bla bla > Now, for the moment, forget about the chilling effect on all of us > die-hard telecom nerds. Consider instead the question: "Why is > electronic communications treated in such an unwarranted manner by the > government and law enforcement?" > If photography turned me on, much of my conscious life would be spent > around cameras and photographic equipment, as well as any nudge, nudge, *wink* *wink* > But those interested in > computers and telephony are looked upon as sinister beings. Any > digging for information is viewed as preparatory to an attack on the > system. And heaven forbid that a telecompunerd would actually use the > technology related to his interests to learn more more about it. > For some reason, information on a computer disk is more sensitive, > valuable, dangerous, and proprietary than the exact same information > in a dusty book on a library shelf. Why is that? And now for a really > scary question: What makes the information in Phrack more "criminal" > than the information in the Digest? Wait until the Keystone Kops > discovers THIS international ring of telephone hackers. Where are they > going to store all the computers they seize that have Digest messages > on them? Don't be paranoid! This is new ground for the SS (Secret Service, that is), and at this time they don't where the legal boundaries are. They don't know what they can and can't do. In the LOD case, they have deliberately over-stepped the bounds of legally acceptable behavior. The courts will review the case, and the actions of the SS, and decide what is and isn't legal for both the accused and accuser. In so doing, they will have established legal precedent governing the rights of the accused, in the context of electronic media, to guide the SS in all future investigations. Thus, if the legal boundaries are reasonably drawn, we should never again see this sort of abuse, in this context. I consider this to be the best course of action for the SS. It is best to draw the legal boundaries up front, rather than dance around the line for the next 50 years, never sure of where it is. Do you expect them to behave 'approriately' from the very beginning? What is 'appropriate'? Everyone has their own opinion. But, only one opinion counts : the courts'. In our judicial system, the SS can not just ask any ol' judge what they're allowed to do. They have to force a case to the courts, in order to force a decision. This may be the same reason for the 'LOD Defense Fund' - I doubt their motives are altruistic. Rather, it is in their best interest, as well, to know the legal bounds that govern or affect their industry. They want to see equal force applied in both directions on the case, in the hope of having the legal lines drawn fairly and equitably. However, my sympathies to all those caught up in the LOD affair. They didn't volunteer to be the litmus test, but had it thrust upon them. > IMHO, the Neidorf case could very well be a major turning point in the > future of the freedom of electronic communications. We should all be > watching this one very closely. IMHO? Since when are your opinions humble? Anyway, I'm sure it will be a major precedent-setter. JB