TK0JUT2%MVS.CSO.NIU.EDU@UICVM.uic.edu (06/21/91)
**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 3, Issue #3.22 (June 21, 1991) ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet) ARCHIVISTS: Bob Krause / / Bob Kusumoto ARCHMASTER: Brendan Kehoe +++++ +++++ +++++ +++++ +++++ CONTENTS THIS ISSUE: File 1: Moderators' Corner File 2: From the Mailbag File 3: Punishment and Control: Reply to Gene Spafford +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ CuD is available via electronic mail at no cost. Hard copies are available through subscription or single issue requests for the costs of reproduction and mailing. USENET readers can currently receive CuD as alt.society.cu-digest. Back issues of Computer Underground Digest on CompuServe can be found in these forums: IBMBBS, DL0 (new uploads) and DL4 (BBS Management) LAWSIG, DL1 (Computer Law) TELECOM, DL0 (New Uploads) and DL12 (Electronic Frontier) Back issues are also available from: GEnie, PC-EXEC BBS (414-789-4210), and at 1:100/345 for those on FIDOnet. Anonymous ftp sites: (1) ftp.cs.widener.edu (192.55.239.132); (2) cudarch@chsun1.uchicago.edu; (3) dagon.acc.stolaf.edu (130.71.192.18). E-mail server: archive-server@chsun1.uchicago.edu. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. Some authors, however, do copyright their material, and those authors should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to the Computer Underground. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Moderators Subject: Moderators' Corner Date: 21 June, 1991 ******************************************************************** *** CuD #3.22: File 1 of 3: Moderators Corner *** ******************************************************************** +++++++++++++++++ Three LoD members form Comsec Data Security +++++++++++++++++ Craig Neidorf sent over the following article announcing the formation of a security company by three former members of the Legion of Doom. The new company was not a sudden inspiration, but the result of considerable research and groundwork prior to the announcement. According to the partners, the Texas-based companies has already landed several significant contracts. When asked why anybody should hire ex-hackers, one commentator responded that security, like hacking, is just another form of puzzle-solving, and those who can find the holes are likely to those most-able to close them. ***** From: TIME Magazine, June 24, 1991, page 13. AFTER YOU'VE BEAT 'EM -- JOIN 'EM After infiltrating some of America's most sensitive computer banks, is there any challenge left for a digital desperado? Only to go legit, say three former members of the notorious hacker group, the LEGION OF DOOM, who have quit the outlaw game to start Comsec Data Security. The Legionnaries claimed an 80% success rate in penetrating computer networks, and now they want to teach private industry to protect itself from the next generation of intruders. "You can't put a price tag on the information we know," says Scott Chasin, a Comsec partner. But they'll try. (This article features a color photo of the three founding members: Erik Bloodaxe, Doc Holiday, and Malefactor.) ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Various Subject: From the Mailbag Date: 21 June, 1991 ******************************************************************** *** CuD #3.22: File 2 of 3: From the Mailbag *** ******************************************************************** From: an288@CLEVELAND.FREENET.EDU(Mark Hittinger) Subject: Elaboration and Response to Computer Computing Date: Sun, 16 Jun 91 14:42:01 -0400 > These are D.W. James main points from his CuD 3.21 message: 1. College computing is still managed by centralized MIS, and in an unfavorable manner. They aren't dead yet. 2. Centralized MIS has monopolistic control of the use of network bandwidth. 3. College CC administrations dance to NSF's tune. (he who has the gold ect) 4. Centralized MIS can arbitrarily stop something if it appears questionable. Mark's comment: (A seasoned MIS type would put extra effort into quietly stopping anything that a journalist or politician could construe as questionable! People should not be surprised by this, it is a standard reflex for a bureaucrat. I mentioned in my article that if they could not cover up a hacking event that they would exaggerate it instead. I know it is upsetting when something neat gets quietly axed, however, think of the damage that is done when the administrator is forced to exaggerate. They are forced because they feel a need to protect their job and reputation. We shouldn't really blame them too much, after all, it will be their red face on the TV if something in their domain makes the news!) Here is my response (related to my CuD 3.20 article - renaissance ect) I could write another article on the network thing by itself. It is true that computing administrations have moved towards selling networking as opposed to computing. It is kind of like "Custer's last stand" or should I say "job". You know that the demand for bandwidth is growing at a rapid rate. It is growing far faster than the budget money to fund it. What is the result of these two factors? First, there are going to be more network disappointments such as the one mentioned by D.W. James, that is, the shutdown of various grey area network "services". Second, the available bandwidth will soon be so clogged as to render the service unusable. It is kind of like the old timesharing machines. No - I'm not broadcasting a death-of-usenet or death-of-internet message. I'm just saying that a squeeze is coming and it might be a good idea to get out of the way. It is just a natural process that we've seen before in the timesharing racket. People are transmitting images and sound now! Its not just ASCII for breakfast any more! Were the current production networks and hosts designed for this kind of thing? Our desktop machines (and what we want to do with them) have already outgrown yesterday's networks. (So not only do we need a new multi-tasking DOS from Bill, and an elegant new BOX from Ken, we need a new NET. I was quite pleased with Apple's recent filing with the FCC for a personal radio net. Be ready, they are heading in the right direction. Wouldn't it just kill ya to see Apple make a bunch of money again?) Technology can come to the rescue in networking too. It is just a cost issue more than anything else. Centralized computing was created when individuals could not afford computers. Centralized network management exists because yesterday's networks are too expensive for individuals to fund. Today there are alternatives to the network supplied by your college. You can totally bypass these guys today! It is just a matter of money and the costs are dropping like a rock. D.W. James says that MIS isn't dead, however, I argue the clock is sure ticking fast, and that was one of the points of my initial article. The case for MIS survival is hopeless. The case for hackers is that we'd better get busy thinking about what kind of 20 megabit UHF cellular network software we'll need on our used 50 mip laptop. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From: dalton.spence@CANREM.UUCP(Dalton Spence) Subject: can it happen in canada? Date: Wed, 5 Jun 1991 20:00:00 -0400 I am new to the electronic frontier, a greenhorn if you will. As a programmer of midrange IBM systems (S/36 and AS/400) for many years, I thought, sitting here in Canada, I was more objective about the events of the last year than most Americans could be. After all, it wasn't MY constitutional rights that had been threatened (YET). And since most of my career has been spent working for small software companies, the idea of unauthorized intruders in the systems I was working with frightened and repelled me. Fortunately, so far the systems I have worked on have been isolated from the outside world (much like I have been), so hackers have not been a problem (YET). However, I will not become TOO complacent, since the government of Canada has a history of following the lead of the United States, even when it would serve us better NOT to. I am worried that the recent virus infestations of government computers, as described in the attached article from "Toronto Computes!" magazine (June 3, Vol. 7, #5, p. 3), may act as a catalyst for a crackdown on Canadian bulletin boards. Which would be a shame, since I am just getting the hang of using them. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ VIRUSES INFEST FEDERAL GOVERNMENT By LAWRENCE BRUNER Virus infection in computers is growing out of control. They're doubling once every three months in the federal government, said a source who asked not to be identified. She said there have been about 30 cases of virus infection in the last several months and there will probably be about 60 before the end of summer. "We have to do something about it and if we don't we'll be swamped," she said. Viruses have occurred at the department of external affairs, the RCMP, the Supreme Court and Atomic Energy of Canada Ltd. But the viruses aren't concentrated in any departments or agencies, occurring randomly throughout the government, she said. The viruses range from merely annoying to very damaging. In the annoying category is a virus that creates an on-screen ping pong ball about the size of a cursor. The ball bounces up and down the screen, but doesn't destroy any data. More damaging is the Stoned virus which freezes the system and displays the message, "Your disk has been stoned. Legalize marijuana." In some cases the Stoned virus makes it impossible to reboot the system without purging all the software and loading back-up programs. Another virus called Dark Avenger destroys data. Most of the viruses infiltrate the federal government when a civil servant gets software from bulletin board systems. "A civil servant might see some statistic or an article he needs on a BBS and then downloads it," said the source. One of the viruses was created by a 14-year-old boy living in Hull, Quebec, Ottawa's twin city, but most originate in the United States. Viruses are doubling in the U.S. government every two months, said the source. "Things are bigger and better there, so more's happening. They have a bigger population and access to more things." ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: "William Vajk (igloo)" <learn@GARGOYLE.UCHICAGO.EDU> Date: Sun, 2 Jun 91 18:00:40 CDT Subject: Punishment and Control: Reply to Gene Spafford ******************************************************************** *** CuD #3.22: File 3 of 3: Punishment and Control *** ******************************************************************** In CUD 3.14, Gene Spafford wrote: > There is little doubt that law enforcement has sometimes been overzealous > or based on ignorance. That is especially true as concerns computer-related > crimes, although it is not unique to that arena. I am concerned that while computer related interests isn't the only area in which law enforcement has fallen so far short of the mark as to be noticeable, it is the basis for one of the first relatively large scale interactions between law enforcement and middle class. This is the reason for so many of us noting cases which have acquired a notoriety exceeding past norms where the investigation involved a lower class. Such treatments have been the usual fare for the economically disadvantaged, sometimes those culturally distinct (see the movie _Chinatown_ for an excellent example.) Complaints on their behalf haven't been nearly as widespread in spite of the similarities of the behavior by law enforcement. It isn't new. It is simply new to "us." I have some serious reservations about the Chicago Police Department which has declared war on "gangs." Possibly other such declarations have been undertaken elsewhere as well. Just so we understand up front, I do not condone criminal behavior. But my understandings of these events is confounded by the difficulties I have in determining in advance of some criminal behavior or another just what actually constitutes a gang. How does one determine what is an Italian-American Sports Club, and which one is a sinister mob organization. How does one differentiate a group of young men, wearing identical attire while walking across town to play basketball in a park from another group, walking about their turf, and the Boy Scouts. A discussion I just had with the Public Relations officer at the Chicago Police Department did little to help. The distinguishing characteristics are looser and far more evasive than those mentioned by Pastor Niemoeller. The PR officer told me they have something "better than an educated guess" on which to base whether or not an individual or small group is gang related; whether or not to question (should we call it harass) citizens within a community. In the end, we are permitting the police to use personal judgment in many ways. The personal judgment they have been using has now been brought into play in middle class communities. Guess what. We're complaining about it. I am concerned that Spafford's comments can be read to be forgiving and conciliatory in nature where it regards errors made by professional law enforcement. Officer Nemeth in California (see CUD 3.15) has said that he's learning as he goes along. That's a hell of an answer to give some poor fellow who was attempting to access a published bbs number after you've broken two of his doors, confiscated his equipment, and subjected him to interrogation which assumed guilt instead of trying to develop information in a reasonable manner before using one of the most intrusive tactics permitted by law. There's an entire mentality which we see exercised in the modern prototypical police investigation. Officer Nemeth draws some conclusions of dubious worth even after knowing the facts and that there will be no prosecution, "Hopson and the other suspects should have given up after the first failed attempt" of trying to gain access to a computer. "The laws are funny. You don't have to prove malicious intent when you're talking about computer tampering. The first attempt you might say was an honest mistake. More than that, you have to wonder." ^^^^^^^^^ ^^^^^^^^^^^^^^ I suggest we put a rotary combination padlock on Nemeth's locker at work. Any time he misses getting it on the first try, he takes the day off....at his expense. But let's add a bit more realism. Someone should gently but erratically shake his arm to emulate a bit of line noise. The prosecutor in the case, Stephen Brown, didn't believe the police overreacted in their investigation. "They had a legitimate concern." Is having a legitimate concern reason to secure search warrants and damage property? Aren't there any less intrusive investigatory techniques available? Of course there are. The police didn't know where to begin their investigation of this suspected criminal activity. I wasn't surprised at all to learn that PacBell security knew. Given the involvement of yet another telephone company, is the outcome, the overreaction, any surprise????? We understand and feel compassion for one whose home has been violated by burglars. Often we hear that they no longer feel comfortable in their own home. Their inner feelings of security, something most of us take for granted, have been damaged, sometimes irreparably. It is obvious in hindsight that Nemeth's actions were unnecessary and counterproductive. I would not want him on the local police force in my town. I am most concerned regarding his ability to exercise judgment appropriate to the circumstances. But what is worse by far is that some consider his investigative techniques acceptable. N.B. Police brutality doesn't begin at the end of a nightstick or hose. It begins with an attitude. If you hire someone to write a bit of computer code for you which is to perform some specific function, do you accept their learning to do that task on the job and at your expense acceptable professionalism? I dare say you wouldn't. Had you hired them with the understanding that they are beginners and in training, then it would be considered acceptable. Neither I nor any citizen in this nation has accepted the proviso that our law enforcement agents are beginners learning the trade as they go along. We demand the height of professionalism from them, each and every one. We have granted them the extremes of the use of deadly force. I, for one, don't take that lightly. I demand they be professionals and culpable for their actions, whether working on my behalf or not. Spafford talks about responsibility, let it begin with those who are PAID to be responsible and have been evading that duty, manufacturers of software and law enforcement. Who pays them to be responsible? We all do. > Reporting of some of these incidents has also been incorrect. Yes, Gene. In article 5462@accuvax.nwu.edu you misspoke and assisted in proliferation of such incorrect reports : "The information I have available from various sources indicates that the investigation is continuing, others are likely to be charged, and there MAY be some national security aspects to parts of the discussion that have yet to be disclosed." Need I voice the obvious and ask how any "responsible" individual should handle errors they have made? Need I voice the obvious and ask a simple question. What has Gene Spafford done to correct errors he has made? Has his behavior in these matters met the criteria for responsibility he demands from others? > Obviously, we all wish to act to prevent future such abuses, > especially as they apply to computers. 'To thine own self be true' seems so appropriate right about here. Did you wish to issue any corrections or retractions regarding some of your past articles ? > However, that being the case does not mean that everyone accused under > the law is really innocent and the target of "political" persecution. One of the elements common to propagandizing is to create a set of false issues which sound like something your opposition might have said. In this instance, I would appreciate most sincerely either having you repeat the source of such a statement (by someone other than an obvious lunatic) in these newsgroups, or to have you revise your statement into something more resembling the actual circumstances. > That is certainly not reality; in some cases the individuals charged > are clearly at fault. There are any number eventually found responsible and "at fault." I haven't seen much mention made of them on the networks. See below for one such case followed up. Is part of your problem, Gene, the fact that we haven't been flogging dead horses on the net; the fact we haven't been publishing news about those caught, prosecuted, and sentenced fairly? Given another [name deleted] mentality I am certain we could find a volunteer. > By representing all of them as innocents and victims, you further > alienate the moderates who would otherwise be sympathetic to the > underlying problems. By trying to represent every individual charged > with computer abuse as an innocent victim, you are guilty of the same > thing you condemn law enforcement of when they paint all "hackers" as > criminals. Really, this is a bit much. We presume innocence for all until they are actually adjudged guilty. They are thus, at most, represented as suspects until a verdict is handed down. But of course there are some folks who prejudge the outcomes and place articles on the network explaining the involvements of national security in the cases......... Gaining momentum here, Gene? You laid the groundwork for a lie earlier, in true propagandist style, and rush in for the kill in this paragraph. Nowhere has anyone claimed every individual charged with computer abuse an innocent victim. The other case of computer abuse in Naperville, Illinois late last year had to do with an employee of Spiegel. Michael H. Ferrell was charged with creating bogus invoices illegally collecting sizable sums of money. He was also charged with authorizing refunds to his credit cards using their cash registers. Although his scheme resulted in a computer tampering charge (because it is a relatively new and sexy action at the moment) he is more guilty in the ordinary sense of fraud laws designed to protect against abuse of trust. Abbreviated charges (press release) are available in CUD 3.00. He was found guilty (two of the charges were nolle pros) and sentenced as follows : 24 months probation 240 hours of public service work restitution of $30,861.85 periodic imprisonment (weekends) for 6 weekends. Two to be served immediately, and four subject to future motion to vacate to be filed 2/26/1993. Here's a guy who really stole something. Money, lots in fact. > In particular, you portray Len Rose as an innocent whose life has been > ruined through no fault of his own, and who did nothing to warrant > Federal prosecution. That is clearly not the case. Len has acknowledged > that he was in possession of, and trafficking in, source code he knew was > proprietary. I believe you would do well to look up the definition of the term (and charge) of trafficking. There were no monetary considerations or agreements. In fact, similar charges were brought against Neidorf. The fact that the case was dropped precluded a proper addressing of such issues as exchange of information (proprietary or not) without financial consideration. One of the original charges brought against Len involved the retransmittal by Neidorf of the same login.c program back to Len. Raises the same issue we are going to be examining regarding Express Mail where the U.S. Postal Inspectors are arresting recipients of packages known by the US Postal Service to contain contraband and delivered in spite of that knowledge. Such a distancing by investigative and prosecutorial powers from rationality is quite troubling. If someone from LA were to express mail a reefer to Spaf, we might all be reading about a faculty member at Purdue arrested for possession of a controlled substance. Need we ask about the culpability of the sender? Many other questions also have not been answered because of Len's plea bargain. It seems that AT&T source code (according to one of the Foley affidavits) bears legends which claim both proprietary rights and a copyright. You stipulate proprietary. The dual labeling of the original software should do a lot to remove it from consideration as truly proprietary information. The laws regarding copyrights require that all copyright material is subject to deposit at the Library of Congress, where any citizen has a right to read and review. If this is the case, then possession is not illegal, because the text is protected from commercial exploitation by the copyright laws and Len should not have been charged with criminal. Copyright violation is a matter for civil suit. If someone makes 1000 copies of your newly released book and sends it to friends and associates, is it reasonable to expect a criminal prosecution by the U. S. Government, or will your publisher be required to undertake a civil suit for damages? Does it matter whether the copies are electronic or paper? Furthermore, if he sends all 1000 copies across state lines in a single package, has he violated federal laws regarding stolen goods valued at over $ 5000? Each unit is valued at $29.95 by the publisher. Does the fact that he sent 1000 copies individually packaged across state lines negate that federal interest? And when one bears in mind that the laws were originally aimed at automobiles, the connotation assumes tangible goods of substantial value, not tidbits of some larger intellectual property which may or might not withstand as yet unresolved testing for proprietary status, notwithstanding questions regarding the cost/value haphazardly assigned for the sake of federal prosecution. Login.c, a program of some approximately 2000 lines of code, has a value in excess of $ 5000? Official representatives of AT&T have made such representations. The individual making such an assessment has obviously crossed to the other side of the looking glass and is presently enjoying tea with Alice and the Mad Hatter. In the end, of course, all the original charges were supplanted. What would have happened had Len chosen to modify the login.c version which was written by David Ihnat and placed in the public domain? Which laws would then have been broken? The entire rationale supported by your article, Gene, falls apart into itty bitty pieces. Poor judgment alone is not a violation of any laws. What would have happened if Len sent the modified AT&T login.c file across state lines in 10 line increments, to be recombined at the receiving end? The challenges many of us feel are appropriate to such understandings haven't been possible to date. And finally, although by no means of least importance, the entire business of ownership of any single piece of AT&T software, whether source code or binaries needs to be examined. The ONLY owner is AT&T. Everyone who pays fees is licensed to use the software. Thus enters yet another dilemma. Possession is not licensed. Can possession be criminalized? Given this view, new questions arise. Use licensing concepts are not new nor are they unique. > The login changes were the source of the fraud charge. Perhaps you should reread the original 5 count indictment and examine the genesis of the adjustments the government made to the charges in the year plus from beginning to settlement. The government's actions aren't at all pretty. To say the real source of all charges is itself suspect would be an understatement. The government kept digging around and throwing stuff at the ceiling till something kinda stuck. And here's Gene Spafford pointing his finger saying "Aha!" Sure reminds me of Salem. In science, how one acquires data is just as important as the data itself. This doesn't change when it comes to human interactions and the law. > It is certainly security-related, and the application of the law > appears to be appropriate. There was a recent post made to the network regarding a serious security flaw in the Interactive port of Unix to the 80386 machine. The article and all the pertinent information was posted from abroad. If one reads the law to which you refer carefully, every system administrator whose system forwarded or displayed that article is chargeable and could be found guilty under the same law. Indeed, the author of the article probably could have been arrested had it originated here in the United States. The law is erroneous in intent and stupid. It represents a feeble attempt to gloss over technological problems and solve them by social restrictions which are known not to work. The only workable solutions lie within the technology which contains the faults. Admissions were made recently by AT&T regarding internal security. Several appear in the May 13, 1991 issue of BellLabs News. The document is copyright with all rights reserved so I won't quote from it. Bell Labs reports on a study run of their own internal terminals. They discovered inadequate protections exercised by employees affecting (infecting) about 15% of their sample. This comes from a company which lays claims to closely guarded proprietary software? I rather think that a false claim. I had a discussion with a former AT&T employee. Given these circumstances, it wouldn't be at all difficult for an ex employee (and there are plenty of them about now-a-days... some apparently still angry at their former employer) to enter a facility, log in to the internal networks, and purloin proprietary secrets. Interestingly in the same issue is a discussion regarding the newer speed at which software is now being developed. One of the features is the reuse of software in segments. Perhaps something akin to production line tactics, with interchangeable parts. Comes right back around once more to there being but a single severely flawed Unix port for the 80386 CPU. If you have a security problem for one product, you'll have the same flaw in all of them. There are advantages and disadvantages to everything. At the end of the included (CUD 3.14) article, Spafford discuss responsibility. It isn't as though manufacturers of software have exercised sufficient of the legally mandate "prudent man" behaviors when it comes to generating or safeguarding data and code. Almost adult children regularly access sensitive information in computers all over this country at will. Care to draw a conclusion regarding efforts by the industry to protect their information? There is a well known and established "attractive nuisance" consideration in liability actions. Culpability is thus shared by the careless. Historically courts have forgiven criminal trespass of juveniles and sustained lawsuits and judgments against those who are careless with things known to attract the juvenile mind. In all states it is a violation of the law to leave ones keys in the ignition of an automobile. In some states this provision is actually enforced with fines levied against offenders. > By the comments Len made in the code, he certainly knew what he was > doing, and he knew how the code was likely to be used: certainly not > as a security aid. As somebody with claimed expertise in Unix as a > consultant, he surely knew the consequences of distributing this > patched code. I don't give a nit. You and I and anyone familiar with system administration knows that it only takes moments to install a trap door if a reasonably knowledgeable individual has access to root privileges. This permits subsequent iterations of improvement, usually equally undetected. It doesn't take a Len_Rose_Modified_Code to achieve such goals. The self-evident question which arises out of reviewing the court documents relating to Len Rose is simply "why did they prosecute him?" Reading it all and understanding most of it, I still raise the question. Other than an insult to AT&T's sensitivities, I don't understand all the hoopla associated with a relatively uninspired piece of what might best be called 'theftware.' It actually has about as much value in real terms as any other trophy. It has to do with the memory of acquisition. The swordfish on the wall it is hardly tradable, being of no worth to anyone other than the individual who worked to acquire it. I'm not responding to the balance of your "Len Rose is an idiot and a criminal" tirade. You obviously do lack sufficient information to make the caliber of judgments you've attempted. It would be interesting to know what your reactions might be were to suddenly be privy to, at the very least, *all* those documents which constitute the complete court record to date. They are court records, and available. Would you undertake writing a computer related article, perhaps about an operating system, with as little to back up your opinions as you have regarding computer crimes? Please note that my position in writing this article is not to support Len's cause to the exclusion of harsh realities. My interest in undertaking this discussion is directed towards promoting understanding of the irrationality of governmental behavior in this period of relative conservatism. I believe the pendulum is newly swung too far. Gene, none of the issues you've been so freely spouting off about are as simple and straightforward as you imply. There are basically two levels of publicly available information. The first is press releases by law enforcement personnel, the second is the somewhat more complete court record. I really shouldn't have to point out that press releases by law enforcement have historically been highly skewed. Anyone can go back to some case or another which had a press release by the prosecutor, and then read what eventually transpired in court. Even if the individual discussed was guilty, there is invariably a wide gap between the realities of the case and the publicity statements made by prosecutors. And if one has the chance to interview those who were directly involved in the case (on both sides,) the conclusions tend to deviate even further from the understandings promulgated by the press releases originally issued by the prosecution. I have many reservations about the way the prosecutions have been run, evidence handled, and the incestuous relationships between plaintiff, prosecutor, and expert witness. What, for example, isn't readily apparent in the published and court records in the Naperville case is the simple fact that that Interactive office might just as well be a department of the labs across the street. This is the old Lachman Associates, captive contractor to the labs. The very building occupied by Interactive is owned by Bell Labs, Murray Hill. I didn't know that till I visited the Du Page County Tax Collector's office (on a hunch.) The lab's grounds crews cross the street to mow the lawns. Therefore the plaintiff is AT&T. Every witness, including those expected to provide expert testimony on behalf of the government, are AT&T dependents for their livelihood. Sort of like getting into a dispute with a merchant in a town where you are the only outsider, and everyone else involved has a familial relationship. But let's look even a bit deeper. Len was hired at Interactive to be on assignment across the street at the labs. Not only that, but he was interviewed at the labs by lab personnel. He was hired and started work on a Monday morning. Len was terminated on Friday morning. Friday afternoon, a man we all have heard about and a seemingly wannabe Telco employee, Tim Foley of the US Secret Service, arrived at at Len's apartment to question him and read him a Miranda warning. On Monday, local authorities (the Naperville Police Department with Foley's assistance) had secured a search warrant and an arrest warrant. One of these days I'm going to ask the question why the motion requesting AT&T assistance on the raid to search Len's Naperville apartment was approved by a judge but was undated. It COULD be pure oversight, but given the context of the rest of the story, everything has become highly suspect. At best, it was a very very bad procedural error. Len was incarcerated on $ 50,000 bond. Interesting fact in itself, as the bond level for most local violent crimes is only about $ 10,000, to which bond was reduced on request by Len's attorney a week later. Vengeance by a prosecutor effectively under AT&T control, perhaps???? > I share a concern of many computer professionals about the application > of law to computing, and the possible erosion of our freedoms. > However, I also have a concern about the people who are attempting to > abuse the electronic frontier and who are contributing to the decline > in our freedoms. Thus far, it seems most computer laws have been written at the behest of special interests instead of the public interest. The laws already inflict restrictions contrary to generally understood and accepted constitutional provisions. It seems that at every turn where a serious conflict has taken place and law enforcement became involved, the government has taken every possible action to prevent the constitutional challenges which are important to reforming and refining societal understandings of these issues. > Trying to defend the abusers is likely to result in a loss of > sympathy for the calls to protect the innocent, too. I cannot understand how anyone can make such a statement with a straight face. It is essential to our system of justice that even (especially) the obviously guilty get a good defense. If I were witness to my father's murder, I would demand the killer have a good defense team in spite of the fact I would do all in my power to see the person convicted. Our system of justice is far from perfect, but it sure beats the dickens out of whatever might be considered second best. We're not going to be able to maintain our relative fairness is we go about spiffing down the defense to suit someone's set of prejudices. I am glad the American Nazi Party has the right to march in Skokie, in spite of the fact I detest their platform. So long as the worse of my enemies is treated fairly, there's a chance I too will receive fair treatment. > However, I certainly do not want to ask people to rally around > the cases of Robert Morris or Len Rose as examples of government > excess, because I don't think they were, and neither would a > significant number of reasonable people who examine the cases. I wonder if, upon reading the court documents in the Maryland case for Len Rose, you would consider the motions filed by Carlos M. Recio on May 21, 1990 to be a reasonable understanding of the excesses exercised by the government. Recio studied the case at that time and prepared, as Len's attorney, a voicing of serious concerns regarding the validity of the search warrant obtained by Foley et troupe. In fact, they exercised what we know as a 'general warrant.' "They seized Len Rose's Army medals from the master bedroom which were contained in a chest of drawers." It is clear they knew this seizure, as page 3 of the inventory spells out "Bag w/ Misc Papers + Army Commendation Medals." Thus, it was no oversight or accident. Recio continues: "The SS searched through the Rose family photo albums, removing a picture of Len Rose and several photographs of computer equipment that he had taken for insurance purposes." More evidence????? More excess? "The SS seized the Rose family's files (mortgage, loans, credit card bills, army records, marriage paperwork, diplomas, resumes', etc.)." I can see it now. Len's marriage paperwork was potentially additional evidence of criminality. Mortgage papers, more criminality....and so on with diplomas and army records. Please bear in mind that the basis for requesting a search warrant was to determine whether or not Len Rose was indeed the individual known as "terminus" and that he was indeed the individual who had transmitted the login.c program to Neidorf. That was the crime for which the government was seeking evidence. What is very clear in the record is that the government did in fact embark on a witch hunt, overtly seizing all sorts of things totally unrelated to their case, as in the colonial examples of general warrants, attempting to build prosecutable offenses out of thin air. It then became not "in the ordinary course" of an investigation that other issues surfaced, but as a direct result of the violation by the government of the very laws they are sworn to uphold. The usual course for charges originating on such a basis is dismissal, because it is not in the best interest of the citizens or the state to reward law enforcement officers for violating the rights of the citizens in order to build a case for prosecution. In scientific rationale, evolutionary aspects eventually will soon resolve the issues. Law enforcement will learn to keep within guidelines while improving their conviction statistics, and if the criminal escape this time, and he repeats, it is likely he will be caught and better prosecuted in the next instance (by that recently improved law enforcement.) And if the criminal reforms as a result of the close call, of what benefit is incarceration or punishment? Excessive? Actually yes, Gene, it was quite excessive. Now, to substantiate your claim, go find yourself a "significant" sized group of individuals prepared to take the time to seriously examine the Rose case, and when they're done, let's then compare results. In the meantime, if you really believe the case is important enough to elicit your commentary, read the documents proper and stop with reliance on second or third hand information. Twice now, regarding the resultants of the E-911 case you've been long on assumptions, short on proof. Twice now, regarding the resultants of the E-911 case you've been long on promises, short on results. Given this history, I ask, would a "responsible" man now seek truth and publish it, or retire from this discussion. This article isn't so much a defense of Len Rose as it is an indictment of the prosecutions. I also feel it is necessary to point out in no uncertain terms that those who support law enforcement blindly do themselves and their community a disservice. There is little doubt that many well intentioned individuals serve us well in careers supporting the justice system. There has been movement by all branches at the federal level of law enforcement to assume guilt before investigation and to trample rights freely utilizing the immunity originally granted in order to protect officers making honest mistakes as a standard operating procedure instead of an exceptional circumstance. The complaints on the net have, for the most part, been related to our own back yard. Computers are the baby here. Yet overall we see the same sorts of problems creeping into the justice system everywhere. Historically we have written our laws in such ways as to empower law enforcement personnel to capture criminals and bring them to trial while limiting offense to the sensibilities of the general population. The diverse thresholds of offense we have regarding police actions are based on our niche in society. Because I have become more concerned regarding police officers questioning long haired men at roadside, spread eagled against a rattletrap of a car, doesn't imply that my niche has changed. It does show that along with many others the level at which I take offense has changed with the incursion of similar tactics by police into the middle class middle aged community, the community to which I belong. The activities of this community haven't changed. The actions taken by the police have. We note, sadly, that finding or creating of "probable cause" is used to bring my neighbors personal and financial grief. So beware, Gene Spafford. The past immunities offered by class and perhaps occupation are doing nothing for us these days. Nor is it enough to be squeaky clean. Nor is it enough to have the general appearance of being squeaky clean. You are now required to preemptively make every law enforcement officer whose path you cross believe you are squeaky clean. If you fail, you won't go to jail (probably) nor will you be fined (probably.) But it can cost a lot of money in legal defense to keep oneself out of jail and to maintain a void criminal record. Bill Vajk ******************************************************************** ------------------------------ **END OF CuD #3.22** ********************************************************************