karl@ddsw1.MCS.COM (Karl Denninger) (06/17/91)
Some questions for the field: 1) What, today, is the state of the law with regards to public-access systems? Is the "Jolnet/RIPCO/SJG" paradigm what I should expect of our public officials today? If not, what IS? This question is prompted by the recent discussions in comp.dcom.telecom over Len Rose's sentencing. The moderator, Townson, has divulged that there is another ongoing investigation close to producing indictments. Now an indictment is one thing - most people who have gotten in trouble with the government on these issues would be happy with an indictment as the first government move -- but with the last wave of indictments we also saw what appeared to be unconstitutionally broad "general" search and seizure warrants executed. Am I, as a provider of these services, still at risk for this? Mind you, should I be guilty of stealing source code or the like (I'm not) I'd be happy to take my lumps. My system was just audited again (by myself) to insure that none of my users have been doing any pimping of code. That listing of every file on the system took over 6 hours to peruse (it was well over 6MB uncompressed). I took the many hours to do this just to make >sure< that the entire machine is clean. It is. Being "clean" didn't help SJG when the feds came, siezed all their equipment, and nearly destroyed their company! Who should I contact if the government decides to illegally seize my gear and try to destroy my career? What if this "confidential informant" (who I can't confront or question!) decides he has a bone to pick with me -- and lies to the "SS"? Heresay is considered as usable evidence in the issuance of a search and/or seizure warrant! What protection is there for the victim of such an assault -- other than ponying up tens or hundreds of thousands of dollars to sue for recovery? We all know how easy it is to forge email or system logs. I could easily make it appear that anyone I disagreed with had stolen source code -- and presumably, cause their equipment to come under forfeiture proceedings! What defense does a public-access administrator have against this kind of capricious action? Does anyone who wants to run a public-access system have to accept the possibility of this kind of attack and either live with it or go off the air? Going off the air looks rather attractive if this is the case! Does the EFF get involved, or will they get involved, immediately? And if so, who do I call if this sort of thing was to happen? Note well -- I am quite certain as of this hour that my machine is completely free of any program which I do not have the right to use. I don't feel very safe in this knowledge -- I am, and have been, an outspoken critic of the government's policies in this area, and we all know what happens when the government decides they don't like you........ 2) What are the EFF, and other organizations, doing to put a stop to the nonsense that surrounded the last wave? I can think of a number of attacks that should be mounted. Is anyone handling them? Some of these are: o) The SWB officials and other "officers of the court" who allegedly perjured themselves in the process of having warrants for SJG sworn out should be tried for their perjury, if it can be proven. Perjury is normally a criminal offense. Is it not here? o) The entire Neidorf and friends case is in question. Since the one "main" defendant was dismissed, yet the other three were sentenced (after foolishly pleading guilty) should not there be an attempt to have their sentences reconsidered? The sentencing memorandum is rather interesting reading -- it makes reference to many things we now know not to be true, including the idea that the E911 document was a "program"! o) When is a gang of thugs (which is exactly what a goon squad of government "SS" agents coming to your door and holding you at gunpoint while they ransack your home is) going to be tried for these criminal acts? What interest does the "SS" have in the possible theft of someone's source code -- other than as an arm of a quasi-government company like AT&T? Since when is a simple copyright violation like this a criminal matter (it's always been a civil matter in the past for this kind of copyright violation -- the exception being where the defendant engages in this conduct for profit). There is much more which needs attack as well. The entire idea that the posession of information is somehow illegal needs to be striken from the lawbooks. It is the >misuse< of information which should be illegal, not the possession of same. Is it illegal to know how to break into a computer, even if one never uses that information to break into any systems? Should I be able to be punished for telling others how to break into a system if I know how to do so? If the answer to the second question is "yes", then why aren't people who expose security holes in an operating system on the net routinely tried and jailed? How about the mile-wide security hole in ISC Unix that was recently discovered (and is now fixed)? Would the posting which originated from Germany get a US citizen tried and jailed for having "burglar's tools" in the computer context? How about Dan Bernstein, who has posted more than enough information to allow anyone reasonably skilled with Unix to steal passwords and tap sessions on most Ethernet-capable Unix systems! Is he the next person on the chopping block? I ask this question as I ponder whether I should bother to remain on the air as a public-access site. Being "clean" is no longer enough. It is simply unacceptable for me to risk my career and everything I own to provide an on-line Unix system to the public -- especially when you consider that this really IS a hobby for me -- I operate at a considerable monetary loss as it is! Where does it all end? Comments? Other's solutions? Anything at all (except flames) welcome. -- Karl Denninger (karl@ddsw1.MCS.COM, <well-connected>!ddsw1!karl) Public Access Data Line: [+1 708 808-7300], Voice: [+1 708 808-7200] Anon. arch. (nuucp) 00:00-06:00 C[SD]T, req: /u/public/sources/DIRECTORY/README
kadie@m.cs.uiuc.edu (Carl M. Kadie) (06/17/91)
karl@ddsw1.MCS.COM (Karl Denninger) writes: >Some questions for the field: [...] >1) What, today, is the state of the law with regards to public-access > systems? Is the "Jolnet/RIPCO/SJG" paradigm what I should expect of > our public officials today? If not, what IS? [...] [warning: sarcasm] As a PhD candidate of the subfield of artificial intelligence called machine learning, I think I uniquely qualified to address your concerns. Machine learning covers many topics including neural nets. My area is the automatic creation of expert systems based on classified examples. I have given a description of all the cases and their outcome to PLS-LISP, a machine learning program related to the better known ID3. The result is this expert system: If amount-of-money-you-can-speed-on-your-defense >= 100000 then all-charges-will-be-dismissed else you-will-plead-guilty-to-lesser-charges Extensive cross validation, confirms the predictiveness of this expert system. Based on these results, I recommend you set up a bond for $100,000 to be used for your defense. Then add this message to the sign in screen of your BBS: "Attention: Secret service and telephone company As a person with a bond for $100,000, I am fully protected by the Constitution of the United States; so you might as well look elsewhere. (Contract XXXX to verify the existence of the bond.)" If you can not afford your constitutional rights, I recommend you find another hobby. - Carl -- Carl Kadie -- kadie@cs.uiuc.edu -- University of Illinois at Urbana-Champaign
mkapor@eff.org (Mitch Kapor) (06/18/91)
I hope Mike Godwin will post a more complete response. Feel free to call him at the EFF. The number is 617 864-0665. While there are no certainties, it is not my sense there is any organized witch-hunt in progress which might affect operators of public access bulletin boards. So relax. One of the actions of the past year which makes it less likely that there will be indiscriminate and over-reaching raids is the lawsuit filed by Steve Jackson Games seeking damages resulting from the illegal seizures of their equipment. I wouldn't take Townson too seriously when he says more indictments are imminent. False alarms are commonplace. Mitch Kapor, EFF mkapor@eff.org
mnemonic@eff.org (Mike Godwin) (06/18/91)
In article <1991Jun18.011619.10202@eff.org> mkapor@eff.org (Mitch Kapor) writes: >Feel free to call him at the EFF. The number is 617 864-0665. While there >are no certainties, it is not my sense there is any organized witch-hunt in >progress which might affect operators of public access bulletin boards. So >relax. Of the three major anti-hacking efforts I've been following recently, each is being driven by a different entity or agency. Last week's stories in Atlanta, for example, are tied to GBI investigations, while the previous week's cases in Indiana seem to be cases in which state and local police are working with federal investigators. The ThriftyTel cases, of course, are being driven by a private long-distance provider. >One of the actions of the past year which makes it less likely that there >will be indiscriminate and over-reaching raids is the lawsuit filed by >Steve Jackson Games seeking damages resulting from the illegal seizures of >their equipment. We have received signs recently that computer-crime investigators are on notice that they may well be sued if they abuse citizens' rights in upcoming investigations. --Mike -- Mike Godwin, | To see a world in a grain of sand mnemonic@eff.org | And heaven in a wild flower (617) 864-1550 | Hold infinity in the palm of your hand EFF, Cambridge, MA | And eternity in an hour
mem@zinn.MV.COM (Mark E. Mallett) (06/18/91)
In article <1991Jun17.051532.6155@ddsw1.MCS.COM> karl@ddsw1.MCS.COM (Karl Denninger) writes: > [ Much interesting commentary omitted ] > >Is it illegal to know how to break into a computer, even if one never uses >that information to break into any systems? Should I be able to be punished >for telling others how to break into a system if I know how to do so? Remember Ken Thompson's famous paper describing how he modified the login program, and then modified the C compiler to modify the login program (and the C compiler)? I wonder if he'd publish such a thing now. Richard Feynman ("surely you're joking, Mr. Feynman!") told many stories of his mischeivous nature. In one, while at Los Alamos, he made it a habit to surrepticiously steal combinations to all of the locked files, safes, and so forth, during the atom bomb project. If that were now, and he told the story, would he remain a free man? -mm- --- "Schemes to subvert the liberties of a great community require time to mature them for execution. An army, so large as seriously to menace those liberties, could only be formed by progressive augmentations; which would suppose not merely a temporary combination between the legislature and the executive, but a continued conspiracy for a series of time. Is it probable that such a combination would exist at all? Is it probable that it would be perserved in, and transmitted along through all the successive variations in a representative body, which biennial elections would naturally produce in both houses? Is it presumable that every man the instant he took his seat in the national Senate or House of Representatives would commence a traitor to his constituents and to his country? Can it be supposed that there would not be found one man discerning enough to detect so attrocious a conspiracy, or bold or honest enough to apprise his constituents of their danger? If such presumptions can fairly be made, there ought to be at once an end of all delegated authority." Alexander Hamilton the Federalist Papers, #26 -- Mark E. Mallett Zinn Computer Co/ PO Box 4188/ Manchester NH/ 03103 Bus. Phone: 603 645 5069 Home: 603 424 8129 BIX: mmallett uucp: mem@zinn.MV.COM ( ...{decvax|elrond|harvard}!zinn!mem ) Northern MA and Southern NH consultants: Ask (in mail!) about MV.COM
rogue@cellar.UUCP (Rache McGregor) (06/18/91)
mnemonic@eff.org (Mike Godwin) writes: > In article <1991Jun18.011619.10202@eff.org> mkapor@eff.org (Mitch Kapor) writ > > >Feel free to call him at the EFF. The number is 617 864-0665. While there > >are no certainties, it is not my sense there is any organized witch-hunt in > >progress which might affect operators of public access bulletin boards. So > >relax. > > Of the three major anti-hacking efforts I've been following recently, > each is being driven by a different entity or agency. Last week's > stories in Atlanta, for example, are tied to GBI investigations, while > the previous week's cases in Indiana seem to be cases in which state > and local police are working with federal investigators. The > ThriftyTel cases, of course, are being driven by a private long-distance > provider. Sorry for asking, but what is the ThriftyTel case? Rachel K. McGregor : Let the fire be your friend : Call the a/k/a Rogue Winter : And the sea rock you gently : Cellar at rogue@cellar.uucp : Let the moon light your way : 215/336-9503 {tredysvr,uunet}!cellar!rogue : 'Til the wind sets you free : BBS & Usenet
wruss00@ricevm1.rice.edu (William R. Russell, Jr.) (06/19/91)
In article <1399@zinn.MV.COM> mem@zinn.MV.COM (Mark E. Mallett) writes: ... >Richard Feynman ("surely you're joking, Mr. Feynman!") told many >stories of his mischeivous nature. In one, while at Los Alamos, he >made it a habit to surrepticiously steal combinations to all of the >locked files, safes, and so forth, during the atom bomb project. If >that were now, and he told the story, would he remain a free man? > >-mm- As a side note here, Richard Feynman *only* used that knowledge when he was asked. Typically, some scientist would be away on vacation, and they would come running to Feynman and ask something like "Help! We need the calculations for the oscillation overthruster from Harvey's office!". Feynman would then go into his office to get his "tools" (i.e. look up the combination which he noticed Harvey use a month before), return to Harvey's office, sit there for a while and drink coffee (with the door closed), then come out an hour later with the safe/file/desk unlocked. (Actually, in retrospect, Feynman did use his abilities to play a joke once... but hardly anything serious. In that case, he didn't even steal the combination beforehand, he just guessed it, right off the top of his head. Of course, these are in Feynman's own words, so who knows if he actually was a spy... bwahaha.) Anyway, the *point* of all this is that Feynman didn't break the law. He didn't steal anything, and he didn't copy anything and give it to foreign agents. Granted, if he were working on a government project today and claimed to know all of the passwords for a certain computer system, he would probably be reprimanded. But imprisoned? What law has been broken? (Granted, I wouldn't put it past the government to imprison someone based on means alone, excluding motive or opportunity.) It comes to the same old argument: can you convict someone for possession of the lockpick, even if they don't commit burglarly? Is it ethical to make lockpick possession illegal? >-- >Mark E. Mallett Zinn Computer Co/ PO Box 4188/ Manchester NH/ 03103 >Bus. Phone: 603 645 5069 Home: 603 424 8129 BIX: mmallett >uucp: mem@zinn.MV.COM ( ...{decvax|elrond|harvard}!zinn!mem ) >Northern MA and Southern NH consultants: Ask (in mail!) about MV.COM Rick Russell wruss00@ricevm1.rice.edu The opinions expressed here are exclusively my own.