tek@ms.uky.edu (Thomas E. Kunselman) (09/16/90)
I came across an article on this Craig Neidorf thing and how it turned
out. I haven't seen any articles on it so I thought I would post this.
If it is old news, just n on by.
All of the information is from Information Week, September 3, 1990,
page 55. Most of the article is about the EFF, it's only a page in
length, but this is the relevant information re: Phrack and Craig Neidorf.
"The U.S. Attorney's office in Chicago claimed that Neidorf, a 20-year-old
political science major at the University of Missouri, had reprinted illegally
obtained information from BellSouth Corp.'s 911 emergency telephone services,
and charged him with wire fraud and interstate transportation of stolen
property."
"An attorny Kapor knew investigated the Neidorf case and others stemming
from Operation Sun Devil, which activated 28 search warrants in 14 cities
earlier this year. The attorney informed Barlow and Kapor that the cases
represented a ""major assault on the Constitution.""
"The charges against Neidorf were all dropped on July 27, after his attorney
proved that anyone with a computer could access the BellSouth data."
--
Thomas Kunselman {rutgers,uunet}!ukma!tek
Planning and Institutional Research bitnet: irkunsel@ecuvm1.bitnet
East Carolina University internet:tek@ms.uky.edu
Greenville, NC 27858 (Educate, Don't Legislate!)karish@mindcrf.UUCP (Chuck Karish) (09/17/90)
In article <16013@s.ms.uky.edu> Thomas E. Kunselman (tek@ms.uky.edu) wrote: >All of the information is from Information Week, September 3, 1990, >page 55. > >"The charges against Neidorf were all dropped on July 27, after his attorney >proved that anyone with a computer could access the BellSouth data." The description I heard of the outcome was that it was shown that BellSouth would sell the data to anyone who asked for it, for a nominal copying fee. The prosecuting attorney was angry with BellSouth for having provided an exaggerated valuation for the data, and abandoned the case. John Nagle may have more to say about this; he was involved in bringing out the true story. -- Chuck Karish karish@mindcraft.com Mindcraft, Inc. (415) 323-9000
mellman@motcid.UUCP (Tom Mellman) (09/17/90)
In article <16013@s.ms.uky.edu> tek@ms.uky.edu (Thomas E. Kunselman) writes: > >"The U.S. Attorney's office in Chicago claimed that Neidorf, a 20-year-old >political science major at the University of Missouri, had reprinted illegally >obtained information from BellSouth Corp.'s 911 emergency telephone services, >and charged him with wire fraud and interstate transportation of stolen >property." > >"The charges against Neidorf were all dropped on July 27, after his attorney >proved that anyone with a computer could access the BellSouth data." It seems that this is the wrong way to approach it. This is all so scary to me. I understand that Neidorf wanted to get off any way he could, but it's frightening that the defense he had to use was only that the material was already in the public domain. I mean, at the very basis of this is issue is the definition of stolen property. How can you steal something from someone if you don't deprive him of it? Of course, at this point people always say that the victim has been deprived of profits. But he wasn't deprived of the item supposedly stolen. This is an issue of copyright, not theft. And am I wrong in my understanding that copyright is a civil offense, not a criminal offense? -- Reply-to: motcid!mellman@uunet.uu.net
mnemonic@walt.cc.utexas.edu (Mike Godwin) (09/18/90)
In article <4628@graphite18.UUCP> mellman@motcid.UUCP (Tom Mellman) writes: >This is all so scary to me. I understand that Neidorf wanted to >get off any way he could, but it's frightening that the defense >he had to use was only that the material was already in the public >domain. I understand your concern, and I agree with you that the real legal issues weren't addressed. On the other hand, Neidorf was an unwilling test case, and federal prosecutions are so traumatic that it would have been foolhardy to pass up such a clear win. Moreover, the conclusion of this case alerted at least one prosecutor (and, one hopes, a larger segment of the law-enforcement community) to the willingness of some corporate entities to participate in inflating the seriousness of some instances of computer intrusion in order to establish federal jurisdiction. This is clearly what Bell South did. So, it's possible the case has significance beyond its particular facts. Like you, I would like to have seen the property issues addressed properly as well as the Constitutional ones. But to judge from Judge Bua's denial of Neidorf's motion to dismiss, it seems unlikely that Bua was open to the argument that the copied text file was not, per se, the proof and the "res" of a property crime. I think such an argument can be made, and it doesn't have to be based on the (radical, these days) notion that information is not property. Instead, one can make an argument that falls squarely within traditional property law--namely, that Neidorf did not deprive Bell South of the *exclusive use* of their "proprietary information." How do we know this? *Because nobody could conceivably USE that file for anything* -- except, possibly, for publication purposes, which are protected. I note here that the property-crime aspects of this case are entirely distinct from the Constitutional issues, and that this argument would apply even if Neidorf hadn't been interested in the file *as a publisher*. >I mean, at the very basis of this is issue is the definition of >stolen property. How can you steal something from someone if you >don't deprive him of it? You're likely to get some critical comments in response to that question, since in fact our legal system has long held that one can be convicted of "theft" after having taken *copies* of important information. But that branch of theft law is predicated on depriving the owner of *exclusive* use of the information. Thus, if I acquire a copy of proprietary information that I can't use (and--very important--I'm not planning on giving that information to somebody who CAN use it), I haven't deprived anybody of the exclusive use of any of the information in question. The 20th century has seen a great expansion of property-crime scope; I'd like to see some limits to it, and this might have been a good case for that. >Of course, at this point people always say that the victim has >been deprived of profits. But he wasn't deprived of the item >supposedly stolen. Presumably, if I copy information that you could have sold me, I've deprived you at least of the profits that you'd have made on that particular sale. > This is an issue of copyright, not theft. >And am I wrong in my understanding that copyright is a civil >offense, not a criminal offense? You're wrong. Copyright violations carry both civil and criminal penalties, as those of you who read the notice at the beginning of commercial videos already know. --Mike Mike Godwin, UT Law School |"If the doors of perception were cleansed mnemonic@ccwf.cc.utexas.edu | every thing would appear to man as it is, (512) 346-4190 | infinite." | --Blake
denning@src.dec.com (Dorothy Denning) (09/19/90)
In article <9009170528.AA22846@mindcrf.mindcraft.com>, Chuck Karish wrote: >>All of the information is from Information Week, September 3, 1990, >>page 55. >> >>"The charges against Neidorf were all dropped on July 27, after his attorney >>proved that anyone with a computer could access the BellSouth data." >The description I heard of the outcome was that it was shown that >BellSouth would sell the data to anyone who asked for it, for a nominal >copying fee. The information about the E911 system was contained in other documents, but you couldn't just call up Bell and say "Send me the E911 document." The charges were not dropped because anyone with a computer could access the BellSouth data. They were dropped because it was determined that there were no real secrets in the E911 file. In article <4628@graphite18.UUCP>, Tom Mellman wrote: >This is all so scary to me. I understand that Neidorf wanted to >get off any way he could, but it's frightening that the defense >he had to use was only that the material was already in the public >domain. He was charged with interstate transportation of stolen property and wire fraud (relating to the theft). I'm not an expert on the law, but it would seem that the defense did exactly the right thing by responding to the charges. >I mean, at the very basis of this is issue is the definition of >stolen property. How can you steal something from someone if you >don't deprive him of it? The best argument I have heard is that you deprive the person of the right to control the distribution and use of the information. In article <37287@ut-emx>, Mike Godwin wrote: >I understand your concern, and I agree with you that the real legal >issues weren't addressed. On the other hand, Neidorf was an unwilling >test case, and federal prosecutions are so traumatic that it would have >been foolhardy to pass up such a clear win. I don't understand what you mean by "real legal issues". Aren't the real legal issues in a case the actual charges, which is what the defense responded to? >Instead, one can make an argument that falls squarely within traditional >property law--namely, that Neidorf did not deprive Bell South of the >*exclusive use* of their "proprietary information." How do we know >this? *Because nobody could conceivably USE that file for anything* >-- except, possibly, for publication purposes, which are protected. BellSouth said they gave a revised version of the E911 document to people working in the field so that they could better deal with installation and maintenance problems with the 911 system. (The document is about installation and maintenance of the 911 system.) Bell employees also claimed that the document could be used to disrupt 911 service. They seemed particularly concerned about the document being used for "social engineering." This is a legitimate concern, especially since their employees are trained to be helpful. I agree that the case raises a number of interesting issues, like how do you put a price on information. If you are the phone company, what price would you put on a document that in your assessment might bring down the 911 system? For those of you who don't know, along with John Nagle I was at the trial working with the defense. John gets credit for locating the documents in the public domain on the 911 system. Dorothy Denning denning@src.dec.com
mnemonic@walt.cc.utexas.edu (Mike Godwin) (09/19/90)
In article <1990Sep18.112039.18672@src.dec.com> denning@src.dec.com (Dorothy Denning) writes: >[in response to Tom Mellman] >He was charged with interstate transportation of stolen property and >wire fraud (relating to the theft). I'm not an expert on the law, >but it would seem that the defense did exactly the right thing by >responding to the charges. I hope nothing I wrote suggests that I believe the defense did anything other than the right thing. >The best argument I have heard is that you deprive the person of the >right to control the distribution and use of the information. This argument is in fact embodied in theft law at present. It is one of the issues that was not addressed in the resolution of the Neidorf case. Prosecution dropped its case not because there were questions about whether what Riggs and Neidorf did was theft, but because the valuation of the "property" in question had been inflated by Bell South (as John Nagle's research clearly showed it had). Was Riggs's acquisition of the information "theft"? Under the "exclusive use" doctrine of theft law as it applies to proprietary information, it arguably was not. Riggs and Neidorf arguably were incapable of using the document for any purpose other than to show that someone had unauthorized access to a Bell South computer -- which makes the content of the document irrelevant. Moreover, neither defendant had the requisite intent for theft of proprietary information, so far as the facts seem to indicate. >In article <37287@ut-emx>, Mike Godwin wrote: > >I don't understand what you mean by "real legal issues". Aren't the >real legal issues in a case the actual charges, which is what the >defense responded to? Not necessarily. In the Neidorf case there were genuine issues of what constitutes theft and what constitutes First Amendment-protected publication. Neither was addressed. Terry Gross's amicus brief, which I'm sure you read, Dorothy, deals almost entirely with issues that, as it happened, never really came up at trial (so far as I've been told). >BellSouth said they gave a revised version of the E911 document to >people working in the field so that they could better deal with >installation and maintenance problems with the 911 system. (The >document is about installation and maintenance of the 911 system.) >Bell employees also claimed that the document could be used to disrupt >911 service. They seemed particularly concerned about the document >being used for "social engineering." This is a legitimate concern, >especially since their employees are trained to be helpful. I think Bell inflated its claim again here. It's hard to see how the contents of the document, which I have read, could be used for "social engineering" or for any other purpose not internal to Bell South. >For those of you who don't know, along with John Nagle I was at the >trial working with the defense. John gets credit for locating the >documents in the public domain on the 911 system. Dorothy does not mention that she ought to get credit as the author of an informative paper on hackers. --Mike Mike Godwin, UT Law School |"If the doors of perception were cleansed mnemonic@ccwf.cc.utexas.edu | every thing would appear to man as it is, (512) 346-4190 | infinite." | --Blake
mellman@motcid.UUCP (Tom Mellman) (09/19/90)
In article <1990Sep18.112039.18672@src.dec.com> denning@src.dec.com (Dorothy Denning) writes: >> >> [ Tom Mellman wrote: ] >>I mean, at the very basis of this is issue is the definition of >>stolen property. How can you steal something from someone if you >>don't deprive him of it? > >The best argument I have heard is that you deprive the person of the >right to control the distribution and use of the information. > That's what I mean by it being scary: this seems to me to be a redefinition of the word theft. I understand now that the law clearly includes surreptitious copying as theft, but isn't that where we lost track of reasonableness? Now we're building case law on top of a basic distortion. I do think that surreptitious copying is a crime - I just don't think it's theft. I sometimes suspect that this nation has lost its industrial competitiveness, and instead of trying to regain a sense of manufacturing and engineering quality, everybody is off playing with computers. As a consequence, we think we're strong in software. Since we have so little else to offer the world markets, we want to elevate software to the level of "property" by legislating it so. But the result will have to lead to a level of governmental probing into all of our consciousnesses that can be nothing short of totalitarian. -- Reply-to: motcid!mellman@uunet.uu.net