telecom@ucbvax.ARPA (11/17/84)
From: Jon Solomon (the Moderator) <Telecom-Request@BBNCCA> TELECOM Digest Fri, 16 Nov 84 16:38:52 EST Volume 4 : Issue 121 Today's Topics: the BBS case continues BBS responsibility Re: TELECOM Digest V4 #120 Re: BBS responsibility Telephone calling cards, fraud, etc. ---------------------------------------------------------------------- Date: Thu, 15-Nov-84 16:09:44 PST From: Lauren Weinstein <vortex!lauren@RAND-UNIX.ARPA> Subject: the BBS case continues To: TELECOM@MC It's obvious that some people simply can't fathom the difference between providing of materials and providing of a "service," particularly the person who recently showed that he couldn't understand the difference between selling paper and running a message handling service! Maybe he can understand this: Nobody would hold someone selling paper, or phones, or computer terminals for that matter, responsible for how those things were used. However, if someone starts a "service" that uses those instrumentalities in illicit manners, the person running that service might well be responsible. Another example. What if there was a phone number you could call where someone would answer, not ask who you were, and provide you with lists of stolen phone and other credit card numbers that had been provided by other callers. Perhaps he claims he doesn't know what those numbers mean, but he's happy to pass them along anyway as a "service." Or let's say that phones weren't even involved, it was all done by postcard (harder to manage since postal addresses are involved). In both of these cases, the "services" would be considered to be "aiding and abetting" in criminal activities, regardless of their claims of "no knowledge or control." The problem that some people seem to have is that they can't understand that technology does not excuse one from conventional legal responsibilities. The reason the BBS's are so popular for passing around illicit numbers is because they are largely ANONYMOUS. If they weren't anonymous, people generally wouldn't discuss such topics. When CCIS technology is sufficiently in place to make calling number recording very simple, they will probably stop being used for such purposes (some years off, though). What is publishing from a legal standpoint? My guess is that the legal question may revolve around the intended audience. If you are sending messages to specific persons, and only they may receive the material, it may well be considered to be a common carrier type operation. If you allow essentially anyone to access your info, you may be taking on the responsibility of a publisher. For example, what if someone anonymously posted a message to a BBS that clearly libeled a person and did him or her great financial harm. Who would be responsible? Do you really think that all courts are going to accept the argument that the BBS operator has no responsibility? Keep in mind that only BECAUSE he created an "anonymous" method for people to send messages was the libelous message so simple to send. The obvious extension of such situations is people setting up BBS's as a convenient way to "avoid" the legal issues surrounding libel and other similar topics. Somone could set up the open libel BBS -- where people feel free to say anything, no matter how damaging, about anyone without being traceable. Of course the BBS operator would disclaim all knowledge of this. Or people *could* set up systems that mainly distributed information useful to the commission of crimes, and once again claim lack of knowledge. The key problem is that the law did not anticipate this sort of "anonymous" situation. It was assumed, for example, that the only way to get a message to large numbers of people was through magazines, conventional broadcast facilities, or newspapers who knew their legal responsibilities and would act accordingly before publishing questionable materials. I don't think that the legal system will long allow people to operate what amount to "no control and no responsibility" broadcast operations. And when the crackdown comes, it will probably be much more severe than any self-imposed controls that the BBS operators might have set into place for themselves. In any case, I do not believe that the widespread use of such technology to allow people to evade the requirements of legal responsibility will (or should) be permitted in the long run. Somebody must be responsible for widely distributed and available materials, and where the originator of the material is not known, the only other responsible party must be the entity that made it POSSIBLE for the anonymous material to be distributed to a large audience, via a single entity, in an anonymous manner. If that entity had not existed, it would not have been so simple or convenient to reach so many people with a single message so quickly. When you start performing operations that amount to broadcasting, responsibilities are part of the game. --Lauren-- ------------------------------ Date: 15 November 1984 21:56-EST From: Donald E. Hopkins <A2DEH @ MIT-MC> Subject: BBS responsibility To: vortex!lauren @ RAND-UNIX Now that companies like Atari, Commedore, and Coleco are telling the masses that it is a social responsibility for them to get their kids a computer, there are now multitudes of people setting up and using BBS's. The good old days of BBS's for computer hobbiests are over. The rules that applied back then simple don't work now. The only reasonable way a BBS operator can really keep track of what his bbs is used for is to verify the name and address of every user, and assign login passwords. Any message a user puts on the board would have his of her name on it, and the operator would know exactly who they were, so if anything like this case in question occured, the sysop could simply point the police to the little snot's doorstep, and the right people would get punished. This would discourage anyone from abusing the system, and provide a certian ammount of security. Security may be a pain in the butt if you're trying to get real work done on real computers, but if you have a computer system like that open to the public, you are going to get a lot of people calling up trying to trash all they can. -Don ------------------------------ Date: 16 Nov 1984 00:52-PST Subject: Re: TELECOM Digest V4 #120 From: the tty of Geoffrey S. Goodfellow <Geoff@SRI-CSL.ARPA> To: TELECOM@BBNCCA Re: egregious fraud on MCI/AMEX TravelNet. Nothing new here really. It's going on all over the country in epidemic proportions. One company told me their loss in revenue is "substantial", another said "Millions and millions per month". Yet another said they get 25,000 cracker attempts PER DAY, with a peak at about 3PM West Coast time. It doesn't take any great technological act of chicanery to dike the codes out. Some do it by hand, others have their computers do the work for them while they snooze away at night. 'round about morning time, it's new codes to read over bacon and eggs. Some OCC's are trying to deter the crackers as best they can though. Since the method most commonly used is normally to dial a modem in a remote city and detecting carrier sense means you made it -- One OCC has followed the "invalid authorization code message" with an answer modem carrier instead of the usual busy/reorder you would get by staying on the line. There is really not much the carrier's can do to really find out who is calling into them. Without Equal Access or upgrading to Feature Group B level access (950-xxxx), which I understand provides them with ANI of the caller. Hopefully this will add the needed level of accountability to move the crackers out of their bedrooms. By the way, perhaps the next Guinness World Records book could have a section on the largest phone bills (both honest and fraud) in dollar amount, number of pages, weight in pounds, number of delivery trucks, etc. g ------------------------------ Date: Thu, 15-Nov-84 21:35:40 PST From: Lauren Weinstein <vortex!lauren@RAND-UNIX.ARPA> Subject: Re: BBS responsibility To: A2DEH@MIT-MC Cc: TELECOM@MC I agree totally. The problem is ANONYMOUS messages. So long as there is some way to know who is posting messages (even if this information isn't displayed on the messages but known to the BBS operator) then it is practical to hold the person who SENDS the messages responsible, instead of the BBS operator. If truly anonymous postings are permitted, however, it is the operators who are going to have the problems. --Lauren-- ------------------------------ Date: Fri, 16 Nov 84 10:24:04 PST From: "Theodore N. Vail" <vail@UCLA-LOCUS.ARPA> To: telecom-request@bbncca.arpa Subject: Telephone calling cards, fraud, etc. With all the fuss about the appearance of a valid telephone charge number on a bboard, it is worth noting what the Telcos' official line is (not that they follow it): 1. Until about two years ago they routinely published millions of valid telephone charge numbers (because every valid telephone number was also a valid telephone charge number) in their own telephone directories. 2. If one looks at a Telco Calling Card (here I will be quoting from a GTE card -- I don't have a Pacific Bell card), one can look in vain for a statement that the number is secret and should not to be divulged. Indeed, all but the last four digits are the same as my telephone number, and if I weren't cognizant of the problem, I might not be aware that those four digits amount to a "pin" (personal identification number). What one does find is a number of statements regarding "use" and possession of the card. For example: "Such unauthorized use can constitute a violation of law. The card is not transferable." "If your telephone and/or calling card number is changed or service is discontinued, please destroy your old card to protect yourself against unauthorized charges by others." "The card is not transferable." It appears that the telco considers the card, itself, not the number on the card, as the item to be protected. In this sense the telcos are acting as if the card were like a Visa card or American Express card, both of which must be physically presented (those who accept telephone charges on such cards knowingly accept the risk that the rightful "owner" may reject the charges). On the general problem of publishing a charge number (not necessarily a telco number): These are not normally treated as secure. Whenever used, a large number of persons, not specially cleared, are given access. A similar statement applies to bank checking account numbers which appear on checks and are accessible to anyone involved in cashing a check. (This is a real problem which has led to major abuses.) I continue to believe that this is a First Amendment matter. Ask any newsperson about restrictions on what they may publish. They will immediately tell you about the "public's right to know" and the First Amendment. In my opinion, a bboard is much closer to a newspaper than a "store and forward network", which is simply a message passing facility the modern version of the United States Post Office (which, after all, is itself, a store and forward network). Finally, about 35 years ago, the nation realized the problems that might occur if persons anonymously discussed illegal matters (such as forceful overthrow of the United States Government). This realization was due to the forthright, outstanding American Senator and Hero, Joseph McCarthy, who brought the problem to the attention of the American public. He would have had no problem with bboards. He would simply have required that all sysops take an appropriate oath of allegiance. Those who didn't would have been blacklisted, lost their jobs, etc. His supported would have provided adequate policing of the bboards. ted ------------------------------ End of TELECOM Digest ******************************