telecom@ucbvax.ARPA (11/17/84)
From: Jon Solomon (the Moderator) <Telecom-Request@BBNCCA>
TELECOM Digest Fri, 16 Nov 84 16:38:52 EST Volume 4 : Issue 121
Today's Topics:
the BBS case continues
BBS responsibility
Re: TELECOM Digest V4 #120
Re: BBS responsibility
Telephone calling cards, fraud, etc.
----------------------------------------------------------------------
Date: Thu, 15-Nov-84 16:09:44 PST
From: Lauren Weinstein <vortex!lauren@RAND-UNIX.ARPA>
Subject: the BBS case continues
To: TELECOM@MC
It's obvious that some people simply can't fathom the difference
between providing of materials and providing of a "service,"
particularly the person who recently showed that he couldn't
understand the difference between selling paper and running
a message handling service!
Maybe he can understand this:
Nobody would hold someone selling paper, or phones, or computer terminals
for that matter, responsible for how those things were used. However,
if someone starts a "service" that uses those instrumentalities in
illicit manners, the person running that service might well be
responsible.
Another example. What if there was a phone number you could call where
someone would answer, not ask who you were, and provide you with lists
of stolen phone and other credit card numbers that had been provided
by other callers. Perhaps he claims he doesn't know what those
numbers mean, but he's happy to pass them along anyway as a "service."
Or let's say that phones weren't even involved, it was all done
by postcard (harder to manage since postal addresses are involved).
In both of these cases, the "services" would be considered to be
"aiding and abetting" in criminal activities, regardless of their
claims of "no knowledge or control."
The problem that some people seem to have is that they can't understand
that technology does not excuse one from conventional legal
responsibilities. The reason the BBS's are so popular for passing
around illicit numbers is because they are largely ANONYMOUS.
If they weren't anonymous, people generally wouldn't discuss such
topics. When CCIS technology is sufficiently in place to make
calling number recording very simple, they will probably stop being
used for such purposes (some years off, though).
What is publishing from a legal standpoint? My guess is that the
legal question may revolve around the intended audience. If you
are sending messages to specific persons, and only they may receive
the material, it may well be considered to be a common carrier
type operation. If you allow essentially anyone to access your
info, you may be taking on the responsibility of a publisher.
For example, what if someone anonymously posted a message to a BBS
that clearly libeled a person and did him or her great financial
harm. Who would be responsible? Do you really think that all courts
are going to accept the argument that the BBS operator has no
responsibility? Keep in mind that only BECAUSE he created an
"anonymous" method for people to send messages was the libelous
message so simple to send. The obvious extension of such situations
is people setting up BBS's as a convenient way to "avoid"
the legal issues surrounding libel and other similar topics.
Somone could set up the open libel BBS -- where people feel free
to say anything, no matter how damaging, about anyone without
being traceable. Of course the BBS operator would disclaim all
knowledge of this. Or people *could* set up systems that mainly
distributed information useful to the commission of crimes, and
once again claim lack of knowledge.
The key problem is that the law did not anticipate this sort
of "anonymous" situation. It was assumed, for example, that the only
way to get a message to large numbers of people was through magazines,
conventional broadcast facilities, or newspapers who knew their legal
responsibilities and would act accordingly before publishing questionable
materials.
I don't think that the legal system will long allow people to
operate what amount to "no control and no responsibility"
broadcast operations. And when the crackdown comes, it will
probably be much more severe than any self-imposed controls
that the BBS operators might have set into place for themselves.
In any case, I do not believe that the widespread use of such
technology to allow people to evade the requirements of
legal responsibility will (or should) be permitted in the long run.
Somebody must be responsible for widely distributed and available
materials, and where the originator of the material is not known,
the only other responsible party must be the entity that made
it POSSIBLE for the anonymous material to be distributed to a
large audience, via a single entity, in an anonymous manner.
If that entity had not existed, it would not have been so simple
or convenient to reach so many people with a single message so quickly.
When you start performing operations that amount to broadcasting,
responsibilities are part of the game.
--Lauren--
------------------------------
Date: 15 November 1984 21:56-EST
From: Donald E. Hopkins <A2DEH @ MIT-MC>
Subject: BBS responsibility
To: vortex!lauren @ RAND-UNIX
Now that companies like Atari, Commedore, and Coleco are telling the
masses that it is a social responsibility for them to get their kids a
computer, there are now multitudes of people setting up and using
BBS's. The good old days of BBS's for computer hobbiests are over. The
rules that applied back then simple don't work now. The only
reasonable way a BBS operator can really keep track of what his bbs is
used for is to verify the name and address of every user, and assign
login passwords. Any message a user puts on the board would have his
of her name on it, and the operator would know exactly who they were,
so if anything like this case in question occured, the sysop could
simply point the police to the little snot's doorstep, and the right
people would get punished. This would discourage anyone from abusing
the system, and provide a certian ammount of security. Security may be
a pain in the butt if you're trying to get real work done on real
computers, but if you have a computer system like that open to the
public, you are going to get a lot of people calling up trying to trash
all they can.
-Don
------------------------------
Date: 16 Nov 1984 00:52-PST
Subject: Re: TELECOM Digest V4 #120
From: the tty of Geoffrey S. Goodfellow <Geoff@SRI-CSL.ARPA>
To: TELECOM@BBNCCA
Re: egregious fraud on MCI/AMEX TravelNet.
Nothing new here really. It's going on all over the country in
epidemic proportions. One company told me their loss in revenue
is "substantial", another said "Millions and millions per month".
Yet another said they get 25,000 cracker attempts PER DAY, with a
peak at about 3PM West Coast time.
It doesn't take any great technological act of chicanery to dike
the codes out. Some do it by hand, others have their computers
do the work for them while they snooze away at night. 'round
about morning time, it's new codes to read over bacon and eggs.
Some OCC's are trying to deter the crackers as best they can
though. Since the method most commonly used is normally to dial
a modem in a remote city and detecting carrier sense means you
made it -- One OCC has followed the "invalid authorization code
message" with an answer modem carrier instead of the usual
busy/reorder you would get by staying on the line.
There is really not much the carrier's can do to really find out
who is calling into them. Without Equal Access or upgrading to
Feature Group B level access (950-xxxx), which I understand
provides them with ANI of the caller. Hopefully this will add
the needed level of accountability to move the crackers out of
their bedrooms.
By the way, perhaps the next Guinness World Records book could
have a section on the largest phone bills (both honest and fraud)
in dollar amount, number of pages, weight in pounds, number of
delivery trucks, etc.
g
------------------------------
Date: Thu, 15-Nov-84 21:35:40 PST
From: Lauren Weinstein <vortex!lauren@RAND-UNIX.ARPA>
Subject: Re: BBS responsibility
To: A2DEH@MIT-MC
Cc: TELECOM@MC
I agree totally. The problem is ANONYMOUS messages. So long as
there is some way to know who is posting messages (even if this
information isn't displayed on the messages but known to the
BBS operator) then it is practical to hold the person who SENDS
the messages responsible, instead of the BBS operator.
If truly anonymous postings are permitted, however, it is the
operators who are going to have the problems.
--Lauren--
------------------------------
Date: Fri, 16 Nov 84 10:24:04 PST
From: "Theodore N. Vail" <vail@UCLA-LOCUS.ARPA>
To: telecom-request@bbncca.arpa
Subject: Telephone calling cards, fraud, etc.
With all the fuss about the appearance of a valid telephone charge
number on a bboard, it is worth noting what the Telcos' official line is
(not that they follow it):
1. Until about two years ago they routinely published millions of valid
telephone charge numbers (because every valid telephone number
was also a valid telephone charge number) in their own telephone
directories.
2. If one looks at a Telco Calling Card (here I will be quoting from
a GTE card -- I don't have a Pacific Bell card), one can look in
vain for a statement that the number is secret and should not to be
divulged. Indeed, all but the last four digits are the same as my
telephone number, and if I weren't cognizant of the problem, I might
not be aware that those four digits amount to a "pin" (personal
identification number).
What one does find is a number of statements regarding "use" and
possession of the card. For example:
"Such unauthorized use can constitute a violation of law. The
card is not transferable."
"If your telephone and/or calling card number is changed or
service is discontinued, please destroy your old card to protect
yourself against unauthorized charges by others."
"The card is not transferable."
It appears that the telco considers the card, itself, not the number
on the card, as the item to be protected. In this sense the telcos
are acting as if the card were like a Visa card or American Express
card, both of which must be physically presented (those who accept
telephone charges on such cards knowingly accept the risk that the
rightful "owner" may reject the charges).
On the general problem of publishing a charge number (not necessarily
a telco number): These are not normally treated as secure. Whenever
used, a large number of persons, not specially cleared, are given
access. A similar statement applies to bank checking account numbers
which appear on checks and are accessible to anyone involved in cashing
a check. (This is a real problem which has led to major abuses.)
I continue to believe that this is a First Amendment matter. Ask any
newsperson about restrictions on what they may publish. They will
immediately tell you about the "public's right to know" and the First
Amendment. In my opinion, a bboard is much closer to a newspaper than a
"store and forward network", which is simply a message passing facility
the modern version of the United States Post Office (which, after all,
is itself, a store and forward network).
Finally, about 35 years ago, the nation realized the problems that might
occur if persons anonymously discussed illegal matters (such as forceful
overthrow of the United States Government). This realization was due to
the forthright, outstanding American Senator and Hero, Joseph McCarthy,
who brought the problem to the attention of the American public. He
would have had no problem with bboards. He would simply have required
that all sysops take an appropriate oath of allegiance. Those who
didn't would have been blacklisted, lost their jobs, etc. His supported
would have provided adequate policing of the bboards.
ted
------------------------------
End of TELECOM Digest
******************************