------------------------------ Date: September 8, 1990 From: Jim Thomas Subject: Musing over Operation Sun Devil ******************************************************************** *** CuD #2.02, File 2 of 5: Musing over Operation Sun Devil *** ******************************************************************** It is nearly four months after the May 8 raids from Operation Sun Devil, and pushing three years since the investigation began. To date, there still seems to be little that has come from the highly publicized operation. In various press releases, public appearances, and comments to the media, the operation was called by law enforcement a major effort in the crackdown on hackers, the beginning of a national sweep against computer crime, and an attack on threats to national security. In many ways, Operation Sun Devil and the raids that preceded it were "trial by media." Law enforcement officials issued press releases, appeared on tv and radio talk shows, and made themselves quite visible with their sweeping, strident, and often factually wrong comments. Craig Neidorf's first indictment associated him with the Legion of Doom, and it associated the LoD with bank theft and disruption of E911 services, among other crimes. The public was asked what other group of criminals held conferences and published newsletters. This does not strike us as an unprejudicial statement, especially when the presumed "criminal" about whom the allusion apparently was made was not only not convicted, but had his trial cancelled before the prosecution had even finished presenting its case. Yet, it has been those critical of the raids who were sometimes called "mean spirited," hypocritical, and worse law enforcement and others who supported the crackdown. Other indictments still may be forthcoming. But, our concern is that, to save face and avoid the embarrassment of what at this point appears to be a major fiasco, law enforcement officials may stretch legal definitions to prosecute even the most minor offenses as a means of showing that the Operation was justified. It is still not clear why the particular boards that were raided were picked. The language of the indictments and comments to the media convey the imagery of a "ring," of something organized, of people acting in collusion or in a conspiracy. Yet, neither the evidence presented so far nor any other facts that have surfaced support this. It appears that confiscation of equipment is being used as a form of intimidation or as punishment without trial. Because of the raids, lives have been traumatically disrupted, perhaps destroyed, innocent employees have been put out of work because of the financial hardship the raids caused at least one company, and many would argue that the Bill of Rights has been tarnished by those charged with protecting them. Most of us have consistently argued that we should not build barriers between computerists and law enforcement and that we should try to educate agents, legislators and the public to the nature of the computer underground. This, however, seems perhaps naive and idealistic. Despite the evidence, despite the reasoned approach of many, such as EFF, and despite the lack of indictments to date, those involved in Sun Devil show no indication whatsoever that they have listened to any of the concerned voices. They repeat the same hackneyed phrases that paint "hackers" as dangerous criminals. Dramatic statements about the costs of hackers to society, their threats to security, or their past actions for disruption are raised. But, when asked to name a few examples, or when asked for the sources of their information, they are silent, either changing the subject, repeating glib one-liners, or falling back on that old standby "We can't discuss on-going investigations." Perhaps serious crimes were committed by some. But, if so, indictments should be issued. When suspects are investigated in a serious crime, the public (and the suspects) are generally told the specific nature of the crime and the evidence, or at least the reason they're a suspect, is revealed. One maddening tendency of law enforcement is that of "guilt by association." A few dramatic crimes are cited and then hackers are drawn in by association. By analogy, the logic would be akin to stating that speeding get-away drivers in a bank heist are dangerous felons, and then comparing them with a driver who speeds 10 mph over the speed limit on the freeway as a means of invoking law to confiscate speeders' cars, send them to prison for a mega-sentence, or to otherwise hassle drivers. Driving infractions, however, do not raise the Constitutional issues of right to privacy, search and seizure, or freedom of speech. Crimes, and very serious crimes, are committed with computers. But, we suggest, the so-called "hacker community" is generally not the primary culprit. To claim that computer crime costs society x-billion dollars a year as a means of justifying the current practice of punishment without trial is deceptive at best. August Bequai indicated that most computer crime occurs from within an organization. Other serious crimes (embezzlement, theft of trade secrets) are rarely, if ever, done by the "common hacker." There is virtually no evidence that we have seen--and if any law enforcement officials want to present some, we will alter our views--to substantiate the "slippery slope" thesis--that just as marijuana leads to "harder stuff," a young computer hobbyist begins hacking and then moves on to bank robbery or planting serious viruses. This is just one of many examples of the hyperbole of some officials to justify their attack on the CU. The danger is that instead of finding more constructive ways to combat this new form of juvenile delinquencyy, they are swiping at an ant with an h-bomb (and missing). If resources are as limited as officials claim in explaining why it takes so long to investigate, or why they can't put technologically-trained agents in the field, then shouldn't those limited resources go to better use? ******************************************************************** >> END OF THIS FILE << *************************************************************************** Downloaded From P-80 International Information Systems 304-744-2253 12yrs+