Computer underground Digest Tue, Dec 17, 1991 Volume 3 : Issue 44 Moderators: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) CONTENTS, #3.44 ( Dec 17, 1991) File 1: Jyrkis Posting File 2: Re: Canada: Police Seize BBS, Software Piracy Charges Expected File 3: FBI vs Kiddie Porn File 4: "Getting what he Deserved?" (Reprint from Effector 2.02) File 5--A book worth adding to your CuD list ... File 6: E-mail privacy bibliography File 7: Second CFP Conference Issues of CuD can be found in the Usenet alt.society.cu-digest news group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL0 and DL12 of TELECOM, on Genie, on the PC-EXEC BBS at (414) 789-4210, and by anonymous ftp from ftp.cs.widener.edu (147.31.254.132), chsun1.spc.uchicago.edu, and ftp.ee.mu.oz.au. To use the U. of Chicago email server, send mail with the subject "help" (without the quotes) to archive-server@chsun1.spc.uchicago.edu. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. Some authors do copyright their material, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to the Computer Underground. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Sun, 8 Dec 91 23:35:27 EST From: Pat Subject: File 1--Jyrkis Posting In Cud 3.43, Jyrki Kuoppala writes: > Also, the description of the E911 system shows that 1984 is here. Very > scary stuff. In Finland I heard that they use caller id at hospitals > and the police uses it - someone said that all telephone exchanges > have good hooks for telephone surveillance and detailed recording of > all calls going thru the exchanges. It's easy to imagine what can be > done with the information when combined with all the various of other > source governments have. The Helsinki area has a high-tech radio cab > system - and it keeps detailed logs of where cabs were called, at what > time, where people travelled etc. and I hear they are checked by the > police. While it is true, new digital technology makes invasion of privacy possible on new scales, one should remember that much of this was available to government, merely without the finesse. THe First wiretapping case in this country was argued in 1924. Police have often used the written logs of taxi companies to track suspects. The KGB and communist security maintained a massive police state using simple informers. One should not get upset, that the police have a new toy and method of surveillance, one should be upset that it is being used in invasive non-constitutional ways. We should work to have privacy statutes enforced where in order to get data, the police must have a warrant, and also statutes to destroy irrelevant data within short time periods. I.E. Visa should not keep my charge records more then 18 months, libraries should not keep track of checkouts after the return. The police will always have their methods, we should as a society determine what the limits are. ------------------------------ Date: Wed, 11 Dec 91 10:36:05 -0500 From: elauren@HUBCAP.CLEMSON.EDU(Addison Laurent) Subject: File 2--Re: Canada: Police Seize BBS, Software Piracy Charges Expected >My question/comment about this concerns the legality of confiscating >the computer along with the software. Why? If you commit a bank robbery, For instance, they confiscate your getaway car.... >Namely, if the charge is distributing copyrighted materials, then why >was the entire system taken? The computer itself, once unplugged, is >not terribly capable of providing evidence. But it was an object USED in a crime... Just like a car, gun, etc. Take my previous example. You rob a bank. Drive away in the car. (assume no one saw the car) - what evidence is that? But if the police catch you (you were going 100 in a 20 mph zone, recognize you, and arrest you, they can impound the car - even though it has no evidence value. What I'm not sure of the legality of (and the courts don't always stop illegal stuff) - is the confiscatin of UNRELATED computer equipment. This is, in large part, due to police ignorance of the subject. If they come arrest me, confiscate my computer, likey they will confiscate my sister's too (even though they are different types) ------------------------------ Date: 09 Dec 91 19:37:26 EST From: Gordon Meyer <72307.1502@COMPUSERVE.COM> Subject: File 3--FBI vs Kiddie Porn "FBI Investigates Computerized Child Pornography" The FBI is investigating a complaint by an America On-Line user who says he was able to get several versions of child pornographic pictures sent to his private electronic mailbox after he subscribed to America On-Line computer service. Roger Dietz of Fremont, California, claims he subscribed to the America On-Line computer service to investigate a tip given him by a friend in Nevada that subscribers could engage in sexual conversations with teenage users. He said he received the computerized photographs after engaging in electronic exchanges with other subscribers. According to a spokesperson, America On-Line, which has 150,000 subscribers and is based in Vienna, Virgina, is prevented by federal privacy laws from monitoring communications on the system, so it was unaware of the illegal traffic but is cooperating fully with the authorities. America On-Line's spokesperson said, "Clearly, our policy is that E-mail is a private area and we adhere to the privacy issues surrounding that. This child porn stuff was taking place in the E-mail. So we were not aware of it." The FBI said computer bulletin boards are often used by child porno-graphers, but for communication purposes only, not for the actual transmission of the illegal material. However, the FBI admitted the same privacy laws that make it difficult for a company to monitor the traffic on its bulletin board will also make the FBI investigation very difficult. ======================================================== Reprinted with permission from STReport 7.48 12/6/91 ------------------------------ Date: Sat, 27 Nov 1991 12:54:32 -0600 From: mnemonic@eff.org Subject: File 4--"Getting what he Deserved?" (Reprint from Effector 2.02) GETTING WHAT HE DESERVED? An Open Letter to Information Week by Mike Godwin mnemonic@eff.org Information Week 600 Community Drive Manhasset, N.Y. 11030 Dear editors: Philip Dorn's Final Word column in the November 11 issue of Information Week ("Morris Got What He Deserved") is, sadly, only the latest example of the kind of irrational and uninformed discourse that too often colors public-policy discussions about computer crime. It is a shame that Dorn did not think it worthwhile to get his facts straight--if he had, he might have written a very different column. The following are only a few of Dorn's major factual errors: He writes that "It is sophistry to claim [Internet Worm author Robert] Morris did not know what he was doing--his mistake was being slovenly." Yet even the most casual reading of the case, and of most of the news coverage of the case, makes eminently clear that the sophists Dorn decries don't exist--no one has argued that Morris didn't know what he was doing. This was never even an issue in the Morris case. Dorn also writes that "Any effort to break into a system by an unauthorized person, or one authorized only to do certain things only to do certain things, should per se be illegal." This is also the position of the Electronic Frontier Foundation, which Dorn nevertheless criticizes for being "out of step with the industry." Yet the issue of whether unauthorized computer access should be illegal also was never an issue in the Morris case. Dorn writes that "Those defending Morris squirm when trying to explain why his actions were harmless." No doubt such defenders would squirm, if they existed. But none of the people or organizations Dorn quotes has ever claimed that his actions were harmless. This too was never an issue in the Morris case. Dorn makes much of the fact that Morris received only "a trivial fine and community service." But the focus both in the trial and in its appeal was never on the severity of Morris's sentence, but on whether the law distinguished between malicious computer vandalism and accidental damaged caused by an intrusion. EFF's position has been that the law should be construed to make such a distinction. Dorn writes that "To say that those who intrude and do no lasting damage are harmless is to pervert what Congress and those who drafted the legislation sought to do: penalize hackers." Indeed, this would be a perversion, if anyone were making that argument. Unfortunately, Dorn seems unwilling to see the arguments that were made. "It is sickening," writes Dorn, "to hear sobbing voices from the ACLU, the gnashing of teeth from Mitch Kapor's Electronic Frontier Foundation (EFF), and caterwauling from the Computer Professionals for Social Responsibility--all out of step with the industry. They seem so frightened that the law may reach them that they elected to defend Morris's indefensible actions." Dorn's distortions here verge on libel, since we neither defend Morris's actions nor are motivated out of fear that the law will apply to us. Instead, we are concerned, as all citizens should be, that the law make appropriate distinctions between intentional and unintentional harms in the computer arena, just as it does in all other realms of human endeavor. A more glaring factual error occurs one paragraph later, when he writes that "The Supreme Court says intruders can be convicted under the law because by definition an intrusion shows an intent to do harm. That takes care of Morris." The Supreme Court has never said any such thing--after all, the Court declined to hear the case. Even the lower courts in the Morris case made no such claim. What is far more "sickening" than even Dorn's imaginary versions of our concerns about the Morris case is his irresponsibility in making unsubstantiated charges that even a cursory familiarity with the facts could have prevented. In the course of his article, Dorn manages to get one thing right--he writes that "The law is not perfect--it needs clarification and reworking." This has been our position all along, and it is the basis for our support of Morris's appeal. It is also public knowledge--Dorn could have found out our position if he had bothered to ask us. Mike Godwin Staff Counsel EFF ------------------------------ Date: 25-Nov-91 04:27 CST From: Netreach [76004,3332] Subject: File 5--A book worth adding to your CuD list ... As a keen follower of the CU saga from the other side of the pond, I noted that this particular book had not been mentioned in your booklist. So to whet your appetite I thought that some relevant parts of the book might be of interest. You may wonder at my enthusiasm for the book: it's simply that I was one of the many people interviewed by Margaret for her study! COMPUTER ADDICTION? A Study of Computer Dependency by Margaret A Shotton University of Nottingham (Reviewed by Keith Lockstone) UK: Taylor & Francis Ltd, 4 John St, London WC1N 2ET. USA: Taylor & Francis Inc, 1900 Frost Road, Suite 101, Bristol, PA 19007. ISBN 0-85066-795-X Hbk ISBN 0-85066-796-8 Pbk FOREWORD Since 1979, a mere ten years ago when the microcomputer first started coming to Britain in quantity, there has been very extensive growth in two particular areas; in the growth of computers and, sadly, of drugs. With the simultaneity of this growth and the intensity with which some people became involved with computers, it is perhaps not surprising that in the early 1980s we began to hear some suggestions of the possibility of 'computer addiction'. The word addiction has been applied to the compulsion of drug-taking since the early 1900s, and indeed it could be argued since 1779 whence the example 'his addiction to tobacco is mentioned by one of his biographers' (quotation from the Oxford English Dictionary about Johnson). In a nutshell one might say that the most interesting and important outcome of Margaret Shotton's doctoral research is to show clearly that the word addiction should not be used about the relatively small proportion of computer users who become intensive computer devotees; or if used, then the term should be interpreted not in the drug sense but more precisely in another version of the definition in the OED as 'the state of being given to a habit or pursuit'. The computer dependent person, to use Shotton's term, is clearly a hobbyist, 'a person devoted to a hobby (sometimes used with a connotation of crankiness)', where hobby denotes 'a favourite occupation pursued merely for amusement or an individual pursuit to which a person is devoted (in the speaker's opinion) out of proportion to its real importance'. This excellent piece of research has shown how the extensive use of a computer can be a most important hobby for some people, not an addiction (in the usual sense of the word) but at one extreme of the very wide range of intense concentration and involvement covered by people's hobby interests. If the computer, one of the most powerful tools which mankind has so far invented, is never used to cause greater potential distress or danger than as an extreme hobby, we shall have no reason to fear the computer devotee or the computer expert. But that begs a whole different range of research issues! Professor Brian Shackel Loughborough University of Technology PREFACE This research was initiated through my combined interests in new technology and in people. As a lifelong observer of the human condition I have always been fascinated in the activities of others, and in trying to determine what makes them 'tick' and brings them fulfillment in life. What is obvious to all is that what holds the attention of one may provide boredom for another. Many in the population feel that chasing a ball around a court of field is a worthwhile and meaningful activity, while to others programming in machine code is infinitely more exciting. Who is to say which is more acceptable? During a period of four years I was immersed in the lives of people for whom interaction with computers was considered infinitely preferable to the majority of their interactions with people. This is not a belief I personally share, in spite of the fact that I spend much of my life staring at a VDU screen, but one which I came to understand and appreciate fully. People differ in their needs, aptitudes and in their cognitive styles, and happy are they who are able to find an activity which perfectly matches their personality. The 'computer dependents', who shared their beliefs, their pains and their happiness with me, have enriched my understanding of psychology as not textbook ever could. Their honesty and their ability to lay bare their weaknesses as well as their strengths have proven how dangerous it is to nd or to show prejudice against those who differ from ourselves. Early readings about 'computer junkies' and 'hackers' suggested that if I pursued this research I might spend my time with people who were barely human and who were unable to converse with others on any meaningful level. How untrue this proved to be. I met some of the most fascinating people of my life. They were intelligent, lively, amusing, original, inventive, and very hospitable. True, they rarely spend much time communicating with people for reasons explained within this book, but when interest was shown in them and their activities it would be difficult to find more interesting conversationalists. True, many of them were unconventional and unconstrained by society's 'mores', but who would not like the freedom and courage to act without recourse to others? True, some of their relationships were problematic and their activities bewildering and distressing to their partners, but they were no more likely to have failed marriages than the rest of the population. They were pursuing an interest which not only provided intellectual challenge, fun and excitement in infinite variety, but one which enabled many of them to improve their career prospects considerably. Many used computers not only at home but also at work, and true fulfillment must come to those who are able to combine their hobby with a means of earning a living. will enable readers to re-evaluate their attitudes to those in society who do ot share their own interests, to become more empathetic with those who seem socially inhibited and shy, and to realize that judgment based solely upon observation alone is inadequate when one wishes to understand the machinations of the minds of others. Margaret A. Shotton Nottingham July 1989 cover blurb: COMPUTER ADDICTION? A study of computer dependency This research investigates the syndrome of computer dependency and the l stories which suggest that 'obsessive' dependence of people upon computers is detrimental to their social and psychological development. Based upon her major psychological study of computer 'dependents' or 'junkies', brought forward by national publicity, Margaret Shotton shows that extreme computer use does not turn gregarious, extrovert people into recluses. Her personal and arguably controversial thesis is rather that for people who prefer to interact with the inanimate than with other people, the computer can offer a source os inspiration, excitement and intellectual stimulation, and can create an environment which is positively therapeutic. Formally a teacher, Margaret Shotton studied ergonomics at the University of Technology, Loughborough, where she subsequently obtained her Ph.D. She is currently a lecturer in the Department of Production Engineering & Production Management at the University of Nottingham. Of related interest: Computers and the Psychosocial Work Environment Gunilla Bradley ------------------------------ Date: Mon, 2 Dec 1991 16:52:49 GMT From: NEELY_MP@DARWIN.NTU)EDU)AU(Mark P. Neely, Northern Territory U) Subject: File 6--E-mail privacy bibliography I have been having an e-mail conversation with Stacy Veeder for several days on the topic of e-mail privacy. She mailed me this bibliography which she has compiled for two papers which she is currently writing. I thought the readers of _CuD_ might find it of interest! PS - She is interested in talking with anyone who has some views on the topic/information to share. Mark N. +++++++++++++++++++++++++++++++++++++++++++++++++++ From: SMTP%"@CUNYVM.CUNY.EDU:SBVEEDER@SUVM.BITNET" From: Stacy Veeder To: Mark Neely ***********************BIBLIOGRAPHY BEGINS HERE************************* Bairstow, Jeffrey, "Who Reads Your Electronic Mail?" Electronic Business (June 11, 1990), 16(11):92. Barlow, John Perry [barlow@well.sf.ca.us], "Crime and Puzzlement: Desperados of the Datasphere" (1990), Whole Earth Review (in press as of 6/91), distributed through Usenet newsgroup sci.virtual- worlds [15948.9007180105@hydra.unm.edu]. Brown, Bob, "EMA Urges Users To Adopt Policy on E-Mail Privacy," Network World (October 29, 1990), 7(44):2 (two pages). Burke, Steven, "Electronic-Mail Privacy To Be Tested in Court in Suit Against Epson," PC Week (August 20, 1990), 7(33):124. Casatelli, Christine, "Setting Ground Rules for Privacy," Comput- erworld (March 18, 1991), 25:47 (two pages). Caldwell, Bruce, "Big Brother Is Watching," Information Week (June 18, 1990), (275):34 (three pages). Caldwell, Bruce, "E-Mail Privacy: A Raw Nerve For Readers," In- formation Week (July"30, 1990), (280):52 (two pages). Caldwell, Bruce, "E-Mail Privacy Issues Raised," Information Week (August 13, 1990), (282):14 (two pages) Caldwell, Bruce, "Whose Mail Is It Anyway? Companies are Con- fronting the E-Mail Privacy Issue Head-On," Information Week (August 20, 1990), (283):53. Computer Underground Digest (November 13, 1990), 2(2.11), avail- able as sjg.warrant.CuD through anonymous ftp at eff.org and distributed through Usenet newsgroup alt.society.cu-digest. Conca, Mike [conca@handel.cs.colostate.edu], "E-Mail Privacy" (May 23, 1991), distributed as Article 45 through Usenet news" group comp.admin.policy [15110@ccncsu.colostate.edu]; also distributed through Usenet newsgroup comp.unix.admin. Davis, Fred, "Beware: 'Little Brother' May Be Reading Your Mail," PC Week (October 29, 1990), 7(43):198. Denning, Peter J., "The Internet Worm," in Denning, Peter J. (ed.), Computers Under Attack: Intruders, Worms, and Viruses (New York: Addison-Wesley Publishing Company, 1990), pp. 193- 200. Doty, Phil, Doctoral Student, Syracuse University School of In- formation Studies, Presentation to IST 553, June"12, 1991. Eisenberg, Ted, et al., "The Cornell Commission: On Morris and the Worm," Communications of the ACM (June 1989), 32(6):706-09 [reprinted in Denning (ed.)]. Electronic Privacy Act of 1986, P.L. 99-508 (100 Stat. 1848). Eskow, Dennis, "Lawyers Warn: Don't Back Up Your E-Mail; Anything Transmitted on E-Mail May Be Held Against You," PC Week (September 11, 1989), 6:81 (two pages). Freedom of Information Act of 1986, 5 USC 552. Higgins, Steve, "E-Mail Experts On Guard Over Security Leaks," PC Week (July 30, 1990), 7:43 (two pages). Higgins, Steve, "Emergency cc:Mail Upgrade Combats Security Breach," PC Week (April 9, 1990), 7:1 (two pages). Higgins, Steve, "Message Monitor Gives Users Eagle-Eye View of E- Mail Flow," PC Week (March 25, 1991), 8:5. Highland, Harold Joseph, "Security: If the Password's 'Anything Goes,' It's Your Loss," Government Computer News (October 29, 1990), 9(23):61 (two pages). Kadie, Carl [kadie@cs.uiuc.edu], "Computers and Academic Freedom Mailing List," available as caf through anonymous ftp at eff.org. LaPlante, Alice, "Epson E-Mail: Private or Company Information?" Infoworld (October 22, 1990), 12(43):66. "Managers 'Remain Dangerously Complacent About Computer Secu rity,'" Computergram International (October 29, 1990), (1542). Markoff, John, "Furor Erupts From Computers in Politics," The New York Times (May 4, 1990), 139:A8(N), A12(L). Miscellaneous documents, available in a single file as ncsa.email through anonymous ftp at eff.org. Miscellaneous files available through ftp eff.org (/academic sub directory). Miscellaneous messages posted to caf-talk@eff.org (through list- serv@eff.org). Miscellaneous postings distributed through Usenet newsgroup comp.admin.policy. Molloy, Maureen, "NW [Network] User Panel Takes Stand on E-Mail Privacy," Network World (November 5, 1990), 7(45):2 (two pages). Montz, Lynn B., "The Worm Case: From Indictment to Verdict," in Denning, Peter J. (ed.), Computers Under Attack: Intruders, Worms, and Viruses (New York: Addison-Wesley Publishing Com- pany, 1990), pp. 260-63. Nash, Jim, "E-Mail Lawsuit Cranks Open Privacy Rights Can of Worms," Computerworld (August 13, 1990), 24:7. Nash, Jim and Harrington, Maura J., "Who Can Open E-Mail?" Com- puterworld (January 14, 1991), 25:1 (two pages). Reid, Brian, "Reflections on Some Recent Widespread Computer Break-Ins," in Denning, Peter J. (ed.), Computers Under Attack: Intruders, Worms, and Viruses (New York: Addison- Wesley Publishing Company, 1990), pp. 145-49. Rochlis, Jon A. and Eichin, Mark W., "With Microscope and Tweez- ers: The Worm from MIT's Perspective," in Denning, Peter J. (ed.), Computers Under Attack: Intruders, Worms, and Viruses (New York: Addison-Wesley Publishing Company, 1990), pp. 201-22. Savage, J.A., "E-Mail Bust Generates Privacy Rights Uproar," Com- puterworld (January 23, 1989), 23:2. Spafford, Eugene H., "Crisis and Aftermath," in Denning, Peter J. (ed.), Computers Under Attack: Intruders, Worms, and Viruses (New York: Addison-Wesley Publishing Company, 1990), pp. 223- 43. Stewart, John [jstewart@rodan.acs.syr.edu], Consultant, Syracuse University Academic Computing Services, Presentation to IST 553, June 12, 1991. Stoll, Clifford, The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage (New York: Doubleday, 1989). Scott, Karyl, "IAB To Begin Trial of Proposed E-Mail Security Standards," PC Week (March 27, 1989), 6:35 (two pages). Turner, Judith Axler, "Messages in Questionable Taste on Computer Networks Pose Thorny Problems for College Administrators," Chronicle of Higher Education (January 24, 1990), A13, A16. Steven Jackson Games' subsequent complaint against the Secret Service et al. is available as sjg.complaint through anonymous ftp at eff.org. ------------------------------ Date: Fri, 13 Dec 1991 13:12:48 -0500 From: Craig Neidorf Subject: File 7--Second CFP Conference First Announcement of THE SECOND CONFERENCE ON COMPUTERS, FREEDOM, AND PRIVACY L'Enfant Plaza Hotel, Washington DC March 18-20, 1992 (A longer, complete, electronic version of this announcement is available by sending a request with any title and any message to cfp2-info@eff.org.) The rush of computers into our workplaces, homes, and institutions is drastically altering how we work and live, how we buy and sell, and with whom we communicate. Computers are obliterating traditional political and organizational boundaries, making time zones irrelevant, and bridging diverse cultures. They are fundamentally changing our culture, values, laws, traditions, and identities. The turmoil of the changes calls into question many old assumptions about privacy, freedom of speech, search and seizure, access to personal and governmental information, professional responsibilities, ethics, criminality, law enforcement, and more. The only way to sort out these issues and arrive at a consensus for action is to acknowledge that we don't know the answers -- and then, with reason and good will, to find the answers through discussion and education. That's why the Conference on Computers, Freedom, and Privacy was founded in 1991. The Computers, Freedom, and Privacy Conference is unique. It has no "agenda for change". It seeks only to bring together people from all the major communities and interest groups that have a stake in the new world being shaped by information technology, so that they may share their ideas, ideals, concerns and experiences. At the first conference, hundreds of people from the fields of law, computer science, law enforcement, business, public policy, government, education, research, marketing, information providing, advocacy and a host of others met for several days. It was the first time such a diverse group had ever assembled, and the exchange of ideas and points of view was electric. The conference is "single-track" -- all participants attend all the sessions. A morning of tutorials at the beginning of the conference will help participants get up to speed in specific "hot" areas. The conference sessions themselves take up timely and, at times, thorny issues. Each session aims for a balance of perspectives in order to assist diverse groups appreciate the views of others. A brief examination of the long list of sponsoring and supporting organizations will reveal that this respect for diverse outlooks is built into the conference from the ground up. The question is no longer whether information technologies will change our world. They are, now. The real question is how we, as citizens and professionals, will respond to and manage that change. Those at the Second Conference on Computers, Freedom, and Privacy will lead the way. ------------------------------ End of Computer Underground Digest #3.44 ************************************