Computer underground Digest Sun June 27 1993 Volume 5 : Issue 47 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Copy Editor: Etaoin Shrdlu, Seniur CONTENTS, #5.47 (June 27 1993) File 1--Squelching the Rumor of the CuD ftp Sites File 2--Another Stupid Rumor Bites the Dust File 3--UPDATE #14-AB1624: bill-text as amended (*improved)* File 4--Re: Full Disclosure TRIGGERFISH Hassle (CuD 5.46) File 5--Response to Interview with a Virus Writer (CuD 5.44) File 6--Virus Hits White House Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The editors may be contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG WHQ) 203-832-8441 NUP:Conspiracy CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893; In ITALY: Bits against the Empire BBS: +39-461-980493 ANONYMOUS FTP SITES: UNITED STATES: ftp.eff.org (192.88.144.4) in /pub/cud uglymouse.css.itd.umich.edu (141.211.182.53) in /pub/CuD/cud halcyon.com( 202.135.191.2) in /pub/mirror/cud AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD. EUROPE: nic.funet.fi in pub/doc/cud. (Finland) ftp.warwick.ac.uk in pub/cud (United Kingdom) COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Sat, 26 June 1993 11:12:19 CDT From: CuD Moderators Subject: File 1--Squelching the Rumor of the CuD ftp Sites We have received a number of queries in the past few days regarding the future of the /cud directory and files on the CuD ftp site at ftp.eff.org. The rumors focused on three basic "facts:" 1) The EFF has removed all PHRACKS because of complaints from teleco and other corporations; 2) The /pub/cud directory will be removed because it does not coincide with the EFF mandate; 3) The EFF continues to sell out by distancing itself from its original constituency. These RUMORS are FALSE! HERE ARE THE FACTS: 1) PHRACK will be removed for economic reasons. Mitch Kapor explains the drain on EFF's limited resources in the following post, but the bottom line is that the EFF pays $1,000 a month to make it available to the public. 2) The /pub/cud directory *WILL NOT* be removed. We try to place research articles, theses/dissertations, and other material there as we obtain them, and the E-'Zines and other documents provide an excellent resource for scholars, journalists, and students. 3) The EFF has not sold out. As soon as the rumors began flying in, John Perry Barlow and Mitch Kapor immediately wrote, expressing considerable concern over the unfounded rumors. Both recognize the value of the CuD and Comp-Academic-Freedom archives on the eff.org system, and providing public access to documents not readily available elsewhere is a continuation of the EFF goal of making on-line information available to the public. Removing PHRACKS is not a decision they made lightly, but reducing the costs by removing one 'Zine readily available elsewhere (it is our understanding the the CuD shadow sites will continue to carry them) simply assures that other, less-available documents will continue to be provided. There are a few points to keep in mind on this issue: 1) The EFF is under no obligation to provide an ftp site for CuD. They do it because they feel it provides a number of different points of view on cyberspace issues. As Mitch points out below, the files in the /pub/cud directory impose a significant usage burden on the site and this burden is not free. In a sense, the EFF is paying to provide net-folk with a service that is unavailable elsewhere. Perhaps we have all been taking EFF's donation of its system for public ftp services for granted. While not a highly visible activity, it nonetheless remains a critically important one. Now is the time to thank them for their generosity. The CuD editors receive numerous compliments from those who have found the files in the cud/pub directory useful. It is EFF, as well as the shadow sites (and, of course, the Brendan Kehoe and the other archmeisters listed in the CuD masthead) who deserve the credit. The generosity of those who provide the space and those who fill it and keep it well-maintained make the nets a friendlier and more productive space. We also appreciate the support of those who wrote expressing support in case the rumors were true. All of us, from Mitch and John to the archmeisters and CuD editors are involved in enhancing information flow out of a sense of voluntaristic service, and the occasional expressions of support are about the only compensation we receive. We can more tangibly support the archives by supporting EFF. The most obvious way to support them is to join at the relatively low cost of $20 a year for students or low income, or $40 for regular membership. In addition to the EFF newsletter, EFF members occasionally receive "surprises," such as the first issue of Wired and other goodies. Joining is one way of thanking them for offering their system for an extensive ftp archive for a growing body of documents. So, if you use the ftp site, consider sending a few bucks. Whether you agree with all of their policies or not, we're certain that there is little disagreement that it's not fair that they provide us all with a valuable service while we simply leech from it. You can send your sub to: Electronic Frontier Foundation 1001 G Street, N.W. Suite 950 East Washington, DC 20001 202/347-5400 voice 202/393-5509 fax EFF's e-mail address is: eff@eff.org ------------------------------ Date: Sat, 26 Jun 1993 10:17:51 -0600 From: mkapor@KEI.COM(Mitchell Kapor) Subject: File 2--Another Stupid Rumor Bites the Dust We have never contemplated removing CuD from the EFF ftp archive. We have believed and continue to believe it is important to let all voices be heard and we are happy to do what we can. It astounds me and saddens me the extent to which unfounded rumor propagates on the net. People need to have a little more faith, and, oh, maybe, ask us what we're doing before jumping off in paranoid fantasies of EFF selling-out. Here are the facts. EFF's carriage of Phrack, not CuD, was costing us $1,000 per month in additional transmission charges. After an internal review, we decided we could not justify absorbing this rather substantial expense for a single publication. Monthly downloads of Phrack constituted 2 gigabytes or more. We have communicated with the editor of Phrack who has accepted our decision and has arranged for an alternate site. An analysis of the past year of traffic on eff.org revealed an interesting pattern. Roughly 40% of the total byte flow was due to a single publication -- Phrack. Another 40% was due to all other FTP traffic from CuD and other publications. The remaining 20% included all of our email, FTP from the EFF archive, USEET, etc. EFF contracted with UUNET to provide what is called low-volume T-1 service. That is, our instantaneous bandwidth to the net is a T-1, which enables fast through-put, but the $1,000 per month we pay is only intended to give us an average bandwidth of 128 kilobits. UUNET measures the 5 minute average load in every segment and sends statistics to its customers. Because of the growth of traffic over the past year, EFF has been running at as much as twice our contractual limit. UUNET has been billing us a surcharge of another $1,000 per month and was about to permanently convert us to a full T-1 customer at $2,000 per month. We felt we couldn't justify this expense, as the $12,000 per year could pay for nearly half of a full-time staff member, for instance. The solution we chose was to make a decision that we will stop carrying Phrack in the near future. This will enable us to continue to provide all the rest of the services on our server for a good long time without causing us more in the way of expenses. People tend to think of FTP as a "free good". It isn't. Both storage and transmission cost money. Maybe it's time Phrack started charging? Mitch Kapor Chairman, EFF Mitchell Kapor, Electronic Frontier Foundation Note permanent new email address for all correspondence as of 6/1/93 mkapor@kei.com ------------------------------ Date: Sat, 26 Jun 1993 09:04:46 -0700 From: Jim Warren Subject: File 3--UPDATE #14-AB1624: bill-text as amended (*improved)* ((MODERATORS' NOTE: Through the efforts of Jim Warren, and others, California is coming very close to passing a bill that would provide on-line access to computerized public records. This is a crucial bill and has national implications. It's passage could provide the stimulus for other states and provide the public with greater access to crucial legislative and other information. See back issues of CuD for the history of the bill)). June 25, 1993 This summarizes the latest set of amendments to AB1624 that were done by bill-author Debra Bowen on June 17th, and - thanks to Ray of Apple - includes the complete bill-text, as amended. NEW VERSION HAS SIGNIFICANT IMPROVEMENTS 1. It removes the permission and fee requirements that had been placed on anyone who charged anything to "republish or otherwise duplicate" the [electronic-only] public records - a requirement demanded by John Burton (who, incidentally, may kill the bill when it returns to the Assembly for concurrence - unless we can change Burton's mind; yes, he has that much clout). 2. It [generically] specifies that the files are to be available via the Internet - as opposed to leaving open the option for the state to create its own, closed network (e.g., as Hawaii has done). 3. It makes explicit that the Legislative Counsel cannot limit how many files someone can request, and that there will be no monitoring or reporting of who is interested in what files except as it might explicitly pertain to computer operations (i.e., normal sysop operations monitoring). 4. It makes explicit that no fees or other charges can be imposed for this public access to public records - since it will cost the state perhaps $200/month to provide free access throughout the entire state (and globe). 5. It makes explicit that the *complete* print-files will be available, as opposed to the possibility of only having some dumbed-down, limited version of the data from which page- and line-numbers could not be recalculated - though there's no prohibition on them *also* offering ASCII-dumbed versions in *addition* to the full data-files. 6. It specifies that the data is to be made available to the public *immediately* after being sent to the printing plant - which is *after* it has become public record - instead of waiting until it is available on the Legislative Inquiry System. (That turns out to sometimes be days or even weeks after some of the AB1624-mandated records are public.) 7. It assures that older versions of bills will remain available from the Legislature's file-server for at least 90 days they are amended. 8. And, it makes documentation of their data formats available online, uh, IF it's available in computerized form at all - a question to which I have been unable to obtain an answer. ++++++++++ THE NEW BILL-TEXT, AS AMENDED 6/17 [THERE WILL BE MORE AMENDMENTS, LATER] >From apple!ganymede.apple.com!ray Tue Jun 22 00:13:07 1993 Subject--AB1624 - newly amended text hello jim - i just got the new text for AB1624 from Mary today and typed it in. I posted it around (alt.etext, ca.politics, comp.society.cu-digest), but if you could put it on an ftp server i would be grateful. ... AMENDED IN SENATE JUNE 17, 1993 AMENDED IN ASSEMBLY MAY 18, 1993 CALIFORNIA LEGISLATURE--1993-94 REGULAR SESSION ASSEMBLY BILL No. 1624 Introduced by Assembly Member Bowen Principal coauthor: Senator Torres) Coauthors: Assembly Members Areias, Bornstein, Goldsmith, Isenberg, Johnson, Karnette, Katz Mountjoy, Nolan, Polanco, Speier, and Vasconcellos Coauthors: Senators Dills, Hayden, Killea, Morgan, and Rosenthal March 4, 1993 An act to add Section 10248 to the Government Code, relating to the Legislature; LEGISLATIVE COUNSEL'S DIGEST AB 1624, as amended, Bowen. Legislature: legislative information: access by computer network. Under existing law, all meetings of a house of the Legislature or a committee thereof are required to be open and public, unless specifically exempted, and any meeting that is required to be open and public, including specified closed sessions, may be held only after full and timely notice to the public as provided by the Joint Rules of the Assembly and Senate. This bill would make legislative findings and declarations that the public should be informed to the fullest extent possible as to the time, place, and agenda for each meeting. This bill would require the Legislative Counsel, with the advice of the Joint Rules Committee of the Senate and Assembly, to make available to the public, by means of access by way of the largest nonproprietary, nonprofit cooperative public computer network, specified information concerning bills, the proceedings of the houses and committees of the Legislature, statutory enactments, and the California Constitution. Vote: 2/3 majority. Appropriation: no. Fiscal committee: yes. State-mandated local program: no. The people of the State of California do enact as follows: 1 SECTION 1. Section 10248 is added to the 2 Government Code, to read: 3 10248. (a) The Legislature finds and declares that 4 the public should be informed to the fullest extent 5 possible as to the time, place, and agenda for each 6 meeting of the houses and committees of the Legislature. 7 The Legislature further finds and declares that it is 8 desirable to make timely information regarding these 9 proceedings available to each member of the public, 10 irrespective of where he or she resides, for the least cost 11 possible. 12 (b) The Legislative Counsel shall, with the advice of 13 the Joint Rules Committee, make all of the following 14 information available to the public in electronic form: 15 (1) The most recent Assembly Daily File and most 16 recent Daily Senate File. 17 (2) The text of each bill introduced in each current 18 legislative session, including all amended forms of the 19 bill. 20 (3) The bill history of each bill introduced and 21 amended in each current legislative session. 22 (4) The bill status of each bill introduced and 1 amended in each current legislative session. 2 (5) All bill analyses prepared in connection with each 3 bill in each current legislative session. 4 (6) All vote information concerning each bill in each 5 current legislative session. 6 (7) Veto messages concerning each bill, when issued, 7 in each current legislative session. 8 (8) The California Codes. 9 (9) The California Constitution. 10 (10) All uncodified statutes enacted on or after 11 January 1, 1993. 35 (11) Documentation that is available to the public and 36 maintained in computerized form by the Legislative 37 Counsel which describes the computerized digital 38 formats of the files containing the information specified 39 in this subdivision. 40 (c) The Legislative Counsel shall automatically 1 transmit copies of files of the information specified in 2 subdivision (b) by way of the largest nonproprietary, 3 nonprofit cooperative public computer network upon 4 receiving any computerized request for the files. These 5 files shall be made available in this manner immediately 6 after they are transmitted to the Office of State Printing. 7 The files shall contain all of the text and formatting 8 information transmitted to the Office of State Printing. In 9 the event that a technical malfunction prevents these 10 files from being transmitted immediately after they are 11 transmitted to the Office of State Printing, the 12 Legislative Counsel shall report that fact to the Joint 13 Rules Committee within one business day. 14 (d) Any file that is available pursuant to subdivision 15 (c) shall remain available to the public upon request by 16 electronic digital data transmission until it is updated. 17 When a file is updated, a copy of the file without the 18 updated information shall remain available to the public 19 by electronic data digital transmission for at least 90 days 20 after the update. 21 (e) The Legislative Counsel may not control which or 22 how many files are available to a person who requests the 23 files nor monitor or keep any records about those persons 24 who request files, except for the purpose of assuring the 25 quality of computer operations. No fee or other charge 26 shall be imposed as a condition to public access to any files 27 that are made available to the public pursuant to this 28 section. 29 (f) No action taken pursuant to this section shall be 30 deemed to alter or relinquish any copyright or other 31 proprietary interest or entitlement of the State of 32 California relating to any of the information made 33 available pursuant to this section. ========= Ray - ------------------------------ Date: Thu, 24 Jun 93 12:49:49 -0700 From: Phil Karn Subject: File 4--Re: Full Disclosure TRIGGERFISH Hassle (CuD 5.46) In CU Digest 5.46: |> Harris Law Enforcement Products |> |> TRIGGERFISH has a number of cellular phone based applications: |> determining a suspects phone number, dialed number recorder, and |> wiretapping. According to Harris, 'for the first time, law |> enforcement is not at a disadvantage in tracking the high-tech |> criminal." Additionally, the unit 'collects and integrates all |> relevant data, including voice, directly from the ether." |> Reprinted from Full Disclosure, Box 903, Libertyville, Illinois 60048 I find the phrase "directly from the ether" *most* illuminating given a rather heated exchange I had with Mr. Jim Kallstrom of the FBI at the recent CPSR Cryptography Conference in Washington DC earlier this month. Kallstrom is the FBI's chief public advocate for their "Digital Telephony Initiative". Among other things, they want the ability to intercept suspects' cellular telephone calls at the MTSO (switch). Only with a valid warrant, naturally. At the meeting, I made the following comments. I had seen the standards-setting process for the new digital cellular telephone systems from the inside as they related to security and privacy. And I was wondering why the government (specifically NSA, through its export control reviews) was so strongly opposed to meaningful air link encryption, even if the encryption were to stop at the switch as it would have to in order to be compatible with existing telephones on the land side of a cellular call. Such encryption would secure the air link, the most easily intercepted portion of a cellular telephone call, while leaving the conversation in the clear at the MTSO where it could be tapped, if necessary. In a private conversation, one of the senior members of the committee who didn't want his name mentioned told me why. "It's very simple", he said. "Anybody can intercept the radio link. It's easy. But tapping a call at the switch requires the cooperation of the telephone company, and they generally require warrants. And law enforcement says that sometimes, warrants are, well, just too damn inconvenient." This really set Kallstrom off. He attacked my unwillingness to name my source. I challenged him, unsuccessfully, to back up *his* shrill claims for the absolute necessity of Digital Telephony with anything more than handwaving. In a one-on-one conversation during a break, he insisted to me that the FBI was never interested in intercepting the air link portion of cellular calls - "too difficult, too labor-intensive", he said. They only wanted the capability to tap in at the switch, and he couldn't care less if the air link were securely encrypted (though he still wanted the keys to be escrowed for some reason...hmmm...) Perhaps it was a desperate attempt to maintain this "we're not interested in the air link" fiction that triggered Harris's silly overreaction to the public mention of TRIGGERFISH. Phil ------------------------------ Date: Fri, 18 Jun 93 08:45:52 EDT From: morgan@ENGR.UKY.EDU(Wes Morgan) Subject: File 5--Response to Interview with a Virus Writer (CuD 5.44) Re: CuD 5.44 - Interview with a Virus Writer >We're certainly interested in your reactions, pro and con. Did you get >hit by a virus that was more than a minor inconvenience? Yup; our students are hit by viruses on a regular basis. Just last week, a student lost 3 months' work in a virus attack from a friend's home system. Personally, I'm not hit that often; of course, I burn up time scanning every time I boot my system, and I scan *every* floppy that goes into my PC...not everyone has the time/resources to do that, and PC networks (StarLAN, Novell, etc) make it extremely simple to spread viruses. >GA: Do you want to mention that you are running a BBS (computer >bulletin board)? > >UK: Yeah, sure. Call anytime. It exists for people to come and get the >Crypt Newsletter if they are interested in finding it without going >through the usual hassles of underground channels like the cool, elite >bulletin board systems. The underground world has become very >exclusive. In a sense it is cliquey.......... Gee, why isn't his newsletter distributed more widely? If it's all so innocent, I should be able to subscribe via email, right? Are back issues available via ftp? How about an email server? >GA: Aren't they all written in programming languages? > >UK: Assembly mostly. By far most viruses are written in assembly >language. Did this strike anyone else as a rather silly question? Unless someone's hacking with DEBUG, they *have* to write in a "program- ming language"........ >GA: So how many viruses have you made and which ones are they? > >UK: I don't know all of them. Well, there was the Encroacher. That was >in one of the Newsletters. That was a Mutation virus that attacks >Central Point Software's anti-virus program. There might have been >three variants to that. This guy writes a virus that attacks a specific commercial product, and he still has the chutzpah to claim innocence for viruses? Pfui. >GA: What's so exciting about viruses and source codes? > >UK: [...] >I don't think there's a >lot of mystery associated with viruses. Viruses, in my opinion, are >rather trivial programs that, once you're thoroughly cognizant of what >a virus can and can't do, become more like a pest if you ever run into >one. Viruses are "trivial," but this fellow keeps cranking them out? Sounds like doublespeak to me.....8) >People think it's a major catastrophe when they are >hit by a virus. I do not take seriously claims of people being set >back for hours. If they are completely ignorant of a virus, yes. But >someone in the department or in the household knows about viruses. No, "someone in the department or in the household" does NOT necessarily "know about viruses." College and universities are loaded with students who, in many cases, never used a PC before their arrival. >GA: That's becoming very interesting to me. > >UK: Politically incorrect terms. There's always been a great deal of >controversy surrounding this. And so for this reason alone, viruses to >me are interesting. For example, on Prodigy it is okay for dozens of >people to advertise adult bulletin boards, with gigs of pornographic >files available for download. These are not expunged from the Prodigy >computer club as inappropriate. However, if anyone posted a note on >Prodigy saying they want to find a virus, can someone help them locate >a virus, that is immediately spiked. Why is that? I'm not sure. But >it's interesting. It sounds like this guy gets a charge out of being a gadfly. >UK: Well, I enjoy publishing the Crypt Newsletter. [...] >You want to see if you can top yourself and make it more interesting. I believe that this is the crux of the matter. Most virus authors seem to look at viruses as a competition. Just pick up a virus family tree and check out the derivations; everyone's trying to top everyone else, and none of them care about the damage/lost time they cause. >UK: And, so, why is that interesting? Well, he explains why viruses >are interesting for a number of reasons. Part of it because of the >controversy that the concepts brings up. In a way, I think studying >viruses gives you a good understanding of the computer on a really low >level basis, and that's worthwhile. For some people that makes the >computer much more enjoyable as they start to unlock some of its >secrets or understand what is actually going on inside it a little >better. Viruses are kind of an indirect way of getting at that >information. I'll be the first to agree that viruses are educational in some respects; you can certainly pick up a lot of low-level information during the programming cycle. My point is (and has always been) that release of viruses into the world is completely unnecessary. If you were really taking a scholastic bent, you'd never release a live virus; you'd write one, test it, say "it works," put it in your logs, and move on...... >UK: You don't need anti-virus software to get rid of something like >Michelangelo or Stoned. You can do it with undocumented commands. If >you've talked to someone who does know something about viruses, and >you didn't have anti-virus software, you could use that and dispatch >something like Michelangelo and Stoned rather quickly. Yeah, we can really expect our secretaries, clerks, and data entry operators to be conversant with all those undocumented commands and virus scanners. >GA: So you think the reports about problems in other countries are >over exaggerated? > >UK: Well, there's an article which analyzes the media coverage of >Michelangelo and I think that really puts it into perspective. It >really shows the people that tried to actually come up with hard data >after March 6. They just weren't able to come up with anything that I >consider serious data. The only reason that our labs weren't hit was that we went on a massive eradication mission; we made scanning automatic, and we found several hundred infections in the week prior to the target date. >Actually, it is more annoying. It is a >boot sector infector like Michelangelo but once you discover it, you >usually don't have much time left before it activates. It has a very >short activation period after it has been first placed on a disk and >then it encrypts the information on a disk which essentially makes it >useless to you. So he removed it, but it wasn't Michelangelo, he had a >different virus. So where were all the Michelangelo infections? Were >there any? I think it was vastly overstated. Of course, this "different virus" doesn't really jibe with UK's earlier comment of "I do not take seriously claims of people being set back for hours." >UK: No, I think colleges are still pretty vulnerable, don't you? They >are always going to have computer labs, where people can bring stuff >in indiscriminately. That really hasn't changed and maybe it has >moved a little more to the individuals because computers have moved >more into the homes of individuals. This guy is talking through his hat. He follows comments about the "trivial" nature of viruses with analyses of "vulnerability." The comments that "only a few viruses are truly bad" are ludicrous. This fellow sounds like every other virus author I've read; he comes across with the attitude of "you should be watching out for this stuff anyway; it doesn't matter what I do." This strikes me as the height of irresponsibility (and immaturity). ------------------------------ Date: Thu, 24 Jun 93 03:37:40 -0400 From: ci330@CLEVELAND.FREENET.EDU(Jack McNeeley) Subject: File 6--Virus Hits White House ((MODERATORS' NOTE: The following was excerpted from a longer article from The Washington Post)). The following article moved on the Washington Post news wire March 13. I confess that I expected some other CuD reader to go to the trouble of passing the thing along, with enough comment and criticism to pass muster with the fair-use copyright gods, so I neglected to toss the thing your way. Since no one else has done so, and since the on-line shriek community has inexplicably let George Bush's vandalism of the White House computers pass virtually unnoticed, I must submit the following for your perusal. Readers who want the complete article will have to visit their local (paper) library, armed with a dime to plug into the photocopying machine, so that the Post's copyright may be properly violated. Those of you with a social conscience will send some spare change to Katy Graham to buy a legal copy of the newspaper. 11th-Hour Covenant: Lost Memory Computers to Gain for Bush By George Lardner Jr. (c) 1993, The Washington Post WASHINGTON -- When President Clinton's top aides moved into the White House in January, many of them had trouble getting their computers to work. That's because during the night of Jan. 19 and into the next morning -- President Bush's last hours in office -- officials wiped out the computerized memory of the White House machines. The hurried operation was made possible only by an agreement signed close to midnight by the archivist of the United States, Don W. Wilson. The ensuing controversy has added to allegations that the archives, beset for years by political pressures and slim resources, is prone to mismanagement and ineptitude in its mission of preserving for the public the nation's documentary history. It also has raised strong doubts about the efficacy of a 15-year-old law that says a former president's records belong to the people. Just what information was purged remains unknown, but it probably ranged from reports on the situation in Bosnia-Herzegovina to details about Bush's Iran-Contra pardons to evidence concerning the pre-election search of Clinton's passport files. In the warrens of the secretive National Security Council, only a month's worth of foreign cable traffic was retained to help enlighten the incoming administration. [At this point we must pause for fair-use commentary: It's obvious from merely the first five paragraphs of this article that a crime of historic proportions has been committed. If some cyber-rambling teenager had wiped the hard disks of the White House computers, you can bet that legions of doomed SS agents would spare no expense to run the scoundrel to ground. The article continues:] Bush and his lawyers had wanted to leave no trace of the electronic files, arguing they were part of an internal communications system, not a records system. But court orders issued a few days earlier required that the information be preserved if removed from the White House. So backup tapes were made of the data on mainframe computers and carted off to the National Archives by a special task force. Hard disk drives were plucked out of personal computers and loosely stacked into boxes for the trip. Despite such measures, there are indications some material may have been lost. [Indications? Tell me more, tell me more! As in "General Failure Reading Drive C: (A)bort (R)etry (I)gnore"? Oh, I get it: Somebody must have accidentally entered "wipefile *.*". [The article continues:] The transfer had been authorized by Wilson, who at 11:30 p.m. on Jan. 19 put his signature on what would prove to be a highly controversial "memorandum of agreement.' It gave Bush "exclusive legal control' over the computerized records of his presidency as well as "all derivative information.' Critics have denounced Wilson's agreement with Bush as a clear violation of a post-Watergate law that made presidential records public property. And they fear that the authority granted Bush is far broader than officials so far have acknowledged. For their part, archives officials say they did the best they could under difficult circumstances and contend they deserve some credit for getting physical custody of the electronic material. Chided days later about the broad scope of the agreement in a meeting with outside historians, Wilson protested that they just did not appreciate "the political environment in which I was operating.' On Feb. 12, Wilson compounded his difficulties by announcing he was taking a $129,000-a-year job as executive director of the George Bush Center for Presidential Studies at Texas A&M University. The Justice Department has said it is considering a criminal investigation of a possible conflict of interest by Wilson. [Now, that is rich. Not even in Texas could you get this kind of nonsense past a grand jury. [The article goes on to say that the archivist agreed with Bush's claim that the electronic materials were not records but were internal communications. However, the article says, a federal judge had already rejected that claim. [Specifically, the article says, U.S. District Judge Charles Richey had ruled on Jan. 6, in a case brought at the end of the Reagan administration, that information in the White House computer systems not only "fit into an everyday understanding' of what a record is, but also met the statutory definition in the Federal Records Act. The article continues:] Richey said he was worried that the [Bush] administration was about to destroy information "of tremendous historical value.' He also said that making paper copies of the electronic data would not be sufficient, because the paper copies would not necessarily show who had received the information and when. "The question of what government officials knew and when they knew it has been a key question in not only the Iran-Contra investigations, but also in the Watergate matter," Richey observed. The judge ordered the defendants, including Wilson and the Bush White House, not to delete or alter any of the electronic records systems until archivists could preserve the material protected by the Federal Records Act. Richey's Jan. 6 order obliged the archives to make sure that the "federal' or "agency' records on White House computers were preserved, even though they might be commingled with "presidential records.' Figuring out the difference is a chore affecting primarily NSC computer files. [At this point the article explains that a memo written by the national security director to the president would be a presidential record, and not disclosable, but that if the president signs it and sends it to the Pentagon for implementation, then it is a federal record and is disclosable. [The article then says:] According to records churned up by the lawsuit, Richey's Jan. 6 order precipitated numerous meetings of archives officials, often with Justice Department and White House representatives. Government lawyers, meanwhile, went to Richey to ask if they could make backups and purge the computers before Clinton moved in. Richey, uneasy about past foul-ups and what he called "inconsistencies' in the backup taping plan, turned them down on Jan. 14. But the Bush administration promptly appealed. The next day, the U.S. Court of Appeals in Washington said backups would be acceptable "so long as the information is preserved in identical form' until the appeal could be decided on its merits. But the inventories given to the archives task force were not complete. "Many dates are missing,' an after-action archives memo said of the backup tapes, and more than 100 had no dates. It was impossible to tell how many erasures might have been made after Richey's ruling. And according to a certificate from the White House Communications Agency, six tapes packed with NSC messages and memos were "overwritten due to operator error.' [Holy Ned! Does this sound familiar? Where is Rose Marie Woods and her six-and-one-half-minute gap when we need her? The amount of information we're talking about here is staggering. Six nine-track tapes overwritten "due to operator error"? C'mon.] In all, more than 5,000 tapes and hard disk drives were delivered to the archives. Most had to be preserved because of the lawsuit, but a number of hard drives were added at the last minute because of a grand-jury subpoena related to the pre-election search of Clinton's passport files. Once that investigation is over, the grand-jury materials, under the Bush-Wilson agreement, will become "the personal records of George Bush.' [How conveeenient! [The next section of the story details Wilson's background as a Reagan appointee and former director of the Gerald Ford Presidential Library (beg your pardon?). It says that Wilson (shocking though it may seem) declined to comment for this article. It then says, however, that in a March 2 deposition, Wilson testified that he didn't see the Bush agreement until the night of Jan. 19, was unfamiliar with its terms, and signed it only "upon advice of counsel,' namely, one Gary Brooks, the archives general counsel. That's some general counsel, that Gary Brooks! [The article continues:] The Bush-Wilson agreement went far beyond the presidential records law. It gave the ex-president exclusive legal control of all "presidential information, and all derivative information in whatever form' that was in the computers. And it gave Bush the veto power in retirement to review all the backup tapes and hard drives at the archives and make sure that all the information he considers "presidential' is kept secret. He can even order the archivist to destroy it. "It's history repeating itself almost 20 years later,' one official close to the case said, alluding to the September 1974 agreement that gave former President Nixon, who had just been pardoned, ownership and control of his White House tape recordings and papers and allowed him to destroy the tapes over a five-year period. Congress quickly canceled that agreement in a law that applies only to Nixon, but to this day most of the 4,000 hours of Nixon's tapes remain tied up by the maneuvering of Nixon and his lawyers. [The article goes on at considerable length here, and it just gets worse and worse. All I can say is, where is the attorney general? Where is the FBI? Where is the freaking Secret Service and their computer-crime goons? Conspicuously missing, that's where. [The last paragraph of the story is worth reading:] Skeptics are still wondering what's in the [Bush computer] tapes. "There must be something important in them,' [historian Page] Miller said. "You don't have agreements late at night, just like that.' ------------------------------ End of Computer Underground Digest #5.47