**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 3, Issue #3.21 (June 17, 1991) ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet) ARCHIVISTS: Bob Krause / / Bob Kusumoto ARCHMASTER: Brendan Kehoe +++++ +++++ +++++ +++++ +++++ CONTENTS THIS ISSUE: File 1: Moderator's Corner File 2: From the Mailbag File 3: Review of Gary Marx's UNDERCOVER File 4: Review of PROTECTORS OF PRIVILEGE File 5: Review of THE INFORMATION WEB File 6: Hollywood Hacker Sentenced File 7: Len Rose Sentenced (Reprint from Newsbytes) +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ USENET readers can currently receive CuD as alt.society.cu-digest. Back issues of Computer Underground Digest on CompuServe can be found in these forums: IBMBBS, DL0 (new uploads) and DL4 (BBS Management) LAWSIG, DL1 (Computer Law) TELECOM, DL0 (New Uploads) and DL12 (Electronic Frontier) Back issues are also available from: GEnie, PC-EXEC BBS (414-789-4210), and at 1:100/345 for those on FIDOnet. Anonymous ftp sites: (1) ftp.cs.widener.edu (192.55.239.132); (2) cudarch@chsun1.uchicago.edu; (3) dagon.acc.stolaf.edu (130.71.192.18). E-mail server: archive-server@chsun1.uchicago.edu. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. Some authors, however, do copyright their material, and those authors should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to the Computer Underground. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Moderators Subject: Moderator's Corner Date: June 17, 1991 ******************************************************************** *** CuD #3.21: File 1 of 7: Moderators Corner *** ******************************************************************** A few quick notes: CuDs ON COMPUSERVE: Back issues of Computer Underground Digest on CompuServe can be found in these forums: IBMBBS, DL0 (new uploads) and DL4 (BBS Management) LAWSIG, DL1 (Computer Law) TELECOM, DL0 (New Uploads) and DL12 (Electronic Frontier) Issues in the IBMBBS and LAWSIG libraries are binary files that can be extracted using recent versions of ARC or ARC-compatible programs. The issues uploaded to TELECOM have thus far been ASCII text that can be read on-line or downloaded. Thanks to Scott Loftesness for uploading the issues to TELECOM. Special thanks to Bob Izenberg who sent this information along to us and has been meticulously diligent in keeping Compuserve files current. PAPER ON THE CU: Back in February, The Butler passed along to us his paper on THE COMPUTER UNDERGROUND. We intended to publish it, but because of the size, we haven't yet had the chance. So, we've made it available in the ftp cites. If you do not have ftp access, let us know and we'll send a copy via bitnet. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Various Subject: From the Mailbag Date: 15 June, 1991 ******************************************************************** *** CuD #3.21: File 2 of 7: From the Mailbag *** ******************************************************************** From: vnend@PRINCETON.EDU(D. W. James) Subject: Re: Cu Digest, #3.20 (file 5--response to M. Hittinger) Date: 13 Jun 91 16:08:27 GMT In CuD #3.20, file 5, (an288@freenet.cleveland.edu) Mark Hittinger writes: ) Personal computers are so darn powerful now. The centralized MIS )department is essentially dead. Companies are moving away from the )big data center and just letting the various departments role their )own with PCs. It is the wild west again! The new users are on their )own again! The guys who started the stagnation are going out of )business! The only thing they can cling to is the centralized data )base of information that a bunch of PCs might need to access. This )data will often be too expensive or out-of-date to justify, so even )that will die off. Scratch one of the vested definers! Without )centralized multi-million dollar computing there can't be any credible )claims for massive multi-million dollar damages. In some areas maybe, but not on most college campuses. And they are just as oppressive as the MIS's of old that Mark's article mentioned. And it is not just *CCs... Some time ago the NSF directed that all sites that have access to the Internet have some means of authenticating who is accessing it from those sites. It used to be that, in most any college town, you could call the local campus network access number, and with a few keystrokes be accessing your account across the country, or even out of the country. Now, as more and more sites come into compliance with the NSF, this is becoming a thing of the past. Is this a bad thing? Maybe not. But the network is a little less useful than it used to be. As computers become smaller and cheaper and more powerful, the power that the central Computing Center had is being weakened. But that is not the end of the story. Those smaller and cheaper and more powerful computers are (for me, and I suspect for most of us) not all that useful unless they can talk to other computers. So *that* is where the CC of the 90's is becoming powerful. Instead of controlling CPU cycles and diskspace, they are controlling bandwidth. An example: a talented programmer at a major state school started writing a suite of network communications tools. He realized that what he had written would make it easy to write a chat program that ran over the Internet (or a lan), and hacked one together. It was a wild success. In its first year there were two papers written about it's conversational dynamics and NASA requested the sources. It was used to get news out of the Bay area after the Oct. '89 earthquake. The programmer learned a lot. People who decided to write their own versions of the client learned a lot. Sounds like the kind of thing that a major university would like to hear about, right? Wrong. As soon as someone at the CC heard about it, there were questions about it as a "legitimate use of University resources". Finally, though no one at the Computing Center would claim responsibility, a filter was put in place that effectively killed it. Some of the people in the administration claimed that they had to do it because the NSF didn't feel it was an appropriate use of the facilities. The NSF's own documentation puts the lie to this. But the utility is still dead. It never reached its second birthday. The MIS departments, as Mark refers to them, are not dead. They just changed what they sell. )The witch hunts are over and poorly designed systems are going to become )extinct. I very much hope that you are correct. I don't believe it for a moment though... +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From: "Genetics Lifeguard: YOU!!! Out of the pool!!!"@UNKNOWN.DOMAIN Subject: On Achley's making an arrest {File 2, CuD 3.20} Date: Thu, 13 Jun 1991 16:21 CDT Anyone can make a citizen's arrest for a crime which the person being arrested did in fact commit. However, the person making the arrest had better be sure, because if the prosecution doesn't get a conviction FOR ANY REASON, they become liable for civil and criminal charges of false arrest and kidnapping. However, this does NOT give the arresting citizen the right to lay hands on the arrestee UNLESS THE ARRESTEE tries to resist the arrest. So don't be surprised if Atchley doesn't find himself in trouble for assault and battery. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Sanford Sherizen <0003965782@MCIMAIL.COM> Subject: Review of Gary Marx's UNDERCOVER Date: Wed, 12 Jun 91 15:07 GMT ******************************************************************** *** CuD #3.21: File 3 of 7: Review of Gary Marx's UNDERCOVER *** ******************************************************************** Gary T. Marx, UNDERCOVER: POLICE SURVEILLANCE IN AMERICA A Twentieth Century Fund Book Berkeley: University of California Press, 1988 Reviewed by Sanford Sherizen, President of Data Security Systems, Inc., Natick, MA, MCI MAIL: SSHERIZEN (396-5782) On the western (non-electric) frontier of the U.S., disagreements on property rights led to almost continuous battles between Native Americans, farmers, cattle ranchers, sheep herders, and the propertyless. To a large degree, these battles were decided by the invention of barbed wire. Ownership was quite literally set by the wire, which defined the property lines. They who had the wire had the rights. Livestock or crops could be kept in and trespassers or the unwanted could be kept out. For some, the current battle over electronic information property rights is a search for the electronic equivalent of barbed wire. Ownership of intellectual property, only in part a battle to control that "stuff" called cyberspace, is becoming an almost continuous set of encounters. The participants differ from the western frontier days but the stakes are as high for the future of this nation. As LAN increasingly stands for *L*imitless *A*ccess *N*ationwide and the Sun Devil and Steve Jackson cases take on new twists and turns, there is a need for guidance on how to resolve essential questions of electronic property. As computer people discuss the law and BBS's are filled with terms like attractive nuisance, it is clear that there is a need to ask essential questions. Can we have appropriate controls over certain illegal/unethical/ inappropriate behavior and, at the same time, establish accountability over the behaviors of the police and other control agents? How can we develop the rules of behavior, using old laws, new technologies, and uncertain etiquette? To help me answer these questions, I decided to reread Gary Marx's book on undercover policing. He had written one of the few analytical books that cover the dilemmas of covert policing in a democratic society. His perspective on the issue is quite clear. In starting his research for this book, Marx viewed undercover police tactics as an *unnecessary* evil. In the course of his research, he reached the conclusion, however reluctantly, that in the United States these tactics are a *necessary* evil. As he explores the troubling issues of covert policing in great detail, he documents the problems and pitfalls rather than singing its praises. He also point out that it is sometimes difficult to separate the heroes from the villains. This is a book for the Information Age that I highly recommend. One of the strengths of the book, and of sociologist Gary Marx's more general work found in his many public speeches, articles, and research reports, is the broadness of his analysis. While focusing on undercover policing, he discusses a much broader set of insights on the delicate and often difficult decisions that have to be made to establish a society that is based on law as well as on order. He makes clear that easy answers ("unhandcuff the police", "All information is free") are non-answers. What is necessary is for public policy to reach some new understandings on appropriate conduct, both for computer users and for policing authorities. Marx points out that undercover policing has developed from the society at large rather than as a rogue activity. It is often stated that a society gets the crime that it deserves. Similarly, we get the policing that we accept. Covert policing developed as a result of changing crime patterns, which included acts such as white collar crimes and drug smuggling that were difficult to control with traditional policing. Specific funding supports from the federal government and changes in judicial and legislative priorities also supported more active policing activities. Finally, new surveillance technology allowed different types of police work. Undercover policing was the child of major changes in our society. The last chapter sums up his arguments about policing as well as the larger issues of social change by discussing the new surveillance. Whether humans or computers as informers, visual and audio surveillance, electronic leashes or person truth technologies, there is a steadily increasing technological way and technological will to gather information on individuals. The new surveillance transcends anything possible during earlier eras. It transcends, distance, darkness, physical barriers, and time. It is often involuntary. It is more intensive and more extensive. The result could mean a maximum-security society. How does this book help us to understand the cyberspace battles? In some ways, that book can be seen as a counter-argument, both against the Secret Service (and other computer crime-fighting organizations) as well as against the EFF (and the other information freeing organizations). Rather than taking a middle road that says both sides of this argument are equally right or wrong, Marx suggests that in democratic societies, we are faced with police techniques that offer us a queasy ethical and moral paradox. "The choice between anarchy and repression is not a happy one, wherever the balance is struck. We are caught on the horns of a moral dilemma. In Machiavelli's words: "...(P)rudence consists in knowing how to recognize the nature of the difficulties and how to choose the least bad as good.' " The barbed wire of the electronic age must have a different set of conditions. The book draws out relevant questions and issues, not only about the police but more about public policy. Marx presents what he calls a compass, not a map. The questions that he raises should be seen as navigational aids and not as a flight plan. He ventures to ask, "Where and how should the lines (of appropriate police activities) be drawn?" That is a good start for the development of electronic rights. For those who would like a more constitutional view of the policing problem, I would also recommend the report from the U.S. Congress, Office of Technology Assessment, CRIMINAL JUSTICE, NEW TECHNOLOGIES AND THE LAW. This 1988 report, available from the Government Printing Office (No. 052-003-01105-1, $2.75) is a useful supplement to the Marx book. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Jim Thomas >jthomas@well@sf.ca.us< Subject: Review of PROTECTORS OF PRIVILEGE Date: 14 June, 1991 ******************************************************************** *** CuD #3.21: File 4 of 7: Review of PROTECTORS OF PRIVILEGE *** ******************************************************************** Review of: PROTECTORS OF PRIVILEGE: RED SQUADS AND POLICE REPRESSION IN URBAN AMERICA, by Frank Donner. Berkeley: University of California Press; 503 pp. $34.95 (cloth). Reviewed by Jim Thomas, Northern Illinois University Sandy Sherizen's review of Gary Marx's UNDERCOVER (file 3, this issue) demonstrates the potential dangers of covert police work to the cyberworld. Frank Donner's PROTECTORS OF PRIVILEGE extends Marx's work by illustrating the potential dangers of state intrusion into the lives of those who appear to challenge a preferred view of the world. Imagine the following scenario dredged from the depths of paranoid fantasies: Stodgy, a massive computer system into which over 750,000 customers call for benign services such as shopping by computer or arranging travel plans, provides each customer with a package of software that connects Stodgy's computer to each user's personal home computer. Now, imagine that this software is highly proprietary and nobody is really quite sure what it does when it is in the home computer. It could provide many user-friendly conveniences, such as replacing and deleting old versions of itself; it can scan the home computer's operation system and files to assure smooth functioning and non-disruption of other existing programs, and it assure smooth communication between the home and master unit. However, communication means that the home computer is giving information, albeit of a benign technical nature, just as it is receiving it. Now, add a different scenario. Law enforcement agents suspect that a serial killer is also a computer afficianado and subscribes to Stodgy. Agents request that Stodgy add a component to their software that allows it to scan through all the files, and even deleted files, in a user's home computer and transfer that information back to the offices of Stodgy, who would in turn give it over to agents for analysis. With such user-interface software, it becomes quite possible to collect copious quantities of private, personal information from millions of citizens and keep computerized files on citizens for the professed noble goal of protecting the social order. What does this have to do with Frank Donner's "Protectors of Privilege?" The basis of a democratic society rests on the ability of citizens to openly discuss competing ideas, challenge political power and assemble freely with others. These fundamental First Amendment rights are subverted when, through neglect, the state fails to protect them. Worse, they are shattered when the state itself silences political dissent and disrupts freedom of assembly. PROTECTORS OF PRIVILEGE details silencing of the worst sort: State agents who systematically used their power and resources to subvert the democratic process by targeting generally law-abiding private citizens for surveillance, "dirty tricks," or violence. Given the revelations from the report of the Senate Select Committee on Intelligence (Church Report) in 1975 and from other sources, it is hardly a secret that local, state, and federal agencies have engaged in extreme covert surveillance and disruption of groups or individuals of whom they disapprove. However, Donner does not simply repeat what we already know. The contribution of PROTECTORS OF PRIVILEGE lies in Donner's meticulous research of the scope and depth of political surveillance and in pulling together the voluminous data within an implicit conflict paradigm (although he neither uses this term nor alludes to his work in this fashion) to illustrate how surveillance has historically been employed to protect the interests of those in power in the guise of safeguarding democracy. The roots of political surveillance, Donner argues, began with the state's intervention in labor unrest in the nineteenth century. In Chicago, for example, the police "unambiguously served as the arm of the dominant manufacturing and commercial interests" and dispersed strikers, raided meetings, and terrorized demonstrators (p. 11). By portraying labor activists as a threat to the commonweal, the police acquired public support--or at least tolerance--to subvert First Amendment rights of freedom of speech and association. Although Donner perhaps overstates the quiescence of labor and radical groups in the early twentieth century, he correctly identifies Depression-era activism as the source of a new phase of government suppression. Former FBI director J. Edgar Hoover, in MASTERS OF DECEIT, equated Communism with cancer, and cancer was a disease to be eradicated. Hoover's views and policies serve as an icon for understanding the fear of a nebulous social menace that justified the organization of special, usually secret, "red squads" within police agencies of large urban cities in the post-depression years, and the social unrest of the 1960s further stimulated data acquisition on and disruption of those whose politics were judged as unacceptable. Donner devotes the bulk of his study to the period between 1960-80, and and focuses on the major U.S. cities (Chicago, New York, Philadelphia, Los Angeles). Drawing from court documents, files obtained under the Freedom of Information Act, media accounts, and other sources, an image emerges of law enforcement run amok in its efforts to amass information, much of it useless or fabricated, to disrupt dissenters who appeared excessively liberal, and to attack those who challenged police authority. Donner's controlled indignation is relatively restrained, and he relies on the power of chilling examples of law enforcement abuses to convey the message that political surveillance had far less to do with maintaining social stability than in protecting the interests of a dominant class on one hand and enhancing the careers of cynical politicians or police officials on the other. Lest his readers be left with the impression that the subversion of Constitutionally protected rights of political expression by the state was simply an anomaly occuring only in a few large cities, Donner includes a chapter on "second tier" cities, including Detroit, Baltimore, and Washington D.C. The pattern of abusive surveillance duplicates the larger cities, suggesting that excesses were the norm, not the exception. Donner's work would be valuable if it were only a history of official abuse in our nation's recent past. But, his work is much more than simply a chronicle. Although most agencies have at least attempted to curtail the most serious forms of abuse--albeit only when forced to as the result of public outrage or legal action--there is no evidence that the surveillance has stopped. The FBI's monitoring of of political organizations such as CISPES or the Secret Service's creation of a "sting" computer bulletin board system in a way that contradicts the "official" explanation of it, are just two recent examples that challenge claims that surveillance is under control. Computer technology creates a new danger for those concerned with surveillance. Law enforcement now has the technological means to monitor activities and process data infinitely more comprehensively, quickly, and surreptitiously than a decade ago. Donner's work reminds us that an open society can in no way tolerate threats to our liberty from those entrusted to protect it. Just as I completed writing the above review, I noticed the following news article: "Killing Columnist Plotted, Liddy Says" (Chicago Tribune, (June 13, 1991: Sect. 1, p. 2): New York (AP)--In their first face-to-face meeting, G. Gordon Liddy, mastermind of the bungled Watergate burglary, told columnist Jack Anderson that the president's men vetoed plans to silence the newsman. "The rationale was to come up with a method of silencing you through killing you," Liddy tells Anderson on "The Real Story," a news show to be shown Thursday night on cable TV's CNBC. With not a hint of irony, the story continues that the White House thought such a sanction was too severe. Rumors of this have been floating around for awhile, but it's the first time, to my knowledge, a participant has made a public comment, but there's something so postmodernly absurd about talking about it F2F on national TV in the same way that the galloping gourmet would trade recipes with Julia. Marx's and Donner's cynicism in and distrust of gov't seens terribly understated if we can so serenely turn a potential gov't murder plot into TV fare. Given the government's actions in Operation Sun Devil and other abuse of existing law enforcement procedures, concern for protections of rights in cyberspace seem crucial. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Kevin Kehoe Subject: Review of THE INFORMATION WEB Date: 20 Apr 91 19:55:45 ******************************************************************** *** CuD #3.21: File 5 of 7: Review of THE INFORMATION WEB *** ******************************************************************** Review of: THE INFORMATION WEB: ETHICAL AND SOCIAL IMPLICATIONS IN COMPUTER NETWORKING Author: Carol C. Gould Reviewed by: Kevin Kehoe In "The Information Web: Ethical and Social Implications of Computer Networking", Carol C. Gould brings together papers from a number of sources, ranging in concentration from philosopher to chemist to physicist. Each gives their own views on the shape of ethics in computing and technology as a whole today (and in the future). Topics range from formal and implied rights of privacy (whether a person is giving implied consent to have/relinquish his/her privacy by using the system in the first place); whether computer conferencing can be considered a public or private forum; the case of privacy vs. a person or persons' right to know; whether or not a violation of computer privacy (e.g. breaking into medical records) comprises a violation of personal privacy, or if the two are legally and morally separated by the same technological boundary that brought them together in the first place; the benefits & dangers of performing scientific research and the dissemination of the results of that research through a network; voting with computers (how it effects democracy, the social effects of voting in such a totally neutral atmosphere); the moral responsibility inherent in all forms of technology; our growing reliance on electronic information (will it ever reach a point where the computers have more control than the humans? or has it already?); the ethics involved in computer crimes -- how viruses, hackers, and security methods all inter-mesh in a way that leaves many things open to interpretation; personal ethics vs professional (an excellent example of a chemist who's hired to create a deadly disease -- should he be allowed to restrict its use after realizing its incredible potential?); and how to handle the voluntary and involuntary disclosure of company-private information. Gould did an excellent job of putting the book together --she assembled a group of people in the ethics project that not only made valid points, but they did so in a way that was logical and clear. (Far too many aspects of ethics today have proven markedly vague. But perhaps that's just another part of the whole concept of trying to define an ethic or ethics to begin with.) The book was published by Westview Press (ISBN 0-8133-0699-X) 5500 Central Avenue, Boulder, CO 80301. I highly recommend it as a read for anyone who's interested in computer ethics and privacy; particularly for those who have a definite feeling on the subject, but aren't able to adequately articulate their views -- these papers may well serve that purpose. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Rambo Pacifist@placid.com.uunet.uu.net Subject: Hollywood Hacker Sentenced Date: Sun, 9 Jun 91 09:29:09 PDT ******************************************************************** *** CuD #3.21: File 6 of 7: Hollywood Hacker Sentenced *** ******************************************************************** "Writer Gets Probation in Sting at Fox." From THE LA TIMES, May 29, 1991, p. B-3 (Metro Section). By John Kendall. Free-lance writer Stuart Goldman pleaded no contest Tuesday to three felony charges of illegally entering Fox Televisions computer system and stealing story ideas planted by Los Angeles police in a sting operation. In a plea bargain presented by prosecutors and approved by Superior Court Judge Richard Neidorf, the 45-year-old self-proclaimed muckraker was placed on five years' probation and ordered to pay $90,000 in restitution, reduced to $12,000 with Fox's approval. The judge ordered Goldman to serve 120 days in County Jail but stayed the sentence. Deputy Dist. Atty. Richard Lowenstein moved for dismissal of four additional counts of entry of a computer illegally. Goldman's no-contest pleas were tantamount to admitting guilt, the prosecutor said. Despite the pleas, Goldman continued to insist outside the courtroom Tuesday that Hollywood-based Fox had attempted to silence him. "There's been an effort by Fox Television to silence me and, as far as I'm concerned, that's what this case was all about," Goldman told reporters. Attorney James E. Hornstein, representing Fox Television, denied Goldman's charge. He said his client had agreed to reduce the court-ordered restitution from $90,000 to $12,000 on Goldman's "plea and statement that he is indigent." "Throughout these proceedings, Mr. Goldman has tried to argue that someone was out to get him," Hornstein said. "The only victims in these proceedings were the computers of "A Current Affair which Mr. Goldman has admitted by the plea he accessed illegally." Goldman was arrested at his Studio City apartment in March of last year by Secret Service agents and Los Angeles police who confiscated a personal computer, floppy disks, Rolodexes and a loaded .38 caliber handgun. Prosecutors accused Goldman of using a password apparently gained when the journalist worked briefly for "A Current Affair" to enter the Fox production's computer system. They charged that Goldman stole bogus tips, including one involving "Ronald Reagan Jr.'s Lover," and attempted to sell the items to a national tabloid magazine. In an interview with The Times last year Goldman explained that he was engaged in a free-lance undercover inquiry of gossip news-papers and TV shows, and he claimed that his arrest was a setup to get him. "These people will look very foolish when they get into court," Goldman insisted at the time. "I'm a good guy, and I'm going to prove it. This is going to be the biggest soap opera you ever saw." After his arrest, Goldman said he was writing a book about his experience as a former gossip media insider who once attacked feminists, gays and other targets in vitriolic columns in the National Review. After Tuesday's court session, Goldman vowed to publish his completed book, "Snitch," as soon as possible. Neidorf ordered authorities to return Goldman's computer. "I'm sure you know now that computers will get you in trouble," the judge said. "If you don't, I'll see you back in her again." ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Barbara E. McMullen and John F. McMullen Subject: Len Rose Sentenced (Reprint from Newsbytes) Date: 12 June, 1991 ******************************************************************** *** CuD #3.21: File 7 of 7: Len Rose Sentenced *** ******************************************************************** LEN ROSE SENTENCED TO 1 YEAR 06/12/91 BALTIMORE, MARYLAND, U.S.A., 1991 JUNE 12 (NB) -- Leonard Rose, Jr., a computer consultant also known as "Terminus", was sentenced to a year and a day in prison for charges relating to unauthorized sending of AT&T UNIX source code via telephone to another party. Rose is scheduled to begin serving his sentence on July 10th. The original indictment against Rose was for interstate transportation of stolen property and violations of the Computer Fraud and Abuse Act but those charges were dropped and replaced by a single charge of wire fraud under a plea agreement entered into in March. The charges involving the violation of the Computer Fraud and Abuse Act had been challenged in a friend of the court brief filed in January by the Electronic Frontier Foundation (EFF) who challenged the statute as "unconstitutionally vague and overbroad and in violation of the First Amendment guarantees of freedom of speech and association." The issues raised by EFF were not resolved as the charges to which they objected were dropped as part of the plea agreement. In his plea, Rose admitted to receiving misappropriated UNIX source code and modifying it to introduce a trojan horse into the login procedures; the trojan horse would allow its developer to collect passwords from unsuspecting persons logging on to a system containing this code. Rose admitted that he transmitted the modified code via telephone lines to a computer operator in Lockport, IL and a student account at the University of Missouri. He also admitted putting warnings in the transmitted code saying "Warning: This is AT&T proprietary source code. DO NOT get caught with it." U.S. District Judge J. Frederick Motz, in sentencing Rose, ordered him to sell his computer equipment and to inform potential employers of his conviction. Assistant United States Attorney Geoffrey Garinther, who prosecuted Rose, explained these portions of the sentence to Newsbytes, saying "The equipment was seized as evidence during the investigation and was only returned to him as part of the agreement when it became evident that he had no means of supporting his wife and two children. It was returned to him for the sole purpose of selling the equipment for this purpose and, although he has not yet sold it, he has shown evidence of efforts to do so. The judge just formalized the earlier agreement in his sentence. The duty to inform potential employers puts the burden of proof on him to insure that he is not granted "Root" privileges on a system without the employer's knowledge." Garinther added "I don't have knowledge of the outcome of all the cases of this type in the country but I'm told that this is one of the stiffest sentences a computer hacker has received. I'm satisfied about the outcome." Jane Macht, attorney for Rose, commenting to Newsbytes on the sentence, said "The notification of potential employers was a negotiated settlement to allow Len to work during the three years of his supervised release while satisfying the government's concern that employers be protected." Macht also pointed out that many reports of the case had glossed over an important point,"This is not a computer intrusion or security case; it was rather a case involving corporate computer software property rights. There were no allegations that Len broke into anyone's system. Further, there are no reported cases of anyone installing his modified code on any system. It should be understood that it would require a system manager or someone else with 'superuser' status to install this routine into the UNIX login procedure. The publishing of the routine did not, as has been reported, open the door to a marked increase in unauthorized computer access." Macht said that she believed that Rose had reached an agreement to sell the computer equipment. He had been offering it through the Internet for $6,000, the amount required to prepay his rent for the length of his prison sentence. Because of his financial circumstances, which Macht referred to as a "negative net worth", the judge did not order any restitution payments from Rose to AT&T. (Barbara E. McMullen & John F. McMullen/19910612) ******************************************************************** ------------------------------ **END OF CuD #3.21** ********************************************************************