Computer underground Digest Fri, Feb 28, 1992 Volume 4 : Issue 09 Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Associate Editor: Etaion Shrdlu CONTENTS, #4.09 (Feb 28, 1992) File 1: Message related to craig's problem (RE to CuD 4.08) File 2: Legal Costs, Attys, and why $60 doesn't go far File 3: Response to Craig Neidorf's Legal Expenditures File 4: TV station and BBS registration File 5: Review of INTERTEK MAGAZINE (Newsbytes Reprint) File 6: Bury Usenet (Intertek Reprint) File 7: Mitch Kapor Response to "Bury Usenet" (Intertek Reprint) File 8: A Comment on Amateur Action BBS File 9: 'Michelangelo' Scare (Washington Post abstract) Issues of CuD can be found in the Usenet alt.society.cu-digest news group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL0 and DL12 of TELECOM, on Genie, on the PC-EXEC BBS at (414) 789-4210, and by anonymous ftp from ftp.cs.widener.edu (147.31.254.132), chsun1.spc.uchicago.edu, and ftp.ee.mu.oz.au. To use the U. of Chicago email server, send mail with the subject "help" (without the quotes) to archive-server@chsun1.spc.uchicago.edu. NOTE: THE WIDENER SITE IS TEMPORARILY RE-ORGANIZING AND IS CURRENTLY DIFFICULT TO ACCESS. FTP-ERS SHOULD USE THE ALTERNATE FTP SITES UNTIL FURTHER NOTICE. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. Some authors do copyright their material, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to the Computer Underground. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Mon, 17 Feb 92 22:25:07 -0500 From: an288@CLEVELAND.FREENET.EDU(Mark Hittinger) Subject: File 1--Message related to craig's problem (RE to CuD 4.08) A poster in CuD 4.08 wrote: >Craig needs our help in defraying the costs of a battle from which we >all benefited. Even $5 would help. Just a 29 cent stamp and a $5 >check. Mine is on its way. Thanks to the CuD guys for making us aware of this. Those of us that can (and would) help can't unless we are made aware of the need. Many of us are older and draw good incomes from the cyberchaos. Lets not call it cyberspace yet! Debates over issues and principles are fine but they need to occur after the practical matters of life are dealt with. In our less than ideal world we still need to get the rent paid (and even the lawyers' fees *DAMN*). I have been somewhat disillusioned by the activities of various new frontier organizations. Lets fix the practical matters first in real time and then debate the principles later in virtual time. > ... Ironically, if the >principle of honor were not so important, Craig arguably would have >been better off to plead guilty rather than defend his honor. It would >have saved him time, money, and bother. When the costs of pleading >guilty to crimes of which one is innocent becomes the best way of >avoiding devastating consequences, we cannot agree that the system >"works." Lets not forget than Len Rose caved in and took the plea bargain route. We can argue about what he did or didn't do, but he still needs to get his rent paid, feed his kids, and rebuild his life when he gets out (soon). I'm sure that there will be similar needs in the upcoming cases that have been discussed in recent CuD articles. I wish that it was as easy to send a $5 check as it is to argue - but I know that it is not. ------------------------------ Date: Thu, 20 Feb 1992 11:25:31 -0500 From: Craig Neidorf Subject: File 2--Legal Costs, Attys, and why $60 doesn't go far The readers should remember that my case was one of first instance. In most court cases, the law or precedent is much more clear and understood. Usually cases that go to court deal a lot with determining the facts instead of determining the law. Katten, Muchin, & Zavis bills Sheldon Zenner's time at $210/hour. In addition to Zenner, they had Ken Kliebard (an associate) and two law students working on my case over a 7 month period. There were multiple court appearances including two arraignments and the submission of all sorts of motions (for discovery, for release of beneficial evidence, for all sorts of things). There were all sorts of meetings -- with the government and with our witnesses. There were flights to Atlanta to have meetings with Robert Riggs and to St. Louis to meet with me (for a while I was not allowed to leave the State other than for court appearances). There was a lot of time spent in finding experts, interviewing them, and then learning from what they had to say. There was a vast abundance of evidence that had to be read, cataloged, and understood (stacks of email printouts, Phrack issues, other similar publications, and magazines about the telephone industry). My attorneys had to learn about computers and Unix systems). The fact that they first indicted me on one set of charges and then turned around and re-indicted me on another set of charges added a lot more time and money to my expenses. Every item of evidence that the government photocopied for us cost tons of money (since they bill photocopies at a very high rate (like $.15 per copy) and there were thousands of pages. The main problem was that the government had brought me up on charges that had never been used before in a computer case like this one. That meant there had to be a lot more research than perhaps would have been ordinarily needed. Finally there was the actual five full days of trial. This does not imply the hours of 9 to 5, it was more like 5 am to 11pm. Hours like these were not uncommon for Zenner during the entire 7 month period. The bottom line here is that I am a bit outraged by the questions posed by Mr. Moore of where the money was spent. I happen to know that certain steps were taken to keep my bill a lot lower than it might have been. I have learned for example that by referring a lot of the work to the summer associates, KMZ was able to bill those hours at a considerably lower rate. Furthermore, experts like John Nagle and Dorothy Denning refused to accept payment for their testimony. Ordinarially, expert witnesses like them would receive several thousand dollars each + expenses in return for their testimony. Don't you think my family and I scrutinized the bill ourselves to find some errors that would bring the total down? Finally, I feel that I received the absolute finest representation and counseling from Sheldon Zenner. The legal expenses were checked and re-checked by us and by him. I consider him a true friend and I trust him without any hesitation or doubts whatsoever. I'd rather checks be sent to Zenner because: A. I don't want the money being sent to my name because I don't want a stream of deposits in my bank accounts to irk IRS or anybody else. B. I'd rather not net-broadcast my home address. C. I tend to move around a lot since I live in rented housing and the US Post Office is not the greatest at forwarding mail. The KMZ address is the most reliable. Mr. Moore writes that "The high price of legal help is arguably as much of the problem as the reckless disregard for law and due process demonstrated by the government." I don't disagree, but don't make me responsible for the flaws in the system. Letters like yours victimize me all over again. Craig Neidorf ps- The net total of donations based on my most recent public notice stands at $60. $10 from one person, $20 from one person, and $30 from one person. All of whom were people I generally knew before and were not really among the 26,000 readers of CUD. People talk a good game, but the money is not where their mouths are. The grand total of donations received overall since day one (and excluding Kapor) doesn't even hit the $1,000 mark. ------------------------------ Date: Mon, 24 Feb 1992 16:47:38 -0500 From: Mike Godwin Subject: File 3--Response to Craig Neidorf's Legal Expenditures In article <1992Feb21.083926.16788@chinacat.unicom.com> Keith Moore writes: >I have read repeated pleas on various networked discussion groups for >readers to help defray Craig's legal expenses. While I sympathize >with his position and am in fact willing to help, I'm sure many of the >readers would like to know what all of that money was spent for. I >want to help Craig, but I don't like the idea of giving over money to >lawyers. The high price of legal help is arguably as much of the >problem as the reckless disregard for law and due process demonstrated >by the government. Most of the cost of Craig's defense is attributed to preparation for trial. This means researching the law relevant to the charges, understanding the evidence, and finding out what the government's witnesses are likely to say as well as preparing your own witnesses. I cannot dispute that legal help is costly. But it seems to me that a failure to help Craig because legal help is costly promotes any lowering of the cost of legal help. It does, however, increase the personal burden on Craig. It is a fact that when one sets out to fight the federal government in court, legal expenses tend to skyrocket. But this is not Craig's fault. >Also, why are we asked to send money directly to the law firm that >defended Craig, and not to Craig himself? Because that's where the money is owed. If the money were solicited for Craig himself, countless net.critics would be calling it a scam on Craig's part, and they'd be demanding guarantees that the money go to his legal bills. One of the things that becomes apparent when you spend enough time on the Net is that some people will be critical of you no matter what you do. >Perhaps the computer underground, realizing how >much we are at the mercy of both lawyers and the government, would >find it in its interest to act to curtail their powers. It is certainly in everybody's interest to lower the cost of legal representation. It is unclear to me how failing to help Craig Neidorf does this. Do you really suppose that defense lawyers will watch Craig go bankrupt and conclude "Ah, well, guess we set our fees too high"? Isn't it asking a lot of Craig that he go bankrupt in order to articulate your criticism of the legal system? I believe there are plenty of reasons to be critical of the system, but it seems heartless to me to ask Craig to bear the burden while we sit back and pontificate about it. That's why I contributed money to Craig's legal expenses, and I hope you do too. ------------------------------ Date: Thu, 30 Jan 92 3:32:05 CST From: bei@DOGFACE.AUSTIN.TX.US(Bob Izenberg) Subject: File 4--TV station and BBS registration Here's something that you might find interesting... from misc.legal.computing. I've enclosed (most of) my reply to the article's author. Bob [ start ] A local television reporter did a report on the 10pm news about teenagers getting access to adult .gif files on computer bulletin boards. He explains how many sites with adult gifs require proof-of-age (e.g., copies of driver's license) for registration, but some merely print a "you must be over 21 to register" message before on-line registration. No problem, except he then claims you can lie and still become registered -- which he proceeds to do on camera. Isn't this a violation of Federal law regarding computer access? The sysop of the BBS clearly requested identifying information, as is his right before granting system access, which the reporter deliberately refused to provide yet accepted system access? This TV station is getting a bad reputation for overzealous reporters-- a few years ago one star reporter actually paid for pit-bull fights that she subsequently reported on. She was ultimately fired from the station and charged with a felony. I don't expect things to go this far in this situation -- but neither do I want to sit by as the TV station implies it's okay to lie during on-line registration for BBSes. Any comments or suggestions? BTW, the reporter was Jim Benemann of KCNC in Denver. I can post the Station Manager's name if other people wish to contact the station. Bear Giles bear@fsl.noaa.gov [ and my reply: ] >To: bear@spike.ucar.edu >Subject: Re: Stupid TV reporter tricks In article <15091@ncar.ucar.edu> you write: >Any comments or suggestions? Work with the station on producing an editorial. Ask them what criteria they use to authenticate news sources, and what their policy is on providing air time to an individual who is immediately or eventually proven to have faked their identity. Mention that access rules for on-line systems, large or small, are often more strict than those legally required of adult magazines: A signed statement that you're over a certain age. The system's owner was complying with a tradition of law that applies to similar adult-oriented media. The question of whether the reporter's misrepresentation of their identity, which treads close to the phone company's definition of fraud, was justified is one that the station's news management is invited to discuss publicly. After all, they were presented with a policy for authentication that matches legal proof employed by related media, and they bypassed it. If the station's position is that people must be honest for a system of age-oriented access restriction to work, they're right. If the station insists on providing a clear example of how to defeat the owner's intent to comply with the law, it is hardly the system owner that is in the wrong. Take the editorial to competing stations if you need to. Of course, this is a lot of swimming upstream for people to do, and there may be a better way that I haven't thought of... In any case, I'm interested in hearing what, if anything, comes of this. ------------------------------ From: John F. McMullen (mcmullen@well.sf.ca.us) Date: Mon, 17 Feb 1992 10:39:11 PST Subject: File 5--Review of INTERTEK MAGAZINE (Newsbytes Reprint) REVIEW OF: Intertek From: Intertek, 325 Elwood Beach #3, Goleta, CA 93117; Telephone: 805 685-6557; Online - steve@cs.ucsb.edu Price: Current issue (Volume 3.3) ---- $4.00; Back issues (Volumes 3.1 & 3.2) - $5.00 ea; Subscription (4 issues) - $14,00 PUMA Rating 3.6 on a scale 1=lowest to 4=highest Reviewed by Newsbytes by Barbara E. McMullen & John F. McMullen Summary: Intertek is a semi-annual magazine that explores the social, legal, ethical and technological issues confronting those in the on-line community.. ====== REVIEW ====== Intertek is a surprisingly professional semi-annual glossy magazine dealing with issues relating to telecommunications, computer crime and first amendment concerns. We say "surprisingly professional" because the editor and publisher, Steve Steinberg, is still an undergraduate at the University of California, Santa Barbara. The current issue, Volume 3.3 - Winter 1992, is, in our judgement, of a quality that one would expect to find in a more commercial publication. While the publication has developed a following among those lucky enough to know of its existence (generally those who have already been actively interested in the issues dealt with by Intertek), it does not have the widespread newsstand distribution that it deserves --although Steinberg informed us that it is distributed in Europe and should be appearing domestically in Tower Books locations. The only way, however, at this time to be sure of obtaining a copy is to subscribe ($14 for 2 years - 4 issues). After reading every available Intertek (Volumes 3.1, 3.2, & 3.3), we think that Steinberg has hit on a extremely good pattern in his production of the publication: - each issue is narrowly focused on a specific topic (3.1 - "The Hacker Issue"; 3.2 - "The Ethics Issue"; 3.3 - "Virtual Communities"). - Steinberg has attracted a well-known group of experts who also have a fine command of language and style top either write specifically for Intertek or to allow republication of previously material that is germane to the topic under discussion. The three issues mentioned include pieces by (or interviews with) John Perry Barlow, Bruce Sterling, Brenda Laurel, Mitch Kapor, Peter Denning, Katie Hafner, John Quarterman, Gail Thackeray, John Markoff, and Gordon Meyer. Each of these writers bring a perspective to the topic that is both well thought out and well presented. - Steinberg himself writes well. He is also skillful enough as an editor to put together pieces on provocative topics with responses from knowledgeable individuals on the same topic -- a superior method in our judgement than publishing the piece in one issue and the responses in subsequent one, particular when speaking of a semi-annual publication. An example of this technique is found in the current issue where Steinberg has written a piece entitled "Bury Usenet" and packaged it with responses from Mitch Kapor, Electronic Frontier Foundation co-founder; John S. Quarterman, author of The Matrix (Digital Press) and publisher of the Matrix News; Peter J. Denning, computer science chair at George Mason University and former president of the ACM; and Bruce Sterling, journalist author. Other articles in the Winter 1992 issue include "Electropolis: Communication and Community on Internet Relay Chat" by Elizabeth M. Reid; "Social Organization of the Computer Underground" by Gordon R. Meyer; "Real World Kerberos: Authentication and Privacy on a Physically Insecure Network"; and "Mudding: Social Phenomena in Text-Based Virtual Realities" by Pavel Curtis. There is also a 3 page section entitled "Newsflash" that does, despite the difficulties of providing real news in a semi-annual publication, contain some interesting items that we had not seen elsewhere. The centerfold of the publication presents a snapshot of both stock prices in the technology industries and prices of hardware, new and used. Although the information is dated (almost 2 months old when we got it), it is presented nicely with graphs and charts and is accompanied by a short piece by New York Times technology writer John Markoff. While this two-page section presents nothing that is really new, Markoff's piece is well-done, the display is attractive and there are certainly worse things that can be put in a centerfold. If you have any interest in acquiring a greater understanding of the issues surrounding global telecommunications (and, in our judgement, everyone should have such interest - particularly Newsbytes readers!), Intertek is worth your investment. It is lively, informative, and well-written. In short, buy the magazine! ============ PUMA RATINGS ============ PERFORMANCE/PRICE: 4. Intertek sets out to fill a niche not found in other publications relating to on-line life. Not as folksy as Boardwatch or as "techie" as 2600, Intertek deals with issues normally only discussed at conferences like CFP-1 or on an on-line service such as the WELL. In our judgement, it fulfills its mission well. At $14, for people with these interests, it's a bargain. USEFULNESS: 4. In an informal survey that we did with a number of readers, the only complaints that we heard were that it should have more pages or come out more often. That seems to be heady praise from a demanding group. MANUAL: N/A AVAILABILITY: 3. Tough to get if you don't subscribe. You won't find Intertek in your local B. Dalton or Walden sitting next to Computer Shopper or Byte. Although the problem is easy to solve by subscribing, many won't because they haven't actually seen a copy .. and they'll be missing out on a good thing. (Barbara E. McMullen & John F. McMullen/19920218) ------------------------------ Date: Sat, 15 Feb 92 17:33:29 PST From: G.Steinberg Subject: File 6--Bury Usenet (Intertek Reprint) (Reprinted from _Intertek_, Winter (Vol 3.3), Winter, 1992. Pp 1-3.) Bury USENET by Steve Steinberg The concept of USENET, a global electronic bulletin board on which any person can post messages on topics ranging from nanotechnology to weightlifting and reach other interested people, sounds terrific. It seems like a step towards the magical future which we are all brought up to believe is right around the corner; the future of Hugo Gernsback in which the entire bustling globe is united in productivity and prosperity. But, just as genetic engineering and nuclear power have turned out to cause more problems than they solve, we now see that USENET improves productivity and our quality of life about as much as TV does. True, there are thousands of people who enjoy reading USENET, just as there are millions who enjoy watching TV; however this is not proof of the quaility of the medium but instead is indicative of the lack of alternatives. It is therefore important to understand why USENET fails as a medium so that we can avoid further blunders in this direction. The three general uses that a medium such as USENET should facilitate are: directed information seeking, browsing, and collaboration. Directed information seeking is when someone is trying to find out a specific piece of information. Browsing is an exploratory information-seeking strategy that is used when the problem is ill-defined or when the user simply wants to become more familiar with an area of knowledge. Lastly, collaboration, for the purposes of this paper, refers to a group of people sharing what they know and posing questions to each other about a particular subject so as to increase the knowledge and ability of everyone involved. USENET fails at all of these uses, and we can lump the reasons for the failures into three main categories: USENET's asynchronous nature, its small bandwidth, and the large amount of noise. By asynchronous nature I simply mean that communications on USENET is not in real time as it is with a telephone but instead is more like conventional mail. Being asynchronous is not a problem with mail because we communicate with relatively few people, so there are only a small number of letters we need to remember and keep track of. However, when we read hundreds of different messages by different people on different subjects, we quickly get lost and forget what the status is of all the various topic threads. A technique people use on USENET to minimize the drawbacks of asynchronous communications is to begin each message with the relevant portion of the message to which they are replying. This repetition helps to some degree however each message will still only contain some subset of the previous messages (depending on which earlier messages caught the current writer's attention) and so does not give a complete picture of what has been determined on a particular topic. The asynchronous nature of USENET makes collaboration very difficult. A topic will often start with a question and then receive several messages in reply, each of which in turn will spawn several replies. The topic will then quickly degenerate into discussions of trivial points and multiple digressions leaving the poster of the original question, and other readers, more confused than helped. It is the sheer size of USENET, where a topic thread can last for thousands of messages and many months, that makes this problem so intractable. In these post-MTV proto-multimedia days the idea of people writing to each other seems almost quaint. Indeed one often hears professional writers lament that the death of writing has occurred now that the telephone has supplanted the letter. Hence, it might seem at first blush that USENET is a good thing and will cause the rebirth of the written letter. Unfortunately, as someone who has waded through tens of thousands of USENET messages, I can say with some certitude that this rebirth has not occurred, nor does it appear likely. To write clearly and concisely requires skill as well as time. Because most people lack one or the other of these requirements, messages posted to USENET are usually confusingly worded, difficult to read, and prone to misinterpretation. This is what I was referring to when I said in the beginning that one of the fundamental problems with USENET is its small bandwidth. When we express our feelings on a subject or explain a detailed technical matter, we usually use many cues and tools in order to make ourselves understood. These include tone of voice, body language, and pictures or diagrams. When we try instead to compress our thoughts into 80-column ASCII, we leave behind many of the nuances. This makes any use of USENET--whether it be searching or collaborating--difficult since we often do not understand what a message is really trying to say. One solution to the problem of small bandwidth that seems likely to catch on in a big way soon (it already has to some degree) is to allow graphics to be viewed over USENET. This would allow a user to include a drawn or digitized picture inside the message he or she posts. Multimedia messages seem like a good idea, and you can easily imagine the good uses possible such as diagrams to clearly indicate how something works. However, I have no doubts, based on how people have used USENET so far, that the main results would be an outbreak of pornography and a rash of garish signatures. Reading USENET is like drinking from a firehose, you'll get very wet but you probably will still be thirsty. The problem is that there are thousands of messages posted each day, but only a few of these will be of interest to any one reader. Searching through this haystack of messages is a tedious and laborious task with no sure method of success. Many people end up spending (some would say wasting) several hours a day reading USENET in order to find the few items of interest and importance to them. What further complicates the task of searching for information, making it near impossible as well as unpleasant, is the huge amount of noise -- lengthy messages which say nothing useful, messages that are personal attacks on someone, and messages that are plain wrong. Anyone with access to a UNIX machine that has a USENET feed can post a message on any subject, no matter how unqualified the author may be. The result is usually chaotic and unenlightening. Even when the poster is humble enough to prefix his or her message with "I'm no lawyer /scientist /doctor but...", a clear signal that we may save time and skip this message, we only continue on to ten more messages by other unqualified people berating the first poster for inaccuracies. The dichotomy which is being exposed here is between a medium which informs and a medium for general discussion. If we think USENET should be the former, then there is no place for messages by unqualified people. If USENET should be for discussion, then indeed anyone should be allowed to offer their opinion. Unfortunately USENET isn't very good at this either due to the phenomena known as "flaming" in which users attack other persons' views far more quickly and violently than would occur with any other medium. Because users are safely hidden behind their terminal, and can not see who they are talking to, standard social customs concerning conversation do not seem to apply. The result is that even the most innocent comment can provoke typed vitriol from someone who feels offended. Flaming is undoubtedly the most virulent form of noise, and there is nothing more unpleasant than having to wade through messages of infantile bickering. So, although USENET tries to be both a medium for informing as well as discussion, it succeeds at neither. The concept of a moderated newsgroup is a simple solution to the noise problem, but it leads to a problem of a different kind. In a moderated newsgroup a user sends messages to the person in charge of the newsgroup, and this moderator then picks only the messages he or she feels are relevant. Sometimes this works well as in the often cited example of Peter Neumann's RISK digest. However, there is the insidious danger of moderator bias. The specter of this problem has risen in conjunction with the TELECOM digest which is moderated by the rather opinionated Patrick Townsend. Whether Townsend actually censors messages he disagrees with is not important. The perception--and the possibility--are there. To summarize, USENET's asynchronous nature makes collaboration difficult, its small bandwidth makes messages difficult to understand and easy to misinterpret, and the high amount of noise makes searching for interesting messages time consuming and unpleasant. I wish I could end by presenting five easy steps to improve USENET. Unfortunately, the only ones which seem feasible, such as news readers which use artificial intelligence techniques to filter out noise, are merely stopgap measures which do not address all of the fundamental problems. Before we can fix USENET we must first understand how we learn and how groups work together. Until this has been determined our tools are as likely to hinder our productivity as they are to help us. As has been amply demonstrated by television over the last fifty years, some mediums, no matter how much of a good idea they may seem, just don't work. I hope we quickly learn to see USENET as a noble but failed experiment so that we can research other directions in order to find new mediums that really do enhance our communications and our quality of life. ------------------------------ Date: Sat, 15 Feb 92 17:33:29 PST From: Mitch Kapor Subject: File 7--Mitch Kapor Response to "Bury Usenet" (Intertek Reprint) Somewhere between the intimacy of island universe conferencing systems like the WELL (an electronic bulletin board in California) and the anarchic ocean of USENET lies the future of computer conferencing. USENET's problems are legion and unlikely to go away. What may succeed are new generations of software and conferencing systems built upon the lessons and experience, both positive and negative, of a multiplicity of existing systems. The WELL works much better than USENET as a source of informed discourse for several reasons: o It's hosted on a single system, avoiding the lag of distributed systems. o People pay to be there. This weeds out the single largest source of noise. o Conferences are all hosted, which acts as a loose control mechanism. o The management of the system realizes it's running a digital gathering place. The WELL has problems too. It's insular, its user interface is nothing to be proud of and its telecommunications access cost is excessive if you don't live in the Bay Area. If these problems were addressed, there's no reason in principle why the example of the WELL couldn't be more widely applied. It wouldn't be USENET, but maybe that's OK. I envision a system which is on the Internet and thus reachable from anywhere on the Internet, a system which has a graphical user interface (in addition to whatever the hardcore users want), whose conferences are hosted, and which charges a nominal--say a dollar an hour--usage charge. This software may have many separate instantiations, in different locations, serving different needs and interests. In fact, this is a brief sketch of a design idea for a development project we hope to begin within the Electronic Frontier Foundation (EFF) in 1992. Mitch Kapor EFF co-founder ------------------------------ Date: Mon, 24 Feb 1992 11:31:22 PST From: Ann O'Nonymous Subject: File 8--A Comment on Amateur Action BBS Bob Thomas has been having trouble with his kids. They are experiencing emotional and behavior problems they've never had before. The police officers they had learned in school to trust came to their house one morning and unceremoniously took away their computer. The police were rude. They offered no explanation for why they took the kids' games and schoolwork. The half-dozen plain-clothes cops were not related to Officer Friendly, and the children were confused, frightened, and hurt. These police weren't THEIR friends! So was Bob Thomas. He ran AMATEUR ACTION BBS in San Jose, Calif., which specialized in adult gif files. Local police (no federal agents) burst in at 7:30 a.m. on Monday, January 20 with a search warrant alleging grand theft, trafficking in obscene material, and child pornography. Bob doesn't recall if the officers had their guns drawn. The affidavit supporting the warrant is sealed, so the justification for the raid may never be known. Bob was stunned by the accusations, and he and his family watched in horror as the police carted away his 486, three 386s, videos, and all the tools he needed to run his two electronics businesses and BBS business. The police also took all hardcopy business records and other materials. The raid resulted in seizure of over $30,000 worth of equipment. Bob estimated that he also lost over $15,000 in lost business revenue and legal fees. He also missed a major trade show. His children lost their innocence. Society lost another round in the battle to maintain a semblance of civil liberties in cyberspace. Bob's attorney communicated with EFF and the officers were made aware of federal and other laws relating to seizure. No charges have been filed, and there is no indication that any will be. When I spoke with Bob on February 24, he was expecting the return of most, hopefully all, of the equipment by that evening, or within a day or two. He has no explanation for why the police raided him, but suspected it might be connected to the problems of America Online, which faced a similar investigation. Amateur Action (408-263-3393) specialized in adult gif files (over 4,600) using amateur rather than commercial models. Bob also used it to distribute adult videos. There were no action or other files. It was simply an adult BBS with a modest message base. Bob has established a reputation for aggressively attempting to keep children off his adult BBS, and we have neither heard nor seen any evidence that his board contained child pornography. The different levels of access cost from $29 to $69 a year. Amateur Action is back up, running Wildcat. The $69 annual rate will earn you a meg-a-day download privilege with no upload obligation. A Visa/Mastercard sub gives immediate access. Unless evidence appears to the contrary, this is another instance of police mishandling a seizure, confiscating first and asking questions later, and not being quite sure of what they're doing. What do Steve Jackson, Bob Thomas, and deja vous have in common? ------------------------------ Date: Tue, 18 Feb 92 15:36:33 EST From: "garbled header" Subject: File 9--'Michelangelo' Scare (Washington Post abstract) "'Michelangelo' Scare Stirs Fears About Computer Viruses" Author: John Burgess Source: Washington Post, Feb 17, 1992, p. A1 A new and unusually destructive type of computer "virus" -- a software program that enters a computer surreptitiously and destroys data there en masse -- has reignited concern over these electronic saboteurs. Security experts have dubbed the virus "Michelangelo," because after entering a computer it lies dormant until March 6, the Italian Renaissance artist's birthday. Then it springs to life and wipes out data stored on the computer's memory disk. In November, a copy of Michelangelo turned up at the Gaithersburg offices of the National Institute of Standards and Technology, hiding on the data disk of a computer that had been returned after being on loan to another federal agency. Using special software, institute technicians found the virus and removed it after receiving a tip from the other agency. That agency had found the virus on its computers and warned the institute to make sure its computers hadn't been infected too. Michelangelo got national attention last month after Leading Edge Products Inc., a manufacturer of personal computers compatible with those of International Business Machines Corp., confirmed that it had shipped about 500 machines that contained the virus. The manufacturer sent customers special software designed to neutralize it. Because the triggering date lies in the future, no one is known to have lost data due to the virus, which was created by an unknown programmer and has spread from computer to computer through the exchange of infected floppy disks. But security experts, using special software that scans computer disks to detect viruses, have been finding copies of Michelangelo since last summer and removing them before they activate. It remains unclear whether large numbers of computers contain undetected copies of the virus, though estimates of millions of machines have been published in the news media. Michelangelo affects only IBM-compatible personal computers, but there are about 60 million of these in existence. Past scares about viruses often have proven to be overblown. But due to Michelangelo's unusually destructive nature, as well as the potential presence of other viruses, some computer experts are suggesting that personal computer users take no chances over getting caught by a virus. "When it hits, it's dramatic," said Lance Hoffman, a professor of computer science at George Washington University. Computer users can protect themselves by making additional electronic copies of information they cannot afford to lose, by reducing the exchange of floppy disks and the transmission of software over phone lines, and by obtaining special software that detects viruses. Viruses are a surprise byproduct of the computer age. Complex sets of computer instructions, they are usually written by anonymous programmers as pranks, or in the case of Michelangelo, in a deliberate effort to destroy the information of people the programmer has never met. Fighting the virus writers is a coalition of software companies, academics, researchers and users of personal computers. The two play a constant cat-and-mouse game -- virus writers sometimes send their creations to the experts as a challenge. If an infected floppy disk is put into a computer, the virus orders the machine to copy it onto any other disk that the computer contains, generally without the operator knowing that this is taking place. Or a virus may enter a computer when its operator receives infected software programs from a computer "bulletin board" reached by phone. Many viruses are considered benign, doing little more than flashing whimsical messages on the screen or playing a tune. But others, like Michelangelo, are engineered to seek out stored data and destroy it, sometimes on a specific date. That can be devastating. Companies might lose all of their account records, for instance, or an author using a home computer might lose the entire manuscript of a novel. To dissect Michelangelo and find out how it works, security experts have deliberately introduced the virus into test computers and advanced their internal clocks to March 6 to trigger the virus. Michelangelo-infected machines that are not functioning on March 6 will not activate the virus, according to experts. By the same token, the virus can be kept dormant by shifting the clock on the machine so that it never reads March 6. Computer experts agree that getting hit by a virus -- more than 1,000 types have been identified over the years -- can be devastating as society progressively puts more and more reliance on computers. But there is continuing debate as to how prevalent the programs really are. "I'm finding virus catastrophes everywhere," said Martin Tibor, a data recovery consultant in San Rafael, Calif., whose repeated calls to the media after the Leading Edge incident helped publicize Michelangelo. "These things are replicating like crazy." David Stang, director of research at the National Computer Security Association, offers a more conservative assessment. While stressing the danger of viruses, he puts the probability of a virus residing in a given computer at a large company at about 1 in 1,000. Michelangelo constitutes a tiny fraction of those viruses, he said. The National Institute of Standards and Technology has 5,000 personal computers and has detected about one to three viruses a month since last summer. In contrast, Total Control Inc., an Alexandria computer security firm, said that about 70 percent of the 300 personal computers at one unnamed federal agency have been found to have Michelangelo. San Jose research firm Dataquest Inc. surveyed 600 large U.S. companies late last year and found that 63 percent had found a virus on at least one company computer. However, it noted that these companies often operated hundreds of computers. Antiviral software has created a thriving new niche for the personal computer software industry. Such products can be purchased in software stores or obtained for free or at a nominal cost through on-line computer networks. Antiviral software is not foolproof, however. "You can't write a generic program that detects every virus, " said Hoffman, noting that new strains are always appearing. Some computer users suggest that the antiviral software companies want to stoke fear to build a market for their products. Consultant Tibor conceded that the calls he made to the media about Michelangelo were in part motivated by hopes of bringing business his way -- it in fact brought in only one client, he said. But his main motivation, Tibor said, was to get the word out about a serious computer danger. "I see the victims of viruses all the time," he said. He calls viruses "the digital equivalent of germ warfare."% ------------------------------ ------------------------------ End of Computer Underground Digest #4.09 ************************************