Computer Underground Digest Volume 1, Issue #1.19 (June 26, 1990) SPECIAL ISSUE: MALI

---
Master Index Current Directory Index Go to SkepticTank Go to Human Rights activist Keith Henson Go to Scientology cult

Skeptic Tank!

**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 1, Issue #1.19 (June 26, 1990) ** ** SPECIAL ISSUE: MALICE IN WONDERLAND: THE E911 CHARGES ** **************************************************************************** MODERATORS: Jim Thomas (Sole moderator: Gordon Meyer on vacation) REPLY TO: TK0JUT2@NIU.bitnet COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. -------------------------------------------------------------------- DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. -------------------------------------------------------------------- This issue is the concept outline of one section of a paper to be submitted to the Midwest Sociological Society's annual meetings in 1991 and will ultimately be submitted for publication. The intent of the paper is to develop a discourse analysis of how "social facts" are given "legal meanings." The saliency of the current crackdown on alleged "computer crime" seems an excellent way of tapping the clash between new meanings and old definitions, and how courts become the battlefield for over these meanings. This draft is not copy-protected and may be used as appropriate. The prose and ideas here remain tentative and incomplete, and will be refined. It is circulated for conceptual, theoretical, and bibliographic comments. ******************************************************************** THE SECRET SERVICE, E911, AND LEGAL RHETORIC: MALICE IN WONDERLAND? Jim Thomas Department of Sociology Northern Illinois University DeKalb, IL 60115 (28 June, 1990) ________ Concept outline for larger paper to be submitted at the Midwest Sociological Society annual meetings, 1991. THE SECRET SERVICE, E911, AND LEGAL RHETORIC: MALICE IN WONDERLAND? "When I use a word," Humpty Dumpty said, in rather a scornful tone, "it means just what I choose it to mean--neither more nor less." "The question is," said Alice, "whether you can make words mean so many different things." "The question is," said Humpty Dumpty, "which is to be master--that's all" (Carroll, 1981: 169). Law is more than simply assuring public order. It is also, as White (1984) argues, "action with words." The rhetoric of law is played out in the drama of the courtroom, and the denouement of the play is scripted by the language of statutory and case law, indictments, and the talk of the courtroom performers (Nichols, 1990; Thomas, 1983, 1989). - 1 - Part of this language game involves a battle over competing definitions, meanings, and nuances that may be unrelated to "facts," and instead replaces facts with rhetoric, or a style of persuasion. The language of indictments and how evidence is presented provides one window through which to observe this rhetorical battle. Indictments are the means by which a "bad act" is transformed into a formally sanctionable one by creatively linking the act to the law that it ostensibly violates. A recent federal indictment of an alleged computer hacker provides on example (U.S. v. Rigs and Neidorf, 90-CR-0070, Northern District of Illinois, Eastern Division). (For a background on the issues involved, see especially Barlow, (1990), Denning, (1990), Goldstein, (1990), Markoff, (1990), and Schwartz (1990). This outline is divided into two parts. Section one first presents formal "indictment talk" and that to which it speaks. The second section, not included here, will provide a semiotic/deconstructionist analysis. The indictment begins with a degradation game, one in which the credibility and character of the defendant is attacked because of a presumed deviant behavior and association with deviant groups. The goal is to stigmatize hackers such that prejudicial meanings are imposed. It is a clever linguistic trick that creates a tautology that defines the guilt of the defendant by recursing back to the allegation in a manner that produces linguistic "evidence of guilt." This would be analogous to calling an alleged murder a "murderer" in court, rather than requiring that the label must first be demonstrated to be true. In short, the "thing" becomes the "name:" - 2 - 5. _Computer Hackers_ - As used here, computer hackers are individuals involved with the unauthorized access of computer systems by various means. Computer hackers commonly identify themselves by aliases or "hacker handles" when communicating with other hackers. The rhetoric first attempts to transform the conventional and broader image of "hacker" into one that is malignant in a way that will allow anyone associated with the label to be, by definition, stigmatized as a criminal. Yet, there is considerable evidence that the term does not, in itself, refer to an illegal activity, and that many who consider themselves "computer hackers" do not engage in computer trespass, whether unauthorized or not. The assumption that all computer hackers are intent on committing criminal trespass or fraud distorts the nature of the activity. Only the most extreme examples come to the attention of law enforcement officials and the public, and this obscures the complexity both of hacking and of the CU. In its broadest sense, hacking is the dual process of obtaining and using sufficient mastery of computers and programs to allow resolution of a computer problem for which no previous knowledge or guidance exists. The Hacker's Dictionary, a text file widely circulated on BBSs, provides this definition: - 3 - HACKER {originally, someone who makes furniture with an axe} n. 1. A person who enjoys learning the details of programming systems and how to stretch their capabilities, as opposed to most users who prefer to learn only the minimum necessary. 2. One who programs enthusiastically, or who enjoys programming rather than just theorizing about programming. 3. A person capable of appreciating hack value (q.v.). 4. A person who is good at programming quickly. Not everything a hacker produces is a hack. 5. An expert at a particular program, or one who frequently does work using it or on it; example: "A SAIL hacker". (Definitions 1 to 5 are correlated, and people who fit them congregate.) 6. A malicious or inquisitive meddler who tries to discover information by poking around. Hence "password hacker", "network hacker". A computer programmer's attempt to help a colleague enter a system when a password has been lost or forgotten, de-bugging a copyright software program, or testing a system's security are examples for which a benign form of hacking is both required and considered acceptable. Nonetheless, this deceptive definition was successful, for it convinced Judge Nicholas Bua that the prosecutor's definition was the most common, would be unlikely to confuse a jury, and was not prejudicial (See Memorandum Order in CuD 1.16). Another rhetorical ploy in this same passage is the attempt to connect the use of aliases with deviant activity. Pseudonyms are widely used on BBSs, and their use reflects a cultural practice including, but hardly limited to, members of the computer underground. Yet, clever rhetorical twists distort the cultural meaning and impute to it one totally at odds with reality by playing on the myth that pseudonyms reflect attempts to hide "bad acts." - 4 - A third rhetorical ploy in this section of the indictment associates the defendant with a loosely connected group known as "Legion of Doom," which was a small collection of people who shared technical knowledge between themselves and others. Without presenting any evidence whatsoever, and without citing an indictment, on-going case, or justifying the claims, the indictment asserts that the group was "closely knit" and involved in disrupting telecommunications, bank fraud and other serious felonious behavior. Because of its amorphous nature and ambiguous boundaries defining "affiliation," the indictment's language offers little means to resist the imposition of its "legal meaning:" 6. _Legion of Doom_ - As used here the Legion of Doom (LOD) was a closely knit group of computer hackers involved in: a. Disrupting telecommunications by entering computerized telephone switches and changing the routing on the circuits of the computerized switches. b. Stealing proprietary computerized information from companies and individuals. c. Stealing and modifying credit information on individuals maintained in credit bureau computers. d. Fraudulently obtaining money and property from companies by altering the computerized information used by the companies. e. Sharing information with respect to their methods of attacking computers with other computer hackers in an effort to avoid law enforcement agencies and telecommunication experts from focusing on them, alone. - 5 - The indictment itself focuses on the alleged "theft" and dissemination of an E911 document from Bell South. Although those close to the case indicate that only a small portion of a training document was at issue, the language of the indictment attempts to link this document and its possession and dissemination to severe threats to the commonweal: 22. It was further part of the scheme that on or about February 24, 1989 defendant NEIDORF disseminated the disguised E911 text file in issue 24 of "PHRACK" newsletter. 23. It was further part of the scheme that the defendant NEIDORF would disseminate and disclose this information to others for their own use, including to other computer hackers who could use it to illegally manipulate the emergency 911 computer systems in the United States and thereby disrupt or halt 911 service in portions of the United States. Such rhetoric raises the spectre of people dying, and one news story actually wrote that there was no evidence of any deaths as the result of the behavior, thus re-inforcing the apparent danger to the public. The rhetoric sounds serious. But, what in fact is the evidence? The PHRACK file reprinted here is as it appeared in the original issue. The indictment indictates it is the same as the one that has been stolen, because it has been "edited," "retyped," and "disguised." - 6 - -------------------------------------------------------------------- ==Phrack Inc.== Volume Two, Issue 24, File 6 of 13 E911 - Enhanced 911: Features available include selective routing, selective transfer, fixed transfer, alternate routing, default routing, Automatic Number Display, Automatic Location Identification, night service, default routing, call detail record. End Office - Telephone central office which provides dial tone to the subscriber calling 911. The "end office" provides ANI (Automatic Number Identification) to the tandem office. Tandem Office - Telephone central office which serves as a tandem (or hub) for all 911 calls. Must be a 1AESS type of central office. The tandem office translations contain the TN/ESN relationships which route the 911 call to the proper SAP. The tandem office looks up the ANI (TN) that it receives from the end office and finds the ESN (routing information) which corresponds to a seven digit number ringing in at a PSAP. PSAP - Public Safety Answering Point, usually the police, fire and/or rescue groups as determined by the local municipalities. A "ringing" will not have ANI or ALI capabilities, but just receives calls or transferred calls from another PSAP. ESN - Emergency Service Number (XXX) that is assigned to the subscriber's telephone number in the tandem office translations The ESN represents a seven digit number by which the tandem office routes the call to the proper PSAP. PSAPs with ALI capabilities also receive a display of the ESN information which shows which police, fire and rescue agency serves the telephone number calling 911. An ESN is a unique combination of police, fire, and rescue service for purposes of routing the E911 call. ANI - Automatic Number Identification corresponds to the subscriber's seven digit telephone number. The ANI displays at the PSAP on the digital ANI display console. ALI - Automatic Location Identification provides for an address display of the subscriber calling 911. With ALI, the PSAP receives the ANI display and an ALI display on a screen. The ALI display includes the subscriber's address, community, state, type of service and if a business, the name o the business. The PSAP will also get a display of the associated ESN information (police, fire, rescue). Selective Routing - The capability to route a call to the particular PSAP serving the address associated with the TN making the 911 call. Selective routing is achieved by building TN/ESN translations in the tandem central office. These translations are driven by the E911 data base which assign the ESN to each telephone number based on the customer's address. Service order activity keeps the E911 data base updated. The E911 data base, in turn, generates recent change to the tandem office (through the SCC or RCMAC) to update the TN/ESN translations in the tandem data base. Selective Transfer - Provides the PSAP with the ability to transfer the incoming 911 call to a fire or rescue service for the particular number calling 911 by pushing one button for fire or rescue. For example, if an incoming 911 call was reporting a fire, the PSAP operator would push the fire button on the ANI console; the call would go back to the tandem office, do a lookup for the seven digit number associated with fire department, for the ESN assigned to the calling TN, and automatically route the call to that fire department. This differs from "fixed" transfer which routes every call to the same fire or rescue number whenever the fire or rescue button is pushed. The PSAP equipment is optioned to provide either fixed or selective transfer capabilities. Alternate Routing - Alternate routing provides for a predetermined routing for 911 calls when the tandem office is unable to route the calls over the 911 trunks for a particular PSAP due to troubles or all trunks busy. Default Routing - Provides for routing of 911 calls when there is an ANI failure. The call will be routed to the "default" ESN associated with the he NNX the caller is calling from. Default ESNs are preassigned in translations and are usually the predominant ESN for a given wire center. Night Service - Night service works the same as alternate routing in that the calls coming into a given PSAP will automatically be routed to another preset PSAP when all trunks are made busy due to the PSAP closing down for the night. Call Detail Record - When the 911 call is terminated by the PSAP operator, the ANI will automatically print-out on the teletypewriter located at the PSAP. The printout will contain the time the call came into the PSAP, the time it was picked up by an operator, the operator number, the time the call was transferred, if applicable, the time the call was terminated and the trunk group number associated with the call. Printouts of the ALI display are now also available, if the PSAP has purchased the required equipment. ANI Failure - Failure of the end office to identify the call and provide the ANI (telephone number) to the tandem office; or, an ANI failure between the tandem office and the PSAP. Misroute - Any condition that results in the 911 call going to the wrong PSAP. A call can be misrouted if the ESN and associated routing information are incorrect in the E911 data base and/or tandem data base. A call can also be misrouted if the call is an ANI failure, which automatically default routes. Anonymous Call - If a subscriber misdials and dials the seven digit number associated with the PSAP position, they will come in direct and ANI display as 911-0000 which will ALI as an anonymous call. The seven digit numbers associated with the PSAP positions are not published even to the PSAPs. Spurious 911 Call - Occasionally, the PSAP will get a call that is not associated with a subscriber dialing 911 for an emergency. It could be a subscriber who has not dialed 911, but is dialing another number, or has just picked up their phone and was connected with the PSAP. These problems are equipment related, particularly when the calls originate from electromechanical or step by step offices, and are reported by the E911 Center to Network Operations upon receipt of the PSAP inquiry reporting the trouble. The PSAP may get a call and no one is there; if they call the number back, the number may be disconnected or no one home Again these are network troubles and must be investigated. Cordless telephones can also generate "spurious" calls in to the PSAPs. Generally, the PSAP will hear conversation on the line, but the subscribers are not calling 911. The PSAP may report spurious calls to to repair if they become bothersome, for example, the same number ringing in continually. No Displays - A condition where the PSAP ALI display screen is blank. This type of trouble should be reported immediately to the SSC/MAC. If all screens at the PSAP are blank, it is an indication that the problem is in the circuits from the PSAP to the E911 computer. If more than one PSAP is experiencing no display, it may be a problem with the Node computer or the E911 computer. The SSC/MAC should contact the MMOC to determine the health of the HOST computer. Record Not Found - If the host computer is unable to do a look up on a given ANI request from the PSAP, it will forward a Record Not Found message to the PSA ALI screen. This is caused by service order activity for a given subscriber not being processed into the E911 data base, or HOST computer system problems whereby the record cannot be accessed at that point in time. No ANI - This condition means the PSAP received a call, but no telephone number displayed on the ANI console. The PSAP should report this condition immediately to the SSC/MAC. PSAP Not Receiving Calls - If a PSAP cannot receive calls or request retrieval from the E911 host computer, i.e., cable cut, the calls into that PSAP must be rerouted to another PSAP. The Switching Control Center must be notified to reroute the calls in the tandem office E911 translations. MSAG - Master Street Address Guide. The MSAG ledgers are controlled by the municipality which has purchased the E911 ALI service, in that they assign which police, fire or rescue agency will serve a given street an number range. They do this by assigning an ESN to each street range, odd, even, community that is populated in the county or municipality served. These MSAGs are then used as a filter for service order activity into the E911 computer data base to assign ESNs to individual TN records. This insures that each customer will be routed to the correct agency for their particular address. In a non-ALI County, TAR codes are used by the Telephone company to assign ESNs to service conductivity and the County does not control the ESN assignment. TAR codes represent the taxing authority for the given subscriber which should correspond to their police, fire and rescue agencies. The MG method, of course, is more accurate because it is using the actual service address of the customer to route the call and provides the county with more flexibility in assigning fire and rescue district, etc The Customer Services E911 Group maintains the E911 computer data base and interfaces with the County (customer) on all MSAG or data base activity. ___________________________________________________________________________ What in fact is this document? It is simply a partial glossary available from other sources, and hardly of any technical value. It presents 22 terms, six of which are found in at least one public book (e.g., Ambrosch, Maher and Sasscer, 1989), and the rest found either in the text of that work (see esp. Chapter 9) or readily found elsewhere. Further, if this document can be deciphered as potentially dangerous, then what is one to make of the Amborsch, Maher and Sasscer volume itself, which not only provides several hundred definitions, but also includes detailed technical information and diagrams about the operation, administration, and functioning of Bell systems? There is nothing in the PHRACK document, or in any of the so-called "phreak/hacker" magazines that is not available in more detail from any work found in the classroom or library. A cursory reading of Ambrosch, Maher, and Sasscer (1989) provides references to many of these definitions, and we have seen others in the "chat" section of public BBSs. Below we provide a sample of terms readily available to the public. Those without a reference are either common terms or are readily deducible from the referenced items: Alternate Routing Anonymous Call - 14 - ALI (Glossary, 285; pp 173-175; throughout) ANI (Glossary, p. 285 and throughout) ANI Failure Call Detail Record Default Routing (referenced on p. 166) End Office (Standard communications term) ESN E911 (Standard definition, ubiquitous) Misroute MSAG (Definition found on BBSs) Night Service No ANI No Displays PSAP (Glossary, p. 287) PSAP Not Receiving Calls Record Not Found Selective Routing (reference on p. 166) Selective Transfer Spurious 911 Tandem Office Despite the banality of these terms, the indictment's discourse was sufficiently clever to convince Judge Bua that the information was indeed "valuable," and "confidential," and despite its public availability, is "property" that deprives Bell South of "something of value." However, the judge seems taken in by the chicanery of the prosecutor's linguistic - 15 - distortion that manipulates the symbols of PHRACK's style to create an alternative reality that is, at best, questionable. Consider, for example, the following passage. First assume it appears in a scholarly article explaining the basic service of E911: With the non-IN Emergency Response Service (ERS), the caller dials a special emergency number (very short, usually three digits) which is uniform within a country, (for example, 911 in the USA, and in West Germany 110/0110 for police and 112/0112 for fire or ambulance) (Ambrosch, Maher and Sasscer, 1989: 162). Now, re-frame the same passage, but preface it with a sentence like: "At the last hackers' convention, Holly Hackwood described the E911 basic service like this: (and now re-read the passage)." Is the E911 document illegal when published in PHRACK (for that is what the indictment charges), but legal when published in a library book or a research paper? The point is that it is not only possession of public information that is being prosecuted, but the manner in which the symbols are packaged. In CuD 1.17, we cited a California law that makes it a felony to merely POSSESS certain types of information, whether that information is used or communicated to others or not. The "crime" of the "hacker" seems to be not only possession of information freely available to the public, but also of presenting relatively innocuous information in the discourse of an anti-establishment ethos. More simply, the "crime" is that of speaking a different language than law enforcement officials who seem willing to distort that language with rhetorical ploys of their own. - 16 - White (1984) suggest that, in legal discourse, "words lose their meaning" and that law is as much a language game as it is the application of statutes and cases to behavior. The resulting danger is that language becomes a weapon to subvert freedom of speech. In an era when most people are not "culturally literate" in the nuances of techno-speak, the ease of distortion puts defendants at risk in bench or jury trials where a common framework of meaning is intentionally obscured in the battle over symbolic terrain. In the next section the language of law as reflected in the indictment will be "deconstructed," and the logic and imagery made more apparent. (End this section) BIBLIOGRAPHY Ambrosch, W.D., A. Maher and B. Sasscer (Eds.). 1989. The Intelligent Network: A Joint Study by Bell Atlantic, IBM and Siemens. Berlin: Springer-Verlag. Barlow, John Perry. 1990 (forthcoming). "Crime and Puzzlement." The Whole Earth Review. Denning, Dorothy. 1990. "Concerning Hackers Who Break into Computer Systems." Paper presented at the 13th National Computer Security Conference, Washington, D.C., Oct. 1-4. - 17 - Goldstein, Emmanuel. 1990. Editorial Commentary on "Operation Sun Devil." 2600 Magazine, /Spring. Markoff, John. 1990. "Drive to Counter Computer Crime Aims at Invaders." The New York Times, /June 3: 1, 21. Nichols, Lawrence T. 1990 (forthcoming). "Discovering Hutton: Expression Gaming and Congressional Definitions of Deviance." Pp. *-* in N. Denzin (ed.), Studies in Symbolic Interaction, Vol. 11. Greenwich (Conn.): JAI Press. Thomas, Jim. 1989. Prisoner Litigation: The Paradox of the Jailhouse Lawyer. Totowa (N.J.), Aldine. _____. 1983. "Justice as Interaction:: Loose Coupling and Mediations in the Adversary Process." Symbolic Interaction, 6(Fall): 243-260. White, James Boyd. 1984. When Words Lose their Meaning: Constitutions and Reconstructions of Language, Character, and Community. Chicago: University of Chicago Press.

---

E-Mail Fredric L. Rice / The Skeptic Tank