Computer underground Digest Sun Apr 4 1993 Volume 5 : Issue 25 ISSN 1004-042X Editors: Jim

---
Master Index Current Directory Index Go to SkepticTank Go to Human Rights activist Keith Henson Go to Scientology cult

Skeptic Tank!

Computer underground Digest Sun Apr 4 1993 Volume 5 : Issue 25 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Copp Editor: Etaoin Shrdlu, Senior CONTENTS, #5.25 (Apr 4 1993) File 1--CPSR Wins SSN Privacy Case File 2--Re: Debating the Virus contest - 1 (#5.23) File 3--Re: Debating the Virus contest - 2 (#5.23) File 4--Re: Debating the Virus contest - 3 (#5.23) File 5--USPS Freedom of Information Act Requests File 6--Collecting Cu Files (From "LOD") File 7--CU in the news File 8--Comments on SJG Decision (GRID News) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The editors may be contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL0 and DL12 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on the PC-EXEC BBS at (414) 789-4210; in Europe from the ComNet in Luxembourg BBS (++352) 466893; ANONYMOUS FTP SITES: UNITED STATES: ftp.eff.org (192.88.144.4) in /pub/cud uglymouse.css.itd.umich.edu (141.211.182.53) in /pub/CuD/cud halcyon.com( 202.135.191.2) in /pub/mirror/cud AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD. EUROPE: nic.funet.fi in pub/doc/cud. (Finland) ftp.warwick.ac.uk in pub/cud (United Kingdom) Back issues also may be obtained through mailservers at: mailserv@batpad.lgb.ca.us or server@blackwlf.mese.com COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Some authors do copyright their material, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Fri, 26 Mar 1993 17:03:43 EST From: Marc Rotenberg Subject: File 1--CPSR Wins SSN Privacy Case CPSR Wins SSN Privacy Case PRESS RELEASE March 26, 1993 "FEDERAL APPEALS COURT UPHOLDS PRIVACY: USE OF SOCIAL SECURITY NUMBER LIMITED - - - - CPSR Expresses Support for Decision" A federal court of appeals has ruled that Virginia's divulgence of the Social Security numbers of registered voters violates the Constitution. The Court said that Virginia's registration scheme places an "intolerable burden" on the right to vote. The result comes nearly two years after Marc Greidinger, a resident of Falmouth, Virginia, first tried to register to vote. Mr. Greidinger said that he found it nearly impossible to obtain a driver's license, open accounts with local utilities or even rent a video without encountering demands for his Social Security number. Mr. Greidinger told the New York Times this week that when the State of Virginia refused to register him as a voter unless he provided his Social Security number he decided to take action. He brought suit against the state, and argued that Virginia should stop publishing the Social Security numbers of voters. This week a federal appeals court in Richmond, Virginia ruled that the state's practice constituted "a profound invasion of privacy" and emphasized the "egregiousness of the harm" that could result from dissemination of an individual's SSN. Computer Professionals for Social Responsibility (CPSR), a national membership organization of professionals in the computing field, joined with Mr. Greidinger in the effort to change the Virginia system. CPSR, which had testified before the U.S. Congress and the state legislature in Virginia about growing problems with the misuse of the SSN, provided both technical and legal support to Mr. Greidinger. CPSR also worked with Paul Wolfson of the Public Citizen Litigation Group, who argued the case for Mr. Greidinger. In an amicus brief filed with the court, CPSR noted the long-standing interest of the computing profession in the design of safe information systems and the particular concerns about the misuse of the SSN. The CPSR brief traced the history of the SSN provisions in the 1974 Privacy Act. The brief also described how the widespread use of SSNs had led to a proliferation of banking and credit crime and how SSNs were used to fraudulently obtain credit records and federal benefits. CPSR argued that the privacy risk created by Virginia's collection and disclosure of Social Security numbers was unnecessary and that other procedures could address the State's concerns about records management. This week the court of appeals ruled that the state of Virginia must discontinue the publication of the Social Security numbers of registered voters. The court noted that when Congress passed the Privacy Act of 1974 to restrict the use of the Social Security number, the misuse of the SSN was "one of the most serious manifestations of privacy concerns in the Nation." The Court then said that since 1974, concerns about SSN confidentiality have "become significantly more compelling. For example, armed with one's SSN, an unscrupulous individual could obtain a person's welfare benefits, or Social Security benefits, order new checks at a new address, obtain credit cards, or even obtain the person's paycheck." The Court said that Virginia's voter registration scheme would "compel a would-be voter in Virginia to consent to the possibility of a profound invasion of privacy when exercising the fundamental right to vote." The Court held that Virginia must either stop collecting the SSN or stop publicly disclosing it. Marc Rotenberg, director of the CPSR Washington office said, "We are extremely pleased with the Court's decision. It is a remarkable case, and a real tribute to Marc Greidinger's efforts. Still, there are many concerns remaining about the misuse of the Social Security number. We would like to see public and private organizations find other forms of identification for their computing systems. As the federal court made clear, there are real risks in the misuse of the Social Security number." Mr. Rotenberg also said that he hoped the White House task force currently studying plans for a national health care claims payment system would develop an identification scheme that did not rely on the Social Security Number. "The privacy concerns with medical records are particularly acute. It would be a serious design error to use the SSN," said Mr. Rotenberg. Cable News Network (CNN) will run a special segment on the Social Security number and the significance of the Greidinger case on Sunday evening, March 28, 1993. The Court's opinion is available from the CPSR Internet Library via Gopher/ftp/WAIS. The file name is "cpsr/ssn/greidinger_opinion.txt". The CPSR amicus brief is available as "cpsr/ssn/greidinger_brief.txt". CPSR is a national membership organization, based in Palo Alto, California. CPSR conducts many activities to protect privacy and civil liberties. Membership is open to the public and support is welcome. For more information about CPSR, please contact, CPSR, P.O. Box 717, Palo Alto, CA 94302, call 415/322-3778 or email cpsr@csli.stanford.edu. ------------------------------ Date: Mon, 29 Mar 1993 13:29:18 -0500 (CST) From: THe ADvocate Subject: File 2--Re: Debating the Virus contest - 1 (#5.23) In CuD #5.23, roy%burnflag.ati.com@HARVUNXW.BITNET(Roy) writes: > Let's just say I decided to have a bomb making contest. This is for > the purely scientific purpose of studying how bombs work, and allowing > people to study different ways to defuse bombs. I am going to award > some cash to the winner and publish the plans for making the bomb in > my soon-to-be-released book called "The Little Black Book of Bomb > Making Techniques". This man has obviously never heard of the Anarchists cookbook. The poor Mans James Bond or even Army Pub NN-XX Unconventional Munitions. All available at a bookstore near you:-) > So, the book gets published and sells lots of copies. Mark Ludwig > arrives home one day to find that his place of residence has been > destroyed by a huge bomb. It just so happens that the type of bomb > used is the same award winning explosive device as I published in my > book. Kinda like the peoples whose homes get blown up by White supremacists or clinics bombed by anti-abortion fanatics? > Surely, Mr. Ludwig would not hold me responsible for the destruction > of his home caused by someone who decided to implement the plans I > presented purely for "scientific research purposes". Too date, no case has been carried against a publisher for this kind of material. Soldier of fortune magazine was struck in a case for libel regarding publishing an ad for Murder for Hire services. I am not sure of the status of the case. > Roy Batchelor / Burn This Flag BBS / San Jose, CA / 408-363-9766 / Apparently mr Batchelor is not aware of the first amendment of this country. Publishing of ideas, is encouraged, even when they can lead to harmful activities. After all the founding fathers were publishing materials on how to overturn an empire and slaughter Government soldiers. Todays revolutionary is often times tomorrows government leader. Look at Begin in Israel or Mandela in South Africa. Our own government gets plenty cozy with numerous Armed revolutionaries. If something is a crime, the justice system will cope. And if it can't why am I paying taxes? Men like mr Batchelor would like to destroy the first amendment on the basis of protecting society. Drugs are a serious problem. Mnay of them are easily synthesized. Would you prohibit publication of books that show how to synthesize organic molecules because someone might make some drugs that some addict may get hooked on and later burglarize your home looking for cash? Solid police work and solid education are the methods of a civilized society. Not puritanical methods. THe ADvocate. ------------------------------ Date: Mon, 29 Mar 93 11:15:00 PST From: erikn@BOA.MITRON.TEK.COM(Erik Nilsson) Subject: File 3--Re: Debating the Virus contest - 2 (#5.23) Roy Batchelor Writes: > Surely, Mr. Ludwig would not hold me responsible for the > destruction of his home caused by someone who decided to implement > the plans I presented purely for "scientific research purposes". And Mr. Ludwig would be right. In fact, there are lots of Little Black Books of Bomb Making Techniques in existence, and a News conference (Alt.rec.fireworks) that could also fairly be named Alt.rec.explosives.manufacture or Alt.rec.bombs. Yes, people do blow things up for the fun of it, and it turns out that we live in some facsimile of a free society where you can say and think a pretty wide range of things, and even do a pretty wide range of things, without much more than applying for a permit without drooling on yourself. If I write a book on gravity, and someone tries to drop a piano on you, do you think you have a case for some reason? For me, the analogy with viri is imperfect, because I can't imagine why someone would waste their time writing one. Of course, people could fairly wonder why I get several dozen of my friends together at least once a year to burn, detonate, and obliterate objects of varying artistic value. In any case, I consider credit databases, CNID, and the FBI wiretap proposal far more dangerous to my way of life than computer viri. Oh yes, here's a simple bomb: 1. Apply for an explosives handling permit from your state Fire Marshall. Tell them you have a few stumps that you need to get rid of. 2. Take the permit and your driver's license to your local farm supply store, and buy the following: - Explosive of your choice. Dynamite has a quaint charm, but the plastic stuff is better. - A blasting cap. - A firing kit. - Several pounds of concrete anchors. - A roll of duct tape. 3. If it isn't obvious what to do from here, you shouldn't be making bombs. 4. Modern explosives are probably a lot more powerful than you think. Start with small amounts, a LONG WAYS away from where you are. Wear ear and eye protection. Be careful, etc, etc. A friendly warning: this is not a good way to make a bomb that is really going to upset anyone, since commercial explosives are widely reputed to have impurities imbedded in them for tracing. Here's the infamous "Dry Ice Bomb," this version off of Alt.Rec.Fireworks (posted by Eric Donaldson): - dry ice - water - container - a cap that fits tightly on the container - Mix in an open environment. - [apply the cap & run like hell (always "like hell" on principle, you never "run laconically" from an imminent explosion)] - Wait somewhere btw 1-30 minutes. - and do not go near unless you want to risk your life. I'd like to emphasize this last point. It's a good idea to have some sort of firearm handy to trigger the thing if it fails to go off by itself, so you don't spend all afternoon throwing rocks at it (you can NOT just leave it for someone to find.). I personally would not do this with a glass container, 2 liter plastic bottles work just fine. Dry ice bombs are pretty safe, unless you have a short attention span. Do not handle dry ice with your bare hands. You might want to check local laws before making one of these, as they are major illegal in some places. For more info, try Alt.Rec.Fireworks, Protechnic Guild International (18021 Baseline Avenue, Jordan, MN 55352), or American Fireworks News (Star Route Box 30, Dingmans Ferry, PA 18328). Here's an older list of pyro BBSs: Name Phone Number Location Evergreen Micro (206)452-2012 Port Angles, WA Exchange of Byte(206)692-7301 Silverdale, WA Jimby BBS (206)698-1044 Brownsville, WA West Coast Pyro (209)661-5355 Madera, CA Sundial (509)545-1789 Pasco, WA Spokane Data (509)747-5199 Spokane, WA The Hideaway (509)586-0104 Kennewick, WA Strikezone (509)586-6803 Kennewick, WA FOG-Line (515)964-7937 Des Moines, IA Empire BBS (516)325-0827 Eastport, NY VAXCat (603)424-0923 Merrimack, NH Babble Board (603)267-5921 Belmont, NH Nuke-Zone (603)474-8915 Seabrook, NH jBBS (619)221-0311 San Diego, CA Starhelm (619)479-3006 San Diego, CA Maybe somebody has a newer list, I'm not sure how many of these are still up. I fergit who I got most of this info from, but thanks anyway. I hope this helps. ------------------------------ Date: Mon, 29 Mar 1993 18:12:35 -0500 From: Mike McNally Subject: File 4--Re: Debating the Virus contest - 3 (#5.23) In article <1993Mar28.222658.9625@chinacat.unicom.com> "Roy Batchelor" writes: >This note is in reference to the current issue of CuD and the all the >discussion of Mark Ludwigs' virus writing contest. > [...] > >So, the book gets published and sells lots of copies. Mark Ludwig >arrives home one day to find that his place of residence has been >destroyed by a huge bomb. It just so happens that the type of bomb >used is the same award winning explosive device as I published in my >book. > >Surely, Mr. Ludwig would not hold me responsible for the destruction >of his home caused by someone who decided to implement the plans I >presented purely for "scientific research purposes". Though I'm sure you meant this sarcastically, I'll take it at face value. In such a situation *I* wouldn't blame you, I'd blame the person responsible for setting the bomb. If you were run over by a drunk driver, who would you blame? Henry Ford? Jack Daniels? Mobil Oil, for selling the driver the gas the car needed to run? The responsibility for such an action belongs completely to the person who initiates the action, not the thousands of people involved in making the whole situation possible. Why not blame the authors of MS-DOS for writing an OS that's such an easy host for viruses? ------------------------------ Date: Fri, 2 Apr 93 21:28:37 MST From: mrosen@NYX.CS.DU.EDU(Michael Rosen) Subject: File 5--USPS Freedom of Information Act Requests In issue #42 of Phrack there was an article about the USPS' practice of selling change of address information without consumer consent. I sent the supplied form letter and carbon copied my congressman and senators. Today I received a reply from the USPS Records Office. April 1, 1993 Dear Mr. Rosen: This concerns your recent Privacy Act request for accountings of disclosure of mail forwarding information you have provided to the Postal Service. Disclosure of your forwarding address might have been made to individual requesters by post offices or to subscribers to the National Change of Address File (NCOA) by an NCOA licensee. The NCOA is a consolidated file of all forwarding information provided by postal customers and stored on automated media. Listholders may subscribe to NCOA to obtain the new addresses of individuals for whom they already have in their possession the old address. For disclosures made by post offices, we are in the process of querying the Washington, DC postmaster for any accountings. For disclosures made from the NCOA system, we will begin querying NCOA licensees all of which keep logs identifying the particular subscribers to whom they have given NCOA information. This accounting will not identify with certainty the subscribers who have in fact received your new address, but will give you a list of all subscribers receiving NCOA service for the relevant time period and thus might have received your address. Because a large number of requests like yours are being received, there will be a delay in responding. Requests are being processed in order of receipt and you will be sent the accountings as soon as possible. Your patience is appreciated. ------------------------------ Date: Tue, 30 Mar 93 22:39:29 EST From: lodcom@MINDVOX.PHANTOM.COM(LOD Communications) Subject: File 6--Collecting Cu Files (From "LOD") Thank you for requesting information about the Hack/Phreak Underground BBS Message Base Files. The first Price Listing of completed message base Files will be sent to you via email in early to mid April 1993. Until then, the following background information should provide you with a better picture of this undertaking. A significant portion of now retired computer underground participants (hackers and phone phreaks) have expressed an interest in seeing all of those old messages they posted on various underground hacker bulletin boards during their respective 'careers'. This is especially the case for those who never downloaded the messages; sold, gave away, or chucked their disks; and those who were visited by law enforcement officials who TOOK EVERYTHING including that suspicious looking toaster 8-/. In addition to this crowd, those who have come to the 'scene' relatively recently are keenly interested in what their 'forefathers' talked about and what computer systems and networks they were into. This interest, and the growing curiosity of corporations, security professionals, and the general public to know what all those 'hacker kids' were REALLY up to (starting World War III of course!) is the reasoning behind this undertaking. Basically, LOD Communications is creating a Historical Library of the dark portion of Cyberspace. Throughout history physical objects have been preserved for posterity for the benefit of the next generation of humans. Cyberspace however, isn't very physical; data contained on floppy diskettes has a finite lifetime as does the technology to retrieve that data. Most of the underground systems operated at a time when TRS80's, VIC-20's, Commodore 64's, and Apple //'s were state of the art. Today, it's difficult to find anyone who has one of these machines in operating condition not to mention the brain cells left to recall how to operate them. :( The aim of the project is to acquire as much information as possible which was contained on the underground hack/phreak bulletin boards that were in operation during a decade long period dating from the beginnings (1979, 80 - MOM: Modem Over Manhattan and 8BBS) to the legendary OSUNY, Plovernet, Legion of Doom!, Metal Shop, etc. up through the Phoenix Project circa 1989. Currently messages from over 40 different BBS's have been dug up although very few message bases are 100% complete. Not having a complete 'set' does not diminish their value however. As happens with most projects, the effort and monetary investment turned out to be substantially more than originally anticipated. Literally hundreds of man-hours have been spent copying dusty apple ][ disks, transferring them to IBM (or typing in hard copy versions when electronic versions were unavailable), organizing the over one thousand individual files according to what BBS the messages were originally posted on, and splicing the files together. Also, after consulting with the appropriate civil liberties organizations and actual legal counsel, a very slight editing of the messages restricted to long distance access codes, phone numbers, and computer passwords had to be made to ensure that there is nothing illegal contained within the messages. Every effort was made to keep the messages in their pristine condition: 40 columns, ALL CAPS, spelling errors, inaccuracies of various kinds, and ALL. In order to at least break even, a dollar value has been attached to each set of message bases. The dollar values were determined based on the following conglomeration: the number of years ago the BBS operated, its popularity and message content, whether the BBS or portions thereof were deemed 'Elite' (and therefore restricted access to but a small number of users), and the total number of messages compiled. The prices were kept as low as possible and range from $1.00 to $9.00 for each Copyrighted (c) 1993 by LOD Communications, H/P BBS message base set. Most sets include [in addition to the messages themselves]: a historical background and description of the BBS, any tutorials aka "G-Philes" that were online as well as downloaded userlists if available. Due to the economics involved in diskettes, snail mail costs, and filling orders, a minimum order of $20.00 is required. Corporations and Government agencies must order the complete set and pay a moderately higher rate. The files will be available in IBM (5.25 or 3.5 inch), Amiga, and Apple MacIntosh formats and orders are expected to arrive at the requestors' physical mail box in 2-4 weeks upon receipt of the order. Paper versions can be ordered but cost double (many messages are of 40 column format and therefore wastes lots of paper) and take twice the time to deliver. These Files will hopefully provide those who were not part of the underground experience to learn what it was all about instead of relying on those often slanted (negatively) accounts found in the press. How much did the hackers and phone phreaks who used these bulletin boards know and how did they find it out? Did they have the capability to shut down phone service of Area Code proportions, could they ruin someone's credit, could they 'move satellites in the heavens', could they monitor packet switching network conversations? The answers lay within the messages which were painstakingly collected and are currently being organized into Files. Your patience is appreciated. LOD Communications: Leaders in Engineering, Social and Otherwise Email: lodcom@mindvox.phantom.com Voice Mail: 512-448-5098 Snail Mail: LOD Communications 603 W. 13th Suite 1A-278 Austin, Texas 78701 ------------------------------ Date: 28 Mar 93 15:37:16 EST From: Gordon Meyer <72307.1502@COMPUSERVE.COM> Subject: File 7--CU in the news Virus Advert Censored ===================== The British Advertising Standards Authority has asked Total Control Ltd (U.K.) to stop running a particular ad for the VIS Anti Virus Utilities package. The ad appeared in a March 1992 edition of PC Week. ((Moderators' note: yes, 1992) The ad features two diskettes lying on pillows next to each other in bed. The headline read ''Before you put it in...make sure you know where it's been!''. The Authority found this to be offensive. (Infosecurity News. March/April 1993. Page 8) Tiger Team Penetrate IRS Computers =================================== A so-called ''Tiger Team'' of internal security agents has successfully penetrated two IRS computers, and were active in the system for seven days without being detected, according to a Knight-Ridder report. Agents posed as IRS employees ((not too difficult, considering they were! just kidding. - Moderators')) and entered facilities at Memphis, Tenn. and Ogden, Utah locations. Once inside they installed programs to steal passwords by capturing keystrokes. Later they used the stolen passwords to infiltrate the systems. (Infosecurity News. March/April 1993. Page 8) Computer Sabotage By Employees ============================== The March 8, 1993 issue of Information Week has a lengthy excerpt from _Sabotage In The American Workplace_. (Pressure Drop Press, San Francisco) Although the book has anecdotes from all types of workers, the Information Week extracts focus on those involving the use of computers. The following five stories are featured: - A programmer who planted a logic bomb. - A technician who undermined sales efforts. - A technical writer who works on outside projects during throughout the day. - A system designer who resolves problems by erasing data. - A stockbroker who generates random buy/sell transactions to see how the market will react. For more information see "Sabotage: They're Mad, They're Bad, They Just Don't Care. Workers Tell How They Use Computers to Strike Back". Pages 34-48 Price Waterhouse's Hackers For Hire =================================== The Big Six accounting firm of Price Waterhouse is offering clients a "Security Penetration Study" in which former hackers and computer security experts will assess a systems security by attempting to break into it. Other services, such as employee awareness programs, are also offered. (Information Week. March 15, 1993. Page 8) PC's and Households =================== A Software Publishers Association (SPA) survey of 672 US households found that college graduates were twice as likely to have personal computers as non-graduates. Of the homes that had PC's, 56% boasted a household income in excess of $50,000. The survey also found that 75% of home computers are MS-DOS based, with more than half of those being 386 or 486 machines. Respondents also admitted that 40% of their entertainment software had been copied from friends, work, or school. {Moderators' Note: We'd speculate that much more than 40% of business software used at home is copied from others.} (Information Week. March 15, 1993. Page 66) AT&T Collects from Jiffy Lube ============================= A US District Judge in Maryland has ruled that the automobile service company Jiffy Lube is responsible for fifty thousand dollars in unauthorized phone calls placed on its 800-number. Jiffy Lube had argued that it shouldn't be held liable for calls it did not authorize nor place, but the judge found that AT&T's tarrifs specify that customers are responsible for all calls. (Information Week. March 22, 1993. Page ??) Piracy Down, Jobs Still Lost ============================ Windows Magazine (March 1993, pg 32) reports that although the SPA says business software piracy fell by 41% in 1992, it still represents a $1.2 Billion loss to the industry. That money is great than the cumulative revenue of 81 of the top 100 independent software developers. The SPA also estimates that stolen software cost 60,000 jobs in the industry. ------------------------------ Date: Tue, 30 Mar 93 08:53 EST From: "Michael E. Marotta" Subject: File 8--Comments on SJG Decision (GRID News) GRID News. March 30, 1993. ISSN 1054-9315. vol 4 nu 2. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ (74 lines) Reflections of an Author and Publisher on Judge Sam Sparks' Decision by Michael E. Marotta mercury@well.sf.ca.us Grid News was launched in 1989. While Jolnet and PHRACK were being busted, I was a participant in the White House Conference on Library and Information Services. As a result of that bust, I applied for and received the ISSN designator from the Library of Congress. I wanted it perfectly clear that Grid News is a publication. (After its first volume, I obtained an ISSN for HERMES, a cybercast periodical for economic topics.) What disturbs me about Judge Sparks's ruling are these words: In any event, the Court declines to find from a preponderance of the evidence that on March 1, 1990, Agent Foley or any other employee or agent of the United States had reason to believe that property seized would be the work product materials of a person believed to have a purpose to disseminate to the public a newspaper, book, broadcast or other similar form of public communication. Foley and Kluepfel were recognized by the court to be experts in computers. Yet, the court did not expect them to recognize a BBS as a "form of public communication." This is disturbing. Earlier this week, I received a file from Bitnic about the "Clinton-Gore Initiative." That we can link everyone in America to the same fiberoptic network and not have "public communication" is beyond reason. I wrote a book about codes and ciphers (available from Loompanics, P. O. Box 1197, Port Townsend, WA 98368. $13.95 w/s&h). This week, I have the proceedings from Crypto 85 and Crypto 86 and I enjoyed reading Adleman's attack on Shamir's quadratics. However, these guys should be warned that merely attempting to break someone else's cipher is suspect in the eyes of the law. Judge Sparks said: "Kluepfel had legitimate concerns, both about the 911 document stolen from Bell South and the possibility of a decryption system which could utilize passwords in rapid fashion and could result in intrusions of computer systems, including those of the Bell System." And later, he ruled: "If the Secret Service, in the performance of executing Court order, had only obtained and taken the 911 document or alleged decryption materials, application of the definitions of "documentary materials" and "work product materials" would logically result in no violation of the statute under the circumstances of this case." It seems that merely attempting decryption can make you the target of a Secret Service bust. Someone better warn the SETI folks and maybe Dr. Lilly ... (:-) The darkest shadow is cast by these words from the conclusion of the ruling: "It may well be, as the Government Defendants contend, these statutes relied upon by the Plaintiffs should not apply to the facts of this case, as these holdings may result in the government having great difficulties in obtaining information or computer documents representing illegal activities. But this Court cannot amend or rewrite the statutes involved. The Secret Service must go to the Congress for relief. Until that time, this Court recommends better education, investigation and strict compliance with the statutes as written." I suggest that the Secret Service and the telcos will in fact devote their resources to lobbying Congress for tougher laws and will not spend much effort on education within their ranks. Caveat computor. ------------------------------ End of Computer Underground Digest #5.25 ************************************

---

E-Mail Fredric L. Rice / The Skeptic Tank