CONTENTS, #3.44 ( Dec 17, 1991)
File 1: Jyrkis Posting
File 2: Re: Canada: Police Seize BBS, Software Piracy Charges Expected
File 3: FBI vs Kiddie Porn
File 4: "Getting what he Deserved?" (Reprint from Effector 2.02)
File 5: E-mail privacy bibliography
File 6: Second CFP Conference
Issues of CuD can be found in the Usenet alt.society.cu-digest news
group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG,
and DL0 and DL12 of TELECOM, on Genie, on the PC-EXEC BBS at (414)
789-4210, and by anonymous ftp from ftp.cs.widener.edu (147.31.254.132),
chsun1.spc.uchicago.edu, and ftp.ee.mu.oz.au. To use the U. of
Chicago email server, send mail with the subject "help" (without the
quotes) to [email protected].
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted as long as the source
is cited. Some authors do copyright their material, and they should
be contacted for reprint permission. It is assumed that non-personal
mail to the moderators may be reprinted unless otherwise specified.
Readers are encouraged to submit reasoned articles relating to the
Computer Underground. Articles are preferred to short responses.
Please avoid quoting previous posts unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
Date: Sun, 8 Dec 91 23:35:27 EST
From: Pat <[email protected]>
Subject: File 1--Jyrkis Posting
In Cud 3.43, Jyrki Kuoppala writes:
> Also, the description of the E911 system shows that 1984 is here. Very
> scary stuff. In Finland I heard that they use caller id at hospitals
> and the police uses it - someone said that all telephone exchanges
> have good hooks for telephone surveillance and detailed recording of
> all calls going thru the exchanges. It's easy to imagine what can be
> done with the information when combined with all the various of other
> source governments have. The Helsinki area has a high-tech radio cab
> system - and it keeps detailed logs of where cabs were called, at what
> time, where people travelled etc. and I hear they are checked by the
> police.
While it is true, new digital technology makes invasion of privacy
possible on new scales, one should remember that much of this was
available to government, merely without the finesse. THe First
wiretapping case in this country was argued in 1924. Police have
often used the written logs of taxi companies to track suspects. The
KGB and communist security maintained a massive police state using
simple informers.
One should not get upset, that the police have a new toy and method of
surveillance, one should be upset that it is being used in invasive
non-constitutional ways. We should work to have privacy statutes
enforced where in order to get data, the police must have a warrant,
and also statutes to destroy irrelevant data within short time
periods. I.E. Visa should not keep my charge records more then 18
months, libraries should not keep track of checkouts after the
return.
The police will always have their methods, we should as a society
determine what the limits are.
>My question/comment about this concerns the legality of confiscating
>the computer along with the software.
Why? If you commit a bank robbery, For instance, they confiscate your
getaway car....
>Namely, if the charge is distributing copyrighted materials, then why
>was the entire system taken? The computer itself, once unplugged, is
>not terribly capable of providing evidence.
But it was an object USED in a crime... Just like a car, gun, etc.
Take my previous example. You rob a bank. Drive away in the car.
(assume no one saw the car) - what evidence is that? But if the police
catch you (you were going 100 in a 20 mph zone, recognize you, and
arrest you, they can impound the car - even though it has no evidence
value.
What I'm not sure of the legality of (and the courts don't always stop
illegal stuff) - is the confiscatin of UNRELATED computer equipment.
This is, in large part, due to police ignorance of the subject.
If they come arrest me, confiscate my computer, likey they will
confiscate my sister's too (even though they are different types)
------------------------------
Date: 09 Dec 91 19:37:26 EST
From: Gordon Meyer <[email protected]>
Subject: File 3--FBI vs Kiddie Porn
"FBI Investigates Computerized Child Pornography"
The FBI is investigating a complaint by an America On-Line user who
says he was able to get several versions of child pornographic
pictures sent to his private electronic mailbox after he subscribed to
America On-Line computer service. Roger Dietz of Fremont, California,
claims he subscribed to the America On-Line computer service to
investigate a tip given him by a friend in Nevada that subscribers
could engage in sexual conversations with teenage users. He said he
received the computerized photographs after engaging in electronic
exchanges with other subscribers. According to a spokesperson,
America On-Line, which has 150,000 subscribers and is based in Vienna,
Virgina, is prevented by federal privacy laws from monitoring
communications on the system, so it was unaware of the illegal traffic
but is cooperating fully with the authorities. America On-Line's
spokesperson said, "Clearly, our policy is that E-mail is a private
area and we adhere to the privacy issues surrounding that. This child
porn stuff was taking place in the E-mail. So we were not aware of
it." The FBI said computer bulletin boards are often used by child
porno-graphers, but for communication purposes only, not for the
actual transmission of the illegal material. However, the FBI admitted
the same privacy laws that make it difficult for a company to monitor
the traffic on its bulletin board will also make the FBI investigation
very difficult.
======================================================== Reprinted
with permission from STReport 7.48 12/6/91
------------------------------
Date: Sat, 27 Nov 1991 12:54:32 -0600
From: [email protected]
Subject: File 4--"Getting what he Deserved?" (Reprint from Effector 2.02)
GETTING WHAT HE DESERVED?
An Open Letter to Information Week
by Mike Godwin
[email protected]
Information Week
600 Community Drive
Manhasset, N.Y. 11030
Dear editors:
Philip Dorn's Final Word column in the November 11 issue of Information
Week ("Morris Got What He Deserved") is, sadly, only the latest example
of the kind of irrational and uninformed discourse that too often colors
public-policy discussions about computer crime. It is a shame that Dorn
did not think it worthwhile to get his facts straight--if he had, he
might have written a very different column.
The following are only a few of Dorn's major factual errors: He
writes that "It is sophistry to claim [Internet Worm author Robert]
Morris did not know what he was doing--his mistake was being slovenly."
Yet even the most casual reading of the case, and of most of the news
coverage of the case, makes eminently clear that the sophists Dorn
decries don't exist--no one has argued that Morris didn't know what he
was doing. This was never even an issue in the Morris case. Dorn
also writes that "Any effort to break into a system by an unauthorized
person, or one authorized only to do certain things only to do certain
things, should per se be illegal." This is also the position of the
Electronic Frontier Foundation, which Dorn nevertheless criticizes for
being "out of step with the industry." Yet the issue of whether
unauthorized computer access should be illegal also was never an issue
in the Morris case.
Dorn writes that "Those defending Morris squirm when trying to explain
why his actions were harmless." No doubt such defenders would squirm, if
they existed. But none of the people or organizations Dorn quotes has
ever claimed that his actions were harmless. This too was never an issue
in the Morris case.
Dorn makes much of the fact that Morris received only "a trivial fine
and community service." But the focus both in the trial and in its appeal
was never on the severity of Morris's sentence, but on whether the law
distinguished between malicious computer vandalism and accidental
damaged caused by an intrusion. EFF's position has been that the law should be
construed to make such a distinction.
Dorn writes that "To say that those who intrude and do no lasting damage
are harmless is to pervert what Congress and those who drafted the
legislation sought to do: penalize hackers." Indeed, this would be a
perversion, if anyone were making that argument. Unfortunately, Dorn
seems unwilling to see the arguments that were made. "It is
sickening," writes Dorn, "to hear sobbing voices from the ACLU, the
gnashing of teeth from Mitch Kapor's Electronic Frontier Foundation
(EFF), and caterwauling from the Computer Professionals for Social
Responsibility--all out of step with the industry. They seem so
frightened that the law may reach them that they elected to defend
Morris's indefensible actions." Dorn's distortions here verge on libel,
since we neither defend Morris's actions nor are motivated out of fear
that the law will apply to us. Instead, we are concerned, as all
citizens should be, that the law make appropriate distinctions between
intentional and unintentional harms in the computer arena, just as it
does in all other realms of human endeavor.
A more glaring factual error occurs one paragraph later, when he writes
that "The Supreme Court says intruders can be convicted under the law
because by definition an intrusion shows an intent to do harm. That
takes care of Morris." The Supreme Court has never said any such thing--after
all, the Court declined to hear the case. Even the lower courts in the
Morris case made no such claim.
What is far more "sickening" than even Dorn's imaginary versions of our
concerns about the Morris case is his irresponsibility in making
unsubstantiated charges that even a cursory familiarity with the facts
could have prevented. In the course of his article, Dorn manages to get
one thing right--he writes that "The law is not perfect--it needs
clarification and reworking." This has been our position all along, and
it is the basis for our support of Morris's appeal. It is also public
knowledge--Dorn could have found out our position if he had bothered to
ask us.
As a keen follower of the CU saga from the other side of the pond, I
noted that this particular book had not been mentioned in your
booklist. So to whet your appetite I thought that some relevant parts
of the book might be of interest.
You may wonder at my enthusiasm for the book: it's simply that I was
one of the many people interviewed by Margaret for her study!
COMPUTER ADDICTION? A Study of Computer Dependency
by Margaret A Shotton
University of Nottingham
(Reviewed by Keith Lockstone)
UK: Taylor & Francis Ltd, 4 John St, London WC1N 2ET.
USA: Taylor & Francis Inc, 1900 Frost Road, Suite 101, Bristol, PA 19007.
ISBN 0-85066-795-X Hbk
ISBN 0-85066-796-8 Pbk
FOREWORD
Since 1979, a mere ten years ago when the microcomputer first started
coming to Britain in quantity, there has been very extensive growth in
two particular areas; in the growth of computers and, sadly, of drugs.
With the simultaneity of this growth and the intensity with which some
people became involved with computers, it is perhaps not surprising
that in the early 1980s we began to hear some suggestions of the
possibility of 'computer addiction'. The word addiction has been
applied to the compulsion of drug-taking since the early 1900s, and
indeed it could be argued since 1779 whence the example 'his addiction
to tobacco is mentioned by one of his biographers' (quotation from the
Oxford English Dictionary about Johnson).
In a nutshell one might say that the most interesting and important
outcome of Margaret Shotton's doctoral research is to show clearly
that the word addiction should not be used about the relatively small
proportion of computer users who become intensive computer devotees;
or if used, then the term should be interpreted not in the drug sense
but more precisely in another version of the definition in the OED as
'the state of being given to a habit or pursuit'.
The computer dependent person, to use Shotton's term, is clearly a
hobbyist, 'a person devoted to a hobby (sometimes used with a
connotation of crankiness)', where hobby denotes 'a favourite
occupation pursued merely for amusement or an individual pursuit to
which a person is devoted (in the speaker's opinion) out of proportion
to its real importance'. This excellent piece of research has shown
how the extensive use of a computer can be a most important hobby for
some people, not an addiction (in the usual sense of the word) but at
one extreme of the very wide range of intense concentration and
involvement covered by people's hobby interests.
If the computer, one of the most powerful tools which mankind has so
far invented, is never used to cause greater potential distress or
danger than as an extreme hobby, we shall have no reason to fear the
computer devotee or the computer expert. But that begs a whole
different range of research issues!
Professor Brian Shackel
Loughborough University of Technology
PREFACE
This research was initiated through my combined interests in new
technology and in people. As a lifelong observer of the human
condition I have always been fascinated in the activities of others,
and in trying to determine what makes them 'tick' and brings them
fulfillment in life. What is obvious to all is that what holds the
attention of one may provide boredom for another. Many in the
population feel that chasing a ball around a court of field is a
worthwhile and meaningful activity, while to others programming in
machine code is infinitely more exciting. Who is to say which is more
acceptable?
During a period of four years I was immersed in the lives of people
for whom interaction with computers was considered infinitely
preferable to the majority of their interactions with people. This is
not a belief I personally share, in spite of the fact that I spend
much of my life staring at a VDU screen, but one which I came to
understand and appreciate fully. People differ in their needs,
aptitudes and in their cognitive styles, and happy are they who are
able to find an activity which perfectly matches their personality.
The 'computer dependents', who shared their beliefs, their pains and
their happiness with me, have enriched my understanding of psychology
as not textbook ever could. Their honesty and their ability to lay
bare their weaknesses as well as their strengths have proven how
dangerous it is to nd or to show prejudice against those who differ
from ourselves.
Early readings about 'computer junkies' and 'hackers' suggested that
if I pursued this research I might spend my time with people who were
barely human and who were unable to converse with others on any
meaningful level. How untrue this proved to be. I met some of the
most fascinating people of my life. They were intelligent, lively,
amusing, original, inventive, and very hospitable. True, they rarely
spend much time communicating with people for reasons explained within
this book, but when interest was shown in them and their activities it
would be difficult to find more interesting conversationalists. True,
many of them were unconventional and unconstrained by society's
'mores', but who would not like the freedom and courage to act without
recourse to others? True, some of their relationships were
problematic and their activities bewildering and distressing to their
partners, but they were no more likely to have failed marriages than
the rest of the population.
They were pursuing an interest which not only provided intellectual
challenge, fun and excitement in infinite variety, but one which
enabled many of them to improve their career prospects considerably.
Many used computers not only at home but also at work, and true
fulfillment must come to those who are able to combine their hobby with
a means of earning a living.
will enable readers to re-evaluate their attitudes to those in
society who do ot share their own interests, to become more empathetic
with those who seem socially inhibited and shy, and to realize that
judgment based solely upon observation alone is inadequate when one
wishes to understand the machinations of the minds of others.
Margaret A. Shotton
Nottingham
July 1989
cover blurb:
COMPUTER ADDICTION?
A study of computer dependency
This research investigates the syndrome of computer dependency and the
l stories which suggest that 'obsessive' dependence of people upon
computers is detrimental to their social and psychological
development. Based upon her major psychological study of computer
'dependents' or 'junkies', brought forward by national publicity,
Margaret Shotton shows that extreme computer use does not turn
gregarious, extrovert people into recluses. Her personal and arguably
controversial thesis is rather that for people who prefer to interact
with the inanimate than with other people, the computer can offer a
source os inspiration, excitement and intellectual stimulation, and
can create an environment which is positively therapeutic.
Formally a teacher, Margaret Shotton studied ergonomics at the
University of Technology, Loughborough, where she subsequently
obtained her Ph.D. She is currently a lecturer in the Department of
Production Engineering & Production Management at the University of
Nottingham.
Of related interest:
Computers and the Psychosocial Work Environment
Gunilla Bradley
------------------------------
Date: Mon, 2 Dec 1991 16:52:49 GMT
From: [email protected])EDU)AU(Mark P. Neely, Northern Territory U)
Subject: File 6--E-mail privacy bibliography
I have been having an e-mail conversation with Stacy Veeder for several
days on the topic of e-mail privacy. She mailed me this bibliography
which she has compiled for two papers which she is currently writing.
I thought the readers of _CUD_ might find it of interest!
PS - She is interested in talking with anyone who has some views on the
topic/information to share.
Mark N.
+++++++++++++++++++++++++++++++++++++++++++++++++++
Bairstow, Jeffrey, "Who Reads Your Electronic Mail?" Electronic
Business (June 11, 1990), 16(11):92.
Barlow, John Perry [[email protected]], "Crime and Puzzlement:
Desperados of the Datasphere" (1990), Whole Earth Review (in
press as of 6/91), distributed through Usenet newsgroup sci.virtual-
worlds [[email protected]].
Brown, Bob, "EMA Urges Users To Adopt Policy on E-Mail Privacy,"
Network World (October 29, 1990), 7(44):2 (two pages).
Burke, Steven, "Electronic-Mail Privacy To Be Tested in Court in
Suit Against Epson," PC Week (August 20, 1990), 7(33):124.
Caldwell, Bruce, "Whose Mail Is It Anyway? Companies are Con-
fronting the E-Mail Privacy Issue Head-On," Information Week
(August 20, 1990), (283):53.
Computer Underground Digest (November 13, 1990), 2(2.11), avail-
able as sjg.warrant.CuD through anonymous ftp at eff.org and
distributed through Usenet newsgroup alt.society.cu-digest.
Conca, Mike [[email protected]], "E-Mail Privacy"
(May 23, 1991), distributed as Article 45 through Usenet news"
group comp.admin.policy [[email protected]]; also
distributed through Usenet newsgroup comp.unix.admin.
Davis, Fred, "Beware: 'Little Brother' May Be Reading Your Mail,"
PC Week (October 29, 1990), 7(43):198.
Denning, Peter J., "The Internet Worm," in Denning, Peter J.
(ed.), Computers Under Attack: Intruders, Worms, and Viruses
(New York: Addison-Wesley Publishing Company, 1990), pp. 193-
200.
Doty, Phil, Doctoral Student, Syracuse University School of In-
formation Studies, Presentation to IST 553, June"12, 1991.
%Eisenberg, Ted, et al., "The Cornell Commission: On Morris and
the Worm," Communications of the ACM (June 1989), 32(6):706-09
[reprinted in Denning (ed.)].
Electronic Privacy Act of 1986, P.L. 99-508 (100 Stat. 1848).
Eskow, Dennis, "Lawyers Warn: Don't Back Up Your E-Mail; Anything
Transmitted on E-Mail May Be Held Against You," PC Week
(September 11, 1989), 6:81 (two pages).
Freedom of Information Act of 1986, 5 USC 552.
Higgins, Steve, "E-Mail Experts On Guard Over Security Leaks," PC
Week (July 30, 1990), 7:43 (two pages).
Higgins, Steve, "Message Monitor Gives Users Eagle-Eye View of E-
Mail Flow," PC Week (March 25, 1991), 8:5.
Highland, Harold Joseph, "Security: If the Password's 'Anything
Goes,' It's Your Loss," Government Computer News (October 29,
1990), 9(23):61 (two pages).
Kadie, Carl [[email protected]], "Computers and Academic Freedom
Mailing List," available as caf through anonymous ftp at
eff.org.
LaPlante, Alice, "Epson E-Mail: Private or Company Information?"
Infoworld (October 22, 1990), 12(43):66.
"Managers 'Remain Dangerously Complacent About Computer Secu%
rity,'" Computergram International (October 29, 1990), (1542).
Markoff, John, "Furor Erupts From Computers in Politics," The New
York Times (May 4, 1990), 139:A8(N), A12(L).
Miscellaneous documents, available in a single file as ncsa.email
through anonymous ftp at eff.org.
Miscellaneous files available through ftp eff.org (/academic sub%
directory).
Miscellaneous postings distributed through Usenet newsgroup
comp.admin.policy.
Molloy, Maureen, "NW [Network] User Panel Takes Stand on E-Mail
Privacy," Network World (November 5, 1990), 7(45):2 (two
pages).
Montz, Lynn B., "The Worm Case: From Indictment to Verdict," in
Denning, Peter J. (ed.), Computers Under Attack: Intruders,
Worms, and Viruses (New York: Addison-Wesley Publishing Com-
pany, 1990), pp. 260-63.
Nash, Jim, "E-Mail Lawsuit Cranks Open Privacy Rights Can of
Worms," Computerworld (August 13, 1990), 24:7.
Nash, Jim and Harrington, Maura J., "Who Can Open E-Mail?" Com-
puterworld (January 14, 1991), 25:1 (two pages).
Reid, Brian, "Reflections on Some Recent Widespread Computer
Break-Ins," in Denning, Peter J. (ed.), Computers Under
Attack: Intruders, Worms, and Viruses (New York: Addison-
Wesley Publishing Company, 1990), pp. 145-49.
Rochlis, Jon A. and Eichin, Mark W., "With Microscope and Tweez-
ers: The Worm from MIT's Perspective," in Denning, Peter J.
(ed.), Computers Under Attack: Intruders, Worms, and Viruses
(New York: Addison-Wesley Publishing Company, 1990), pp. 201-22.
Spafford, Eugene H., "Crisis and Aftermath," in Denning, Peter J.
(ed.), Computers Under Attack: Intruders, Worms, and Viruses
(New York: Addison-Wesley Publishing Company, 1990), pp. 223-
43.
Stewart, John [[email protected]], Consultant, Syracuse
University Academic Computing Services, Presentation to IST
553, June 12, 1991.
Stoll, Clifford, The Cuckoo's Egg: Tracking a Spy Through the
Maze of Computer Espionage (New York: Doubleday, 1989).
Scott, Karyl, "IAB To Begin Trial of Proposed E-Mail Security
Standards," PC Week (March 27, 1989), 6:35 (two pages).
Turner, Judith Axler, "Messages in Questionable Taste on Computer
Networks Pose Thorny Problems for College Administrators,"
Chronicle of Higher Education (January 24, 1990), A13, A16.
Steven Jackson Games' subsequent complaint against the Secret
Service et al. is available as sjg.complaint through anonymous
ftp at eff.org.
THE SECOND CONFERENCE ON COMPUTERS, FREEDOM, AND PRIVACY
L'Enfant Plaza Hotel, Washington DC March 18-20, 1992
(A longer, complete, electronic version of this announcement is
available by sending a request with any title and any message to
[email protected].)
The rush of computers into our workplaces, homes, and
institutions is drastically altering how we work and live, how we buy
and sell, and with whom we communicate. Computers are obliterating
traditional political and organizational boundaries, making time zones
irrelevant, and bridging diverse cultures. They are fundamentally
changing our culture, values, laws, traditions, and identities.
The turmoil of the changes calls into question many old
assumptions about privacy, freedom of speech, search and seizure,
access to personal and governmental information, professional
responsibilities, ethics, criminality, law enforcement, and more. The
only way to sort out these issues and arrive at a consensus for action
is to acknowledge that we don't know the answers -- and then, with
reason and good will, to find the answers through discussion and
education. That's why the Conference on Computers, Freedom, and
Privacy was founded in 1991.
The Computers, Freedom, and Privacy Conference is unique. It has
no "agenda for change". It seeks only to bring together people from
all the major communities and interest groups that have a stake in
the new world being shaped by information technology, so that they
may share their ideas, ideals, concerns and experiences.
At the first conference, hundreds of people from the fields of
law, computer science, law enforcement, business, public policy,
government, education, research, marketing, information providing,
advocacy and a host of others met for several days. It was the first
time such a diverse group had ever assembled, and the exchange of
ideas and points of view was electric.
The conference is "single-track" -- all participants attend all
the sessions. A morning of tutorials at the beginning of the
conference will help participants get up to speed in specific "hot"
areas. The conference sessions themselves take up timely and, at
times, thorny issues. Each session aims for a balance of perspectives
in order to assist diverse groups appreciate the views of others. A
brief examination of the long list of sponsoring and supporting
organizations will reveal that this respect for diverse outlooks is
built into the conference from the ground up.
The question is no longer whether information technologies will
change our world. They are, now. The real question is how we, as
citizens and professionals, will respond to and manage that change.
Those at the Second Conference on Computers, Freedom, and Privacy
will lead the way.
------------------------------
End of Computer Underground Digest #3.25
************************************
