Editors: Jim Thomas and Gordon Meyer ([email protected])
Archivist: Brendan Kehoe
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Copy Ediort: Etaoin Shrdlu, III
CONTENTS, #5.82 (Oct 21 1993)
File 1--Fair Info Practices with Comp. Supported Coop Work
File 2--LA Times does cyphertech; odds & ends
File 3--IGC Wins Social Responsibility Award
File 4--Full Description of Proposed "Hacker" Documentary"
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically from [email protected]. The
editors may be contacted by voice (815-753-0303), fax (815-753-6302)
or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT
libraries and in the VIRUS/SECURITY library; from America Online in
the PC Telecom forum under "computing newsletters;"
On Delphi in the General Discussion database of the Internet SIG;
on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG
WHQ) (203) 832-8441 NUP:Conspiracy; RIPCO BBS (312) 528-5020
CuD is also available via Fidonet File Request from 1:11/70; unlisted
nodes and points welcome.
EUROPE: from the ComNet in LUXEMBOURG BBS (++352) 466893;
In ITALY: Bits against the Empire BBS: +39-461-980493
ANONYMOUS FTP SITES:
AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD.
EUROPE: nic.funet.fi in pub/doc/cud. (Finland)
UNITED STATES:
aql.gatech.edu (128.61.10.53) in /pub/eff/cud
etext.archive.umich.edu (141.211.164.18) in /pub/CuD/cud
ftp.eff.org (192.88.144.4) in /pub/cud
halcyon.com( 202.135.191.2) in /pub/mirror/cud
ftp.warwick.ac.uk in pub/cud (United Kingdom)
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
Subject: File 1--Fair Info Practices with Comp. Supported Coop Work
Date: Wed, 20 Oct 1993 09:54:21 -0700
From: Rob Kling <[email protected]>
Fair Information Practices with Computer Supported Cooperative Work
Rob Kling
Department of Information & Computer Science
and
Center for Research on Information Technology and Organizations
University of California at Irvine,
Irvine, CA 92717, USA
[email protected]
May 12, 1993 (v. 3.2)
Based on a paper which appears in SIGOIS Bulletin, July 1993
+++++++++++++
The term "CSCW" was publicly launched in the early 1980s. Like other
important computing terms, such as artificial intelligence, it was coined
as a galvanizing catch-phrase, and given substance through a lively stream
of research. Interest quickly formed around the research programs, and
conferences identified with the term advanced prototype systems, studies of
their use, key theories, and debates about them. CSCW offers special
excitement: new concepts and possibilities in computer support for work.
CSCW refers to both special products (groupware), and to a social movement
by computer scientists who want to provide better computer support for
people, primarily professionals, to enhance the ease of collaborating.
Researchers disagree about the definition of CSCW, but the current
definitions focus on technology. I see CSCW as a conjunction of certain
kinds of technologies, certain kinds of users (usually small self-directed
professional teams), and a worldview which emphasizes convivial work
relations. These three elements, taken together, differentiate CSCW from
other related forms of computerization, such as information systems and
office automation which differ as much in their typical users and the
worldview describing the role of technology in work, as on the technology
itself (Kling, 1991). CSCW is the product of a particular computer-based
social movement rather than simply a family of technologies (Kling and
Iacono, 1990).
The common technologies that are central to CSCW often record fine grained
aspects of people activities in workplaces, such as typed messages, notes,
personal calendar entries, and videotapes of personal activity. Electronic
mail is the most popular of the CSCW technologies (Bullen and Bennett,
1991) and is a useful vehicle for examining some of the privacy issues in
CSCW. Many electronic mail messages contain personal communications which
include opinions and information which many senders would prefer not to be
public information. However, most electronic mail system users I have
spoken to are ignorant of the conditions under which their transmissions
will be maintained as private communications by their own organizations.
(They often assume that their electronic communications will be treated as
private by their organizations. Others are extremely sensitive to the
possible lack of privacy/security of email transmissions.)
Discussions of computerization and privacy are highly developed with
respect to personal record systems which contain information about banking,
credit, health, police, schooling, employment, insurance, etc. (Kling and
Dunlop, 1991:Section V). Definitions of personal privacy have been examined
in extensive literature about personal privacy and record-keeping systems.
Analysts have been careful to distinguish security issues (e.g., lock and
keys for authorized access) from privacy issues -- those which involve
people's control over personal information. There has also been significant
discussion of the interplay between privacy and other competing social
values. The privacy issues in CSCW both have important similarities and
differences when compared with the issues of personal record systems. We
can gain helpful insights by building on this body of sustain thinking
about privacy and record systems to advance our understanding of privacy
issues in CSCW.
Another related and helpful set of inquiries examines the surveillance of
workers in measuring activities related to quality of service and
individual productivity (Attewell, 1991; Kling and Dunlop, 1993). Some of
the most intensive fine grained electronic monitoring involves listening to
the phone calls of service workers such as reservationists, and
fine-grained productivity counts, such as the number of transactions that a
worker completes in a small time period. While all managers have ways of
assessing their subordinates' performance, clerks are most subject to these
fine grained forms of electronic surveillance. The CSCW community has
focussed on professionals as the key groups to use groupware and meeting
support systems. Consequently, electronic monitoring has seemed to be
implausible.
The computing community is beginning to be collectively aware of the
possible privacy issues in CSCW applications. Professionals who use CSCW
can lose privacy under quite different conditions than clerks who have
little control over the use of electronic performance monitoring systems.
And personal communications, like electronic mail or systems like gIBIS
which supports debates, record personally sensitive information under very
different conditions than do information systems for regulatory control
such as systems of motor vehicle, health and tax records.
The use of email raises interesting privacy issues. In the case of email,
privacy issues arise when people lose control over the dissemination of
their mail messages. When should managers be allowed to read the email of
their subordinates? One can readily conjure instances where managers would
seek access to email files. These can range from curiosity (such as when a
manager wonders about subordinates' gossip, and requests messages which
include his name in the message body), through situations in which a legal
agency subpoenas mail files as part of a formal investigation. A
different, but related set of issues can occur when a manager seeks mail
profiles: lists of people who send more than N messages a day, lists of
people who read a specific bulletin board or the membership of a specific
mailing list.
CSCW systems differ in many ways that pertain to informational control. For
example, systems such as email and conferencing systems retain electronic
information which can be reused indefinitely with little control by the
people who were writing with the system. One can imagine cases in which
managers may wish to review transcripts of key meetings held by computer
conferencing to learn the bases of specific decisions, who took various
positions on controversial issues, or to gain insight into their
subordinate's interactional styles. Other systems, such as voice and video
links, are often designed not to store information. But they can raise
questions about who is tuning in, and the extent to which participants are
aware that their communication systems is "on." In the literature about
computerization and privacy, similar questions have been closely examined
-- regulating the duration of records storage, the conditions under which
people should be informed that a third party is seeking their records, and
conditions under which individuals may have administrative or legal
standing in blocking access to their records (See Dunlop and Kling, 1991,
Section V).
One of the peculiarities of CSCW in contrast with traditional record
keeping systems is the nature of the social settings in which systems are
being developed and explored. Most personal record systems are developed in
relatively traditional control-oriented organizations. In contrast, most
CSCW applications have been developed in academic and industrial research
labs. These settings are protective of freedom of speech and thought and
less authoritarian than many organizations which ultimately use CSCW
applications. In fact, relatively few CSCW applications, other than email
and Lotus Notes, are used by the thousands of people in traditional
organizations (Bullen and Bennett, 1991). Further, CSCW systems are
primarily designed to be used by professionals rather than technicians and
clerks. Professionals generally have more autonomy than clerks, who are
most subject to computerized monitoring (Attewell, 1991). As a consequence,
many CSCW developers don't face problems of personal privacy that may be
more commonplace when prototype systems are commercialized and widely used.
These contrasts between R&D with CSCW and the likely contexts of
application should not impede us from working hard to understand the
privacy issues of these new technologies. CSCW applications are able to
record more fine grained information about peoples' thoughts, feelings, and
social relationships than traditional record keeping systems. They can be
relatively unobtrusive. The subject may be unaware of any scrutiny. In R&D
labs, we often have norms of reciprocity in social behavior: monitoring can
be reciprocal. However, in certain organizations, monitoring may follow a
formal hierarchy of social relations. For example, supervisors can monitor
the phone conversations of travel reservationists and telephone operators,
but the operators cannot monitor their supervisors. The primary
(publicized) appropriations of "private email" have been in military
organizations, NASA, and commercial firms like Epson, rather than in
university and industrial laboratories.
CSCW creates a new electronic frontier in which people's rights and
obligations about access and control over personally sensitive information
have not been systematically articulated. I believe that we need to better
understand the nature of information practices with regard to different
CSCW applications that balance fairness to individuals and to their
organizations.
It is remarkable how vague the information practices regulating the use of
the few commonplace CSCW applications are. Yet we are designing and
building the information infrastructures for recording significant amounts
of information about people thoughts and feelings which are essentially
private and not for arbitrary circulation, without the guidelines to
safeguard them. People who use computer and telecommunications applications
need to have a basic understanding about which information is being
recorded, how long it is retained (even if they "delete" information from
their local files, who can access information about them, and when they can
have some control over restricting access to their information.
In the late 1970s the U.S. Privacy Protection Study Commission developed a
set of recommendations for Fair Information Practices pertinent to personal
record keeping systems (PPSC, 1977:17-19). A concern of Commission members
was to maximize the extent to which record systems would be managed so that
people would not be unfairly affected by decisions which relied upon
records which were inaccurate, incomplete, irrelevant or not timely.
Commission members believed that record keeping systems in different
institutional settings should be regulated by different laws. For example,
people should have more control over the disclosure of their current
financial records than over the disclosure of their current police records.
On the other hand, the Commission proposed that each institutional arena
should be governed with an explicit set of Fair Information Practices. In a
similar way, different families of CSCW applications or different
institutional settings may be most appropriately organized with different
Fair Information Practices. In the case of CSCW applications, fairness may
have different meanings than in the case of decisions based upon personal
records systems.
We need fearless and vigorous exploratory research to shed clear light on
these issues. This rather modest position contrasts strongly with that
taken by Andy Hopper of Olivetti, one of the panelists at this plenary
session on CSCW'92. He was enthusiastic about the use of "active badges"
(Want, Hopper, Falcao, and Gibbons, 1992) and insisted on discussing only
their virtues. He argued that one can imagine many scenarios in which
people are harmed by some uses of a particular technology, but that
discussing such scenarios is usually pointless. Hopper's 1992 co-authored
article about active badges examines some of the privacy threats their use
can foster. But on the plenary panel he was critical of people who asked
serious questions about the risks, as well as the benefits of new CSCW
technologies. In this way, he took a position similar to that taken by
spokespeople of many industries, including such as automobiles, who have
delayed serious inquiries and regulatory protections for environmental and
safety risks by insisting on unambiguous evidence of harm before
investigating plausible problems.
The active badge systems which Hopper described seem to be regulated by
Fair Information Practices in his own research laboratory (e.g., no long
term storage of data about people's locations, reciprocity of use,
discretion in use). These sorts of Fair Information Practices may be
required to help insure that active badges are a convenient technology
which do not degrade people's working lives. Other kinds of information
practices, such as those in which location monitoring is non-reciprocal,
and non-discretionary may help transform some workplaces into electronic
cages. Hopper and his colleagues briefly mention such possibilities in
their 1992 ACM TOIS article about active badges. And their article deserves
some applause for at least identifying some of the pertinent privacy
problems which active badges facilitate. However they are very careful to
characterize fine grained aspects of the technological architecture of
active badges, while they are far from being comparably careful in
identifying the workplace information practices which can make active
badges either primarily a convenience or primarily invasive. I believe that
CSCW researchers should be paying careful attention to social practices as
well as to technologies. Richard Harper's (1992) ethnographic study of the
use of active badges in two research labs illustrates the kind of nuanced
analyses which we need, although Harper also glosses the particular
information practices which accompanied the use of active badges in the two
labs.
Unfortunately, delays in understanding some risks of emerging technologies
have led the public to underestimate the initial magnitude of problems, and
to make collective choices which proved difficult alter. Our design of
metropolitan areas making individually operated cars a virtual necessity is
an example. In the early stages of use, the risks of a new family of
technologies are often hard to discern (See Dunlop and Kling, 1991, Part
VI). When major problems develop to the point that they are undeniable,
amelioration may also be difficult.
I characterized CSCW, in part, as a social movement (Kling and Iacono,
1990). Most of us who study, develop, or write about CSCW enthusiastically,
(and sometimes evangelistically) encourage the widespread use of these new
technologies. However, as responsible computer scientists, we should temper
our enthusiasms with appropriate professional responsibility. CSCW
applications open important organizational opportunities, but also opens
privacy issues which we don't understand very well.
The new ACM Ethical Code (ACM, 1993) also has several provisions which bear
on privacy issues in CSCW. These include provisions which require ACM
members to respect the privacy of others (Section 1.7), to improve public
understanding of computing and its consequences (Section 2.7), and to
design and build information systems which enhance the quality of working
life (Section 3.2). The ACM's code is rather general and does not give much
specific guidance to practitioners. The CSCW research community is well
positioned to conduct the kinds of research into the social practices for
using these technologies which could shape meaningful professional
guidelines for their use in diverse organizations. Will we take a
leadership role in helping to keep CSCW safe for users and their
organizations?
=================================
Note: I appreciate discussions with Jonathan Allen, Paul Forester, Beki
Grinter, and Jonathan Grudin which helped clarify some of my key points.
REFERENCES
1. Association of Computing Machinery. 1993. "ACM Code of Ethics and
Professional Conduct." Communications of the ACM. 36(2)(Feb.):99-103.
2. Attewell, Paul. "Big Brother and the Sweatshop: Computer
Surveillance in the Automated Office" in Dunlop and Kling 1991.
3. Bullen, Christine and John Bennett. 1991. Groupware in Practice: An
Interpretation of Work Experience" in Dunlop and Kling 1991.
4. Dunlop, Charles and Rob Kling (Ed). 1991. Computerization and
Controversy: Value Conflicts and Social Choices. Boston: Academic
Press.
5. Harper, Richard H.R. "Looking at Ourselves: An Examination of the
Social Organization of Two Research Laboratories" Proc. CSCW '92:
330-337.
6. Kling, Rob. 1991. "Cooperation, Coordination and Control in
Computer-Supported Work." Communications of the ACM
34(12)(December):83-88.
7. Kling, Rob and Charles Dunlop. 1993. "Controversies About
Computerization and the Character of White Collar Worklife." The
Information Society. 9(1) (Jan-Feb:1-29.
8. Kling, Rob and Suzanne Iacono. 1990. "Computerization Movements"
Chapter 19, pp 213-236 Computers, Ethics and Society, David Ermann,
Mary Williams & Claudio Guitierrez (ed.) New York, Oxford University
Press.
9. Privacy Protection Study Commission. 1977. Personal Privacy in an
Information Society, U.S. Government Printing Office, Washington D.C.
(briefly excerpted in Dunlop and Kling, 1991.)
10.Want, Roy, Andy Hopper, Veronica Falcao and Jonathan Gibbons. 1992.
"The Active Badge Location System" ACM Transactions on Information
Systems. 10(1)(January): 91-102.
------------------------------
Date: 05 Oct 93 03:09:50 EDT
From: Urnst Kouch <[email protected]>
Subject: File 2--LA Times does Cyphertech; odds & ends
(MODERATORS' NOTE: Urnst Kouch is editor of Cyrpt Newsletter, a 'Zine
specializing in techno-political commentary, satire, and virus
information)).
CuD readers might want to look for the October 3 and 4 issues of The
L.A. Times. In a two-part series, the paper's "Column One" was devoted
to privacy/cryptography issues.
"Demanding the Ability to Snoop: Afraid new technology may foil
eavesdropping efforts, U.S. officials want phone and computer users to
adopt the same privacy code. The government would hold the only key"
was the title and subhead of Robert Lee Hotz's 60+ inch piece.
Hotz focused on the Clipper/Skipjack end of the story, in part,
because Mykotronx, Inc., the manufacturer of the chip for the National
Security Agency, is based in Torrance, Los Angeles County. The
newspiece did not delve into any of the recent events surrounding
Pretty Good Privacy and Phil Zimmerman. Pretty Good Privacy was
referred to as "one of the best codes . . . free and [it] can be
downloaded from computer network libraries around the world"; the
people who make up the citizen-supported cryptography movement as
"ragtag computerzoids."
The L.A. Times series also included statistics documenting the steady
rise in court-ordered wiretapping from 1985 to 1992 and the almost
100% increase in phones monitored by pen registers - which record
outgoing numbers - from 1,682 (1987) to 3,145 in 1992. These numbers
do not include monitoring by such as the NSA and said so.
Whitford Diffie earned a boxed-out quote, too. "Recent years have seen
technological developments that diminish the privacy available to the
individual. Cameras watch us in the stores, X-ray machines search us
at the airport, magnetometers look to see that we are not stealing
from the merchants, and databases record our actions and
transactions."
The October 3 installment wrapped up with this succint bit from
Diffie: "Cryptography is perhaps alone in its promise to give us more
privacy rather than less."
Moving on from The L.A. Times, readers could find interesting the
following hodgepodge of facts, which taken together, lend some
historical perspective to the continuing conflict between privately
developed cryptography and the government.
For example, in reference to the Clipper chip, take the old story of
Carl Nicolai and the Phasorphone.
In 1977 Nicolai had applied for a patent for the Phasorphone telephone
scrambler, which he figured he could sell for $100 - easily within the
reach of John Q. Public. For that, the NSA slapped a secrecy order on
him in 1978. Nicolai subsequently popped a nut, took his plight to
the media, and charged in Science magazine that "it appears part of a
general plan by the NSA to limit the freedom of the American people .
. They've been bugging people's telephones for years and now
someone comes along with a device that makes this a little harder to
do and they oppose this under the guise of national security."
The media went berserk on the issue and the NSA's Bobby Ray Inman
revoked the Phasorphone secrecy order. If the cypherpunks have a
spiritual Godfather, or need a likeness to put on a T-shirt, Carl
Nicolai and his Phasorphone could certainly be candidates.
About the same time, Dr. George Davida of the University of Wisconsin
was also served with a NSA secrecy order, in response to a patent
application on a ciphering device which incorporated some advanced
mathematical techniques.
Werner Raum, chancellor of the University of Wisconsin's Milwaukee
campus, promptly denounced the NSA for messing with faculty academic
freedom. The Agency backed off.
Both setbacks only made the NSA more determined to exert ultimate
control over cryptography. In an interview in Science magazine the
same year, Bobby Inman stated that he would like to see the NSA
receive the same authority over cryptology that the Department of
Energy reserved for research which could be applied to atomic weapons,
according to James Bamford's "The Puzzle Palace." "Such authority
would grant to NSA absolute 'born classified' control over all
research in any way related to cryptology," reads his book.
Readers have also seen the acronym ITAR - for International Traffic in
Arms Regulation - used a lot in reference to the government's interest
in controlling private cryptography. ITAR springs from the Arms
Export Control Act of 1976, in which "The President is authorized to
designate those items which shall be considered as defense articles
and defense services." ITAR contains the U.S. Munitions List, the
Commodity Control List and the Nuclear Referral List which cover,
respectively, munitions, industrial and nuclear-related items.
Cryptographic technology falls into the Munitions List which is
administered by the Department of State, in consultation with the
Department of Defense. In this case, the NSA controls most of the
decision making.
The Arms Export Control Act (AECA) exists _primarily_ to restrict the
acquisition of biological organisms, missile technology, chemical
weapons and any items of use in production of nuclear bombs to
embargoed nations or countries thought inimical to the interests of
the United States. (Examples: South Africa, North Korea, Libya, Iran,
Iraq, etc.)
That the AECA is used as a tool to control the development of private
cryptography in the US is secondary to its original aim, but is a
logical consequence of four considerations which the ITAR lists as
determinators of whether a technological development is a defense
item. These are:
1. Whether the item is "inherently military in nature."
2. Whether the item "has a predominantly military application."
3. Whether an item has military and civil uses "does not in and of
itself determine" whether it is a defense item.
4. "Intended use . . . is also not relevant," for the item's
classification.
If you're brain hasn't seized yet - often, this is what the government
counts on - you may have the gut feeling that the determinators are
sufficiently strong and vague to allow for the inclusion of just about
anything in the U.S. Munitions List or related lists of lists. That
would be about right.
Which is basically what Grady Ward has been yelling about, only he
doesn't kill you with jargon, bureaucrat-ese or Orwell-speak, God
bless him.
[Yes, you too can be an armchair expert on the topic using acronyms,
insider terms, secret handshakes and obscure facts and references to
go toe-to-toe with the best in this controversy. Just take advantage
of this little reading list:
1. Bamford, James. 1982. "The Puzzle Palace: Inside The National
Security Agency, America's Most Secret Intelligence Organization"
Penguin Books.
Nota Bene: The NSA really hated James Bamford, so much so that it
attempted to classify _him_, all 150,000 published copies of "The
Puzzle Palace," his notes and all materials he had gained under the
Freedom of Information Act. Of this, NSA director Lincoln D. Faurer
said, "Just because information has been published doesn't mean it
shouldn't be classified."
2. Foerstal, Herbert N. 1993. "Secret Science: Federal Control of
American Science and Technology" Praeger Publishers.
3. "Encyclopedia of the US Military", edited by William M. Arkin,
Joshua M. Handler, Julia A. Morrissey and Jacquelyn M. Walsh. 1990.
Harper & Row/Ballinger.
4. "The US and Multilateral Export Control Regimes," in "Finding
Common Ground" 1991. National Academy of Sciences, National Academy
Press.
------------------------------
Date: Tue, 5 Oct 1993 21:02:30 EDT
From: Nikki Draper <[email protected]>
Subject: File 3--IGC Wins Social Responsibility Award
BAY AREA COMPUTER NETWORK ORGANIZATION
WINS PRIZE FOR SOCIAL RESPONSIBILITY
Palo Alto, Calif., September 15, 1993 - Computer Professionals for
Social Responsibility (CPSR), the national public interest
organization based in Palo Alto, announced today that the Institute
for Global Communications (IGC) has been named the winner of the 1993
Norbert Wiener Award for Social and Professional Responsibility.
Beginning in 1986, CPSR has presented this award each year to a
distinguished individual who, through personal example, demonstrated a
deep commitment to the socially responsible use of computing
technology. In 1992, the CPSR Board expanded the nominations to
include organizations. IGC is the first organizational recipient of
this prestigious award.
"The award is particularly appropriate this year because of the
enormous interest in computer networks generated by the debate over
the proposed National Information Infrastructure (NII)," said Stanford
professor and CPSR Board president Eric Roberts. "IGC has worked
diligently to use network technology to empower previously
disenfranchised individuals and groups working for progressive change.
CPSR has a strong commitment to making sure that everyone has access
to the resources and empowerment that networks provide. IGC has been
providing such access ever since it was founded in 1986."
"We're honored to be recognized by CPSR and to be the Norbert Wiener
Award recipient," says Geoff Sears, IGC's Executive Director. "Of
course, this award honors not just IGC, but the efforts and
accomplishments of all our network members, our entire network
community."
Sears will accept the Wiener award at CPSR's annual meeting banquet in
Seattle, Washington, on Saturday, October 16th.
This year's annual meeting is a two-day conference entitled
"Envisioning the Future: A National Forum on the National Information
Infrastructure (NII)" that will bring together local, regional, and
national decision makers to take a critical look at the social
implications of the NII. The keynote speaker will be Bruce McConnell,
Chief of Information Policy at the Office of Information and
Regulatory Affairs in the Office of Management and Budget (OMB), who
will present his views on the major NII issues now facing the
administration. Other highlights of the meeting include Kit Galloway
of Electronic Cafe International in Santa Monica, California, as the
featured speaker at the banquet. Using videotapes and a live
demonstration with CPSR chapters, Kit will present an innovative
approach to electronic communication and discuss how the Electronic
Cafe concept has been used.
The Institute for Global Communications is a nonprofit computer
networking organization dedicated to providing low-cost worldwide
communication and information exchange pertaining to environmental
preservation, human rights, sustainable development, peace, and social
justice issues. IGC operates the PeaceNet, EcoNet, ConflictNet, and
LaborNet computer networks. With a combined membership of 10,000
individuals and organizations ranging in size and scope from United
Nations Commissions to local elementary schools, IGC members
contribute to more than 1200 conferences covering virtually every
environmental and human rights topic.
The Wiener Award was established in 1987 in memory of Norbert Wiener,
the originator of the field of cybernetics and a pioneer in looking at
the social and political consequences of computing. Author of the
book, The Human Use of Human Beings, Wiener began pointing out the
dangers of nuclear war and the role of scientists in developing more
powerful weapons shortly after Hiroshima.
Past recipients of the Wiener Award have been: Dave Parnas, 1987, in
recognition of his courageous actions opposing the Strategic Defense
Initiative; Joe Weizenbaum, 1988, for his pioneering work emphasizing
the social context of computer science; Daniel McCracken, 1989, for
his work organizing computer scientists against the Anti Ballistic
Missiles deployment during the 1960s; Kristen Nygaard of Norway, 1990,
for his work in participatory design; Severo Ornstein and Laura Gould,
1991, in recognition of their tireless energy guiding CPSR through
its early years; and Barbara Simons, 1992, for her work on human
rights, military funding, and the U.C. Berkeley reentry program for
women and minorities.
Founded in 1981, CPSR is a national, nonprofit, public-interest
organization of computer scientists and other professionals concerned
with the impact of computer technology on society. With offices in
Palo Alto, California, and Washington, D.C., CPSR challenges the
assumption that technology alone can solve political and social
problems.
For more information about CPSR, the annual meeting, or the awards
banquet, call 415-322-3778 or send email to <[email protected]>.
For more information about IGC, contact Sarah Hutchison, 415-442-0220
x117, or send email to <[email protected]>.
------------------------------
Date: Sat, 16 Oct 93 17:44:16 PDT
From: [email protected](Annaliza T. Orquamada)
Subject: File 4--Full Description of Proposed "Hacker" Documentary"
((MODERATORS' NOTE: In CuD 5.82, we ran a short description of a
proposed documentary film on "Hackers," which intends to be an
antidote to conventional media depictions of the topic. We asked for
a more lengthy description of the project and received the following
summary. We combined two files after a long day of teaching, and hope
we have not omitted or re-edited inappropriately. Any errors or
omissions are the result of our editing, and not necessarily gaps in
the original posts.
We have long-argued that conventional media depictions of "hacking"
are flawed. The more we learn about the proposed documentary, the more
encouraged we are that there exist film makers with both the talent
and the knowledge to produce antidotes to Forbes Magazines "Hackers in
the Hood," Geraldo's "Mad Hacker's Tea-party," and Datelines' modem
hysteria, to name just a few of the more egregious examples of media
madness. Annaliza's group may or may not tell the "hacker story" in a
way that will please everybody, but we remain impressed with her
meticulous research and her open-mindedness. She is about to begin a
cross-country jaunt to interview/film those willing to talk with her,
so if you have a story to tell, think about letting her know)).
=====================================
TREATMENT FOR DOCUMENTARY: UNAUTHORIZED ACCESS ONLY
16, October, 1993
[email protected]
Lately the media have widely publicized the on-going dilemmas of
computer security experts whose job it is to stop systems crackers
(what the media have labelled as hackers) from breaking into secure
systems. There have been accounts of teenagers being sentenced for
stealing information, running up phone bills of thousands of dollars
and even espionage.
What is the real threat? Who are these people who break into computer
systems? Why do they do it?
Since the computer was first put on line and hooked up to a phone,
there has always been a risk to security. Breaking into computers is
viewed by many hackers as a mental game of chess. Often computer
professionals tolerate such break-ins as nothing more than inquisitive
minds trying to see if they can outwit the security experts. Most
hackers, when caught show no remorse. In fact, they rarely view
themselves as criminals. They even hold conventions in various global
locations, often inviting their prosecutors to join them. so why is
hacking such a threat? How does it affect the computer community?
Who are these hackers and what are their objectives? Is there any
positive side to hacking?
The focus of this documentary will be to follow the hackers and see
what motivates them. It will be to show how they feel about the
underground computer community, and their own place within it. What
are their stories and their explanations? Do they have a political
agenda, or are they just joyriding through computer systems? How do
they feel about the media and its sensationalized attitude towards
computer cracking and the "outlaw cyberpunk"? What do they think is
the future of the computer underground?
The hacker scene is fractionalized. There are many types of hackers.
Some work in solitude, others in groups. Some use cellular, others
are interested in programming. Some hackers obtain passwords and
codes through the underground or by "social engineering" company
employees or by using electronic scanners to listen in on phone
conversations. Some hackers know computer systems so well that they
don't need passwords but can log on to the computer directly by using
various security holes.
In most countries hacking is now illegal, so everyone who does hack
risks major penalties, even prison. Some groups have a political
agenda, or at least some unwritten moral code concerning the right to
information. There are various interests in the hacker scene
depending on the individual.
Some use hacking for personal gain. Kevin Poulsen, a hacker from Los
Angeles, used his knowledge of the phone system to block phone lines
to a radio station to win a new porsche (Littman, 1993).
Some hackers are into military systems. One case in particular was
comprised of a group of hackers in Germany who sold computer software
programs to the KGB. Though the software given to the Russians was
freely available in the West, the group faced espionage charges. The
hackers who sold the software displeased many in the W. German Hacker
Underground who believed it to be morally wrong to hack for monetary
gain. The project itself was allegedly started to bring the Soviet's
military computer software standard to a grade matching the Americans.
It was called "Project Equalizer" (Hafner and Markoff, 1991; Stoll,
1989).
The documentary will aim to find out more about what the political
premise of the hackers is presently and what its role will be in the
future. Are hackers using their skills for political reasons? Will
individual hackers play a major role in influencing the radical left
or the radical right in the future? Are hackers being used as
government or corporate spies? How do the hackers feel about computer
politics? How do hacker politics vary according to the nationalities
of the hackers themselves?
To date, the media have concentrated on systems crackers as the
entirety of the hacker community. Even though the community is
fractionalized, each sections interacts with the other. The
documentary will explore other parts of the underground.
Mark Ludwig, author of "The Little Black Book of Computer Viruses",
recently unleashed one of his latest virus programs at Def Con 1, a
hacker convention that was held in Las Vegas in July of 1993. The
virus infects the computer hard drive encrypting everything
automatically. The only way to recover the data is to know the secret
password. This sent a buzz through the conference. The ramifications
being that any information stored on the hackers hard drive would be
impossible to retrieve should the Secret Service come bursting through
the door simply by rebooting the computer.
Some hackers see themselves as artists. These hackers are always
offended when one confuses them with systems crackers. They see
themselves as more of an intellectual elite and are very condescending
towards systems crackers. One such hacker was able to penetrate a
NASA satellite probe. When the satellite was launched into space a
peace sign appeared on it's monitor.
The hacking community is growing. Every year conventions are held in
the United States, Germany, France and Holland, as well as through out
the world. SummerCon, HoHoCon, Def Con, and The Hacking at the End of
the Universe Conference are some of the best known. In August of
1993, The Hacking at the End of the Universe Conference was reported
as having over 600 attendees. This particular global conference, put
on by Hactic, was held outside of Amerstam in Holland. The speakers
ranged from hackers to security experts to Police Agents. The press
was everywhere. A spread even appeared in Newsweek Magazine (July 26,
1993: 58). Though most Cons are places for exchanging information,
meeting electronic friends, and generally having a good time,
sometimes there are problems. Last year at PumpCon arrests were made.
At Def Con, Gail Thackeray, a woman who spends much of her time
prosecuting hackers, started her speech by saying she wasn't there to
bust anyone. Another speaker, Dark Druid, was unable to talk about
his planned topic because his persecutor happened to be sitting in the
audience.
More and more hackers are breaking headlines in the news. The AT&T
crash of 1990, (though caused by a wrongly written line of code in a
the switching software program), led to speculation among some media
stories and law enforcement officials that hackers might have been
responsible.
So why are hackers such a threat??? What does a hacker do that could
affect the average person?? One of the objectives of the documentary
will be to explore the technology available to the hacker.
Hackers are experts on the phone systems, they have to be in order to
hack systems without being traced. The really good hackers are able
to dial into the phone systems and trick the phone computers into
believing that they are part of the system, or even that they are the
controller of the system. So how do the hackers do it? Where do they
obtain their information? How do they get onto systems? How do they
get out without being traced? What can they do with their hacking
abilities?
Kevin Poulsen, in the instance of the KIIS FM radio contest was able
to use his knowledge of the phone system to take control of the phone
lines and wait until 119 calls had been placed. On the 120st he
simply blocked all of the incoming lines to make sure that only his
call got through.
A prank by another hacker involved taking control of the phone system
and then using it to reroute the calls of a certain probation officer.
When someone called up the probation officers's office, the caller
would be connected to a phone sex service (Sterling, 1992: 98-99).
Some European hackers broke into South African computer systems during
the boycott against the Apartheid system. The hackers deleted files
in South Africa to disrupt the political system and also were able to
monitor which companies were breaking the boycott by monitoring
computer systems.
A serious case that was to initiate Operation Sundevil and lead to
many arrests was to involve a document called E-911. This document
(though later found to be obtainable through legal channels for about
$13.95) was obtained by a hacker on one of his jaunts through the
phone system computers. The document was kept by the hacker as a
souvenir. He sent the document to a friend who published it in an
electronic magazine called Phrack (an electronic hacker magazine
available on the internet). The phone company was furious that their
supposedly secure system had been breached and that proprietary
information was being spread throughout the hacker community. Not
only was this stolen/private property, the document contained
information pertaining to the 911 emergency services. Although the
document had been edited so that no harmful information was published,
the phone company was furious. Once a hacker has gained root or
super-user privileges at a phone company switching station there is
always the potential threat that they could do some very real damage
(intentionally or unintentionally). If a hacker could re-route a
judge's phone calls or have an enemies phone disconnected or make free
calls globally, what is to stop them from cutting off the 911
emergency systems??? This is why the U.S. Secret U.S. Service (the
branch of the government that is responsible for the prosecution of
most electronic crime) went so far as to break down doors of 15 year
olds with guns and haul them and all of their equipment away. One
hacker was reportedly banned from even going within 100 yards of a
computer terminal.
Our documentary will also explore the ramifications of the hacker's
actions. Many hackers have been arrested, imprisoned, had their
computers as well as their software confiscated. Are these arrests
always justified? Many innocent people have been questioned by the
Secret Service and FBI purely through suspicion in connection with
computer related crime. In fact, is was because of the FBI's
investigation of the alleged "theft" of Apple proprietary source code
and it's curious questioning of Mitch Kapor, founder of Lotus 1-2-3,
and John Perry Barlow, former Grateful Dead lyricist, that led to the
forming of the Electronic Frontier Foundation (EFF) (Sterling, 1992:
232-238). Phil Zimmerman, the creator of an electronic privacy
encryption program called PGP has been subpoenaed by the U.S.
government for creating a program that ensured legitimate privacy.
Many people have had their equipment confiscated without ever being
charged of a crime. Are fundamental human rights being broken because
of the fear of the unknown?
Is this fear really justified? If hackers can take control of local
switching stations (and they can) why don't they wreak havoc. If
there is such a threat to the general public then why don't hackers
cause more serious damage?
"Bellcore clearly believes that hackers are nothing short of
terrorists. A security alert from November 1990 warns that "the
potential for security incidents this holiday weekend is significantly
higher than normal because of the recent sentencing of the three
former Legion of Doom members. These incidents may include Social
Engineering (gaining information by posing as a bellcore employee over
the telephone), computer intrusion, as well as possible physical
intrusion."'*
But how do the hackers see themselves?? How do they justify breaking
into Bellcore electronically or physically. If hackers are such a
major threat then why do so many corporations using computers hooked
up to outside connections leave their electronic doors wide open?
As computers become more available and widespread throughout the
community, so does hacking. This documentary hopes to address the real
threats, as well as the hype. Is hacking "intellectual joyriding"?
Or serious criminal behavior.
By humanizing the hacker scene this documentary hopes to demystify the
sinister mythos surrounding what has been deemed by the media as 'the
outlaw hacker'. It is not the documentar's objective to make
judgements, only to try to understand.
The documentary will run approximately 30 minutes. Our objective will
be to film at various hacker conventions and meeting places in the
United States and Europe. We will be shooting on broadcast quality
video. The documentary crew will be leaving Los Angeles at the
beginning of December and going to wherever there are people who want
to get involved in the project. Ultimately, we hope to show the film
at conferences, festivals and perhaps on high quality t.v. (such as
Channel 4 in England or PBS in the U.S.). It will also be suitable for
classroom viewing and related educational purposes.
This documentary is about the hacker community itself. We are looking
for monetary donations from the underground or from people sympathetic
to the underground. In this way, we will be able to make the
documentary without corporate or film company control. Our group is
comprised of film makers who are involved in the scene itself. We are
looking also for any donation of services, i.e. Beta transfer time, an
off-on line editing suite, sound equipment, videotape, etc...
If anyone would like to get involved in the project in any capacity,
whether it be to go in front of the camera, or relate a story or a
hack anonymously to my e-mail address, or donate funds, or equipment
or editing time, please get in touch.
This documentary hopes to be an open forum for hackers to relate their
stories and ideas about the past/present/future. We hope to be able
to disseminate the hype from other sensationalized media who are only
looking for a good story and don't really care about the ramifications
of their actions.
Anyone who is interested in any aspect of this project, please contact
me Annaliza at [email protected]
* Taken from 2600 Magazine - The Hacker Quarterly - Volume Nine,
Number Four - Winter 1992-93.
BIBLIOGRAPHY
Hafner, Katie, and John Markoff. 1991. _Cyberpunk: Outlaws and
Hackers on the Computer Frontier._ New York: Simon and Schuster.
Littman, Jonathan. 1993. "The Last Hacker." _The Los Angeles Times
Sunday Magazine_. September 12: 18 ff.
Sterling, Bruce. 1992. _The Hacker Crackdown_. New York: Bantam.
Stoll, Cliff. 1989. _The Cuckoo's Egg. New York: Doubleday.
------------------------------
End of Computer Underground Digest #5.82
************************************
