From: Moderators, J&B McMullen, and H. Silverglate and S. Beckman

------------------------------

From: Moderators, J&B McMullen, and H. Silverglate and S. Beckman
Subject: Business Week Article on The Dread Hacker Menace
Date: April 15, 1991

********************************************************************
*** CuD #3.12: File 3 of 4: Responses to Business Week Article ***
********************************************************************

In the April 15, 1991, issue of BUSINESS WEEK (p. 31), Mark Lewyn and
Evan I. Schwartz combined to write "Why 'the Legion of Doom' has
Little Fear of the Feds." The article has been criticized by
attorneys, journalists, and computer professionals for its flagrant
inaccuracies, potentially libelous commentary, and distortion of facts
and issues. A superficial reading of the article might lead others to
agree with the criticisms we print below. We, however, rather like
the article and find it a refreshing narrative. Clearly, as we read
Lewyn and Schwartz, they were writing satire. The article is obviously
an attempt at postmodernist fiction in which truth is inverted and
juxtaposed in playful irony in an attempt to illustrate the failure of
Operation Sun Devil. The clever use of fiction underscores the abuses
of federal and other agents in pursuing DHs ("Dreaded Hackers") by
reproducing the symbols of bad acts (as found in government press
releases, indictments and search affidavits) *as if* they were real in
a deconstructionist style in which the simulacra--the non-real--become
the substance.

Let's take a few examples:

In a table listing the suspect, the alleged crime, and the outcome
of five hackers to show the "latest in a a series of setbacks
for the government's highly publicized drive against computer
crime (table)," the table lists Robert Morris, Steve Jackson,
Craig Neidorf, the Atlanta Three, and Len Rose. Steve Jackson
was not charged with a crime, even though the table tells us the
case was dismissed for lack of evidence. The article calls Craig
Neidorf a hacker (he was never charged with, nor is there any
indication whatsoever, that he ever engaged in hacking activity), and
fails to mention that the case was dropped because there was, in fact,
no case to prosecute. We interpret this as a subtle way of saying
that all innocent computerists could be accused of a crime, even if
there were no evidence to do so, and then be considered a computer
criminal. This, and other factual errors of readily accessable and
common public knowledge suggests to us that the table is a rhetorical
ploy to show the dangerous procedures used by the Secret Service. Why
else would the authors risk a libel suit?

In another clever bit of satirical prose, the authors write:

Jerome R. Dalton, American Telephone & Telegraph Co.'s corporate
security manager, is convinced that the feds simply can't
convict. He points to Leonard Rose Jr., a computer consultant
who pleaded guilty on Mar. 22 to wire-fraud charges in Chicago and
Baltimore. Prosecutors said he sent illegal copies of a $77,000
AT&T computer-operating system known as Unix to hackers around
the country after modifying it so it could be used to invade
corporate and government systems.

The article adds that Dalton

contends that without AT&T's help, the government wouldn't have had a
case. It was AT&T--not the feds--that verified that Rose wasn't a
licensed Unix user and that the program had been modified to make
breaking into computer systems easier."

Now, this could be considered an innocuous statement, but the
subtleness is obvious. To us, the authors are obviously saying that
AT&T helped the feds by inflating the value of material available for
about $13.95 to an astronomical value of $78,000 (later lowered to
$23,000). And, why should the feds know who Unix is licensed to? Last
we checked, AT&T, not the government, was responsible for keeping
track of its business records, and AT&T was responsible for pursuing
the charges. The Len Rose case was not a hacker case, the program was
not sent to other "hackers," there was no evidence (or charges) that
anybody had even tried to use the login.c program that allegedly was
modified, and the case was not a hacker case at all, but rather a case
about unlicensed software. So, it seems to us that the authors are
trying to illustrate the arrogance of AT&T and the evidentiary
aerobics used to try to secure indictments or convictions in cases
that are more appropriately civil, rather than criminal matters.

So, we say congrats to the authors for taking the risk to write news
as fiction, and suggest that perhaps they should consider changing
their career line.

But, we recognize that others might interpret article as
irresponsible, ignorant, and journalistically bankrupt. We reprint
(with permission) two letters sent to Business Week in response to the
article.

Others wishing either to complain to BW or to commend their
reporters on their fiction writing can fax letters to Business
Week at (212) 512-4464.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

MCMULLEN & MCMULLEN, INC

April 9, 1991

Readers Report
Business Week
1221 Avenue of the Americas
New York, NY 10020

Dear Madam or Sir,

As a long time admirer of your coverage of technological issues, I was
dismayed to find an appalling number of inaccuracies in "Why 'The
Legion OF Doom' Has Little Fear Of The Feds" (BW, 04/15/91). The
article, unfortunately, shows little attention to detail in its
presentation of "facts" and winds up being unfair to those "accused"
and law enforcement officials alike.

The article states that Steve Jackson, "President of computer-game
maker accused of publishing a 'handbook of computer crime' had his
"case dismissed because of lack of evidence." In fact, Steve Jackson
was never accused of anything (there was a remark made by a Secret
Service Agent that the game about to be published read like a
"handbook of computer crime" -- the game is a role playing game set in
a future totalitarian society). Steve Jackson's computers, diskettes
and printed records were seized pursuant to an investigation of one of
his employees who was thought to be a recipient of information related
to the investigation of Craig Neidorf's electronic publishing
activities. Jackson's equipment has since been returned and law
enforcement officials attending the recent "Computers, Freedom &
Privacy" conference in San Francisco referred to the Jackson case as
one that should not have happened (One of the authors of your piece,
Evan Schwartz, was listed as an attendee at the conference. Copies of
the search warrant used in obtaining Jackson's equipment were
available to all attendees at the conference. The warrants clearly
indicate that Jackson was not a subject of the investigation. It is my
information that Jackson will shortly file suit against the government
as a result of the damage that the "search and seizure" did to his
business.

I suggest that you, by your description, have made Jackson fit the
public image of John Gotti -- a person "everyone knows is guilty" but
for whom insufficient evidence exists to make him pay his just
deserts. In Jackson's case, nothing could be further from the truth.

The article states that Franklin Darden, Jr, Adam Grant and Robert
Riggs were "each sentenced to one year split between a half-way house
and probation." In fact, Riggs received 21 months in prison while
Grant and Darden received 14 months with the stipulation that 7 may be
served in a half-way house. Additionally, the three were ordered to
jointly and/or separately make restitution to BellSouth for $233,000.
After reading the article, I spoke to Kent Alexander, US Attorney
responsible for the prosecution of Riggs, Darden and Grant to confirm
the sentences. Alexander not only confirmed the sentences; he objected
to the calling of the cases as other than a victory for the government
(There are many in the computer community who feel that the sentence
was, in fact, too harsh. None would consider it other than a
government "victory".). Alexander also affirmed that each of the
defendants is actually doing prison time, rather than the type of
split sentence mentioned in the article. Alexander also told me, by
the way, that he believes that he sent a copy of the sentencing
memorandum to one of your reporters.

The actual sentences imposed on Riggs, Darden and Grant also, of
course, makes the article's statement that Rose's one-year sentence is
"by far the stiffest to date" incorrect.

The treatment of the Neidorf case, while perhaps not factually
incorrect, was superficial to the point of dereliction. Neidorf, the
publisher of an electronic newsletter, Phrack, was accused of
publishing, as part of his newsletter, a document which later was
proven to be unlawfully obtained by Riggs, Darden and Grant -- an
activity that many saw as similar to the Pentagon Papers case. The
case was, in fact, eventually dropped when it turned out that the
document in question was publicly available for under $20. Many
believe that the case should never have been brought to trian in the
first place and it is to this kind of electronic publishing activity
that Professor Tribe's constitutional amendment attempts to protect.

It is a bit of a reach to call Neidorf a "hacker". He is a college
senior with an interest in hacking who published a newsletter about
the activities and interest of hackers. It is totally inaccurate to
call Jackson a hacker, no matter what definition of that oft-misused
terms is applied.

The article further states that the target of the Sundevil
investigation was the "Legion of Doom". According to Gail Thackeray,
ex-Assistant Attorney General of the State of Arizona and one of the
key players in the Sundevil investigation, and the aforementioned Kent
Alexander (both in conversations with me and, in Thackeray's case, in
published statements), this is untrue. The Legion of Doom was a
loosely constructed network of persons who, it has been alleged and,
in some cases, proven, illegally accessed computers to obtain
information considered proprietary. The subjects of the Sundevil
investigations were those suspected of credit card fraud and other
crime for profit activities. On April 1st, commenting on the first
major Sundevil indictment, Thackeray was quoted by the Newsbytes News
Service as saying "The Sundevil project was started in response to a
high level of complaint of communications crimes, credit card fraud
and other incidents relating to large financial losses. These were not
cases of persons accessing computers 'just to look around' or even
cases like the Atlanta 'Legion of Doom' one in which the individuals
admitted obtaining information through illegal access. They are rather
cases in which the accused allegedly used computers to facilitate
theft of substantial goods and services."

The article further, by concentrating on a small number of cases,
gives the reader the impression that so-called "hackers' are free to
do whatever they like in the global network that connects businesses,
government and educational institutions. There have been many arrests
and convictions in recent months for computer crime. In New York State
alone, there have been arrests for unlawful entries into PBX's,
criminal vandalism, illegal access to computers, etc. Heightened law
enforcement activity, greater corporate and government concern with
security and a better understanding by "hackers" of acceptable limits
are, if anything, making a safer climate for the global net while the
concern of civil libertarians coupled with greater understanding by
law enforcement officials seems to be reducing the possibility of
frivolous arrests and overreaching. This improved climate, as
evidenced by the recent conference on "Computers, Freedom and
Privacy", is a far cry from the negative atmosphere evidenced in the
conclusion of your article.

I have spent the last few years discussing the issues of computer
crime, access to information and reasonable law enforcement procedures
with a wide range of individuals --police officers, prosecutors,
defense attorneys, "hackers", civil libertarians, lawmakers, science
fiction writers, etc. and have found that their opinions, while often
quite different, warrant presentation to the general public.
Unfortunately, your article with its factual errors and misleading
conclusions takes away from this dialog rather than providing
enlightenment; it is a great disappointment to one who has come to
expect accuracy and insightful analysis from Business Week. I urge you
to publish an article explaining these issues in full and correcting
the many errors in the April 15th piece.

Yours truly,

John F. McMullen
Executive Vice President

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Response #2
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

April 8, 1991

Readers Report
Business Week
1221 Avenue of the Americas
New York, NY 10020

Dear Editor,

Mark Lewyn and Evan Schwartz are correct that the Secret Service's
"Operation Sundevil" has been a disaster ("Why `The Legion of Doom'
has little fear of the Feds", BW April 15th), but the rest of their
article completely misses the point. The problem with the
government's war on computers is not that "it's much harder to nail
hackers for electronic mayhem than prosecutors ever imagined," but
rather, that lack of computer sophistication has caused prosecutors
and investigators to treat law-abiding citizens like criminals. Their
reporting on Steve Jackson Games is particularly egregious. To call
Steve Jackson a "suspect" in the "war on hackers" is to allege
criminal conduct that even the government never alleged.

Steve Jackson Games is a nationally known and respected, award-winning
publisher of books, magazines, and adventure company was ever accused
of any criminal activity. The government has verified that Jackson is
not the target of any investigation, including "Operation Sundevil."
There was no criminal case "dismissed because of lack of evidence"
--there simply was no criminal case at all.

Lewyn and Schwartz missed the real story here. Based on allegations
by government agents and employees of Bellcore and AT&T, the
government obtained a warrant to seize all of the company's computer
hardware and software, and all documentation related to its computer
system. Many of the allegations were false, but even if they had been
true, they did not provide any basis for believing that evidence of
criminal activity would be found at Steve Jackson Games.

The Secret Service raid caused the company considerable harm. Some of
the equipment and data seized was "lost" or damaged. One of the
seized computers ran an electronic conferencing system used by
individuals across the country to discuss adventure games and related
literary genres. The company used the system to communicate with its
customers and writers and to get feedback on new game ideas. The
seizure shut the conferencing system down for over a month. Also
seized were all of the current drafts of the company's
about-to-be-released book, GURPS Cyberpunk. The resulting delay in
the publication of the book caused the company considerable financial
harm, forcing it to lay off half of its employees.

Jackson has resuscitated his electronic conferencing system and his
business. GURPS Cyberpunk was partially reconstructed from old drafts
and eventually published. It has been nominated for a prestigious
game industry award and is assigned reading in at least one college
literature course.

But what happened at Steve Jackson Games demonstrates the
vulnerability of computer users -- whether corporate or individual --
to government ineptitude and overreaching. What the Secret Service
called a "handbook for computer crime" was really a fantasy
role playing game book, something most twelve-year-olds would have
recognized after reading the first page.

Sincerely,

Harvey A. Silverglate
Sharon L. Beckman
Silverglate & Good
Boston, Massachusetts
Counsel for Steve Jackson Games

********************************************************************
>> END OF THIS FILE <<
***************************************************************************