Computer underground Digest Wed Dec 2, 1992 Volume 4 : Issue 62 ISSN 1066-632X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Cookie Editor: Etaion Shrdlu, Junior CONTENTS, #4.62 (Dec 2, 1992) File 1--Political Action and CPSR (Re: CuD 4.60) File 2--More on Political Action (Re: CuD 4.60) File 3--NASA Statement on Ames Raid File 4--Local Civic Network in Wisconsin File 5--Krol's Whole Internet User's Guide (Review #1) File 6--Krol's Whole Internet User's Guide (Review #2) File 7--Krol's Whole Internet User's Guide (Review #3) File 8--Akron BBS trial update! Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT libraries; from America Online in the PC Telecom forum under "computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; in Europe from the ComNet in Luxembourg BBS (++352) 466893; and using anonymous FTP on the Internet from ftp.eff.org (192.88.144.4) in /pub/cud, red.css.itd.umich.edu (141.211.182.91) in /cud, halcyon.com (192.135.191.2) in /pub/mirror/cud, and ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD. European readers can access the ftp site at: nic.funet.fi pub/doc/cud. Back issues also may be obtained from the mail server at mailserv@batpad.lgb.ca.us. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Some authors do copyright their material, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Wed, 25 Nov 1992 13:59:00 EDT From: David Sobel Subject: File 1--Political Action and CPSR (Re: CuD 4.60) In Cu Digest 4.60, Lawrence Schilling notes that "an effective response is needed as a corrective to abusive law enforcement action against so-called computer crime" and asks whether any organizations are monitoring law enforcement activities in this area and collecting relevant information. For the past two years, Computer Professionals for Social Responsibility (CPSR) has made frequent use of the Freedom of Information Act in an effort to document government investigative activities involving computer users. CPSR's first requests to the Secret Service sought information concerning Operation Sun Devil; the most recent requests seek information on the agency's possible involvement in the 2600 incident in Arlington, Virginia. The Sun Devil requests are the subject of pending litigation. CPSR is also litigating FOIA cases against the FBI for documents relating to 1) Bureau monitoring of computer bulletin boards and conferences; and 2) the Bureau's "digital telephony" proposal to more easily facilitate wiretapping of digital communications. The 2600 incident is only the most recent indication that better public oversight of computer crime investigations is needed. In addition to the work being done by CPSR, EFF and other organizations, Congress and the media can play important roles in assuring that agencies such as the Secret Service and the FBI are held accountable for the conduct of these investigations. The issues raised by these cases are still relatively new, and they warrant an informed public debate that can only occur if the scope and purpose of government activities in this area are brought to light. Through its FOIA work, CPSR is seeking to achieve that goal. David L. Sobel Legal Counsel CPSR Washington Office ------------------------------ From jdav Sun Nov 29 13:07:10 1992 Date: Sun, 29 Nov 1992 13:06:56 -0800 Subject: File 2--More on Political Action (Re: CuD 4.60) Richard Gautier asked the above question in C.U.D. 4.60, in response to the CPSR/Berkeley _Computer & Information Technologies Platform_. Since I was involved in helping to draft the platform, allow me to suggest at least a first step: Nothing happens without organization. So the obvious thing is to get organized. Get involved with an organization that is doing important work around these issues. At the top of the list, I would say, is Computer Professionals for CPSR, but please don't take what follows as strictly self-serving. I wouldn't be involved with CPSR if I didn't think that it was who work with computers, as users, programmers, writers, teachers, researchers, etc. CPSR has an active ongoing effort on changing science and technology R & D priorities (21st Century Project). CPSR is very active on Civil Liberties and Privacy issues, and maintains a Washington office to fight at the Federal level on these issues. (That office's activities are frequently reported on in C.U.D.). CPSR's "Computers in the Workplace" working group is active around participatory design and other workplace issues. CPSR is a member-driven group -- that is, members, through the 20+ chapters around the country, identify computer-related issues of particular concern to them, and initiate some activity either at the local level, or nationally. For example, the Portland chapter pulled together a Computers and the Environment conference; the Berkeley chapter produced the platform and raised issues related to the Gulf War and computer folks; and several chapters have worked in their respective states for a responsible Caller-ID policy. CPSR has also recently set up an e-mail discussion group around working in the computer industry (cpsr-work@sunnyside.com) To contact CPSR, e-mail cpsr@csli.stanford.edu; or write P.O. Box 717, Palo Alto, CA, 94302. Other groups (in the order they would appear in the platform): The American Library Association, and the local library associations are on the front lines protecting access to information, and could really, really use support. Public libraries represent a really radical concept -- that everyone, regardless of income, should have access to information. Public library funding is being gutted. Support your local library! "Computers & You" has some experience in trying to provide access to equipment and computer training to a low-income community in San Francisco; their efforts could be a model for other places. (330 Ellis St., SF, CA 94102). Re: Privatization of public information, and access to government info, the Taxpayers Assets Project is active on those issues. (love@essential.org) The League for Programming Freedom has been doing probably the best work around the "intellectual property" rights issues of user interface copyright and software patents. (lpf@uunet.uu.net) Re: Civil Liberties -- Besides CPSR, the Electronic Frontier Foundation (info@eff.org, I think). Work, health and safety issues have been addressed by some unions, especially ones that represent clerical workers. Toxics in the workplace -- more info could probably be found through a state university's Labor Studies Program, or a state OSHA (Occupational Safety & Health Admin). Computers and the Environment: the Campaign for Responsible Technology (617-391-3866) has done work on cleaning up the semiconductor industry. Also, the Silicon Valley Toxics Coalition (408-287-6707). Global cooperation and responsible use of technology: contact the 21st Century Project (chapman@lcs.mit.edu). I know I've left out lots of other groups that are doing excellent work on these issues; hopefully other C.U.D. readers will send in their suggestions. To find out what else is happening in your community around technology issues, try the local CPSR chapter (no chapter? then start one!). They usually know who else is working on similar issues. Unfortunately, there is no shortcut to the political power it takes to make things like the technology platform a reality --especially for resolving involved in the struggle to solve these problems. ------------------------------ Date: Mon, 23 Nov 1992 12:57:02 EDT From: David Sobel Subject: File 3--NASA Statement on Ames Raid NASA Statement on Ames Raid THE CPSR Washington Office has been monitoring developments concerning the unannounced "security review" conducted at the Ames Research Center this past summer. During the course of the review, desks were searched, computers were opened, employees were locked out of their offices, and nine employees (5 civil servants and 4 contractors) were placed on administrative leave without explanations. CPSR has submitted a Freedom of Information Act request to seeking information on the purpose and results of the review. NASA announced on November 17 that certain matters growing out of the Ames raid have been referred to the FBI for further investigation. The agency's statement is reprinted below. David Sobel Legal Counsel CPSR Washington Office ******************************************************** RELEASE: 92-207 NASA RELEASES FINDINGS OF REVIEW TEAM ON SECURITY CONCERNS In July 1992, a Management Review Team (MRT) was established, after a classified briefing was presented to NASA Headquarters management by Ames Research Center (ARC) management located at Mountain View, Calif. The briefing identified potential national security problems. NASA Administrator Daniel S. Goldin determined that the situation at ARC warranted a special one-time review to determine whether the issues and problems existed and, if so, what type of corrective action should be taken. The Federal Bureau of Investigation (FBI), the Department of Justice and the Department of Defense were consulted on the national security and foreign counterintelligence aspects of the problems identified. "Upon learning about the potential security problems, I immediately ordered a review of the situation," Goldin said. "Based on the review, information has been forwarded to proper authorities. The recommendations of the review are being taken very seriously and I intend to promptly implement them." Based upon the review and discussions with senior management, the MRT does not believe that the problems encountered at ARC are occuring at other NASA centers. Findings of Review ARC is considered "high risk" for hostile intelligence operations. ARC exacerbated a marginally effective security posture by not focusing appropriate management attention on the handling of sensitive technology. Structural and functional weaknesses existed in the way the ARC security office worked in relation to other center operations. In addition to security concerns, processes and practices in the areas of personnel, legal, procurement, and data and technology protection are contributing to the potential risk rather than serving as controls over the risk. The ARC culture and environment were found to be the underlying cause of NASA's vulnerability; the culture is strongly biased toward maintaining an academic reputation, rather than meeting U.S.industry and national needs. Generally accepted management controls, as well as security, legal, personnel, and procurement policies, are often viewed as impediments and are sometimes sidetracked or avoided. Lax procedures and attitudes were identified that set the stage for widespread dissemination of commercially valuable applied technology being developed by ARC personnel. ARC's credibility with the U.S. aerospace industry has been damaged as a result of these problems. Some of NASA's customers and partners are reluctant to share important data with NASA for fear it will be disseminated with little or no regard for its sensitivity. In order to regain credibility, specific processes for the identification and handling of sensitive and commercially valuable technologies at ARC must be developed and fully implemented by ARC employees. To resolve the conflict between NASA's desire to share technology internationally and the need to place U.S. interests first, an environment and culture must be developed at ARC and elsewhere at NASA, which focuses NASA's attention on the needs and expectations of U.S. industry and the taxpayer. Basic science efforts actively involve and will continue to involve the international community but applied technology, developed at U.S. taxpayer expense, must be protected for U.S. industry use in accordance with applicable laws and regulations. NASA must work internally, and externally with appropriate members of the Administration and Congress to address the problems and develop long-term solutions. Information Referred to OIG and FBI The MRT found a number of specific discrepancies in the areas of procurement, misuse of government equipment and apparent violations of the law and/or NASA policy. The MRT referred this information, as appropriate, to the NASA Office of Inspector General (OIG) and the FBI, which has jurisdiction over foreign counter intelligence issues resulting from the review. Cases were opened up by both the OIG and the FBI. It is anticipated that the OIG effort will be completed in December 1992. Review of the MRT Team Because the review was unexpected by the ARC workforce and employees of Asian-Pacific ancestry appeared to be disproportionately affected, there was a significant adverse reaction to the review among some of the ARC workforce. The NASA Administrator took immediate action to address employees' concerns. He met with representatives of the ARC Asian Pacific Island Advisory Group to discuss their concerns. The Administrator also appointed an Assessment Panel on Aug. 26, 1992, to assess the approach and process used by the MRT. The assessment panel was charged with examining the concerns that could have unnecessarily increased the levels of employee discomfort or organizational disruption flowing from the review. It was also tasked to make recommendations that would alleviate employee concern about the process, and minimize difficulties, should a similar review be required in the future. The Assessment Panel concluded that "the scope and objective of the management review were legal and that individuals were not selected for interview and search of their workplaces based upon their race or national origin." The Panel further concluded that there was a confluence of factors prior to, during and after the management review, some of which were avoidable and some not, which caused negative reactions within the workforce. ------------------------------ Date: Fri, 30 Oct 1992 08:43:39 -0500 From: "(Gary Chapman)" Subject: File 4--Local Civic Network in Wisconsin Computer Professionals for Social Responsibility is trying to help promote Local Civic Networks around the country. There are projects going on in Washington, D.C., Boston, Seattle, Vermont, Portland, and Madison, Wisconsin. The following is a call for participation and help for the Madison project. For more information about CPSR, the nation's first public interest organization of people in the computing field, write for more information at cpsr-staff@csli.stanford.edu or call (415) 322-3778. For more information on CPSR's Local Civic Networks activity, write CPSR staff member Richard Civille at civille@washofc.cpsr.org. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ A team of people based at the University of Wisconsin-Madison is developing a Public Communication System (PCS), a non-profit network which will be available to the academic community and to the general public, and which will operate over the Internet. We would welcome any comments or suggestions which you might have, and we would like to invite anyone who's interested in this project and would like to get involved. The goal is to develop a large public forum where people can present information, ideas, and questions, and where it will be easy for people to read and respond. The hardware will consist of a central server, PCS computers at universities with connections to the Internet, and PCS computers in public libraries. The public will be able to get access by dialing in from home or via the PCS computers at public libraries. People will be able to read for free. The system will be supported by subscription fees and by fees charged to SIGs for publishing articles and newsletters, conducting conferences,etc. For software, we're modifying Gopher (a program developed at the University of Minnesota) to have enhanced interactive capabilities and security. We hope to be ready to test a prototype by this coming summer. We've already gotten a lot of valuable help from CPSR members. We hope the PCS will be another example of a public-access network which develops up from the grass-roots. Let us know if you have any suggestions, if you'd like more detailed information, and if you'd like to get involved. John Jordan PCS Project Director University of Wisconsin-Madison jordan@macc.wisc.edu (608) 233-9535 ------------------------------ Date: Tue, 23 Nov 92 11:21:21 CDT From: Jim Thomas Subject: File 5--Krol's Whole Internet User's Guide (Review #1) The Whole Internet: User's Guide and Catalogue. By Ed Krol. 1992: O'Reilly & Associates, Inc. 376 pp. $24.95 (paper). ISBN: 1-56592-025-2. I'm sitting at my computer trying to figure out how to telnet into a west coast UNIX system then back into a VMS on the east-coast and use the nn mail reader and get access to a WAIS site to find some information on locating internet user addresses when I spill coffee over the desk. I pick up The Whole Internet (TWI), and although it can't do much about the spilled coffee (other than direct me to sources of information that can), its index, appendices, and info-laden chapters guide me through the rest of the problems. The Whole Internet is a step-by-step how-to guide that takes the reader on a grand tour of some of simplest to the most complex UNIX/VMS internet features. Whether a first-time user or an experienced explorer, Krol provides tricks and identifies traps in accessing telnet, ftp, remote systems' (varieties of DOS, VMS, or UNIX) different and occasionally conflicting commands, and the intricacies of Inter-relay Chat, file transfer, tricks for compression and faster file exchange, and much more. Krol begins by reminding readers that the Internet is a fairly standardized collection of systems and networks with a council of guiding elders, but no significant chain of command or authority. He also reminds readers that any clear definition or description of Internet is of necessity vague, because it changes as both technology changes and as access spreads. For non-technical readers, the third chapter, "How the Internet Works," provides an analogy-filled, figure-laden description of the technology easily understood by the most techno-illiterate reader. For those unsure of how to access internet or how to figure out mailing addresses, chapter three summarizes domains and explains how they can be found. Not sure how to act when entering new terrain where strangers may seem threatening? Chapter four explains all you need to know about ethics, courtesy, and basic norms of communication. Krol recognizes that everything cannot be explained in a single volume, and where more detail is needed, he identifies the source and details how to access it. Experienced net-roamers know that, although ftp file transfer in most cases is simple, they also know that not all systems respond as requested. One of the most valuable features of TWI is the explicit, comprehensible, and example-filled chapters on accessing remote systems and transferring files. Each chapter provides screen displays that a user confronts on log-in, and clearly illustrates the proper commands to be used. Krol provides commands for browsing remote machines and explains how to set remote commands to save time. For those who are too impatient to list the remote help screen, Krol provides summary descriptions of basic ftp commands and how (and when) they should be used. Especially helpful is the suggestion that, when retrieving a large number of files or an entire directory, users should invoke the tar program that combines the files, and a compression program, such as Z, to speed up the transfer. Not all remote systems are UNIX based, and Krol includes a substantial discussion on accessing VMS and other sites that often create problems because of unusual commands or system incompatibility. Krol's chapters on electronic mail and network news include the basic summaries found elsewhere. However, especially helpful for new or intermediate users, he includes a number of suggestions for building .newsrc and mailer "profile" files, aliases, and other shortcuts to simplify tasks. The tutorial on the nn mail reader includes instructions both on how to set it up and how to use it. Unfortunately, he (intentionally) ignores rn, which users on systems which it is the only available reader might find objectionable. One of the most enjoyable aspects of ftp is cruising the nets searching for and playing with software. TWI includes substantial and thorough instructions on where to look for software (or where to look for information on how to look for it), how to obtain it, and tricks for using it once obtained. Those who have yet to try Archie, WAIS or Gopher because they seemed complicated and intimidating, several chapters provide more than sufficient information that explains what they are, how they function, and how their power can be used. Archie, a system of indexes that directs users other public files, is one of the most useful services for finding particular programs or texts that would otherwise take mega-hours of hit-and-miss searching through various systems. Gopher's handy menu-driven autopilot for exploring is as nicely detailed as a London tour guide, and the WAIS (pronounced, Krol reminds us, "wayz") utility for text searches throughout files on the Internet is made almost too simple. Krol provides far more information than can be detailed here. He describes accessible games, illustrates how to use various "white pages" utilities for finding information about other users, tells us how to engage in on-line talk/chat, and in nearly all cases attempts to identify and overcome many of the idiosyncratic problems that occur on systems that might disrupt full use or enjoyment of the internet. Despite the technological descriptions, the volume is written with considerable humor and occasional levity. Like Brendan Behan's Zen and the Art of the Internet (ZAI), TWI illustrates that technologically detailed volumes (and their authors) need not be staid or boring. As a bonus, he inlcudes a substantial appendix that lists by topic and address special-interest groups or systems that attract, for example, users with academic interests, hobbies, sports, or technology. TWI is valuable because it is handy--very, very handy. But, it is also valuable because it is likely to expand awareness of and proficiency with using the Internet. This volume does not replace other such helpful works as Quarterman's technologically-dense The Matrix or Kehoe's more underground oriented ZAI. Rather, it supplements them. It, like the others, should have it on the bookshelf. ------------------------------ Date: Tue, 13 Oct 92 06:33 CDT From: AHARWELL@PANAM1.BITNET Subject: File 6--Krol's Whole Internet User's Guide (Review #2) The Whole Internet User's Guide and Catalog: A DICEy Proposition In his first book _The Macintosh Way_, Guy Kawasaki writes about a principle of good product design he calls DICE. A great product should be Deep, Indulgent, Complete, and Elegant. In being DICEy, a product manages to appeal to "both passengers and sailors," delights the senses, (in the case of a book) informs and teaches, and is easily accessible. _The Whole Internet User's Guide and Catalog_, by Ed Krol, brings forth the DICE ideal onto the printed page in a superbly designed, well-organized volume. Krol covers all the bases you'd expect in a book on the Internet: e-mail, ftp, Archie, Usenet, whois and all the rest. But instead of providing us with a flat explanation of, say, ftp, he gives us a short background on ftp, then takes us through a standard UNIX-to-UNIX ftp session. An annotated line-by-line record of the session is included, and it is extremely clear and easy to understand. He then goes on to explain what source files and destination files are and how to interpret the messages produced by ftp. That simple example out of the way, the author then warns us of some common problems. Following the DICE principle, Krol next walks us through sample ftp sessions on VMS, MS-DOS, IBM/VM, and Macintosh systems. Each OS's ftp peculiarities are carefully explained (and it is amusing here to discern the author's impatience with some of them) and elaborated upon. This is another example of the "passengers and sailors" appeal of this book. Most ftp implementations are similar enough that a demonstration of only one flavor the program would enable the casual user to get by, but Krol makes no such assumptions about his readers. VMS is treated in as much detail as MS-DOS or UNIX. It's hard to remember a better-organized guidebook? catalog? handbook? Chapters begin with an overview of their contents and a brief cross-reference to other chapters that have related material. Even if the reader doesn't find exactly what he needs where he first looks, he should have no trouble locating it. The back of the book has a very complete index and a series of appendices full of practical information, such as Internet service providers, an Internet resource catalog, a glossary, and the acceptable use policy. Beyond all that, Krol addresses important concerns that anyone who uses the Internet should be aware of, such as privacy and common sense advice about protecting the Internet. There is a particular page in Chapter 3 that I wish could be made mandatory reading for any person requesting an account. For me, a large part of enjoying a book is enjoying looking at the book itself. Here's where the indulgent part of _The Whole Internet_ comes in. The typography is excellent, and the little illustrations at the start of each chapter are charming. As in all Nutshell books, a colophon at the end explains what's what and who did it. Truly, a nice piece of design: coherent, easy to understand, straightforward. Everything one could want. The book itself was produced over the net, and Krol says that the Internet resource catalog was created from information gleaned by reading listservs, newsgroups, gophering, and doing Archie searches. This is part of the key to the book's richness and usefulness to such a variety of readers. It's obvious from the writing style and choice of content that the author was attuned to the net community and what is important to its citizens. Anne Harwell harwell@panam.edu ------------------------------ Date: Thu, 24 Sep 1992 09:01:30 MST From: Dan Lester Subject: File 7--Krol's Whole Internet User's Guide (Review #3) A number of guides to the Internet have been published recently, and others have been announced for the near future. As of this writing there is a new, undisputed champion that is available at a reasonable price. Yesterday FedEx delivered our copy of Ed Krol's _The Whole Internet User's Guide & Catalog_ direct from the publisher, O'Reilly & Associates, Inc. This latest publication in their renowned Nutshell Handbook series is worth every penny of the $24.95 list price. The ISBN is 1-56592-025-2. O'Reilly can be reached at 103 Morris St, Ste. A, Sebastopol, CA 95472, or 800-998-9938. Many are familiar with the Nutshell Handbooks that O'Reilly has published, mostly for the Unix and X Window environments. This book is a high quality paperback of 376 pages that is printed on acid-free paper (not that it will need to last that long, considering the rate of change of the Internet). Those not familiar with O'Reilly's publications will be familiar with Krol's RFC 1118, "The Hitchhiker's Guide to the Internet," which this new book updates and obsoletes. To indicate how comprehensive and current the book is, I'll take the liberty of listing the chapter titles: 1. What is this book about? 2. What is the Internet? 3. How the Internet works. 4. What's allowed on the Internet? 5. Remote login. 6. Moving files: FTP 7. Electronic mail 8. Network News 9. Finding software [all about Archie] 10. Finding someone 11. Tunneling through the Internet: Gopher 12. Searching Indexed databases: WAIS 13. Hypertext spanning the Internet: WWW 14. Other applications [fax, chatting, games, etc.] 15. Dealing with problems [error msgs, dealing with operations folks, etc.] There are also appendices covering resources on the nets, how to get connected, international connectivity, acceptable use, and other matters. The glossary is adequate, but does not try to compare to the _The New Hacker's Dictionary_. The index is very good. In conclusion, I recommend this very highly. Although there are many other competing works out there, this one covers almost everything anyone could want to know, is well written for both the novice and the experienced user, and is available now at a very reasonable price. All who are reading this review should have a copy on their desk, and a copy in their public, academic, or special library for reference by other potential users. Obligatory disclaimer: I do not know the author and have no business or other connections with the author or publisher. I'm just a very happy consumer. ------------------------------ Date: 02 Dec 92 11:49:08 EST From: David Lehrer <71756.2116@COMPUSERVE.COM> Subject: File 8--Akron BBS trial update! Akron BBS trial update: Dangerous precedents in sysop prosecution You may already know about the BBS 'sting' six months ago in Munroe Falls, OH for "disseminating matter harmful to juveniles." Those charges were dropped for lack of evidence. Now a trial date of 1/4/93 has been set after new felony charges were filed, although the pretrial hearing revealed no proof that *any* illegal content ever went out over the BBS, nor was *any* found on it. For those unfamiliar with the case, here's a brief summary to date. In May 1992 someone told Munroe Falls police they *thought* minors could have been getting access to adult materials over the AKRON ANOMALY BBS. Police began a 2-month investigation. They found a small number of adult files in the non-adult area. The sysop says he made a clerical error, causing those files to be overlooked. Normally adult files were moved to a limited-access area with proof of age required (i.e. photostat of a drivers license). Police had no proof that any minor had actually accessed those files so police logged onto the BBS using a fictitious account, started a download, and borrowed a 15-year old boy just long enough to press the return key. The boy had no knowledge of what was going on. Police then obtained a search warrant and seized Lehrer's BBS system. Eleven days later police arrested and charged sysop Mark Lehrer with "disseminating matter harmful to juveniles," a misdemeanor usually used on bookstore owners who sell the wrong book to a minor. However, since the case involved a computer, police added a *felony* charge of "possession of criminal tools" (i.e. "one computer system"). Note that "criminal tool" statutes were originally intended for specialized tools such as burglar's tools or hacking paraphenalia used by criminal 'specialists'. The word "tool" implies deliberate use to commit a crime, whereas the evidence shows (at most) an oversight. This raises the Constitutional issue of equal protection under the law (14'th Amendment). Why should a computer hobbyist be charged with a felony when anyone else would be charged with a misdemeanor? At the pretrial hearing, the judge warned the prosecutor that they'd need "a lot more evidence than this" to convict. However the judge allowed the case to be referred to a Summit County grand jury, though there was no proof the sysop had actually "disseminated", or even intended to disseminate any adult material "recklessly, with knowledge of its character or content", as the statute requires. Indeed, the sysop had a long history of *removing* such content from the non-adult area whenever he became aware of it. This came out at the hearing. The prosecution then went on a fishing expedition. According to the Cleveland Plain Dealer (7/21/92) "[Police chief] Stahl said computer experts with the Ohio Bureau of Criminal Identification and Investigation are reviewing the hundreds of computer files seized from Lehrer's home. Stahl said it's possible that some of the games and movies are being accessed in violation of copyright laws." Obviously the police believe they have carte blanche to search unrelated personal files, simply by lumping all the floppies and files in with the computer as a "criminal tool." That raises Constitutional issues of whether the search and seizure was legal. That's a precedent which, if not challenged, has far-reaching implications for *every* computer owner. Also, BBS access was *not* sold for money, as the Cleveland Plain Dealer reports. The BBS wasn't a business, but rather a free community service, running on Lehrer's own computer, although extra time on the system could be had for a donation to help offset some of the operating costs. 98% of data on the BBS consists of shareware programs, utilities, E-mail, etc. The police chief also stated: "I'm not saying it's obscene because I'm not getting into that battle, but it's certainly not appropriate for kids, especially without parental permission," Stahl said. Note the police chief's admission that obscenity wasn't an issue at the time the warrant was issued. Here the case *radically* changes direction. The charges above were dropped. However, while searching the 600 floppy disks seized along with the BBS, police found five picture files they think *could* be depictions of borderline underage women; although poor picture quality makes it difficult to tell. The sysop had *removed* these unsolicited files from the BBS hard drive after a user uploaded them. However the sysop didn't think to destroy the floppy disk backup, which was tossed into a cardboard box with hundreds of others. This backup was made before he erased the files off the hard drive. The prosecution, lacking any other charges that would stick, is using these several floppy disks to charge the sysop with two new second-degree felonies, "Pandering Obscenity Involving A Minor", and "Pandering Sexually Oriented Matter Involving A Minor" (i.e. kiddie porn, prison sentence of up to 25 years). The prosecution produced no evidence the files were ever "pandered". There's no solid expert testimony that the pictures depict minors. All they've got is the opinion of a local pediatrician. All five pictures have such poor resolution that there's no way to tell for sure to what extent makeup or retouching was used. A digitized image doesn't have the fine shadings or dot density of a photograph, which means there's very little detail on which to base an expert opinion. The digitization process also modifies and distorts the image during compression. The prosecutor has offered to plea-bargain these charges down to "possession" of child porn, a 4'th degree felony sex crime punishable by one year in prison. The sysop refuses to plead guilty to a sex crime. Mark Lehrer had discarded the images for which the City of Munroe Falls adamantly demands a felony conviction. This means the first "pandering" case involving a BBS is going to trial in *one* month, Jan 4th. The child porn statutes named in the charges contain a special exemption for libraries, as does the original "dissemination to juveniles" statute (ORC # 2907.321 & 2). The exemption presumably includes public and privately owned libraries available to the public, and their disk collections. This protects library owners when an adult item is misplaced or loaned to a minor. (i.e. 8 year olds can rent R-rated movies from a public library). Yet although this sysop was running a file library larger than a small public library, he did not receive equal protection under the law, as guaranteed by the 14'th Amendment. Neither will any other BBS, if this becomes precedent. The 'library defense' was allowed for large systems in Cubby versus CompuServe, based on a previous obscenity case (Smith vs. California), in which the Supreme Court ruled it generally unconstitutional to hold bookstore owners liable for content, because that would place an undue burden on bookstores to review every book they carry, thereby 'chilling' the distribution of books and infringing the First Amendment. If the sysop beats the bogus "pandering" charge, there's still "possession", even though he was *totally unaware* of what was on an old backup floppy, unsolicited in the first place, found unused in a cardboard box. "Possession" does not require knowledge that the person depicted is underage. The law presumes anyone in possession of such files must be a pedophile. The framers of the law never anticipated sysops,or that a sysop would routinely be receiving over 10,000 files from over 1,000 users. The case could set a far ranging statewide and nationwide precedent whether or not the sysop is innocent or guilty, since he and his family might lack the funds to fight this--after battling to get this far. These kinds of issues are normally resolved in the higher courts--and *need* to be resolved, lest this becomes commonplace anytime the police or a prosecutor want to intimidate a BBS, snoop through users' electronic mail, or "just appropriate someone's computer for their own use." You, the reader, probably know a sysop like Mark Lehrer. You and your family have probably enjoyed the benefits of BBS'ing. You may even have put one over on a busy sysop now and then. In this case; the sysop is a sober and responsible college student, studying computer science and working to put himself through school. He kept his board a lot cleaner than could be reasonably expected, so much so that the prosecution can find very little to fault him for. *Important* Please consider a small contribution to ensure a fair trial and precedent, with standards of evidence upheld, so that mere possession of a computer is not grounds for a witch hunt. These issues must not be decided by the tactics of a 'war of attrition'; *however far* in the court system this needs to go. For this reason, an independent, legal defense trust fund has been set up by concerned area computer users, CPA's, attorneys,etc. Mark Lehrer First Amendment Legal Defense Fund (or just: MLFALDF) Lockbox No. 901287 Cleveland, OH 44190-1287 *All* unused defense funds go to the Electronic Frontier Foundation, a nonprofit, 501c3 organization, to defend BBS's and First Amendment rights. Help get the word out. If you're not sure about all this, ask your local sysops what this precedent could mean, who the EFF is--and ask them to keep you informed of further developments in this case. Please copy this file and send it to whoever may be interested. This case *needs* to be watchdogged. Please send any questions, ideas or comments directly to the sysop: Mark Lehrer CompuServe: 71756,2116 InterNet: 71756.2116@compuserve.com Modem: (216) 688-6383 USPO: P.O. Box 275 Munroe Falls, OH 44262 ------------------------------ End of Computer Underground Digest #4.62 ************************************