************************************************************ ************************************************************ *** EFF News #1.00 (December 10, 1990) *** *** The Electronic Frontier Foundation, Inc. *** *** Welcome *** ************************************************************ ************************************************************ Editors: Mitch Kapor (mkapor@eff.org) Mike Godwin (mnemonic@eff.org) REPRINT PERMISSION GRANTED: Material in EFF News may be reprinted if you cite the source. Where an individual author has asserted copyright in an article, please contact her directly for permission to reproduce. E-mail subscription requests: effnews-request@eff.org Editorial submissions: effnews@eff.org We can also be reached at: Electronic Frontier Foundation 155 Second St. Cambridge, MA 02141 (617) 864-0665 (617) 864-0866 (fax) USENET readers are encouraged to read this publication in the moderated newsgroup comp.org.eff.news. Unmoderated discussion of topics discussed here is found in comp.org.eff.talk. This publication is also distributed to members of the mailing list eff@well.sf.ca.us. ************************************************************ The EFF has been established to help civilize the electronic frontier; to make it truly useful and beneficial to everyone, not just an elite; and to do this in a way that is in keeping with our society's highest traditions of the free and open flow of information and communication. EFF News will present news, information, and discussion about the world of computer-based communications media that constitute the electronic frontier. It will cover issues such as freedom of speech in digital media, privacy rights, censorship, standards of responsibility for users and operators of computer systems, policy issues such as the development of national information infrastructure, and intellectual property. Views of individual authors represent their own opinions, not necessarily those of the EFF. ************************************************************ *** EFF News #1.00: Table of Contents *** ************************************************************ Article 1: Who's Doing What at the EFF Article 2: EFF Current Activities - Fall 1990 Article 3: Contributing to the EFF Article 4: CPSR Computing and Civil Liberties Project (Marc Rotenberg, Computer Professionals for Social Responsibility) Article 5: Why Defend Hackers? (Mitch Kapor) Article 6: The Lessons of the Prodigy Controversy Article 7: How Prosecutors Misrepresented the Atlanta Hackers ************************************************************ *** EFF News #1.00: Article 1 of 7: *** *** Who's Doing What at the EFF *** ************************************************************ The EFF has hired its first full-time staff member, Mike Godwin. Mike is serving as the EFF's staff counsel and will be coordinating the ongoing legal work of the EFF as well. Mike is a recent graduate of the University of Texas Law School. Previously he served as editor-in- chief of The Daily Texan student newspaper. He has been a frequent contributor to the discussions of computing and civil liberties on the net. Welcome, Mike. As the scope of EFF activities increase, we anticipate hiring another full-time professional staff person at EFF. The new position is in the process of being defined, but the responsibilities are likely to include involvement with our print and online publications as well as the administrative tasks associated with raising contributions and responding to our constituents. We have gotten settled in our remodelled quarters. Leila Gallagher has joined us as an office volunteer helping with duplicating, mailing, and other administrative matters. There are currently additional volunteer opportunities at the EFF's Cambridge office. Anyone with experience with PageMaker and FileMaker who is interested in helping us with our print newsletter and creating a inquiries database is encouraged to contact Mike Godwin. Gerard van der Leun (boswell@well.sf.ca.us) has volunteered to organize and edit the first issue of the EFF's print newsletter, the EFFector. He is getting lots of help from Dan Sokol and Rick Doherty. Look for a first issue this winter. Mitch Kapor is working full-time on public interest computing issues, including the EFF, where he is currently serving as Acting Executive Director. John Barlow (barlow@well.sf.ca.us) is actively engaged in writing and speaking about issues on the electronic frontier. Harvey Silverglate and Sharon Beckman (slvrgood@well.sf.ca.us) of the law firm of Silverglate and Good and Terry Gross (tgross@well.sf.ca.us) of the Rabinowitz, Boudin, Standard, Krinsky, and Lieberman are the EFF's litigation counsel. ************************************************************ *** EFF News #1.00: Article 2 of 7: *** *** EFF Current Activities - Fall 1990 *** ************************************************************ >>>LEGAL EFFORTS<<< The EFF is continuing to investigate legal opportunities for helping to establish the First and Fourth Amendment rights of computer users and sysops. We are closely tracking the known cases of BBS-related seizures and arrests that have arisen as the result of Operation Sun Devil and the computer-crime operation based in the Chicago U.S. Attorney's office. These cases may provide us with critical opportunities to defend the rights of computer users and BBS operators. We are continuing to track other cases of alleged computer-related crimes, many of which arose prior to the two federal operations mentioned above, but in which the EFF may be able to play some formal or informal role. The EFF has also been following the Prodigy case and has been investigating the cases in which universities may have been ordered by NSF officials to remove graphics files from their systems. We have been increasing our media presence through our cooperation with trade- publication and mainstream journalists, who now know to call the EFF offices for feedback on computer-related news items. We are increasing our contacts with attorneys around the country who are involved in computer-related cases. It is hoped that these attorneys may ultimately become part of a network of attorneys who associate with EFF for the purpose of taking on pro bono cases in which EFF has an interest. The EFF been working to provide the American Bar Association with input concerning judicial guidelines for the issuance of search warrants in computer- and BBS-related cases. >>> MASSACHUSETTS COMPUTER CRIME BILL<<< The EFF has drafted and is working for the passage of a computer crime bill, which has the backing of the Governor and Attorney General of Massachusetts. If passed, the bill will serve as model legislation in balancing property and free speech interests. Previously, a completely different version of the bill had passed both houses of the Massachusetts legislature and was sent to the Governor for his signature. Thanks to the efforts of the Governor's Office and the Massachusetts Software Council, the bill came to our attention and we were able to persuade the Governor that, as originally written, it had a number of fundamental flaws, not the least of which was the unproven assumption that a bill that broadly criminalized whole ranges of computer-related activities was even called for. In fact, the original bill appeared to operate from the same set of assumptions that we have seen too often in other EFF activities: an untested belief that more regulation is necessarily better and a disregard for the consequences of such an approach in stifling free speech and ordinary commerce. The result was a bill which was both unwise as well as unconstitutional. The preamble of the new bill explicitly recognizes that the integrity of computer systems must be protected in a way that does not infringe on the rights of users of computer technology, including freedoms of speech, association, and privacy. In its first provision, the bill makes it a crime to knowingly and without authorization access a controlled computer system with the intention of causing damage and actually cause damage in excess of $10,000. The second provision of the bill is identical to the one above except that it covers activities undertaken with reckless disregard of the consequences as opposed to intent to cause damage, and it carries a lesser penalty. The bill breaks new ground in the area of enforcement. Prosecutions may be brought only by the Attorney General and only after guidelines are established to assure that searches of electronic media do not unnecessarily infringe on speech and privacy rights. These guidelines must be consistent with the concerns stated in the preamble. The bill also establishes a 17-person commission charged with recommending future legislation in this area. Now that the Governor has sent the revised bill back to the Legislature, it is up to them. We have met with the House and Senate sponsors of the bill and are cautiously optimistic that the bill can be passed in the waning days of the current legislative session. >>>MEETINGS<<< On September 18 Mitch Kapor made a presentation about the EFF to the Computer Science and Telecommunications Board of the National Academy of Science and Engineering, of which he is a new member. The Board is constituted to advise the government on technological issues with great social impact and generally consists of department chairs of well-known computer science departments and vice-presidents of research at major corporations. The CSTB viewed the issues raised as extremely important and wanted to contribute to the advancement of the positions advocated by the EFF. Mitch is working on follow-up proposal ideas, including the CSTB conducting a national "strategic forum" on computing and civil liberties. This venue is potentially very important because recommendation of the CSTB carry a great deal of weight in the Congress. On September 26, Steve Jackson (Austin game publisher whose BBS and computer equipment was seized in a Secret Service raid), Terry Gross (EFF attorney), and Sheldon Zenner (the lawyer who represented Craig Neidorf) appeared on a panel at a general meeting of the Boston Computer Society to discuss computing and civil liberties. They were very well received by an enthusiastic audience. On September 27, Mitch Kapor and Sheldon Zenner made a presentation to the I4 group. This is a select organization of 50 large corporations who support a program in computer security research at SRI, which is run by Donn Parker. This was an important bridge-building session with the corporate world. Dorothy Denning participated in the panel discussion which followed the presentations. On October 3-4, Dorothy Denning and Craig Neidorf attended the National Conference on Computer Security, Washington D.C. On October 20th John Barlow gave a major address at the annual meeting of Computer Professionals for Social Responsibility in San Fransisco on "Civilizing Cyberspace: Computers, Civil Liberties, and Freedom". On October 29, Harvey Silverglate and Mitch Kapor participated in a panel sponsored by Harvard's Office of Information Technology on "Electronic Communication and Political Freedom". Gene Spafford of USENET fame was also present. There was an audience of approximately 100 people. On October 30th Mitch appeared on a well-attended panel at MIT on intellectual-property reform. On November 7 Mitch spoke before the American Society for Information Science annual meeting in Montreal on EFF issues. John, Mitch, Steve Jackson, John Gilmore and Rick Doherty all attended Hackers 6.0, held this year at Lake Tahoe, on November 16-18. There was a very active session devoted to the EFF on Sunday, which generated much interest and converted a few skeptics. -end- ************************************************************ *** EFF News #1.00: Article 3 of 7: *** *** Contributing to the EFF *** ************************************************************ We have filed a 501c3 application with the Internal Revenue Service to qualify for eligibility to receive tax-deductible contributions. We expect to hear from the service within a few months. In the meantime, we can accept contributions now which will qualify for deductibility once our exemption is granted. -end- ************************************************************ *** EFF News #1.00: Article 4 of 7: *** *** CPSR COMPUTING AND CIVIL LIBERTIES PROJECT *** *** by Marc Rotenberg *** *** (marcindc@well.sf.ca.us) *** ************************************************************ >>> UPCOMING CPSR POLICY ROUNDTABLE <<< CPSR will host the first Computing and Civil Liberties policy roundtable on February 21 and 22, 1991 at the American Association for the Advancement of Science in Washington, DC. The purpose of the roundtable will be to bring together leading experts to explore two issues: free speech and computer networks, and searches of computer bulletin boards. What speech restrictions currently exist? Should federal agencies or private companies be allowed to restrict the content of a computer message and, if so, in what circumstances? The second issue is the investigation of computer bulletin boards by law enforcement agents. Are there any restrictions on the ways that police may monitor computer communications and computer bulletin boards? If not, should such restrictions be developed? The conference is the first in a series of policy roundtables that will be held in Washington, DC and that are made possible with funding from the Electronic Frontier Foundation -end- ************************************************************ *** EFF News #1.00: Article 5 of 7: *** *** Why Defend Hackers? *** *** by Mitch Kapor *** ************************************************************ An all-too-common perception of the EFF that prevails in the computer industry and those who report on it--from John Sculley to the Wall St. Journal--is that the EFF is an organization that has "something to do with hackers." (They use "hackers" as a term not of approbation but of rebuke). Most of these sometime colleagues and associates of mine are puzzled as to why I would be doing such a thing. (A few think I've just become a loony.) Anyway, they've heard about the terrible problems caused by hackers who break into computer systems, they worry that I'm out to defend such practices, and they disapprove. But their disapproval is based on the pure misconception that the EFF's purpose is to defend people's right to break into computer systems. Let me clear up that misconception now. I regard unauthorized entry into computer systems as wrong and deserving of punishment. People who break into computer systems and cause harm should be held accountable for their actions. We need to make appropriate distinctions in the legal code among various forms of computer crime based on such factors as intent and the degree of actual damage. In fact, the EFF has drafted a bill that has the backing of the Governor and Attorney General of Massachusetts and that embodies these principles. But if the EFF isn't trying to advance the cause of computer hackers, you may ask, what is it doing and why? What is it that was sufficiently powerful to motivate me to help start a whole organization? As I began to find out the real story behind government raids and indictments last summer, I became incensed at the fact that innocent individuals were getting caught up in the blundering machinations of certain law enforcement agencies and large corporations. These were kids really, young people with whom I identified, who faced the prospect of having their lives ruined. Take Craig Neidorf, for example. Neidorf, a 20-year-old college student and the publisher of an electronic newsletter, was indicted on felony charges of wire fraud and interstate transportation of stolen property. Neidorf had published a document about administrative procedures used in the 911 emergency response telephone system that someone else had removed from a BellSouth computer. On the fourth day of the trial, the prosecution dropped the case after it became clear that the information in the "highly confidential" BellSouth document at issue was publicly available for less than $20. Justice was served by the government's decision to drop the case, but it was expensive justice. Neidorf and his family face $100,000 in legal bills, to say nothing of the disruption and suffering caused by the trial for an action that should never have been brought against him to begin with. And the prosecution has had a chilling effect on Neidorf, who has stopped publishing PHRACK. In a second case, the EFF continues to assist Steve Jackson, a game manufacturer in Austin, Texas, who has suffered substantial business losses after a Secret Service raid in early March resulted in the seizure of his BBS and of his forthcoming fantasy gamebook GURPS Cyberpunk. The seizure of Jackson's computer equipment caused him to lay off nearly half of his staff and threatened the survival of the business. As subsequent revelations have showed, there was no good reason for this raid. It never should have been permitted to occur in the first place. While helping defend the innocent is one role for the EFF to play, there is more at stake than trying to prevent individuals from being wronged. It is also a matter of rights for all of us. The actions taken against Craig Neidorf and Steve Jackson -- the prosecution of an electronic publisher and the seizure of a BBS and an electronically stored book-in-progress -- demonstrate governmental disregard of the fundamental constitutional right of freedom of speech I believe it is terribly important to extend to these new digital media the same strong First Amendment protections of freedom of speech and freedom of expression which we enjoy in our own lives and in the print media. The government should not be able to seize a bulletin board any more easily than they can seize a printing press. We must find ways for law enforcement to do its job in protecting the property interests of some of us without violating the freedom of speech of the rest of us. This is clearly a matter of protecting civil liberties and thus familiar to those who take an interest in upholding the Bill of Rights, but it is also more than that. These embryonic media of electronic mail, computer bulletin boards and conferencing systems, provide open forums of communication. They are a healthy antidote to the corrosive effects of the power of large, centralized institutions, private and public, and to the numbness induced by one-way, least-common-denominator mass media. In the physical world, our sense of community withers. Urban centers as places to live are being abandoned by all who can afford to leave. In the global suburbs in which more and more of us live, one's horizon is limited to the immediate family. Even close neighbors are often anonymous. In the realities that can be created within digital media there are opportunities for the formation of virtual communities--voluntary groups who come together not on the basis of geographical proximity but through a common interests. Computer and telecommunications systems represent an enabling technology for the formation of community, but only if we make it so. I believe it is urgent, as a matter of national policy, that we encourage and further stimulate the social experiments and developing infrastructure that are taking place on the Net every day. The ultimate mission of the EFF is to help articulate this vision and play a constructive role in the working out of the new legal and social norms which we are faced with developing. As John Barlow and I meditated together last June on the broader implications of the initial events --a meditation that catalyzed the formation of the EFF--we could see that what was at stake was not merely seeing justice be served in the case of a few individuals, nor simply the preservation of the civil liberties of all of us, although these goals are vitally important. The larger issue is how our society will come to terms with the onrush of transformative technology. If we take the right steps now--and EFF is working to take those steps--new and increasing access to information technology will enhance rather than inhibit the positive growth and development of individuals, of communities, and of society as a whole. -end- ************************************************************ *** EFF News #1.00: Article 6 of 7: *** *** The Lessons of the Prodigy Controversy *** ************************************************************ Many EFF supporters have asked what position, if any, the Electronic Frontier Foundation has taken with regard to the recent dispute between the online service Prodigy and a large, vocal subset of its users. Although EFF is not involved at the moment in any activities directly relating to the Prodigy dispute, we believe that the dispute touches some basic issues with which we are very concerned, and that it illustrates the potential dangers of allowing private entities such as large corporations to try and dictate the market for online electronic services. Although Prodigy, a joint project sponsored by Sears and IBM, has been available in some cities since October 1988, national availability of the service and a big advertising campaign only began this fall. New users who signed on during the membership push would receive, for a single monthly fee of $12.95, access to all Prodigy services, which included online shopping, a news service, and a flight-scheduling service. The flat monthly rate was a major selling point. Prodigy was originally intended to become an electronic shopping mall,, where consumers could directly order goods and services. While the top portion of a Prodigy user's computer display is dedicated to whatever information Prodigy is providing the user (an encyclopedia, say, or a summary of the day's news), an area along the bottom of the screen is devoted to advertising various consumer goods and services. Among the services Prodigy provides is a public conferencing system, analogous in some ways to a computer bulletin-board system (BBS), but national in scope. Users can carry on public discussions of topics ranging from politics to health issues. Prodigy management has hired editors "with journalistic backgrounds" to review messages for suitability before they are allowed to be publicly posted. The member agreement allows the management to limit public discussions of topics and to edit postings of individual members for obscenity or illegal content ... or for anything else, at Prodigy's discretion. The result of this broad management prerogative? One member is reported to have had his posting about population problems in Catholic countries censored, presumably out of the editors' fear that Catholic users would be offended. More significantly, some whole discussion topics, including a debate between Christian fundamentalists and gay activists, have been removed without warning from the conferences. But what bothers the Prodigy protesters is not just that particular topics are censored--it's that the censorship is capricious. "That's one of the most frustrating things--you can't even predict what's going to be censored and what isn't," says Henry Niman, a cancer researcher who later become one of the leaders of a user protest of Prodigy. The initial solution to the censorship problem was simple: Take the discussions to e-mail. Prodigy users began to rely on a mailing-list feature of the program to continue their (now-uncensored) discussions. But soon a crisis had brewed. The Prodigy users who had been told to take their no-longer-welcome public discussions to e-mail were now being told that they wouldn't be able to use the e-mail service at the flat rate any longer. Instead, each account would get 30 free messages per month, with a charge of 25 cents per message thereafter. This meant, in effect, the end of the mailing lists, since just a few mailings could exhaust a user's free-message quota and rack up sizable charges. And it was disappointing as well to many non-mailing-list users, some of whom are disabled, who rely on Prodigy as a major social outlet. The result of this policy change was predictable: irate Prodigy users began to protest, complaining on Prodigy's public boards about the new usage fee and attempting to organize a write-in campaign notifying Prodigy's management and--when management turned a deaf ear to their protests--its advertisers of their disaffection. Prodigy management responded by terminating the accounts of 12 of the protestors, claiming that the protestors had violated their membership agreements, which forbade "harassment." Prodigy management justifies the usage fees by arguing that their original hardware setup couldn't support the increases in electronic traffic. The new policies were adopted to curb what management perceived as flagrant abuses of electronic mail privileges by a tiny minority of users. And, a Prodigy spokesman insists, the time Prodigy customers spend in e-mail is time that they aren't buying from Prodigy's advertisers. (Prodigy claims that ads are not visible during electronic mail; Prodigy users say this claim is misleading, and that while ads are invisible at some points while editing and reading e-mail, they're nevertheless visible elsewhere during e-mail sessions.) Of course, in many ways the issue of the fees for e-mail is a superficial one. The only reason a significant fraction of users began to rely on mass mailings is that they were barred from public discussion of issues on Prodigy's public message bases. The Prodigy experience to date reveals a serious mismatch between the expectations of Prodigy's management and its customers. Here the market clearly seemed to want unrestricted public conferencing and electronic mail. But as demand for these features has mounted, the supplier, rather than trying to satisfy its customers, has cut back on the features' availability because it did not correspond to or fit with the company's view of the purpose of the service. To the extent to which this type of thinking is representative of the general way large commercial interests may offer on-line services, it clearly represents a turning away from the use of digital media as open forums of public communication. In the extreme case, in a situation in which Prodigy and its commercial competition all choose to censor and control communication on their services, the public interest will not be well served. "It is necessary to consider decisions that Prodigy is making carefully," Jerry Berman, director of the American Civil Liberties Union's Information Technology Project, told the New York Times last month. "We have no comparable models in the computer era," he said, "but we should be concerned if systems such as Prodigy become the rule. Instead of expanding speech, we'll have electronic forums that are quite limited." It is clear that Prodigy management is uncomfortable with the notion of a free forum; they have chosen to describe their service as a "publication" rather than as a forum precisely because they want to have an editor's prerogatives to dictate, absolutely, what the content of the "publication" will be. We at EFF do not dispute that Prodigy is acting within its rights as a private concern when it dictates restrictions on how its system is used. We do think, however, that the Prodigy experience has a bearing on EFF interests in a couple of ways. First, it demonstrates that there is a market--a perceived public need--for services that provide electronic mail and public conferencing. Second, it illustrates the fallacy that "pure" market forces always can be relied upon to move manufacturers and service providers in the direction of open communications. A better solution, we believe, is a national network-access policy that, at the very least, encourages private providers to generate the kind of open and unrestricted network and mail services that the growing computer-literate public clearly wants. -end- ************************************************************ *** EFF News #1.00: Article 7 of 7: *** *** How Prosecutors Misrepresented the Atlanta Hackers *** ************************************************************ Although the Electronic Frontier Foundation is opposed to unauthorized computer entry, we are deeply disturbed by the recent sentencing of Bell South hackers/crackers Riggs, Darden, and Grant. Not only are the sentences disproportionate to the nature of the offenses these young men committed, but, to the extent the judge's sentence was based on the prosecution's sentencing memorandum, it relied on a document filled with misrepresentations. Robert J. Riggs, Franklin E. Darden, Jr., and Adam E. Grant were sentenced Friday, November 16 in federal court in Atlanta. Darden and Riggs had each pled guilty to a conspiracy to commit computer fraud, wire fraud, access-code fraud, and interstate transportation of stolen property. Grant had pled guilty to a separate count of possession of access codes with intent to defraud. All received prison terms; Grant and Darden, according to a Department of Justice news release, "each received a sentence of 14 months incarceration (7 in a half-way house) with restitution payments of $233,000." Riggs, said the release, "received a sentence of 21 months incarceration and $233,000 in restitution." In addition, each is forbidden to use a computer, except insofar as such use may be related to employment, during his post- incarceration supervision. The facts of the case, as related by the prosecution in its sentencing memorandum, indicate that the defendants gained free telephone service and unauthorized access to BellSouth computers, primarily in order to gain knowledge about the phone system. Damage to the systems was either minimal or nonexistent. Although it is well-documented that the typical motivation of phone-system hackers is curiosity and the desire to master complex systems (see, e.g., HACKERS: HEROES OF THE COMPUTER REVOLUTION, Steven Levy, 1984), the prosecution attempts to characterize the crackers as major criminals, and misrepresents facts in doing so. Examples of such misrepresentation include: 1) Misrepresenting the E911 file. The E911 file, an administrative document, was copied by Robert Riggs and eventually published by Craig Neidorf in the electronic magazine PHRACK. Says the prosecution: "This file, which is the subject of the Chicago [Craig Neidorf] indictment, is noteworthy because it contains the program for the emergency 911 dialing system. As the Court knows, any damage to that very sensitive system could result in a dangerous breakdown in police, fire, and ambulance services. The evidence indicates that Riggs stole the E911 program from BellSouth's centralized automation system (i.e., free run of the system). Bob Kibler of BellSouth Security estimates the value of the E911 file, based on R&D costs, is $24,639.05." This statement by prosecutors is clearly false. Defense witnesses in the Neidorf case were prepared to testify that the E911 document was not a program, that it could not be used to disrupt 911 service, and that the same information could be ordered from Bell South at a cost of less than $20. Under cross- examination, the prosecution's own witness admitted that the information in the E911 file was available in public documents, that the notice placed on the document stating that it was proprietary was placed on all Bell South documents (without any prior review to determine whether the notice was proper), and that the document did not pose a danger to the functioning of the 911 system. 2) Guilt by association. The prosecution begins its memorandum by detailing two crimes: 1) a plot to plant "logic bombs" that would disrupt phone service in several states, and 2) a prank involving the rerouting of calls from a probation office in Florida to "a New York Dial-A- Porn number." Only after going to some length describing these two crimes does the prosecution state, in passing, that *the defendants were not implicated in these crimes.* 3) Misrepresentation of motives. As we noted above, it has been documented that young phone- system hackers are typically motivated by the desire to understand and master large systems, not to inflict harm or to enrich themselves materially. Although the prosecution concedes that "[d]efendants claimed that they never personally profited from their hacking activities, with the exception of getting unauthorized long distance and data network service," the prosecutors nevertheless characterize the hackers' motives as similar to those of extortionists: "Their main motivation [was to] obtain power through information and intimidation." The prosecutors add that "In essence, stolen information equalled power, and by that definition, all three defendants were becoming frighteningly powerful." The prosecution goes to great lengths describing the crimes the defendants *could* have committed with the kind of knowledge they had gathered. The prosecution does not mention, however, that the mere possession of *dangerous* (and non-proprietary) information is not a crime, nor does it admit, explicitly, that the defendants never conspired to cause such damage to the phone system. Elsewhere in the memorandum, the prosecution attempts to suggest the defendants' responsibility in another person's crime. Because the defendants "freely and recklessly disseminated access information they had stolen," says the memorandum, a 15-year-old hacker committed $10,000 in electronic theft. Even though the prosecution does not say the defendants intended to facilitate that 15-year-old's alleged theft, the memorandum seeks to implicate the defendants in that theft. 4) Failure to acknowledge the outcome of the Craig Neidorf case. In evaluating defendants' cooperation in the prosecution of Craig Neidorf, the college student who was prosecuted for his publication of the E911 text file in an electronic newsletter, the government singles out Riggs as being less helpful than the other two defendants, and recommends less leniency because of this. Says the memorandum: "The testimony was somewhat helpful, though the prosecutors felt defendant Riggs was holding back and not being as open as he had been in the earlier meeting." The memorandum fails to mention, however, that Riggs's testimony tended to support Neidorf's defense that he had never conspired with Riggs to engage in the interstate transportation of stolen property or that the case against Neidorf was dropped. Riggs's failure to implicate Neidorf in a crime he did not commit appears to have been taken by prosecutors as a lack of cooperation, even though Riggs was simply telling the truth. Sending a Message to Hackers? Perhaps the most egregious aspect of the government's memorandum is the argument that Riggs, Grant, and Darden should be imprisoned, not for what *they* have done, but send the right "message to the hacking community." The government focuses on the case of Robert J. Morris Jr., the computer-science graduate student who was sentenced to a term of probation in May of this year for his reckless release of the worm program that disrupted many computers connected to the Internet. Urging the court to imprison the three defendants, the government remarked that "hackers and computer experts recall general hacker jubilation when the judge imposed a probated sentence. Clearly, the sentence had little effect on defendants Grant, Riggs, and Darden." The government's criticism is particularly unfair in light of the fact that the Morris sentencing took place almost a year *after* the activities leading to the defendants' convictions! (To have been deterred by the Morris sentencing the Atlanta defendants would have to have been able to foretell the future.) The memorandum raises other questions besides those of the prosecutors' biased presentation of the facts. The most significant of these is the government's uncritical acceptance of BellSouth's statement of the damage the defendants did to its computer system. The memorandum states that "In all, [the defendants] stole approximately $233,880 worth of logins/passwords and connect addresses (i.e., access information) from BellSouth. BellSouth spend approximately $1.5 million in identifying the intruders into their system and has since then spent roughly $3 million more to further secure their network." It is unclear how these figures were derived. The stated cost of the passwords is highly questionable: What is the dollar value of a password? What is the dollar cost of replacing a password? And it's similarly unclear that the defendants caused BellSouth to spend $4.5 million more than they normally would have spent in a similar period to identify intruders and secure their network. Although the government's memorandum states that "[t]he defendants ... have literally caused BellSouth millions of dollars in expenses by their actions," the actual facts as presented in the memorandum suggest that BellSouth had *already embarked upon the expenditure of millions of dollars* before it had heard anything about the crimes the defendants ultimately were alleged to have committed. Moreover, if the network was insecure to begin with, wouldn't BellSouth have had to spend money to secure it regardless of whether the security flaws were exploited by defendants? The Neidorf case provides an instructive example of what happens when prosecutors fail to question the valuations a telephone company puts on its damages. But the example may not have been sufficiently instructive for the federal prosecutors in Atlanta. Not only are there questions about the justice of the restitution requirement in the sentencing of Riggs, Darden, and Grant, but there also are Constitutional issues raised by the prohibition of access to computers. The Court's sentencing suggests a belief that anything the defendants do with computers is likely to be illegal; it ignores the fact that computers are a communications medium, and that the prohibition goes beyond preventing future crimes by the defendants--it treads upon their rights to engage in lawful speech and association. EFF does not support the proposition that computer intrusion and long-distance theft should go unpunished. But we find highly disturbing the misrepresentations of facts in the prosecutors' sentencing memorandum as they seek disproportionate sentences for Riggs, Darden, and Grant--stiff sentences that supposedly will "send a message" to the hackers and crackers. The message this memorandum really sends is that the government's presentation of the facts of this case has been been heavily biased by its eagerness to appear to be deterring future computer crime. -end EFF News #1.00- Downloaded From P-80 International Information Systems 304-744-2253