Hacker Chronicles 1

home *** CD-ROM | disk | FTP | other *** search

/ Hacker Chronicles 1 / HACKER1.ISO / misc / sundevil.txt < prev next >

Wrap

Text File | 1992-11-22 | 105KB | 2,151 lines

{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{} {} {} {} ** PUSH BUTTON FELONIES ** {} {} {} {} KPFA-FM RADIO BROADCAST JULY 26, 1990 AT 12:00 NOON {} {} {} {} ELECTRONIC TEXT -- PUBLIC INFORMATION FILE {} {} {} {} ** SPECIAL EDITION ** {} {} from {} {} THE EPIC PROJECT {} {} a nonprofit public electronic publishing corporation {} {} {} {} {} {} P.O. Box 5080-341 Electronic Netmail Address {} {} Fairfield, Ca. 94533 jefrich@well.sf.ca.us {} {} Jeff Aldrich, Contact: Voice: (707)425-6813 {} {} Data: (707)429-1545 Fax: (707)425-9811 {} {} {} {}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{}{} NOTICE This text file contains copies of press releases by government agencies, citizen action organizations, and transcripts of events received by The EPIC Project. They example both the personal information power of telecommunication technology and the current threat to our basic civil liberties -- our rights to privacy and to protection against unwarranted searches and seizures. Panelists on the KPFA-FM "Push Button Felonies" broadcast are responsible for some of these documents. This electronic text information is provided to KPFA listeners by The EPIC Project to increase understanding of the issues discussed in this broadcast. The EPIC Project makes no warranty as to document accuracy, expressed or implied. ========================================================================== KPFA-FM Studio Panelists: Assistant Arizona Attorney General Gail Thackery. Marc Rotenberg of Computer Professionals for Social Responsibility A Telecommunication Industry Service Provider Representative KPFA-FM Telephone Panelist: Jeff Aldrich, Founder of The EPIC Project Electronic Publishing Corp. =========================================================================== CONTENTS Line 75: Operation Sun Devil: Press Release Line 162: Operation Sun Devil: Secret Service Statement Line 230: News Excerpts about Operation Sun Devil Source: Computer Underground Digest Issue #1.09 Line 393: Letter from the Director of the Secret Service to Rep. Don Edwards Line 692: CPSR FOIA Request to the FBI Regarding BBS Surveillance Line 804: CPSR letter to Congressman Don Edwards regarding FOIA request Line 901: Chronology of events Source: Computer Professionals for Social Responsibility (CPSR) Line 1048: Sun Devil gives birth to the Electronic Frontier Foundation Line 1141: Electronic Frontier Foundation: Mission Statement Line 1190: Electronic Frontier Article by John Perry Barlow and Mitchell Kapor Line 1374: CPSR Expands Civil Liberties Program Line 1464: EFF Supported Legal Case Summary Line 1801: The Electronic Frontier and The Bill of Rights Source: Electronic Frontier Foundation (EFF) Line 2036: U.S. Attorney Visits The EPIC Project Online After July 5th KPFA Electronic Citizen Broadcast: A Sysop Chat with the Feds Source: The EPIC Project NOTE: Line numbers are approximate ******************************************************************** ******************************************************************** U.S. Department of Justice United States Attorney District of Arizona 4000 United States Courthouse Phoenix, Arizona 82505 602-379-3011 /FTS/261-3011 PRESS RELEASE FOR IMMEDIATE RELEASE: CONTACT: Wendy Harnagel Wednesday, May 9, 1990 United States Attorney's Office (602) 379-3011 PHOENIX--Stephen M. McNamee, United States Attorney for the District of Arizona, Robert K. Corbin, Attorney General for the state of Arizona, and Henry R. Potosky, Acting Special Agent in Charge of the United States Secret Service Office in Phoenix, today announced that approximately twenty-seven search warrants were executed on Monday and Tuesday, May 7 and 8, 1990, in various cities across the nation by 150 Secret Service agents along with state and local law enforcement officials. The warrants were issued as a part of Operation Sundevil, which was a two year investigation into alleged illegal computer hacking activities. The United States Secret Service, in cooperation with the United States Attorney's Office, and the Attorney General for the State of Arizona, established an operation utilizing sophisticated investigative techniques, targeting computer hackers who were alleged to have trafficked in and abuse stolen credit card numbers, unauthorized long distance dialing codes, and who conduct unauthorized access and damage to computers. While the total amount of losses cannot be calculated at this time, it is (MORE) estimated that the losses may run into the millions of dollars. For example, the unauthorized accessing of long distance telephone cards have resulted in uncollectible charges. The same is true of the use of stolen credit card numbers. Individuals are able to utilize the charge accounts to purchase items for which no payment is made. Federal search warrants were executed in the following cities: Chicago, IL Cincinnati, OH Detroit, MI Los Angeles, CA Miami, FL Newark, NJ New York, NY Phoenix, AZ Pittsburgh, PA Plano, TX Richmond, VA San Diego, CA San Jose, CA Unlawful computer hacking imperils the health and welfare of individuals, corporations and government agencies in the United States who rely on computers and telephones to communicate. Technical and expert assistance was provided to the United States Secret Service by telecommunication companies including Pac Bel, AT&T, Bellcore, Bell South, MCI, U.S. Sprint, Mid-American, Southwestern Bell, NYNEX, U.S. West, and by the many corporate victims. All are to be commended for their efforts in researching intrusions and documenting losses. McNamee and Corbin expressed concern that the improper and alleged illegal use of computers may become the White Collar crime of the (MORE) 1990's. McNamee and Corbin reiterated that the state and federal government will vigorously pursue criminal violations of statutes under their jurisdiction. Three individuals were arrested yesterday in other jurisdictions on collateral or independent state charges. The investigations surrounding the activities of Operation Sundevil are continuing. The investigations are being conducted by agents of the United States Secret Service and Assistant United States Attorney Tim Holtzen, District of Arizona, and **Assistant Arizona Attorney General Gail Thackery. END STORY **KPFA-FM Panelist ************************************************************** Assistant Director Garry M. Jenkins' Prepared Remarks Operation Sun Devil Today, the Secret Service is sending a clear message to those computer hackers who have decided to violate the laws of this nation in the mistaken belief that they can successfully avoid detection by hiding behind the relative anonymity of their computer terminals. In 1984, Congress enacted the Comprehensive Crime Control Act which prohibits, among other things, credit card fraud and computer fraud. Since 1984, the Secret Service has been aggressively enforcing these laws and has made over 9,000 arrests nationwide. Recently we have witnessed an alarming number of young people who, for a variety of sociological and psychological reasons, have become attached to their computers and are exploiting thier potential in a criminal manner. Often, a progression of criminal activity occurs which involves telecommunications fraud (free long distance phone calls), unauthorized access to other computers (whether for profit, fascination, ego, or the intellectual challenge), credit card fraud (cash advances and unauthorized purchases of goods), and then move on to other destructive activities like computer viruses. Some computer abusers form close associations with other people having similar interests. Underground groups have been formed for the purpose of exchanging information relevant to their criminal activities. These groups often communicate with each other through message systems between computers called "bulletin boards." Operation Sun Devil was an investigation of potential computer fraud conducted over a two-year period with the use of sophisticated investigative techniques. This investigation exemplifies the commitment and extensive cooperation between federal, state and local law enforcement agencies and private governmental industries which have been targeted by computer criminals. While state and local law enforcement agencies successfully investigate and prosecute technological crimes in specific geographical locations, federal intervention is clearly called for when the nature of these crimes becomes interstate and international. (PAGE 1) On May 8, 1990, over 150 Special Agents of the United States Secret Service, teamed with numerous local and state law enforcement agencies, served over two dozen search warrants in approximately fifteen (15) cities across this nation. Several arrests and searches were made during the investigation to protect the public from impending dangers. In one situation, computer equipment was seized after unauthorized invasion into a hospital computer. Our experience shows that many computer hacker suspects are no longer misguide teenagers mischievously playing games with their computers in their bedrooms. Some are now high tech computer operators using computers to engage in unlawful conduct. The losses to the american public in this case are expected to be significant. The Secret Service takes computer crime very seriously, and we will continue to investigate aggressively those crimes which threaten our nation's businesses and government services. END *************************************************************** OPERATION SUN DEVIL NEWS ARTICLES Probe Focuses on Entry, Theft by Computers (From: CHICAGO TRIBUNE, May 10, 1990: p. I-6) PHOENIX--An interstate probe of computer invasions has uncovered losses that may reach millions of dollars and could be "just the tip of the iceberg," federal law enforcement officials said Wednesday. The investigation is focused on illegal entry into computer systems and unauthorized use of credit-card numbers and long-distance codes, said Garry Jenkins, assistant Secret Service director for investigations. No arrests for computer crime resulted, however, when 27 search warrants were served in 12 cities, including Chicago, by 150 Secret Service agents and police on Tuesday, officials said. In Chicago, federal agents seized computers and information disks at a business and a private home, said Tim McCarthey, chief of the Secret Service's criminal enforcement division in Chicago. Nationwide, some 40 computers and 23,000 disks of computer information were seized. Secret Service officials declined to release an specifics, including the number of people targeted, saying the two-year investigation, code-named "Operation Sun Devil," is continuing. "The losses that we estimate on this may run to the millions of dollars," said Stephen McNamee, U.S. Atty. for Arizona. Much of the alleged loss stems from unpaid telephone and computer access charges, officials said. They said it was possible that computer hackers had obtained goods or cash through use of unauthorized credit cards, but could not cite any instance of it. In addition to misuse of credit cards and phone lines the hackers are believed to have gained access to computers that store medical and financial histories, officials said. Under new computer crime laws, the Secret Service has jurisdiction to investigate allegations of electronic fraud through the use of access devices such as credit-card numbers and long-distance codes. Defendants convicted of unauthorized use of such devices can be sentenced up to 10 years in prison if they commit fraud of more than $,100. A similar investigation supervised by federal prosecutors in Chicago has resulted in several indictments. ******************************************************************** AT&T NEWS BRIEFS via Consultant's Liason Program Wednesday, May 9, 1990 HACKER WHACKER -- The Secret Service is conducting a coast-to-coast investigation into the unauthorized use of credit-card numbers and long-distance dialing as well as illegal entry into computer systems by hackers, according to sources. ... AP ... Authorities fanned out with search warrants in fourteen cities Tuesday in an investigation of a large nationwide computer hacker operation. Officials of the Secret Service, U.S. Attorney's Office and Arizona Attorney General's office scheduled a news conference Wednesday to release details of the operation. UPI, 5/8 ... A Long Island [NY] teen, caught up in [the investigation], dubbed Operation Sun Devil, has been charged ... with computer tampering and computer trespass. State Police, who said [Daniel Brennan, 17], was apparently trying to set up a surreptitious messaging system using the [computer system of a Massachusetts firm] and 800 numbers, raided his home Monday along with security officials of AT&T. ... [A State Police official] said that in tracing phone calls made by Brennan ... AT&T security people found that he was regularly calling one of the prime targets of the Sun Devil probe, a ... hacker who goes by the handle "Acid Phreak." ... New York Newsday, p. 31. **************************************************************************** >EXCERPTED From The Detroit News, Thursday, May 10, 1990, Section B, p.1: FEDS PULL PLUG ON HACKERS Computer-fraud raid hits two homes in Michigan By Joel J. Smith, Detroit News Staff Writer Secret Service agents got a big surprise when they raided a Jackson-area home as part of an investigation of a nationwide computer credit card and telephone fraud scheme. They found a manual that details how almost anybody can use a computer to steal. It also describes how to avoid detection by federal agents. On Wednesday, James G. Huse, Jr., special agent in charge of the Secret Service office in Detroit, said the manual was discovered when his agents and Michigan State Police detectives broke into a home in Clark Lake, near Jackson, on Tuesday. Agents, who also raided a home in Temperance, Mich., near the Ohio border, confiscated thousands of dollars in computer equipment suspected of being used by computer buffs -- known as hackers -- in the scheme. The raids were part of a national computer fraud investigation called Operation Sundevil in which 150 agents simultaneously executed 28 search warrants in 16 U.S. cities. Forty-two computer systems and 23,000 computer disks were seized across the country. The nationwide network reportedly has bilked phone companies of $50 million. Huse said the Secret Service has evidence that computers in both of the Michigan homes were used to obtain merchandise with illegally obtained credit card numbers. He said long-distance telephone calls from the homes also were billed to unsuspecting third parties. There were no arrests, because it was not known exactly who was using the computers at the homes. Huse also said there was no evidence that the suspects were working together. Rather, they probably were sharing information someone had put into a national computer "bulletin board". ***************************************************************************** "Computer Hacker Ring with a Bay Area Link" (From: San Francisco Chronical, May 9, 1990: A-30) The Secret Service yesterday searched as many as 29 locations in 13 cities, including the family home of an 18-year-old San Jose State University student, in an investigation of alleged fraud by computer hackers, law enforcement sources said. The 6 a.m. search on Balderstone Drive in San Jose sought computer equipment allegedly used to "deal in pirate software and electronic fraud," San Jose police Seargeant Richard Saito said in a prepared statement. The nationwide investigation, code-named "Operation Sun Devil," concerns the unauthorized use of credit card numbers and long-distance dialing codes as well as illegal entry into computer systems by hackers, said sources. Saito said the probe centered on the "Billionaire Boys Cub computer bulletin board" based in Phoenix. A press conference on the probe is scheduled today in Phoenix. The investigation in Phoenix is also focusing on incidents in which copmputer hackers allegedly changed computerized records at hospitals and police 911-emergency lines, according to one source. The San Jose suspect was identified as Frank Fazzio Jr., whom neighors said was a graduate of Pioneer High School and lives at home with his younger sister and parents. Neither he nor his family could be reached for comment. "I've never thought him capable of that sort of thing," said one neighbor in the block-long stret located in the Almaden Valley section of south San Jose. Warrants were obtained by the Secret Service to conduct the search in San Jose, as well as in Chicago; Cincinnati; Detroit; Los Angeles; Miami; Newark, N.J.; New York City; Pittsburgh; Richmond, Va.; Plano Texas; and San Diego. Under new computer crime laws, the Secret Service has jurisdiction to investigate allegations of electronic fraud through the use of access devices such as credit card numbers and codes that long-distance companies issue to indivdual callers. Defendants convicted of unauthorized use of such "access devaices" can be sentenced to 10 years in prison if they commit fraud of more than $1,000. END ************************************************* ====================================================================== From Marc Rotenberg of Computer Professionals for Social Responsibility Fri, Jun 15, '90 266 lines Here is a letter from the Director of the Secret Service to Don Edwards in response to questions raised by Edwards' Subcommittee. It is quite long as are the postings which follow it. [This letter follows from a FOIA request sent by CPSR to the FBI in August, 1989] ------------------------------------------ DEPARTMENT OF TREASURY UNITED STATES SECRET SERVICE WASHINGTON, DC 20223 APR 30 1990 The Honorable Don Edwards Chairman Subcommittee on Civil and Constitutional Rights Committee on the Judiciary House of Representatives Washington, D.C. 20515 Dear Mr. Chairman: Thank you for your letter of April 3, 1990, concerning your committee's interest in computer fraud. We welcome the opportunity to discuss this issue with your committee and I hope the following responses adequately answer your questions. Question 1: Please describe the Secret Service's process for investigating computer related crimes under Title 18, United States Code, Section 1030 and any other related statutes. Response: The process by which the Secret Service investigates computer related crimes is similar to the methods we use to investigate other types of criminal investigations. Most of the investigative techniques are the same; surveillances, record checks, witness and suspect interviews, etc. the primary difference is we had to develop resources to assist in the collection and review of computer evidence. To provide our agents with this expertise, the secret service developed a computer fraud investigation course which, as of this date, has trained approximately 150 agents in the proper methods for conducting a computer fraud investigation. Additionally, we established a computer Diagnostics center, staffed with computer professional, to review evidence on computer systems. Referrals of computer related criminal investigations occur in much the same manner as any other case. A victim sustains a loss and reports the crime, or, a computer related crime is discovered during the course of another investigation. In the investigations we do select, it is not our intention to attempt to supplant local or state law enforcement. We provide enforcement in those cases that are interstate or international in nature and for one reason or another are beyond the capability of state and local law enforcement agencies. When computer related crimes are referred by the various affected industries to the local field offices, the Special Agent in Charge (SAIC) determines which cases will be investigated based on a variety of criteria. Each SAIC must consider the economic impact of each case, the prosecutive guidelines of the United States Attorney, and the investigative resources available in the office to investigate the case . In response to the other portion of your question, the other primary statute we use to investigate computer related crimes is Title 18, United States Code, Section 1029 ( Access Device Fraud). This service has primary jurisdiction in those cases which are initiated outside a bank and do not involve organized crime, terrorism, or foreign counterintelligence (traditional responsibilities of the FBI). The term "access device" encompasses credit cards, debit cards, automatic teller machines (ATM) cards, personal identification numbers (PIN's) used to activate ATM machines, credit or debit card account numbers, long distance telephone access codes, computer passwords and logon sequences, and among other things the computer chips in cellular car phones which assign billing. Additionally, this Service has primary jurisdiction in cases involving electronic fund transfers by consumer (individuals) under Title 15, U. S. code, section 169n (Electronic Fund Transfer Act). This could involve any scheme designed to defraud EFT systems used by the public, such as pay by phone systems, home banking, direct deposit, automatic payments, and violations concerning automatic teller machines. If the violations can be construed to be a violation of the banking laws by bank employee, the FBI would have primary jurisdiction. There are many other statutes which have been used to prosecute computer criminals but it is within the purview of the U.S. Attorney to determine which statute will be used to prosecute an individual. Question 2: Has the Secret Service ever monitored any computer bulletin boards or networks? Please describe the procedures for initiating such monitoring, and list those computer bulletin boards or networks monitored by the Secret Service since January 1988. Response: Yes, we have occasionally monitored computer bulletin boards. The monitoring occurred after we received complaints concerning criminal activity on a particular computer bulletin board. The computer bulletin boards were monitored as part of an official investigation and in accordance with the directives of the Electronic Communications Privacy Act of 1986 (Title 18 USC 2510) The procedures used to monitor computer bulletin boards during an official investigation have involved either the use of an informant (under the direct supervision of the investigating agent) or an agent operating in an undercover capacity. In either case, the informant or agent had received authorization from the computer bulletin board's owner/operator to access the system. We do not keep records of the bulletin boards which we have monitored but can provide information concerning a particular board if we are given the name of the board. Question 3: Has the Secret Service or someone acting its direction ever opened an account on a computer bulletin board or network? Please describe the procedures for opening such an account and list those bulletin boards or networks on which such accounts have been opened since January 1988. Response: Yes, the U.S. Secret Service has on many occasions, during the course of a criminal investigation, opened accounts on computer bulletin boards or networks. The procedure for opening an account involves asking the system administrator/operator for permission to access to the system. Generally, the system administrator/operator will grant everyone immediate access to the computer bulletin board but only for lower level of the system. The common "pirate" computer bulletin boards associated with most of computer crimes have many different level in their systems. The first level is generally available to the public and does not contain any information relation to criminal activity. Only after a person has demonstrated unique computer skills, been referred by a known "hacker," or provided stolen long-distance telephone access codes or stolen credit card account information, will the system administrator/operator permit a person to access the higher levels of the bulletin board system which contains the information on the criminal activity. As previously reported in our answer for Question 2, we do not keep records of the computer bulletin boards on which we have established accounts. Question 4: Has the Secret Service or someone acting under its direction ever created a computer bulletin board or network that was offered to the public? Please describe any such bulletin board or networks. Response: No, the U. S. Secret Service has not created a computer bulletin board nor a network which was offered to members of the public. We have created an undercover bulletin board which was offered to a select number of individuals who had demonstrated an interest in conducting criminal activities. This was done with the guidance of the U.S. Attorney's office and was consistent with the Electronic Communications Privacy Act. Question 5: Has the Secret Service ever collected, reviewed or "downloaded" transmissions or information from any computer network or bulletin board? What procedures does the Secret Service have for obtaining information from computer bulletin boards or networks? Please list the occasions where information has been obtained since January 1988, including the identity of the bulletin boards or networks, the type of information obtained, and how that information was obtained (was it downloaded, for example). Response: Yes, during the course of several investigations, the U. S. Secret Service has "down loaded" information from computer bulletin boards. A review of information gained in this manner (in an undercover capacity after being granted access to the system by it's system administrator) is performed in order to determine whether or not that bulletin board is being used to traffic in unauthorized access codes or to gather other information of a criminal intelligence nature. At all times, our methods are in keeping with the procedures as outlined in the Electronic Communications Privacy Act (ECPA). If a commercial network was suspected of containing information concerning a criminal activity, we would obtain the proper court order to obtain this information in keeping with the ECPA. The U. S. Secret Service does not maintain a record of the bulletin boards we have accessed. Question 6: Does the Secret Service employ, or is it considering employing, any system or program that could automatically review the contents of a computer file, scan the file for key items, phrases or data elements, and flag them or recommend further investigative action? If so, what is the status of any such system. Please describe this system and research being conducted to develop it. Response: The Secret Service has pioneered the concept of a Computer Diagnostic Center (CDC) to facilitate the review and evaluation of electronically stored information. To streamline the tedious task of reviewing thousands of files per investigation, we have gathered both hardware and software tools to assist our search of files for specific information or characteristics. Almost all of these products are commercially developed products and are available to the public. It is conceivable that an artificial intelligence process may someday be developed and have application to this law enforcement function but we are unaware if such a system is being developed. The process of evaluating the information and making recommendations for further investigative action is currently a manual one at our CDC. We process thousands of computer disks annually as well as review evidence contained in other types of storage devices (tapes, hard drives, etc.). We are constantly seeking ways to enhance our investigative mission. The development of high tech resources like the CDC saved investigative manhours and assist in the detection of criminal activity. Again, thank you for your interest. Should you have any further questions, we will be happy to address them. Sincerely, /s/ John R. Simpson, Director cc: Honorable Charles E. Schumer ============================================================================= For those of you who have considered submitting an FOIA information request, Marc submits the following cautionary tale: On August 18, 1989 CPSR submitted a Freedom of Information Act request to the FBI asking for information about BBS surveillance. After four follow-up letters, a series of phone calls, and Congressional testimony that discussed the CPSR request, the FBI has failed to respond to our request. (The statutory time limit for the FOIA is ten days). If any one has information about possible FBI surveillance of bulletin boards or networks, please send it to me. Specific dates, locations, BBSs are important. (You can send information to me anonymously by land mail, if you need to protect your identity). Thanks for your assistance, Marc Rotenberg, Director CPSR Washington Office 1025 Connecticut Ave., NW, Suite 1015 Washington, DC 20036 202/775-1588 (voice) 202/775-1941 (Data) rotenberg@csli.stanford.edu or cdp!mrotenberg@arisia.xerox.com --------------------------------------- [CPSR FOIA Request to the FBI Regarding BBS Surveillance] CPSR Washington Office 1025 Connecticut Avenue, NW Suite 1015 Washington, DC 20036 202 775-1588 202 775-1941 (fax) Director Marc Rotenberg August 18, 1989 FOIA Officer FBI 9th St. & Penn. Ave., NW Washington, DC 20535 Dear FOIA Officer, This is a request under the Freedom of Information Act, 5 U.S.C. 552. Part I: I write to request a copy of all materials relating to the FBI's collecf information from computer networks and bulletin boards, such as PeaceNet (San Francisco CA) or The Well (Berkeley CA), that are used frequently by political or advocacy organizations. In particular, I would like any records which would indicate whether the Bureau is intercepting, collecting, reviewing, or "downloading" computer transmissions from any of the following networks and conferences: Action Southern Africa, AIDS Coalition Network, The American Peace Test, Amnesty International, Association for Progressive Communications, Beyond Containment, Center for Innovative Diplomacy, Central America Resource Center, Central America Resource Network (CARNet), The Christic Institute, Citizen Diplomacy, Community Data Processing, EcoNet, Friends of the Earth, Friends Committee on National Legislation, HandsNet, Institute for Peace and International Security, Media Alliance, Meiklejohn Civil Liberties Institute, National Execution Alert Network, Palo Alto Friends Peace and Social Action Committee, PeaceNet. Quaker Electronic Project, Web, The Well. This request includes public communications that take place through a bulletin board. For example, this would include both transmissions that are available for public perusal, a "conference" or "posting," as well as transmissions that are directed from one party to one or more other specific parties and intended as private, "electronic mail." Part II: I also request any records that would indicate whether the FBI, or anyoe acting at the behest or direction of the FBI, has any computer accounts on any computer bulletin boards operated by an advocacy or political organization, and, if so, the names of the bulletin boards, and whether the Bureau has indicated the actual organizational affiliation of the account holders to the system operators. Part III: I also request any records that would indicate whether the Bureau has er operated, is currently operating, is involved in the operation of, or is planning to operate, a computer bulletin board that is intended for public use. Part IV: I would also like any records which would indicate the circumstances unr which it would be appropriate for an agent or authorized representative, asset, informant, or source of the Bureau to intercept, collect, review, or "download" the contents of computer bulletin boards. Part V: I would like any records relating to the FBI's development, research, or assessment of computer systems for automated review of information stored in an electronic format, obtained from a computer bulletin board or network. Part VI: Finally, I request any records that would indicate whether the FBI has developed, or is planning to develop, a system that could automatically review the contents of a computer file, scan the file for key terms or phrases, and then recommend the initiation of an investigation based upon this review. I ask that you check with your regional offices in San Francisco, San Jose, Austin, Phoenix, Los Angeles, and New York, in addition to the files that are available in Washington, DC. I also ask that you consult with those agents involved in the investigation of computer crime to determine whether they might be aware of the existence of such records. You should also check any documents relating to John Maxfield, who was employed by the Bureau to investigate computer bulletin boards. Under the Freedom of Information Act, you may withhold all properly exed materials. However, you must disclose all non-exempt portions that are reasonably segregable. I reserve the right to appeal the withholding or deletion of any information. Under the Freedom of Information Act, CPSR is entitled to a waiver of as for this request because the "disclosure of this information is likely to contribute significantly to the public understanding of the operations or activities of the government and is not primarily in the commercial interest of the requester." CPSR is a non-profit, educational organization of computer scientists. Our work has been cited in scholarly journals, trade publications, and the national media. CPSR has particular expertise on the use of computer technology by the FBI, having prepared an extensive report on the proposed expansion of the NCIC at the request of Congressman Don Edwards. For these reasons, CPSR is entitled to a waiver of all fees. If you have any questions regarding this request, please telephone me ae above number. I will make all reasonable efforts to narrow the request if you determine that it has been too broadly framed. As provided in the Freedom of Information Act, I will expect to receivea response within ten working days. Sincerely yours, Marc Rotenberg, Director Washington Offfice, Computer Professionals for Social Responsibility *************************************** [CPSR letter to Congressman Don Edwards regarding FOIA request] February 27, 1990 Representative Don Edwards Subcommittee on Civil and Constitutional Rights House Judiciary Committee 806 House Annex 1 Washington, DC 20515 Dear Chairman Edwards: I am writing to you about a particular FOIA request that CPSR has pursued since August of last year. We asked the FBI for information about the monitoring of computer networks and bulletin boards. We initiated this request because of the obvious civil liberties interests -- speech, associational, and privacy -- that would be endangered if the FBI's examination of the contents of computer systems failed to satisfy appropriate procedural safeguards. After six months of delay, five certified letters to the Bureau's FOIA/Privacy Act office, and many phone calls with the FBI's FOIA officers, we have not received even a partial response to our request. On September 20, 1989 a FOIA officer at the FBI assured us that information would be forthcoming "in a couple of weeks." A letter from the FBI FOIA/PA office on December 22 indicated that information responsive to our request "has been located and will be assigned for processing soon." But when I spoke with a FBI FOIA Officer on February 15, less than two weeks ago, I was told that they "haven't even started" to process the request and that the FBI couldn't say when we would receive a response. (Please see enclosed chronology and attachments). The need for this information is truly urgent. Further delay will constitute a denial. Congress is now considering several computer crime bills, such as H.R. 55 and H.R. 287, that could broaden the authority of federal agents to examine the contents of computer systems across the country. There is a good chance that a bill will pass before the end of this session. Before opening the door to new forms of criminal investigation, Congress and the public should have a complete picture of the FBI's current practices. Computer communications are particularly vulnerable to surveillance and routine monitoring. Computer mail unrelated to a particularized investigation could be swept up in the government's electronic dragnet if the law is not carefully tailored to a well defined purpose. Without a clear understanding of the civil liberties problems associated with the investigation of computer crime, Congress may be exacerbating a problem it does not yet fully know about. CPSR's Freedom of Information Act request could provide answers to these questions. The FOIA establishes a presumption that the activities of government should be open to public review and that agency records should be disclosed upon request. But the Bureau failed to comply with the statutory requirements of the FOIA and frustrated our effort to obtain information that should be disclosed. Without this information computer users, the public, and the Congress, may be unable to assess whether the Bureau's current activities conform to appropriate procedural safeguards. Computer crime is a serious problem in the United States. One auditing firm places the annual loss between $3 billion and $5 billion. Nonetheless, it is necessary to ensure that new criminal law does not undermine the civil liberties of computer users across the country. We requested information from the FBI under the FOIA to help assess the adequacy of current safeguards. The Bureau failed to respond. The result is that the public is left in the dark at a time when significant legislation is pending. We would appreciate whatever assistance with this request you might be able to provide. Sincerely yours, Marc Rotenberg, Director CPSR Washington Office Enclosure Chronology of CPSR's FOIA Request regarding FBI Monitoring of Computer Networks with attachments cc: Representative Charles Schumer Representative Wally Herger FBI FOIA/PA Office ******************************************** [Chronology of events] CPSR FOIA Request FBI Monitoring of Computer Networks CHRONOLOGY Aug. 18, 1989 CPSR sends FOIA request to FBI seeking agency records regarding the FBI's monitoring of computer networks and computer bulletin boards used by political and advocacy organizations. The FOIA request seeks information about: % the FBI's surveillance of computer bulletin boards and networks used by political organizations; % the FBI's creation of clandestine accounts on computer bulletin boards and networks operated by political organizations; % the FBI's creation of secret accounts on public bulletin boards; % the FBI's procedures regarding the downloading of information contained on a computer bulletin board; % the FBI's research on the automated review of the contents of information contained on computer bulletin board and networks; and % the FBI's research on the automation of the decision to initiate a criminal investigation, based on the contents of a computer communication. The letter requests a fee waiver based on the public interest standard. The letter indicates that CPSR has particular expertise in the evaluation of the civil liberties implications of law enforcement computer systems, having completed an extensive report for the House Judiciary Committee on the proposed expansion of the FBI's computer system, the NCIC. The letter further states that CPSR would work with the FOIA/PA office to facilitate the processing of the request. Aug. 31, 1989 FBI response #1. FBI sends a letter to CPSR acknowledging receipt of the FOIA request and designating the request "FBI's Computer Networks and Bulletin Board Collection," request no. 319512. Sept. 20, 1989 CPSR speaks with FOIA Officer Keith Gehle regarding status of request. Mr. Gehle states that he can not send a response "until he receives responses from various agencies." It is "difficult to go to computing indices." He says that he expects to have information "in a couple of weeks,"and will have a response "by October 5, at the latest." Oct. 16, 1990 CPSR Follow-up letter #1. CPSR confirms conversation with Mr. Gehle regarding Oct. 5 target date and asks FOIA Officer to call to indicate the status of the FBI's response to the request. Oct. 26, 1989 CPSR speaks with Mr. Gehle. He says, "we are working on your request." "We should have something soon. Hate to give a specific date, but should have a letter for you within two weeks." Nov. 22, 1989 CPSR follow-up letter #2. CPSR writes to Mr. Gehle, notes that Mr. Gehle said he was working on the request, and the that response should have been sent by Nov. 9. CPSR requests that FOIA officer call CPSR by Dec. 1 to indicate the status of the request. Dec. 22, 1989 FBI response #2. FBI sends letter, acknowledging receipt of Oct. 16 and Nov. 22 letters. The letter states that "[i]nformation which may be responsive to your request has been located and will be assigned for processing soon." The letter indicates that the FOIA/PA office receives a large number of requests and that delays are likely. Jan. 9 , 1990 CPSR follow-up letter #3. CPSR writes to Mr. Moschella, chief of the FOIA/PA office at the FBI, acknowledges Dec. 22 letter and location of responsive information. Requests that records be sent by Feb 18, 1990. Jan. 19, 1990 FBI response #3. FBI sends letter stating that the Bureau has allocated many agents to FOIA processing, that a large number of requests are received. The letter further states that "a delay of several months or more may be anticipated before your request is handled in turn." Feb. 2, 1990 CPSR follow-up letter #4. CPSR writes to Mr. Moschella, acknowledges Jan. 19, expresses concern about delay. Letter notes that CPSR was assured by a FOIA officer in the fall that "request would be answered within 'a couple of weeks.'" Feb. 15, 1990 CPSR receives call from Mr. Boutwell. According to Mr. Boutwell, FBI can't say when request will be processed. "Haven't even started. Backlogs and lay- offs during past year . . ." CPSR: FOIA Officer indicated information had been located. FBI: Too optimistic. "Request not yet assigned to an analyst . . . working now on 1988 requests . . . Litigation is taking up time . . . analyst is taking time away from document review for litigation . . . increased requests, fewer personnel, lots of other factors. Would expedite for life and death or due process, pursuant to agency regulations." CPSR: so when do we receive a response? FBI: "Can't say." ============================================================================= Sun Devil gives birth to the Electronic Frontier Foundation THE ELECTRONIC FRONTIER FOUNDATION One Cambridge Center, Suite 300 Cambridge, MA 02142 617/577-1385 617/225-2347 fax eff@well.sf.ca.us FOR IMMEDIATE RELEASE Contact: Cathy Cook (415) 759-5578 NEW FOUNDATION ESTABLISHED TO ENCOURAGE COMPUTER-BASED COMMUNICATIONS POLICIES Washington, D.C., July 10, 1990 -- Mitchell D. Kapor, founder of Lotus Development Corporation and ON Technology, today announced that he, along with colleague John Perry Barlow, has established a foundation to address social and legal issues arising from the impact on society of the increasingly pervasive use of computers as a means of communication and information distribution. The Electronic Frontier Foundation (EFF) will support and engage in public education on current and future developments in computer-based and telecommunications media. In addition, it will support litigation in the public interest to preserve, protect and extend First Amendment rights within the realm of computing and telecommunications technology. Initial funding for the Foundation comes from private contributions by Kapor and Steve Wozniak, co-founder of Apple Computer, Inc. The Foundation expects to actively raise contributions from a wide constituency. As an initial step to foster public education on these issues, the Foundation today awarded a grant to the Palo Alto, California-based public advocacy group Computer Professionals for Social Responsibility (CPSR). The grant will be used by CPSR to expand the scope of its on-going Computing and Civil Liberties Project (see attached). Because its mission is to not only increase public awareness about civil liberties issues arising in the area of computer-based communications, but also to support litigation in the public interest, the Foundation has recently intervened on behalf of two legal cases. The first case concerns Steve Jackson, an Austin-based game manufacturer who was the target of the Secret Service's Operation Sun Devil. The EFF has pressed for a full disclosure by the government regarding the seizure of his company's computer equipment. In the second action, the Foundation intends to seek amicus curiae (friend of the court) status in the government's case against Craig Neidorf, a 20-year-old University of Missouri student who is the editor of the electronic newsletter Phrack World News (see attached). "It is becoming increasingly obvious that the rate of technology advancement in communications is far outpacing the establishment of appropriate cultural, legal and political frameworks to handle the issues that are arising," said Kapor. "And the Steve Jackson and Neidorf cases dramatically point to the timeliness of the Foundation's mission. We intend to be instrumental in helping shape a new framework that embraces these powerful new technologies for the public good." The use of new digital media -- in the form of on-line information and interactive conferencing services, computer networks and electronic bulletin boards -- is becoming widespread in businesses and homes. However, the electronic society created by these new forms of digital communications does not fit neatly into existing, conventional legal and social structures. The question of how electronic communications should be accorded the same political freedoms as newspapers, books, journals and other modes of discourse is currently the subject of discussion among this country's lawmakers and members of the computer industry. The EFF will take an active role in these discussions through its continued funding of various educational projects and forums. An important facet of the Foundation's mission is to help both the public and policy-makers see and understand the opportunities as well as the challenges posed by developments in computing and telecommunications. Also, the EFF will encourage and support the development of new software to enable non-technical users to more easily use their computers to access the growing number of digital communications services available. The Foundation is located in Cambridge, Mass. Requests for information should be sent to Electronic Frontier Foundation, One Cambridge Center, Suite 300, Cambridge, MA 02142, 617/577-1385, fax 617/225-2347; or it can be reached at the Internet mail address eff@well.sf.ca.us. ====================================================== ELECTRONIC FRONTIER FOUNDATION MISSION STATEMENT A new world is arising in the vast web of digital, electronic media which connect us. Computer-based communication media like electronic mail and computer conferencing are becoming the basis of new forms of community. These communities without a single, fixed geographical location comprise the first settlements on an electronic frontier. While well-established legal principles and cultural norms give structure and coherence to uses of conventional media like newspapers, books, and telephones, the new digital media do not so easily fit into existing frameworks. Conflicts come about as the law struggles to define its application in a context where fundamental notions of speech, property, and place take profoundly new forms. People sense both the promise and the threat inherent in new computer and communications technologies, even as they struggle to master or simply cope with them in the workplace and the home. The Electronic Frontier Foundation has been established to help civilize the electronic frontier; to make it truly useful and beneficial not just to a technical elite, but to everyone; and to do this in a way which is in keeping with our society's highest traditions of the free and open flow of information and communication. To that end, the Electronic Frontier Foundation will: 1. Engage in and support educational activities which increase popular understanding of the opportunities and challenges posed by developments in computing and telecommunications. 2. Develop among policy-makers a better understanding of the issues underlying free and open telecommunications, and support the creation of legal and structural approaches which will ease the assimilation of these new technologies by society. 3. Raise public awareness about civil liberties issues arising from the rapid advancement in the area of new computer-based communications media. Support litigation in the public interest to preserve, protect, and extend First Amendment rights within the realm of computing and telecommunications technology. 4. Encourage and support the development of new tools which will endow non-technical users with full and easy access to computer-based telecommunications. ====================================================== ACROSS THE ELECTRONIC FRONTIER by John Perry Barlow and Mitchell Kapor Electronic Frontier Foundation Washington, DC July 10,1990 Over the last 50 years, the people of the developed world have begun to cross into a landscape unlike any which humanity has experienced before. It is a region without physical shape or form. It exists, like a standing wave, in the vast web of our electronic communication systems. It consists of electron states, microwaves, magnetic fields, light pulses and thought itself. It is familiar to most people as the "place" in which a long-distance telephone conversation takes place. But it is also the repository for all digital or electronically transferred information, and, as such, it is the venue for most of what is now commerce, industry, and broad-scale human interaction. William Gibson called this Platonic realm "Cyberspace," a name which has some currency among its present inhabitants. Whatever it is eventually called, it is the homeland of the Information Age, the place where the future is destined to dwell. In its present condition, Cyberspace is a frontier region, populated by the few hardy technologists who can tolerate the austerity of its savage computer interfaces, incompatible communications protocols, proprietary barricades, cultural and legal ambiguities, and general lack of useful maps or metaphors. Certainly, the old concepts of property, expression, identity, movement, and context, based as they are on physical manifestion, do not apply succinctly in a world where there can be none. Sovereignty over this new world is also not well defined. Large institutions already lay claim to large fiefdoms, but most of the actual natives are solitary and independent, sometimes to the point of sociopathy. It is, therefore, a perfect breeding ground for both outlaws and vigilantes. Most of society has chosen to ignore the existence of this arising domain. Every day millions of people use ATM's and credit cards, place telephone calls, make travel reservations, and access information of limitless variety...all without any perception of the digital machinations behind these transactions. Our financial, legal, and even physical lives are increasingly dependent on realities of which we have only dimmest awareness. We have entrusted the basic functions of modern existence to institutions we cannot name, using tools we've never heard of and could not operate if we had. As communications and data technology continues to change and develop at a pace many times that of society, the inevitable conflicts have begun to occur on the border between Cyberspace and the physical world. These are taking a wide variety of forms, including (but hardly limited to) the following: I. Legal and Constitutional Questions What is free speech and what is merely data? What is a free press without paper and ink? What is a "place" in a world without tangible dimensions? How does one protect property which has no physical form and can be infinitely and easily reproduced? Can the history of one's personal business affairs properly belong to someone else? Can anyone morally claim to own knowledge itself? These are just a few of the questions for which neither law nor custom can provide concrete answers. In their absence, law enforcement agencies like the Secret Service and FBI, acting at the disposal of large information corporations, are seeking to create legal precedents which would radically limit Constitutional application to digital media. The excesses of Operation Sun Devil are only the beginning of what threatens to become a long, difficult, and philosophically obscure struggle between institutional control and individual liberty. II. Future Shock Information workers, forced to keep pace with rapidly changing technology, are stuck on "the learning curve of Sisyphus." Increasingly, they find their hard-acquired skills to be obsolete even before they've been fully mastered. To a lesser extent, the same applies to ordinary citizens who correctly feel a lack of control over their own lives and identities. One result of this is a neo-Luddite resentment of digital technology from which little good can come. Another is a decrease in worker productivity ironically coupled to tools designed to enhance it. Finally, there is a spreading sense of alienation, dislocation, and helplessness in the general presence of which no society can expect to remain healthy. III. The "Knows" and the "Know-Nots" Modern economies are increasingly divided between those who are comfortable and proficient with digital technology and those who neither understand nor trust it. In essence, this development disenfranchises the latter group, denying them any possibility of citizenship in Cyberspace and, thus, participation in the future. Furthermore, as policy-makers and elected officials remain relatively ignorant of computers and their uses, they unknowingly abdicate most of their authority to corporate technocrats whose jobs do not include general social responsibility. Elected government is thus replaced by institutions with little real interest beyond their own quarterly profits. We are founding the Electronic Frontier Foundation to deal with these and related challenges. While our agenda is ambitious to the point of audacity, we don't see much that these issues are being given the broad social attention they deserve. We were forced to ask, "If not us, then whom?" In fact, our original objectives were more modest. When we first heard about Operation Sun Devil and other official adventures into the digital realm, we thought that remedy could be derived by simply unleashing a few highly competent Constitutional lawyers upon the Government. In essence, we were prepared to fight a few civil libertarian brush fires and go on about our private work. However, examination of the issues surrounding these government actions revealed that we were dealing with the symptoms of a much larger malady, the collision between Society and Cyberspace. We have concluded that a cure can lie only in bringing civilization to Cyberspace. Unless a successful effort is made to render that harsh and mysterious terrain suitable for ordinary inhabits, friction between the two worlds will worsen. Constitutional protections, indeed the perceived legitimacy of representative government itself, might gradually disappear. We could not allow this to happen unchallenged, and so arises the Electronic Frontier Foundation. In addition to our legal interventions on behalf of those whose rights are threatened, we will: * Engage in and support efforts to educate both the general public and policy- makers about the opportunities and challenges posed by developments in computing and telecommunications. * Encourage communication between the developers of technology, government and corporate officials, and the general public in which we might define the appropriate metaphors and legal concepts for life in Cyberspace. * And, finally, foster the development of new tools which will endow non- technical users with full and easy access to computer-based telecommunications. One of us, Mitch Kapor, had already been a vocal advocate of more accessible software design and had given considerable thought to some of the challenges we now intend to meet. The other, John Perry Barlow, is a relative newcomer to the world of computing (though not to the world of politics) and is therefore well- equipped to act as an emissary between the magicians of technology and the wary populace who must incorporate this magic into their daily lives. While we expect the Electronic Frontier Foundation to be a creation of some longevity, we hope to avoid the sclerosis which organizations usually develop in their efforts to exist over time. For this reason we will endeavor to remain light and flexible, marshalling intellectual and financial resources to meet specific purposes rather than finding purposes to match our resources. As is appropriate, we will communicate between ourselves and with our constituents largely over the electronic Net, trusting self- distribution and self-organization to a much greater extent than would be possible for a more traditional organization. We readily admit that we have our work cut out for us. However, we are greatly encouraged by the overwhelming and positive response which we have received so far. We hope the Electronic Frontier Foundation can function as a focal point for the many people of good will who wish to settle in a future as abundant and free as the present. ====================================================== FOR IMMEDIATE RELEASE Contact: Marc Rotenberg (202) 775-1588 CPSR TO UNDERTAKE EXPANDED CIVIL LIBERTIES PROGRAM Washington, D.C., July 10, 1990 -- Computer Professionals for Social Responsibility (CPSR), a national computing organization, announced today that it would receive a two-year grant in the amount of $275,000 for its Computing and Civil Liberties Project. The Electronic Frontier Foundation (EFF),founded by Mitchell Kapor, made the grant to expand ongoing CPSR work on civil liberties protections for computer users. At a press conference in Washington today, Mr. Kapor praised CPSR's work, "CPSR plays an important role in the computer community. For the last several years, it has sought to extend civil liberties protections to new information technologies. Now we want to help CPSR expand that work." Marc Rotenberg, director of the CPSR Washington Office said, "We are obviously very happy about the grant from the EFF. There is a lot of work that needs to be done to ensure that our civil liberties protections are not lost amidst policy confusion about the use of new computer technologies." CPSR said that it will host a series of policy round tables in Washington, DC, during the next two years with lawmakers, computer users, including (hackers), the FBI, industry representatives, and members of the computer security community. Mr. Rotenberg said that the purpose of the meetings will be to "begin a dialogue about the new uses of electronic media and the protection of the public interest." CPSR also plans to develop policy papers on computers and civil liberties, to oversee the Government's handling of computer crime investigations, and to act as an information resource for organizations and individuals interested in civil liberties issues. The CPSR Computing and Civil Liberties project began in 1985 after President Reagan attempted to restrict access to government computer systems through the creation of new classification authority. In 1988, CPSR prepared a report on the proposed expansion of the FBI's computer system, the National Crime Information Center. The report found serious threats to privacy and civil liberties. Shortly after the report was issued, the FBI announced that it would drop a proposed computer feature to track the movements of people across the country who had not been charged with any crime. "We need to build bridges between the technical community and the policy community," said Dr. Eric Roberts, CPSR president and a research scientist at Digital Equipment Corporation in Palo Alto, California. "There is simply too much misinformation about how computer networks operate. This could produce terribly misguided public policy." CPSR representatives have testified several times before Congressional committees on matters involving civil liberties and computer policy. Last year CPSR urged a House Committee to avoid poorly conceived computer activity. "In the rush to criminalize the malicious acts of the few we may discourage the beneficial acts of the many," warned CPSR. A House subcommittee recently followed CPSR's recommendations on computer crime amendments. Dr. Ronni Rosenberg, an expert on the role of computer scientists and public policy, praised the new initiative. She said, "It's clear that there is an information gap that needs to be filled. This is an important opportunity for computer scientists to help fill the gap." CPSR is a national membership organization of computer professionals, based in Palo Alto, California. CPSR has over 20,000 members and 21 chapters across the country. In addition to the civil liberties project, CPSR conducts research, advises policy makers and educates the public about computers in the workplace, computer risk and reliability, and international security. For more information contact: Marc Rotenberg CPSR Washington Office 1025 Connecticut Avenue, NW Suite 1015 Washington, DC 20036 202/775-1588 Gary Chapman CPSR National Office P.O. Box 717 Palo Alto, CA 94302 415/322-3778 ====================================================== (The following is a discussion of legal issues currently engaged by the Electronic Frontier Foundation) ELECTRONIC FRONTIER FOUNDATION LEGAL CASE SUMMARY July 10, 1990 The Electronic Frontier Foundation is currently providing litigation support in two cases in which it perceived there to be substantial civil liberties concerns which are likely to prove important in the overall legal scheme by which electronic communications will, now and in the future, be governed, regulated, encouraged, and protected. Steve Jackson Games Steve Jackson Games is a small, privately owned adventure game manufacturer located in Austin, Texas. Like most businesses today, Steve Jackson Games uses computers for word processing and bookkeeping. In addition, like many other manufacturers, the company operates an electronic bulletin board to advertise and to obtain feedback on its product ideas and lines. One of the company's most recent products is GURPS CYBERPUNK, a science fiction role-playing game set in a high-tech futuristic world. The rules of the game are set out in a game book. Playing of the game is not performed on computers and does not make use of computers in any way. This game was to be the company's most important first quarter release, the keystone of its line. On March 1, 1990, just weeks before GURPS CYBERPUNK was due to be released, agents of the United States Secret Service raided the premises of Steve Jackson Games. The Secret Service: * seized three of the company's computers which were used in the drafting and designing of GURPS CYBERPUNK, including the computer used to run the electronic bulletin board, * took all of the company software in the neighborhood of the computers taken, * took with them company business records which were located on the computers seized, and * destructively ransacked the company's warehouse, leaving many items in disarray. In addition, all working drafts of the soon-to-be-published GURPS CYBERPUNK game book -- on disk and in hard-copy manuscript form -- were confiscated by the authorities. One of the Secret Service agents told Steve Jackson that the GURPS CYBERPUNK science fiction fantasy game book was a, "handbook for computer crime." Steve Jackson Games was temporarily shut down. The company was forced to lay-off half of its employees and, ever since the raid, has operated on relatively precarious ground. Steve Jackson Games, which has not been involved in any illegal activity insofar as the Foundation's inquiries have been able to determine, tried in vain for over three months to find out why its property had been seized, why the property was being retained by the Secret Service long after it should have become apparent to the agents that GURPS CYBERPUNK and everything else in the company's repertoire were entirely lawful and innocuous, and when the company's vital materials would be returned. In late June of this year, after attorneys for the Electronic Frontier Foundation became involved in the case, the Secret Service finally returned most of the property, but retained a number of documents, including the seized drafts of GURPS CYBERPUNKS. The Foundation is presently seeking to find out the basis for the search warrant that led to the raid on Steve Jackson Games. Unfortunately, the application for that warrant remains sealed by order of the court. The Foundation is making efforts to unseal those papers in order to find out what it was that the Secret Service told a judicial officer that prompted that officer to issue the search warrant. Under the Fourth Amendment to the United States Constitution, a search warrant may be lawfully issued only if the information presented to the court by the government agents demonstrates "probable cause" to believe that evidence of criminal conduct would be found on the premises to be searched. Unsealing the search warrant application should enable the Foundation's lawyers, representing Steve Jackson Games, to determine the theory by which Secret Service Agents concluded or hypothesized that either the GURPS CYBERPUNK game or any of the company's computerized business records constituted criminal activity or contained evidence of criminal activity. Whatever the professed basis of the search, its scope clearly seems to have been unreasonably broad. The wholesale seizure of computer software, and subsequent rummaging through its contents, is precisely the sort of general search that the Fourth Amendment was designed to prohibit. If it is unlawful for government agents to indiscriminately seize all of the hard-copy filing cabinets on a business premises -- which it surely is -- that the same degree of protection should apply to businesses that store information electronically. The Steve Jackson Games situation appears to involve First Amendment violations as well. The First Amendment to the United States Constitution prohibits the government from "abridging the freedom of speech, or of the press". The government's apparent attempt to prevent the publication of the GURPS CYBERPUNK game book by seizing all copies of all drafts in all media prior to publication, violated the First Amendment. The particular type of First Amendment violation here is the single most serious type, since the government, by seizing the very material sought to be published, effectuated what is known in the law as a "prior restraint" on speech. This means that rather than allow the material to be published and then seek to punish it, the government sought instead to prevent publication in the first place. (This is not to say, of course, that anything published by Steve Jackson Games could successfully have been punished. Indeed, the opposite appears to be the case, since SJG's business seems to be entirely lawful.) In any effort to restrain publication, the government bears an extremely heavy burden of proof before a court is permitted to authorize a prior restraint. Indeed, in its 200-year history, the Supreme Court has never upheld a prior restraint on the publication of material protected by the First Amendment, warning that such efforts to restrain publication are presumptively unconstitutional. For example, the Department of Justice was unsuccessful in 1971 in obtaining the permission of the Supreme Court to enjoin The New York Times, The Washington Post, and The Boston Globe from publishing the so-called Pentagon Papers, which the government strenuously argued should be enjoined because of a perceived threat to national security. (In 1979, however, the government sought to prevent The Progressive magazine from publishing an article purporting to instruct the reader as to how to manufacture an atomic bomb. A lower federal court actually imposed an order for a temporary prior restraint that lasted six months. The Supreme Court never had an opportunity to issue a full ruling on the constitutionality of that restraint, however, because the case was mooted when another newspaper published the article.) Governmental efforts to restrain publication thus have been met by vigorous opposition in the courts. A major problem posed by the government's resort to the expedient of obtaining a search warrant, therefore, is that it allows the government to effectively prevent or delay publication without giving the citizen a ready opportunity to oppose that effort in court. The Secret Service managed to delay, and almost to prevent, the publication of an innocuous game book by a legitimate company -- not by asking a court for a prior restraint order that it surely could not have obtained, but by asking instead for a search warrant, which it obtained all too readily. The seizure of the company's computer hardware is also problematic, for it prevented the company not only from publishing GURPS CYBERPUNK, but also from operating its electronic bulletin board. The government's action in shutting down such an electronic bulletin board is the functional equivalent of shutting down printing presses of The New York Times or The Washington Post in order to prevent publication of The Pentagon Papers. Had the government sought a court order closing down the electronic bulletin board, such an order effecting a prior restraint almost certainly would have been refused. Yet by obtaining the search warrant, the government effected the same result. This is a stark example of how electronic media suffer under a less stringent standard of constitutional protection than applies to the print media -- for no apparent reason, it would appear, other than the fact that government agents and courts do not seem to readily equate computers with printing presses and typewriters. It is difficult to understand a difference between these media that should matter for constitutional protection purposes. This is one of the challenges facing the Electronic Frontier Foundation. The Electronic Frontier Foundation will continue to press for return of the remaining property of Steve Jackson Games and will take formal steps, if necessary, to determine the factual basis for the search. The purpose of these efforts is to establish law applying the First and Fourth Amendments to electronic media, so as to protect in the future Steve Jackson Games as well as other individuals and businesses from the devastating effects of unlawful and unconstitutional government intrusion upon and interference with protected property and speech rights. United States v. Craig Neidorf Craig Neidorf is a 20-year-old student at the University of Missouri who has been indicted by the United States on several counts of interstate wire fraud and interstate transportation of stolen property in connection with his activities as editor and publisher of the electronic magazine, Phrack. The indictment charges Neidorf with: (1) wire fraud and interstate transportation of stolen property for the republication in Phrack of information which was allegedly illegally obtained through the accessing of a computer system without authorization, though it was obtained not by Neidorf but by a third party; and (2) wire fraud for the publication of an announcement of a computer conference and for the publication of articles which allegedly provide some suggestions on how to bypass security in some computer systems. The information obtained without authorization is a file relating to the provision of 911 emergency telephone services that was allegedly removed from the BellSouth computer system without authorization. It is important to note that neither the indictment, nor any briefs filed in this case by the government, contain any factual allegation or contention that Neidorf was involved in or participated in the removal of the 911 file. These indictments raise substantial constitutional issues which have significant impact on the uses of new computer communications technologies. The prosecution of an editor or publisher, under generalized statutes like wire fraud and interstate transportation of stolen property, for the publication of information received lawfully, which later turns out to be have been "stolen," presents an unprecedented threat to the freedom of the press. The person who should be prosecuted is the thief, and not a publisher who subsequently receives and publishes information of public interest. To draw an analogy to the print media, this would be the equivalent of prosecuting The New York Times and The Washington Post for publishing the Pentagon Papers when those papers were dropped off at the doorsteps of those newspapers. Similarly, the prosecution of a publisher for wire fraud arising out of the publication of articles that allegedly suggested methods of unlawful activity is also unprecedented. Even assuming that the articles here did advocate unlawful activity, advocacy of unlawful activity cannot constitutionally be the basis for a criminal prosecution, except where such advocacy is directed at producing imminent lawless action, and is likely to incite such action. The articles here simply do not fit within this limited category. The Supreme Court has often reiterated that in order for advocacy to be criminalized, the speech must be such that the words trigger an immediate action. Criminal prosecutions such as this pose an extreme hazard for First Amendment rights in all media of communication, as it has a chilling effect on writers and publishers who wish to discuss the ramifications of illegal activity, such as information describing illegal activity or describing how a crime might be committed. In addition, since the statutes under which Neidorf is charged clearly do not envision computer communications, applying them to situations such as that found in the Neidorf case raises fundamental questions of fair notice -- that is to say, the publisher or computer user has no way of knowing that his actions may in fact be a violation of criminal law. The judge in the case has already conceded that "no court has ever held that the electronic transfer of confidential, proprietary business information from one computer to another across state lines constitutes a violation of [the wire fraud statute]." The Due Process Clause prohibits the criminal prosecution of one who has not had fair notice of the illegality of his action. Strict adherence to the requirements of the Due Process Clause also minimizes the risk of selective or arbitrary enforcement, where prosecutors decide what conduct they do not like and then seek some statute that can be stretched by some theory to cover that conduct. Government seizure and liability of bulletin board systems During the recent government crackdown on computer crime, the government has on many occasions seized the computers which operate bulletin board systems ("BBSs"), even though the operator of the bulletin board is not suspected of any complicity in any alleged criminal activity. The government seizures go far beyond a "prior restraint" on the publication of any specific article, as the seizure of the computer equipment of a BBS prevents the BBS from publishing at all on any subject. This akin to seizing the word processing and computerized typesetting equipment of The New York Times for publishing the Pentagon Papers, simply because the government contends that there may be information relating to the commission of a crime on the system. Thus, the government does not simply restrain the publication of the "offending" document, but it seizes the means of production of the First Amendment activity so that no more stories of any type can be published. The government is allowed to seize "instrumentalities of crime," and a bulletin board and its associated computer system could arguably be called an instrumentality of crime if individuals used its private e-mail system to send messages in furtherance of criminal activity. However, even if the government has a compelling interest in interfering with First Amendment protected speech, it can only do so by the least restrictive means. Clearly, the wholesale seizure and retention of a publication's means of production, i.e., its computer system, is not the least restrictive alternative. The government obviously could seize the equipment long enough to make a copy of the information stored on the hard disk and to copy any other disks and documents, and then promptly return the computer system to the operator. Another unconstitutional aspect of the government seizures of the computers of bulletin board systems is the government infringement on the privacy of the electronic mail in the systems. It appears that the government, in seeking warrants for the seizures, has not forthrightly informed the court that private mail of third parties is on the computers, and has also read some of this private mail after the systems have been seized. The Neidorf case also raises issues of great significance to bulletin board systems. As Neidorf was a publisher of information he received, BBSs could be considered publishers of information that its users post on the boards. BBS operators have a great deal of concern as to the liability they might face for the dissemination of information on their boards which may turn out to have been obtained originally without authorization, or which discuss activity which may be considered illegal. This uncertainty as to the law has already caused a decrease in the free flow of information, as some BBS operators have removed information solely because of the fear of liability. The Electronic Frontier Foundation stands firmly against the unauthorized access of computer systems, computer trespass and computer theft, and strongly supports the security and sanctity of private computer systems and networks. One of the goals of the Foundation, however, is to ensure that, as the legal framework is established to protect the security of these computer systems, the unfettered communication and exchange of ideas is not hindered. The Foundation is concerned that the Government has cast its net too broadly, ensnaring the innocent and chilling or indeed supressing the free flow of information. The Foundation fears not only that protected speech will be curtailed, but also that the citizen's reasonable expectation in the privacy and sanctity of electronic communications systems will be thwarted, and people will be hesitant to communicate via these networks. Such a lack of confidence in electronic communication modes will substantially set back the kind of experimentation by and communication among fertile minds that are essential to our nation's development. The Foundation has therefore applied for amicus curiae (friend of the court) status in the Neidorf case and has filed legal briefs in support of the First Amendment issues there, and is prepared to assist in protecting the free flow of information over bulletin board systems and other computer technologies. For further information regarding Steve Jackson Games please contact: Harvey Silverglate or Sharon Beckman Silverglate & Good 89 Broad Street, 14th Floor Boston, MA 02110 617/542-6663 For further information regarding Craig Neidorf please contact: Terry Gross or Eric Lieberman Rabinowitz, Boudin, Standard, Krinsky and Lieberman 740 Broadway, 5th Floor New York, NY 10003 212/254-1111 ====================================================== LEGAL OVERVIEW THE ELECTRONIC FRONTIER AND THE BILL OF RIGHTS Advances in computer technology have brought us to a new frontier in communications, where the law is largely unsettled and woefully inadequate to deal with the problems and challenges posed by electronic technology. How the law develops in this area will have a direct impact on the electronic communications experiments and innovations being devised day in and day out by millions of citizens on both a large and small scale from coast to coast. Reasonable balances have to be struck among: * traditional civil liberties * protection of intellectual property * freedom to experiment and innovate * protection of the security and integrity of computer systems from improper governmental and private interference. Striking these balances properly will not be easy, but if they are struck too far in one direction or the other, important social and legal values surely will be sacrificed. Helping to see to it that this important and difficult task is done properly is a major goal of the Electronic Frontier Foundation. It is critical to assure that these lines are drawn in accordance with the fundamental constitutional rights that have protected individuals from government excesses since our nation was founded -- freedom of speech, press, and association, the right to privacy and protection from unwarranted governmental intrusion, as well as the right to procedural fairness and due process of law. The First Amendment The First Amendment to the United States Constitution prohibits the government from "abridging the freedom of speech, or of the press," and guarantees freedom of association as well. It is widely considered to be the single most important of the guarantees contained in the Bill of Rights, since free speech and association are fundamental in securing all other rights. The First Amendment throughout history has been challenged by every important technological development. It has enjoyed only a mixed record of success. Traditional forms of speech -- the print media and public speaking -- have enjoyed a long and rich history of freedom from governmental interference. The United States Supreme Court has not afforded the same degree of freedom to electronic broadcasting, however. Radio and television communications, for example, have been subjected to regulation and censorship by the Federal Communications Commission (FCC), and by the Congress. The Supreme Court initially justified regulation of the broadcast media on technological grounds -- since there were assumed to be a finite number of radio and television frequencies, the Court believed that regulation was necessary to prevent interference among frequencies and to make sure that scarce resources were allocated fairly. The multiplicity of cable TV networks has demonstrated the falsity of this "scarce resource" rationale, but the Court has expressed a reluctance to abandon its outmoded approach without some signal from Congress or the FCC. Congress has not seemed overly eager to relinquish even counterproductive control over the airwaves. Witness, for example, legislation and rule-making in recent years that have kept even important literature, such as the poetry of Allen Ginsberg, from being broadcast on radio because of language deemed "offensive" to regulators. Diversity and experimentation have been sorely hampered by these rules. The development of computer technology provides the perfect opportunity for lawmakers and courts to abandon much of the distinction between the print and electronic media and to extend First Amendment protections to all communications regardless of the medium. Just as the multiplicity of cable lines has rendered obsolete the argument that television has to be regulated because of a scarcity of airwave frequencies, so has the ready availability of virtually unlimited computer communication modalities made obsolete a similar argument for harsh controls in this area. With the computer taking over the role previously played by the typewriter and the printing press, it would be a constitutional disaster of major proportions if the treatment of computers were to follow the history of regulation of radio and television, rather than the history of freedom of the press. To the extent that regulation is seen as necessary and proper, it should foster the goal of allowing maximum freedom, innovation and experimentation in an atmosphere where no one's efforts are sabotaged by either government or private parties. Regulation should be limited by the adage that quite aptly describes the line that separates reasonable from unreasonable regulation in the First Amendment area: "Your liberty ends at the tip of my nose." As usual, the law lags well behind the development of technology. It is important to educate lawmakers and judges about new technologies, lest fear and ignorance of the new and unfamiliar, create barriers to free communication, expression, experimentation, innovation, and other such values that help keep a nation both free and vigorous. The Fourth Amendment The Fourth Amendment guarantees "the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures." Judges are not to issue search warrants for private property unless the law enforcement officer seeking the warrant demonstrates the existence of "a probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." In short, the scope of the search has to be as narrow as possible, and there has to be good reason to believe that the search will turn up evidence of illegal activity. The meaning of the Fourth Amendment's guarantee has evolved over time in response to changing technologies. For example, while the Fourth Amendment was first applied to prevent the government from trespassing onto private property and seizing tangible objects, the physical trespass rationale was made obsolete by the development of electronic eavesdropping devices which permitted the government to "seize" an individual's words without ever treading onto that person's private property. To put the matter more concretely, while the drafters of the First Amendment surely knew nothing about electronic databases, surely they would have considered one's database to be as sacrosanct as, for example, the contents of one's private desk or filing cabinet. The Supreme Court responded decades ago to these types of technological challenges by interpreting the Fourth Amendment more broadly to prevent governmental violation of an individual's reasonable expectation of privacy, a concept that transcended the narrow definition of one's private physical space. It is now well established that an individual has a reasonable expectation of privacy, not only in his or her home and business, but also in private communications. Thus, for example: * Government wiretapping and electronic eavesdropping are now limited by state and federal statutes enacted to effectuate and even to expand upon Fourth Amendment protections. * More recently, the Fourth Amendment has been used, albeit with limited success, to protect individuals from undergoing certain random mandatory drug testing imposed by governmental authorities. Advancements in technology have also worked in the opposite direction, to diminish expectations of privacy that society once considered reasonable, and thus have helped limit the scope of Fourth Amendment protections. Thus, while one might once have reasonably expected privacy in a fenced-in field, the Supreme Court has recently told us that such an expectation is not reasonable in an age of surveillance facilitated by airplanes and zoom lenses. Applicability of Fourth Amendment to computer media Just as the Fourth Amendment has evolved in response to changing technologies, so it must now be interpreted to protect the reasonable expectation of privacy of computer users in, for example, their electronic mail or electronically stored secrets. The extent to which government intrusion into these private areas should be allowed, ought to be debated openly, fully, and intelligently, as the Congress seeks to legislate in the area, as courts decide cases, and as administrative, regulatory, and prosecutorial agencies seek to establish their turf. One point that must be made, but which is commonly misunderstood, is that the Bill of Rights seeks to protect citizens from privacy invasions committed by the government, but, with very few narrow exceptions, these protections do not serve to deter private citizens from doing what the government is prohibited from doing. In short, while the Fourth Amendment limits the government's ability to invade and spy upon private databanks, it does not protect against similar invasions by private parties. Protection of citizens from the depredations of other citizens requires the passage of privacy legislation. The Fifth Amendment The Fifth Amendment assures citizens that they will not "be deprived of life, liberty, or property, without due process of law" and that private property shall not "be taken for public use without just compensation." This Amendment thus protects both the sanctity of private property and the right of citizens to be proceeded against by fair means before they may be punished for alleged infractions of the law. One aspect of due process of law is that citizens not be prosecuted for alleged violations of laws that are so vague that persons of reasonable intelligence cannot be expected to assume that some prosecutor will charge that his or her conduct is criminal. A hypothetical law, for example, that makes it a crime to do "that which should not be done", would obviously not pass constitutional muster under the Fifth Amendment. Yet the application of some existing laws to new situations that arise in the electronic age is only slightly less problematic than the hypothetical, and the Electronic Frontier Foundation plans to monitor the process by which old laws are modified, and new laws are crafted, to meet modern situations. One area in which old laws and new technologies have already clashed and are bound to continue to clash, is the application of federal criminal laws against the interstate transportation of stolen property. The placement on an electronic bulletin board of arguably propriety computer files, and the "re-publication" of such material by those with access to the bulletin board, might well expose the sponsor of the bulletin board as well as all participants to federal felony charges, if the U.S. Department of Justice can convince the courts to give these federal laws a broad enough reading. Similarly, federal laws protecting against wiretapping and electronic eavesdropping clearly have to be updated to take into account electronic bulletin board technology, lest those who utilize such means of communication should be assured of reasonable privacy from unwanted government surveillance. Summary The problem of melding old but still valid concepts of constitutional rights, with new and rapidly evolving technologies, is perhaps best summed up by the following observation. Twenty-five years ago there was not much question but that the First Amendment prohibited the government from seizing a newspaper's printing press, or a writer's typewriter, in order to prevent the publication of protected speech. Similarly, the government would not have been allowed to search through, and seize, one's private papers stored in a filing cabinet, without first convincing a judge that probable cause existed to believe that evidence of crime would be found. Today, a single computer is in reality a printing press, typewriter, and filing cabinet (and more) all wrapped up in one. How the use and output of this device is treated in a nation governed by a Constitution that protects liberty as well as private property, is a major challenge we face. How well we allow this marvelous invention to continue to be developed by creative minds, while we seek to prohibit or discourage truly abusive practices, will depend upon the degree of wisdom that guides our courts, our legislatures, and governmental agencies entrusted with authority in this area of our national life. For further information regarding The Bill of Rights please contact: Harvey Silverglate Silverglate & Good 89 Broad Street, 14th Floor Boston, MA 02110 617/542-6663 ======================================================================== U.S. Attorney Visits The EPIC Project Online -- July 6, 1990 -- after EPIC Founder Jeff Aldrich speaks out against government raids as a panelist on KPFA-FM "Electronic Democracy" broadcast July 5, 1990. The following is an account of that electronic visit. Libertarian Fedz? I was interrupted by a "yell for sysop" around noon today. The user's name was Joe Dew, from the U.S. Attorney's Office in San Francisco. Prior to yelling, he checked the user list for Mike Yamaguchi. Mike was in the bbs just after a 4-20-90 half page ad ran in the Wall Street Journal, "If You Own a Computer You Can Change Congress," asking those with an interest to login. He checked things out and appeared to capture, among other things, the text of a proposed Constitutional Amendment we distributed electronically in California earlier this year. Mike Yamaguchi's login had that "something fishy" strangeness about it. I found out why today during a chat with Joe the fed. I didn't capture -"tape" our conversation. The following is a careful recap from memory. Rather than trying to hide, Joe Dew wanted to chat and did so with candor. Joe: I just heard about EPIC. Can I see the government files or are they private? Sysop: They're in the file section and everything is public. Joe: How do I get there? Sysop: Would you like a tour? Joe: Yes. Sysop: Hang on... Off we went for a peek at Information Age Democracy with his capture wide open for a screen full or two: OTA Critical Connections summary chapter, ALA Summary of HR3849, campaign finance disclosure reports on federal, state and local politicians, county/city meeting agendas, voting records and approved minutes. I didn't bother with the user list, he'd already been there. Back to chat... Sysop: Was that enough information? Or would you like more? Joe: Wow! That was enough government information, but I didn't get any information on EPIC. Is it a government related agency? Why are you doing this? Are you a group of hackers? Where do I get information on EPIC? Sysop: "A bunch of hackers?" Hardly. EPIC is a nonprofit public benefit corporation; a citizen operated and supported electronic publisher providing free public access to government documents and information. Board members include legal eagles, constitutional scholars and activists. I appreciate your interest. You know who I am, may I ask who you are? Media or fedz? Joe: Strange that you ask. I'm with the government. Sysop: As in fedz? Joe: Well, both actually. I'm with the U.S. Attorney's Office, but I'm leaving in a month to work with a media marketing company. I'm new to this and meant no offense asking about hackers. Sysop: None taken. It's just that many of us are concerned about "thought police" because of recent events. Not that we have anything to hide, but the current climate is, well...tense. Joe: I haven't been out of college long...and going to work here changed my mind about fedz. They're some of the most libertarian people I've met. I understand your uneasiness, but there's no need to be concerned. Our office concentrates on drug dealers. Sysop: Don't be a stranger, you're welcome here. And tell Yama...(whatever) he's welcome too. Thanks for your candor. Joe: He's out to lunch right now. But I'll tell him, his office is just down the hall. Sysop: I'll put some of the information you asked for in the public file section so you'll be able to grab it at your leisure. Joe: Thanks, I gott'a go. Sysop: bb I took him back to the opening menu for an easy exit. Joe the fed seemed like a nice guy, a regular person. The fact he didn't fit my picture of "thought police" ran through my mind. As if I had a Polaroid tucked away in a dusty album or had seen'em in the "T" volume encyclopedia sitting on the shelf. His effort to reasure me I had no reason for concern did little to ease the Orwellian tension of his visit. I considered asking Joe the fed why he thought EPIC might be a group of hackers. My social conditioning would give little merit to his answer, so it wasn't worth asking. I wondered if he was reading the hackers conference on the Well or heard me on the radio yesterday. As disappointing as it might be, the local high school kids fix our computer when it decides to act up. The only hack I'm guilty of is the mess I made in my home directory trying to automate my conferencing on the Well. Joe the fed made my day. For a moment he elevated me to genuine computer literacy. He logged off and it was back to the reality of fumbling with a label program to get the mail out before five. ============================END OF FILE======================================= Downloaded From P-80 International Information Systems 304-744-2253