Path: gmdzi!unido!fauern!ira.uka.de!snorkelwacker!usc!cs.utexas.edu!uunet!
mailrus!accuvax.nwu.edu!nucsrl!telecom-request
From: s...@cs.purdue.edu (Gene Spafford)
Newsgroups: comp.dcom.telecom
Subject: Re: Legion of Doom Rebuttal to Moderator
Message-ID: <5462@accuvax.nwu.edu>
Date: 21 Mar 90 16:14:05 GMT
Sender: n...@accuvax.nwu.edu
Reply-To: Gene Spafford <s...@cs.purdue.edu>
Organization: Department of Computer Science, Purdue University
Lines: 47
Approved: Tele...@eecs.nwu.edu
Posted: Wed Mar 21 17:14:05 1990
X-Submissions-To: tele...@eecs.nwu.edu
X-Administrivia-To: telecom-requ...@eecs.nwu.edu
X-Telecom-Digest: Volume 10, Issue 193, Message 1 of 8


Let me point out that the investigation that resulted in the four
indictements of the LoD folks has also included a number of other
indictments and arrests.  All of this APPEARS to be one large-scale
investigation into a pattern of repeated collaboration for purposes of
illegal activity (in legal terms, criminal conspiracy).  The
information I have available from various sources indicates that the
investigation is continuing, others are likely to be charged, and
there MAY be some national security aspects to parts of the
investigation that have yet to be disclosed.

Now maybe there are one or two people on the law enforcement side who
are a little over-zealous (but not the few I talk with on a regular
basis).  For someone to be indicted requires that sufficient evidence
be collected to convince a grand jury -- a group of 23 (24?  I forget
exactly) average people -- that the evidence shows a high probability
that the crimes were committed.  Search warrants require probable
cause and the action of judges who will not sign imprecise and poorly
targeted warrants.  Material seized under warrant can be forced to be
returned by legal action if the grounds for the warrant are shown to
be false, so the people who lost things have legal remedy if they are
innocent.

The system has a lot of checks on it, and it requires convincing a lot
of people along the way that there is significant evidence to take the
next step.  If these guys were alleged mafioso instead of electronic
terrorists, would you still be claiming it was a witch hunt?
Conspiracy, fraud, theft, violations of the computer fraud and abuse
act, maybe the ECPA, possesion of unauthorized access codes, et. al.
are not to be taken lightly, and not to be dismissed as some
"vendetta" by law enforcement.

Realize that the Feds involved are prohibited from disclosing elements
of their evidence and investigation precisely to protect the rights of
the defendants.  If you base your perceptions of this whole mess on
just what has been rumored and reported by those close to the
defendants (or from potential defendants), then you are going to get a
very biased, inaccurate picture of the situation.  Only after the
whole mess comes to trial will we all be able to get a more complete
picture, and then some people may be surprised at the scope and nature
of what is involved.


Gene Spafford
NSF/Purdue/U of Florida  Software Engineering Research Center,
Dept. of Computer Sciences, Purdue University, W. Lafayette IN 47907-2004
Internet:  s...@cs.purdue.edu	uucp:	...!{decwrl,gatech,ucbvax}!purdue!spaf

Date: Sun, 25 Mar 90 11:45:32 CST
From: TELECOM Moderator <tele...@eecs.nwu.edu>
Subject: Preface to Special Issue


This issue is devoted to replies to Gene Spafford about the activities
of the Legion of Doom. Like many controversial topics (Caller*ID for
one), the LoD has the potential to use great amounts of network
resources as the arguments go on. Because Mr. Spafford is a highly
respected member of the net community, the people who responded to his
article here certainly deserve the courtesy of being heard, but with
this selection of responses, we will discontinue further pros-and-cons
messages on LoD, at least until the criminal proceedings are finished.
Obviously, *new* information about LoD, government investigative
activities, etc is welcome, but let's not rehash old stuff again and
again.

Patrick Townson

From: Mike Godwin <walt.cc.utexas.edu!mnemo...@cs.utexas.edu>
Subject: Re: Legion of Doom Rebuttal to Moderator
Date: 22 Mar 90 20:16:43 GMT
Reply-To: Mike Godwin <walt.cc.utexas.edu!mnemo...@cs.utexas.edu>
Organization: The University of Texas at Austin, Austin, Texas


In article <5...@accuvax.nwu.edu> Gene Spafford <s...@cs.purdue.edu> writes:

>The information I have available from various sources indicates that the
>investigation is continuing, others are likely to be charged, and there 
>MAY be some national security aspects to parts of the investigation that 
>have yet to be disclosed.

The information that I have is that many innocent third parties are
being trampled by the federal agents in their investigatory zeal. The
unnecessary seizure of equipment at Steve Jackson Games in Austin,
Texas, is a notable example. In that case, the Secret Service assumed
that, since SJ Games employed a reformed computer hacker, it was
likely that their company BBS (used for feedback from role-playing
game testers nationwide) contained relevant evidence. So, the SS
seized all the company's computer equipment, including its laser
printer, all available copies of the company's new Cyberpunk game (set
in a William Gibson future involving penetration of repressive
corporate computer systems), and copies of Gordon Meyer's dangerous
academic thesis, in which the author proposed that the hacker
underground had been "criminalized" in the public mind due to images
created by a few destructive individuals and by the fairly ignorant
media.

In spite of this, they assured Jackson and his lawyer that neither
Jackson nor his company was the target of the investigation. (Jackson,
who owes his livelihood to the copyright laws, is an adamant opponent
of piracy.)

Apparently, the federal agents were angered by the Cyberpunk gaming
manual, which romanticized 21st-century computer "cowboys" like Case
in Gibson's novel NEUROMANCER. They further conjectured that the game
is a cookbook for hackers.

Jackson's business is losing, at his estimate, thousands of dollars a
month thanks to this seizure, which was far more intrusive than
necessary (why take the hardware at all?), and which seemed to
demonstrate the agents' willingness to find evildoings everywhere. The
Federal Tort Claims Act bars tort recovery based on
law-enforcement-related seizures of property, I note in passing.

>Now maybe there are one or two people on the law enforcement side who
>are a little over-zealous (but not the few I talk with on a regular
>basis).

Yeah, maybe one or two.

>For someone to be indicted requires that sufficient evidence
>be collected to convince a grand jury -- a group of 23 (24?  I forget
>exactly) average people -- that the evidence shows a high probability
>that the crimes were committed.

The notion that grand juries are any kind of screening mechanism for
prosecutions, while correct in theory, has long been discredited. In
general, not even prosecutors pretend that the theory is accurate
anymore.  In law school, one of the first things you're taught in
criminal-procedure courses is that grand juries are not screening
mechanisms at all. (It is so rare for a grand jury to fail to follow a
prosecutor's recommendation to indict that when it does happen the
grand jury is known as a "rogue grand jury.") The basic function of
grand juries at the federal level is INVESTIGATORY -- the grand-jury
subpoena power is used to compel suspects' and witnesses' presence and
testimony prior to actual prosecution.

>Search warrants require probable
>cause and the action of judges who will not sign imprecise and poorly
>targeted warrants.

Ha! Dream on.

>Material seized under warrant can be forced to be
>returned by legal action if the grounds for the warrant are shown to
>be false, so the people who lost things have legal remedy if they are
>innocent.

Guess who pays for pursuing the legal remedy in most cases.
(Hint: it's not the government.)

Now guess how long such proceedings can take.

>The system has a lot of checks on it, and it requires convincing a lot
>of people along the way that there is significant evidence to take the
>next step.

The system does have checks in it, but they are neither as comprehensive
nor as reliable as you seem to think.

>If these guys were alleged mafioso instead of electronic
>terrorists, would you still be claiming it was a witch hunt?

Possibly. There have been periods in this country in which it was not
very pleasant to be involved in a criminal investigation if your name
ended in a vowel.

>Conspiracy, fraud, theft, violations of the computer fraud and abuse
>act, maybe the ECPA, possesion of unauthorized access codes, et. al.
>are not to be taken lightly, and not to be dismissed as some
>"vendetta" by law enforcement.

I don't think anyone is proposing that the investigation of genuine
statutory violations is necessarily a vendetta. In fact, I don't think
this is the case even in the Jolnet sting. But lack of understanding
on the part of the federal officials involved, plus the general
expansion of federal law-enforcement officials powers in the '70s and
'80s, mean that life can be pretty miserable for you if you even KNOW
someone who MIGHT be the target of an investigation.

There are civil-rights and civil-liberties issues here that have yet
to be addressed. And they probably won't even be raised so long as
everyone acts on the assumption that all hackers are criminals and
vandals and need to be squashed, at whatever cost.

Before you jump to conclusions about my motivations in posting this,
let me point out the following:

1) I'm against computer crime and believe it should be prosecuted.

2) I'm nor now, nor have I ever been, a "hacker." (The only substantive
programming I've ever done was in dBase II, by the way.)

3) Even though (1) and (2) are true, I am disturbed, on principle, at
the conduct of at least some of the federal investigations now going
on. I know several people who've taken their systems out of public
access just because they can't risk the seizure of their equipment (as
evidence or for any other reason). If you're a Usenet site, you may
receive megabytes of new data every day, but you have no
common-carrier protection in the event that someone puts illegal
information onto the Net and thence into your system.

And (3) is only one of the issues that has yet to be addressed by 
policymakers.

>Realize that the Feds involved are prohibited from disclosing elements
>of their evidence and investigation precisely to protect the rights of
>the defendants.

They're also secretive by nature. Much has been withheld that does not
implicate defendants' rights (e.g., the basis for Secret Service
jurisdiction in this case).

>If you base your perceptions of this whole mess on
>just what has been rumored and reported by those close to the
>defendants (or from potential defendants), then you are going to get a
>very biased, inaccurate picture of the situation.

Even if you screen out the self-serving stuff that defendants (and
non-defendants) have been saying, you still get a disturbing picture
of the unbridled scope of federal law-enforcement power.

In addition, we can't fall into the still-fashionable Ed Meese
mentality: "If they're innocent they don't have to worry about being
indicted." This is simply not true.

>Only after the whole mess comes to trial will we all be able to get a 
>more complete picture, and then some people may be surprised at the 
>scope and nature of what is involved.

Ah, just the way the Oliver North trial cleared things up?

(I know that's a bit unfair, but it expresses my feeling that we're
better off relying on the press, flawed as it is, than waiting for the
feds to tell us what it's good for us to know at the time they think
it's good for us to know it.)

In sum, the *complaint* has been this:

"Look at the way the feds are losing their cool over this! Lots of
folks are being harmed, and lots of rights are being violated!"

The *response* of those whose justifiable opposition to computer crime
has blinded them to the rights, due-process, and justice issues
involved has been something like this:

"They're the government. They wouldn't be doing this stuff if they
weren't a good reason for it."

I have no trouble with Gene Spafford's scepticism about the complaint;
please understand, however, why I insist on being sceptical about the
response.


Mike Godwin, UT Law School    |"Neither am I anyone; I have dreamt the world as
mnemo...@ccwf.cc.utexas.edu   | you dreamt your work, my Shakespeare, and among
mnemo...@walt.cc.utexas.edu   | the forms in my dream are you, who like myself
(512) 346-4190                | are many and no one."  --Borges