Path: gmdzi!unido!mcsun!uunet!zaphod.mps.ohio-state.edu!usc!jarthur!
ucivax!orion.oac.uci.edu!ucsd!dog.ee.lbl.gov!eff!mkapor
From: mka...@eff.org (Mitch Kapor)
Newsgroups: comp.org.eff.news,comp.org.eff.talk
Subject: EFF News 1.00
Message-ID: <1990Dec10.211625.9536@eff.org>
Date: 10 Dec 90 21:16:25 GMT
Followup-To: comp.org.eff.talk
Organization: The Electronic Frontier Foundation
Lines: 805
Approved: mka...@eff.org

************************************************************
************************************************************
***           EFF News #1.00  (December 10, 1990)        ***
***       The Electronic Frontier Foundation, Inc.       ***
***                        Welcome                       ***
************************************************************
************************************************************


Editors:  Mitch Kapor  (mka...@eff.org) 
          Mike Godwin  (mnemo...@eff.org)

REPRINT PERMISSION GRANTED: Material in EFF News may be reprinted if you 
cite the source.  Where an individual author has asserted copyright in 
an article, please contact her directly for permission to reproduce.

E-mail subscription requests:  effnews-requ...@eff.org
Editorial submissions: effn...@eff.org

We can also be reached at:

Electronic Frontier Foundation
155 Second St.
Cambridge, MA 02141

(617) 864-0665
(617) 864-0866 (fax)
                
USENET readers are encouraged to read this publication in the moderated 
newsgroup comp.org.eff.news.  Unmoderated discussion of topics discussed 
here is found in comp.org.eff.talk.

This publication is also distributed to members of the mailing list 
e...@well.sf.ca.us.

************************************************************

The EFF has been established to help civilize the electronic frontier; 
to make it truly useful and beneficial to everyone, not just an elite; 
and to do this in a way that is in keeping with our society's highest 
traditions of the free and open flow of information and communication. 

EFF News will present news, information, and discussion about the world 
of computer-based communications media that constitute the electronic 
frontier. It will cover issues such as freedom of speech in digital 
media, privacy rights, censorship, standards of responsibility for users 
and operators of computer systems, policy issues such as the development 
of national information infrastructure, and intellectual property.


Views of individual authors represent their own opinions, not 
necessarily those of the EFF.


************************************************************
***         EFF News #1.00: Table of Contents            ***
************************************************************

Article 1: Who's Doing What at the EFF

Article 2: EFF Current Activities - Fall 1990

Article 3: Contributing to the EFF

Article 4: CPSR Computing and Civil Liberties Project
           (Marc Rotenberg, Computer Professionals for Social
           Responsibility)

Article 5: Why Defend Hackers? (Mitch Kapor)

Article 6: The Lessons of the Prodigy Controversy

Article 7: How Prosecutors Misrepresented the Atlanta Hackers

************************************************************
***           EFF News #1.00: Article 1 of 7:            ***
***             Who's Doing What at the EFF              ***
************************************************************

	The EFF has hired its first full-time staff member, Mike Godwin.  
Mike is serving as the EFF's staff counsel and will be coordinating the 
ongoing legal work of the EFF as well.   Mike is a recent graduate of 
the University of Texas Law School.  Previously he served as editor-in-
chief of The Daily Texan student newspaper.  He has been a frequent 
contributor to the discussions of computing and civil liberties on the
net.  Welcome, Mike.

	As the scope of EFF activities increase, we anticipate hiring 
another full-time professional staff person at EFF. The new position is 
in the process of being defined, but the responsibilities are likely to 
include involvement with our print and online publications as well as 
the administrative tasks associated with raising contributions and 
responding to our constituents.

	We have gotten settled in our remodelled quarters.  Leila 
Gallagher has joined us as an office volunteer helping with duplicating, 
mailing, and other administrative matters.

	There are currently additional volunteer opportunities at the 
EFF's Cambridge office.  Anyone with experience with PageMaker and 
FileMaker who is interested in helping us with our print newsletter and 
creating a inquiries database is encouraged to contact Mike Godwin.

	Gerard van der Leun (bosw...@well.sf.ca.us)  has volunteered to 
organize and edit the first issue of the EFF's print newsletter, the 
EFFector.  He is getting lots of help from Dan Sokol and Rick Doherty.  
Look for a first issue this winter.

	Mitch Kapor is working full-time on public interest computing 
issues, including the EFF, where he is currently serving as Acting 
Executive Director.  John Barlow (bar...@well.sf.ca.us) is actively 
engaged in writing and speaking about issues on the electronic frontier.

	Harvey Silverglate and Sharon Beckman (slvrg...@well.sf.ca.us) of 
the law firm of Silverglate and Good and Terry Gross 
(tgr...@well.sf.ca.us) of the Rabinowitz, Boudin, Standard, Krinsky, and 
Lieberman are the EFF's litigation counsel.




************************************************************
***           EFF News #1.00: Article 2 of 7:            ***
***         EFF Current Activities - Fall 1990           ***
************************************************************

>>>LEGAL EFFORTS<<<

	The EFF is continuing to investigate legal opportunities for 
helping to establish the First and Fourth Amendment rights of computer 
users and sysops. We are closely tracking the known cases of BBS-related 
seizures and arrests that have arisen as the result of Operation Sun 
Devil and the computer-crime operation based in the Chicago U.S. 
Attorney's office. These  cases may provide us with critical 
opportunities to defend the rights of computer users and BBS operators.  

	We are continuing to track other cases of alleged computer-related 
crimes, many of which arose prior to the two federal operations 
mentioned above, but in which the EFF may be able to play some formal or 
informal role.  

	The EFF has also been following the Prodigy case and has been 
investigating the cases in which universities may have been ordered by 
NSF officials to remove graphics files from their systems. We have been 
increasing our media presence through our cooperation with trade-
publication and mainstream journalists, who now know to call the EFF 
offices for feedback on computer-related news items.  

	We are increasing our contacts with attorneys around the country 
who are involved in computer-related cases. It is hoped that these 
attorneys may ultimately become part of a network of attorneys who 
associate with EFF for the purpose of taking on pro bono cases in which 
EFF has an interest.  

	The EFF been working to provide the American Bar Association with 
input concerning judicial guidelines for the issuance of search warrants 
in computer- and BBS-related cases.


>>> MASSACHUSETTS COMPUTER CRIME BILL<<<

The EFF has drafted and is working for the passage of a computer crime 
bill, which has the backing of the Governor and Attorney General of 
Massachusetts. If passed, the bill will serve as model legislation in 
balancing  property and free speech interests.

Previously, a completely different version of the bill had passed both 
houses of the Massachusetts legislature and was sent to the Governor for 
his signature.  Thanks to the efforts of the Governor's Office and the 
Massachusetts Software Council, the bill came to our attention and we 
were able to persuade the Governor that, as originally written, it had a 
number of fundamental flaws, not the least of which was the unproven 
assumption that a bill that broadly criminalized whole ranges of 
computer-related activities was even called for. 

In fact, the original bill appeared to operate from the same set of 
assumptions that we have seen too often in other EFF activities:  an 
untested belief that more regulation is necessarily better and a 
disregard for the consequences of such an approach in stifling free 
speech and ordinary commerce.  The result was a bill which was both 
unwise as well as unconstitutional.

The preamble of the new  bill explicitly recognizes that the integrity 
of computer systems must be protected in a way that does not infringe on 
the rights of users of computer technology, including freedoms of 
speech, association, and privacy.

In its first provision, the bill makes it a crime to knowingly and 
without authorization access a controlled computer system with the 
intention of causing damage and actually cause damage in excess of 
$10,000.  The second provision of the bill is identical to the one above 
except that it covers activities undertaken with reckless disregard of 
the consequences as opposed to intent to cause damage, and it carries a 
lesser penalty.

The bill breaks new ground in the area of enforcement.  Prosecutions may 
be brought only by the Attorney General and only after guidelines are 
established to assure that searches of electronic media do not 
unnecessarily infringe on speech and privacy rights.  These guidelines 
must be consistent with the concerns stated in the preamble.

The bill also establishes a 17-person commission charged with 
recommending future legislation in this area.

Now that the Governor has sent the revised bill back to the Legislature, 
it is up to them.  We have met with the House and Senate sponsors of the 
bill and are cautiously optimistic that the bill can be passed in the 
waning days of the current legislative session.


>>>MEETINGS<<<

	On September 18 Mitch Kapor made a presentation about the EFF to 
the Computer Science and Telecommunications Board of the National 
Academy of Science and Engineering, of which he is a new member.  The 
Board is constituted to advise the government on technological issues 
with great social impact and generally consists of department chairs of 
well-known computer science departments and vice-presidents of research 
at major corporations.  

	The CSTB viewed the issues raised as extremely important and 
wanted to contribute to the advancement of the positions advocated by 
the EFF.  Mitch is working on follow-up proposal ideas, including the 
CSTB conducting a national "strategic forum" on computing and civil 
liberties.  This venue is potentially very important because 
recommendation of the CSTB carry a great deal of weight in the Congress.

	On September 26, Steve Jackson (Austin game publisher whose BBS 
and computer equipment was seized in a Secret Service raid), Terry Gross 
(EFF attorney), and Sheldon Zenner (the lawyer who represented Craig 
Neidorf) appeared on a panel at a general meeting of the Boston Computer 
Society to discuss computing and civil liberties.  They were very well 
received by an enthusiastic audience.

	On September 27, Mitch Kapor and Sheldon Zenner made  a 
presentation to the I4 group.  This is a select organization of 50 large 
corporations who support a program in computer security research at SRI, 
which is run by Donn Parker.   This was an important bridge-building 
session with the corporate world.  Dorothy Denning participated in the 
panel discussion which followed the presentations.

	On October 3-4, Dorothy Denning and Craig Neidorf attended the 
National Conference on Computer Security, Washington D.C.  

	On October 20th John Barlow gave a major address  at the annual 
meeting of Computer Professionals for Social Responsibility in San 
Fransisco on "Civilizing Cyberspace: Computers, Civil Liberties, and 
Freedom".

	On October 29, Harvey Silverglate and Mitch Kapor participated in 
a panel sponsored by Harvard's Office of Information Technology on 
"Electronic Communication and Political Freedom".  Gene Spafford of 
USENET fame was also present.  There was an audience of approximately 
100 people. 

	On October 30th Mitch appeared on a well-attended panel at MIT on 
intellectual-property reform.

	On November 7 Mitch spoke before the American Society for 
Information Science annual meeting in Montreal on EFF issues.

	John, Mitch, Steve Jackson,  John Gilmore and Rick Doherty  all 
attended Hackers 6.0, held this year at Lake Tahoe, on November 16-18.  
There was a very active session devoted to the EFF on Sunday, which 
generated much interest and converted a few skeptics.

                            -end-


************************************************************
***           EFF News #1.00: Article 3 of 7:            ***
***               Contributing to the EFF                ***
************************************************************

	We have filed a 501c3 application with the Internal Revenue 
Service to qualify for eligibility to receive tax-deductible 
contributions.  We expect to hear from the service within a few months.  
In the meantime, we can accept contributions now which will qualify for 
deductibility once our exemption is granted.

                            -end-


************************************************************
***           EFF News #1.00: Article 4 of 7:            ***
***       CPSR COMPUTING AND CIVIL LIBERTIES PROJECT     ***
***                  by Marc Rotenberg                   ***
***               (marci...@well.sf.ca.us)               ***
************************************************************


>>> UPCOMING CPSR POLICY ROUNDTABLE <<<

	CPSR will host the first Computing and Civil Liberties policy 
roundtable on February 21 and 22, 1991 at the American Association for 
the Advancement of Science in Washington, DC.  The purpose of the 
roundtable will be to bring together leading experts to explore two 
issues: free speech and computer networks, and searches of computer 
bulletin boards.  What speech restrictions currently exist?  Should 
federal agencies or private companies be allowed to restrict the content 
of a computer message and, if so, in what circumstances?  

	The second issue is the investigation of computer bulletin boards 
by law enforcement agents.  Are there any restrictions on the ways that 
police may monitor computer communications and computer bulletin boards?  
If not, should such restrictions be developed?

	  The conference is the first in a series of policy roundtables 
that will be held in Washington, DC and that are made possible with 
funding from the Electronic Frontier Foundation

                            -end-


************************************************************
***             EFF News #1.00: Article 5 of 7:          ***
***                  Why Defend Hackers?                 ***
***                     by Mitch Kapor                   ***
************************************************************


	An all-too-common perception of the EFF that prevails in the 
computer industry and those who report on it--from John Sculley to the 
Wall St. Journal--is that the EFF is an organization that has "something 
to do with hackers."   (They use "hackers" as a term not of approbation 
but of rebuke).   Most of these sometime colleagues and associates of 
mine  are puzzled as to why I would be doing such a thing.  (A few think 
I've just become a loony.) Anyway, they've heard about the terrible 
problems caused by hackers who break into computer systems, they worry 
that I'm out to defend such practices, and they disapprove.

	But their disapproval is based on the pure misconception that the 
EFF's purpose is to defend people's right to break into computer 
systems. Let me clear up that misconception now.

	I regard unauthorized entry into computer systems as wrong and 
deserving of punishment.  People who break into computer systems and 
cause harm should be held accountable for their actions.  We need to 
make appropriate distinctions in the legal code among various forms of 
computer crime based on such factors as intent and the degree of actual 
damage.  In fact, the EFF has drafted a bill that has the backing of the 
Governor and Attorney General of Massachusetts and that embodies these 
principles.

	But if the EFF isn't trying to advance the cause of computer 
hackers,  you may ask, what is it doing and why?  What is it that was 
sufficiently powerful to motivate me to help start a whole organization?

	As I began to find out the real story behind  government raids and 
indictments last summer,  I became incensed at the fact that innocent 
individuals were getting caught up in the blundering machinations of 
certain law enforcement agencies and large corporations.  These were 
kids really, young people with whom I identified, who faced the prospect 
of having their lives ruined.

	Take Craig Neidorf, for example. Neidorf, a 20-year-old college 
student and the publisher of an electronic newsletter,  was indicted on 
felony charges of wire fraud and interstate transportation of stolen 
property.  Neidorf had published a document about administrative 
procedures used in the 911 emergency response telephone system that 
someone else had removed from a BellSouth computer.  On the fourth day 
of the trial, the prosecution dropped the case after it became clear 
that the information in the "highly confidential" BellSouth document at 
issue was publicly available for less than $20.

	Justice was served by the government's decision to drop the case, 
but it was expensive justice.  Neidorf and his family face $100,000 in 
legal bills, to say nothing of the disruption and suffering caused by 
the trial for an action that should never have been brought against him 
to begin with.  And the prosecution has had a chilling effect on 
Neidorf, who has stopped publishing PHRACK.

	In a second case, the EFF continues to assist Steve Jackson, a 
game manufacturer in Austin, Texas, who has suffered substantial 
business losses after a Secret Service raid in early March resulted in 
the seizure of his BBS and of his forthcoming fantasy gamebook GURPS 
Cyberpunk.  The seizure of Jackson's computer equipment caused him to 
lay off nearly half of his staff and threatened the survival of the 
business.  As subsequent revelations have showed, there was no good 
reason for this raid.  It never should have been permitted to occur in 
the first place.  

	While helping defend the innocent is one role for the EFF to play,  
there is more at stake than trying to prevent individuals from being 
wronged. It is also a matter of rights for all of us.

	The actions taken against Craig Neidorf and Steve Jackson -- the 
prosecution of an electronic publisher and the seizure of a BBS and an 
electronically stored book-in-progress -- demonstrate governmental 
disregard of the fundamental constitutional right of freedom of speech
I believe it is terribly important to extend to these new digital media 
the same strong First Amendment protections of freedom of speech and 
freedom of expression which we enjoy in our own lives and in the print 
media.   The government should not be able to seize a bulletin board any 
more easily than they can seize a printing press.  We must find ways for 
law enforcement to do its job in protecting the property interests of 
some of us without violating the freedom of speech of the rest of us.  
This is clearly a matter of protecting civil liberties and thus familiar 
to those who take an interest in upholding the Bill of Rights,  but it 
is also more than that.

	These embryonic media of electronic mail, computer bulletin boards 
and conferencing systems, provide open forums of communication.  They 
are  a healthy antidote to the corrosive effects of the power of large, 
centralized institutions, private and public,  and to the numbness 
induced by one-way, least-common-denominator mass media.

	In the physical world, our sense of community withers.   Urban 
centers as places to live are being abandoned by all who can afford to 
leave.   In the global suburbs in which more and more of us live, one's 
horizon is limited to the immediate family.  Even close neighbors are 
often anonymous.  

	In the realities that can be created within digital media there 
are opportunities for the formation of virtual communities--voluntary 
groups who come together not on the basis of geographical proximity but 
through a common interests.  Computer and telecommunications systems 
represent an enabling technology for the formation of community, but 
only if we make it so.   I believe it is urgent, as a matter of national 
policy, that we encourage and further stimulate the social experiments 
and developing infrastructure that are taking place on the Net every 
day.   The ultimate mission of the EFF is to help articulate this vision 
and play a constructive role in the working out of the new legal and 
social norms which we are faced with developing.

	As John Barlow and I meditated together last June on the broader 
implications of the initial events --a meditation that catalyzed the 
formation of the EFF--we could see that what was at stake was not merely 
seeing justice be served in the case of a few individuals, nor simply 
the preservation of  the civil liberties of all of us, although these 
goals are vitally important.

	The larger issue is how our society will come to terms with the 
onrush of transformative technology. If we take the right steps now--and 
EFF is working to take those steps--new and increasing access to 
information technology will enhance rather than inhibit the positive 
growth and development of individuals, of communities, and of society as 
a whole.

                            -end-



************************************************************
***             EFF News #1.00: Article 6 of 7:          ***
***         The Lessons of the Prodigy Controversy       ***
************************************************************

	
	Many EFF supporters have asked what position, if any, the 
Electronic Frontier Foundation has taken with regard to the recent 
dispute between the online service Prodigy and a large, vocal subset of 
its users.

	Although EFF is not involved at the moment in any activities 
directly relating to the Prodigy dispute, we believe that the dispute 
touches some basic issues with which we are very concerned, and that it 
illustrates the potential dangers of allowing private entities such as 
large corporations to try and dictate the market for online electronic 
services.

	Although Prodigy, a joint project sponsored by Sears and IBM, has 
been available in some cities since October 1988, national availability 
of the service and a big advertising campaign only began this fall. New 
users who signed on during the membership  push would receive, for a 
single monthly fee of $12.95, access to all Prodigy services, which 
included online shopping, a news service, and a flight-scheduling 
service. The flat monthly rate was a major selling point.

	Prodigy was originally intended to become an electronic shopping 
mall,, where consumers could directly order goods and services. While 
the top portion of a Prodigy user's computer display is dedicated to 
whatever information Prodigy is providing the user (an encyclopedia, 
say, or a summary of the day's news), an area along the bottom of the 
screen is devoted to advertising various consumer goods and services.

	Among the services Prodigy provides is a public conferencing 
system, analogous in some ways to a computer bulletin-board system 
(BBS), but national in scope. Users can carry on public discussions of 
topics ranging from politics to health issues.

	Prodigy management has hired editors "with journalistic 
backgrounds" to review messages for suitability before they are allowed 
to be publicly posted. The member agreement allows the management to 
limit public discussions of topics and to edit postings of individual 
members for obscenity or illegal content ... or for anything else, at 
Prodigy's discretion. 

	The result of this broad management prerogative? One member is 
reported to have had his posting about population problems in Catholic 
countries censored, presumably out of the editors' fear that Catholic 
users would be offended. More significantly, some whole discussion 
topics, including a debate between Christian fundamentalists and gay 
activists, have been removed without warning from the conferences.

	But what bothers the Prodigy protesters is not just that 
particular topics are censored--it's that the censorship is capricious. 
"That's one of the most frustrating things--you can't even predict 
what's going to be censored and what isn't," says Henry Niman, a cancer 
researcher who later become one of the leaders of a user protest of 
Prodigy.

	The initial solution to the censorship problem was simple: Take 
the discussions to e-mail. Prodigy users began to rely on a mailing-list 
feature of the program to continue their (now-uncensored) discussions.

	But soon a crisis had brewed. The Prodigy users who had been told 
to take their no-longer-welcome public discussions to e-mail were now 
being told that they wouldn't be able to use the e-mail service at the 
flat rate any longer. Instead, each account would get 30 free messages 
per month, with a charge of 25 cents per message  thereafter. This 
meant, in effect, the end of the mailing lists, since just a few 
mailings could exhaust a user's free-message quota and rack up sizable 
charges. And it was disappointing as well to many non-mailing-list 
users, some of whom are disabled, who rely on Prodigy as a major social 
outlet.

	The result of this policy change was predictable: irate Prodigy 
users began to protest, complaining on Prodigy's public boards about the 
new usage fee and attempting to organize a write-in campaign notifying  
Prodigy's management and--when management turned a deaf ear to their 
protests--its advertisers of their disaffection. Prodigy management 
responded by terminating the accounts of 12 of the protestors, claiming 
that the protestors had violated their membership agreements, which 
forbade "harassment."

	Prodigy  management justifies the usage fees by arguing that their 
original hardware setup couldn't support the increases in electronic 
traffic.  The new policies were adopted to curb what management 
perceived as flagrant abuses of  electronic mail privileges by a tiny 
minority of users.  And, a Prodigy spokesman insists, the time Prodigy 
customers spend in e-mail is time that they aren't buying from Prodigy's 
advertisers. (Prodigy claims that ads are not visible during electronic 
mail; Prodigy users say this claim is misleading, and that while ads are 
invisible at some points while editing and reading e-mail, they're 
nevertheless visible elsewhere during e-mail sessions.)

	Of course, in many ways the issue of the fees for e-mail is a 
superficial one. The only reason a significant fraction of users began 
to rely on mass mailings is that they were barred from public discussion 
of issues on Prodigy's public message bases.

	The Prodigy experience to date reveals a serious mismatch between 
the expectations of Prodigy's management and its customers. Here the 
market clearly seemed to want unrestricted public conferencing and 
electronic mail. But as demand for these features has mounted, the 
supplier, rather than trying to satisfy its customers, has cut back on 
the features' availability because it did not correspond to or fit with 
the company's view of the purpose of the service.  To the extent to 
which this type of thinking is representative of the general way large 
commercial interests may offer on-line services, it clearly represents a 
turning away from the use of digital media as open forums of public 
communication.  In the extreme case, in a situation in which Prodigy and 
its commercial competition all choose to censor and control 
communication on their services, the public interest will not be well 
served.

	"It is necessary to consider decisions that Prodigy is making 
carefully,"  Jerry Berman, director of the American Civil Liberties 
Union's Information Technology Project, told the New York Times last 
month. "We have no comparable models in the computer era," he said, "but 
we should be concerned if systems such as Prodigy become the rule. 
Instead of expanding speech, we'll have electronic forums that are quite 
limited."

	It is clear that Prodigy management is uncomfortable with the 
notion of a free forum; they have chosen to describe their service as a 
"publication" rather than as a forum precisely because they want to have 
an editor's prerogatives to dictate, absolutely, what the content of the 
"publication" will be.

	We at EFF do not dispute that Prodigy is acting within its rights 
as a private concern  when it dictates restrictions on how its system is 
used. We do think, however, that the Prodigy experience has a bearing on 
EFF interests in a couple of ways.

	First, it demonstrates that there is a market--a perceived public 
need--for services that provide electronic mail and public conferencing.

	Second, it illustrates the fallacy that "pure" market forces 
always can be relied upon to move manufacturers and service providers in 
the direction of open communications. A better solution, we believe, is 
a national network-access policy that, at the very least, encourages 
private providers to generate the kind of open and unrestricted network 
and mail services that the growing computer-literate public clearly 
wants.

                            -end-

************************************************************
***             EFF News #1.00: Article 7 of 7:          ***
***  How Prosecutors Misrepresented the Atlanta Hackers  ***
************************************************************

	Although the Electronic Frontier Foundation is opposed to 
unauthorized computer entry, we are deeply disturbed by the recent 
sentencing of Bell South hackers/crackers Riggs, Darden, and 
Grant. Not only are the sentences disproportionate to the nature 
of the offenses these young men committed, but, to the extent the 
judge's sentence was based on the prosecution's sentencing 
memorandum, it relied on a document filled with 
misrepresentations.

	Robert J. Riggs, Franklin E. Darden, Jr., and Adam E. Grant  
were sentenced Friday, November 16 in federal court in Atlanta. 
Darden and Riggs had each pled guilty to a conspiracy to commit 
computer fraud, wire fraud, access-code fraud, and interstate 
transportation of stolen property. Grant had pled guilty to a 
separate count of possession of access codes with intent to 
defraud.

	All received prison terms; Grant and Darden, according to a 
Department of Justice news release, "each received a sentence of 
14 months incarceration (7 in a half-way house) with restitution 
payments of $233,000." Riggs, said the release, "received a 
sentence of 21 months incarceration and $233,000 in restitution." 
In addition, each is forbidden to use a computer, except insofar 
as such use may be related to employment, during his post-
incarceration supervision.

	The facts of the case, as related by the prosecution in its 
sentencing memorandum, indicate that the defendants gained free 
telephone service and unauthorized access to BellSouth computers, 
primarily in order to gain knowledge about the phone system. 
Damage to the systems was either minimal or nonexistent.
Although it is well-documented that the typical motivation of 
phone-system hackers is curiosity and the desire to master complex 
systems (see, e.g., HACKERS: HEROES OF THE COMPUTER REVOLUTION, 
Steven Levy, 1984), the prosecution attempts to characterize the 
crackers as major criminals, and misrepresents facts in doing so.

	Examples of such misrepresentation include:

	1) Misrepresenting the E911 file. 

	The E911 file, an administrative document, was copied by 
Robert Riggs and eventually published by Craig Neidorf in the 
electronic magazine PHRACK. Says the prosecution: "This file, 
which is the subject of the Chicago [Craig Neidorf] indictment, is 
noteworthy because it contains the program for the emergency 911 
dialing system. As the Court knows, any damage to that very 
sensitive system could result in a dangerous breakdown in police, 
fire, and ambulance services. The evidence indicates that Riggs 
stole the E911 program from BellSouth's centralized automation 
system (i.e., free run of the system). Bob Kibler of BellSouth 
Security estimates the value of the E911 file, based on R&D costs, 
is $24,639.05."

	This statement by prosecutors is clearly false. Defense 
witnesses in the Neidorf case were prepared to testify that the 
E911 document was not a program, that it could not be used to 
disrupt 911 service, and that the same information could be 
ordered from Bell South at a cost of less than $20. Under cross-
examination, the prosecution's own witness admitted that the 
information in the E911 file was available in public documents, 
that the notice placed on the document stating that it was 
proprietary was placed on all Bell South documents (without any 
prior review to determine whether the notice was proper), and that 
the document did not pose a danger to the functioning of the 911 
system.

	 2) Guilt by association.

	The prosecution begins its memorandum by detailing two 
crimes: 1) a plot to plant "logic bombs" that would disrupt phone 
service in several states, and 2) a prank involving the rerouting 
of calls from a probation office in Florida to "a New York Dial-A-
Porn number."

	Only after going to some length describing these two crimes 
does the prosecution state, in passing, that *the defendants were 
not implicated in these crimes.*

	3) Misrepresentation of motives.
	
	As we noted above, it has been documented that young phone-
system hackers are typically motivated by the desire to understand 
and master large systems, not to inflict harm or to enrich 
themselves materially. Although the prosecution concedes that 
"[d]efendants claimed that they never personally profited from 
their hacking activities, with the exception of getting 
unauthorized long distance and data network service," the 
prosecutors nevertheless characterize the hackers' motives as 
similar to those of extortionists: "Their main motivation [was to] 
obtain power through information and intimidation." The 
prosecutors add that "In essence, stolen information equalled 
power, and by that definition, all three defendants were becoming 
frighteningly powerful."

	The prosecution goes to great lengths describing the crimes the 
defendants *could* have committed with the kind of knowledge they had 
gathered.	The prosecution does not mention, however, that the mere 
possession of *dangerous* (and non-proprietary) information is not a 
crime, nor does it admit, explicitly, that the defendants never 
conspired to cause such damage to the phone system.

	Elsewhere in the memorandum, the prosecution attempts to 
suggest the defendants' responsibility in  another person's crime. 
Because the defendants "freely and recklessly disseminated access 
information they had stolen," says the memorandum, a 15-year-old 
hacker committed $10,000 in electronic theft. Even though the 
prosecution does not say the defendants intended to facilitate 
that 15-year-old's alleged theft, the memorandum seeks to 
implicate the defendants in that theft. 

	4) Failure to acknowledge the outcome of the Craig Neidorf 
case. 

	In evaluating defendants' cooperation in the prosecution of 
Craig Neidorf, the college student who  was prosecuted for his 
publication of the E911 text file in an electronic newsletter, the 
government singles out Riggs as being less helpful than the other 
two defendants, and recommends less leniency because of this. Says 
the memorandum: "The testimony was somewhat helpful, though the 
prosecutors felt defendant Riggs was holding back and not being as 
open as he had been in the earlier meeting." The memorandum fails 
to mention, however, that Riggs's testimony tended to support 
Neidorf's defense that he had never conspired with Riggs to engage 
in the interstate transportation of stolen property or that the 
case against Neidorf was dropped. Riggs's failure to implicate 
Neidorf in a crime he did not commit appears to have been taken by 
prosecutors as a lack of cooperation, even though Riggs was simply 
telling the truth.

Sending a Message to Hackers?

	Perhaps the most egregious aspect of the government's 
memorandum is the argument that Riggs, Grant, and Darden should be 
imprisoned, not for what *they* have done, but send the right 
"message to the hacking community." The government focuses on the 
case of Robert J. Morris Jr., the computer-science graduate 
student who was sentenced to a term of probation in May of this 
year for his reckless release of the worm program that disrupted 
many computers connected to the Internet. Urging the court to 
imprison the three defendants, the government remarked that 
"hackers and computer experts recall general hacker jubilation 
when the judge imposed a probated sentence. Clearly, the sentence 
had little effect on defendants Grant, Riggs, and Darden."

	The government's criticism is particularly unfair in light 
of the fact that the Morris sentencing took place almost a year 
*after* the activities leading to the defendants' convictions! (To 
have been deterred by the Morris sentencing the Atlanta defendants
would have to have been able to foretell the future.) 

	The memorandum raises other questions besides those of the 
prosecutors' biased presentation of the facts. The most 
significant of these is the government's uncritical acceptance of 
BellSouth's statement of the damage the defendants did to its 
computer system. The memorandum states that "In all, [the 
defendants] stole approximately $233,880 worth of logins/passwords 
and connect addresses (i.e., access information) from BellSouth. 
BellSouth spend approximately $1.5 million in identifying the 
intruders into their system and has since then spent roughly $3 
million more to further secure their network."

	It is unclear how these figures were derived. The stated 
cost of the passwords is highly questionable: What is the dollar 
value of a password? What is the dollar cost of replacing a 
password?

	And it's similarly unclear that the defendants caused 
BellSouth to spend $4.5 million more than they normally would have 
spent in a similar period to identify intruders and secure their 
network. Although the government's memorandum states that "[t]he 
defendants ... have literally caused BellSouth millions of dollars 
in expenses by their actions," the actual facts as presented in 
the memorandum suggest that BellSouth had *already embarked upon 
the expenditure of millions of dollars* before it had heard 
anything about the crimes the defendants ultimately were alleged 
to have committed. Moreover, if the network was insecure to begin 
with, wouldn't BellSouth have had to spend money to secure it 
regardless of whether the security flaws were exploited by 
defendants?

	The Neidorf case provides an instructive example of what 
happens when prosecutors fail to question the valuations a 
telephone company puts on its damages. But the example may not 
have been sufficiently instructive for the federal prosecutors in 
Atlanta.

	Not only are there questions about the justice of the 
restitution requirement in the sentencing of Riggs, Darden, and 
Grant, but there also are Constitutional issues raised by the 
prohibition of access to computers. The Court's sentencing 
suggests a belief that anything the defendants do with computers 
is likely to be illegal; it ignores the fact that computers are a 
communications medium, and that the prohibition goes beyond 
preventing future crimes by the defendants--it treads upon their 
rights to engage in lawful speech and association.

	EFF does not support the proposition that computer intrusion 
and long-distance theft should go unpunished. But we find highly 
disturbing the misrepresentations of facts in the prosecutors' 
sentencing memorandum as they seek disproportionate sentences for 
Riggs, Darden, and Grant--stiff sentences that supposedly will 
"send a message" to the hackers and crackers.

	The message this memorandum really sends is that the 
government's presentation of the facts of this case has been been 
heavily biased by its eagerness to appear to be deterring future 
computer crime.


                  -end EFF News #1.00-