Computer underground Digest Sun, Nov 30, 1991 Volume 3 : Issue 42 Moderators: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) CONTENTS, #3.42 ( November 30, 1991) File 1-- Moderators' Corner File 2-- CPSR FOIAs Secret Service File 3-- Responses to CPSR's FOIA Requests File 4-- Why Covert Surveillance is Wrong Issues of CuD can be found in the Usenet alt.society.cu-digest news group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL0 and DL12 of TELECOM, on Genie, on the PC-EXEC BBS at (414) 789-4210, and by anonymous ftp from ftp.cs.widener.edu (147.31.254.132), chsun1.spc.uchicago.edu, and ftp.ee.mu.oz.au. To use the U. of Chicago email server, send mail with the subject "help" (without the quotes) to archive-server@chsun1.spc.uchicago.edu. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. Some authors do copyright their material, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to the Computer Underground. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Thu, 30 Nov 91 9:39:58 EST From: Moderators Subject: File 1-- Moderators' Corner We promised Sheldon Zenner's response to Bill Cook's opening statement in the Phrack/Knight Lightning trial, but a backlog of material will delay it for about two issues. This issue is devoted to the revelation of Secret Service covert surveillance of legal public activity announced by CPSR (see Craig Neidorf's file below). A lively discussion appeared in Telecom Digest (to subscribe via e-mail, contact moderator Pat Townson at: telecom@eecs.nwu.edu), which we reprint for the many readers who lack Usenet access. From information slowly emerging from FOIA requests by CPSR, Glen Roberts (publisher of _Full Disclosure_), and CuD, it appears that the Secret Service clearly overstepped its bounds. Gordon Meyer, co-editor of CuD, was investigated as a "hacker" on the basis of his association with "suspected hackers" when collecting information for his M.A. thesis. It is clear from released files that Secret Service investigators had little understanding of what the information they obtained, and this led to exaggerated interpretations and demonizing of activity that was otherwise legal. Because cyberspace is a new frontier in which the norms and laws governing it are still emerging, it is crucial that the limits establishing what law enforcement may or may not do in the new frontier be examined and debated. For those who feel that Constitutional protections should extent into computer-mediated communication, the Secret Service actions are of special concern. ------------------------------ Date: Fri, 22 Nov 1991 16:51:43 -0500 From: Craig Neidorf Subject: File 2-- CPSR FOIAs Secret Service *** *** *** *** *** *** *** *** *** *** *** *** *** Craig Neidorf - Washington Intern Electronic Frontier Foundation 666 Pennsylvania Avenue, SE Suite 303 Washington, D.C. 20003 (202)544-9237 Voice (202)547-5481 FAX *** Attribute no comment contained in this message to the *** *** Electronic Frontier Foundation unless explicited stated! *** The Secret Service's response to Computer Professionals for Social Responsibility's (CPSR) Freedom of Information Act (FOIA) request has raised new questions about the scope and conduct of the agency's "computer crime" investigations. The documents disclosed to CPSR reveal that the Secret Service monitored communications sent across the Internet. The materials released through the FOIA include copies of many electronic newsletters, digests, and Usenet groups including "comp.org.eff.talk," "comp.sys.att," "Computer Underground Digest" (alt.cud.cu-digest)," "Effector Online," "Legion of Doom Technical Journals," "Phrack Newsletter," and "Telecom Digest (comp.dcom. telecom)". Currently, there is no clear policy for the monitoring of network communications by law enforcement agents. A 1982 internal FBI memorandum indicated that the Bureau would consider monitoring on a case by case basis. That document was released as a result of a separate CPSR lawsuit against the FBI. Additionally, we have found papers that show Bell Labs in New Jersey passed copies of Telecom Digest to the Secret Service. The material (approximately 2500 pages) also suggests that the Secret Service's seizure of computer bulletin boards and other systems may have violated the Electronic Communications Privacy Act of 1986 and the Privacy Protection Act of 1980. Two sets of logs from a computer bulletin board in Virginia show that the Secret Service obtained messages in the Spring of 1989 by use of the system administrator's account. It is unclear how the Secret Service obtained system administrator access. It is possible that the Secret Service accessed this system without authorization. The more likely explanation is that the agency obtained the cooperation of the system administrator. Another possibility is that this may have been a bulletin board set up by the Secret Service for a sting operation. Such a bulletin board was established for an undercover investigation involving pedophiles. The documents we received also include references to the video taping of SummerCon, a computer hackers conference that took place in St. Louis in 1988. The Secret Service employed an informant to attend the conference and placed hidden cameras to tape the participants. The documents also show that the Secret Service established a computer database to keep track of suspected computer hackers. This database contains records of names, aliases, addresses, phone numbers, known associates, a list of activities, and various articles associated with each individual. CPSR is continuing its efforts to obtain government documentation concerning computer crime investigations conducted by the Secret Service. These efforts include the litigation of several FOIA lawsuits and attempts to locate individuals targeted by federal agencies in the course of such investigations. For additional information, contact: dsobel@washofc.cpsr.org (David Sobel) ------------------------------ Date: Thu, 30 Nov 91 10:44: 41 CST From: Moderators Subject: File 3--Responses to CPSR (Reprinted from Telecom Digest) ((Moderators' note: The following responses to the CPSR FOIA notice appeared in Telecom Digest. The posts raise crucial issues of monitoring public behavior in the grey area of legitimate investigation and unacceptable law enforcement behavior). Date: Sat, 23 Nov 1991 15:43:39 -0600 From: TELECOM Moderator Subject: Re: CPSR FOIAs U.S. Secret Service In TELECOM Digest V11 #953, Craig Neidorf tells of efforts by the Computer Professionals For Social Responsibility to seek out evidence of U.S. Secret Service activity relating to investigations that agency has undertaken. TELECOM Digest was mentioned as one electronic journal apparently examined as part of one or more investigations. Perhaps Craig thought that seeing this journal in the agency's files would somehow excite (or incite?) me to action. Well, he is right. I was motivated to write this response. > The Secret Service's response to Computer Professionals for Social > Responsibility's (CPSR) Freedom of Information Act (FOIA) request has > raised new questions about the scope and conduct of the agency's > "computer crime" investigations. The documents disclosed to CPSR > reveal that the Secret Service monitored communications sent across the > Internet. Since the Internet is a government-owned and managed resource in cooperation with numerous publicly funded institutions and others, it is fair game for anyone who wishes to 'monitor' its traffic, provided that traffic is intended for public consumption and display, as are the various e-journals and newsgroups. Anyone is free -- even members of CPSR -- to interconnect with this network and read the newsgroups or subscribe to the various e-journals. Craig makes it sound, in his context, like the Secret Service did something wrong. In this instance, they did not. > The materials released through the FOIA include copies of > many electronic newsletters, digests, and Usenet groups including > "comp.org.eff.talk," "comp.sys.att," "Computer Underground Digest" > (alt.cud.cu-digest)," "Effector Online," "Legion of Doom Technical > Journals," "Phrack Newsletter," and "TELECOM Digest (comp.dcom. > telecom)". Well I don't know about those other guys mentioned here, but I have no problem with TELECOM Digest being in anyone's files. > Currently, there is no clear policy for the monitoring > of network communications by law enforcement agents. A 1982 internal > FBI memorandum indicated that the Bureau would consider monitoring on a > case by case basis. Well, why should there be a 'clear policy'? That which is available to the public is available to anyone, including employees of government agencies. If I can read it, take offense to it and (feeling it might be a criminal action) report it to authorities, then why can't an employee of the Secret Service read something here, feel the same way and report the matter? Or conversely, why can't any member of the public read something here, be disinterested in it or bored by it and forget the matter. > Additionally, we have found papers that show Bell Labs in New > Jersey passed copies of TELECOM Digest to the Secret Service. FYI, I have numerous names on the mailing matrix for TELECOM Digest of people associated with various government agencies, including the Secret Service, the IRS and many others. I ask for one thing from people who wish to subscribe: an interest in telecommunications policy and practice; and an enthusiasm for understanding telecommunications in an intellectually and ethically honest way. I specifically forbid and repudiate copyright of TELECOM Digest in the hopes people will share their understanding and ideas with others. If Craig's implication here is that there was something sneaky about the passing of the Digest to the Secret Service, then he is entitled to think that way; my answer is that had I known someone at Bell Labs was going to all that trouble (passing along issues of the Digest) I would have added the names of the interested parties to the matrix here, or started yet another expansion mailing list (there are currently over 100 such expansion mailing lists serviced from the main list here). > Another possibility is that this may have been a bulletin board set > up by the Secret Service for a sting operation. Such a bulletin board > was established for an undercover investigation involving pedophiles. I think that's an admirable goal ... investigating pedophiles. > The documents we received also include references to the video > taping of SummerCon, a computer hackers conference that took place in > St. Louis in 1988. The Secret Service employed an informant to attend > the conference and placed hidden cameras to tape the participants. Well again, a public event is a public event. It was advertised widely and people were invited to attend. That which can be seen with the eyes does not become forbidden to view later through the lens of a camera for strictly that reason alone. > The documents also show that the Secret Service established a computer > database to keep track of suspected computer hackers. This database > contains records of names, aliases, addresses, phone numbers, known > associates, a list of activities, and various articles associated with > each individual. Not that you would ever keep any computer database of people with interests like your own ....:) > CPSR is continuing its efforts to obtain government documentation > concerning computer crime investigations conducted by the Secret > Service. These efforts include the litigation of several FOIA lawsuits > and attempts to locate individuals targeted by federal agencies in the > course of such investigations. Fine ... you do your thing. But let me make it perfectly clear you do not speak for Patrick Townson and/or TELECOM Digest, although you may speak for various readers of the Digest who have asked you to represent them or speak for them. I have no problem whatsoever with the Secret Service or any other government agency reading what I publish here. They don't have to sneak around reading it. > For additional information, contact: > dsobel@washofc.cpsr.org (David Sobel) By all means, dear readers, contact CPSR if you want more information, but as for myself, I support government efforts to crack down on computer crime, and electronic invasion of computers by unauthorized users. I do not support organizations which would deny the government the right to participate in any public forum. Email is a whole different matter ... notice I have not mentioned it once today. I am talking about newsgroups and public mailing lists. Patrick Townson ++++++++++++++++++++++++++++++++++++++ Date: Sat, 23 Nov 1991 21:09 EST From: Paul Coen Subject: Re: CPSR FOIAs U.S. Secret Service Sorry, Pat. While I often agree with what you say, I'm going to have to disagree on a few points here. > Since the Internet is a government-owned and managed resource in > cooperation with numerous publicly funded institutions and others, it > is fair game for anyone who wishes to 'monitor' its traffic, provided > that traffic is intended for public consumption and display, as are > the various e-journals and newsgroups. That's a matter of perception. My description is that the Internet started as a DARPA project, and quickly grew. Now, only a portion of it is under government control. The international sites certainly aren't. While I agree that the federal government has a vested interest in what's on the .mil and .gov sites, or what is going over lines that the federal government is paying for, that's not a whole lot of the net these days. I'd certainly stop short of saying that it is "government owned." > Anyone is free -- even members of CPSR -- to interconnect with this > network and read the newsgroups or subscribe to the various > e-journals. Craig makes it sound, in his context, like the Secret > Service did something wrong. In this instance, they did not. You're right -- anyone is free, including the Secret Service. More on this later, as this actually raises questions about the Secret Service's behavior. > Well I don't know about those other guys mentioned here, but I have no > problem with TELECOM Digest being in anyone's files. Yes, but did all of the people who made contributions realize that it could end up in a file pertaining to a Secret Service investigation? > Well, why should there be a 'clear policy'? That which is available > to the public is available to anyone, including employees of > government agencies. If I can read it, take offense to it and (feeling > it might be a criminal action) report it to authorities, then why > can't an employee of the Secret Service read something here, feel the > same way and report the matter? Or conversely, why can't any member > of the public read something here, be disinterested in it or bored by > it and forget the matter. This is a tough issue -- if the net is considered "public behavior," and statements made here are not criminal in nature (none in TELECOM Digest have been to date -- ie, no credit card numbers :), then why should it end up in a Secret Service file? Doesn't it then become government monitoring legal public activities/statements by citizens? Sorry, that's a bit too much like a police state for my liking, in flavor if not degree. > FYI, I have numerous names on the mailing matrix for TELECOM Digest of > people associated with various government agencies, including the > Secret Service, the IRS and many others. I ask for one thing from > people who wish to subscribe: an interest in telecommunications policy > and practice; and an enthusiasm for understanding telecommunications > in an intellectually and ethically honest way. I specifically forbid > and repudiate copyright of TELECOM Digest in the hopes people will > share their understanding and ideas with others. Do you really think the people who placed those excerpts in the files were interested in telecom issues? Or in who was saying what? Not the people who passed them on, but the "investigators." (Using the term loosely -- Foley certainly wasn't much of an investigator IMO.) > Not that you would ever keep any computer database of people with > interests like your own ....:) Of course, who knows how many people are in that database that shouldn't be -- considering that the Secret Service seemed to think that the statement that Kermit is a file transfer protocol used on mainframes was so serious. I'm surprised that they haven't busted Digital Press and confiscated the MS-Kermit User's Guide :). > By all means, dear readers, contact CPSR if you want more information, > but as for myself, I support government efforts to crack down on > computer crime, and electronic invasion of computers by unauthorized > users. I do not support organizations which would deny the government > the right to participate in any public forum. The problem is that you are dealing with two different entities here. On the one hand, you have the individual government employee, who has a right to participate in a public forum, and on the other, you have a governmental investigation agency, represented by that individual. Unless it clearly relates to the commission of a crime, or it falls under the heading of "expert opinion," relating to an issue under investigation (and no copyrights are violated), the government should not be placing legal, public statements in the record of a criminal investigation is out of line. Sure, they can read it -- but to place it in that file implies that there is something wrong with the statement. Considering law-enforcement infiltration of legal lobbying groups who disagree with policy, and other abuses, you really have to wonder who is more paranoid -- extreme privacy advocates who would deny the government any role, or the agents of the government. These folks really seem to feel that anyone is a potential threat. And winding up, even by accident or chance, in one of their files is not a trivial matter. It can cost you security clearance, it can cost you a job, a promotion, or an appointment. It's very easy for a paper-pusher to get the idea that "it's all criminals on these here groups," based on the appearance of excerpts in files (why else would they be there -- remember Ed Meese's "innocent people aren't accused of crimes" comment?) -- so anyone who posts must not be trustworthy. The government understanding of the net is not yet mature enough to assume that they're not going to react that way. So far, they've been pretty predictable. Paul Coen, pcoen@drew.drew.edu, pcoen@drew.bitnet ++++++++++++++++++++++++++++++++++++++ Date: Sun, 24 Nov 91 01:09 PST From: john@zygot.ati.com (John Higdon) Subject: Re: CPSR FOIAs U.S. Secret Service On Nov 23 at 16:46, TELECOM Moderator writes: > I have no problem whatsoever with > the Secret Service or any other government agency reading what I > publish here. They don't have to sneak around reading it. They why do they behave in this manner? The fact is they DO sneak around when indeed getting a subscription would be no problem at all. After dealing with FBI and telco security types for the past couple of years, I have come to believe that they would figure out a complex and covert way to glean some information even if it was painted in ten-foot high letters on Shasta Dam. The fact of the matter is that many of these gum shoes are in way over their heads on a lot of this computer stuff and it is a full time job to keep from looking like the horse's ass. And most of the time they are not successful. Secret Service and FBI types have no idea what is "sensitive" and what is garbage. I have seen agents pore over documents in a case that I would not even fish out of the trash. Most amusing was watching a telco security person fawn over a box of "evidence" that was filled with stuff supposedly "stolen" from Pac*Bell that I would pay you to remove from my garage. It was garbage that even Pac*Bell has not used in any way for over thirty years. Unlike Patrick, I have little or no faith and confidence in law enforcement when it comes to "hackers". Even the "experts" I have met on that side of the fence tend to drool a bit and would have not a clue concerning who and what was "dangerous" or not. For all the seizures and raids that have occurred we have seen precious little in terms of court action and that which actually has landed in court has proven my point. It is unfortunate that more enlightenment has not managed to find its way into government's enforcement arm in the form of knowledgeable personnel. But what can you expect when even the laws dealing with these "crimes" are confusing and inadequate. You have policemen enforcing laws they do not understand, serving warrants issued by judges who have not a clue, and occasionally, courts dispensing justice in the dark. Until you have personally witnessed the wheels of enforcement and justice grind away on the field of computers and telecommunications, you cannot grasp the pitiful nature of these processes, nor comprehend the damage that is being done to rights and protections that we all used to take for granted. I cannot believe that Patrick would be so gung-ho on this matter if he could see the reality of what he euphemistically refers to as "enforcement" and "justice". It could not be a bigger joke. > By all means, dear readers, contact CPSR if you want more information, > but as for myself, I support government efforts to crack down on > computer crime, and electronic invasion of computers by unauthorized > users. Surely you cannot be referring to any of the efforts to date. I have personally looked into many of these efforts, some in great detail, and am horrified at what misguided efforts these are. To be honest, these efforts are also as ineffective as they are unnecessarily harsh. > I do not support organizations which would deny the government > the right to participate in any public forum. Since when is sneaking around obtaining covert copies of a forum's output "participation"? I support organizations that strive to ensure that the government operate within the framework of laws and the constitution, regardless of how "important" and "urgent" the matters under investigation may be represented by that government. > Email is a whole different matter ... notice I have not mentioned it > once today. I am talking about newsgroups and public mailing lists. A thin line, to be sure. A line that most (if not all) enforcement agencies have no problem crossing. ++++++++++++++++++++++++++++++++++++++ Date: Sun, 24 Nov 1991 10:22:27 -0500 (EST) From: NIEBUHR@BNLCL6.BNL.GOV (Dave Niebuhr, BNL CCD, 516-282-3093) Subject: Re: CPSR FOIAs U.S. Secret Service Pat's rebuttal to Craig Neidorf's article fits my perspective 100% when it comes to using a public access media such as Usenet. I feel that if I put something onto it, then I'm willing to have anyone read what I want to say. Conversely, if I don't want anyone to see it, then I don't post it. Good show, Pat. ++++++++++++++++++++++++++++++++++++++ From: Mike Godwin Subject: Re: CPSR FOIAs U.S. Secret Service Date: Sun, 24 Nov 91 11:52:16 EST Pat writes: > By all means, dear readers, contact CPSR if you want more > information, but as for myself, I support government efforts to > crack down on computer crime, and electronic invasion of computers by > unauthorized users. I do not support organizations which would deny > the government the right to participate in any public forum. It should be noted that the Electronic Frontier Foundation has never argued that there is a principled rationale for denying the government access to public forums. Moreover, both EFF and CPSR have hosted public forums on computer crime, civil liberties, and privacy matters at which government representatives have been informative and enthusiastic participants. > But let me make it perfectly clear you do not speak for Patrick > Townson and/or TELECOM Digest, although you may speak for various > readers of the Digest who have asked you to represent them or speak > for them. This seems to me to be an odd comment. I don't know of anyone, including Craig Neidorf, who has claimed to "speak for" TELECOM Digest or Pat Townson. You seem to be expressing opposition to CPSR's efforts to find out the contours of the government's efforts to fight computer crime. This surprises me, since I'd have thought that anyone in a democratic society would be interested in knowing how the government is spending our tax money -- not to mention whether some of its efforts might affect the exercise of the Constitutional right to free speech in a public forum. [Telecom Moderator's Note: Readers who are interested in more information about the Electronic Frontier Foundation and/or membership should contact Mike Godwin . PAT] ++++++++++++++++++++++++++++++++++++++ From: mcovingt@athena.cs.uga.edu (Michael A. Covington) Subject: Re: CPSR FOIAs U.S. Secret Service Date: Sun, 24 Nov 91 19:08:46 GMT In article knight@eff.org (Craig Neidorf) writes: > The Secret Service's response to Computer Professionals for > Social Responsibility's (CPSR) Freedom of Information Act (FOIA) > request has raised new questions about the scope and conduct of the > agency's "computer crime" investigations. The documents disclosed to > CPSR reveal that the Secret Service monitored communications sent > across the Internet. The materials released through the FOIA include > copies of many electronic newsletters, digests, and Usenet groups > including "comp.org.eff.talk," "comp.sys.att," "Computer Underground > Digest" (alt.cud.cu-digest)," "Effector Online," "Legion of Doom > Technical Journals," "Phrack Newsletter," and "TELECOM Digest > (comp.dcom.telecom)". Currently, there is no clear policy for the > monitoring of network communications by law enforcement agents. Two of these are unfamiliar to me, but all the rest are forums which everyone is welcome to read. You might as well complain that the Secret Service reads your local newspaper. Seriously, I am concerned about possible violations of people's rights by over-zealous agents. But reading comp.dcom.telecom hardly counts as snooping! In article PCOEN@drew.drew.edu (Paul Coen) writes: >> Anyone is free -- even members of CPSR -- to interconnect with this >> network and read the newsgroups or subscribe to the various >> e-journals. Craig makes it sound, in his context, like the Secret >> Service did something wrong. In this instance, they did not. >> Well I don't know about those other guys mentioned here, but I have no >> problem with TELECOM Digest being in anyone's files. > Yes, but did all of the people who made contributions realize that it > could end up in a file pertaining to a Secret Service investigation? This is something we have had a hard time hammering into the heads of the users here at the University of Georgia. A newsgroup is a public forum. Posting something in a newsgroup is like publishing it in a major newspaper. The person posting it should expect that it will be read by practically anybody anywhere. "I've just posted this for 100,000 people, but don't tell anybody!" is unfortunately a common attitude. People seem to think that the newsgroups are some kind of underground society where everyone is sworn to secrecy. ++++++++++++++++++++++++++++++++++++++ From: fulk@cs.rochester.edu (Mark Fulk) Subject: Re: CPSR FOIAs U.S. Secret Service Date: Sun, 24 Nov 1991 21:27:49 GMT In article telecom (TELECOM Moderator) writes: > In TELECOM Digest V11 #953, Craig Neidorf tells of ...Long inclusion deleted, consult the previous articles... I think Pat is attacking a straw man here. Craig Neidorf's posting offered no evaluation of the purpose, danger, or legality of the included material; Pat only assumed that CPSR/CN/EFF object to the government keeping such files. A more appropriate response would be "why should this matter?", since no reason for caring was offered. I'll offer two reasons I care: 1) Further evidence that the government investigators are operating in the dark. 2) The use by demagogues of "presence in a file" as evidence for guilt. "Ah, yes, Mr. Townson, but we have seen your name in the FBI's computer crimes file. Now stop telling us you don't know any credit card thiefs." This tactic is the reason the John Birch society used to send out postcards accusing people of being communists. The postcards were sometimes used by HUAC as evidence of guilt. Among the people who were the subject of such postcards were John Kenneth Galbraith and Amitai Etzioni (they weren't investigated by HUAC). >> was established for an undercover investigation involving pedophiles. > I think that's an admirable goal ... investigating pedophiles. On the surface. I must admit that I know next to nothing about pedophilia. However, I'm fairly certain that it is a condition requiring treatment more than a crime requiring punishment. And it seems likely to me that the Secret Service's bulletin board would very likely be an entrapment; would very likely result in the arrest of people who never touch a child despite their condition; and almost certainly will do nothing whatsoever to contribute to the safety of children. On the other hand, an investigation of the Diocese of Chicago would, it seems, be of great value. For some reason, that investigation has not yet begun. >> The documents we received also include references to the video >> taping of SummerCon, a computer hackers conference that took place in >> St. Louis in 1988. The Secret Service employed an informant to attend >> the conference and placed hidden cameras to tape the participants. > Well again, a public event is a public event. It was advertised widely > and people were invited to attend. That which can be seen with the > eyes does not become forbidden to view later through the lens of a > camera for strictly that reason alone. Not all events at a conference are public. Most of the interesting work goes on in private meeting rooms and bedrooms. People have a right to privacy where they might reasonably expect it; if a meeting room is labelled private, taping there would violate privacy. Taping in anyone's hotel room would certainly be a violation of privacy, lacking the permission of the people present. It has been a long time since Summercon '88 was a current topic, but I recall that the taping occurred in someone's hotel room. >> The documents also show that the Secret Service established a computer >> database to keep track of suspected computer hackers. This database >> contains records of names, aliases, addresses, phone numbers, known >> associates, a list of activities, and various articles associated with >> each individual. > Not that you would ever keep any computer database of people with > interests like your own ....:) Again, no evaluation of the data was offered, Pat. You're barking at the mailman. The point was to give a clear idea of the amount of effort the Secret Service has expended. I would expect them to construct such a database. What concerns me is the quality of information in the database. I think CPSR's efforts are clearly worthwhile. >> CPSR is continuing its efforts to obtain government documentation > Fine ... you do your thing. But let me make it perfectly clear you do > not speak for Patrick Townson and/or TELECOM Digest, although you may > By all means, dear readers, contact CPSR if you want more information, > but as for myself, I support government efforts to crack down on > computer crime, and electronic invasion of computers by unauthorized > users. I do not support organizations which would deny the government >the right to participate in any public forum. The straw is flying now! Of course the government has a right to participate in c.d.t, and to record articles. Of course it should crack down on computer crime, provided that in so doing it respects the Constitution and the law, and provided (1) that the crackdown is directed at substantial crimes, not at teenage pranks that should be dealt with by parents and relevant local authorities, and (2) that the crackdown has some chance of success. The problem with Secret Service efforts is that they SEEM to be a bunch of Keystone Kops. Since they are apparently unable to approach the real problems, they are spending time collecting massive quantities of irrelevant material to pad their files. I suspect that they are also padding their suspect lists, which makes the matter of their database of suspected hackers AND ASSOCIATES a bit of a worry. One might ask, "How SHOULD the SS proceed?" My prescription: for decades there have been persistent rumors of computer thefts by insiders. The perpetrators, once caught by their employers, would be let go for minimal restitution and silence. The SS should track some of those rumors down, and if any turn up correct, prosecute. The effort, of course, would be substantial. The probability of success is not 100%. But, by all accounts known to me, this is the best way to get at the real bulk of computer crime. [Telecom Moderator's Note: One glaring inaccuracy in your response was your comment that 'an investigation of (pedophilia in) the Archdiocese of Chicago would be of great value and it has not begun.' The truth here is that following several detailed articles in the %Chicago Sun Times%, the %Chicago Reader%, a couple articles by myself in misc.legal which drew considerable attention, and several news reports on television, the 'pedophilia problem' in the Archdiocese of Chicago WAS investigated at the church level and IS being investigated by the Cook County State's Attorney now. During the past two weeks, six priests have been removed from their positions, and more are expected to be removed soon. PAT] ------------------------------ Date: Mon, 25 Nov 91 01:20 CST From: TK0JUT1@NIU.BITNET Subject: File 4-- Why Covert Surveillance is Wrong Criticism of Craig Neidorf's report of CPSR's investigation into Secret Service covert surveillance of net-media, use of informants, and other intrusive observations justifies law enforcement actions on several grounds, including: 1) Anything public is fair game for covert surveillance. 2) People with nothing to hide shouldn't worry about what they say in public. 3) Computer crime isn't cool, and the government has both the right and the responsibility to target evil-doers. Therefore, law enforcement need not have clear policies circumscribing the limits of covert intrusion. First, it is categorically false that *anything* done in public is fair game for covert surveillance. As anybody from the Chicago area should know, Judge Getzendammer (US District Court, Northern District) made it quite clear in several rulings against the Chicago police in political surveillance cases that covert surveillance of lawful activity in public is not to be tolerated in a free society. Further, anybody with even a high school civics knowledge of covert surveillance in the US understands the distinction between legitimate participation in a public event and participating in that event for the purpose of collecting, analyzing, and storing information on law-abiding citizens. Scrounging through Usenet traffic to compile dossiers on people not under investigation for wrongdoing is as reprehensible as targeting license plate numbers from cars in a parking lot at an anti-nukes rally as a way of creating a list of possible "subversives." Frank Donner's _Protectors of Privilege_ lays out the the historical consequences of and responses to covert law enforcement surveillance. Blanket intrusion by agents into Constitutionally protected realms that include freedom of speech, privacy, and assembly, are not only a demonstrable threat to democracy -- they are not generally tolerated by the courts. Second, while law enforcement agents have every right to read whatever public document they wish, this misses the point. It is not that agents subscribe to and/or read documents. The point is what they do with what they read. A 1977 class action suit against the Michigan State Police learned, through FOIA requests, that state and federal agents would peruse letters to the editor of newspapers and collect clippings of those whose politics they did not like. These news clippings became the basis of files on those persons that found there way into the hands of other agencies and employers. The preliminary CPSR information suggests that the Secret Service is conducting their investigation in an analogous manner. This has a chilling effect on free speech that is arguably (judging from court cases) not only illegal, but dangerous. As somebody wrote in CuD recently: The basis of a democratic society rests on the ability of citizens to openly discuss competing ideas, challenge political power and assemble freely with others. These fundamental First Amendment rights are subverted when, through neglect, the state fails to protect them. Covert collection of information, whether from TELECOM Digest, CuD, or newspaper editorials, and the subsequent compilation of secret dossiers moves us from a democracy to a police state. The issue isn't whether any specific person has something to hide, but rather whether somebody might, because of secret information gathering, wish they had hidden what they had previously said. We shouldn't have to worry about whether what we say pleases law enforcement lest we become entries in some database of undesireables. Finally, few people disagree with the claim that computer crime is wrong. But, because a given behavior is wrong hardly justifies carte blanche to investigate that behavior. The government should have clear policies about the scope of surveillance because it protects *all* citizens from the dangers of intrusion by law enforcement into Constitutionally protected behavior. Like gravity, specific limitations on covert intrusion by law enforcement into our lives isn't just a good idea, it's the law. Computer-mediated communication is relatively new, and the law has not caught up with changing technology. CPSR should be commended for its efforts to track what appear to be clear violations of existing laws and policies in investigation of "computer crime." There is nothing noble in acquiescing to the erosion of Constitutionally protected activity as those who defend the Secret Service actions seem willing to do. ------------------------------ End of Computer Underground Digest #3.42 ************************************