Computer underground Digest Wed, Jan 15, 1992 Volume 4 : Issue 02 Moderators: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) CONTENTS, #4.02 ( Jan 15, 1992) File 1--Re: Whole Earth Review Questions Technology File 2--Craig's submission in #4.01 File 3--Subscribing to PHRACK File 4--Report: 8th Chaos Computer Congress File 5--Net "do-it-yourself" political activity (NEWSBYTES Reprint) File 6--Political Organizing at the Individual Level File 7--*DRAFT* "Guaranteeing Constitutional Freedoms" File 8--The Compuserve Case (Reprint from EFF Vol 2, #3) File 9--Senate Introduces Two FOIA Bills, S. 1929 & S. 1940 Issues of CuD can be found in the Usenet alt.society.cu-digest news group, on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL0 and DL12 of TELECOM, on Genie, on the PC-EXEC BBS at (414) 789-4210, and by anonymous ftp from ftp.cs.widener.edu (147.31.254.132), chsun1.spc.uchicago.edu, and ftp.ee.mu.oz.au. To use the U. of Chicago email server, send mail with the subject "help" (without the quotes) to archive-server@chsun1.spc.uchicago.edu. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. Some authors do copyright their material, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to the Computer Underground. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Thu, 09 Jan 92 15:54:48 -0600 From: Neil W Rickert Subject: File 1--Re: Whole Earth Review Questions Technology In Cu Digest, #4.01 Tom White writes: > Is technological innovation invariably beneficial? Do we control >new technologies or do they control us? This reminds me of the comments I occasionally have been heard to make, with tongue only very slightly in cheek: In the old days, before Xerox became a household word, everyone participating in an important meeting would be given a copy of the documentation. Attached was a check sheet. He/she would read the documentation, cross his/her name off the check sheet, and pass the documents onto the next person listed. Today, everybody has an individual copy. There is not so much of a rush to read it. Thus everyone can put off reading it until the last minute or a little later, come to the meeting, and an important issue is voted on without one participant having read it, or having the courage to admit to not having read it. +++++++++++ In the old days it was very costly to revise a draft, since the whole thing had to be redone from the start, with the possibility of new errors being introduced. As a result many letters and memos were sent out with minor errors, because it was just not worth the trouble of correcting them. Today, with word processing, editing a memo or letter is much simpler. As a result, drafts are revised ad infinitum. The total number of man (and woman) hours spend on the document may be three or more times as much as before. And the result - a few less minor typos, but no improvement in the essential meaningfulness and readability of the document. +++++++++++ To top it off, there are probably thousands of MIPS (million instructions per second) of computing power dedicated to the sole purpose of printing address labels on junk mail, much of which will finish up in land fills without having been read. ------------------------------ Date: Sat, 11 Jan 92 0:23:33 EST From: tadvocate@anonymous.com Subject: File 2--Craig's submission in #4.01 Reply to: File 2--How The Government Broke The Law And Went Unpunished > JUSTICE DENIED > > How The Government Broke The Law And Went Unpunished > > by Craig Neidorf > kl@stormking.com > > > TO THE READER: > > During the summer of 1990, I wrote the following review of how the > Privacy Protection Act of 1980 could have been applied to the above > described incident. After several months of trying to find a way to > file a claim, I have finally come to realize that the goal I seek is > unreachable because I do not possess the financial resources to hire > legal counsel and no law firm or organization capable of handling the > case will agree to take it on a contingency basis. Furthermore, as I > Protection Act of 1980 as described above. > > ********** Stuff Deleted*********** > > *** What Are The Remedies? > > Section 106(a) provides a civil cause of action for damages for > violations of the Act. Such an action may be brought by any person > aggrieved by a violation of the statute. > > WE DARE NOT GIVE UP THAT RIGHT! Craig, stop complaining. You are going to law school. File a pro se action against the government. File it and ask some of your professors to help you out. You'll learn more practical law then a thousand class hours. If we dare not give up our rights, then we dare not stop. The Advocate. [ This information published so that all members of the community can know that they do not need to depend on lawyers to protect our rights. The day an american may not protect his rights without a lawyer, is the day his rights have died.] PS For those interested. The supreme court is deciding a case where a man was convicted of receiving child pornography only after being targeted for 2 years in a blizzard of letters by undercover operators into buying it by mail. The supreme court will try to determine what limits the government may not violate in enticing people into breaking the law. ------------------------------ Date: Tue, 14 Jan 92 17:44:09 EST From: Storm King ListServ Account Subject: File 3--Subscribing to PHRACK We here at phrack have been getting mail bouncing all over the place due to people writing PHRACK@STOMKING.COM the correct contact for phrack is at PHRACKSUB@STORMKING.COM. Please correct this! These days people must do the following to get on the phrack mailing list. The distribution of Phrack is now being performed by the software called Listserv. All individuals on the Phrack Mailing List prior to your receipt of this letter have been deleted from the list. If you would like to re-subscribe to Phrack Inc. please follow these instructions: 1. Send a piece of electronic mail to "LISTSERV@STORMKING.COM". The mail must be sent from the account where you wish Phrack to be delivered. 2. Leave the "Subject:" field of that letter empty. 3. The first line of your mail message should read: SUBSCRIBE PHRACK 4. DO NOT leave your address in the name field! (This field is for PHRACK STAFF use only, so please use a full name) Once you receive the confirmation message, you will then be added to the Phrack Mailing List. If you do not receive this message within 48 hours, send another message. If you STILL do not receive a message, please contact "SERVER@STORMKING.COM". You will receive future mailings from "PHRACK@STORMKING.COM". If there are any problems with this procedure, please contact "SERVER@STORMKING.COM" with a detailed message. Sincerly, The Phrack Staff ------------------------------ Date: Tue, 14 Jan 92 12:15 MST From: Moderators Subject: File 4--Report: 8th Chaos Computer Congress ((For those who do not receive either RISKS-L or TELECOM Digest, we reprint the following form TELECOM Digest, Vol 13 #35 (14 Jan '92)). *********************************************** Date: Tue, 14 Jan 1992 06:33:50 PST From: Eric_Florack.Wbst311@xerox.com Subject: Report: 8th Chaos Computer Congress The following message was copied from RISKS-L. Of particular interest to TELECOM reader will be where the writer speaks of HACKTIC. That such gatherings are becoming more sparsely populated is a positive step. But is it, perhaps, time for people such as the UN , or perhaps the ITU, to invoke sanctions against countries that allow such groups to thrive? ( Comments are my own ... I don't expect anyone else to have the guts to agree with me.) (Grin) -=-=-=--=-=-= Date: 9 Jan 92 16:37 +0100 From: Klaus Brunnstein Subject: Chaos Congress 91 Report Report: 8th Chaos Computer Congress On occasion of the 10th anniversary of its foundation, Chaos Computer Club (CCC) organised its 8th Congress in Hamburg (Dec.27-29, 1991). To more than 400 participants (largest participation ever, with growing number of students rather than teen-age scholars), a rich diversity of PC and network related themes was offered, with significantly less sessions than before devoted to critical themes, such as phreaking, hacking or malware construction. Changes in the European hacker scene became evident as only few people from Netherlands (see: Hacktick) and Italy had come to this former hackers' Mecca. Consequently, Congress news are only documented in German. As CCC's founding members develop in age and experience, reflection of CCC's role and growing diversity (and sometimes visible alienity between leading members) of opinions indicates that teen-age CCC may produce less spectacular events than ever before. This year's dominating theme covered presentations of communication techniques for PCs, Ataris, Amigas and Unix, the development of a local net (mousenet.txt: 6.9 kByte) as well as description of regional (e.g. CCC's ZERBERUS; zerberus.txt: 3.9 kByte) and international networks (internet.txt: 5.4 kBytes), including a survey (netzwerk.txt: 53.9 kByte). In comparison, CCC'90 documents are more detailed on architectures while sessions and demonstrations in CCC'91 (in "Hacker Center" and other rooms) were more concerned with practical navigation in such nets. Phreaking was covered by the Dutch group HACKTIC which updated its CCC'90 presentation of how to "minimize expenditures for telephone conversations" by using "blue" boxes (simulating specific sounds used in phone systems to transmit switching commands) and "red" boxes (using telecom-internal commands for testing purposes), and describing available software and recent events. Detailed information on phreaking methods in specific countries and bugs in some telecom systems were discussed (phreaking.txt: 7.3 kByte). More information (in Dutch) was available, including charts of electronic circuits, in several volumes of Dutch "HACKTIC: Tidschrift voor Techno-Anarchisten" (=news for techno-anarchists). Remark #1: recent events (e.g. "Gulf hacks") and material presen- ted on Chaos Congress '91 indicate that Netherland emerges as a new European center of malicious attacks on systems and networks. Among other potentially harmful information, HACKTIC #14/15 publishes code of computer viruses (a BAT-virus which does not work properly; "world's shortest virus" of 110 bytes, a primitive non-resident virus significantly longer than the shortest resident Bulgarian virus: 94 Bytes). While many errors in the analysis show that the authors lack deeper insight into malware technologies (which may change), their criminal energy in publishing such code evidently is related to the fact that Netherland has no adequate computer crime legislation. In contrast, the advent of German computer crime legislation (1989) may be one reason for CCC's less devotion to potentially harmful themes. Remark #2: While few Netherland universities devote research and teaching to in/security, Delft university at least offers introductory courses into data protection (an issue of large public interest in NL) and security. Professors Herschberg and Aalders also analyse the "robustness" of networks and systems, in the sense that students may try to access connected systems if the addressed organisations agree. According to Prof. Aalders (in a recent telephone conversation), they never encourage students to attack systems but they also do not punish students who report on such attacks which they undertook on their own. (Herschberg and Alpers deliberately have no email connection.) Different from recent years, a seminar on Computer viruses (presented by Morton Swimmer of Virus Test Center, Univ. Hamburg) as deliberately devoted to disseminate non-destructive information (avoiding any presentation of virus programming). A survey of legal aspects of inadequate software quality (including viruses and program errors) was presented by lawyer Freiherr von Gravenreuth (fehlvir.txt: 5.6 kByte). Some public attention was drawn to the fact that the "city-call" telephone system radio-transmits information essentially as ASCII. A demonstration proved that such transmitted texts may easily be intercepted, analysed and even manipulated on a PC. CCC publicly warned that "profiles" of such texts (and those addressed) may easily be collected, and asked Telecom to inform users about this insecurity (radioarm.txt: 1.6 kByte); German Telecom did not follow this advice. Besides discussions of emerging voice mailboxes (voicebox.txt: 2.8 kBytes), an interesting session presented a C64-based chipcard analysis systems (chipcard.txt: 3.3 kBytes). Two students have built a simple mechanism to analyse (from systematic IO analysis) the protocol of a German telephone card communicating with the public telephone box; they described, in some detail (including an elctronmicroscopic photo) the architecture and the system behaviour, including 100 bytes of communication data stored (for each call, for 80 days!) in a central German Telecom computer. Asked for legal implications of their work, they argued that they just wanted to understand this technology, and they were not aware of any legal constraint. They have not analysed possibilities to reload the telephone account (which is generally possible, due to the architecture), and they didnot analyse architectures or procedures of other chipcards (bank cards etc). Following CCC's (10-year old charta), essential discussions were devoted to social themes. The "Feminine computer handling" workshop deliberately excluded men (about 25 women participating), to avoid last year's experience of male dominancy in related discussions (femin.txt: 4.2 kBytes). A session (mainly attended by informatics students) was devoted to "Informatics and Ethics" (ethik.txt: 3.7 kByte), introducing the international state-of-discussion, and discussing the value of professional standards in the German case. A discussion about "techno-terrorism" became somewhat symptomatic for CCC's actual state. While external participants (von Gravenreuth, Brunnstein) were invited to this theme, CCC-internal controversies presented the panel discussion under the technical title "definition questions". While one fraction (Wernery, Wieckmann/terror.txt: 7.2 kByte) wanted to discuss possibilities, examples and dangers of techno-terrorism openly, others (CCC "ol'man" Wau Holland) wanted to generally define "terrorism" somehow academically, and some undertook to describe "government repression" as some sort of terrorism. In the controversial debate (wau_ter.txt: 9.7 kByte), few examples of technoterrorism (WANK worm, development of virus techniques for economic competition and warfare) were given. More texts are available on: new German games in Multi-User Domain/Cyberspace (mud.txt: 3.8 kByte), and Wernery's "Btx documentation" (btx.txt: 6.2 kByte); not all topics have been reported. All German texts are available from the author (in self-extracting file: ccc91.exe, about 90 kByte), or from CCC (e-mail: SYSOP@CHAOS-HH.ZER, fax: +49-40-4917689). ------------------------------ Date: Wed, 15 Jan 1992 11:45:54 GMT From: John F. McMullen (mcmullen@well.sf.ca.us) Subject: File 5--Net "do-it-yourself" political activity (NEWSBYTES Reprint) Warren Announces Do-It-Yourself "NET" Political Activity 1/13/92 WOODSIDE, CALIFORNIA, U.S.A., 1992 JAN 13 (NB) -- Jim Warren, founder of InfoWorld and the West Coast Computer Faire, has announced a plan under which US taxpayers may let their legislators know their desire for expenditure of tax revenues. In a statement posted of the Whole Earth 'Lectronic Link (WELL), Warren outlined a proposal under which taxpayers would fill out a form that specifies the desires of the taxpayer for the uses of her/his tax payment. The form will then be sent to the taxpayer's elected representatives. Warren said "As we approach tax-day, it emphasizes that we again worked more than a third of last year for the government and politicians. This year, let's tell them how WE want them to use the hard-earned money they take from us. When we send in our taxes, let's also send copies of this to our current and potential elected representatives, especially to this year's political candidates. (Let's not blame the IRS; they're just doing what our elected representatives tell them to do.) Please feel free to copy this to friends, neighbors, customers, business associates and company and community bulletin boards." The form, designed by Warren, provides spaces for the taxpayer to fill in dollar and percentage figures for the expenditure of the funds. Warren also committed, if taxpayers send copies of the forms to him, to publish summary reports reflecting the desires of the aggregate of the reporting taxpayers. Warren's form follows: To: ______________________________ ______________________________ ______________________________ ______________________________ TAX ALLOCATION INSTRUCTIONS FROM A VOTER Here are the taxes that I know you are taking from my work last year, and here is how I want you to use them. (For other projects that you or your campaign donors desire, please depend on the hidden taxes that I cannot easily identify.) This is a very serious matter to me, even though this note is a form. Please respond and tell me how much of our earnings you, as our elected representative, want to take in taxes, and how much you want to spend in each budget-area. Please send me _____ copies of your response for my friends, neighbors and business associates. (And, a lack of response will be noted as a response.) How to use MY taxes: Federal allocations: Fiscal-1992 Federal Budget 1. % $ 18.0% $ 290,820M National Defense 2. % $ 2.2% 35,679M International Affairs 3. % $ 1.2% 18,934M Science, Space and Technology 4. % $ 0.3% 4,129M Energy 5. % $ 1.2% 19,708M Natural Resources and Environment 6. % $ 1.2% 20,219M Agriculture 7. % $ 6.5% 105,780M Commerce and Housing Credit 8. % $ 2.1% 34,312M Transportation 9. % $ 0.4% 5,768M Community & Regional Development 10. % $ 2.9% 46,934M Education,Employment, Soc.Services 11. % $ 5.0% 81,300M Health 12. % $ 7.0% 113,811M Medicare 13. % $ 13.8% 222,691M Income Security 14. % $ 21.7% 351,109M Social Security 15. % $ 2.1% 33,380M Veterans' Benefits and Services 16. % $ 0.9% 14,842M Administration of Justice 17. % $ 0.8% 12,688M General Government 18. 12.7% $ 12.7% 206,343M Net Interest 19. % $ deficit reduction 20. % $ 0.0% 0 tax reduction/refund/rebate to me ------ --------- ------ ----------- 100.0% $ 100.0% $1,618,447M my taxes & your FY-1992 budget Thanking you for your attention to this constituent request, I remain, From:______________________________ ______________________________ ______________________________ ______________________________ Warren told Newsbytes that, following his posting, MicroTimes editor Mary Eisenhart told him that he can include a copy of the form in an up-coping column in that 200,000 circulation publication. Warren also stated that any forms sent to him for summarization will be held in the strictest confidence and not shown to others. He said "I must hold them for the possibility that anyone doubts that the basis for our published summary actually existed." Warren also commented to Newsbytes on the potential of network mobilization, saying "We have in the computer network the largest circulation publication in the nation and it is free for the logon cost. This is the beginning of the implementation of effective electronic citizenship. Warren said that at least 2 other electronic political projects are planned for 1992. (Barbara E. McMullen & John F. McMullen/Press Contact: Jim Warren, 415-851-2814 (fax); jwarren@autodesk.com (e-mail)/19920113) ------------------------------ Date: Tue, 14 Jan 92 18:45:21 EST From: Jim Warren (jwarren@well.sf.ca.us) Subject: File 6--Political Organizing at the Individual Level Once every four years, with less opportunity each two years -- i.e., each election year -- citizen-groups have a brief-but-major window-of-opportunity to obtain government by and for the People. We rarely use it effectively. Civil liberties in the electronic frontier simply cannot wait until 1996. By then, it may be too late to protect online rights, freedom and privacy. We need to act now. We *can* act. And we *can* be effective: 1. Meet with candidates. Do this in their offices, preferably, as a group of no more than 2-4 articulate, presentable spokespeople. It helps if you have formal backing of a group, but it is certainly not necessary. What is greatly persuasive to candidates is whether you are likely to sway a group of voters. 2. Be informative. Plan a careful, logical, brief oral presentation of our concerns. Back it up with a 2-10 page summary of major points, positions and requests. Supporting newspaper articles are particularly helpful. 3. Seek explicit committments. *Every* successful politician has mastered the art of *sounding* sincerely interested and supportive without making committments. Make specific requests for specific action within a specific time-frame. Request it in the form of an official policy- or position-statement issued by the candidate, "so you can then publicize their position throughout your group." (Verbal assurances in private meetings are unreliable.) If they seem disinclined, politely indicate that you will, regretfully, have to report that non-action or lack of explicit commitment must be viewed as non-support, potentially even opposition, on these time-sensitive issues. Don't expect somethin' for nothin'. If they seem inclined to commit --at a minimum, they will sound sincerely concerned -- they will want to know what support you will offer. Expect them to ask for it and/or for your formal endorsement. Perhaps the best response to this is to say you will vigorously circulate details of their committments throughout your group. 4. Indicate the group to whom you will report. Long ago, when I last checked, the WELL had about 4,500 users. BMUG has ?? Brian Reid's latest estimates are that USENET had about 1,913,000 users on about 40,000 hosts. There are probably around 15 million users on non-BBS computer networks in the U.S., public and private. The Internet has about 5,000 networks with around a million hosts and anywhere from 5 to 10 million users. The Fidonet BBS-net probably has around 2 million users (I've asked And, there's your own internal net at work or school. Can you post personal notes on it? Are you a BBS sysop or host administrator with authority to post a logon notice seen by everyone? Seems like every user ought to know who is willing to protect their online freedom and privacy. I phrased this in the second person -- "you" do it -- but, jus' for the record: I'm personally pursuing this with various federal and state candidates on the San Francisco Peninsula. I walk it like I talk it. :-) ------------------------------ Date: Tue, 14 Jan 92 18:45:21 EST From: Jim Warren (jwarren@well.sf.ca.us) Subject: File 7--*DRAFT* "Guaranteeing Constitutional Freedoms" *This is a **draft***. (I am working on additional phrasing regarding computerized access to computerized legislation-in-progress, so we may be citizens effectly informed of the legislative process. I also have some thoughts about enhancing citizen's access to their personal information that is collected and shared by government agencies. If you wish a copy of the final version for your own modification, use and/or personal or group political action, please e-mail your request to: jwarren@well.sf.ca.us --or-- jwarren@autodesk.com . ************************* GUARANTEEING CONSTITUTIONAL FREEDOMS INTO THE 21st CENTURY Harvard Law Professor Laurence H. Tribe, one of the nation's leading Constitutional scholars, views technological threats to our constitutional freedoms and rights as so serious that, for the first time in his career, he has proposed a Constitutional Amendment: "This Constitution's protections for the freedoms of speech, press, petition and assembly, and its protections against unreasonable searches and seizures and the deprivation of life, liberty or property without due process of law, should be construed as fully applicable without regard to generated, stored, altered, transmitted or controlled." Until and unless the unlikely event that such an Amendment is adopted, legislation and regulation are the only alternatives to assure modern protection of citizens against modern technological threats against their constitutional rights and freedoms. PERSONAL COMMITMENT TO ACTION PREFACE: It has been over two centuries since our Constitution and Bill of Rights were adopted. The great technological change in the interum --especially in computing, telecommunications and electronics -- now poses a clear and present danger to the rights and protections guaranteed in those great documents. Therefore: will author or coauthor legislation reflecting the following specifics, and I will actively support and testify in favor of any similar legislation as may be introduced by others. Further, I will actively seek to have included in such legislation, explicit personal civil and/or criminal penalties against any agent, employee or official of the government who violates any of these statutes. And finally, I will keep all citizens who express interest in legislative progress on these matters fully and timely informed. The protections guaranteed in the Constitution and its Amendments shall be fully applicable regardless of the current technology of the time. In particular: SPEECH: Freedom of speech shall be equally protected, whether by voice or written as in the 18th Century, or by electronic transmission or computer communication as in the 20th Century and thereafter. PRESS: Freedom of the press shall be equally protected, whether by print as in the 18th Century, or by computer distribution of information, as in the 20th Century and thereafter. ASSEMBLY: Freedom of assembly shall be equally protected, whether by face-to-face meeting as in the 18th Century, or by computer-based conference as in the 20th Century and thereafter. The right to hold confidential meetings shall be equally protected, whether they be by personal meeting in private chambers, or by computer-based private conferences. SELF-PROTECTION: The right of the people to keep and use computers and communications equipment and connections shall not be abridged by the government. SEARCH & SEIZURE: The right of the people to be secure in their papers and effects, against unreasonable searches and seizures, shall be fully applicable to their electronic mail, computerized information and personal computer systems. WARRANTS: No warrants for search or seizure shall issue for computerized information, but upon probable cause, supported by oath or affirmation, and particularly describing the computer system to be searched and the specific information to be seized. SECURE INFORMATION VAULTS: Just as search and seizure of letters in a post-office, and papers in a bank-vault lock-box, and surveillance of a telephone conversations by wire-tap each require a separate warrant for each postal address, lock-box and telephone line, so also shall a separate warrant be required for electronic mail or other computer files of each suspect, when stored in a computer facility shared by others, and such files stored in a shared facility by or for a citizen who is neither named in a warrant nor associated with a suspect so-named, may not be used against that citizen, if seized or discovered during legal search of or for files of a suspect. SELF-INCRIMINATION: No person shall be compelled in any civil or criminal case to be a witness against himself or herself, nor be compelled to translate or decode computerized information that may be so incriminating. PRIVATE PROPERTY: Private property shall not be taken for public use without just compensation, nor shall it be used nor sold by the government for less than fair market value, in which case all such proceeds shall promptly derive singularly to its owner prior to government seizure. SPEEDY RELEASE: Anyone not accused of a crime shall enjoy the right to a speedy release and return of all of their property in undamaged form, as may be seized under any warrant, particularly including their computerized information. _________________________ title/office/office sought _________________________ address _________________________ _________________________ _________________________ campaign-office voice-phone number _________________________ campaign-office electronic-mail address ------------------------------ Date: Tue, 14 Jan 92 17:44:09 EST From: Eff@org Subject: File 8--The Compuserve Case (Reprint from EFF Vol 2, #3) THE COMPUSERVE CASE: A STEP FORWARD IN FIRST AMENDMENT PROTECTION FOR ONLINE SERVICES. By Mike Godwin (mnemonic@eff.org) By now you may have heard about the summary-judgment decision in Cubby, Inc. v. CompuServe, a libel case. What you may not know is why the decision is such an important one. By holding that CompuServe should not be liable for defamation posted by a third-party user, the court in this case correctly analyzed the First Amendment needs of most online services. And because it's the first decision to deal directly with these issues, this case may turn out to be a model for future decisions in other courts. The full name of the case, which was decided in the Southern District of New York, is Cubby Inc. v. CompuServe. Basically, CompuServe contracted with a third party for that user to conduct a special-interest forum on CompuServe. The plaintiff claimed that defamatory material about its business was posted a user in that forum, and sued both the forum host and CompuServe. CompuServe moved for, and received, summary judgment in its favor. Judge Leisure held in his opinion that CompuServe is less like a publisher than like a bookstore owner or book distributor. First Amendment law allows publishers to be liable for defamation, but not bookstore owners, because holding the latter liable would create a burden on bookstore owners to review every book they carry for defamatory material. This burden would "chill" the distribution of books (not to mention causing some people to get out of the bookstore business) and thus would come into serious conflict with the First Amendment. So, although we often talk about BBSs as having the rights of publishers and publications, this case hits on an important distinction. How are publishers different from bookstore owners? Because we expect a publisher (or its agents) to review everything prior to publication. But we *don't* expect bookstore owners to review everything prior to sale. Similarly, in the CompuServe case, as in any case involving an online service in which users freely post messages for the public (this excludes Prodigy), we wouldn't expect the online-communications service provider to read everything posted *before* allowing it to appear. It is worth noting that the Supreme Court case on which Judge Leisure relies is Smith v. California--an obscenity case, not a defamation case. Smith is the Supreme Court case in which the notion first appears that it is generally unconstitutional to hold bookstore owners liable for content. So, if Smith v. California applies in a online-service or BBS defamation case, it certainly ought to apply in an obscenity case as well. Thus, Cubby, Inc. v. CompuServe sheds light not only on defamation law as applied in this new medium but on obscenity law as well. This decision should do much to clarify to concerned sysops what their obligations and liabilities are under the law. +++++++++++++++++++++++++++++++ Highlights of the CompuServe decision (selected by Danny Weitzner): "CompuServe's CIS [CS Information Service] product is in essence an electronic, for-profit library that carries a vast number of publications and collects usage and membership fees from its subscribers in return for access to the publications. CompuServe and companies like it are at the forefront of the information industry revolution. High technology has markedly increased the speed with which information is gathered and processed; it is now possible for an individual with a personal computer, modem, and telephone line to have instantaneous access to thousands of news publications from across the United States and around the world. While CompuServe may decline to carry a given publication altogether, in reality, once it does decide to carry a given publication, it will have little or no editorial control over that publication's contents. This is especially so when CompuServe carries the publication as part of a forum that is managed by a company unrelated to CompuServe. "... CompuServe has no more editorial control over ... [the publication in question] ... than does a public library, book store, or newsstand, and it would be no more feasible for CompuServe to examine every publication it carries for potentially defamatory statements than it would for any other distributor to do so." "...Given the relevant First Amendment considerations, the appropriate standard of liability to be applied to CompuServe is whether it knew or had reason to know of the allegedly defamatory Rumorville statements." Cubby, Inc. v. CompuServe, Inc. (90 Civ. 6571, SDNY) ------------------------------ Date: Thu, 09 Jan 92 15:54:48 -0600 From: CuD Moderators (tk0jut2@mvs.cso.niu.edu) Subject: File 9--Senate Introduces Two FOIA Bills, S. 1929 & S. 1940 The latest (Vol. 16, #4, Dec., 1991) issue of _First Principles_ reports on the status of two Freedom of Information Act (FOIA) bills introduced in the Senate in late 1991. The proposed amendments would make it easier for citizens to obtain information, but more importantly, would expand the availability of information in electronic form. The following is abstracted from the article, "Senate Introduces New FOIA Bills" (pp 6, 9), by Gary M. Stern. Senator Patrick Leahy (D-VT) introduced two bills to amend the Freedom of Information Act: S. 1939, the "Freedom of Information Improvement Act of 1991," and S. 1940, the "Electronic Freedom of Information Improvement Act of 1991 (cosponsored by Hank Brown (R-CO)). The latter bill, in particular, presents the best opportunity in many years to enact significant FOIA reforms. S. 1940 would require the government to respond to FOIA requests in electronic form as well as on paper. Section 4 of the bill states that "(a)n agency shall provide records in any form in which such records are maintained by that agency as requested by any person. (C)An agency shall make resonable efforts to provide records in an electronic form requested by any person, even where such records are not usually maintained in such form." Section 3 of the bill would make the Federal Register accessible electronically and would require each government agency to publish an index of all information retrievable in electronic form, to describe all databases used by the agency, and to list all statutes that the agency uses to withhold information under exemption (b)(3). In addition, S. 1940 would: 1) Address the problem of delays in responding to FOIA requests 2) Require the agency to notify the requester of "the total number of denied records and paes considered by the agency to have been responsive to the request." S. 1939 would: 1) Narrow the scope of exemptions 2) Broaden the fee waiver and fee reduction requirements 3) Narrow the exemption concerning law enforcement records 4) Narrow the exemption to protect financial information The Senate Judiciary Subcommittee on Technology and the Law plans to hold hearings on the bills in March, 1992. The ACLU/CNNS is organizing a lobbying coalition in support of both of these bills. FOr more information, please call Gary Stern at 202-675-2327. _First Principles_ is published by the Center for National Security Studies, 122 Maryland Avenue, NE, Washington, DC 20002. Subscriptions are $15/year (and $10 for students). Sample copies are available on request. ------------------------------ End of Computer Underground Digest #4.02 ************************************