Xref: utzoo comp.org.eff.talk:2710 misc.legal:26947 Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!caen!Firewall!ddsw1!karl From: karl@ddsw1.MCS.COM (Karl Denninger) Newsgroups: comp.org.eff.talk,misc.legal Subject: Public Access Sites -- concerns, problems, and precedents Message-ID: <1991Jun17.051532.6155@ddsw1.MCS.COM> Date: 17 Jun 91 05:15:32 GMT Organization: Macro Computer Solutions, Inc., Wheeling, IL Lines: 122 Some questions for the field: 1) What, today, is the state of the law with regards to public-access systems? Is the "Jolnet/RIPCO/SJG" paradigm what I should expect of our public officials today? If not, what IS? This question is prompted by the recent discussions in comp.dcom.telecom over Len Rose's sentencing. The moderator, Townson, has divulged that there is another ongoing investigation close to producing indictments. Now an indictment is one thing - most people who have gotten in trouble with the government on these issues would be happy with an indictment as the first government move -- but with the last wave of indictments we also saw what appeared to be unconstitutionally broad "general" search and seizure warrants executed. Am I, as a provider of these services, still at risk for this? Mind you, should I be guilty of stealing source code or the like (I'm not) I'd be happy to take my lumps. My system was just audited again (by myself) to insure that none of my users have been doing any pimping of code. That listing of every file on the system took over 6 hours to peruse (it was well over 6MB uncompressed). I took the many hours to do this just to make >sure< that the entire machine is clean. It is. Being "clean" didn't help SJG when the feds came, siezed all their equipment, and nearly destroyed their company! Who should I contact if the government decides to illegally seize my gear and try to destroy my career? What if this "confidential informant" (who I can't confront or question!) decides he has a bone to pick with me -- and lies to the "SS"? Heresay is considered as usable evidence in the issuance of a search and/or seizure warrant! What protection is there for the victim of such an assault -- other than ponying up tens or hundreds of thousands of dollars to sue for recovery? We all know how easy it is to forge email or system logs. I could easily make it appear that anyone I disagreed with had stolen source code -- and presumably, cause their equipment to come under forfeiture proceedings! What defense does a public-access administrator have against this kind of capricious action? Does anyone who wants to run a public-access system have to accept the possibility of this kind of attack and either live with it or go off the air? Going off the air looks rather attractive if this is the case! Does the EFF get involved, or will they get involved, immediately? And if so, who do I call if this sort of thing was to happen? Note well -- I am quite certain as of this hour that my machine is completely free of any program which I do not have the right to use. I don't feel very safe in this knowledge -- I am, and have been, an outspoken critic of the government's policies in this area, and we all know what happens when the government decides they don't like you........ 2) What are the EFF, and other organizations, doing to put a stop to the nonsense that surrounded the last wave? I can think of a number of attacks that should be mounted. Is anyone handling them? Some of these are: o) The SWB officials and other "officers of the court" who allegedly perjured themselves in the process of having warrants for SJG sworn out should be tried for their perjury, if it can be proven. Perjury is normally a criminal offense. Is it not here? o) The entire Neidorf and friends case is in question. Since the one "main" defendant was dismissed, yet the other three were sentenced (after foolishly pleading guilty) should not there be an attempt to have their sentences reconsidered? The sentencing memorandum is rather interesting reading -- it makes reference to many things we now know not to be true, including the idea that the E911 document was a "program"! o) When is a gang of thugs (which is exactly what a goon squad of government "SS" agents coming to your door and holding you at gunpoint while they ransack your home is) going to be tried for these criminal acts? What interest does the "SS" have in the possible theft of someone's source code -- other than as an arm of a quasi-government company like AT&T? Since when is a simple copyright violation like this a criminal matter (it's always been a civil matter in the past for this kind of copyright violation -- the exception being where the defendant engages in this conduct for profit). There is much more which needs attack as well. The entire idea that the posession of information is somehow illegal needs to be striken from the lawbooks. It is the >misuse< of information which should be illegal, not the possession of same. Is it illegal to know how to break into a computer, even if one never uses that information to break into any systems? Should I be able to be punished for telling others how to break into a system if I know how to do so? If the answer to the second question is "yes", then why aren't people who expose security holes in an operating system on the net routinely tried and jailed? How about the mile-wide security hole in ISC Unix that was recently discovered (and is now fixed)? Would the posting which originated from Germany get a US citizen tried and jailed for having "burglar's tools" in the computer context? How about Dan Bernstein, who has posted more than enough information to allow anyone reasonably skilled with Unix to steal passwords and tap sessions on most Ethernet-capable Unix systems! Is he the next person on the chopping block? I ask this question as I ponder whether I should bother to remain on the air as a public-access site. Being "clean" is no longer enough. It is simply unacceptable for me to risk my career and everything I own to provide an on-line Unix system to the public -- especially when you consider that this really IS a hobby for me -- I operate at a considerable monetary loss as it is! Where does it all end? Comments? Other's solutions? Anything at all (except flames) welcome. -- Karl Denninger (karl@ddsw1.MCS.COM, !ddsw1!karl) Public Access Data Line: [+1 708 808-7300], Voice: [+1 708 808-7200] Anon. arch. (nuucp) 00:00-06:00 C[SD]T, req: /u/public/sources/DIRECTORY/README