Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!dimacs.rutgers.edu!mips!pacbell.com!att!cbnewsh!wcs From: wcs@cbnewsh.cb.att.com (Bill Stewart 908-949-0705 erebus.att.com!wcs) Newsgroups: comp.org.eff.talk Subject: Re: Len Rose sentenced to Prison Term Message-ID: <1991Jun29.015035.26523@cbnewsh.cb.att.com> Date: 29 Jun 91 01:50:35 GMT References: <9272@hsv3.UUCP> <1991Jun27.160030.8689@cbnewsh.cb.att.com> <1991Jun28.124441.4768@midway.uchicago.edu> Distribution: usa Organization: My own purely personal opinions. Lines: 134 As usual, I've got to make the disclaimer that I'm only speaking my personal opinions, these are not intended to represent AT&T's position, I don't know the AT&T people involved, etc. I'm also not a lawyer, though I sometimes play a politician on TV :-) I have heard Bill Cook speak (he's competent and professional, though his opinions about "freedom of the press" in the context of the electronic press are pretty chilling, and I think he applies them to paper press as well - but he does know that there is a Constitution and thinks it's important) and also the SS agent from Baltimore (I'm about 90% sure it was Tim Foley, but it may have been Jack Lewis or someone named Terry) who was, in my personal and definitely biased opinion, a dangerously incompetent bozo who seemed clueless about the potential that his actions had Constitutional implications or that civil rights existed or mattered. In article <1991Jun28.124441.4768@midway.uchicago.edu> learn@piroska.uchicago.edu (William Vajk (igloo)) writes: V% In article <160030.8689@cbnewsh.cb.att.com> Bill Stewart writes: V% >I'm personally surprised that they count V% >login.c as such a high fraction of the total value of UNIX source code, V% >but I doubt they sell it separately anyway - and you put a different V% >value on something that's been ripped off than on something you sell. V% Perjury is perjury, regardless. There is an investigation in progress V% regarding SE Bell's evaluation of the E-911 file in the Neidorf case. ... V% But Bill, I want you to please pay close attention to what happens whenever V% there's a civil infraction regarding a copyright. AT&T pulls government V% strings to upgrade the infraction to a criminal status, with absolutely no V% compulsions against lieing as they did about the value of login.c. ... V% Not much different from SE Bell, a former part of AT&T, who initially V% valued the E-911 file at $ 77,000 while selling copies for under $ 20. [ Actually $79,449, later reduced to $22,987 and then $13 ] I strongly disagree with your interpretations of the events, in particular "AT&T pulls government strings" and "lieing about the value". AT&T could have done a better job of making the government behave ethically and rationally and use their information correctly, but they're about Nth on the list of blamees, after a whole herd of government people as well as other non-AT&T "experts". First off all, you should review Computer Underground Digest 2.00, which has a copy of Agent Tim Foley's application and affadavit for the search warrant for Len Rose's stuff. The affadavit describes (my description, not his) how Foley, in his gonzo investigation of the E911 affair and repeated interrogations of Craig Neidorf, with the help of several other non-AT&T people, encountered the modified login.c code which Craig said he got from Len. Foley checked with someone at AT&T about whether this really was AT&T UNIX SVR3.2 source code, and what the value was, and was told that it was, and was worth about $75,000. This was NOT AT&T running to the government asking them to turn a copyright-violation civil case into a criminal investigation, this is the government taking a gonzo criminal investigation and bringing AT&T into it as well. Yell at Foley or his helpers. (Please!) (Actually, copyright violation never seems to have been charged, though theft of trade secrets was, ] ~$77,000 is the standard quantity-1 price of a UNIX System V Release 3.2 Operating System source license. I'm not aware that they sell any subset of the source code without the license for the whole thing, so would seem to be the only correct price. (*Price*, not value, which is an entirely different issue - there's what it cost to develop over the years, there's what it's worth to keep it a trade secret, there's $75K*sizeof(login.c)/sizeof(sum(unix)), there's what they'd sell it for if someone convinced us to unbundle it, there's what it would cost to write it yourself, and there are dozens of other possible approaches.) They certainly don't sell a source license without making you sign a contract not to give the source to people who don't have licenses, unless you make a SUBSTANTIALLY higher offer, like $1 Billion ;-) Foley's affadavit refers to "the UNIX SVR3.2 source code" a dozen times, giving the naive reader (e.g. the judge) the impression that it was the whole thing - only one sentence refers to it as the login program, and another refers to "the 19 pages of AT&T UNIX SVR3.2 source code", which a knowledgable person would realize was only a small part. The 3/22/91 DoJ press release which announced Len's plea bargain says: DOJ> The login program is licensed by AT&T at $27,000 per license. The CuD #1.28 issue has an interview with Len, in which Len says the version of login.c he used was obsolete, since 3.2 had included shadow password file. Just guessing from memory, I think the source code for the original AT&T UNIX System V Operating system license was about $27,000 - perhaps the $27K is the entire price of the first source code release containing the actual version of code he had? Calling it a lie by AT&T is unreasonable, especially if you don't know what question the Feds asked AT&T to answer, which I don't. The Feds *certainly* had the responsibility to use a more reasonable price in their affadavits and indictments - even if Rolls Royce won't sell you a Rolls Royce Ignition Key without selling you the whole car, stealing a set of car keys isn't the same as stealing the car - though it IS more serious than stealing a set of blank car keys. The Feds also certainly had the responsibility to explain in their affadavit the fact that they believed that the code Len possessed was stolen or obtained by fraud, as opposed to breach of contract by some unnamed person - otherwise the law probably wouldn't apply - and that the code was the ONLY thing in the long list of items they wanted to seize that they actually contend was stolen property, which is DISTINCTLY not obvious from reading it unless you already know the facts, which the judge presumably didn't. Their justification for the assertion that login.c was an access device as per 18 USC 1030(a) (6) was extremely shady as well, saying it was "specially modified so that it could be inserted by a computer hacker into any computer using a Unix operating system" which was unbelievably incorrect and misleading - I haven't read the law in a while, but the one-sentence description in the affadavit could have applied to almost ANY information that someone could use to help break into a system, such as how ASCII and RS-232 work. Admittedly, the alleged quote from Terminus's comments about "Hacked by Terminus to enable stealing passwords.. This is obviously not a tool for initial system penetration, but instead will allow you to collect passwords and accounts once it's been installed. Ideal for situations where you have a one-shot opportunity for super user privileges.. This source code is not public domain..(so don't get caught with it)." certainly does not add an air of innocence to Rose's image, but a UNIX-knowledgable reader (which one assumes the judge is not), who is maintaining a presumption of innocence (one hopes!), has a non-zero chance of realizing that the events do not indicate that a access information was transmitted "knowingly and with intent to defraud". But it certainly appears that it was intended to give that impression, as well as being presented in the context of AT&T copyright and proprietary information notices. -- Pray for peace; Bill # Bill Stewart 908-949-0705 erebus.att.com!wcs AT&T Bell Labs 4M-312 Holmdel NJ # No, that's covered by the Drug Exception to the Fourth Amendment. # You can read it here in the fine print.