Computer underground Digest Sun Apr 25 1993 Volume 5 : Issue 30 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Cyop Editor: Etaoin Shrdlu, Senior CONTENTS, #5.30 (Apr 25 1993) File 1--New disclosures in 2600 case File 2--Press release on "Clipper Chip" encryption initiative File 3--THE CLIPPER CHIP: A TECHNICAL SUMMARY File 4--Sysop jailed in Georgia (article by Lance Rose) File 5--Phone Fraud in the Telecom Industry Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically from tk0jut2@mvs.cso.niu.edu. The editors may be contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL0 and DL12 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on the PC-EXEC BBS at (414) 789-4210; and on: Rune Stone BBS (IIRG WHQ) 203-832-8441 NUP:Conspiracy CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: from the ComNet in Luxembourg BBS (++352) 466893; ANONYMOUS FTP SITES: UNITED STATES: ftp.eff.org (192.88.144.4) in /pub/cud uglymouse.css.itd.umich.edu (141.211.182.53) in /pub/CuD/cud halcyon.com( 202.135.191.2) in /pub/mirror/cud AUSTRALIA: ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD. EUROPE: nic.funet.fi in pub/doc/cud. (Finland) ftp.warwick.ac.uk in pub/cud (United Kingdom) Back issues also may be obtained through mailserver at: server@blackwlf.mese.com COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- From: David Sobel Date: Wed, 21 Apr 1993 22:19:29 EST Subject: File 1--New disclosures in 2600 case As you may recall, last November at a shopping mall outside of Washington, DC, a group of people affiliated with the computer magazine "2600" was confronted by mall security personnel, local police officers and several unidentified individuals. The group members were ordered to identify themselves and to submit to searches of their personal property. Their names were recorded by mall security personnel and some of their property was confiscated. However, no charges were ever brought against any of the individuals at the meeting. Computer Professionals for Social Responsibility ("CPSR") filed suit under the Freedom of Information Act and today received the Secret Service's response to the FOIA lawsuit, in which we are seeking agency records concerning the break-up of the meeting. I think it's safe to say that our suspicions have now been confirmed -- the Secret Service *did* obtain a list of names from mall security identifying the people in attendance at the meeting. There are three main points contained in the Secret Service's court papers that are significant: 1) The agency states that the information it possesses concerning the incident was obtained "in the course of a criminal investigation that is being conducted pursuant to the Secret Service's authority to investigate access device and computer fraud." 2) The agency possesses two relevant documents and the information in those documents "consists solely of information identifying individuals." 3) The information was obtained from a "confidential source," and the agency emphasizes that the FOIA's definition of such a source includes "any private institution which provided information on a confidential basis." Taken together, these facts seem to prove that the Secret Service wanted names, they had the mall security people collect them, and they came away from the incident with the list they wanted. The agency asserts that "[t]he premature release of the identities of the individual(s) at issue could easily result in interference to the Secret Service's investigation by alerting these individual(s) that they are under investigation and thus allowing the individual(s) to alter their behavior and/or evidence." CPSR, in conjunction with EFF and the ACLU, is planning to challenge the actions of the mall security personnel, the local police and the Secret Service on the ground that the incident amounted to a warrantless search and seizure conducted at the behest of the Secret Service. David Sobel CPSR Legal Counsel dsobel@washofc.cpsr.org ------------------------------ Date: Mon, 19 Apr 93 19:12:48 PDT From: ross@QCKTRN.COM(Gary Ross) Subject: File 2--Press release on "Clipper Chip" encryption initiative Date - Mon, 19 Apr 1993 16:44-0400 >From - The White House Subject - Press release on "Clipper Chip" encryption initiative THE WHITE HOUSE Office of the Press Secretary ++++++++++++++++++++++++++++++++++++ For Immediate Release April 16, 1993 STATEMENT BY THE PRESS SECRETARY The President today announced a new initiative that will bring the Federal Government together with industry in a voluntary program to improve the security and privacy of telephone communications while meeting the legitimate needs of law enforcement. The initiative will involve the creation of new products to accelerate the development and use of advanced and secure telecommunications networks and wireless communications links. For too long, there has been little or no dialogue between our private sector and the law enforcement community to resolve the tension between economic vitality and the real challenges of protecting Americans. Rather than use technology to accommodate the sometimes competing interests of economic growth, privacy and law enforcement, previous policies have pitted government against industry and the rights of privacy against law enforcement. Sophisticated encryption technology has been used for years to protect electronic funds transfer. It is now being used to protect electronic mail and computer files. While encryption technology can help Americans protect business secrets and the unauthorized release of personal information, it also can be used by terrorists, drug dealers, and other criminals. A state-of-the-art microcircuit called the "Clipper Chip" has been developed by government engineers. The chip represents a new approach to encryption technology. It can be used in new, relatively inexpensive encryption devices that can be attached to an ordinary telephone. It scrambles telephone communications using an encryption algorithm that is more powerful than many in commercial use today. This new technology will help companies protect proprietary information, protect the privacy of personal phone conversations and prevent unauthorized release of data transmitted electronically. At the same time this technology preserves the ability of federal, state and local law enforcement agencies to intercept lawfully the phone conversations of criminals. A "key-escrow" system will be established to ensure that the "Clipper Chip" is used to protect the privacy of law-abiding Americans. Each device containing the chip will have two unique "keys," numbers that will be needed by authorized government agencies to decode messages encoded by the device. When the device is manufactured, the two keys will be deposited separately in two "key-escrow" data bases that will be established by the Attorney General. Access to these keys will be limited to government officials with legal authorization to conduct a wiretap. The "Clipper Chip" technology provides law enforcement with no new authorities to access the content of the private conversations of Americans. To demonstrate the effectiveness of this new technology, the Attorney General will soon purchase several thousand of the new devices. In addition, respected experts from outside the government will be offered access to the confidential details of the algorithm to assess its capabilities and publicly report their findings. The chip is an important step in addressing the problem of encryption's dual-edge sword: encryption helps to protect the privacy of individuals and industry, but it also can shield criminals and terrorists. We need the "Clipper Chip" and other approaches that can both provide law-abiding citizens with access to the encryption they need and prevent criminals from using it to hide their illegal activities. In order to assess technology trends and explore new approaches (like the key-escrow system), the President has directed government agencies to develop a comprehensive policy on encryption that accommodates: the privacy of our citizens, including the need to employ voice or data encryption for business purposes; the ability of authorized officials to access telephone calls and data, under proper court or other legal order, when necessary to protect our citizens; the effective and timely use of the most modern technology to build the National Information Infrastructure needed to promote economic growth and the competitiveness of American industry in the global marketplace; and the need of U.S. companies to manufacture and export high technology products. The President has directed early and frequent consultations with affected industries, the Congress and groups that advocate the privacy rights of individuals as policy options are developed. The Administration is committed to working with the private sector to spur the development of a National Information Infrastructure which will use new telecommunications and computer technologies to give Americans unprecedented access to information. This infrastructure of high-speed networks ("information superhighways") will transmit video, images, HDTV programming, and huge data files as easily as today's telephone system transmits voice. Since encryption technology will play an increasingly important role in that infrastructure, the Federal Government must act quickly to develop consistent, comprehensive policies regarding its use. The Administration is committed to policies that protect all American's right to privacy while also protecting them from those who break the law. Further information is provided in an accompanying fact sheet. The provisions of the President's directive to acquire the new encryption technology are also available. For additional details, call Mat Heyman, National Institute of Standards and Technology, (301) 975-2758. ----- End Included Message ----- ------------------------------ Date: Wed, 21 Apr 93 19:21:48 EDT From: denning@cs.cosc.georgetown.edu (Dorothy Denning) Subject: File 3--THE CLIPPER CHIP: A TECHNICAL SUMMARY ((REPRINTED FROM RISKS DIGEST, #14.52)) THE CLIPPER CHIP: A TECHNICAL SUMMARY Dorothy Denning Revised, April 21, 1993 INTRODUCTION On April 16, the President announced a new initiative that will bring together the Federal Government and industry in a voluntary program to provide secure communications while meeting the legitimate needs of law enforcement. At the heart of the plan is a new tamper-proof encryption chip called the "Clipper Chip" together with a split-key approach to escrowing keys. Two escrow agencies are used, and the key parts from both are needed to reconstruct a key. CHIP CONTENTS The Clipper Chip contains a classified single-key 64-bit block encryption algorithm called "Skipjack." The algorithm uses 80 bit keys (compared with 56 for the DES) and has 32 rounds of scrambling (compared with 16 for the DES). It supports all 4 DES modes of operation. The algorithm takes 32 clock ticks, and in Electronic Codebook (ECB) mode runs at 12 Mbits per second. Each chip includes the following components: the Skipjack encryption algorithm F, an 80-bit family key that is common to all chips N, a 30-bit serial number (this length is subject to change) U, an 80-bit secret key that unlocks all messages encrypted with the chip The chips are programmed by Mykotronx, Inc., which calls them the "MYK-78." The silicon is supplied by VLSI Technology Inc. They are implemented in 1 micron technology and will initially sell for about $30 each in quantities of 10,000 or more. The price should drop as the technology is shrunk to .8 micron. ENCRYPTING WITH THE CHIP To see how the chip is used, imagine that it is embedded in the AT&T telephone security device (as it will be). Suppose I call someone and we both have such a device. After pushing a button to start a secure conversation, my security device will negotiate an 80-bit session key K with the device at the other end. This key negotiation takes place without the Clipper Chip. In general, any method of key exchange can be used such as the Diffie-Hellman public-key distribution method. Once the session key K is established, the Clipper Chip is used to encrypt the conversation or message stream M (digitized voice). The telephone security device feeds K and M into the chip to produce two values: E[M; K], the encrypted message stream, and E[E[K; U] + N; F], a law enforcement field , which are transmitted over the telephone line. The law enforcement field thus contains the session key K encrypted under the unit key U concatenated with the serial number N, all encrypted under the family key F. The law enforcement field is decrypted by law enforcement after an authorized wiretap has been installed. The ciphertext E[M; K] is decrypted by the receiver's device using the session key: D[E[M; K]; K] = M . CHIP PROGRAMMING AND ESCROW All Clipper Chips are programmed inside a SCIF (Secure Compartmented Information Facility), which is essentially a vault. The SCIF contains a laptop computer and equipment to program the chips. About 300 chips are programmed during a single session. The SCIF is located at Mykotronx. At the beginning of a session, a trusted agent from each of the two key escrow agencies enters the vault. Agent 1 enters a secret, random 80-bit value S1 into the laptop and agent 2 enters a secret, random 80-bit value S2. These random values serve as seeds to generate unit keys for a sequence of serial numbers. Thus, the unit keys are a function of 160 secret, random bits, where each agent knows only 80. To generate the unit key for a serial number N, the 30-bit value N is first padded with a fixed 34-bit block to produce a 64-bit block N1. S1 and S2 are then used as keys to triple-encrypt N1, producing a 64-bit block R1: R1 = E[D[E[N1; S1]; S2]; S1] . Similarly, N is padded with two other 34-bit blocks to produce N2 and N3, and two additional 64-bit blocks R2 and R3 are computed: R2 = E[D[E[N2; S1]; S2]; S1] R3 = E[D[E[N3; S1]; S2]; S1] . R1, R2, and R3 are then concatenated together, giving 192 bits. The first 80 bits are assigned to U1 and the second 80 bits to U2. The rest are discarded. The unit key U is the XOR of U1 and U2. U1 and U2 are the key parts that are separately escrowed with the two escrow agencies. As a sequence of values for U1, U2, and U are generated, they are written onto three separate floppy disks. The first disk contains a file for each serial number that contains the corresponding key part U1. The second disk is similar but contains the U2 values. The third disk contains the unit keys U. Agent 1 takes the first disk and agent 2 takes the second disk. Thus each agent walks away knowing an 80-bit seed and the 80-bit key parts. However, the agent does not know the other 80 bits used to generate the keys or the other 80-bit key parts. The third disk is used to program the chips. After the chips are programmed, all information is discarded from the vault and the agents leave. The laptop may be destroyed for additional assurance that no information is left behind. The protocol may be changed slightly so that four people are in the room instead of two. The first two would provide the seeds S1 and S2, and the second two (the escrow agents) would take the disks back to the escrow agencies. The escrow agencies have as yet to be determined, but they will not be the NSA, CIA, FBI, or any other law enforcement agency. One or both may be independent from the government. LAW ENFORCEMENT USE When law enforcement has been authorized to tap an encrypted line, they will first take the warrant to the service provider in order to get access to the communications line. Let us assume that the tap is in place and that they have determined that the line is encrypted with the Clipper Chip. The law enforcement field is first decrypted with the family key F, giving E[K; U] + N. Documentation certifying that a tap has been authorized for the party associated with serial number N is then sent (e.g., via secure FAX) to each of the key escrow agents, who return (e.g., also via secure FAX) U1 and U2. U1 and U2 are XORed together to produce the unit key U, and E[K; U] is decrypted to get the session key K. Finally the message stream is decrypted. All this will be accomplished through a special black box decoder. CAPSTONE: THE NEXT GENERATION A successor to the Clipper Chip, called "Capstone" by the government and "MYK-80" by Mykotronx, has already been developed. It will include the Skipjack algorithm, the Digital Signature Standard (DSS), the Secure Hash Algorithm (SHA), a method of key exchange, a fast exponentiator, and a randomizer. A prototoype will be available for testing on April 22, and the chips are expected to be ready for delivery in June or July. ACKNOWLEDGMENT AND DISTRIBUTION NOTICE. This article is based on information provided by NSA, NIST, FBI, and Mykotronx. Permission to distribute this document is granted. ------------------------------ Date: Wed, 14 Apr 93 12:02:29 GMT From: rwebb@nyx.cs.du.edu (Russell Webb) Subject: File 4--Sysop jailed in Georgia (article by Lance Rose) ((MODERATOR'S NOTE: The following article comes from BOARDWATCH Magazine, a monthly hardcopy summary of news and features devoted to the BBS world. Subs are $36 for one year or $59 for two. Information about BOARDWATCH can be obtained from Jack Rickard (editor) at jrickard@teal.csn.org or by writing: BOARDWATCH; 7586 West Jewell Ave., Suite 200; Lakewood CO (80232)). I ran into this article on a local NYC BBS. Lance Rose, the author, has kindly granted permission for the article to be posted to comp.org.eff.talk. I haven't seen any discussions about this event on this newsgroup. If I've missed any sort of prior discussion on this in comp.org.eff.talk, then I offer my apologizes in advance for the use of bandwidth. -Russell Webb rwebb@nyx.cs.du.edu +++++++ LEGALLY ONLINE ============== SYSOP JAILED IN GEORGIA +++++++++++++++++++++++ by Lance Rose Adult BBS' continue to spread across the country. Many of them openly carry industrial-strength hardcore materials, without much apparent concern for legal reprisals. One might wonder if the sysops of these BBS' are fools to proceed so fearlessly, or perhaps the vanguard of a new era of online sexual liberation. More likely, they simply assume the coast is clear. There is virtually no hard news about adult BBS' or their operators getting into trouble. Murky rumors abound (including some retold in this column several months ago), but they're easy to shrug off in their vagueness. The suspense is over. A man named Robert Houston is currently doing time in a jail in Jackson, Georgia, based on the presence of sexually oriented materials on the BBS he owned and operated. Ironically, he seems to be one of the guys who took all the right precautions. In the end, his prudent measures lost out to a repressive local cultural climate and petty personal vengeance. For over two years, Mr. Houston's quiet incarceration did not raise even a murmur. Then suddenly, he showed up briefly in a segment of the CNN news show Technology Week as an example of a sysop who got popped. An interview with Mr. Houston was hastily arranged afterward, just in time for this issue of Boardwatch. In a collect call from the Georgia Diagnostic Center, Robert Houston described how he went from sysop of an adult BBS to convicted felon: Houston owned and operated a video store and repair shop in Georgia. His BBS, a Wildcat system called the Stonewall BBS, was a hobby, and did not net him any money. There was a sister BBS called "Stonewall West" in California, but the two operations shared little but their names. The Stonewall BBS contained sexually-oriented adult materials, both straight and gay varieties. Different types of adult materials were separated from each other by security levels defined on the BBS. The materials were relatively mild by adult BBS standards. According to Houston, nothing on the BBS was racier than what one might find in Hustler, a popular magazine nationally distributed on newsstands. There were no files with extreme material such as child pornography or bestiality. There was also a popular chat area, which Houston describes as the BBS version of a 900 sex talk line. using computers to converse instead of our voices. These areas and materials were closed to casual visitors. Anyone wishing access to the adult materials on Stonewall BBS first had to pass through Houston's hair-raisingly exhaustive verification procedures. On the first call to Stonewall, each caller had to fill in a standard questionnaire of personal information - name, address, age, phone number, and so on. Upon completion, the caller was asked if he desired access to any of the adult areas of the BBS. If the answer was yes, the caller was asked which category of materials interested him, and what kind of lifestyle he led. Houston says he used this classification to try and group together people of similar interests within the system. Houston himself was gay, and had a fair amount of gay-oriented materials on the system. Next, all callers, regardless of whether they filled out both questionnaires or only the first one, were placed in the "new users romper room" area of Stonewall. Callers still wishing to proceed with registration were then led into an automated callback verification sequence, where the BBS software called back the number submitted by the caller. After callback verification, new callers were still restricted to the new users romper room. In this area, callers could sample limited, non-adult-oriented sections of the BBS, but could not upload or download any files. In the evenings, Houston read through all new applications for the day. He called back all applicants personally the next day, and verified their applications by voice. In certain cases, such as borderline-age applicants stating they were college students, he checked their references to make sure they were genuine. All callers who passed this verification step then had to send Houston photocopies of their driver's licenses, after which they were finally given access to the adult areas. Houston's verification process was quite an extended routine, but he says he fully verified over 600 callers using this method. Houston's troubles started when he fired a teenage employee of his video store business for basic laziness. According to Houston, directly upon being fired the ex-employee went to Sheriff Earle Lee of Douglas County, Georgia, the county in which Stonewall BBS operated. He told Sheriff Lee that Houston was running a nationwide network for the distribution of homosexual materials from the Stonewall BBS. The police moved like lightning on these charges. The employee was fired Saturday, September 8, 1990. Two days later, on Monday, September 10, Sheriff Lee and his deputies hauled Houston off to jail and confiscated his computer equipment. The arrest and seizure warrant, and the indictment that followed, contained four counts against Houston: 2 counts of distribution of obscene materials; 1 count of solicitation of sodomy; and 1 count that Houston "provided a medium as to which sexually explicit materials containing children could be found". The counts in the indictment were based on the testimony of two of Houston's ex-employees: the one who started the legal process against Houston, and another who had been fired some months earlier. The second ex-employee, according to Houston, was a computer hacker whom Houston had suspected of stealing some money from his business, then altering his business computer records to cover it up. For the indictment, both ex-employees testified that Houston had created sex videos with them (another allegation he entirely denies), and that he had given them both access to the adult areas of his BBS while they were his employees, even though they were 17- year-old minors. Houston thought they were 18 years old until then. Houston entirely denies all accusations. After sitting in jail for a couple of months, Houston went to trial and lost. The prosecuting attorney was D.A. David McDade of Douglas County. Houston paid his own lawyer $10,000, and had no money left to pay for an appeal after the trial. Houston says the trial against him was filled with misconduct. Perhaps his most shocking charge is that the State did not use a police expert or independent expert to evaluate the materials contained in his confiscated BBS. Instead, they put his own ex-employee, the computer hacker who testified against him for the indictment, in charge of investigating the computer to conduct the State's own inspection of the evidence! This amazing approach bore no resemblance to normal procedure, which was to send seized evidence requiring technical examination to the Georgia Crime Lab. If Houston's charge is true, this is fatal contamination of the evidence - placing key evidence against the accused in the hands of a hostile and complaining witness! Further, Houston says the hacker/ex-employee made the most of his opportunity, tampering with the BBS computer files to create damning evidence against Houston. Specifically, Houston says that computer files were altered before trial to make it look like he had been using his BBS to solicit two 17-year-olds. There were indeed two 17-year-olds on Stonewall BBS, but Houston had given them access only to a special "teen board" area he set especially up for them. Houston believes his ex-employee, while he had control of BBS computer, raised the 17 year olds' security level to make it look like they had access to the adult materials, and added suggestive messages addressed from Houston to these callers. Houston moved for inspection of the computer prior to trial, but the judge denied his motion. Houston also lined up 3 different computer experts to check the BBS system for tampering using software tools for inspecting the computer's hard disk, and to testify to the tampering at trial. For reasons that are unclear, his lawyer refused to use the experts. Finally, Houston wanted to show the judge at trial how his BBS worked and how he maintained system security and age verification, but the judge would not permit the demonstration. In the end, Houston was convicted of a single count of sexual exploitation of children, under Georgia Statute 16-12-100-B6. This conviction classifies him as a craven sex offender, equivalent to a rapist. The only evidence supporting his conviction were the computer records regarding the 17-year-olds submitted by the ex-employee hacker. As mentioned above, Houston's lawyer failed to offer expert testimony disputing the authenticity and accuracy of the computer records regarding the 17-year-olds' status on the system. Houston's lawyer further failed to obtain testimony from the 17-year-olds themselves, which could have shown the computer evidence to be false. Houston seems bewildered at the approach taken by his lawyer. The only reasoning the lawyer seems to have given him for these seeming enormous strategic lapses is that such attempts to discredit the state's case would only make Houston look worse in the eyes of the judge. Houston says there is no law against precisely what he's been imprisoned for, and says the prosecuting D.A. said the same thing publicly after his conviction. Despite the unanimous confusion over whether Houston is actually guilty of any wrongdoing, he remains in jail for the time being. Houston is due to be released in September, 1993, and says he plans to head out of Georgia as soon as he is permitted to do so. Douglas County has not been very kind to Robert Houston. It is hard to say exactly what role local intolerance of his sexual preferences might have played in the insulting abridgement of personal rights Mr. Houston has suffered through, but it would explain the shocking manner in which his prosecution was carried out. The story above is based solely on the interview with Mr. Houston. Clearly there are some areas in which it would be useful to know the other side of the story. Nonetheless, we can make some useful observations looking at things just from his side of the cell bars. First, here is a sysop in jail for running an adult bulletin board. For those who refused caution up to now for lack of evidence that people are getting in trouble: here is your evidence. Take note that Houston was not convicted of having any obscene or child pornography materials on his BBS. Those carrying such materials could end up in hotter water than he did if they are ever exposed to the court process. Second, sysops reading this may be comforting themselves that the exact freakish course of events Houston suffered through will not likely be repeated. However, Houston's case is also illustrative of the way things can break down and land you in a heap of trouble. In his case, canning a lazy employee ended up landing him in jail, convicted of being a sleazy, child-molesting BBS sysop. Future sysop convictions, whenever and wherever they occur, can easily follow similarly tortuous paths from precipitating cause to miserable result. Those who think they are clever enough to stay out of trouble while running a hardcore porn board may see their whole scheme unravel due to one forgotten loose end. Third, Houston's situation provides yet another example of the institutional amnesia still inflicting far too many law enforcement authorities and agents: they forget all about the Constitution, especially the First Amendment, when they seize a BBS. Houston's BBS was not adjudged to have any illegal materials falling outside the First Amendment's protection of freedom of speech and of the press. His conviction, contrived though it may have been, was only for certain conduct. Yet his BBS was taken down, and likely will never be resurrected, at least in Georgia. There is a danger of reading too much into what happened to Robert Houston (except for sysops knowingly running hardcore porn boards, who should pay very careful attention to his plight). His peculiar treatment at the hands of the Douglas County legal system does not mean that all BBS' have suddenly become unsafe. Running a BBS carries about the same risk as it always has. If you are reasonable in how you run your BBS, and don't knowingly get involved with anything illegal, your chances of legal trouble are next to nothing. Think of Robert Houston as a sysop who tried very hard to be careful while running a BBS with contents that were riskier than average, and one day got hit by lightning. THAT'S ENTERTAINMENT! Just as this column was being readied for submission, WNBC's "News at Eleven" showed the first installment of a news series to be aired all week called "Software: Hard Porn." This astonishing piece of television journalism starts off with a surveillance film showing two men on a couch discussing a snuff movie they'd like to make using a little kid. The narrator's voice-over informs us that this time, the snuff guys are talking about procuring their dispensable prey using a computer bulletin board . . . The segment segues into much milder territory, next featuring the talking head of Bruce Fancher of MindVox (a NYC Unix-based BBS system and Internet access site) discussing the easy availability of adult GIF image files on BBS'. Several shots of files supposedly taken from BBS' are shown, mostly just girlie pictures almost too tame for Playboy. Surprisingly, the voice-over informs us that such pictures are all quite legal. They are legal, of course. The surprising part is that the TV folks got it right. But don't relax yet. In the very next breath, we are told that the same BBS' carrying the adult image files also play host to pedophiles, who seek out youngsters and attempt to arrange illicit meetings for sexual purposes. Through the magic of TV sequencing, those cute girlie shots are instantly converted from admittedly protected free speech to cheesecake posters on the walls of dens of sin inhabited by sleazy, lecherous old men. The dens of sin, of course, are the BBS' in which they prowl. So ends the first short episode of "Software: Hard Porn", with the promise of more rating-boosting tidbits about the sleazy world of BBS' in tomorrow's news report. This is a good postscript to the Houston piece. It shows that not only did someone with an adult board get nailed, but the anti-BBS porn drumbeat is steadily swelling in the public consciousness. This is not the first news show covering the BBS porn angle. Last year, WOR in New York ran a story with a similar theme. But as Howard Stern likes to remind his listeners (after his show on WOR ended), no one watches WOR, while WNBC is one of the real TV stations in the New York market. Those who are committed to running hard core porn BBS' should watch their backs. (Copyright 1993, Lance Rose) [Lance Rose is an attorney practicing high-tech, computer and intellectual property law in Montclair New Jersey, and is available on the Internet at elrose@well.sf.ca.us and on CompuServe at 72230,2044. He works with shareware publishers, software authors, system operators, technology buyers, interactive media developers, on-line database services and others in the high technology area. He is also author of the book SYSLAW, a legal guide for bulletin board system operators, available from PC Information Group (800)321-8285. - Editor] ------------------------------ Date: 16 Apr 93 21:55:03 EDT From: Gordon Meyer <72307.1502@COMPUSERVE.COM> Subject: File 5--Phone Fraud in the Telecom Industry Information Week (4/12/93 pg 68) cites an article that appeared in the San Francisco Chronicle (4/7/93 pg D1)... Of the nations 700 largest telecommunications customers, 70% reported toll fraud losses that averaged $125,000 in the past five years. Network Security ================ The April 12, 1993 edition of Information Week has a cover story on 'network insecurity'. Refer to "Are Your Networks Secure?" (pgs 30 - 35) for the full details. One amusing quote from an unnamed security analyst..."Companies would rather admit their CEO is an alcoholic than acknowledge a security break." Webster's Adds Nerdspeak ======================== The next edition of Merriam-Webster's Collegiate Dictionary, due out May 3, 1993, will add several computer-related words. The company says these words have become common enough that people outside of the computer industry may need to look up their meaning. Some of the words added include "computerphobe", "technobabble", "vaporware", and "voice mail". (Information Week. April 12, 1993 pg 60) ------------------------------ End of Computer Underground Digest #5.30 ************************************