**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 3, Issue #3.11 (April 4, 1991) ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet) ARCHIVISTS: Bob Krause / Alex Smith / Bob Kusumoto POETICA OBSCIVORUM REI: Brendan Kehoe USENET readers can currently receive CuD as alt.society.cu-digest. Back issues are also available on Compuserve (in: DL0 of the IBMBBS sig), PC-EXEC BBS (414-789-4210), and at 1:100/345 for those on FIDOnet. Anonymous ftp sites: (1) ftp.cs.widener.edu (or 192.55.239.132) (back up and running) and (2) cudarch@chsun1.uchicago.edu E-mail server: archive-server@chsun1.uchicago.edu. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. Some authors, however, do copyright their material, and those authors should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to the Computer Underground. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ CONTENTS THIS ISSUE: File 1: Moderators' Corner File 2: From the Mailbag File 3: SUNDEVIL ARREST ANNOUNCED 4/13/91 File 4: Northern District (Ill.) Press Release on Len Rose File 5: Letter to AT&T Cancelling Long-Distance Carrier Service ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Moderators Subject: Moderators' Corner Date: April 4, 1991 ******************************************************************** *** CuD #3.11: File 1 of 5: Moderators' Corner *** ******************************************************************** IN THIS FILE: 1. CASE UPDATES (Ripco, Len Rose, Hollywood Hacker) 2. SUN DEVIL PROSECUTIONS 3. BYTES ON SUN DEVIL AND EFF ++++++++++++ Case Updates ++++++++++++ >>RIPCO: The Ripco case has not been forgotten. Counsel for Dr. Ripco is holding strategies close to the vest, and because the seizure of the BBS is alleged by the Secret Service to be part of an on-going investigation, things move even more slowly. CuD filed an FOIA request to the Secret Service for information on Ripco, and the response was: With regard to Ripco, we regret to inform you that we cannot comply. according to the Freedom of Information Act, there are no records or documents available to you. Persuant to 5 U.S.C. 552 (b) (7) (A), this file is being exempted since disclosure could reasonably be expected to interfere with enforcement proceedings. The citation of the above exemption is not to be construed as the only exemption which may be available under the Freedom of Information Act. >>LEN ROSE: Len Rose will be sentenced in May. We are concerned about the posts we have seen on the nets and in news stories that continue to construe this as a hacking case. Mike Godwin underscored this point in a post in RISKS Forum (#11.40): What makes it unreasonable to claim that Rose is a hacker is the fact that he had authorized access to every system he wanted to use. There was no question of unauthorized intrusion in Len's case. It bears a lot of repeating that Len pled guilty to unauthorized possession of Unix source code, not to computer fraud or unauthorized access. >>THE HOLLYWOOD HACKER: Stuart Goldman, dubbed "The Hollywood Hacker" by Fox News, is still facing state felony charges in California for accessing a computer to which Fox claims he lacked proper authorization. On the surface, this case seems to illustrate the dangers of the broad language of the California computer abuse laws that can make what should require an apology or, at worst, be a low order misdemeanor, a felony charge. We have been waiting for somebody to give us evidence to counter the impression that this case was a set up and an abuse of law, but to date all that we've seen continues to support the preliminary judgment that this is a case of vindictive prosecution, *not* hacking. +++++++++++ First Sun Devil Prosecution +++++++++++ Barbara and John McMullen's Newsbytes reprint below (File #3) summarizes the first prosecutions announced from Operation Sun Devil. Baron M. Majette, a teenager when the alleged offenses occured, was charged with three counts of fraudulent schemes and artifices and three counts of conspiracy under Arizona law. For those wishing information on the case, the case number (Maricopa County) is CR 91-02526: State of Arizona vs. Baron M. Majette aka Doc Savage, aka Samuel Savage. The original search affidavit for the search on May 7, 1990, cites "CI 404-235," a "volunteer, paid" Secret Service informant, as the primary source of the goverment's information. "CI 404-235" was also the informant responsible for providing information that led to the raid on RIPCO. In CuD 3.02, we reported that the Secret Service indicated that this informant ran a sting board that we identified as THE DARK SIDE (run by a sysop known as THE DICTATOR who continues to call boards around the country. +++++++++++++++++++ BYTE's Jerry Pournelle on Operation Sun Devil and the EFF +++++++++++++++++++ Jerry Pournelle, noted science fiction author and computer columnist, hands out his annual "Orchid and Onion" awards in the April 1991 issue of BYTE magazine. (pp 91 -101) Two of this year's 'awards' are of interest to CuD readers: _The Big Onion_ And the Onion of the Year, with Garlic Clusters, goes to Special Agent Tim Foley of the Chicago office of the U.S. Secret Service. While I have good reason to know that many Secret Service people are conscientious and highly competent, Mr. Foley's actions in Austin, Texas, regarding Steve Jackson Games no only exceeded his authority, bu weren't even half competently done. All told, a sorry chapter in the history of the Secret Service, and no service at all to those genuinely concerned with electronic fraud and computer crimes. _The Big Orchid_ The Orchid of the Year goes to Mitch Kapor, for funding the Electronic Freedom Foundation and providing legal help and support to Steve Jackson, whose business was nearly ruined by the Secret Service in Austin. I hold no brief for electronic thieves and snoops, but many of last year's government actions were worse than the disease. Thanks, Mitch, from all of us. Source: BYTE Magazine April 1991 Vol 16, Number 4 pp 92,93 +++++++++ THE EFFECTOR +++++++++ The first copy of the EFF's hardcopy newsletter, THE EFFECTOR, came out and the content and form are great! Highlights include a history of the EFF by John Perry Barlow and Mitch Kapor's summary of the goals of EFF (yes, he *explicitly* states that the EFF unequivocally opposes unauthorized computer trespass). To get on either the hardcopy or net mailing list, drop a note to eff@well.sf.ca.us ++++++++++++++ PHRACK Index ++++++++++++++ Timothy Newsham compiled a complete index for PHRACK. It's about 50 K and is available from the CuD ftp sites and Ripco BBS. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Ah, Sordid Subject: From the Mailbag Date: 4 April, 1991 ******************************************************************** *** CuD #3.11: File 2 of 5: From the Mailbag *** ******************************************************************** From: John Mignault Subject: Eagle's Nest Bust Date: Fri, 29 Mar 91 15:01:10 EST >Date: Fri, 29 Mar 91 10:38:56 EST >Reply-To: PMC-Talk >Sender: PMC-Talk >From: Editors of PmC >Subject: Impounding Computers >To: John Mignault > >From: Christopher Amirault >Subject: Boston Eagle's Nest bust >Date: Wed, 27 Mar 91 13:55:51 CST > >I haven't seen anything about this on any lists, so if you want to post >it elsewhere, feel free. > >In the March 11-17, 1991 edition of _Gay Community News_, the paper >reported that Alden Baker was arrested March 1 on rape charges. Baker >was the monitor of a list called "Boston Eagle's Nest," which allowed >for the sharing of various s&m stories, fantasies, etc. > >The Middlesex County MA DA's office has seized the computer, and there >is some concern that the mailing list on it will be made public or be >handed over to the FBI or something. Needless to say, this could be >the start of something bad. > >I haven't heard any more news (I don't subscribe to GCN), but I would >be interested to hear any other info people can get. > >I don't know if you've heard anything about this (first I've heard of it), but >this seems to put a new slant on underground activity, in that it's not so much >hacker-oriented as it is concerned with obscenity issues... John Mignault ap201058@brownvm.brown.edu ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From: hkhenson@CUP.PORTAL.COM Subject: Letter to San Jose Mercury News on Len Rose Date: Fri, 29 Mar 91 23:00:28 PST March 25, 1991 San Jose Mercury News Dear Editor: Last Friday's Washington Post bylined story, "'Hacker' pleads guilty in AT&T case" presented only the prosecutor's and ATT's side of an issue which has serious implications for the press. The "crime" for which Leonard Rose, Jr. faces a year and a day in jail was that of creating a simple example of how a few-hundred-line login program (a program which allows access) for ATT's Unix system could be modified to collect passwords, and sending this example over state lines to the editor of Phrack, an electronic magazine. Whether Len's example was to instruct criminals on how to obtain continued access after an initial breakin, or if it was to warn system operators to look for modified login programs, his intent is not an issue. Either case is protected under the First Amendment, or mystery stories would be illegal. Pointing out security weaknesses in Unix is certainly a legitimate function of the press. The entire phone system and countless other life- or property-critical computers use this operating system, designed to be portable (runs on many types of computers) and not secure. ATT, of course, prefers that discussion of weaknesses in Unix be suppressed by getting the government to call them "interstate wire fraud." To enlist the computer-ignorant, but long, arm of the law, they inflated the value of a few hundred lines of trivial code to $77,000, just as Southern Bell inflated the value of a document available for $13 to over $79,000 in a related case the government lost against Craig Neidorf, the editor of Phrack. The big difference between the cases was that Neidorf had parents who were able to mortgage their house for the six-figure legal bills, and Rose had been reduced by ATT and the legal system to abject poverty. In both cases the message has been sent: "face jail time or financial ruin if you expose phone company documents to the press." Sincerely, H. Keith Henson +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From: The Works BBS Admin Subject: Is hacking the same as Breaking and Entering? Date: Mon, 01 Apr 91 17:58:17 EDT In response to the question: "Is computer hacking the same as B&E?" Not by far. Breaking and entering has malicious intent, and usually is solely to steal things and/or hurt something. Hacking although portrayed negatively in the press is not like this at all. It is merely looking around at what is in various systems, and learning from it. Occasionally someone deletes a file by mistake. A bad apple meanders in from the the cold and does some harm, but the majority of hackers (in my opinion) are not trying to hurt anything, and only allow themselves a little room to look at, and possible a small chair to sit in from time to time... Say you find an unknown account mysteriously pop up? Why not find out who it is, and what they are looking for first, because as odds go, if they got in there once, they can do it again, no matter what you do. So Breaking and Entering cannot even be classified in the same manner at all. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From: Dave Ferret Subject: Computers and Freedom of Speech Date: Tue, 02 Apr 91 23:35:48 EDT In response to an article in CuD 3.09 on computer publications... What gives people the right to censor and deem something illegal in the electronic media when paper, TV, radio, and the spoken word is perfectly legal and protected by the first amendment. Q: Shouldn't electronic publications be protected under the same article of the constitution that allows free presses? A: Most definitly. The question now is why aren't they? I have no real clue but this is all I can fragment together... That people are afraid of people who are 'electronically' inclined and that if sensitive information reaches say 100 people on an electronic publication, what is to stop them from giving away all the inside secrets? Its the same old story. The egregious behavior of the authorities (Secret Service, et al) is ludicrous. Wouldn't the reprint in a written publication (hard copy) of PHRACK24 (The E911 issue as it has been known so well for) be perfectly legal, except for possibly a small copyright infringement? (They shoved a lot more charges at him than copyright infringement... Mildly..) So when does it change? Are computer publications covered? Look at 2600, I'm sure they printed even more sensitive things in the past and I don't see anyone dragging them in... When will people realize we are entitled to freedom of speech. We have the right to say what we want, and disagree. That is what was guaranteed to us in the first amendment of the constitution. The question has been raised... Why are there different laws governing computers and the physical world? Is this double standard just? No, on both counts. ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Reprint from Newsbytes (John and Barbara McMullen) Subject: SUNDEVIL ARREST ANNOUNCED 4/13/91 Date: April 3, 1991 ******************************************************************** *** CuD #3.11: File 3 of 5: Sundevil Arrest Announced *** ******************************************************************** PHOENIX, ARIZONA, U.S.A., 1991 APR 1(NB) -- The Maricopa County Arizona County Attorney's Office has announced the arrest of Baron Majette, 19, also known as "Doc Savage", for alleged crimes uncovered in the joint federal / state "SunDevil" investigation in progress for over a year. Majette is charged with a number of felony crimes including the use of a telephone lineman's handset in March 1990 to tap into a Toys 'R Us telephone line to set up two conference calls between 15 participants. According to the charges, each call lasted approximately 10 hours and cost $4,000. A spokesperson for the County Attorney's office told Newsbytes that a Tucson resident, Anthony Nusall, has previously pleaded guilty to being a participant in the conference Majette is also accused of illegally accessing TRW's credit data base to obtain personal credit information and account numbers of persons in the TRW database. He is alleged to have then used the information obtained to divert existing account mailings to mail drops and post office boxes set up for this purpose. He is also alleged to have additional credit cards issued based on the information obtained from the database. He is further alleged to have obtained cash, goods and services, such as airline tickets, in excess of $50,000 by using cards and account information obtained through entry into the TRW database. It is further alleged that Majette stole credit cars from U.S. Mail boxes and used them to obtain approximately $10,000 worth of cash, goods and services.The allegations state that Majette acted either alone or as part of a group to perform these actions. A County Attorney spokesperson told Newsbytes that further arrests may be expected as result of the ongoing investigation. While bail was set on these charges at $4,900. Majette is being held on a second warrant for probation violation and cannot be released on bail until the probation hearing has been held. Gail H. Thackeray, former Assistant Attorney General for the State of Arizona, currently working with Maricopa County on the SunDevil cases, told Newsbytes "The SunDevil project was started in response to a high level of complaint of communications crimes, credit card fraud and other incidents relating to large financial losses. These were not cases of persons accessing computers 'just to look around' or even cases like the Atlanta 'Legion of Doom' one in which the individuals admitted obtaining information through illegal access. They are rather cases in which the accused alleged used computers to facilitate theft of substantial goods and services." (Barbara E. McMullen & John F. McMullen/19910401) ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: Gene Spafford Subject: Northern District (Ill.) Press Release on Len Rose Date: Fri, 29 Mar 91 19:10:13 EST ******************************************************************** *** CuD #3.11: File 4 of 5: Chicago Press Release on Len Rose *** ******************************************************************** Information Release US Department of Justice United States Attorney Northern District of Illinois March 22, 1991 FRED FOREMAN, United States Attorney for the Northern District of Illinois, together with TIMOTHY J. McCARTHY, Special Agent In Charge of the United States Secret Service in Chicago, today announced the guilty plea of LEONARD ROSE, 32, 7018 Willowtree Drive, Middletown, Maryland to felony charges brought against him in Chicago and in Baltimore involving Rose trafficing with others in misappropriated AT&T computer programs and computer access programs between May 1988 and February 1, 1990. Under the terms of plea agreements submitted to the United States District Court in Maryland, Rose will serve an agreed, concurrent one year prison term for his role in each of the fraud schemes charged. In pleading guilty to the Baltimore charges, Rose admitted that on October 5, 1989, he knowingly received misappropriated source code(1) for the AT&T UNIX computer operating system from a former AT&T technical contractor. The UNIX operating system is a series of computer programs used on a computer which act as an interface or intermediary between a user and the computer system itself. The UNIX operating system, which is licensed by AT&T at $77,000 per license, provides certain services to the computer user, such as the login program which is designed to restrict access to a computer system to authorized users. The login program is licensed by AT&T at $27,000 per license. In pleading guilty to the Chicago charges, Rose admitted that, after receiving the AT&T source code, he modified the source code governing the computer's login program by inserting a secret set of instructions commonly known as a "trojan horse." This inserted program would cause the computer on which the source code was installed to perform functions the program's author did not intend, while still executing the original program so that the new instructions would not be detected. The "trojan horse" program that Rose inserted into the computer program enabled a person with "system administrator" privileges to secretly capture the passwords and login information of authorized computer users on AT&T computers and store them in a hidden file. These captured logins and passwords could later be recovered from this hidden file and used to access and use authorized users' accounts without their knowledge. The program did not record unsuccessful login attempts. In connection with the Chicago charge, Rose admitted that on January 7, 1990, he transmitted his modified AT&T UNIX login program containing the trojan horse from Middletown, Maryland to a computer operator in Lockport, Illinois, and a student account at the University of Missouri, Columbia Campus. In pleading guilty to the Chicago charges, Rose acknowledged that when he distributed his trojan horse program to others he inserted several warnings so that the potential users would be alerted to the fact that they were in posession of proprietary AT&T information. In the text of the program Rose advised that the source code originally came from AT&T "so it's definitely not something you wish to get caught with." and "Warning: This is AT&T proprietary source code. DO NOT get caught with it." The text of the trojan horse program also stated: Hacked by Terminus to enable stealing passwords. This is obviously not a tool to be used for initial system penetration, but instead will allow you to collect passwords and accounts once it's been installed. (I)deal for situations where you have a one-shot opportunity for super user privileges.. This source code is not public domain..(so don't get caught with it). Rose admitted that "Terminus" was a name used by him in communications with other computer users. In addition to these warnings, the text of Rose's trojan horse program also retained the original warnings installed in the program by AT&T: Copyright (c) 1984 AT&T All rights reserved THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF AT&T This copyright notice above does not evidence any actual or intended publication of the source code. Inspection of this modified AT&T UNlX login source code by AT&T's UNIX licensing group revealed that the modified source code was in fact a "derivative work" based upon the standard UNIX login source code, which was regarded by AT&T as proprietary information and a trade secret of AT&T, which was not available in public domain software. In pleading guilty to the federal charges in Chicago and Baltimore, Rose also acknowledged that, after being charged with computer fraud and theft in federal court in Baltimore, he became employed at Interactive Systems Inc. in Lisle, Illinois. He acknowledged that his former employers at Interactive would testify that he was not authorized by them to obtain copies of their AT&T source code which was licensed to them by AT&T. Rose further admitted that John Hickey, a Member of Technical Staff with AT&T Bell Laboratories in Lisle, Illinois, correctly determined that Rose had downloaded copies of AT&T source code programs from the computer of Interactive to Rose's home computers in Naperville. The computers were examined after they were seized by the Naperville Police Department, executing a State search warrant, As part of the plea agreement charges filed by the DuPage County State's Attorney's Office will be dismissed without prejudice to refiling. The forfeited UNIX computer seized will be retained by the Naperville Police Department. Commenting on the importance of the Chicago and Baltimore cases, Mr. Foreman noted that the UNIX computer operating system, which is involved in this investigation, is used to support international, national, and local telephone systems. Mr. Foreman stated, "The traffic which flows through these systems is vital to the national health and welfare. People who invade our telecommunications and related computer systems for profit or personal amusement create immediate and serious consequences for the public at large. The law enforcement community and telecommunications industry are attentive to these crimes, and those who choose to use their intelligence and talent in an attempt to disrupt these vital networks will find themselves vigorously prosecuted." Mr. Foreman also stated that the criminal information filed in Chicago and a companion information in Baltimore are the initial results of a year long investigation by agents of the United States Secret Service in Chicago, Maryland, and Texas. Mr. Foreman praised the cooperation of the DuPage County State's Attorney's Office and the Naperville Police Department in the investigation. He also acknowledged AT&T's technical assistance to the United States Secret Service in analyzing the computer data seized pursuant to search warrants in Chicago, Baltimore and Austin, Texas. TIMOTHY J. McCARTHY, Special Agent ln Charge of the United States Secret Service in Chicago, noted that Rose's conviction is the latest result of the continuing investigation of the computer hacker organization, the "Legion of Doom." This investigation being conducted by the United States Secret Service in Chicago, Atlanta, New York and Texas, and has resulted in convictions of six other defendants for computer related crimes. Assistant United States Attorney William J. Cook, who heads the Computer Fraud and Abuse Task Force, and Assistant United States Attorneys Colleen D. Coughlin and David Glockner supervised the Secret Service investigation in Chicago. ---------- (1) The UNIX operating system utility programs are written initially in a format referred to as "source code," a high-level computer language which frequently uses English letters and symbols for constructing computer programs. The source code was translated, using another program known as a compiler, into another form of program which a computer can rapidly read and execute, referred to as the "object code." ******************************************************************** >> END OF THIS FILE << *************************************************************************** ------------------------------ From: hkhenson@CUP.PORTAL.COM Subject: Letter to AT&T Cancelling Long-Distance Carrier Service Date: Tue, 2 Apr 91 16:51:03 PST ******************************************************************** *** CuD #3.11: File 5 of 5: Letter to AT&T Cancelling Service *** ******************************************************************** {Moderator Comment: Individuals may or may not be able to change policies with their actions, but if enough people act things will change. Keith Hansen cancelled AT&T as his long distance carrier, and although it may seem a token gesture, if enough of us do it (including the moderators), perhaps AT&T will eventually get the message. Or, perhaps not, as cynics would argue. But, what can it hurt? One observer remarked that AT&T and BellSouth/BellCorp are separate entities, and allusion to the Craig Neidorf trial may not be appropriate. But, as Craig Neidorf remarked, AT&T work closely together and in his case AT&T was well aware of the prosecution's evidence and could readily have intervened because of the close working relationship. As we will suggest in a forthcoming CuD article, AT&T in the past has hardly been reticent to challenge the limits of law when it served their purposes. Yet, when their own ox is gored, they seem to demand invocation of the full measure of criminal law and more. Keith's letter is an excellent model for those willing to follow his example.} March 29, 1991 Robert E. Allen Chairman of the Board ATT Corporate Offices 550 Madison Ave. New York, NY 10022 Dear Mr. Allen: As a loyal ATT long-distance customer all my life, I feel I owe you an explanation for canceling my ATT long-distance service. I have never had a problem with ATT service, operators, or audio quality. I was more than willing to pay the small premium, and have been a heavy user of ATT long-distance services for the past 15 years. I am also a consultant in the computer business who has used Unix and its derivatives intermittently over the past 10 years. Outside of my technical work I have long been involved in legal and political issues related to high technology, especially space. One of my past activities involved the political defeat of an oppressive United Nations treaty. I have also taken substantial personal risks in opposing the organizations of Lyndon LaRouche. During the last three years I have been personally involved with email privacy issues. Because of my interest in email privacy, I have closely followed the abusive activities of Southern Bell and the Secret Service in the Phrack/Craig Neidorf case and the activities of ATT and the Secret Service with respect to the recently concluded case involving Len Rose. Both cases seem to me to be attempts to make draconian "zero tolerance" examples of people who are--at most--gadflies. In actuality, people who were pointing out deficiencies and methods of attack on Unix systems should be considered *resources* instead of villains. I consider this head-in-the-sand "suppress behavior" instead of "fix the problems" approach on the part of ATT and the government to be potentially disastrous to the social fabric. The one thing we don't need is a number of alienated programmers or engineers mucking up the infrastructure or teaching real criminals or terrorists how to do it. I find the deception of various aspects of ATT and the operating companies to obtain behavior suppression activities from the government to be disgusting, and certainly not in your long-term interest. A specific example of deception is ATT's pricing login.c (the short program in question in the Len Rose case) at over $77,000 so the government could obtain a felony conviction for "interstate wire fraud." Writing a version of login.c is often assigned as a simple exercise in first-semester programming classes. It exists in thousands of versions, in hundreds of thousands of copies. The inflation is consistent with Southern Bell's behavior in claiming a $79,000 value for the E911 document which they admitted at trial could be obtained for $13. I know you can argue that the person involved should not have plead guilty if he could defend himself using these arguments in court. Unlike Craig Neidorf, Len Rose lacked parents who could put up over a hundred thousand dollars to defend him, and your company and the Secret Service seem to have been involved in destroying his potential to even feed himself, his wife, and two small children. At least he gets fed and housed while in jail, and his wife can go on welfare. All, of course, at the taxpayer's expense. There are few ways to curtail abuses by the law (unless you happen to catch them on videotape!) and I know of no effective methods to express my opinion of Southern Bell's activities even if I lived in their service area. But I can express my anger at ATT by not purchasing your services or products, and encouraging others to do the same. By the time this reaches your desk, I will have switched my voice and computer phones to one of the other long-distance carriers. My consulting practice has often involved selecting hardware and operating systems. In any case where there is an alternative, I will not recommend Unix, ATT hardware, or NCR hardware if you manage to buy them. Yours in anger, H. Keith Henson cc: Telecom Digest, comp.risk, etc. PS: My wife added the following: I want you to try to understand something--a lesson that can be learned from these cases. We are no longer living in the Industrial Age, when a product could be made in "one-size-fits all," packaged, sold and used without modification or support, like a television. We face massive problems in the Information Age in protecting intellectual property, but we cannot simply transfer old-world, Industrial-Age police attitudes to these problems. Possessing a copy of my program without paying for it is not the same as stealing my television. If you modify my program and make it more usable to the community, I can still go on charging for the use of my program, but I can also incorporate your modifications, and charge for them--especially if I pay you something for the help. If you provide support for my programs (something every major hardware and software manufacturer has had to either severely curtail or--like IBM--abandon altogether without extra charges), then you have made my product more usable. This is what the so-called "hacker" culture is all about. I'm talking about ethical "hackers" here, not the media image of breakin artists or virus-spreading nerds whose only compensation is a malignant satisfaction in destroying computer systems. The "hacker" culture is really a native population of problem solvers whose pleasure is in tailoring products to their own and other's use, and often pushing back the limits on a product. Ethical hackers are willing to pay for their use of products (although it's absurd to charge such a support provider tens of thousands of dollars for source code when he has neither the equipment nor the desire to use source code *as a product*). And they are willing to help others to use them by providing support which ATT could not afford to provide if it charged twice the price for its products! This was the sort of "theft" Len Rose was involved in--custom tailoring of the ATT product, helping customers to use the programs, manipulation of software which he could not use himself in any way except to help others use it. Prosecuting Len Rose was like prosecuting a TV repairman as a thief because he was removing the television from the house to take it to his shop--except that unlike the TV repairman, Len Rose didn't even need to take it into the shop, and his having a copy of it could do nothing except benefit ATT. In the long run, this inappropriate application of Industrial-Age concepts of ownership and prosecution is going to be lethal to you and everyone else in the same boat. While you think you are sending a signal that theft will not be tolerated, what you are actually doing is sending a signal that customer support, personal tailoring of programs and cooperation with ATT in producing a product usable by many more millions of people will not be tolerated. Your problem is partly that no official channels exist for appreciation and remuneration for the type of work Len Rose did as a consultant and support provider, not that "hackers" like him exist and flourish. (Unofficial channels obviously do exist for circulation of ATT materials, else where would he have obtained the source?--a local K-Mart?) And be aware that Len Rose was the least of your worries. Hackers much more powerful than he exist, and you have enraged them when you could have engaged their cooperation. Sincerely, Arel Lucas ******************************************************************** ------------------------------ **END OF CuD #3.11** ********************************************************************