Received: by lemuria.sai.com (/\==/\ Smail3.1.21.1 #21.11) id ; Thu, 4 Feb 93 07:17 EST Received: from uicvm.uic.edu by mv.MV.COM (5.65/1.35) id AA01571; Thu, 4 Feb 93 05:43:47 -0500 Message-Id: <9302041043.AA01571@mv.MV.COM> Received: from NIU.BITNET by UICVM.UIC.EDU (IBM VM SMTP V2R1) with BSMTP id 8452; Thu, 04 Feb 93 04:43:12 CST Date: Thu, 04 Feb 93 00:39 CST To: TK0JUT1@NIU.BITNET From: Cu-Digest (tk0jut2@mvs.cso.niu.edu) Subject: Cu Digest, #5.10 Computer underground Digest Wed Feb 3, 1993 Volume 5 : Issue 10 ISSN 1004-042X Editors: Jim Thomas and Gordon Meyer (TK0JUT2@NIU.BITNET) Archivist: Brendan Kehoe Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Copy Editor: Etaion Shrdlu, Junoir CONTENTS, #5.10 (Feb 3, 1993) File 1--Steve Jackson Games Trial Summary File 2--More Background on SJG Trial File 3--Steve Jackson Games case (Day 1) File 4--Steve Jackson Games Update 1/28/93 Day 2) File 5--Houston Chron's View of Abernathy Trial (Reprint) File 6--the most wonderful thing happened at the trial File 7--Cell-phone encryption and tapping File 8--Clever Tactics Against Piracy File 9--Rusty and Edie's BBS raided by FBI Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115. Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL0 and DL12 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; in Europe from the ComNet in Luxembourg BBS (++352) 466893; and using anonymous FTP on the Internet from ftp.eff.org (192.88.144.4) in /pub/cud, red.css.itd.umich.edu (141.211.182.91) in /cud, halcyon.com (192.135.191.2) in /pub/mirror/cud, and ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD. European readers can access the ftp site at: nic.funet.fi pub/doc/cud. Back issues also may be obtained from the mail server at mailserv@batpad.lgb.ca.us. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Some authors do copyright their material, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Sat, 30 Jan 93 22:01:33 CST From: CuD Moderators Subject: File 1--Steve Jackson Games Trial Summary The Steve Jackson Games federal trial ended last Thursday in U.S. District Court in Austin. Participants are now waiting for Judge Sam Sparks' decision. For those not familiar with the case, here's a summary excerpted from EFFector Online #1.04 (May 1, 1991). On March 1, 1990, the United States Secret Service nearly destroyed Steve Jackson Games (SJG), an award-winning publishing business in Austin, Texas. In an early morning raid with an unlawful and unconstitutional warrant, agents of the Secret Service conducted a search of the SJG office. When they left they took a manuscript being prepared for publication, private electronic mail, and several computers, including the hardware and software of the SJG Computer Bulletin Board System. Yet Jackson and his business were not only innocent of any crime, but never suspects in the first place. The raid had been staged on the unfounded suspicion that somewhere in Jackson's office there "might be" a document compromising the security of the 911 telephone system. In the months that followed, Jackson saw the business he had built up over many years dragged to the edge of bankruptcy. SJG was a successful and prestigious publisher of books and other materials used in adventure role-playing games. Jackson also operated a computer bulletin board system (BBS) to communicate with his customers and writers and obtain feedback and suggestions on new gaming ideas. The bulletin board was also the repository of private electronic mail belonging to several of its users. This private mail was seized in the raid. Despite repeated requests for the return of his manuscripts and equipment, the Secret Service has refused to comply fully. Today, more than a year after that raid, The Electronic Frontier Foundation, acting with SJG owner Steve Jackson, has filed a precedent setting civil suit against the United States Secret Service, Secret Service Agents Timothy Foley and Barbara Golden, Assistant United States Attorney William Cook, and Henry Kluepfel. "This is the most important case brought to date," said EFF general counsel Mike Godwin, "to vindicate the Constitutional rights of the users of computer-based communications technology. It will establish the Constitutional dimension of electronic expression. It also will be one of the first cases that invokes the Electronic Communications and Privacy Act as a shield and not as a sword -- an act that guarantees users of this digital medium the same privacy protections enjoyed by those who use the telephone and the U.S. Mail." ------------------------------ Date: Wed, 20 Jan 1993 04:26:54 GMT From: knight@eff.org (Craig Neidorf) Subject: File 2--More Background on SJG Trial Today, January 19, 1993 was to be the first day in the trial of Steve Jackson Games, et al. v. United States Secret Service. Because of predictable courtroom legal games, it has been delayed, but I wanted to remind you all of some of the history behind it. Three years ago in 1990, January 19 was a Friday. It was 4 days after AT&T shut down for 9 hours during Martin Luther King's birthday, and with reference to its significance to the SJGames proceedings, it was the day the USSS served a Federal search warrant at the Zeta Beta Tau fraternity house at the University of Missouri-Columbia. I was the intended and actual victim as Special Agents Tim Foley and Barbara Golden, accompanied by Reed Newlin (Southwestern Bell security), and officers from the University police and the University's administrative office tore through my room with a legal license written so broad that they could have walked off with tv, vcr, and refrigerator. Desperately searching for traces of the public 911 information and copies of Phrack Magazine, the SS came up empty, but not before they had completely harassed and intimidated me. As the raid began, the University police physically restrained me even though I made no attempt to stop them nor did they have any reason to believe I would respond violently. I asked to see their warrant and they went inside. Unlike other USSS raids in 1990 there were no guns were drawn... but I suppose that the presence of some 30+ witnesses cramming the halls watching them, probably helped the agents keep it holstered as well. Eventually, I was allowed to seat myself on the floor outside my room where I could partially see and hear what the agents were doing and saying (diagram of my room is at end of posting). They went right to work, starting with jotting down the serial numbers of every electrical device in the room to check and see if it was stolen property. I wasn't worried about that. All of my school books and notebooks for class were checked for illegal information. After noticing a book about law schools on my shelf, the agents had themselves a good laugh about how I would never have that option when they were through with me. Agent Foley was prepared to remove my entire audio compact disc collection as evidence (of what I have no idea), until Agent Golden informed him that I could not use them in my Apple IIc 5 1/4 inch floppy drive (instead she told him I could have used them in a 3 1/2 inch drive). Copies of the Phrack subscriber list were taken along with a notebook containing newspaper clippings about Robert Morris and other noteworthy people and incidents relating to computers. The SS decided that reading the Wall Street Journal and saving some articles was at the least suspicious, if not a felony. (Among hundreds of other names and Internet addresses, the subscriber list contained an entry for an individual who was an employee for Steve Jackson Games.) And then the telephone rang... I began to get up when the police forced me back down. Agent Foley noticed the commotion and remarked "They'll call back!" And that is when the answering machine clicked on. The agents chuckled since they knew they were about to hear a private message being delivered to me. It was like they were wiretapping without a warrant. The caller didn't identify himself. He didn't need to. It was my co-editor, desperately trying to find out what was happening and letting me know his intention to drive to Columbia that evening. After the ceiling tiles had been lifted, the furniture moved away from the walls, the mattress flipped, and the carpet pulled up, the agents decided to leave (believe it or not they completely ignored the bottle of Barcardi that was sitting in there). As I plead with them not to take my Apple computer, Agent Foley declined to speak with me unless I was Mirandized again. I decided a Q&A session would be inappropriate at this time so I declined. But before he left, Foley informed me that I was not under arrest, but I was going to jail for violating the Computer Fraud & Abuse Act of 1986, for the illegal Interstate Transportation of Stolen Property, and for Wire Fraud. On February 6, 1990 (18 days later) I was indicted. As most of you should be familiar with, the First Amendment/intellectual property law battle concerning Phrack's publication of the public 911 information ended with the government dropping the case after 7 months of putting me through hell and 5 days in Federal court in Chicago. The legal battle that followed cost me over $109,000 before it was completely over. My family and I are still making payments on a monthly basis and we are far from finished. ++++++++++ Diagram is not to scale (i.e., my room was really tiny): ____________________________________ WINDOW ________ | | | | s dresser | | bed | h | | | e __________| |___________________________________| l desk | _______| v w/ | |night |<--phone e Apple | chair |table |<--ans. s comp. | |_______| machine |_______| _____ _________| s stand | | t | | | h for | | a | | | e tv/vcr| | b | | | l refrig| | l | | sofa | v_______| | e | | | e |_____| | | s |_________| | | | ______ CLOSET _________ CLOSET ______| | | | | | | | | | | | | | | | | | | |__ DOOR __|_________________________________________| H A L L W A Y of fraternity house ------------------------------ Date: Wed, 27 Jan 93 12:49:07 EST From: Mike Godwin Subject: File 3--Steve Jackson Games case (Day 1) EFF Staff Attorney Shari Steele writes the following from Austin, Texas. From ssteele Tue Jan 26 18:59:17 1993 Date--Tue, 26 Jan 1993 18:58:54 -0500 To--eff-board, eff-staff From--ssteele (Shari Steele) The Steve Jackson Games case finally got underway a little after 1:00 pm today. There were settlement efforts up until the end, but it turned out the attorneys for the government could not get approval from DC for the terms necessary. Jim George and Pete Kennedy did a terrific job of representing our plaintiffs in the case. First they sequestered all witnesses so they couldn't hear each others' stories in attempts to make them match. Then they called Tim Foley (Secret Service) as the first witness. They asked him lots of questions about his knowledge at the time of the raid. He testified that he did not know whether Phrack, with the evil E-911 document, had been sent to SJG. He also said that he knew that e-mail was on the menu of the BBS, implying that there was e-mail on the system at the time of the seizure (although he denied actually knowing if there was e-mail on the system. He denied ever making the statement that GURPS Cyberpunk was a handbook for computer crime. He wouldn't give Steve copies of anything from the machine that ran the BBS because he was afraid it might have been "booby-trapped." He also didn't know Congress had passed any laws giving special protection during searches to publishers. They next called Larry Coutorie, police officer at the University of Texas. The original affidavit filed by Foley to support the search warrant stated that Coutorie provided the Secret Service with Blankenship's (SJG employee suspected of evil-doing) address and place of business. Coutorie insisted that he didn't remember doing that, and agreed with Pete Kennedy as he proved that he couldn't have known anything about Blankenship to pass on. It was a good moment! Barbara Golden, Secret Service in charge of search on-site (Foley was not on-site at the time of the search) was next called. She started out by admitting that she didn't know anything about computers -- that she had telco people conducting the search under her supervision. She also didn't know there was a special law for publishers regarding searches. She was the one who decided to take the entire BBS, but she didn't even check to see what the system contained. Once she completed the inventory of what was taken, she was no longer involved with the case. Steve Jackson was called next. He gave a demo of the BBS as it was returned to him by the Secret Service that the judge seemed to really enjoy. He testified that the Secret Service took 3 computers (1 was completely disassembled - they took the parts), 2 hard disks, and more than 300 floppies. Steve's testimony will continue tomorrow morning. All in all, I think the trial is going quite well. The judge has a very dry sense of humor and is very down-to-earth -- he's left his robe unzipped the whole trial. He's not a technoid, but he seems to be trying to understand. I'll report again tomorrow. Shari ------------------------------ From: Mike Godwin Subject: File 4--Steve Jackson Games Update 1/28/93 Day 2) Date: Thu, 28 Jan 93 0:15:02 EST Day Two of the Steve Jackson Games trial, from Shari Steele. Hi everyone. Well, day two of the Steve Jackson Games trial was a long one -- the judge heard plaintiffs' case from 8:30 a.m. until 6:30 p.m. By the end of the day, the plaintiffs had finished. The day started off with Steve Jackson back on the stand. Steve talked about how all copies of the slated-to-be-released-soon fantasy game GURPS Cyberpunk had been seized. He went to the Secret Service office in Austin the next day with a box of formatted floppies to copy all of the seized disks, accompanied by a local attorney. When he arrived, Agent Foley set the ground rules. Steve would only be permitted to copy files from the one computer that had been sitting on Loyd Blankenship's desk (which did not contain the BBS). He was not permitted to physically touch the computer. He was to state which files he wanted to copy, and Secret Service agents would read the text of the files first and then determine if he could have a copy. Sitting down next to an agent at the computer, Steve asked for a directory listing to determine which files to request. The agent did not know how to call up a directory list. (For those of you unfamiliar with Cc: eff-austin-directors@tic.com, these groups@tic.com DOS, this is VERY BASIC stuff.) Steve further testified that agents reading the files made derogatory comments. (At one point, reading a file from GURPS Cyberpunk that Steve had requested to copy, Agent Foley asked if Steve realized he was writing a handbook for computer crime.) After less than two hours, and with only nine files out of several hundred copied, Agent Foley called an end to the copying. One week later, Steve laid off eight out of his 18 employees. As Steve described, this whole incident has "made me grouchier, angrier and harder to get along with." The Secret Service never told him why they were investigating him. If they had asked, he would have given them access to the materials they wanted. Cross examination on Steve revealed that SJG had had two bad years financially before the Secret Service raid -- in fact, Steve admitted about looking into chapter 11 bankruptcy at the end of 1989. In addition, there was evidence that GURPS Cyberpunk was not going to make deadline days before the raid took place. The defense then tried to imply that the company, which made profits in 1991 and 1992, may have been *helped* by the publicity of the raid. The judge did not seem to buy it. The three other plaintiffs were each called in turn. They each testified about personal e-mail that had been deleted from the system and how they had expected their communications to be as private as telephone calls. They described fearing the Secret Service would investigate them personally, since there was no comforting explanation for why the raid took place. One plaintiff told how he never could solicit feedback on a manuscript he had written for SJG, since feedback was generally given on the seized BBS. The next witness called was Wayne Bell, the programmer who developed the WWIV software that ran the BBS. Wayne testified that he looked at the backup disk Steve had made when the files were returned from the Secret Service. According to that file, all electronic mail had been deleted from the system. Some of it, at least, had been deleted on March 20, 1993 (almost 3 weeks after the Secret Service had seized the computer), since that was the last day the mail file had been accessed. The mail file itself had not been deleted, and some fragments of files could be recovered using Norton's utilities. These facts indicated that the mail had been deleted one message at a time after it had been displayed on a user's screen, implying that the Secret Service had read all of the mail on the system. This testimony was very technical, and I'm not sure the judge really understood what was going on. Our old friend Henry Kluepfel, Director of Network Security Technology at Belcore, was next to take the stand. He advanced a new theory. The application for the search warrant contained facts supplied in large part by Hank. Yet the facts of the case indicated that the BBS running out of Loyd Blankenship's home, called the Phoenix Project, was the one that contained the evil 911 document, not the Illuminati BBS running out of SJG. Hank testified that after February 7, he couldn't figure out where the Phoenix Project resided -- there was no answer at its old number. Since Loyd Blankenship also had sysop privileges at the Illuminati BBS, and both BBSs ran on the same software (WWIV), Hank concluded that it was possible that Illuminati was actually the Phoenix Project, or that the Phoenix Project BBS was hidden behind a door on Illuminati. Hank testified that it was quite common to hide BBSs within other BBSs. (?) Anyway, during cross, Pete Kennedy asked how many users the two BBSs had in common according to the user lists Hank had printed out from both boards. Loyd was the only mutual user! Hank also went into a lengthy (and boring) description of an evil password decryption scheme Erik Bloodaxe and Loyd were plotting on the Phoenix Project. (BTW, Hank's handle during his investigation was rot.doc.) Next up was William Cook, retired US Attorney out of Chicago. Cook's testimony was the most helpful of the day. He put together the warrant, and claimed the evil E-911 document was worth the same $79,000 that was shot down in Craig Neidorf's trial. So Cook got to go through a bit of the expenditure breakdown, until the judge put an end to it and warned Pete Kennedy to move on. Cook testified that he did not know SJG was a publisher and had made no efforts to determine what type of a business it was. He did not advise the Secret Service of the Privacy Protection Act, which protects publishers from having their works-in-progress seized. He didn't advise the SS that there was e-mail involved. And he never advised the SS of the wiretap statute. He next said two things that I found extremely interesting. First, he told of the Computer Emergency Response Team (C.E.R.T.), an arm of the defense department that is "responsible for policing the Internet." Gulp! (They apparently were the group that visited Craig in Missouri.) The other interesting thing to me was, when Pete Kennedy said, "Isn't it true that no charges have been brought against Loyd Blankenship?", Cook replied, "There is still an ongoing investigation. No charges have yet been filed." They don't usually admit that stuff! One victorious moment worth mentioning: Cook said that if the Secret Service had been told that SJG was a publishing company, they should have ceased doing the search. Yesterday we saw part of a homemade video courtesy of the SS themselves that clearly had an SJG employee telling an SS agent that they were a publishing company. Cook also interpreted ECPA (Electronic Communications Privacy Act) as not applying here, since these were stored communications, not in transit. The judge made a big deal of asking him if this conclusion of unread e-mail not being in transit was his own interpretation of the statute, or if he was getting it from somewhere. Cook admitted it was his own interpretation. The final person to testify was an accountant who explained why SJG is seeking over $2 million in damages and Steve Jackson is seeking over $150,000 in lost royalties. Tomorrow . . . the government begins its case. Shari ------------------------------ Date: Sat, 30 Jan 93 22:41:33 CST From: CuD Moderators Subject: File 5--Houston Chron's View of Abernathy Trial (Reprint) (Reposted from: TELECOM Digest Fri, 29 Jan 93 Volume 13 : Issue 51) From-- pacoid@wixer.cactus.org (Paco Xander Nathan) Subject-- Steve Jackson Games - Day 2 Organization-- Houston Chronicle Date-- Fri, 29 Jan 1993 06--59--06 GMT [Moderator's Note: This is the second part in a group of messages received here discussing the trial. A third part will be published later today, and followups will appear as they are recieved. PAT] Steve Jackson Games/Secret Service Trial -- Day Two By JOE ABERNATHY Copyright 1993, Houston Chronicle AUSTIN -- A young woman read aloud a deeply personal friendship letter Wednesday in a federal civil lawsuit intended to establish the human dimension and constitutional guarantees of electronic assembly and communication. Testimony indicated that the letter read by Elizabeth Cayce-McCoy previously had been seized, printed and reviewed by the Secret Service. Her correspondence was among 162 undelivered personal letters testimony indicated were taken by the government in March 1990 during a raid on Steve JaCkson Games, which ran an electronic bulletin board system as a service to its customers. Attorneys for the Austin game publisher contend that the seizure of the bulletin board represents a violation of the Electronic Communications Privacy Act, which is based on Fourth Amendment protections against unreasonable search and seizure. "Because you bring such joy to my friend Walter's life, and also because I liked you when I met you, though I wish I could have seen your lovely face a little more, I'll send you an autographed copy of Bestiary," said McCoy, reading in part from a letter penned by Steffan O'Sullivan, the author of the GURPS Bestiary, a fantasy treatise on mythical creatures large and small. Although the correspondence entered the public record upon McCoy's reading, the Chronicle obtained explicit permission from the principles before excerpting from it. The electronic mail was contained on the game publisher's public bulletin board system, Illuminati, which allowed game-players, authors and others to exchange public and personal documents. After agents seized the BBS during a raid staged as part of a nationwide crackdown on computer crime, Secret Service analysts reviewed, printed and deleted the 162 pieces of undelivered mail, testimony indicated. When the BBS computer was returned to its owner several months later, a computer expert was able to resurrect many of the deleted communications, including McCoy's friendship letter. "I never thought anyone would read my mail," she testified. "I was very shocked and embarrassed. "When I told my father that the Secret Service had taken the Steve Jackson bulletin board for some reason, he became very upset. He thought that I had been linked to some computer crime investigation, and that now our computers would be taken." O'Sullivan, who is a free-lance game writer employed by Steve Jackson, followed McCoy to the stand, where he testified that agents intercepted -- via the Illuminati seizure -- a critical piece of electronic mail seeking to establish when a quarterly royalty check would arrive. "That letter never arrived, and I had to borrow money to pay the rent," he said. No charges were ever filed in connection with the raid on Steve Jackson Games or the simultaneous raid of the Austin home of Jackson employee Loyd Blankenship, whose reputed membership in the Legion of Doom hackers' group triggered the raids. Plaintiffs contend that the government's search-and-seizure policies have cast a chill over a constitutionally protected form of public assembly carried out on bulletin boards, which serve as community centers often used by hundreds of people. More than 300 people were denied use of Jackson's bulletin board, called Illuminati, for several months after the raid, and documents filed with the court claim that a broader, continuing chill has been cast over the online community at large. The lawsuit against the Secret Service seeks to establish that the Electronic Communications Privacy Act guarantees the privacy of electronic mail. If U.S. District Court Judge Sam Sparks accepts this contention, it would become necessary for the government to obtain warrants for each caller to a bulletin board before seizing it. The Justice Department contends that users of electronic mail do not have a reasonable expectation to privacy, because they are voluntarily "disclosing" their mail to a third party -- the owner of the bulletin board system. "We weren't going to intercept electronic mail. We were going to access stored information," said William J. Cook, a former assistant U.S. Attorney in Chicago who wrote the affidavit for the search warrant used in the Steve Jackson raid. The Justice Department attorneys did not substantially challenge testimony by any of the several witnesses who were denied use of Illuminati. They did, however, seek to prevent those witnesses from testifying -- by conceding their interests -- after Cayce's compelling appearance led off the series of witnesses. Most of the Justice Department's energies were directed toward countering damage claims made by Steve Jackson, whose testimony opened the second day of the trial. Most of the day's testimony was devoted to a complex give-and-take on accounting issues. Some $2 million is being sought in damages. Justice sought to counter the widely repeated assertion that Steve Jackson Games was nearly put out of business by the raid by showing that the company was already struggling financially when the raid was conducted. An accountant called by the plaintiffs countered that all of Jackson's financial problems had been corrected by a reorganization in late 1989. ------------------------------ Date: Thu, 28 Jan 1993 19:09:08 GMT From: ssteele (Shari Steele) Subject: File 6--the most wonderful thing happened at the trial I really don't have much time to write, but I just witnessed one of the most dramatic courtroom events. The judge in the Steve Jackson Games trial just spent 15 minutes straight reprimanding Agent Timothy Foley of the United States Secret Service for the behavior of the United States regarding the raid and subsequent investigation of Steve Jackson Games. He asked Foley, in random order (some of this is quotes, some is paraphrasing because I couldn't write fast enough): How long would it have taken you to find out what type of business Steve Jackson Games does? One hour? In any investigation prior to March 1st (the day of the raid) was there any evidence that implicated Steve Jackson or Steve Jackson Games, other than Blankenship's presence? You had a request from the owner to give the computers and disks back. You knew a lawyer was called. Why couldn't a copy of the information contained on the disks be given within a matter of days? How long would it have taken to copy all disks? 24 hours? Who indicated that Steve Jackson was running some kind of illegal activity? Since the equipment was not accessed at the Secret Service office in Chicago after March 27, 1990, why wasn't the equipment released on March 28th? Did you or anyone else do any investigation after March 1st into the nature of Mr. Jackson and his business? You say that Coutorie told you it was a game company. You had the owner standing right in front of you on March 2nd. Is it your testimony that the first time that you realized that he was a publisher and had business records on the machine was when this suit was filed? The government was so shaken, they rested their case, never even calling Barbara Golden or any of their other witnesses to the stand. Closing arguments are set for this afternoon. It truly was a day that every lawyer dreams about. The judge told the Secret Service that they had been very wrong. I'll try to give a full report later. Shari ------------------------------ Date: Sat, 30 Jan 93 13:19:38 +0000 From: "G.R.L. Walker" Subject: File 7--Cell-phone encryption and tapping Transcript of an article in New Scientist, 30 Jan 1993 Spymasters fear bug-proof cellphones (Barry Fox, Bahrain) One of the jewels of Europe's electronics industry, the new all-digital cellular phone system GSM, may be blocked from export to other countries around the world by Britain's Department of Trade and Industry. The DTI objects to the exports because it believes the encryption system that GSM uses to code its messages is too good. Sources say this is because the security services and military establishment in Britain and the US fear they will no longer be able [to] eavesdrop on telephone conversations. Few people believe GSM needs such powerful encryption, but the makers of GSM complain that the DTI has woken to the problem five years too late. At MECOM 93, a conference on developing Arab communications held in Bahrain last week, many Gulf and Middle Eastern countries sought tenders for GSM systems, but the companies selling them could not agree terms without the go-ahead of the DTI. Qatar and the United Arab Emirates want to be first with GSM in the Gulf, with Bahrain next. GSM manufacturers are worried that the business will be lost to rival digital systems already on offer from the US and Japan. The Finnish electronics company Nokia, which is tendering for Bahrain's GSM contract, says "There is no logic. We don't know what is happening or why." A DTI spokeswoman would only say that exports outside Europe would need a licence and each case would be treated on its own merits. The GSM system was developed in the mid-1980s by the Groupe Special Mobile, a consortium of European manufacturers and telecommunications authorities. The technology was supported by European Commission and the GSM standard has now been agreed officially by 27 operators in 18 European countries. GSM was designed to allow business travellers to use the same portable phone anywhere in Europe and be billed back home. This is impossible with the existing cellphone services because different countries use different analogue technology. The plan was for GSM to be in use across Europe by 1991, but the existing analogue services have been too successful. No cellphone operator wants to invest in a second network when the first is still making profits. So GSM manufacturers have been offering the technology for export. Whereas all existing cellular phone systems transmit speech as analogue waves, GSM converts speech into digital code. Foreseeing that users would want secure communications, the GSM designers built an encryption system called A5 into the standard; it is similar to the US government's Data Encryption Standard. British Telecom was involved in developing A5, so the British government has special rights to control its use. To crack the DES and A5 codes needs huge amounts of computer power. This is what alarmed the FBI in the US, which wants to be able to listen in to criminals who are using mobile phones. It also alarmed GCHQ, the British government's listening post at Cheltenham which monitors radio traffic round the world using satellites and sensitive ground-based receivers. The DTI has now asked for the GSM standard to be changed, either by watering down the encryption system, or by removing encryption altogether. This means that GSM manufacturers must redesign their microchips. But they cannot start until a new standard is set and the earliest hope of that is May. Any change will inevitably lead to two different GSM standards, so robbing GSM of its major selling point -- freedom to roam between countries with the same phone. Manufacturing costs will also rise as new chips are put into production. ------------------------------ Date: Wed, 3 Feb 1993 14:50:24 GMT From: kadie@EFF.ORG(Carl M. Kadie) Subject: File 8--Clever Tactics Against Piracy A repost from: : comp-academic-freedom-talk-request@EFF.ORG Date--Fri, 29 Jan 93 14:16:11 +0100 From--Jay Rolls Subject--Clever Tactics Against Piracy I thought the info-mac readers would find this article interesting..... Jay Rolls, Stuttgart, Germany ((sent to RISKS by gio@DARPA.MIL (Gio Wiederhold) via many others)) COMPUTER CHEATS TAKE CADSOFT'S BAIT Employees of IBM, Philips, the German federal interior ministry and the federal office for the protection of the constitution are among those who unwittingly 'turned themselves in' when a German computer software company resorted to an undercover strategy to find out who was using illegal copies of one of its programs. Hundreds of customers accepted Cadsoft's offer of a free demonstration program that, unknown to them, searched their computer hard disks for illegal copies. Where the search was successful, a message appeared on the monitor screen inviting the customer to print out and return a voucher for a free handbook of the latest version of the program. However, instead of a handbook the users received a letter from the Bavarian-based software company's lawyers. Since the demonstration program was distributed last June about 400 people have returned the voucher, which contained coded information about the type of computer and the version of the illegally copied Cadsoft program being used. Cadsoft is now seeking damages of at least DM6,000 (ECU3,06E2) each from the illegal users. Cadsoft's tactics are justified by manager Rudolf Hofer as a necessary defence against pirate copying. The company had experienced a 30% drop since 1991 in sales of its successful Eagle design program, which retails at DM2,998. In contrast, demand for a DM25 demo version, which Cadsoft offered with the handbook of the full version, had jumped, indicating that people were acquiring the program from other sources. Although Cadsoft devised its plan with the help of lawyers, doubts have been raised about the legal acceptability of this type of computer detective work. In the case of government offices there is concern about data protection and official secrets. The search program may also have had side-effects that caused other files to be damaged or lost. Cadsoft is therefore preparing itself for what could be a long legal battle with some customers. So far it has reached out-of-court agreement with only about a quarter of those who incriminated themselves. ------------------------------ Date: Tue, 2 Feb 1993 18:09:59 GMT From: ssteele@eff.org (Shari Steele) Subject: File 9--Rusty and Edie's BBS raided by FBI ((Comp.org.eff.talk repost)) Hi everyone. I just received this wire from a Netfriend. I am so disappointed -- Rusty and Edie's was one of the most popular BBSs in the country. It was one of the few boards that turned a hefty profit as a business. I'm disappointed that 1) the board may have been engaging in illegal activities, 2) one of the BBS community's real success stories has been seized (and may not have been such a success story after all), and 3) the SPA is doing a lot of damage to the reputation of BBSs through its coordinated witch hunts of late. I've tried calling the folks at Rusty and Edie's all day to see if I can get their side of the story, but the board line just rings and rings, and the voice line has been constantly busy. I'll keep you posted as I learn more. If anyone out there knows more, please pass that on to me, too. Thanks. Shari WASHINGTON--(BUSINESS WIRE)--The Federation [sic] Bureau of Investigation on Saturday, Jan. 30, 1993, raided "Rusty & Edie's," a computer bulletin board located in Boardman, [sic -- it's really in Youngstown, I think] Ohio, which has allegedly been illegally distributing copyrighted software programs. Seized in the raid on the Rusty & Edie's bulletin board were computers, hard disk drives and telecommunications equipment, as well as financial and subscriber records. For the past several months, the Software Publishers Association ("SPA") has been working with the FBI in investigating the Rusty & Edie's bulletin board, and as part of that investigation has downloaded numerous copyrighted business and entertainment programs from the board. The SPA investigation was initiated following the receipt of complaints from a number of SPA members that their software was being illegally distributed on the Rusty & Edie's BBS. The Rusty & Edie's bulletin board was one of the largest private bulletin boards in the country. It had 124 nodes available to callers and over 14,000 subscribers throughout the United States and several foreign countries. To date, the board has logged in excess of 3.4 million phone calls, with new calls coming in at the rate of over 4,000 per day. It was established in 1987 and had expanded to include over 19 gigabytes of storage housing over 100,000 files available to subscribers for downloading. It had paid subscribers throughout the United States and several foreign countries, including Canada, Luxembourg, France, Germany, Finland, the Netherlands, Spain, Sweden and the United Kingdom. A computer bulletin board allows personal computer users to access a host computer by a modem-equipped telephone to exchange information, including messages, files, and computer programs. The systems operator (Sysop) is generally responsible for the operation of the bulletin board and determines who is allowed to access the bulletin board and under what conditions. For a fee of $89.00 per year, subscribers to the Rusty & Edie's bulletin board were given access to the board's contents including many popular copyrighted business and entertainment packages. Subscribers could "download" or receive these files for use on their own computers without having to pay the copyrighted owner anything for them. "The SPA applauds the FBI's action today," said Ilene Rosenthal, general counsel for the SPA. "This shows that the FBI recognizes the harm that theft of intellectual property causes to one of the U.S.'s most vibrant industries. It clearly demonstrates a trend that the government understands the seriousness of software piracy." The SPA is actively working with the FBI in the investigation of computer bulletin boards, and similar raids on other boards are...(??). It clearly demonstrates a trend that the government understands the seriousness of software piracy." The SPA is actively working with the FBI in the investigation expected shortly. Whether it's copied from a program purchased at a neighborhood computer store or downloaded from a bulletin board thousands of miles away, pirated software adds to the cost of computing. According to the SPA, in 1991, the software industry lost $1.2 billion in the U.S. alone. Losses internationally are several billion dollars more. "Many people may not realize that software pirates cause prices to be higher, in part, to make up for publisher losses from piracy," says Ken Wasch, executive director of the SPA. In addition, they ruin the reputation of the hundreds of legitimate bulletin boards that serve an important function for computer users." The Software Publishers Association is the principal trade association of the personal computer software industry. It's over 1,000 members represent the leading publishers in the business, consumer and education software markets. The SPA has offices in Washington DC, and Paris, France. CONTACT: Software Publishers Association, Washington Ilene Rosenthal, 202/452-1600 Ext. 318 Terri Childs, 202/452-1600 Ext. 320 ------------------------------ End of Computer Underground Digest #5.10 ************************************