**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 2, Issue #2.18 (December 28, 1990) ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer (TK0JUT2@NIU.bitnet) ARCHIVISTS: Bob Krause / Alex Smith PERIPATETIC GADFLY: Brendan Kehoe USENET readers can currently receive CuD as alt.society.cu-digest. COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted as long as the source is cited. Some authors, however, do copyright their material, and those authors should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to the Computer Underground. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ CONTENTS: File 1: Moderators' Corner File 2: From the Mailbag File 3: Computers Under Attack File 4: CU Resources in Germany File 5: Trade Secrets; When are they Bad? ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ---------------------------------------------------------------------- ------------------------------ From: Various Subject: From the Mailbag Date: December 28, 1990 ******************************************************************** *** CuD #2.18: File 2 of 5: From the Mailbag *** ******************************************************************** From: Carrier Wave Subject: Operation Sun Devil and Ayn Rand To: TK0JUT1%NIU.BITNET@UICVM.UIC.EDU Date: Fri, 21 Dec 90 09:15 EST Operation Sun Devil and Ayn Rand's Theory of "The Sanction of the Victim" by Michael E. Marotta, mercury@well.sf.ca.us Arthur Koestler's novel, Darkness at Noon, tells of the downfall of a Bolshevik. He is purged by the party, charged with conspiring to assassinate Stalin. Of course, he did no such thing, but he soon comes to understand the needs of his captors. As a Bolshevik, he knows the theory of the centralized democracy and he comes to understand that merely questioning authority is no different than a physical assault on the Leader. The operant theory in this true-to-life example was later enunciated by Ayn Rand in her novel, Atlas Shrugged. She called it "The Sanction of the Victim." In Atlas Shrugged, the heroes are engineers and investors who learn to reject mysticism, altruism and collectivism. They learn to be proud of their own achievements. They identify and reconcile the contradictions that tore them apart and allowed them to be regulated, ruled, taxed and vilified. One of the highlights of this novel is the trial of Hank Rearden, a steel industrialist who violated an equalization of opportunity law. He tells the court that it can sentence him to anything and he is powerless to prevent that but he will not help them by participating. He does not recognize their right to try him and he will not help them pretend that the trial is just. He is acquitted. If this seems too unreal, consider the case of Craig Neidorf in Chicago and compare it to the trials of the Legion of Doom in Atlanta. Neidorf stood his ground, prepared a First Amendment defense and asked for help from the pioneers on the electronic frontier. The government dropped its charges. In Atlanta, the hackers co-operated with the government, informed on each other and even testified against Craig Neidorf and they were sentenced to prison. Neidorf incurred legal expenses near $250,000. This is also about the size of the fines to be paid by each of the LoD hackers in Atlanta. The difference, of course, is that Neidorf is free and they are in jail. The decision to go to trial rested on the premise that Right makes Might. Niedorf prepared a First Amendment argument. In point of fact, victory hinged on the demolition of the government's evidence. A suitable defense could have been created from any perspective. The First Amendment is a broad shield that protects religion, speech and assembly in addition to writing. The Tenth Amendment guarantees all those necessary and proper rights enjoyed by the people that are not specifically enumerated in the Bill of Rights. Niedorf could have claimed that he was performing a challenge commanded of him by the Gods of Olympus. What counted most is that he felt that his accusers were morally wrong. The Legion of Doom went down the drain in Atlanta because they granted the moral high ground to the government. They were wrong in their own eyes and they deserved punishment by their own standards. Their viewpoint and their standards were the same as the government's. The question then becomes: Is hacking right? Unless you want to go to jail, you better find a lot of reasons to believe that it is. +++++++++++++++++++++++++ From: gnu@TOAD.COM Subject: Re: "strangers probing for security flaws" -- another view Date: Fri, 21 Dec 90 13:11:14 -0800 Given the existing state of computer security (i.e. it requires excessive care by a system administrator to make a system more than nominally secure), I think that whatever automation we can bring to bear on security testing is welcome. Suppose there was a free program, available in source code and scrutinized by wizards all over the net, that you could run to test your security. If you had the time, you might run it and fix up the things it found. If you didn't have the time, those things would probably go unfixed. If someone at a remote site (Italy?) volunteers to run such a program and mail you the results as they pertain to your site, are they performing you a service or a disservice? I don't know about you, but when a stranger knocks at my door to tell me that I left my garage door gaping wide open and the neighborhood hoods are eyeing my bicycles, I usually thank her rather than knocking her down and calling the police. Then I go and fix the garage door. If the stranger had taken a few bicycles before coming and telling me about the problem, that would be different. But even that is preferable to their stealing the bicycles and not even telling me I had a problem. Sites all over the Internet *are* being probed by people who want to do them harm. We know this as a fact. I would prefer if we had some volunteer "cop on the beat"s who would walk by periodically and rattle the door to make sure it's locked. John ++++++++++++++++++++++++++ From: snowgoose!@UUNET.UU.NET Date: Mon, 17 Dec 90 16:16:00 -0500 Subject: Is Technology Beyond the Law? Is Technology Beyond the Law? There are many factors which shape events like Operation Sun Devil. Certainly mission, political mandate, public perception, and human frailty are forces which shaped the behavior of the Secret Service. But, the juxtaposition of technology and the law may well be the most significant factor. Law is (or at least, is supposed to be) a reflection of the needs of society for definition of and protection of its interests. Technology presents rapidly changing circumstances with which the law, because the people, cannot keep abreast. Technology is, and will always be, beyond the law? Now, I'm not a lawyer, and I haven't got a clue of how to conceptualize this under the law, but consider the following: One day, the Secret Service shows up at my door with a search warrant to seize and search my computer for incriminating evidence. They get my computer back to their lab and discover that the entire hard disk is encrypted, (probably block by block). Upon further examination, they find either an encryption card or a software encryption routine in the disk driver. I'm not going to give them the key. I have used a sufficiently difficult encryption technique as to frustrate even the NSA. Where does that leave their investigation? Where does that leave my computer? Is there a concept in the law which requires that a law must be enforceable? If so, isn't investigation an enforcement procedure? If so, and if the law isn't enforceable, what happens to my computer with its encrypted disk? I have intentionally exaggerated the technical circumstances to raise the question, but it seems to me that the same situation exists today. The Secret Service has had 40+ computers and 23,000? disks since their seizure on May 8th, 1990. If we assume that the Secret Service has procedures (methods and techniques) for using the seized property in their investigation, then is there a time limit on how long the investigation can continue? If it could be demonstrated that there were *no* procedures for using the seized property in furtherance of the investigation, would they have a right to have seized it? ******************************************************************** >> END OF THIS FILE << ***************************************************************************  Downloaded From P-80 International Information Systems 304-744-2253 12yrs+