------------------------------ From: Moderators Subject: Len Rose's "Guilt" and the Washington Post Date: March 28, 1991 ******************************************************************** *** CuD #3.10--File 5 of 5: Len Rose and the Washington Post *** ******************************************************************** Although Len Rose accepted a Federal plea bargain which resolved Federal charges against him in Illinois and Maryland, and state charges in Illinois, he will not be sentenced until May. Therefore, many of the details of the plea or of his situation cannot yet be made public. Len pleaded guilty to two counts of violating Title 18 s. 1343: 18 USC 1343: Sec. 1343. Fraud by wire, radio, or television Whoever, having devised or intending to devise any scheme or artifice to defraud, or for obtaining money or property by means of false or fraudulent pretenses, representations, or promises, transmits or causes to be transmitted by means of wire, radio, or television communication in interstate or foreign commerce, any writings, signs, signals, pictures, or sounds for the purpose of executing such scheme or artifice, shall be fined not more than $1000 or imprisoned not more than five years, or both. In our view, Len's case was, is, and continues to be, a political case, one in which prosecutors have done their best to create an irresponsible, inaccurate, and self-serving imagery to justify their actions in last year's abuses in their various investigations. Len's guilty plea was the result of pressures of family, future, and the burden of trying to get from under what seemed to be the unbearable pressure of prosecutors' use of law to back him into corners in which his options seemed limited. The emotional strain and disruption of family life became too much to bear. Len's plea was his attempt to make the best of a situation that seemed to have no satisfactory end. He saw it as a way to obtain the return of much of his equipment and to close this phase of his life and move on. Many of us feel that Len's prosecution and the attempt to make him out to be a dangerous hacker who posed a threat to the country's computer security was (and remains) reprehensible. The government wanted Len's case to be about something it wasn't. To the end, they kept fomenting the notion that the case involved computer security--despite the fact that the indictment, the statute under which he was charged, or the evidence DID NOT RELATE TO security. The case was about possession of proprietary software, pure and simple. The 23 March article in the Washington Post typifies how creative manipulation of meanings by law enforcement agents becomes translated into media accounts that perpetuate the the type of witch hunting for which some prosecutors have become known. The front page story published on March 23 is so outrageously distorted that it cannot pass without comment. It illustrates how prosecutors' images are translated into media narratives that portray an image of hackers in general and Len in particular as a public threat. The story is so ludicrously inaccurate that it cannot pass without comment. Mark Potts, the author of the story, seems to convict Len of charges of which even the prosecutors did not accuse him in the new indictment. According to the opening paragraph of the story, Len pleaded guilty to conspiring to steal computer account passwords. This is false. Len's case was about possessing and possessing transporting unlicensed software, *NOT* hacking! Yet, Potts claims that Rose inserted a Trojan horse in AT&S software that would allow other "hackers" to break into systems. Potts defers to prosecutors for the source of his information, but it is curious that he did not bother either to read the indictments or to verify the nature of the plea. For a major story on the front page, this seems a callous disregard of journalistic responsibility. In the original indictment, Len was accused of possessing login.c, a program that allows capturing passwords of persons who log onto a computer. The program is described as exceptionally primitive by computer experts, and it requires the user to possess root access, and if one has root privileges, there is little point in hacking into the system to begin with. Login.c, according to some computer programmers, can be used by systems administrators as a security device to help identify passwords used in attempts to hack into a system, and at least one programmer indicated he used it to test security on various systems. But, there was no claim Len used this improperly, it was not an issue in the plea, and we wonder where Mark Potts obtained his prosecutorial power that allows him to find Len guilty of an offense for which he was not charged nor was at issue. Mark Potts also links Len directly to the Legion of Doom and a variety of hacking activity. Although a disclaimer appeared in a subsequent issue of WP (a few lines on page A3), the damage was done. As have prosecutors, Potts emphasizes the LoD connection without facts, and the story borders on fiction. Potts also claims that Len was "swept up" in Operation Sun Devil, which he describes as resulting "in the arrest and prosecution of several hackers and led to the confiscation of dozens of computers, thousands of computer disks and related items." This is simply false. At least one prosecutor involved with Sun Devil has maintained that pre-Sun Devil busts were not related. Whether that claim is accurate or not, Len was not a part of Sun Devil. Agents raided his house when investigating the infamous E911 files connected to the Phrack/Craig Neidorf case last January (1990). Although Len had no connection with those files, the possession of unlicensed AT&T source code did not please investigators, so they pursued this new line of attack. Further, whatever happens in the future, to our knowledge *no* indictments have occured as the result of Sun Devil, and in at least one raid (Ripco BBS), files and equipment were seized as the result of an informant's involvement that we have questioned in a previous issue of CuD ( #3.02). Yet, Potts credits Sun Devil as a major success. Potts also equates Rose's activities with those of Robert Morris, and in so-doing, grossly distorts the nature of the accusations against Len. Equating the actions to which Len pleaded guilty to Morris grossly distorts both the nature and magnitude of the offense. By first claiming that Len modified a program, and then linking it to Morris's infectious worm, it appears that Len was a threat to computer security. This kind of hyperbole, based on inaccurate and irresponsible reporting, inflames the public, contributes to the continued inability to distinguish between serious computer crime and far less serious acts, and would appear to erroneously justify AT&T's position as the protector of the nets when, in fact, their actions are far more abusive to the public trust. After focusing for the entire article on computer security, Potts seems to appear "responsible" by citing the views of computer experts on computer security and law. But, because these seem irrelevant to the reality of Len's case, it is a classic example of the pointed non sequitor. Finally, despite continuous press releases, media announcements, and other notices by EFF, Potts concludes by claiming that EFF was established as "a defense fund for computer hackers." Where has Potts been? EFF, as even a rookie reporter covering computer issues should know, was established to address the challenges to existing law by rapidly changing computer technology. Although EFF provided some indirect support to Len's attorneys in the form of legal research, the EFF DID NOT FUND ANY OF LEN'S defense. Len's defense was funded privately by a concerned citizen intensely interested in the issues involved. The EFF does not support computer intrusion, and has made this clear from its inception. And a final point, trivial in context, Potts credits Mitch Kapor as the sole author of Lotus 1-2-3, failing to mention that Jon Sachs was the co-author. The Washington Post issued a retraction of the LoD connection a few days later. But, it failed to retract the false claims of Len's plea. In our view, even the partial LoD retraction destroys the basis, and the credibility, of the story. In our judgement, the Post should publicly apologize and retract the story. It should also send Potts back to school for remedial courses in journalism and ethics. Some observers feel that Len should have continued to fight the charges. To other observers, Len's plea is "proof" of his guilt. We caution both sides: Len did what he felt he had to do for his family and himself. In our view, the plea reflects a sad ending to a sad situation. Neither Len nor the prosecution "won." Len's potential punishment of a year and a day (which should conclude with ten months of actual time served) in prison and a subsequent two or three year period of supervised release (to be determined by the judge) do not reflect the the toll the case took on him in the past year. He lost everything he had previously worked for, and he is now, thanks to publications like the Washington Post, labelled as a dangerous computer security threat, which may hamper is ability to reconstruct his life on release from prison. We respect Len's decision to accept a plea bargain and urge all those who might disagree with that decision to ask themselves what they would do that would best serve the interests both of justice and of a wife and two small children. Sadly, the prosecutors and AT&T should have also asked this question from the beginning. Sometimes, it seems, the wrong people are on trial. ******************************************************************** ------------------------------ **END OF CuD #3.10** ********************************************************************