|
Communications of the ACM, Vol. 34, No. 3, March 1991, pp. 24-43. The United States vs. Craig Neidorf A Viewpoint on Electronic Publishing, Constitutional Rights, and Hacking Dorothy E. Denning ``Congress shall make no laws ... abridging the freedom of speech, or of the press; or the right of the people peacefully to assemble ...'' First Amendment ``The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated ...'' Fourth Amendment ``No person shall be ... deprived of life, liberty, or property, without due process of law ...'' Fifth Amendment 1. Introduction In 1983, the media publicized a series of computer break-ins by teenagers in Wisconsin, the so-called ``414 hackers.'' At about the same time, the popular movie Wargames depicted a computer wizard gaining access to the North American Air Defense (NORAD) Command in Cheyenne Mountain, Colorado and almost triggering a nuclear war by accident. Since then, a stereotype of a computer ``hacker'' [foot 1] has emerged -- unscrupulous young people who use their computer skills to break into systems, steal information and computer and telecommunication resources, and disrupt operations without regard for the owners and users of the systems. Well-publicized incidents such as the Internet worm [Spafford 89] and the German hackers who broke into unclassified defense systems and sold information to the KGB [Stoll 90] have reinforced that stereotype and prompted policy makers and law enforcers to crack down on illegal hacking. In May 1990, 150 Secret Service agents executed 27 search warrants and seized 40 systems as part of Operation Sun Devil, a two-year investigation led by Arizona prosecutors into incidents estimated to have cost companies millions of dollars. Another investigation involving prosecutors in Atlanta and Chicago led to several indictments. Reports on some of the seizures and indictments provoked an outcry from people in the computer industry who perceived the actions taken by law enforcers as a threat to constitutional rights. One case in particular that was cited as an example of threats against freedom of the electronic press was that of Craig Neidorf, a college student accused by the U. S. Government of fraud and interstate transportation of stolen property regarding a document published in his electronic newsletter, Phrack. The trial began on July 23, 1990, and ended suddenly on July 27 when the government dropped the charges. I attended the trial as an expert witness for the defense. I will first discuss the case, and then turn to several larger issues related to it and to the crackdown. 2. Overview of the Case Craig Neidorf is a pre-law student at the University of Missouri. At age 13, he got interested in computers, which developed from an earlier intense interest in Atari 2600 and other video games. At 14, he adopted the handle Knight Lightning on computer networks and bulletin boards. At 16, he and a childhood friend started an electronic newsletter called Phrack. The name was composed from the words ``phreak'' and ``hack,'' which refer to telecommunications systems (``phreaking'') and computer systems (``hacking''). To Phrack readers and contributors, phreaking and hacking covered both legal and illegal activities, and some of the articles in Phrack provided information that could be useful for someone trying to gain access to a system or free use of telecommunications lines. To some law enforcers and computer security professionals, Phrack was seen as a possible breeding ground for computer criminals. They found issues of Phrack among the evidence of cases under investigation, and a hacker told them that Phrack had provided information that helped him get started. Phrack published thirty issues from November, 1985 through 1989. Neidorf's main role with the newsletter was editor of a column called ``Phrack World News.'' In addition, he was the publisher of issue 14, and co-editor/publisher of issues 20-30. As publisher, he solicited articles from authors, assembled the articles he received into an issue, and distributed the issue to an electronic mailing list. On January 18, 1990, Neidorf received a visit from Special Agent Tim Foley of the Secret Service and a representative of Southwestern Bell Security regarding a document about the Enhanced 911 (E911) emergency system. This document, which was in the form of a computer text file, had been published in Issue 24 of Phrack. During this visit, Neidorf, believing he had done nothing wrong, cooperated and turned over information. The next day, the visitors returned with a representative from the campus police and a search warrant. Neidorf was also asked to contact the U. S. Attorney's office in Chicago. He did, and on January 29 he went to their offices, accompanied by a lawyer, for further interrogation. Again, he turned over information and answered their questions. Neither he nor his attorney were informed that four days earlier evidence had been presented to a federal grand jury in Chicago for the purpose of indicting him. On February 1, the grand jury was given additional evidence and charged Neidorf with 6 counts in an indictment for wire fraud, computer fraud, and interstate transportation of stolen property valued at $5000 or more. In June, the grand jury met again and issued a new indictment that dropped the computer fraud charges, but added additional counts of wire fraud. Neidorf was now charged with 10 felony counts carrying a maximum penalty of 65 years in prison. The indictment centered on the publication of the E911 text file in Phrack. The government claimed that the E911 text file was a highly proprietary and sensitive document belonging to BellSouth and worth $23,900. They characterized the document as a road map to the 911 system, and claimed that its publication in Phrack allowed hackers to illegally manipulate the 911 computer systems in order to disrupt or halt 911 service. They further claimed that the document had been stolen from BellSouth by Robert Riggs, also known as The Prophet, and that the theft and publication of the document in Phrack was part of a fraudulent scheme devised by Neidorf and members of the hacking group Legion of Doom, of which Riggs was a member. The object of the scheme was to break into computer systems in order to obtain sensitive documents and then make the stolen documents available to computer hackers by publishing the documents in Phrack. The government claimed that as part of the fraudulent scheme, Neidorf solicited information on how to illegally access computers and telecommunication systems for publication in Phrack as ``hacker tutorials.'' The term ``hacker'' was defined in the indictment as an individual ``involved with the unauthorized access of computer systems by various means.'' On May 21, Neidorf called me to request a copy of my paper about hackers, which I was preparing for the National Computer Security Conference [Denning 90]. Although I had not talked with him before that, I knew who he was because I had been following his case in the Computer Underground Digest, an electronic newsletter, and in various Usenet bulletin boards. Based on what I had read, which included the E911 file as published in Phrack, I did not see how the E911 file could be used to break into the 911 system or, for that matter, any computer system. I was concerned that Neidorf may have been wrongly indicted. I was also concerned that a wrongful conviction -- a distinct possibility in a highly technical trial -- could have a negative impact on electronic publication. In late June, I received another phone call, this time from Neidorf's attorney, Sheldon Zenner of the firm Katten, Muchin & Zavis in Chicago. After several conversations with Neidorf and Zenner, I agreed to be an expert witness and provide assistance throughout the trial. Zenner told me that John Nagle, an independent computer scientist in Menlo Park, California, had gathered articles, reports, and books on the E911 system from the Stanford University library and local bookstores, and by dialing a Bellcore 800 number. After Nagle showed me the published documents, I agreed with his conclusion that Phrack did not give away any secrets. Nagle was also planning to go to Chicago to help with the defense and possibly testify. Meanwhile, I gathered articles, books, and programs that showed that there are as many materials in the public domain that are at least as useful for breaking into systems as anything published in Phrack. Some of these are referenced in Section 4. 3. The Trial The trial began on July 23, 1990 in Chicago's District Court for the Northern District of Illinois. It was expected to last two weeks, with the government presenting their case during the first week. I helped prepare the cross examinations of the government's witnesses and expected to testify sometime during the second week. After a day of jury selection, the trial began with Assistant U. S. Attorney William Cook making the opening remarks for the prosecution. Cook reviewed the government claims, weaving a tale of conspiracy between Neidorf, Riggs, and members of the Legion of Doom who had broken into BellSouth computers. Zenner then presented his opening remarks for the defense. He reviewed Neidorf's history and involvement with Phrack, noting that the goal of Phrack was the free exchange of information. He challenged the claims of the government and outlined the case for the defense. He noted how the government had indicted Neidorf despite his extensive cooperation with them. He said that Neidorf believed that his actions were covered by the First Amendment, and that his beliefs were formed from college classes he took as a pre-law student on constitutional law and civil liberties. The government's witnesses up through Thursday afternoon included Riggs, Foley, and employees of Bellcore and of BellSouth and its subsidiaries. The evidence brought out during the examination and cross-examination of these witnesses showed that the E911 text file was not the highly sensitive and secret document that BellSouth had claimed, that BellSouth had not treated the document as though it were, and that Neidorf had not conspired with Riggs. Although this seemed like cause for optimism, Zenner reminded us that the government loses very few cases. On Friday morning, I arrived at the law offices to learn that the government had been talking with Zenner about dropping the felony charges in exchange for a guilty plea to a misdemeanor. Neidorf, however, would not accept a charge for something he had not done. Meanwhile, Zenner was meeting with the U. S. attorneys. I went to the court room, where Zenner told me that the government was now considering dropping all charges. Zenner was willing to lay out the case for the defense to the prosecution, and asked Nagle and me to go to the U. S. Attorney's office and answer all their questions. We went, and Cook went through the E911 file paragraph by paragraph asking us for evidence that the material was in the public domain. Nagle answered most of the questions, pointing Cook to the relevant public documents and demonstrating that the E911 Phrack file did not give away any secrets. We then went to the court room to await the final decision. Shortly thereafter, the court resumed, and Judge Nicholas Bua announced the government's decision to drop charges, dismissed the jury, and declared a mistrial. Five of the jurors were asked to remain and were interviewed by Bua and both attorneys. At midday, the court adjourned. Although Neidorf was freed of all criminal charges, he was not free of all costs. The trial cost him and his family $100,000. 4. Key Documents The government's case focused on several documents that were published in Phrack or were included in electronic mail between Neidorf and others. These included the E911 text file and Phrack version of that file, the ``hacker tutorials'' published in Phrack Issue 22, a Trojan horse login program, an announcement of The Phoenix Project in Phrack Issue 19, and some email correspondence between Neidorf and Riggs. All these documents were introduced as evidence by the government during the presentation of their case. 4.1 The E911 Text File Riggs testified that sometime during the summer of 1988, he accessed a BellSouth system called AIMSX and downloaded a file with a document issued by BellSouth Services titled ``Control Office Administration of Enhanced 911 Services for Special Services and Major Account Centers,'' Section 660-225-104SV, Issue A, March 1988. The document, which contains administrative information related to E911 service, installation, and maintenance, bears the following notice on the first page: ``Not for use or disclosure outside BellSouth or any of its subsidiaries except under written agreement.'' Sometime prior to September of 1988, Riggs transferred the file to a public UNIX [foot 2] system called Jolnet, where it remained until July 1989. Riggs testified that he sent the E911 text file to Neidorf via email from Jolnet in January 1989 for publication in Phrack. He said he asked Neidorf to edit the file so that it would not be recognizable by BellSouth, and to publish it under the handle ``The Eavesdropper.'' Neidorf removed the non-disclosure notice and deleted names, locations, and telephone numbers, and published it in Phrack Issue 24 on February 24, 1989. The edited document was less than half the size of the original document, and was split into two Phrack files, the first (file 5) containing the main text and the second (file 6) containing the glossary of terms. The government claimed that the E911 text file and Phrack version contained highly sensitive and proprietary information that provided a road map to the 911 system and could be used to gain access to the system and disrupt service. The claim was based on a statement made by an employee of Bellcore. As noted earlier, Nagle had located articles and pamphlets that contained much more information about the E911 system than the Phrack file. During cross examination of the government's witness who was responsible for the practice described in the E911 document, Zenner showed the witness two of these pamphlets available from Bellcore via an 800 number for $13 and $21 respectively. The witness, who had not seen either report before and was generally unfamiliar with the public literature on E911, agreed that the reports also gave road maps to the E911 system and included more information than was in Phrack. The witness also testified that a non-disclosure stamp is routinely put on every BellSouth document when it is first written, thereby weakening any argument that the document contained particularly sensitive trade secrets. The defense was prepared to argue that E911 text file contained no information that was directly useful for breaking into the E911 system or any computer system. There were no dial-up numbers, no network addresses, no accounts, no passwords, and no mention of computer system vulnerabilities. The government claimed that the names, locations, organization phone numbers, and jargon in the E911 text file could be useful for ``social engineering,'' that is, deceiving employees to get information such as computer accounts and passwords. However, the Phrack version omitted the names, locations, and phone numbers, and the jargon was all described in the published literature. Thus, the E911 Phrack file seemed no more useful for social engineering than the related public documents. The defense was also prepared to show that BellSouth had not treated the document as one would expect a document of such alleged sensitivity to be treated. Riggs testified that the account he had used to get into AIMSX had no password. AT&T security was notified in September, 1988, that the E911 text file was sitting publicly available in Riggs's directory on Jolnet, and Bellcore security was notified of this in October. This was two months before Riggs mailed the file to Neidorf for inclusion in Phrack, and about four months before publication in Phrack. Still, no legal action was taken until July of 1989, nine months from the time Bellcore was aware of the file's presence on Jolnet. At that point, Bellcore and BellSouth alleged to the government that a highly sensitive and dangerous document was stolen. They urged the U. S. Secret Service to act immediately because of the purported risk posed by the availability of this ``dangerous'' information. However, they did not tell the Secret Service that they had discovered all of this nine months earlier. The government responded immediately with a subpoena for Jolnet. The defense believed that BellSouth's delay in acting to protect the E911 document was inconsistent with their claim that the document contained sensitive information. To their credit, however, BellSouth did strengthen the security of their systems following the break-ins. 4.2 The Hacker Tutorials The government claimed that three files in Phrack Issue 22 were tutorials for breaking into systems and, as such, evidence of a fraudulent scheme to break into systems, steal documents, and publish them in Phrack. These files, which corresponded to one count of the indictment, were: 4. ``A Novices Guide to Hacking -- 1989 Edition'' by The Mentor. 5. ``An Indepth Guide In Hacking UNIX and The Concept of Basic Networking Utility'' by Red Knight. 6. ``Yet Another File on Hacking Unix'' by Unknown User. Files 4 and 5 of Phrack 22 briefly introduce the art of getting computer access through weak passwords and default accounts, while File 6 contains a password cracking program. Most of file 5 is a description of basic commands in UNIX, which can be found in any UNIX manual. After examining these and other Phrack files, I concluded that Phrack contained no more information about breaking into systems than articles written by computer security specialists and published in journals such as the Communications of the ACM, AT&T Bell Technical Journal, Information Age, and UNIX/WORLD, and in books. For example, Cliff Stoll's popular book ``The Cuckoo's Egg'' [Stoll 90] has been characterized as a ``primer on hacking.'' Information that could be valuable for breaking passwords is given in the 1979 paper on password vulnerabilities by Morris and Thompson of Bell Laboratories [Morris & Thompson 79]. A recent article by Spafford gives details on the workings of the Internet worm [Spafford 89]. Password cracking programs are publicly available intentionally so that system managers can run them against their own password files in order to discover weak passwords. An example is the password cracker in COPS, a package that checks a UNIX system for different types of vulnerabilities. The complete package can be obtained by anonymous FTP from ftp.uu.net. Like the password cracker published in Phrack, the COPS cracker checks whether any of the words in an on-line dictionary correspond to a password in the password file. Another file that the prosecution brought into evidence during the trial was file 6 in Phrack Issue 26, ``Basic Concepts of Translation,'' by The Dead Lord and The Chief Executive Officers. This file, which described translation in ESS (Electronic Switching System) switches, contained a phrase ``Anyone want to throw the ESS switch into an endless loop????'' in a section on indirect addressing in an index table. This remark can be interpreted as a joke, but even if were not, the information in the article seems no worse than Ritchie's code for crashing a system, which is published in the UNIX Programmer's Manual with the comment ``Here is a particularly ghastly shell sequence guaranteed to stop the system: ...'' [Ritchie]. The government's claims that these files were part of a fraudulent scheme were disproved by Riggs's testimony and email (discussed later) showing that Neidorf and Riggs had not conspired to commit fraud by stealing property and publishing stolen documents. By publishing articles that expose system vulnerabilities, Phrack, in one sense, is not unlike some professional publications such as those of the ACM. The ACM has encouraged such articles on the grounds that in the long term, the knowledge of vulnerabilities will lead to the design of systems that are resistant to attacks and failures. But, there is an important difference between the two publications. ACM explicitly states that it does not condone unauthorized use or disruption of systems, it discourages authors of articles about vulnerabilities from writing in a way that makes attacks seem like a worthy activity, and it declines to publish an article that appears to endorse attacks of any kind. In addition, the ACM is willing to delay publication of an article for a short time if publishing the information could make existing systems subject to attack. By comparison, Phrack appears to encourage people to explore system vulnerabilities. In ``A Novice's Guide to Hacking,'' The Mentor gives eleven guidelines to hacking. The last says ``Finally, you have to actually hack. ... There's no thrill quite the same as getting into your first system ...'' Although the guidelines tell the reader ``Do not intentionally damage *any* system'', they also tell the reader to alter those system files ``needed to ensure your escape from detection and your future access.'' [foot 3]. The wording can be interpreted as encouraging unauthorized but non-malicious break-ins. Thus, whereas reading Phrack could lead one to the assessment that it promotes illegal break-ins, reading an ACM publication is likely to lead to the assessment that it discourages such acts and promotes protective actions. The actual effect of either publication on illegal activities or computer security, however, is much more difficult to determine, especially since both publications are available to anyone. Computer security specialists who read Phrack may have found it useful to know what vulnerabilities intruders were likely to exploit, while hackers who read the Communications may have learned something new about breaking into systems or implanting viruses. The Phrack reports on people who were arrested may have discouraged some budding young hackers from performing illegal acts; they also may have reminded hackers to take greater measures to cover up their tracks and avoid being caught. Even if Phrack promoted certain illegal actions, this does not make the publication itself illegal. The First Amendment protects such publication unless it poses an imminent danger to society. The threshold for this condition is sufficiently high that, although courts have discussed its theoretical existence, it has never been met. 4.3 The Trojan Horse Login Program The government found a modified version of the AT&T System V 3.2 login program in Neidorf's files. The program, which was modified and sent to Neidorf by someone currently under indictment, was part of the AT&T UNIX source code and had ``copyright'' and ``proprietary'' stamps scattered throughout. The modifications included a Trojan horse that captured accounts and passwords, saving them in a file that could be later retrieved. The government claimed that Neidorf's possession of this program demonstrated his intentions to promote illegal break-ins and the theft of proprietary information. To support their case, they brought into evidence email where Neidorf was relaying messages between two other parties. One party said he had other UNIX sources, including 4.3 BSD Tahoe, and the other asked for the Tahoe source so he could install the login program on some Internet sites. The defense believed that the government's allegations against Neidorf were weak on three grounds. First, like any publisher, the mere receipt of a document is not proof of intent to perform illegal acts. Second, after observing that the source code contained notices that the code was copyrighted and proprietary, Neidorf asked someone at Bellcore security for advice on what to do. These actions added credibility to his claim that he had no intent to perform illegal acts and that he did not know that publishing the E911 text file could be illegal. Although the E911 file had a non-disclosure notice, the notice did not contain the words ``copyright'' or ``proprietary.'' Third, how to write a Trojan horse login program is no secret. For example, such programs have been published in Stoll's book [Stoll 90] and an article by Grampp and Morris [Grampp & Morris 84]. Also, in his ACM Turing lecture, Ken Thompson, one of the Bell Labs co-authors of UNIX, showed how to create a powerful Trojan horse that would allow its author to log onto any account with either the password assigned to the account or a password chosen by the author [Thompson 84]. Thompson's Trojan horse had the additional property of being undetectable in the login source code. This was achieved by modifying the C-compiler so that it would compile the Trojan horse into the login program. 4.4 The Phoenix Project and Email Correspondence Issue 19, File 7 of Phrack announced ``The Phoenix Project,'' and portrayed it as a new beginning to the phreak/hack community where ``Knowledge is the key to the future and it is FREE. The telecommunications and security industries can no longer withhold the right to learn, the right to explore, or the right to have knowledge.'' The new beginning was to take place at SummerCon '88 in St. Louis. The government claimed that this announcement was the beginning of the fraudulent scheme to solicit and publish information on how to access systems illegally, and its publication accounted for one of the counts in the indictment. Yet, the announcement explicitly says ``The new age is here and with the use of every *LEGAL* means available, the youth of today will be able to teach the youth of tomorrow. ... the practice of passing illegal information is not a part of this convention.'' Security consultants and law enforcers were invited to attend SummerCon. Although Neidorf was not charged with any crimes in 1988, the Secret Service sent undercover agents to SummerCon '88 to observe the meeting. They secretly video-taped Neidorf and others through a two-way mirror during the conference for fifteen hours. What did they record? A few minors drinking beer and eating pizza. Zenner asked to introduce these tapes as evidence for the defense, but the prosecution objected and Judge Bua sustained their objection. Two counts of the indictment involved email messages from Neidorf to Riggs and ``Scott C.'' These messages, which were also alleged to be part of the fraudulent scheme, were basically discussions of particular individuals, mainly members of the Legion of Doom. The messages contained no plots to defraud any organization and no solicitations for illegal information. 5. Rights and Responsibilities Neidorf's indictment came in the midst of a two-year investigation of illegal activity that involved the FBI, Secret Service, and other federal and local law enforcement agencies. As part of the investigation, the government seized over forty systems and 23,000 disks. Several bulletin board systems were shut down in the process, including the Jolnet system on which Riggs stored the E911 document. In most cases, no charges have yet been made against the person owning the equipment, and equipment that seemed to have little bearing on any illegal activity, such as a phone answering machine, was sometimes included in the haul. The Phrack case and computer seizures raised concerns about freedom of the press, protection from unnecessary searches and seizures, and the liabilities and responsibilities of system operators and owners. In this section, I shall discuss these issues and give some of my personal opinions about them. 5.1 Electronic Publications Some observers interpreted Neidorf's indictment as a threat to freedom of the press in the electronic media. The practice of publishing materials obtained by questionable means is common in the news media, and publication of the E911 file in Phrack was compared with publication of the Pentagon Papers in the New York Times and Washington Post. The government had tried unsuccessfully to stop publication of the Pentagon Papers, arguing that publication would threaten national security. The Supreme Court held that such action would constitute a ``prior restraint'' on the press, prohibited by the First Amendment. It threfore surprises me that there is any doubt that electronic publications should be accorded the same protection as printed ones. Shortly before the Phrack case came to trial, Mitchell Kapor and John Barlow founded the Electronic Frontier Foundation (EFF) in order to help raise public awareness about civil liberties issues and to support actions in the public interest to preserve and protect constitutional rights within the electronic media. The EFF hired the services of Terry Gross, attorney with the New York law firm Rabinowitz, Boudin, Krinsky & Lieberman, to provide legal advice for the Phrack case; Gross submitted two friend-of-the-court briefings seeking to have the indictment dismissed because it threatened constitutionally protected speech. The trial court judge denied EFF's motion, but as it turned out, the charges were dropped before the issue was seriously discussed during the Neidorf trial. Although certain information may be published legally, authors and publishers should consider how such information might be interpreted and used. In the case of hacker publications, the majority of readers are impressionable young people who are the foundation of the future. Articles which encourage illegal break-ins or contain information obtained thusly should not simply be dismissed as proper just because they are protected under First Amendment rights. 5.2 Searches and Seizures The seizures of bulletin boards and other systems raised questions about the rights of the government to take property and retain it for an extended period of time when no charges have been made. At least one small business, Steve Jackson Games, claims to have suffered a serious loss as a result of having equipment confiscated for over three months. According to Jackson, the Secret Service raid cost his company $125,000, and he had to lay off almost half of his employees since all of the information about their next product, a game called GURPS CYBERPUNK, was on the confiscated systems. Some of the company's equipment was severely damaged, and data was lost. No charges have been made. Seizing a person's computer system can be comparable to taking every document and piece of correspondence in that person's office and home. It can shut down a business. Moreover, by taking the system, the government has the capability to read electronic mail and files unrelated to the investigation; such broad seizures of paper documents are generally not approved by judges issuing search warrants. For these reasons, it has been suggested that the government not be allowed to take complete systems, but only the files related to the investigation. In most cases, this seems impractical. There may be megabytes or even gigabytes of information stored on disks, and it takes time to scan through that much information. In addition, the system may have non-standard hardware or software, making it extremely difficult to transfer the data to another machine and process it. Similarly, if a computer is seized without its printer, it may be extremely difficult to print out files. Finally, originals are needed for evidence in court, and the evidence must be protected up to the time of trial. However, if the government can be reasonably confident that the owner of the system has not participated in or condoned the activities under investigation, then it may be practical for the government to issue a subpoena for certain files rather than seize the entire system. When a complete system is seized, it seems reasonable that the government be required under court order to provide copies of files to the owner at the owner's request and expense within some time limit, say one week or one month. If a system shared by multiple users is seized, the search should be restricted to mail and files belonging to the users under investigation. 5.3 Liabilities and Responsibilities of System Operators and Owners The bulletin board seizures sent a chill through the legitimate network community, raising questions about the liabilities of an operator of a bulletin board or of any system. Operators of these boards asked if they needed to check all information passing through the system to make sure there is nothing that could be interpreted as a stolen, proprietary document or as part of a fraudulent scheme. Computer bulletin boards have been referred to metaphorically as electronic meeting places where assembly of people is not constrained by time or distance. Public boards are also a form of electronic publication. It would seem, therefore, that they are protected by the constitution in the same way that public meeting places and non-electronic publications such as newspapers are protected. This, of course, does not necessarily mean they should be free of all controls, just as public meetings are not entirely free of control. Bulletin board systems often provide private directories and electronic mail. Private mail and files should be given the same protections from surveillance and seizure as First Class Mail and private discussions that take place in homes or businesses. I believe the Electronic Communications Privacy Act provides this protection. The E911 text file was obtained from a system with a null password. While this does not excuse the person who got into the system and copied the file, I believe that system owners should take greater measures to prevent break-ins and unauthorized use of their systems. There are known practices for protecting systems. While none of these is foolproof, they will with high probability keep intruders out and detect those that enter. Although the risks associated with insecure systems may not have been great until recently, thereby justifying weak security in favor of allocating more resources for other purposes, the risks are now sufficiently great that weak security is inexcusable for many environments. Moreover, system owners may be vulnerable to lawsuits if they do not have adequate protection for customer information or for life-critical operations such as patient monitoring or traffic control. Our current laws allow a person to be convicted of a felony for simply entering a system through an account without a password. I recommend that we consider adopting a policy where unauthorized entry into a system is at most a misdemeanor if certain standards have not followed by the owner of the system and the damage to information on the system is not high. However, I recognize that it may be very difficult to set appropriate standards and to determine whether an organization has adhered to them. I also recommend we consider establishing a range of offenses, possibly along the lines of those in the U. K. Computer Misuse Act, which became effective in August, 1990: - Unauthorized access: seeking to enter a computer system knowing that the entry is unauthorized. Punishable by up to six months imprisonment. - Unauthorized access in furtherance of a more serious crime. Punishable by up to five years imprisonment. - Unauthorized modification of computer material: introducing viruses, Trojan horses, etc., or causing malicious damage to computer files. Punishable by up to five years imprisonment. 6. Conclusions Making a sound assessment of the claims made in the Phrack case requires expertise in the domains of computers, the UNIX system, computer security, phone systems, and the public literature. Whereas Zenner brought in outside technical expertise to help with the defense, the prosecution relied on experts belonging to the victim, namely, employees of Bell. The indictment and costly trial may have been avoided if the government had consulted neutral experts before deciding whether to pursue the charges. The professional community represented by ACM may be a good source of such help. In the context of the new milieu created by computers and networks, a new form of threat has emerged -- the computer criminal capable of damaging or disrupting the electronic infrastructure, invading people's privacy, and performing industrial espionage. While the costs associated with these crimes may be small compared with computer crimes caused by company employees and former employees, the costs are growing and are becoming significant. For many young computer enthusiasts, illegal break-ins and phreaking are a juvenile activity that they outgrow as they see the consequences of their actions in the world. However, a significant number of these hackers may go on to become serious computer criminals. To design an intervention that will discourage people from entering into criminal acts, we must first understand the hacker culture since it reveals the concerns of hackers that must be taken into account. We must also understand the concerns of companies and law enforcers. We must understand how all these perspectives interact. The 1985 ACM Panel on Hacking [Lee 86] offered several suggestions for actions that could be taken to reduce illegal hacking, and my own investigation confirmed these while speculating about others [Denning 90]. Teaching computer ethics may help, and I applaud recent efforts on the part of computer professionals and educators to bring computer ethics not only into the classroom, but into their professional forums for discussion. Acknowledgments Special thanks to Chuck Bushey, Peter Denning, Jef Gibson, Cynthia Hibbard, Steve Lipner, Craig Neidorf, Mike Schroeder, and Sheldon Zenner for many helpful suggestions; to Pete Mellor for information about the U. K. laws; and to my many friends and colleagues who patiently educate me in areas where I am vulnerable to my own blindness. The views here are my own and do not represent those of my employer. References [Denning 90] Dorothy E. Denning, ``Concerning Hackers Who Break Into Computer Systems,'' Proc. of the 13th National Computer Security Conf., Oct. 1990. [Grampp & Morris 84] F. T. Grampp and R. H. Morris, ``UNIX Operating System Security,'' AT&T Bell Laboratories Technical Journal, Vol. 63, No. 8, Oct. 1984. [Lee 86] John A. N. Lee, Gerald Segal, and Rosalie Stier, ``Positive Alternatives: A Report on an ACM Panel on Hacking,'' Comm. ACM, Vol. 29, No. 4, April 1986, p. 297-299; full report available from ACM Headquarters, New York. [Morris & Thompson 79] Robert Morris and Ken Thompson, ``Password Security: A Case History,'' Comm. ACM, Vol. 22, No. 11, Nov. 1979. [Ritchie] Dennis Ritchie, ``On the Security of UNIX,'' UNIX Programmer's Manual, Section 2, AT&T Bell Laboratories. [Spafford 89] Eugene H. Spafford, ``The Internet Worm: Crisis and Aftermath,'' Comm. ACM, Vol. 32, No. 6, June 1989. [Stoll 90] Clifford Stoll, The Cuckoo's Egg, Doubleday, 1990. [Thompson 84] Ken Thompson, ``Reflections on Trusting Trust,'' Turing Award Lecture, Comm. ACM, Vol. 27, No. 8, p. 761-763. Footnotes 1. The term ``hacker'' originally meant anyone with a keen interest in learning about computer systems and using them in novel and clever ways. Many computer enthusiasts still call themselves hackers in this non-pejorative sense. 2. UNIX is a trademark of AT&T. 3. Most system managers regard any modification of system files as damage, because they must restore these files to a state that does not permit the intruder to re-enter the system.