this "amateurism," and, for the sake of their public
image in a world of non-computer people, they all
attempt to look as stern and formal and impressive
as possible. These electronic frontier-dwellers
resemble groups of nineteenth-century pioneers
hankering after the respectability of statehood.
There are however, two crucial differences in the
historical experience of these "pioneers" of the
nineteeth and twenty-first centuries.
First, powerful information technology *does*
play into the hands of small, fluid, loosely organized
groups. There have always been "pioneers,"
"hobbyists," "amateurs," "dilettantes," "volunteers,"
"movements," "users' groups" and "blue-ribbon
panels of experts" around. But a group of this kind -
- when technically equipped to ship huge amounts
of specialized information, at lightning speed, to its
members, to government, and to the press -- is
simply a different kind of animal. It's like the
difference between an eel and an electric eel.
The second crucial change is that American
society is currently in a state approaching
permanent technological revolution. In the world of
computers particularly, it is practically impossible to
*ever* stop being a "pioneer," unless you either
drop dead or deliberately jump off the bus. The
scene has never slowed down enough to become
well-institutionalized. And after twenty, thirty, forty
years the "computer revolution" continues to spread,
to permeate new corners of society. Anything that
really works is already obsolete.
If you spend your entire working life as a
"pioneer," the word "pioneer" begins to lose its
meaning. Your way of life looks less and less like an
introduction to "something else" more stable and
organized, and more and more like *just the way
things are.* A "permanent revolution" is really a
contradiction in terms. If "turmoil" lasts long
enough, it simply becomes *a new kind of society* --
still the same game of history, but new players, new
rules.
Apply this to the world of late twentieth-century
law enforcement, and the implications are novel
and puzzling indeed. Any bureaucratic rulebook
you write about computer-crime will be flawed when
you write it, and almost an antique by the time it
sees print. The fluidity and fast reactions of the
FCIC give them a great advantage in this regard,
which explains their success. Even with the best will
in the world (which it does not, in fact, possess) it is
impossible for an organization the size of the U.S.
Federal Bureau of Investigation to get up to speed
on the theory and practice of computer crime. If
they tried to train all their agents to do this, it would
be *suicidal,* as they would *never be able to do
anything else.*
The FBI does try to train its agents in the basics
of electronic crime, at their base in Quantico,
Virginia. And the Secret Service, along with many
other law enforcement groups, runs quite successful
and well-attended training courses on wire fraud,
business crime, and computer intrusion at the
Federal Law Enforcement Training Center (FLETC,
pronounced "fletsy") in Glynco, Georgia. But the
best efforts of these bureaucracies does not remove
the absolute need for a "cutting-edge mess" like the
FCIC.
For you see -- the members of FCIC *are* the
trainers of the rest of law enforcement. Practically
and literally speaking, they are the Glynco
computer-crime faculty by another name. If the
FCIC went over a cliff on a bus, the U.S. law
enforcement community would be rendered deaf
dumb and blind in the world of computer crime, and
would swiftly feel a desperate need to reinvent them.
And this is no time to go starting from scratch.
On June 11, 1991, I once again arrived in
Phoenix, Arizona, for the latest meeting of the
Federal Computer Investigations Committee. This
was more or less the twentieth meeting of this stellar
group. The count was uncertain, since nobody
could figure out whether to include the meetings of
"the Colluquy," which is what the FCIC was called in
the mid-1980s before it had even managed to obtain
the dignity of its own acronym.
Since my last visit to Arizona, in May, the local
AzScam bribery scandal had resolved itself in a
general muddle of humiliation. The Phoenix chief of
police, whose agents had videotaped nine state
legislators up to no good, had resigned his office in a
tussle with the Phoenix city council over the
propriety of his undercover operations.
The Phoenix Chief could now join Gail
Thackeray and eleven of her closest associates in
the shared experience of politically motivated
unemployment. As of June, resignations were still
continuing at the Arizona Attorney General's office,
which could be interpreted as either a New Broom
Sweeping Clean or a Night of the Long Knives Part
II, depending on your point of view.
The meeting of FCIC was held at the Scottsdale
Hilton Resort. Scottsdale is a wealthy suburb of
Phoenix, known as "Scottsdull" to scoffing local
trendies, but well-equipped with posh shopping-
malls and manicured lawns, while conspicuously
undersupplied with homeless derelicts. The
Scottsdale Hilton Resort was a sprawling hotel in
postmodern crypto-Southwestern style. It featured
a "mission bell tower" plated in turquoise tile and
vaguely resembling a Saudi minaret.
Inside it was all barbarically striped Santa Fe
Style decor. There was a health spa downstairs and
a large oddly-shaped pool in the patio. A poolside
umbrella-stand offered Ben and Jerry's politically
correct Peace Pops.
I registered as a member of FCIC, attaining a
handy discount rate, then went in search of the Feds.
Sure enough, at the back of the hotel grounds came
the unmistakable sound of Gail Thackeray holding
forth.
Since I had also attended the Computers
Freedom and Privacy conference (about which more
later), this was the second time I had seen
Thackeray in a group of her law enforcement
colleagues. Once again I was struck by how simply
pleased they seemed to see her. It was natural that
she'd get *some* attention, as Gail was one of two
women in a group of some thirty men; but there was
a lot more to it than that.
Gail Thackeray personifies the social glue of the
FCIC. They could give a damn about her losing her
job with the Attorney General. They were sorry
about it, of course, but hell, they'd all lost jobs. If
they were the kind of guys who liked steady boring
jobs, they would never have gotten into computer
work in the first place.
I wandered into her circle and was immediately
introduced to five strangers. The conditions of my
visit at FCIC were reviewed. I would not quote
anyone directly. I would not tie opinions expressed
to the agencies of the attendees. I would not (a
purely hypothetical example) report the
conversation of a guy from the Secret Service talking
quite civilly to a guy from the FBI, as these two
agencies *never* talk to each other, and the IRS
(also present, also hypothetical) *never talks to
anybody.*
Worse yet, I was forbidden to attend the first
conference. And I didn't. I have no idea what the
FCIC was up to behind closed doors that afternoon.
I rather suspect that they were engaging in a frank
and thorough confession of their errors, goof-ups
and blunders, as this has been a feature of every
FCIC meeting since their legendary Memphis beer-
bust of 1986. Perhaps the single greatest attraction
of FCIC is that it is a place where you can go, let your
hair down, and completely level with people who
actually comprehend what you are talking about.
Not only do they understand you, but they *really
pay attention,* they are *grateful for your insights,*
and they *forgive you,* which in nine cases out of
ten is something even your boss can't do, because as
soon as you start talking "ROM," "BBS," or "T-1
trunk," his eyes glaze over.
I had nothing much to do that afternoon. The
FCIC were beavering away in their conference
room. Doors were firmly closed, windows too dark to
peer through. I wondered what a real hacker, a
computer intruder, would do at a meeting like this.
The answer came at once. He would "trash" the
place. Not reduce the place to trash in some orgy of
vandalism; that's not the use of the term in the
hacker milieu. No, he would quietly *empty the
trash baskets* and silently raid any valuable data
indiscreetly thrown away.
Journalists have been known to do this.
(Journalists hunting information have been known
to do almost every single unethical thing that
hackers have ever done. They also throw in a few
awful techniques all their own.) The legality of
'trashing' is somewhat dubious but it is not in fact
flagrantly illegal. It was, however, absurd to
contemplate trashing the FCIC. These people knew
all about trashing. I wouldn't last fifteen seconds.
The idea sounded interesting, though. I'd been
hearing a lot about the practice lately. On the spur
of the moment, I decided I would try trashing the
office *across the hall* from the FCIC, an area
which had nothing to do with the investigators.
The office was tiny; six chairs, a table....
Nevertheless, it was open, so I dug around in its
plastic trash can.
To my utter astonishment, I came up with the
torn scraps of a SPRINT long-distance phone bill.
More digging produced a bank statement and the
scraps of a hand-written letter, along with gum,
cigarette ashes, candy wrappers and a day-old-issue
of USA TODAY.
The trash went back in its receptacle while the
scraps of data went into my travel bag. I detoured
through the hotel souvenir shop for some Scotch
tape and went up to my room.
Coincidence or not, it was quite true. Some poor
soul had, in fact, thrown a SPRINT bill into the
hotel's trash. Date May 1991, total amount due:
$252.36. Not a business phone, either, but a
residential bill, in the name of someone called
Evelyn (not her real name). Evelyn's records showed
a ## PAST DUE BILL ##! Here was her nine-digit
account ID. Here was a stern computer-printed
warning:
"TREAT YOUR FONCARD AS YOU WOULD ANY
CREDIT CARD. TO SECURE AGAINST FRAUD,
NEVER GIVE YOUR FONCARD NUMBER OVER
THE PHONE UNLESS YOU INITIATED THE
CALL. IF YOU RECEIVE SUSPICIOUS CALLS
PLEASE NOTIFY CUSTOMER SERVICE
IMMEDIATELY!"
I examined my watch. Still plenty of time left for
the FCIC to carry on. I sorted out the scraps of
Evelyn's SPRINT bill and re-assembled them with
fresh Scotch tape. Here was her ten-digit
FONCARD number. Didn't seem to have the ID
number necessary to cause real fraud trouble.
I did, however, have Evelyn's home phone
number. And the phone numbers for a whole crowd
of Evelyn's long-distance friends and acquaintances.
In San Diego, Folsom, Redondo, Las Vegas, La Jolla,
Topeka, and Northampton Massachusetts. Even
somebody in Australia!
I examined other documents. Here was a bank
statement. It was Evelyn's IRA account down at a
bank in San Mateo California (total balance
$1877.20). Here was a charge-card bill for $382.64.
She was paying it off bit by bit.
Driven by motives that were completely
unethical and prurient, I now examined the
handwritten notes. They had been torn fairly
thoroughly, so much so that it took me almost an
entire five minutes to reassemble them.
They were drafts of a love letter. They had been
written on the lined stationery of Evelyn's employer,
a biomedical company. Probably written at work
when she should have been doing something else.
"Dear Bob," (not his real name) "I guess in
everyone's life there comes a time when hard
decisions have to be made, and this is a difficult one
for me -- very upsetting. Since you haven't called
me, and I don't understand why, I can only surmise
it's because you don't want to. I thought I would
have heard from you Friday. I did have a few
unusual problems with my phone and possibly you
tried, I hope so.
"Robert, you asked me to 'let go'..."
The first note ended. *Unusual problems with
her phone?* I looked swiftly at the next note.
"Bob, not hearing from you for the whole
weekend has left me very perplexed..."
Next draft.
"Dear Bob, there is so much I don't understand
right now, and I wish I did. I wish I could talk to you,
but for some unknown reason you have elected not
to call -- this is so difficult for me to understand..."
She tried again.
"Bob, Since I have always held you in such high
esteem, I had every hope that we could remain good
friends, but now one essential ingredient is missing -
- respect. Your ability to discard people when their
purpose is served is appalling to me. The kindest
thing you could do for me now is to leave me alone.
You are no longer welcome in my heart or home..."
Try again.
"Bob, I wrote a very factual note to you to say
how much respect I had lost for you, by the way you
treat people, me in particular, so uncaring and cold.
The kindest thing you can do for me is to leave me
alone entirely, as you are no longer welcome in my
heart or home. I would appreciate it if you could
retire your debt to me as soon as possible -- I wish no
link to you in any way. Sincerely, Evelyn."
Good heavens, I thought, the bastard actually
owes her money! I turned to the next page.
"Bob: very simple. GOODBYE! No more mind
games -- no more fascination -- no more coldness --
no more respect for you! It's over -- Finis. Evie"
There were two versions of the final brushoff
letter, but they read about the same. Maybe she
hadn't sent it. The final item in my illicit and
shameful booty was an envelope addressed to "Bob"
at his home address, but it had no stamp on it and it
hadn't been mailed.
Maybe she'd just been blowing off steam
because her rascal boyfriend had neglected to call
her one weekend. Big deal. Maybe they'd kissed
and made up, maybe she and Bob were down at
Pop's Chocolate Shop now, sharing a malted. Sure.
Easy to find out. All I had to do was call Evelyn
up. With a half-clever story and enough brass-
plated gall I could probably trick the truth out of her.
Phone-phreaks and hackers deceive people over the
phone all the time. It's called "social engineering."
Social engineering is a very common practice in the
underground, and almost magically effective.
Human beings are almost always the weakest link in
computer security. The simplest way to learn Things
You Are Not Meant To Know is simply to call up
and exploit the knowledgeable people. With social
engineering, you use the bits of specialized
knowledge you already have as a key, to manipulate
people into believing that you are legitimate. You
can then coax, flatter, or frighten them into revealing
almost anything you want to know. Deceiving
people (especially over the phone) is easy and fun.
Exploiting their gullibility is very gratifying; it makes
you feel very superior to them.
If I'd been a malicious hacker on a trashing
raid, I would now have Evelyn very much in my
power. Given all this inside data, it wouldn't take
much effort at all to invent a convincing lie. If I were
ruthless enough, and jaded enough, and clever
enough, this momentary indiscretion of hers --
maybe committed in tears, who knows -- could cause
her a whole world of confusion and grief.
I didn't even have to have a *malicious* motive.
Maybe I'd be "on her side," and call up Bob instead,
and anonymously threaten to break both his
kneecaps if he didn't take Evelyn out for a steak
dinner pronto. It was still profoundly *none of my
business.* To have gotten this knowledge at all was
a sordid act and to use it would be to inflict a sordid
injury.
To do all these awful things would require
exactly zero high-tech expertise. All it would take
was the willingness to do it and a certain amount of
bent imagination.
I went back downstairs. The hard-working FCIC,
who had labored forty-five minutes over their
schedule, were through for the day, and adjourned
to the hotel bar. We all had a beer.
I had a chat with a guy about "Isis," or rather
IACIS, the International Association of Computer
Investigation Specialists. They're into "computer
forensics," the techniques of picking computer-
systems apart without destroying vital evidence.
IACIS, currently run out of Oregon, is comprised of
investigators in the U.S., Canada, Taiwan and
Ireland. "Taiwan and Ireland?" I said. Are *Taiwan*
and *Ireland* really in the forefront of this stuff?
Well not exactly, my informant admitted. They just
happen to have been the first ones to have caught
on by word of mouth. Still, the international angle
counts, because this is obviously an international
problem. Phone-lines go everywhere.
There was a Mountie here from the Royal
Canadian Mounted Police. He seemed to be having
quite a good time. Nobody had flung this Canadian
out because he might pose a foreign security risk.
These are cyberspace cops. They still worry a lot
about "jurisdictions," but mere geography is the
least of their troubles.
NASA had failed to show. NASA suffers a lot
from computer intrusions, in particular from
Australian raiders and a well-trumpeted Chaos
Computer Club case, and in 1990 there was a brief
press flurry when it was revealed that one of NASA's
Houston branch-exchanges had been systematically
ripped off by a gang of phone-phreaks. But the
NASA guys had had their funding cut. They were
stripping everything.
Air Force OSI, its Office of Special
Investigations, is the *only* federal entity dedicated
full-time to computer security. They'd been
expected to show up in force, but some of them had
cancelled -- a Pentagon budget pinch.
As the empties piled up, the guys began joshing
around and telling war-stories. "These are cops,"
Thackeray said tolerantly. "If they're not talking
shop they talk about women and beer."
I heard the story about the guy who, asked for "a
copy" of a computer disk, *photocopied the label on
it.* He put the floppy disk onto the glass plate of a
photocopier. The blast of static when the copier
worked completely erased all the real information
on the disk.
Some other poor souls threw a whole bag of
confiscated diskettes into the squad-car trunk next
to the police radio. The powerful radio signal
blasted them, too.
We heard a bit about Dave Geneson, the first
computer prosecutor, a mainframe-runner in Dade
County, turned lawyer. Dave Geneson was one guy
who had hit the ground running, a signal virtue in
making the transition to computer-crime. It was
generally agreed that it was easier to learn the world
of computers first, then police or prosecutorial work.
You could take certain computer people and train
'em to successful police work -- but of course they
had to have the *cop mentality.* They had to have
street smarts. Patience. Persistence. And
discretion. You've got to make sure they're not hot-
shots, show-offs, "cowboys."
Most of the folks in the bar had backgrounds in
military intelligence, or drugs, or homicide. It was
rudely opined that "military intelligence" was a
contradiction in terms, while even the grisly world of
homicide was considered cleaner than drug
enforcement. One guy had been 'way undercover
doing dope-work in Europe for four years straight.
"I'm almost recovered now," he said deadpan, with
the acid black humor that is pure cop. "Hey, now I
can say *fucker* without putting *mother* in front
of it."
"In the cop world," another guy said earnestly,
"everything is good and bad, black and white. In the
computer world everything is gray."
One guy -- a founder of the FCIC, who'd been
with the group since it was just the Colluquy --
described his own introduction to the field. He'd
been a Washington DC homicide guy called in on a
"hacker" case. From the word "hacker," he naturally
assumed he was on the trail of a knife-wielding
marauder, and went to the computer center
expecting blood and a body. When he finally
figured out what was happening there (after loudly
demanding, in vain, that the programmers "speak
English"), he called headquarters and told them he
was clueless about computers. They told him
nobody else knew diddly either, and to get the hell
back to work.
So, he said, he had proceeded by comparisons.
By analogy. By metaphor. "Somebody broke in to
your computer, huh?" Breaking and entering; I can
understand that. How'd he get in? "Over the phone-
lines." Harassing phone-calls, I can understand
that! What we need here is a tap and a trace!
It worked. It was better than nothing. And it
worked a lot faster when he got hold of another cop
who'd done something similar. And then the two of
them got another, and another, and pretty soon the
Colluquy was a happening thing. It helped a lot that
everybody seemed to know Carlton Fitzpatrick, the
data-processing trainer in Glynco.
The ice broke big-time in Memphis in '86. The
Colluquy had attracted a bunch of new guys -- Secret
Service, FBI, military, other feds, heavy guys.
Nobody wanted to tell anybody anything. They
suspected that if word got back to the home office
they'd all be fired. They passed an uncomfortably
guarded afternoon.
The formalities got them nowhere. But after the
formal session was over, the organizers brought in a
case of beer. As soon as the participants knocked it
off with the bureaucratic ranks and turf-fighting,
everything changed. "I bared my soul," one veteran
reminisced proudly. By nightfall they were building
pyramids of empty beer-cans and doing everything
but composing a team fight song.
FCIC were not the only computer-crime people
around. There was DATTA (District Attorneys'
Technology Theft Association), though they mostly
specialized in chip theft, intellectual property, and
black-market cases. There was HTCIA (High Tech
Computer Investigators Association), also out in
Silicon Valley, a year older than FCIC and featuring
brilliant people like Donald Ingraham. There was
LEETAC (Law Enforcement Electronic Technology
Assistance Committee) in Florida, and computer-
crime units in Illinois and Maryland and Texas and
Ohio and Colorado and Pennsylvania. But these
were local groups. FCIC were the first to really
network nationally and on a federal level.
FCIC people live on the phone lines. Not on
bulletin board systems -- they know very well what
boards are, and they know that boards aren't secure.
Everyone in the FCIC has a voice-phone bill like you
wouldn't believe. FCIC people have been tight with
the telco people for a long time. Telephone
cyberspace is their native habitat.
FCIC has three basic sub-tribes: the trainers,
the security people, and the investigators. That's
why it's called an "Investigations Committee" with
no mention of the term "computer-crime" -- the
dreaded "C-word." FCIC, officially, is "an
association of agencies rather than individuals;"
unofficially, this field is small enough that the
influence of individuals and individual expertise is
paramount. Attendance is by invitation only, and
most everyone in FCIC considers himself a prophet
without honor in his own house.
Again and again I heard this, with different
terms but identical sentiments. "I'd been sitting in
the wilderness talking to myself." "I was totally
isolated." "I was desperate." "FCIC is the best thing
there is about computer crime in America." "FCIC
is what really works." "This is where you hear real
people telling you what's really happening out there,
not just lawyers picking nits." "We taught each
other everything we knew."
The sincerity of these statements convinces me
that this is true. FCIC is the real thing and it is
invaluable. It's also very sharply at odds with the
rest of the traditions and power structure in
American law enforcement. There probably hasn't
been anything around as loose and go-getting as the
FCIC since the start of the U.S. Secret Service in the
1860s. FCIC people are living like twenty-first-
century people in a twentieth-century environment,
and while there's a great deal to be said for that,
there's also a great deal to be said against it, and
those against it happen to control the budgets.
I listened to two FCIC guys from Jersey compare
life histories. One of them had been a biker in a
fairly heavy-duty gang in the 1960s. "Oh, did you
know so-and-so?" said the other guy from Jersey.
"Big guy, heavyset?"
"Yeah, I knew him."
"Yeah, he was one of ours. He was our plant in
the gang."
"Really? Wow! Yeah, I knew him. Helluva guy."
Thackeray reminisced at length about being
tear-gassed blind in the November 1969 antiwar
protests in Washington Circle, covering them for
her college paper. "Oh yeah, I was there," said
another cop. "Glad to hear that tear gas hit
somethin'. Haw haw haw." He'd been so blind
himself, he confessed, that later that day he'd
arrested a small tree.
FCIC are an odd group, sifted out by
coincidence and necessity, and turned into a new
kind of cop. There are a lot of specialized cops in
the world -- your bunco guys, your drug guys, your
tax guys, but the only group that matches FCIC for
sheer isolation are probably the child-pornography
people. Because they both deal with conspirators
who are desperate to exchange forbidden data and
also desperate to hide; and because nobody else in
law enforcement even wants to hear about it.
FCIC people tend to change jobs a lot. They
tend not to get the equipment and training they
want and need. And they tend to get sued quite
often.
As the night wore on and a band set up in the
bar, the talk grew darker. Nothing ever gets done in
government, someone opined, until there's a
*disaster.* Computing disasters are awful, but
there's no denying that they greatly help the
credibility of FCIC people. The Internet Worm, for
instance. "For years we'd been warning about that --
but it's nothing compared to what's coming." They
expect horrors, these people. They know that
nothing will really get done until there is a horror.
#
Next day we heard an extensive briefing from a
guy who'd been a computer cop, gotten into hot
water with an Arizona city council, and now installed
computer networks for a living (at a considerable
rise in pay). He talked about pulling fiber-optic
networks apart.
Even a single computer, with enough
peripherals, is a literal "network" -- a bunch of
machines all cabled together, generally with a
complexity that puts stereo units to shame. FCIC
people invent and publicize methods of seizing
computers and maintaining their evidence. Simple
things, sometimes, but vital rules of thumb for street
cops, who nowadays often stumble across a busy
computer in the midst of a drug investigation or a
white-collar bust. For instance: Photograph the
system before you touch it. Label the ends of all the
cables before you detach anything. "Park" the heads
on the disk drives before you move them. Get the
diskettes. Don't put the diskettes in magnetic fields.
Don't write on diskettes with ballpoint pens. Get the
manuals. Get the printouts. Get the handwritten
notes. Copy data before you look at it, and then
examine the copy instead of the original.
Now our lecturer distributed copied diagrams of
a typical LAN or "Local Area Network", which
happened to be out of Connecticut. *One hundred
and fifty-nine* desktop computers, each with its own
peripherals. Three "file servers." Five "star
couplers" each with thirty-two ports. One sixteen-
port coupler off in the corner office. All these
machines talking to each other, distributing
electronic mail, distributing software, distributing,
quite possibly, criminal evidence. All linked by high-
capacity fiber-optic cable. A bad guy -- cops talk a
lot about "bad guys" -- might be lurking on PC #47
or #123 and distributing his ill doings onto some
dupe's "personal" machine in another office -- or
another floor -- or, quite possibly, two or three miles
away! Or, conceivably, the evidence might be
"data-striped" -- split up into meaningless slivers
stored, one by one, on a whole crowd of different disk
drives.
The lecturer challenged us for solutions. I for
one was utterly clueless. As far as I could figure, the
Cossacks were at the gate; there were probably more
disks in this single building than were seized during
the entirety of Operation Sundevil.
"Inside informant," somebody said. Right.
There's always the human angle, something easy to
forget when contemplating the arcane recesses of
high technology. Cops are skilled at getting people
to talk, and computer people, given a chair and
some sustained attention, will talk about their
computers till their throats go raw. There's a case on
record of a single question -- "How'd you do it?" --
eliciting a forty-five-minute videotaped confession
from a computer criminal who not only completely
incriminated himself but drew helpful diagrams.
Computer people talk. Hackers *brag.* Phone-
phreaks talk *pathologically* -- why else are they
stealing phone-codes, if not to natter for ten hours
straight to their friends on an opposite seaboard?
Computer-literate people do in fact possess an
arsenal of nifty gadgets and techniques that would
allow them to conceal all kinds of exotic
skullduggery, and if they could only *shut up* about
it, they could probably get away with all manner of
amazing information-crimes. But that's just not how
it works -- or at least, that's not how it's worked *so
far.*
Most every phone-phreak ever busted has
swiftly implicated his mentors, his disciples, and his
friends. Most every white-collar computer-criminal,
smugly convinced that his clever scheme is
bulletproof, swiftly learns otherwise when, for the
first time in his life, an actual no-kidding policeman
leans over, grabs the front of his shirt, looks him
right in the eye and says: "All right, *asshole* -- you
and me are going downtown!" All the hardware in
the world will not insulate your nerves from these
actual real-life sensations of terror and guilt.
Cops know ways to get from point A to point Z
without thumbing through every letter in some
smart-ass bad-guy's alphabet. Cops know how to
cut to the chase. Cops know a lot of things other
people don't know.
Hackers know a lot of things other people don't
know, too. Hackers know, for instance, how to sneak
into your computer through the phone-lines. But
cops can show up *right on your doorstep* and
carry off *you* and your computer in separate steel
boxes. A cop interested in hackers can grab them
and grill them. A hacker interested in cops has to
depend on hearsay, underground legends, and what
cops are willing to publicly reveal. And the Secret
Service didn't get named "the *Secret* Service"
because they blab a lot.
Some people, our lecturer informed us, were
under the mistaken impression that it was
"impossible" to tap a fiber-optic line. Well, he
announced, he and his son had just whipped up a
fiber-optic tap in his workshop at home. He passed
it around the audience, along with a circuit-covered
LAN plug-in card so we'd all recognize one if we saw
it on a case. We all had a look.
The tap was a classic "Goofy Prototype" -- a
thumb-length rounded metal cylinder with a pair of
plastic brackets on it. From one end dangled three
thin black cables, each of which ended in a tiny
black plastic cap. When you plucked the safety-cap
off the end of a cable, you could see the glass fiber -
- no thicker than a pinhole.
Our lecturer informed us that the metal
cylinder was a "wavelength division multiplexer."
Apparently, what one did was to cut the fiber-optic
cable, insert two of the legs into the cut to complete
the network again, and then read any passing data
on the line by hooking up the third leg to some kind
of monitor. Sounded simple enough. I wondered
why nobody had thought of it before. I also
wondered whether this guy's son back at the
workshop had any teenage friends.
We had a break. The guy sitting next to me was
wearing a giveaway baseball cap advertising the Uzi
submachine gun. We had a desultory chat about
the merits of Uzis. Long a favorite of the Secret
Service, it seems Uzis went out of fashion with the
advent of the Persian Gulf War, our Arab allies
taking some offense at Americans toting Israeli
weapons. Besides, I was informed by another
expert, Uzis jam. The equivalent weapon of choice
today is the Heckler & Koch, manufactured in
Germany.
The guy with the Uzi cap was a forensic
photographer. He also did a lot of photographic
surveillance work in computer crime cases. He
used to, that is, until the firings in Phoenix. He was
now a private investigator and, with his wife, ran a
photography salon specializing in weddings and
portrait photos. At -- one must repeat -- a
considerable rise in income.
He was still FCIC. If you were FCIC, and you
needed to talk to an expert about forensic
photography, well, there he was, willing and able. If
he hadn't shown up, people would have missed him.
Our lecturer had raised the point that
preliminary investigation of a computer system is
vital before any seizure is undertaken. It's vital to
understand how many machines are in there, what
kinds there are, what kind of operating system they
use, how many people use them, where the actual
data itself is stored. To simply barge into an office
demanding "all the computers" is a recipe for swift
disaster.
This entails some discreet inquiries beforehand.
In fact, what it entails is basically undercover work.
An intelligence operation. *Spying,* not to put too
fine a point on it.
In a chat after the lecture, I asked an attendee
whether "trashing" might work.
I received a swift briefing on the theory and
practice of "trash covers." Police "trash covers," like
"mail covers" or like wiretaps, require the agreement
of a judge. This obtained, the "trashing" work of cops
is just like that of hackers, only more so and much
better organized. So much so, I was informed, that
mobsters in Phoenix make extensive use of locked
garbage cans picked up by a specialty high-security
trash company.
In one case, a tiger team of Arizona cops had
trashed a local residence for four months. Every
week they showed up on the municipal garbage
truck, disguised as garbagemen, and carried the
contents of the suspect cans off to a shade tree,
where they combed through the garbage -- a messy
task, especially considering that one of the
occupants was undergoing kidney dialysis. All
useful documents were cleaned, dried and
examined. A discarded typewriter-ribbon was an
especially valuable source of data, as its long one-
strike ribbon of film contained the contents of every
letter mailed out of the house. The letters were
neatly retyped by a police secretary equipped with a
large desk-mounted magnifying glass.
There is something weirdly disquieting about
the whole subject of "trashing" -- an unsuspected
and indeed rather disgusting mode of deep personal
vulnerability. Things that we pass by every day, that
we take utterly for granted, can be exploited with so
little work. Once discovered, the knowledge of these
vulnerabilities tend to spread.
Take the lowly subject of *manhole covers.* The
humble manhole cover reproduces many of the
dilemmas of computer-security in miniature.
Manhole covers are, of course, technological
artifacts, access-points to our buried urban
infrastructure. To the vast majority of us, manhole
covers are invisible. They are also vulnerable. For
many years now, the Secret Service has made a
point of caulking manhole covers along all routes of
the Presidential motorcade. This is, of course, to
deter terrorists from leaping out of underground
ambush or, more likely, planting remote-control car-
smashing bombs beneath the street.
Lately, manhole covers have seen more and
more criminal exploitation, especially in New York
City. Recently, a telco in New York City discovered
that a cable television service had been sneaking
into telco manholes and installing cable service
alongside the phone-lines -- *without paying
royalties.* New York companies have also suffered
a general plague of (a) underground copper cable
theft; (b) dumping of garbage, including toxic waste,
and (c) hasty dumping of murder victims.
Industry complaints reached the ears of an
innovative New England industrial-security
company, and the result was a new product known
as "the Intimidator," a thick titanium-steel bolt with
a precisely machined head that requires a special
device to unscrew. All these "keys" have registered
serial numbers kept on file with the manufacturer.
There are now some thousands of these
"Intimidator" bolts being sunk into American
pavements wherever our President passes, like
some macabre parody of strewn roses. They are
also spreading as fast as steel dandelions around US
military bases and many centers of private industry.
Quite likely it has never occurred to you to peer
under a manhole cover, perhaps climb down and
walk around down there with a flashlight, just to see
what it's like. Formally speaking, this might be
trespassing, but if you didn't hurt anything, and
didn't make an absolute habit of it, nobody would
really care. The freedom to sneak under manholes
was likely a freedom you never intended to exercise.
You now are rather less likely to have that
freedom at all. You may never even have missed it
until you read about it here, but if you're in New
York City it's gone, and elsewhere it's likely going.
This is one of the things that crime, and the reaction
to crime, does to us.
The tenor of the meeting now changed as the
Electronic Frontier Foundation arrived. The EFF,
whose personnel and history will be examined in
detail in the next chapter, are a pioneering civil
liberties group who arose in direct response to the
Hacker Crackdown of 1990.
Now Mitchell Kapor, the Foundation's
president, and Michael Godwin, its chief attorney,
were confronting federal law enforcement *mano a
mano* for the first time ever. Ever alert to the
manifold uses of publicity, Mitch Kapor and Mike
Godwin had brought their own journalist in tow:
Robert Draper, from Austin, whose recent well-
received book about ROLLING STONE magazine
was still on the stands. Draper was on assignment
for TEXAS MONTHLY.
The Steve Jackson/EFF civil lawsuit against the
Chicago Computer Fraud and Abuse Task Force was
a matter of considerable regional interest in Texas.
There were now two Austinite journalists here on the
case. In fact, counting Godwin (a former Austinite
and former journalist) there were three of us. Lunch
was like Old Home Week.
Later, I took Draper up to my hotel room. We
had a long frank talk about the case, networking
earnestly like a miniature freelance-journo version
of the FCIC: privately confessing the numerous
blunders of journalists covering the story, and trying
hard to figure out who was who and what the hell was
really going on out there. I showed Draper
everything I had dug out of the Hilton trashcan. We
pondered the ethics of "trashing" for a while, and
agreed that they were dismal. We also agreed that
finding a SPRINT bill on your first time out was a
heck of a coincidence.
First I'd "trashed" -- and now, mere hours later,
I'd bragged to someone else. Having entered the
lifestyle of hackerdom, I was now, unsurprisingly,
following its logic. Having discovered something
remarkable through a surreptitious action, I of
course *had* to "brag," and to drag the passing
Draper into my iniquities. I felt I needed a witness.
Otherwise nobody would have believed what I'd
discovered....
Back at the meeting, Thackeray cordially, if
rather tentatively, introduced Kapor and Godwin to
her colleagues. Papers were distributed. Kapor took
center stage. The brilliant Bostonian high-tech
entrepreneur, normally the hawk in his own
administration and quite an effective public
speaker, seemed visibly nervous, and frankly
admitted as much. He began by saying he
consided computer-intrusion to be morally wrong,
and that the EFF was not a "hacker defense fund,"
despite what had appeared in print. Kapor chatted
a bit about the basic motivations of his group,
emphasizing their good faith and willingness to
listen and seek common ground with law
enforcement -- when, er, possible.
Then, at Godwin's urging, Kapor suddenly
remarked that EFF's own Internet machine had
been "hacked" recently, and that EFF did not
consider this incident amusing.
After this surprising confession, things began to
loosen up quite rapidly. Soon Kapor was fielding
questions, parrying objections, challenging
definitions, and juggling paradigms with something
akin to his usual gusto.
Kapor seemed to score quite an effect with his
shrewd and skeptical analysis of the merits of telco
"Caller-ID" services. (On this topic, FCIC and EFF
have never been at loggerheads, and have no
particular established earthworks to defend.)
Caller-ID has generally been promoted as a privacy
service for consumers, a presentation Kapor
described as a "smokescreen," the real point of
Caller-ID being to *allow corporate customers to
build extensive commercial databases on
everybody who phones or faxes them.* Clearly, few
people in the room had considered this possibility,
except perhaps for two late-arrivals from US WEST
RBOC security, who chuckled nervously.
Mike Godwin then made an extensive
presentation on "Civil Liberties Implications of
Computer Searches and Seizures." Now, at last, we
were getting to the real nitty-gritty here, real political
horse-trading. The audience listened with close
attention, angry mutters rising occasionally: "He's
trying to teach us our jobs!" "We've been thinking
about this for years! We think about these issues
every day!" "If I didn't seize the works, I'd be sued by
the guy's victims!" "I'm violating the law if I leave
ten thousand disks full of illegal *pirated software*
and *stolen codes!*" "It's our job to make sure
people don't trash the Constitution -- we're the
*defenders* of the Constitution!" "We seize stuff
when we know it will be forfeited anyway as
restitution for the victim!"
"If it's forfeitable, then don't get a search
warrant, get a forfeiture warrant," Godwin suggested
coolly. He further remarked that most suspects in
computer crime don't *want* to see their computers
vanish out the door, headed God knew where, for
who knows how long. They might not mind a search,
even an extensive search, but they want their
machines searched on-site.
"Are they gonna feed us?" somebody asked
sourly.
"How about if you take copies of the data?"
Godwin parried.
"That'll never stand up in court."
"Okay, you make copies, give *them* the
copies, and take the originals."
Hmmm.
Godwin championed bulletin-board systems as
repositories of First Amendment protected free
speech. He complained that federal computer-
crime training manuals gave boards a bad press,
suggesting that they are hotbeds of crime haunted
by pedophiles and crooks, whereas the vast majority
of the nation's thousands of boards are completely
innocuous, and nowhere near so romantically
suspicious.
People who run boards violently resent it when
their systems are seized, and their dozens (or
hundreds) of users look on in abject horror. Their
rights of free expression are cut short. Their right to
associate with other people is infringed. And their
privacy is violated as their private electronic mail
becomes police property.
Not a soul spoke up to defend the practice of
seizing boards. The issue passed in chastened
silence. Legal principles aside -- (and those
principles cannot be settled without laws passed or
court precedents) -- seizing bulletin boards has
become public-relations poison for American
computer police.
And anyway, it's not entirely necessary. If you're
a cop, you can get 'most everything you need from a
pirate board, just by using an inside informant.
Plenty of vigilantes -- well, *concerned citizens* --
will inform police the moment they see a pirate
board hit their area (and will tell the police all about
it, in such technical detail, actually, that you kinda
wish they'd shut up). They will happily supply police
with extensive downloads or printouts. It's
*impossible* to keep this fluid electronic
information out of the hands of police.
Some people in the electronic community
become enraged at the prospect of cops
"monitoring" bulletin boards. This does have
touchy aspects, as Secret Service people in
particular examine bulletin boards with some
regularity. But to expect electronic police to be
deaf dumb and blind in regard to this particular
medium rather flies in the face of common sense.
Police watch television, listen to radio, read
newspapers and magazines; why should the new
medium of boards be different? Cops can exercise
the same access to electronic information as
everybody else. As we have seen, quite a few
computer police maintain *their own* bulletin
boards, including anti-hacker "sting" boards, which
have generally proven quite effective.
As a final clincher, their Mountie friends in
Canada (and colleagues in Ireland and Taiwan)
don't have First Amendment or American
constitutional restrictions, but they do have phone
lines, and can call any bulletin board in America
whenever they please. The same technological
determinants that play into the hands of hackers,
phone phreaks and software pirates can play into
the hands of police. "Technological determinants"
image in a world of non-computer people, they all
attempt to look as stern and formal and impressive
as possible. These electronic frontier-dwellers
resemble groups of nineteenth-century pioneers
hankering after the respectability of statehood.
There are however, two crucial differences in the
historical experience of these "pioneers" of the
nineteeth and twenty-first centuries.
First, powerful information technology *does*
play into the hands of small, fluid, loosely organized
groups. There have always been "pioneers,"
"hobbyists," "amateurs," "dilettantes," "volunteers,"
"movements," "users' groups" and "blue-ribbon
panels of experts" around. But a group of this kind -
- when technically equipped to ship huge amounts
of specialized information, at lightning speed, to its
members, to government, and to the press -- is
simply a different kind of animal. It's like the
difference between an eel and an electric eel.
The second crucial change is that American
society is currently in a state approaching
permanent technological revolution. In the world of
computers particularly, it is practically impossible to
*ever* stop being a "pioneer," unless you either
drop dead or deliberately jump off the bus. The
scene has never slowed down enough to become
well-institutionalized. And after twenty, thirty, forty
years the "computer revolution" continues to spread,
to permeate new corners of society. Anything that
really works is already obsolete.
If you spend your entire working life as a
"pioneer," the word "pioneer" begins to lose its
meaning. Your way of life looks less and less like an
introduction to "something else" more stable and
organized, and more and more like *just the way
things are.* A "permanent revolution" is really a
contradiction in terms. If "turmoil" lasts long
enough, it simply becomes *a new kind of society* --
still the same game of history, but new players, new
rules.
Apply this to the world of late twentieth-century
law enforcement, and the implications are novel
and puzzling indeed. Any bureaucratic rulebook
you write about computer-crime will be flawed when
you write it, and almost an antique by the time it
sees print. The fluidity and fast reactions of the
FCIC give them a great advantage in this regard,
which explains their success. Even with the best will
in the world (which it does not, in fact, possess) it is
impossible for an organization the size of the U.S.
Federal Bureau of Investigation to get up to speed
on the theory and practice of computer crime. If
they tried to train all their agents to do this, it would
be *suicidal,* as they would *never be able to do
anything else.*
The FBI does try to train its agents in the basics
of electronic crime, at their base in Quantico,
Virginia. And the Secret Service, along with many
other law enforcement groups, runs quite successful
and well-attended training courses on wire fraud,
business crime, and computer intrusion at the
Federal Law Enforcement Training Center (FLETC,
pronounced "fletsy") in Glynco, Georgia. But the
best efforts of these bureaucracies does not remove
the absolute need for a "cutting-edge mess" like the
FCIC.
For you see -- the members of FCIC *are* the
trainers of the rest of law enforcement. Practically
and literally speaking, they are the Glynco
computer-crime faculty by another name. If the
FCIC went over a cliff on a bus, the U.S. law
enforcement community would be rendered deaf
dumb and blind in the world of computer crime, and
would swiftly feel a desperate need to reinvent them.
And this is no time to go starting from scratch.
On June 11, 1991, I once again arrived in
Phoenix, Arizona, for the latest meeting of the
Federal Computer Investigations Committee. This
was more or less the twentieth meeting of this stellar
group. The count was uncertain, since nobody
could figure out whether to include the meetings of
"the Colluquy," which is what the FCIC was called in
the mid-1980s before it had even managed to obtain
the dignity of its own acronym.
Since my last visit to Arizona, in May, the local
AzScam bribery scandal had resolved itself in a
general muddle of humiliation. The Phoenix chief of
police, whose agents had videotaped nine state
legislators up to no good, had resigned his office in a
tussle with the Phoenix city council over the
propriety of his undercover operations.
The Phoenix Chief could now join Gail
Thackeray and eleven of her closest associates in
the shared experience of politically motivated
unemployment. As of June, resignations were still
continuing at the Arizona Attorney General's office,
which could be interpreted as either a New Broom
Sweeping Clean or a Night of the Long Knives Part
II, depending on your point of view.
The meeting of FCIC was held at the Scottsdale
Hilton Resort. Scottsdale is a wealthy suburb of
Phoenix, known as "Scottsdull" to scoffing local
trendies, but well-equipped with posh shopping-
malls and manicured lawns, while conspicuously
undersupplied with homeless derelicts. The
Scottsdale Hilton Resort was a sprawling hotel in
postmodern crypto-Southwestern style. It featured
a "mission bell tower" plated in turquoise tile and
vaguely resembling a Saudi minaret.
Inside it was all barbarically striped Santa Fe
Style decor. There was a health spa downstairs and
a large oddly-shaped pool in the patio. A poolside
umbrella-stand offered Ben and Jerry's politically
correct Peace Pops.
I registered as a member of FCIC, attaining a
handy discount rate, then went in search of the Feds.
Sure enough, at the back of the hotel grounds came
the unmistakable sound of Gail Thackeray holding
forth.
Since I had also attended the Computers
Freedom and Privacy conference (about which more
later), this was the second time I had seen
Thackeray in a group of her law enforcement
colleagues. Once again I was struck by how simply
pleased they seemed to see her. It was natural that
she'd get *some* attention, as Gail was one of two
women in a group of some thirty men; but there was
a lot more to it than that.
Gail Thackeray personifies the social glue of the
FCIC. They could give a damn about her losing her
job with the Attorney General. They were sorry
about it, of course, but hell, they'd all lost jobs. If
they were the kind of guys who liked steady boring
jobs, they would never have gotten into computer
work in the first place.
I wandered into her circle and was immediately
introduced to five strangers. The conditions of my
visit at FCIC were reviewed. I would not quote
anyone directly. I would not tie opinions expressed
to the agencies of the attendees. I would not (a
purely hypothetical example) report the
conversation of a guy from the Secret Service talking
quite civilly to a guy from the FBI, as these two
agencies *never* talk to each other, and the IRS
(also present, also hypothetical) *never talks to
anybody.*
Worse yet, I was forbidden to attend the first
conference. And I didn't. I have no idea what the
FCIC was up to behind closed doors that afternoon.
I rather suspect that they were engaging in a frank
and thorough confession of their errors, goof-ups
and blunders, as this has been a feature of every
FCIC meeting since their legendary Memphis beer-
bust of 1986. Perhaps the single greatest attraction
of FCIC is that it is a place where you can go, let your
hair down, and completely level with people who
actually comprehend what you are talking about.
Not only do they understand you, but they *really
pay attention,* they are *grateful for your insights,*
and they *forgive you,* which in nine cases out of
ten is something even your boss can't do, because as
soon as you start talking "ROM," "BBS," or "T-1
trunk," his eyes glaze over.
I had nothing much to do that afternoon. The
FCIC were beavering away in their conference
room. Doors were firmly closed, windows too dark to
peer through. I wondered what a real hacker, a
computer intruder, would do at a meeting like this.
The answer came at once. He would "trash" the
place. Not reduce the place to trash in some orgy of
vandalism; that's not the use of the term in the
hacker milieu. No, he would quietly *empty the
trash baskets* and silently raid any valuable data
indiscreetly thrown away.
Journalists have been known to do this.
(Journalists hunting information have been known
to do almost every single unethical thing that
hackers have ever done. They also throw in a few
awful techniques all their own.) The legality of
'trashing' is somewhat dubious but it is not in fact
flagrantly illegal. It was, however, absurd to
contemplate trashing the FCIC. These people knew
all about trashing. I wouldn't last fifteen seconds.
The idea sounded interesting, though. I'd been
hearing a lot about the practice lately. On the spur
of the moment, I decided I would try trashing the
office *across the hall* from the FCIC, an area
which had nothing to do with the investigators.
The office was tiny; six chairs, a table....
Nevertheless, it was open, so I dug around in its
plastic trash can.
To my utter astonishment, I came up with the
torn scraps of a SPRINT long-distance phone bill.
More digging produced a bank statement and the
scraps of a hand-written letter, along with gum,
cigarette ashes, candy wrappers and a day-old-issue
of USA TODAY.
The trash went back in its receptacle while the
scraps of data went into my travel bag. I detoured
through the hotel souvenir shop for some Scotch
tape and went up to my room.
Coincidence or not, it was quite true. Some poor
soul had, in fact, thrown a SPRINT bill into the
hotel's trash. Date May 1991, total amount due:
$252.36. Not a business phone, either, but a
residential bill, in the name of someone called
Evelyn (not her real name). Evelyn's records showed
a ## PAST DUE BILL ##! Here was her nine-digit
account ID. Here was a stern computer-printed
warning:
"TREAT YOUR FONCARD AS YOU WOULD ANY
CREDIT CARD. TO SECURE AGAINST FRAUD,
NEVER GIVE YOUR FONCARD NUMBER OVER
THE PHONE UNLESS YOU INITIATED THE
CALL. IF YOU RECEIVE SUSPICIOUS CALLS
PLEASE NOTIFY CUSTOMER SERVICE
IMMEDIATELY!"
I examined my watch. Still plenty of time left for
the FCIC to carry on. I sorted out the scraps of
Evelyn's SPRINT bill and re-assembled them with
fresh Scotch tape. Here was her ten-digit
FONCARD number. Didn't seem to have the ID
number necessary to cause real fraud trouble.
I did, however, have Evelyn's home phone
number. And the phone numbers for a whole crowd
of Evelyn's long-distance friends and acquaintances.
In San Diego, Folsom, Redondo, Las Vegas, La Jolla,
Topeka, and Northampton Massachusetts. Even
somebody in Australia!
I examined other documents. Here was a bank
statement. It was Evelyn's IRA account down at a
bank in San Mateo California (total balance
$1877.20). Here was a charge-card bill for $382.64.
She was paying it off bit by bit.
Driven by motives that were completely
unethical and prurient, I now examined the
handwritten notes. They had been torn fairly
thoroughly, so much so that it took me almost an
entire five minutes to reassemble them.
They were drafts of a love letter. They had been
written on the lined stationery of Evelyn's employer,
a biomedical company. Probably written at work
when she should have been doing something else.
"Dear Bob," (not his real name) "I guess in
everyone's life there comes a time when hard
decisions have to be made, and this is a difficult one
for me -- very upsetting. Since you haven't called
me, and I don't understand why, I can only surmise
it's because you don't want to. I thought I would
have heard from you Friday. I did have a few
unusual problems with my phone and possibly you
tried, I hope so.
"Robert, you asked me to 'let go'..."
The first note ended. *Unusual problems with
her phone?* I looked swiftly at the next note.
"Bob, not hearing from you for the whole
weekend has left me very perplexed..."
Next draft.
"Dear Bob, there is so much I don't understand
right now, and I wish I did. I wish I could talk to you,
but for some unknown reason you have elected not
to call -- this is so difficult for me to understand..."
She tried again.
"Bob, Since I have always held you in such high
esteem, I had every hope that we could remain good
friends, but now one essential ingredient is missing -
- respect. Your ability to discard people when their
purpose is served is appalling to me. The kindest
thing you could do for me now is to leave me alone.
You are no longer welcome in my heart or home..."
Try again.
"Bob, I wrote a very factual note to you to say
how much respect I had lost for you, by the way you
treat people, me in particular, so uncaring and cold.
The kindest thing you can do for me is to leave me
alone entirely, as you are no longer welcome in my
heart or home. I would appreciate it if you could
retire your debt to me as soon as possible -- I wish no
link to you in any way. Sincerely, Evelyn."
Good heavens, I thought, the bastard actually
owes her money! I turned to the next page.
"Bob: very simple. GOODBYE! No more mind
games -- no more fascination -- no more coldness --
no more respect for you! It's over -- Finis. Evie"
There were two versions of the final brushoff
letter, but they read about the same. Maybe she
hadn't sent it. The final item in my illicit and
shameful booty was an envelope addressed to "Bob"
at his home address, but it had no stamp on it and it
hadn't been mailed.
Maybe she'd just been blowing off steam
because her rascal boyfriend had neglected to call
her one weekend. Big deal. Maybe they'd kissed
and made up, maybe she and Bob were down at
Pop's Chocolate Shop now, sharing a malted. Sure.
Easy to find out. All I had to do was call Evelyn
up. With a half-clever story and enough brass-
plated gall I could probably trick the truth out of her.
Phone-phreaks and hackers deceive people over the
phone all the time. It's called "social engineering."
Social engineering is a very common practice in the
underground, and almost magically effective.
Human beings are almost always the weakest link in
computer security. The simplest way to learn Things
You Are Not Meant To Know is simply to call up
and exploit the knowledgeable people. With social
engineering, you use the bits of specialized
knowledge you already have as a key, to manipulate
people into believing that you are legitimate. You
can then coax, flatter, or frighten them into revealing
almost anything you want to know. Deceiving
people (especially over the phone) is easy and fun.
Exploiting their gullibility is very gratifying; it makes
you feel very superior to them.
If I'd been a malicious hacker on a trashing
raid, I would now have Evelyn very much in my
power. Given all this inside data, it wouldn't take
much effort at all to invent a convincing lie. If I were
ruthless enough, and jaded enough, and clever
enough, this momentary indiscretion of hers --
maybe committed in tears, who knows -- could cause
her a whole world of confusion and grief.
I didn't even have to have a *malicious* motive.
Maybe I'd be "on her side," and call up Bob instead,
and anonymously threaten to break both his
kneecaps if he didn't take Evelyn out for a steak
dinner pronto. It was still profoundly *none of my
business.* To have gotten this knowledge at all was
a sordid act and to use it would be to inflict a sordid
injury.
To do all these awful things would require
exactly zero high-tech expertise. All it would take
was the willingness to do it and a certain amount of
bent imagination.
I went back downstairs. The hard-working FCIC,
who had labored forty-five minutes over their
schedule, were through for the day, and adjourned
to the hotel bar. We all had a beer.
I had a chat with a guy about "Isis," or rather
IACIS, the International Association of Computer
Investigation Specialists. They're into "computer
forensics," the techniques of picking computer-
systems apart without destroying vital evidence.
IACIS, currently run out of Oregon, is comprised of
investigators in the U.S., Canada, Taiwan and
Ireland. "Taiwan and Ireland?" I said. Are *Taiwan*
and *Ireland* really in the forefront of this stuff?
Well not exactly, my informant admitted. They just
happen to have been the first ones to have caught
on by word of mouth. Still, the international angle
counts, because this is obviously an international
problem. Phone-lines go everywhere.
There was a Mountie here from the Royal
Canadian Mounted Police. He seemed to be having
quite a good time. Nobody had flung this Canadian
out because he might pose a foreign security risk.
These are cyberspace cops. They still worry a lot
about "jurisdictions," but mere geography is the
least of their troubles.
NASA had failed to show. NASA suffers a lot
from computer intrusions, in particular from
Australian raiders and a well-trumpeted Chaos
Computer Club case, and in 1990 there was a brief
press flurry when it was revealed that one of NASA's
Houston branch-exchanges had been systematically
ripped off by a gang of phone-phreaks. But the
NASA guys had had their funding cut. They were
stripping everything.
Air Force OSI, its Office of Special
Investigations, is the *only* federal entity dedicated
full-time to computer security. They'd been
expected to show up in force, but some of them had
cancelled -- a Pentagon budget pinch.
As the empties piled up, the guys began joshing
around and telling war-stories. "These are cops,"
Thackeray said tolerantly. "If they're not talking
shop they talk about women and beer."
I heard the story about the guy who, asked for "a
copy" of a computer disk, *photocopied the label on
it.* He put the floppy disk onto the glass plate of a
photocopier. The blast of static when the copier
worked completely erased all the real information
on the disk.
Some other poor souls threw a whole bag of
confiscated diskettes into the squad-car trunk next
to the police radio. The powerful radio signal
blasted them, too.
We heard a bit about Dave Geneson, the first
computer prosecutor, a mainframe-runner in Dade
County, turned lawyer. Dave Geneson was one guy
who had hit the ground running, a signal virtue in
making the transition to computer-crime. It was
generally agreed that it was easier to learn the world
of computers first, then police or prosecutorial work.
You could take certain computer people and train
'em to successful police work -- but of course they
had to have the *cop mentality.* They had to have
street smarts. Patience. Persistence. And
discretion. You've got to make sure they're not hot-
shots, show-offs, "cowboys."
Most of the folks in the bar had backgrounds in
military intelligence, or drugs, or homicide. It was
rudely opined that "military intelligence" was a
contradiction in terms, while even the grisly world of
homicide was considered cleaner than drug
enforcement. One guy had been 'way undercover
doing dope-work in Europe for four years straight.
"I'm almost recovered now," he said deadpan, with
the acid black humor that is pure cop. "Hey, now I
can say *fucker* without putting *mother* in front
of it."
"In the cop world," another guy said earnestly,
"everything is good and bad, black and white. In the
computer world everything is gray."
One guy -- a founder of the FCIC, who'd been
with the group since it was just the Colluquy --
described his own introduction to the field. He'd
been a Washington DC homicide guy called in on a
"hacker" case. From the word "hacker," he naturally
assumed he was on the trail of a knife-wielding
marauder, and went to the computer center
expecting blood and a body. When he finally
figured out what was happening there (after loudly
demanding, in vain, that the programmers "speak
English"), he called headquarters and told them he
was clueless about computers. They told him
nobody else knew diddly either, and to get the hell
back to work.
So, he said, he had proceeded by comparisons.
By analogy. By metaphor. "Somebody broke in to
your computer, huh?" Breaking and entering; I can
understand that. How'd he get in? "Over the phone-
lines." Harassing phone-calls, I can understand
that! What we need here is a tap and a trace!
It worked. It was better than nothing. And it
worked a lot faster when he got hold of another cop
who'd done something similar. And then the two of
them got another, and another, and pretty soon the
Colluquy was a happening thing. It helped a lot that
everybody seemed to know Carlton Fitzpatrick, the
data-processing trainer in Glynco.
The ice broke big-time in Memphis in '86. The
Colluquy had attracted a bunch of new guys -- Secret
Service, FBI, military, other feds, heavy guys.
Nobody wanted to tell anybody anything. They
suspected that if word got back to the home office
they'd all be fired. They passed an uncomfortably
guarded afternoon.
The formalities got them nowhere. But after the
formal session was over, the organizers brought in a
case of beer. As soon as the participants knocked it
off with the bureaucratic ranks and turf-fighting,
everything changed. "I bared my soul," one veteran
reminisced proudly. By nightfall they were building
pyramids of empty beer-cans and doing everything
but composing a team fight song.
FCIC were not the only computer-crime people
around. There was DATTA (District Attorneys'
Technology Theft Association), though they mostly
specialized in chip theft, intellectual property, and
black-market cases. There was HTCIA (High Tech
Computer Investigators Association), also out in
Silicon Valley, a year older than FCIC and featuring
brilliant people like Donald Ingraham. There was
LEETAC (Law Enforcement Electronic Technology
Assistance Committee) in Florida, and computer-
crime units in Illinois and Maryland and Texas and
Ohio and Colorado and Pennsylvania. But these
were local groups. FCIC were the first to really
network nationally and on a federal level.
FCIC people live on the phone lines. Not on
bulletin board systems -- they know very well what
boards are, and they know that boards aren't secure.
Everyone in the FCIC has a voice-phone bill like you
wouldn't believe. FCIC people have been tight with
the telco people for a long time. Telephone
cyberspace is their native habitat.
FCIC has three basic sub-tribes: the trainers,
the security people, and the investigators. That's
why it's called an "Investigations Committee" with
no mention of the term "computer-crime" -- the
dreaded "C-word." FCIC, officially, is "an
association of agencies rather than individuals;"
unofficially, this field is small enough that the
influence of individuals and individual expertise is
paramount. Attendance is by invitation only, and
most everyone in FCIC considers himself a prophet
without honor in his own house.
Again and again I heard this, with different
terms but identical sentiments. "I'd been sitting in
the wilderness talking to myself." "I was totally
isolated." "I was desperate." "FCIC is the best thing
there is about computer crime in America." "FCIC
is what really works." "This is where you hear real
people telling you what's really happening out there,
not just lawyers picking nits." "We taught each
other everything we knew."
The sincerity of these statements convinces me
that this is true. FCIC is the real thing and it is
invaluable. It's also very sharply at odds with the
rest of the traditions and power structure in
American law enforcement. There probably hasn't
been anything around as loose and go-getting as the
FCIC since the start of the U.S. Secret Service in the
1860s. FCIC people are living like twenty-first-
century people in a twentieth-century environment,
and while there's a great deal to be said for that,
there's also a great deal to be said against it, and
those against it happen to control the budgets.
I listened to two FCIC guys from Jersey compare
life histories. One of them had been a biker in a
fairly heavy-duty gang in the 1960s. "Oh, did you
know so-and-so?" said the other guy from Jersey.
"Big guy, heavyset?"
"Yeah, I knew him."
"Yeah, he was one of ours. He was our plant in
the gang."
"Really? Wow! Yeah, I knew him. Helluva guy."
Thackeray reminisced at length about being
tear-gassed blind in the November 1969 antiwar
protests in Washington Circle, covering them for
her college paper. "Oh yeah, I was there," said
another cop. "Glad to hear that tear gas hit
somethin'. Haw haw haw." He'd been so blind
himself, he confessed, that later that day he'd
arrested a small tree.
FCIC are an odd group, sifted out by
coincidence and necessity, and turned into a new
kind of cop. There are a lot of specialized cops in
the world -- your bunco guys, your drug guys, your
tax guys, but the only group that matches FCIC for
sheer isolation are probably the child-pornography
people. Because they both deal with conspirators
who are desperate to exchange forbidden data and
also desperate to hide; and because nobody else in
law enforcement even wants to hear about it.
FCIC people tend to change jobs a lot. They
tend not to get the equipment and training they
want and need. And they tend to get sued quite
often.
As the night wore on and a band set up in the
bar, the talk grew darker. Nothing ever gets done in
government, someone opined, until there's a
*disaster.* Computing disasters are awful, but
there's no denying that they greatly help the
credibility of FCIC people. The Internet Worm, for
instance. "For years we'd been warning about that --
but it's nothing compared to what's coming." They
expect horrors, these people. They know that
nothing will really get done until there is a horror.
#
Next day we heard an extensive briefing from a
guy who'd been a computer cop, gotten into hot
water with an Arizona city council, and now installed
computer networks for a living (at a considerable
rise in pay). He talked about pulling fiber-optic
networks apart.
Even a single computer, with enough
peripherals, is a literal "network" -- a bunch of
machines all cabled together, generally with a
complexity that puts stereo units to shame. FCIC
people invent and publicize methods of seizing
computers and maintaining their evidence. Simple
things, sometimes, but vital rules of thumb for street
cops, who nowadays often stumble across a busy
computer in the midst of a drug investigation or a
white-collar bust. For instance: Photograph the
system before you touch it. Label the ends of all the
cables before you detach anything. "Park" the heads
on the disk drives before you move them. Get the
diskettes. Don't put the diskettes in magnetic fields.
Don't write on diskettes with ballpoint pens. Get the
manuals. Get the printouts. Get the handwritten
notes. Copy data before you look at it, and then
examine the copy instead of the original.
Now our lecturer distributed copied diagrams of
a typical LAN or "Local Area Network", which
happened to be out of Connecticut. *One hundred
and fifty-nine* desktop computers, each with its own
peripherals. Three "file servers." Five "star
couplers" each with thirty-two ports. One sixteen-
port coupler off in the corner office. All these
machines talking to each other, distributing
electronic mail, distributing software, distributing,
quite possibly, criminal evidence. All linked by high-
capacity fiber-optic cable. A bad guy -- cops talk a
lot about "bad guys" -- might be lurking on PC #47
or #123 and distributing his ill doings onto some
dupe's "personal" machine in another office -- or
another floor -- or, quite possibly, two or three miles
away! Or, conceivably, the evidence might be
"data-striped" -- split up into meaningless slivers
stored, one by one, on a whole crowd of different disk
drives.
The lecturer challenged us for solutions. I for
one was utterly clueless. As far as I could figure, the
Cossacks were at the gate; there were probably more
disks in this single building than were seized during
the entirety of Operation Sundevil.
"Inside informant," somebody said. Right.
There's always the human angle, something easy to
forget when contemplating the arcane recesses of
high technology. Cops are skilled at getting people
to talk, and computer people, given a chair and
some sustained attention, will talk about their
computers till their throats go raw. There's a case on
record of a single question -- "How'd you do it?" --
eliciting a forty-five-minute videotaped confession
from a computer criminal who not only completely
incriminated himself but drew helpful diagrams.
Computer people talk. Hackers *brag.* Phone-
phreaks talk *pathologically* -- why else are they
stealing phone-codes, if not to natter for ten hours
straight to their friends on an opposite seaboard?
Computer-literate people do in fact possess an
arsenal of nifty gadgets and techniques that would
allow them to conceal all kinds of exotic
skullduggery, and if they could only *shut up* about
it, they could probably get away with all manner of
amazing information-crimes. But that's just not how
it works -- or at least, that's not how it's worked *so
far.*
Most every phone-phreak ever busted has
swiftly implicated his mentors, his disciples, and his
friends. Most every white-collar computer-criminal,
smugly convinced that his clever scheme is
bulletproof, swiftly learns otherwise when, for the
first time in his life, an actual no-kidding policeman
leans over, grabs the front of his shirt, looks him
right in the eye and says: "All right, *asshole* -- you
and me are going downtown!" All the hardware in
the world will not insulate your nerves from these
actual real-life sensations of terror and guilt.
Cops know ways to get from point A to point Z
without thumbing through every letter in some
smart-ass bad-guy's alphabet. Cops know how to
cut to the chase. Cops know a lot of things other
people don't know.
Hackers know a lot of things other people don't
know, too. Hackers know, for instance, how to sneak
into your computer through the phone-lines. But
cops can show up *right on your doorstep* and
carry off *you* and your computer in separate steel
boxes. A cop interested in hackers can grab them
and grill them. A hacker interested in cops has to
depend on hearsay, underground legends, and what
cops are willing to publicly reveal. And the Secret
Service didn't get named "the *Secret* Service"
because they blab a lot.
Some people, our lecturer informed us, were
under the mistaken impression that it was
"impossible" to tap a fiber-optic line. Well, he
announced, he and his son had just whipped up a
fiber-optic tap in his workshop at home. He passed
it around the audience, along with a circuit-covered
LAN plug-in card so we'd all recognize one if we saw
it on a case. We all had a look.
The tap was a classic "Goofy Prototype" -- a
thumb-length rounded metal cylinder with a pair of
plastic brackets on it. From one end dangled three
thin black cables, each of which ended in a tiny
black plastic cap. When you plucked the safety-cap
off the end of a cable, you could see the glass fiber -
- no thicker than a pinhole.
Our lecturer informed us that the metal
cylinder was a "wavelength division multiplexer."
Apparently, what one did was to cut the fiber-optic
cable, insert two of the legs into the cut to complete
the network again, and then read any passing data
on the line by hooking up the third leg to some kind
of monitor. Sounded simple enough. I wondered
why nobody had thought of it before. I also
wondered whether this guy's son back at the
workshop had any teenage friends.
We had a break. The guy sitting next to me was
wearing a giveaway baseball cap advertising the Uzi
submachine gun. We had a desultory chat about
the merits of Uzis. Long a favorite of the Secret
Service, it seems Uzis went out of fashion with the
advent of the Persian Gulf War, our Arab allies
taking some offense at Americans toting Israeli
weapons. Besides, I was informed by another
expert, Uzis jam. The equivalent weapon of choice
today is the Heckler & Koch, manufactured in
Germany.
The guy with the Uzi cap was a forensic
photographer. He also did a lot of photographic
surveillance work in computer crime cases. He
used to, that is, until the firings in Phoenix. He was
now a private investigator and, with his wife, ran a
photography salon specializing in weddings and
portrait photos. At -- one must repeat -- a
considerable rise in income.
He was still FCIC. If you were FCIC, and you
needed to talk to an expert about forensic
photography, well, there he was, willing and able. If
he hadn't shown up, people would have missed him.
Our lecturer had raised the point that
preliminary investigation of a computer system is
vital before any seizure is undertaken. It's vital to
understand how many machines are in there, what
kinds there are, what kind of operating system they
use, how many people use them, where the actual
data itself is stored. To simply barge into an office
demanding "all the computers" is a recipe for swift
disaster.
This entails some discreet inquiries beforehand.
In fact, what it entails is basically undercover work.
An intelligence operation. *Spying,* not to put too
fine a point on it.
In a chat after the lecture, I asked an attendee
whether "trashing" might work.
I received a swift briefing on the theory and
practice of "trash covers." Police "trash covers," like
"mail covers" or like wiretaps, require the agreement
of a judge. This obtained, the "trashing" work of cops
is just like that of hackers, only more so and much
better organized. So much so, I was informed, that
mobsters in Phoenix make extensive use of locked
garbage cans picked up by a specialty high-security
trash company.
In one case, a tiger team of Arizona cops had
trashed a local residence for four months. Every
week they showed up on the municipal garbage
truck, disguised as garbagemen, and carried the
contents of the suspect cans off to a shade tree,
where they combed through the garbage -- a messy
task, especially considering that one of the
occupants was undergoing kidney dialysis. All
useful documents were cleaned, dried and
examined. A discarded typewriter-ribbon was an
especially valuable source of data, as its long one-
strike ribbon of film contained the contents of every
letter mailed out of the house. The letters were
neatly retyped by a police secretary equipped with a
large desk-mounted magnifying glass.
There is something weirdly disquieting about
the whole subject of "trashing" -- an unsuspected
and indeed rather disgusting mode of deep personal
vulnerability. Things that we pass by every day, that
we take utterly for granted, can be exploited with so
little work. Once discovered, the knowledge of these
vulnerabilities tend to spread.
Take the lowly subject of *manhole covers.* The
humble manhole cover reproduces many of the
dilemmas of computer-security in miniature.
Manhole covers are, of course, technological
artifacts, access-points to our buried urban
infrastructure. To the vast majority of us, manhole
covers are invisible. They are also vulnerable. For
many years now, the Secret Service has made a
point of caulking manhole covers along all routes of
the Presidential motorcade. This is, of course, to
deter terrorists from leaping out of underground
ambush or, more likely, planting remote-control car-
smashing bombs beneath the street.
Lately, manhole covers have seen more and
more criminal exploitation, especially in New York
City. Recently, a telco in New York City discovered
that a cable television service had been sneaking
into telco manholes and installing cable service
alongside the phone-lines -- *without paying
royalties.* New York companies have also suffered
a general plague of (a) underground copper cable
theft; (b) dumping of garbage, including toxic waste,
and (c) hasty dumping of murder victims.
Industry complaints reached the ears of an
innovative New England industrial-security
company, and the result was a new product known
as "the Intimidator," a thick titanium-steel bolt with
a precisely machined head that requires a special
device to unscrew. All these "keys" have registered
serial numbers kept on file with the manufacturer.
There are now some thousands of these
"Intimidator" bolts being sunk into American
pavements wherever our President passes, like
some macabre parody of strewn roses. They are
also spreading as fast as steel dandelions around US
military bases and many centers of private industry.
Quite likely it has never occurred to you to peer
under a manhole cover, perhaps climb down and
walk around down there with a flashlight, just to see
what it's like. Formally speaking, this might be
trespassing, but if you didn't hurt anything, and
didn't make an absolute habit of it, nobody would
really care. The freedom to sneak under manholes
was likely a freedom you never intended to exercise.
You now are rather less likely to have that
freedom at all. You may never even have missed it
until you read about it here, but if you're in New
York City it's gone, and elsewhere it's likely going.
This is one of the things that crime, and the reaction
to crime, does to us.
The tenor of the meeting now changed as the
Electronic Frontier Foundation arrived. The EFF,
whose personnel and history will be examined in
detail in the next chapter, are a pioneering civil
liberties group who arose in direct response to the
Hacker Crackdown of 1990.
Now Mitchell Kapor, the Foundation's
president, and Michael Godwin, its chief attorney,
were confronting federal law enforcement *mano a
mano* for the first time ever. Ever alert to the
manifold uses of publicity, Mitch Kapor and Mike
Godwin had brought their own journalist in tow:
Robert Draper, from Austin, whose recent well-
received book about ROLLING STONE magazine
was still on the stands. Draper was on assignment
for TEXAS MONTHLY.
The Steve Jackson/EFF civil lawsuit against the
Chicago Computer Fraud and Abuse Task Force was
a matter of considerable regional interest in Texas.
There were now two Austinite journalists here on the
case. In fact, counting Godwin (a former Austinite
and former journalist) there were three of us. Lunch
was like Old Home Week.
Later, I took Draper up to my hotel room. We
had a long frank talk about the case, networking
earnestly like a miniature freelance-journo version
of the FCIC: privately confessing the numerous
blunders of journalists covering the story, and trying
hard to figure out who was who and what the hell was
really going on out there. I showed Draper
everything I had dug out of the Hilton trashcan. We
pondered the ethics of "trashing" for a while, and
agreed that they were dismal. We also agreed that
finding a SPRINT bill on your first time out was a
heck of a coincidence.
First I'd "trashed" -- and now, mere hours later,
I'd bragged to someone else. Having entered the
lifestyle of hackerdom, I was now, unsurprisingly,
following its logic. Having discovered something
remarkable through a surreptitious action, I of
course *had* to "brag," and to drag the passing
Draper into my iniquities. I felt I needed a witness.
Otherwise nobody would have believed what I'd
discovered....
Back at the meeting, Thackeray cordially, if
rather tentatively, introduced Kapor and Godwin to
her colleagues. Papers were distributed. Kapor took
center stage. The brilliant Bostonian high-tech
entrepreneur, normally the hawk in his own
administration and quite an effective public
speaker, seemed visibly nervous, and frankly
admitted as much. He began by saying he
consided computer-intrusion to be morally wrong,
and that the EFF was not a "hacker defense fund,"
despite what had appeared in print. Kapor chatted
a bit about the basic motivations of his group,
emphasizing their good faith and willingness to
listen and seek common ground with law
enforcement -- when, er, possible.
Then, at Godwin's urging, Kapor suddenly
remarked that EFF's own Internet machine had
been "hacked" recently, and that EFF did not
consider this incident amusing.
After this surprising confession, things began to
loosen up quite rapidly. Soon Kapor was fielding
questions, parrying objections, challenging
definitions, and juggling paradigms with something
akin to his usual gusto.
Kapor seemed to score quite an effect with his
shrewd and skeptical analysis of the merits of telco
"Caller-ID" services. (On this topic, FCIC and EFF
have never been at loggerheads, and have no
particular established earthworks to defend.)
Caller-ID has generally been promoted as a privacy
service for consumers, a presentation Kapor
described as a "smokescreen," the real point of
Caller-ID being to *allow corporate customers to
build extensive commercial databases on
everybody who phones or faxes them.* Clearly, few
people in the room had considered this possibility,
except perhaps for two late-arrivals from US WEST
RBOC security, who chuckled nervously.
Mike Godwin then made an extensive
presentation on "Civil Liberties Implications of
Computer Searches and Seizures." Now, at last, we
were getting to the real nitty-gritty here, real political
horse-trading. The audience listened with close
attention, angry mutters rising occasionally: "He's
trying to teach us our jobs!" "We've been thinking
about this for years! We think about these issues
every day!" "If I didn't seize the works, I'd be sued by
the guy's victims!" "I'm violating the law if I leave
ten thousand disks full of illegal *pirated software*
and *stolen codes!*" "It's our job to make sure
people don't trash the Constitution -- we're the
*defenders* of the Constitution!" "We seize stuff
when we know it will be forfeited anyway as
restitution for the victim!"
"If it's forfeitable, then don't get a search
warrant, get a forfeiture warrant," Godwin suggested
coolly. He further remarked that most suspects in
computer crime don't *want* to see their computers
vanish out the door, headed God knew where, for
who knows how long. They might not mind a search,
even an extensive search, but they want their
machines searched on-site.
"Are they gonna feed us?" somebody asked
sourly.
"How about if you take copies of the data?"
Godwin parried.
"That'll never stand up in court."
"Okay, you make copies, give *them* the
copies, and take the originals."
Hmmm.
Godwin championed bulletin-board systems as
repositories of First Amendment protected free
speech. He complained that federal computer-
crime training manuals gave boards a bad press,
suggesting that they are hotbeds of crime haunted
by pedophiles and crooks, whereas the vast majority
of the nation's thousands of boards are completely
innocuous, and nowhere near so romantically
suspicious.
People who run boards violently resent it when
their systems are seized, and their dozens (or
hundreds) of users look on in abject horror. Their
rights of free expression are cut short. Their right to
associate with other people is infringed. And their
privacy is violated as their private electronic mail
becomes police property.
Not a soul spoke up to defend the practice of
seizing boards. The issue passed in chastened
silence. Legal principles aside -- (and those
principles cannot be settled without laws passed or
court precedents) -- seizing bulletin boards has
become public-relations poison for American
computer police.
And anyway, it's not entirely necessary. If you're
a cop, you can get 'most everything you need from a
pirate board, just by using an inside informant.
Plenty of vigilantes -- well, *concerned citizens* --
will inform police the moment they see a pirate
board hit their area (and will tell the police all about
it, in such technical detail, actually, that you kinda
wish they'd shut up). They will happily supply police
with extensive downloads or printouts. It's
*impossible* to keep this fluid electronic
information out of the hands of police.
Some people in the electronic community
become enraged at the prospect of cops
"monitoring" bulletin boards. This does have
touchy aspects, as Secret Service people in
particular examine bulletin boards with some
regularity. But to expect electronic police to be
deaf dumb and blind in regard to this particular
medium rather flies in the face of common sense.
Police watch television, listen to radio, read
newspapers and magazines; why should the new
medium of boards be different? Cops can exercise
the same access to electronic information as
everybody else. As we have seen, quite a few
computer police maintain *their own* bulletin
boards, including anti-hacker "sting" boards, which
have generally proven quite effective.
As a final clincher, their Mountie friends in
Canada (and colleagues in Ireland and Taiwan)
don't have First Amendment or American
constitutional restrictions, but they do have phone
lines, and can call any bulletin board in America
whenever they please. The same technological
determinants that play into the hands of hackers,
phone phreaks and software pirates can play into
the hands of police. "Technological determinants"