The CPSR Newsletter

Volume 8, No. 4 COMPUTER PROFESSIONALS FOR SOCIAL RESPONSIBILITY Fall 1990

Crime and Puzzlement John Perry Barlow

Desperados of the DataSphere

So me and my sidekick Howard, we was sitting out in front of the 40 Rod Saloon one evening when he all
of a sudden says, "Lookee here. What do you reckon?" I look up and there's these two strangers riding
into town. They're young and got kind of a restless, bored way about fem. A person don't need both eyes
to see they mean trouble. . . . Well, that wasn't quite how it went. Actually, Howard and I were floating
blind as cave fish in the electronic barrens of the WELL, so the whole incident passed as words on a
display screen:

Howard: Interesting couple of newusers just signed on. One calls himself acid and the other's optik.

Barlow: Hmmm. What are their real names?

Howard: Check their finger files.

And so I typed finger acid. Several seconds later the WELL's Sequent computer sent the following
message to my Macintosh in Wyoming:

Login name: acid In real life: Acid Phreak

By this, I knew that the WELL had a new resident and that his corporeal analog was supposedly called
Acid Phreak. Typing finger optik yielded results of similar insufficiency, including the claim that
someone, somewhere in the real world, was walking around calling himself Phiber Optik. I doubted it.

However, associating these sparse data with the knowledge that the WELL was about to host a conference
on computers and security rendered the conclusion that I had made my first sighting of genuine
computer crackers. As the arrival of an outlaw was a major event to the settlements of the Old West, so
was the appearance of crackers cause for stir on the WELL.

The WELL (Whole Earth 'Lectronic Link) is an example of the latest thing in frontier villages, the
computer bulletin board. In this kind of small town, Main Street is a central minicomputer to which
(in the case of the WELL) as many as 64 microcomputers may be connected at one time by phone lines
and little blinking boxes called modems.

In this silent world, all conversation is typed. To enter it, one forsakes both body and place and becomes
a thing of words alone. You can see what your neighbors are saying (or recently said), but not what
either they or their physical surroundings look like. Town meetings are continuous and discussions
rage on everything from sexual kinks to depreciation schedules.

There are thousands of these nodes in the United States, ranging from PC-clone hamlets of a few users
to mainframe metros like CompuServe, with its 550,000 subscribers. They are used by corporations
to transmit memoranda and spreadsheets, universities to disseminate research, and a multitude of
factions, from apiarists to Zoroastrians, for purposes unique to each.

Whether by one telephonic tendril or millions, they are all connected to one another. Collectively, they
form what their inhabitants call the Net. It extends across that immense region of electron states,
microwaves, magnetic fields, light pulses and thought which sci-fi writer William Gibson named
Cyberspace.

Cyberspace, in its present condition, has a lot in common with the 1 9th Century West. It is vast,
unmapped, culturally and legally ambiguous, verbally terse (unless you happen to be a court
stenographer), hard to get around in, and up for grabs. Large institutions already claim to own the
place, but most of the actual natives are solitary and independent, sometimes to the point of sociopathy.
It is, of course, a perfect breeding ground for both outlaws and new ideas about liberty.

Recognizing this, Harper's Magazine decided in December 1989 to hold one of its periodic Forums on
the complex of issues surrounding computers, information, privacy, and electronic intrusion or
"cracking." Appropriately, they convened their conference in Cyberspace, using the WELL as the "site."

Harper's invited an odd lot of about 40 participants. These included: Clifford Stoll, whose book The
Cuckoo's Egg details his cunning efforts to nab a German cracker. John Draper or "Cap'n Crunch," the
granddaddy of crackers whose blue boxes got Apple founders Wozniak and Jobs into consumer
electronics. Stewart Brand and Kevin Kelly of Whole Earth fame. Steven Levy, who wrote the seminal
Hackers. A retired Air Force colonel named Dave Hughes. Lee Felsenstein, who designed the Osborne
computer and was once called the "Robespierre of computing." A UNIX wizard and former hacker named
Jeff Poskanzer. There was also a score of aging techno-hippies, the crackers, and me.

What I was doing there was not precisely clear since I've spent most of my working years either
pushing cows or song-mongering, but I at least brought to the situation a vivid knowledge of actual
cow- towns, having lived in or around one most of my life.

That and a kind of innocence about both the technology and morality of Cyberspace which was soon to
pass into the confusion of knowledge.

At first, I was inclined toward sympathy with Acid 'n Optik as well as their colleagues, Adelaide, Knight
Lightning, Taran King, and Emmanuel. I've always been more comfortable with outlaws than
Republicans, despite having more certain credentials in the latter camp.

But as the Harper's Forum mushroomed into a boomtown of ASCII text (the participants typing
110,000 words in 10 days), I began to wonder. These kids were fractious, vulgar, immature, amoral,
insulting, and too damned good at their work.

Worse, they inducted a number of former kids like myself into Middle Age. The long-feared day had
finally come when some gunsel would yank my beard and call me, too accurately, an old fart.

Under ideal circumstances, the blind gropings of bulletin-board discourse force a kind of Noh drama
stylization on human commerce. Intemperate responses, or "flames" as they are called, are common
even among conference participants who understand one another, which, it became immediately clear,
the cyberpunks and techno-hippies did not.

My own initial enthusiasm for the crackers wilted under a steady barrage of typed testosterone. I
quickly remembered I didn't know much about who they were, what they did, or how they did it. I also
remembered stories about crackers working in league with the Mob, ripping off credit-card numbers
and getting paid for them in (stolen) computer equipment,

And I remembered Kevin Mitnik. Mitnik, now 25, who recently served federal time for a variety of
computer and telephone-related crimes. Prior to incarceration, Mitnik was, by all accounts, a
dangerous guy with a computer. He disrupted phone company operations and arbitrarily disconnected
the phones of celebrities. Like the kid in War Games, he broke into the North American Defense
Command computer in Colorado Springs.

Unlike the kid in WarGames, he reputedly made a practice of destroying and altering data, including the
credit information of his probation officer and other enemies. Digital Equipment claimed that his
depredations cost them more than $4 million in computer downtime and file rebuilding. Eventually, he
was turned in by a friend who, after careful observation, had decided he was "a menace to society. "

His spectre began to hang over the conference. After several days of strained diplomacy, the discussion
settled into a moral debate on the ethics of security and went critical.

The techno-hippies were of the unanimous opinion that, in Dylan's words, one "must be honest to live
outside the law." But these young strangers apparently lived by no code save those with which they
unlocked forbidden regions of the Net.

They appeared to think that improperly secured systems deserved to be violated and, by extension, that
unlocked houses ought to be robbed. This latter built particular heat in me since I refuse, on
philosophical grounds, to lock my house.

Civility broke down. We began to see exchanges like:

Dave Hughes: Clifford Stoll said a wise thing that no one has commented on. That networks are built on
trust. If they aren't, they should be.

Acid Phreak: Yeah. Sure. And we should use the "honor system" as a first line of security against hack
attempts.

Jef Poskanzer This guy down the street from me sometimes leaves his back door unlocked. I told him
about it once, but he still does it. If I had the chance to do it over, I would go in the back door, shoot him,
and take all his money and consumer electronics. It's the only way to get through to him.

Acid Phreak: Jef Poskanker (Puss? Canker? yechh) Anyway, now when did you first start having these
delusions where computer hacking was even remotely similar to murder?

Presented with such a terrifying amalgam of raw youth and apparent power, we fluttered like a flock of
indignant Babbitts around the Status Quo, defending it heartily. One former hacker howled to the
Harper's editor in charge of the forum, "Do you or do you not have names and addresses for these
criminals?" Though they had committed no obvious crimes, he was ready to call the police.

They finally got to me with:

Acid: Whoever said they'd leave the door open to their house. . . . where do you live? (the address) Leave
it to me in mail if you like.

I had never encountered anyone so apparently unworthy of my trust as these little nihilists. They had
me questioning a basic tenet, namely that the greatest security lies in vulnerability. I decided it was
time to put that principle to the test.

Barlow: Acid. My house is at 372 North Franklin Street in Pinedale, Wyoming. If you're heading north
on Franklin, you go about two blocks off the main drag before you run into a hay meadow on the left. I've
got the last house before the field. The computer is always on. . . . And is that really what you mean? Are
you merely just the kind of little sneak that goes around looking for easy places to violate? You
disappoint me, pal. For all your James Dean-On-Silicon rhetoric, you're not a cyberpunk. You're just a
punk.

Acid Phreak: Mr. Barlow: Thank you for posting all I need to get your credit information and a whole lot
more! Now, who is to blame? ME for getting it or YOU for being such an idiot?! I think this should just
about sum things up.

Barlow Acid, if you've got a lesson to teach me, l hope it's not that it's idiotic to trust one's fellow man.
Life on those terms would be endless and brutal. l 'd try to tell you something about conscience, but I'd
sound like Father O'Flannigan trying to reform the punk that's about to gutshoot hi m. For no more
reason than to watch him die.

But actually, if you take it upon yourself to destroy my credit, you might do me a favor. I've been
looking for something to put the brakes on my burgeoning materialism.

I spent a day wondering whether I was dealing with another Kevin Mitnik before the other shoe dropped:

Barlow With crackers like acid and optik, the issue is less intelligence than alienation. Trade their
modems for skateboards and only a slight conceptual shift would occur.

Optik: You have some pair of balls comparing my talent with that of a skateboarder. Hmmm. . . . This
was indeed boring, but nonetheless:

At which point he downloaded my credit history.

Optik had hacked the core of TRW, an institution which has made my business (and yours) their
business, extracting from it an abbreviated (and incorrect) version of my personal financial life. With
this came the implication that he and Acid could and would revise it to my disadvantage if I didn't back
off.

I have since learned that while getting someone's TRW file is fairly trivial, changing it is not. But at
that time my assessment of the crackers' black skills was one of superstitious awe. They were digital
brujos out to zombify my economic soul.

To a middle-class American, one's credit rating has become nearly identical to his freedom. It now
appears that I was dealing with someone who had both the means and desire to hoodoo mine, leaving me
trapped in a life of wrinkled bills and money-order queues. Never again would I call The Sharper Image
on a whim.

I've been in redneck bars wearing shoulder-length curls, police custody while on acid, and Harlem
after midnight, but no one has ever put the spook in me quite as Phiber Optik did at that moment. I
realized that we had problems which exceeded the human conductivity of the WELL's bandwidth. If
someone were about to paralyze me with a spell, I wanted a more visceral sense of him than could fit
through a modem.

I e-mailed him asking him to give me a phone call. I told him I wouldn't insult his skills by giving him
my phone number and, with the assurance conveyed by that challenge, I settled back and waited for the
phone to ring. Which, directly, it did.

In this conversation and the others that followed I encountered an intelligent, civilized, and
surprisingly principled kid of 18 who sounded, and continues to sound, as though there's little harm in
him to man or data. His cracking impulses seemed purely exploratory, and I've begun to wonder if we
wouldn't also regard spelunkers as desperate criminals if AT&T owned all the caves.

The terrifying poses which Optik and Acid had been striking on screen were a media-amplified example
of a human adaptation I'd seen before: One becomes as he is beheld. They were simply living up to what
they thought we, and, more particularly, the editors of Harper's, expected of them.

Like the televised tears of disaster victims, their snarls adapted easily to mass distribution.

Months later, Harper's took Optik, Acid and me to dinner at a Manhattan restaurant which, though very
fancy, was appropriately Chinese. Acid and Optik, as material beings, were well-scrubbed and
fashionably clad. They looked to be dangerous as ducks. But, as Harper's and the rest of the media have
discovered to their delight, the boys had developed distinctly showier personae for their rambles
through the howling wilderness of Cyberspace. Glittering with spikes of binary chrome, they strode
past the klieg lights and into the digital distance. There they would be outlaws. It was only a matter of
time before they started to believe themselves as bad as they sounded. And no time at all before everyone
else did.

In this, they were like another kid named Billy, many of whose feral deeds in the pre-civilized West
were encouraged by the same dime novelist who chronicled them. And like Tom Horn, they seemed to
have some doubt as to which side of the law they were on. Acid even expressed an ambition to work for
the government someday, nabbing "terrorists and code abusers."

There is also a frontier ambiguity to the "crimes" the crackers commit. They are not exactly stealing
VCRs. Copying a text file from TRW doesn't deprive its owner of anything except informational
exclusivity. (Though it may be said that information has monetary value only in proportion to its
containment.)

There was no question that they were making unauthorized use of data channels. The night I met them,
they left our restaurant table and disappeared into the phone booth for a long time. I didn't see them
marshalling quarters before they went.

And, as I became less their adversary and more their scoutmaster, I began to get "conference calls" in
which six or eight of them would crack pay phones all over New York and simultaneously land on my
line in Wyoming. These deft maneuvers made me think of sky-diving stunts where large groups convene
geometrically in free fall. In this case, the risk was largely legal.

Their other favorite risky business is the time-honored adolescent sport of trespassing. They insist on
going where they don't belong. But then teen-age boys have been proceeding uninvited since the dawn of
human puberty. It seems hard-wired. The only innovation is in the new form of the forbidden zone and
the means of getting in it.

In fact, like Kevin Mitnik, I broke into NORAD when I was 17. A friend and I left a nearby "woodsie" (as
rustic adolescent drunks were called in Colorado) and tried to get inside Cheyenne Mountain. The
chrome helmeted Air Force MPs held us for about two hours before letting us go. They weren't much
older than us and knew exactly our level of national security threat. Had we come cloaked in electronic
mystery, their alert status certainly would have been higher.

Whence arises much of the anxiety. Everything is so ill-defined. How can you guess what lies in their
hearts when you can't see their eyes? How can one be sure that, unlike Mitnik, they won't cross the line
from trespassing into another adolescent pastime, vandalism? And how can you be sure they pose no
threat when you don't know what a threat might be?

And for the crackers some thrill is derived from the metamorphic vagueness of the laws themselves, On
the Net, their effects are unpredictable. One never knows when they'll bite.

This is because most of the statutes invoked against the crackers were designed in a very different
world from the one they explore. For example, can unauthorized electronic access be regarded as the
ethical equivalent of old-fashioned trespass? Like open range, the property boundaries of Cyberspace
are hard to stake and harder still to defend.

Is transmission through an otherwise unused data channel really theft? Is the trackless passage of a
mind through TRW's mainframe the same as the passage of a pickup through my Back 40? What is a
place if Cyberspace is everywhere? What are data and what is free speech? How does one treat property
which has no physical form and can be infinitely reproduced? Is a computer the same as a printing
press? Can the history of my business affairs properly belong to someone else? Can anyone morally
claim to own knowledge itself?

If such questions are hard to answer precisely, there are those who are ready to try. Based on their
experience in the Virtual World, they were about as qualified to enforce its mores as I am to write the
Law of the Sea. But if they lacked technical sophistication, they brought to this task their usual
conviction. And, of course, badges and guns.

Operation Sun Devil

Recently, we have witnessed an alarming number of young people who, for a variety of sociological and
psychological reasons, have become attached to their computers and are exploiting their potential in a
criminal manner. Often, a progression of criminal activity occurs which involves telecommunications
fraud (free long-distance phone calls), unauthorized access to other computers (whether for profit,
fascination, ego, or the intellectual challenge), credit card fraud (cash advances and unauthorized
purchases of goods), and then moves on to other destructive activities like computer viruses.

Our experience shows that many computer hacker suspects are no longer misguided teenagers
mischievously playing games with their computers in their bedrooms. Some are now high-tech
computer operators using computers to engage in unlawful conduct.

ÑExcerpts from a statement by Garry M. Jenkins Asstistant Director, U. S. Secret Service

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable
searches and seizures, shall not be violated, and no warrants shall issue but upon probable cause,
supported by oath or affirmation. and particularly describing the place to he searched, and the persons
or things to be seized.

ÑAmendment IV, United States Constitution

On January 24, 1990, a platoon of Secret Service agents entered the apartment which Acid Phreak
shares with his mother and 12-year-old sister. The latter was the only person home when they burst
through the door with guns drawn. They managed to hold her at bay for about half an hour until their
quarry happened home.

By then, they were nearly done packing up Acid's worldly goods, including his computer, his notes
(both paper and magnetic), books, and such dubiously dangerous tools as a telephone answering
machine, a ghetto blaster, and his complete collection of audio tapes. One agent asked him to define the
real purpose of the answering machine and was frankly skeptical when told that it answered the phone.
The audio tapes seemed to contain nothing but music, but who knew what dark data Acid might have
encoded between the notes.

When Acid's mother returned from work, she found her apartment a scene of apprehended criminality.
She asked what, exactly, her son had done to deserve all this attention and was told that, among other
things, he had caused the AT&T system crash several days earlier. ( Previously AT&T had taken full
responsibility.) Thus, the agent explained, her darling boy was thought to have caused over a billion
dollars in damage to the economy of the United States.

This accusation was never turned into a formal charge. Indeed, no charge of any sort of was filed against
Mr. Phreak then and, although the Secret Service maintained resolute possession of his hardware,
software, and data, no charge had been filed four months later.

Across town, similar scenes were being played out at the homes of Phiber Optik and another colleague
code-named Scorpion. Again, equipment, notes, disks both hard and soft, and personal effects were
confiscated. Again no charges were filed.

Thus began the visible phase of Operation Sun Devil, a two-year Secret Service investigation which
involved 150 federal agents, numerous local and state law enforcement agencies and the combined
security resources of PacBell, AT&T Bellcore, Bell South, MCI, U.S. Sprint, Mid-American,
Southwestern Bell, NYNEX, U.S. West, and American Express.

The focus of this impressive institutional array was the Legion of Doom, a group which never had any
formal membership list but was thought by the members with whom I spoke to number less than 20,
nearly all of them in their teens or early twenties.

I asked Acid why they'd chosen such a threatening name. "You wouldn't want a fairy kind of thing like
Legion of Flower Pickers or something. But the media ate it up too. Probing the Legion of Doom like it
was a gang or something, when really it was just a bunch of geeks behind terminals."

Sometime in December 1988, a 21 year-old Atlanta-area Legion of Doomster named The Prophet
cracked a Bell South computer and downloaded a three-page text file which outlined, in bureaucratese of
surpassing opacity, the administrative procedures and responsibilities for marketing, servicing,
upgrading, and billing for Bell South's 911 system.

A dense thicket of acronyms, the document was filled with passages like:

In accordance with the basic SSC/MAC strategy for provisioning, the SSC/MAC will be Overall Control
Office (OCO) for all Notes to PSAP circuits (official services) and any other services for this customer.
Training must be scheduled for all SSC/MAC involved personnel during the pre-service stage of the
project.

And other such.

At some risk, l too have a copy of this document. To read the whole thing straight through without
entering coma requires either a machine or a human who has too much practice thinking like one.
Anyone who can understand it fully and fluidly has altered his consciousness beyond the ability to ever
again read Blake, Whitman, or Tolstoy. It is, quite simply, the worst writing I have ever tried to read.

Since the document contains little of interest to anyone who is not a student of advanced organizational
sclerosisÑthat is, no access codes, trade secrets, or proprietary informationÑI assume The Prophet
only copied this file as a kind of hunting trophy. He had been to the heart of the forest and had returned
with this coonskin to nail to the barn door.

Furthermore, he was proud of his accomplishment, and since such trophies are infinitely replicable,
he wasn't content to nail it to his door alone. Among the places he copied it was a UNIX bulletin board
(rather like the WELL) in Lockport. lllinois, called Jolnet.

It was downloaded from there by a 20 year-old hacker and pre-law student (whom I had met in the
Harper's Forum) who called himself Knight Lightning. Though not a member of the Legion of Doom,
Knight Lightning and a friend, Taran King, also published from St. Louis and his fraternity house at the
University of Missouri a worldwide hacker's magazine called Phrack. (From phone phreak and hack.)

Phrack was an unusual publication in that it was entirely virtual. The only time its articles hit paper
was when one of its subscribers decided to print out a hard copy. Otherwise, its editions existed in
Cyberspace and took no physical form.

When Knight Lightning got hold of the Bell South document, he thought it would amuse his readers and
reproduced it in the next issue of Phrack. He had little reason to think that he was doing something
illegal. There is nothing in it to indicate that it contains proprietary or even sensitive information.
Indeed, it closely resembles telco reference documents which have long been publicly available.

However, Rich Andrews, the systems operator who oversaw the operation of Jolnet, thought there might
be something funny about the document when he first ran across it in his system. To be on the safe side,
he forwarded a copy of it to AT&T officials. He was subsequently contacted by the authorities, and he
cooperated with them fully. He would regret that later.

On the basis of the foregoing, a grand jury in Lockport was persuaded by the Secret Service in early
February to hand down a seven-count indictment against The Prophet and Knight Lightning, charging
them, among other things, with interstate transfer of stolen property worth more than $5,000. When
The Prophet and two of his Georgia colleagues were arrested on February 7, 1990, the Atlanta papers
reported they faced 40 years in prison and a $2 million fine. Knight Lightning was arrested on
February 15.

The property in question was the aforementioned blot on the history of prose whose full title was "A
Bell South Standard Practice (BSP) 660-225-104SV-Control Office Administration of Enhanced 911
Services for Special Services and Major Account Centers, March, 1988."

And not only was this item worth more than $5,000, it was worth, according to the indictment and Bell
South, precisely $79,449. And not a penny less. We will probably never know how this figure was
reached or by whom, though l like to imagine an appraisal team consisting of Franz Kafka, Joseph
Heller, and Thomas Pynchon

In addition to charging Knight Lightning with crimes for which he could go to jail for 30 years and be
fined $122,000, they seized his publication, Phrack, along with all related equipment, software and
data, including his list of subscribers, many of whom would soon lose their computers and data for the
crime of appearing on it.

I talked to Emmanuel Goldstein, the editor of 2600, another hacker publication which has been known
to publish purloined documents. If they could shutdown Phrack, couldn't they as easily shut down
2600?

He said, "I've got one advantage. I come out on paper and the Constitution knows how to deal with paper."

In fact, nearly all publications are now electronic at some point in their creation. In a modern
newspaper, stories written at the scene are typed to screens and then sent by modem to a central
computer. This computer composes the layout in electronic type and the entire product is transmitted
electronically to the presses. There, finally, the bytes become ink.

Phrack merely omitted the last step in a long line of virtual events. However, that omission, and its
insignificant circulation, left it vulnerable to seizure based on content. If the 911 document had been
the Pentagon Papers (another proprietary document) and Phrack The New York Times, a completion of
the analogy would have seen the government stopping publication of the Time sand seizing its every
material possession, from notepads to presses.

Not that anyone in the newspaper business seemed particularly worried about such implications. They,
and the rest of the media who bothered to report Knight Lightning's arrest, were too obsessed by what
they portrayed as actual disruptions of emergency service and with marveling at the sociopathy of it.
One report expressed relief that no one appeared to have died as a result of the "intrusions."

Meanwhile, in Baltimore, the 911 dragnet snared Leonard Rose, aka Terminus. A professional computer
consultant who specialized in UNIX, Rose got a visit from the government early in February. The G-men
forcibly detained his wife and children for six hours while they interrogated Rose about the 911
document and ransacked his system.

Rose had no knowledge of the 911 matter. Indeed, his only connection had been occasional contact with
Knight Lightning over several years and admitted membership in the Legion of Doom. However, when
searching his hard disk for 911 evidence, they found something else. Like many UNIX consultants, Rose
did have some UNIX source code in his possession. Furthermore, there was evidence that he had
transmitted some of it to Jolnet and left it there for another consultant.

UNIX is a ubiquitous operating system, and though its main virtue is its openness to amendment at the
source level, it is nevertheless the property of AT&T. What had been widely distributed within
businesses and universities for years was suddenly, in Rose's hands, a felonious possession.

Finally, the Secret Service rewarded the good citizenship of Rich Andrews by confiscating the computer
where Jolnet had dwelt, along with all the e-mail, read and unread, which his subscribers had left
there. Like the many others whose equipment and data were taken by the Secret Service subsequently,
he wasn't charged with anything. Nor is he likely to be. They have already inflicted on him the worst
punishment a nerd can suffer: data death.

Andrews was baffled. "I'm the one that found it, I'm the one that turned it in. And I'm the one that's
suffering," he said.

One wonders what will happen when they find such documents on the hard disks of CompuServe, the
largest commercial network system. Maybe I'll just upload my copy of Bell South Standard Practice
(BSP) 660-225-104SV and see.

In any case, association with stolen data is all the guilt you need. It's quite as if the government could
seize your house simply because a guest left a stolen VCR in an upstairs bedroom closet. Or confiscate
all the mail in a post office upon finding a stolen package there. The first concept of modern
jurisprudence to have arrived in Cyberspace seems to have been Zero Tolerance.

Rich Andrews was not the last to learn about the Secret Service's debonair new attitude toward the
Fourth Amendment's protection against unreasonable seizure.

Early on March 1, 1990, +he offices of a role-playing game publisher in Austin, Texas, called Steve
Jackson Games were visited by agents of the United States Secret Service. They ransacked the premises,
broke into several locked filing cabinets (damaging them irreparably in the process) and eventually
left carrying three computers, two laser printers, several hard disks, and many boxes of paper and
floppy disks.

Later in the day, callers to the Illuminati BBS (which Steve Jackson Games operated to keep in touch
with role-players around the country) encountered the following message:

So far we have not received a clear explanation of what the Secret Service was looking for, what they
expected to find, or much of anything else. We are fairly certain that Steve Jackson Games is not the
target of whatever investigation is being conducted; in any case, we have done nothing illegal and have
nothing whatsoever to hide. However, the equipment that was seized is apparently considered to be
evidence in whatever they're investigating, so we aren't likely to get it back any time soon. It could be a
month, it could be never.

It's been three months as I write this, and not only has nothing been returned to them, but, according to
Steve Jackson, the Secret Service will no longer take his calls. He figures that, in the months since the
raid, his little company has lost an estimated $125,000. With such a fiscal hemorrhage, he can't afford
a lawyer to take after the Secret Service. Both the state and national offices of the ACLU told him to "run
along" when he solicited their help.

He tried to go to the press. As in most other cases, they were unwilling to raise the alarm. Jackson
theorized, "The conservative press is taking the attitude that the suppression of evil hackers is a good
thing and that anyone who happens to be put out of business in the meantime well, that's just their
tough luck."

In fact, Newsweek did run a story about the event, portraying it from Jackson's perspective, but they
were almost alone in dealing with it.

What had he done to deserve this nightmare? Role-playing games, of which Dungeons and Dragons is the
most famous, have been accused of creating obsessive involvement in their nerdy young players, but no
one before had found it necessary to prevent their publication. It seems that Steve Jackson had hired the
wrong writer. The managing editor of Steve Jackson Games is a former cracker, known by his fellows
in the Legion of Doom as The Mentor. At the time of the raid, he and the rest of Jackson staff had been
working for over a year on a game called GURPS Cyberpunk, High-Tech Low-Life Role-Playing.

At the time of the Secret Service raids, the game resided entirely on the hard disks they confiscated.
Indeed, it was their target. They told Jackson that, based on its author's background, they had reason to
believe it was a "handbook on computer crime." It was therefore inappropriate for publication, First
Amendment or no First Amendment.

I got a copy of the game from the trunk of The Mentor's car in an Austin parking lot. Like the Bell South
document, it seemed pretty innocuous to me, if a little inscrutable. Borrowing its flavor from the
works of William Gibson and Austin sci-fi author Bruce Sterling, it is filled with silicon brain
implants, holodecks, and gauss guns.

It is, as the cover copy puts it, "a fusion of the dystopian visions of George Orwell and Timothy Leary."
Actually, without the gizmos, it describes a future kind of like the present its publisher is
experiencing at the hands of the Secret Service.

An unbelievably Byzantine world resides within its 120 large pages of small print. (These role-
players must be some kind of idiots savants. . . .) Indeed, it's a thing of such complexity that I can't
swear there's no criminal information in there, but then I can't swear that Grateful Dead records don't
have satanic messages if played backwards. Anything's possible, especially inside something as
remarkable as Cyberpunk.

The most remarkable thing about Cyberpunk is the fact that it was printed at all. After much
negotiation, Jackson was able to get the Secret Service to let him have some of his data back. However,
they told him that he would be limited to an hour and a half with only one of his three computers. Also,
according to Jackson, "They insisted that all the copies be made by a Secret Service agent who was a
two- finger typist. So we didn't get much."

In the end, Jackson and his staff had to reconstruct most of the game from neural rather than magnetic
memory. They did have a few very old backups, and they retrieved some scraps which had been passed
around to game testers. They also had the determination of the enraged.

Despite government efforts to impose censorship by prior restraint, Cyberpunk is now on the market.
Presumably, advertising it as "The game that was seized by the U.S. Secret Service" will invigorate
sales. But Steve Jackson Games, the heretofore prosperous publisher of more than a hundred role-
playing games, has been forced to lay off more than half of its employees and may well be mortally
wounded.

Any employer who has heard this tale will think hard before he hires a computer cracker. Which may
be, of course, among the effects the Secret Service desires.

On May 8, 1990, Operation Sun Devil, heretofore an apparently random and nameless trickle of Secret
Service actions, swept down on the Legion of Doom and its ilk like a bureaucratic tsunami. On that day,
the Secret Service served 27 search warrants in 14 cities from Plano, Texas, to New York, New York.

The law had come to Cyberspace. When the day was over, transit through the wide-open spaces of the
Virtual World would be a lot trickier.

In a press release following the sweep, the Secret Service boasted having shut down numerous computer
bulletin boards, confiscated 40 computers, and seized 23,000 disks. They noted in their statement that
"the conceivable criminal violations of this operation have serious implications for the health and
welfare of all individuals, corporations, and United States Government agencies relying on computers
and telephones to communicate."

It was unclear from their statement whether "this operation" meant the Legion of Doom or Operation
Sun Devil. There was room to interpret it either way.

Because the deliciously ironic truth is that, aside from the three-page Bell South document, the
hackers had neither removed nor damaged anyone's data. Operation Sun Devil, on the other hand, had
"serious implications" for a number of folks who relied on "computers and telephones to communicate."
They lost the equivalent of about 5.4 million pages of information. Not to mention a few computers and
telephones.

And the welfare of the individuals behind those figures was surely in jeopardy. Like the story of the
single mother and computer consultant in Baltimore whose sole means of supporting herself and her
18- year-old son was stripped away early one morning. Secret Service agents broke down her door
with sledgehammers, entered with guns drawn, and seized all her computer equipment. Apparently her
son had also been using it.

Or the father in New York who opened the door at 6:00 a.m, and found a shotgun at his nose. A dozen
agents entered. While one of them kept the man's wife in a choke-hold, the rest made ready to shoot and
entered the bedroom of their sleeping 14-year-old. Before leaving, they confiscated every piece of
electronic equipment in the house, including all the telephones.

It was enough to suggest that the insurance companies should start writing policies against capricious
governmental seizure of circuitry.

In fairness, one can imagine the government's problem. This is all pretty magical stuff to them. If I
were trying to terminate the operations of a witch coven, Id probably seize everything in sight. How
would I tell the ordinary household brooms from the getaway vehicles?

But as I heard more and more about the vile injustices being heaped on my young pals in the Legion of
Doom, not to mention the unfortunate folks nearby, the less I was inclined toward such temperate
thoughts as these. I drifted back into a sixties-style sense of the government, thinking it a thing of
monolithic and evil efficiency and adopting an up-against-the-wall willingness to spit words like "pig"
or "fascist" into my descriptions.

In doing so, I endowed the Secret Service with a clarity of intent which no agency of government will
ever possess. Despite almost every experience I've ever had with federal authority, I keep imagining its
competence.

For some reason, it was easier to invest the Keystone Kapers of Operation Sun Devil with malign
purpose rather than confront their absurdity straight-on. There is, after all, a twisted kind of comfort
in political paranoia. It provides one such a sense of orderliness to think that the government is neither
crazy nor stupid and that its plots, though wicked, are succinct.

I was about to have an experience which would restore both my natural sense of unreality and my
unwillingness to demean the motives of others. I was about to see firsthand the disorientation of the law
in the featureless vastness of Cyberspace.

In Search of NuPrometheus

I pity the poor immigrant.

ÑBob Dylan

Sometime last June, an angry hacker got hold of a chunk of the highly secret source code which drives
the Apple Macintosh. He then distributed it to a variety of addresses, claiming responsibility for this
act of information terrorism in the name of the NuPrometheus League.

Apple freaked. NuPrometheus had stolen, if not the Apple crown jewels, at least a stone from them.
Worse, NuPrometheus had then given this prize away. Repeatedly.

All Apple really has to offer the world is the software which lies encoded in silicon on the ROM chip of
every Macintosh. This set of instructions is the cyber-DNA which makes a Macintosh a Macintosh.

Worse, much of the magic in this code was put there by people who not only do not work for Apple any
longer, but might only do so again if encouraged with cattle prods. Apple's attitude toward its ROM code
is a little like that of a rich kid toward his inheritance. Not actually knowing how to create wealth
himself, he guards what he has with hysterical fervor.

Time passed, and I forgot about the incident. But one recent May morning, I learned that others had not.
The tireless search for the spectral heart of NuPrometheus finally reached Pinedale, Wyoming, where I
was the object of a two-hour interview by Special Agent Richard Baxter, Jr., of the Federal Bureau of
Investigation.

Poor Agent Baxter didn't know a ROM chip from a ViseGrip when he arrived, so much of that time was
spent trying to educate him on the nature of the thing which had been stolen. Or whether "stolen" was
the right term for what had happened to it.

You know things have rather jumped the groove when potential suspects must explain to law enforcers
the nature of their alleged perpetrations.

I wouldn't swear Agent Baxter ever got it quite right. After I showed him some actual source code, gave a
demonstration of e-mail in action. and downloaded a file from the WELL, he took to rubbing his face
with both hands, peering up over his fingertips and saying, "It sure is something, isn't it." Or,
"Whooo- ee."

Or "my eight-year-old knows more about these thing than I do." He didn't say this with a father's pride
as much as an immigrant's fear of a strange new land in which he will be forcibly moved and in which
his own child is a native. He looked across my keyboard into Cyberspace and didn't like what he saw.

We could have made it harder for one another, but I think we each sensed that the other occupied a world
which was as bizarre and nonsensical as it could be. We did our mutual best to suppress immune
response at the border.

You'd have thought his world might have been a little more recognizable to me. Not so, it turns out.
Because in his world, I found several unfamiliar features, including these:

1. The Hacker's Conference is an underground organization of computer outlaws with likely connections
to, and almost certainly sympathy with, the NuPrometheus League. (Or as Agent Baxter repeatedly put
it, the "New Prosthesis League. ")

2. John Draper, the aforementioned Cap'n Crunch, in addition to being a known member of the Hacker's
Conference' is also CEO and president of Autodesk' Inc. This is of particular concern to the FBI because
Autodesk has many top-secret contracts with the government to supply Star Wars graphics imaging and
"hyperspace" technology. Worse, Draper is thought to have Soviet contacts.

He wasn't making this up. He had lengthy documents from the San Francisco office to prove it. And in
which Autodesk's address was certainly correct.

On the other hand, I know John Draper. While, as I say he may have once distinguished himself as a
cracker during the Pleistocene, he is not now, never has been, and never will be CEO of Autodesk. He did
work there for a while last year, but he was let go long before he got into a position to take over.

Nor is Autodesk, in my experience with it, the Star War: skunk works which Agent Baxter's documents
indicated. One could hang out there a long time without ever seeing any gold braid.

Their primary product is something called AutoCAD, by far the most popular computer-aided design
software but generally lacking in lethal potential. They do have a small development program in
Cyberspace, which is what they call Virtual Reality. (This, I assume is the "hyperspace" to which Agent
Baxter's documents referred.)

However, Autodesk had reduced its Cyberspace program to a couple of programmers. I imagined Randy
Walser and Carl Tollander toiling away in the dark and lonely service of their country. Didn't work.
Then I tried to describe Virtual Reality to Agent Baxter, but that didn't work either. In fact, he tilted. I
took several runs at it, but I could tell I was violating our border agreements. These seemed to include a
requirement that neither of us try to drag the other across into his conceptual zone.

I fared a little better on the Hacker's Conference. Hardly a conspiracy, the Hacker's Conference is an
annual convention originated in 1984 by the Point Foundation and the editors of Whole Earth Review.
Each year it invites about a hundred of the most gifted and accomplished of digital creators. Indeed, they
are the very people who have conducted the personal computer revolution. Agent Baxter looked at my
list of Hacker's Conference attendees and read their bios. "These are the people who actually design this
stuff, aren't they?" He was incredulous. Their corporate addresses didn't fit his model of outlaws at all
well.

Why had he come all the way to Pinedale to investigate a crime he didn't understand which had taken
place (sort of) in five different places, none of which was within 500 miles?

Well, it seems Apple has told the FBI that they can expect little cooperation from hackers in and around
the Silicon Valley, owing to virulent anti-Apple sentiment there. They claim this is due to the hacker
belief that software should be free combined with festering resentment of Apple's commercial success.
They advised the FBI to question only those hackers who were as far as possible from the twisted heart
of the subculture.

They did have their eye on some local people though. These included a couple of former Apple employees,
Grady Ward and Walter Horat, Chuck Farnham (who has made a living out of harassing Apple), Glenn
Tenney (the purported leader of the hackers), and, of course, the purported CEO of Autodesk.

Other folks Agent Baxter asked me about included Mitch Kapor, who wrote Lotus 1-2-3 and was known
to have received some of this mysterious source code. Or whatever. But I had also met Mitch Kapor, both
on the WELL and in person. A less likely computer terrorist would be hard to come by.

Actually, the question of the source code was another area where worlds but shadow-boxed. Although
Agent Baxter didn't know source code from Tuesday, he did know that Apple Computer had told his agency
that what had been stolen and disseminated was the complete recipe for a Macintosh computer. The
distribution of this secret formula might result in the creation of millions of Macintoshes not made by
Apple. And, of course, the ruination of Apple Computer.

In my world, NuPrometheus (whoever they, or more likely, he might be) had distributed a small
portion of the code which related specifically to Color QuickDraw. QuickDraw is Apple's name for the
software which controls the Mac's on-screen graphics. But this was another detail which Agent Baxter
could not capture. For all he knew, you could grow Macintoshes from floppy disks.

I explained to him that Apple was alleging something like the ability to assemble an entire human being
from the recipe for a foot, but even he knew the analogy was inexact. And trying to get him to accept the
idea that a corporation could go mad with suspicion was quite futile. He had a far different perception of
the emotional reliability of institutions.

When he finally left, we were both dazzled and disturbed. I spent some time thinking about Lewis
Carroll and tried to return to writing about the legal persecution of the Legion of Doom. But my heart
wasn't in it. I found myself suddenly too much in sympathy with Agent Baxter and his struggling
colleagues from Operation Sun Devil to get back into a proper sort of pig-bashing mode.

Given what had happened to other innocent bystanders like Steve Jackson, I gave some thought to getting
scared. But this was Kafka in a clown suit. It wasn't precisely frightening. I also took some comfort in a
phrase once applied to the administration of Frederick the Great: "Despotism tempered by
incompetence."

Of course, incompetence is a double-edged banana. While we may know this new territory better than
the authorities, they have us literally out-gunned. One should pause before making well-armed
paranoids feel foolish, no matter how foolish they seem.

The Fear of White Noise

I'm a member of that half of the human race which kinds inclined to divide the human race into two
kinds of of people. My dividing line runs between the people who crave certainty and the people who
trust chance.

You can draw this one a number of ways, of course, like Control vs. Serendipity, Order vs.. Chaos, Hard
Answers vs. Silly Questions, or Newton, Descartes & Aquinas vs. Heisenberg, Mandelbrot & the Dalai
Lama. Etc.

Large organizations and their drones huddle on one end of my scale, busily trying to impose predictable
homogeneity on messy circumstance. On the other end, freelancers and ne'er-do-wells cavort about,
getting by on luck if they get by at all.

However you cast these poles, it comes down to the difference between those who see life as a struggle
against cosmic peril and human infamy and those who believe, without any hard evidence, that the
universe is actually on our side. Fear vs. Faith.

I am of the latter group. Along with Gandhi and Rebecca of Sunnybrook Farm, I believe that other human
beings will quite consistently merit my trust if I'm not doing something which scares them or makes
them feel bad about themselves. In other words, the best defense is a good way to get hurt.

In spite of the fact that this system works very reliably for me and my kind, I find we are increasingly
in the minority. More and more of our neighbors live in armed compounds. Alarms blare continuously.
Potentially happy people give their lives over to the corporate state as though the world were so
dangerous outside its veil of collective immunity that they have no choice.

I have a number of theories as to why this is happening. One has to do with the opening of Cyberspace. As
a result of this development, humanity is now undergoing the most profound transformation of its
history. Coming into the Virtual World, we inhabit Information. Indeed, we become Information.
Thought is embodied and the Flesh is made Word. It's weird as hell.

Beginning with the invention of the telegraph and extending through television into Virtual Reality, we
have been, for over a century, experiencing a terrifying erosion in our sense of both body and place. As
we begin to realize the enormity of what is happening to us, all but the most courageous have gotten
scared.

And everyone, regardless of his psychic resilience, feels this overwhelming sense of strangeness. The
world, once so certain and tangible and legally precise, has become an infinite layering of opinions,
perceptions, litigation, camera-angles, data, white noise, and, most of all, ambiguities. Those of us who
are of the fearful persuasion do not like ambiguities.

Indeed, if one were a little jumpy to start with, he may now be fairly humming with nameless dread.
Since no one likes his dread to be nameless, the first order of business is to find it some names.

For a long time here in the United States, Communism provided a kind of catch-all bogeyman. Marx,
Stalin and Mao summoned forth such a spectre that, to many Americans, annihilation of all life was
preferable to the human portion becoming Communist. But as Big Red wizened and lost his teeth, we
began to cast about for a replacement.

Finding none of sufficient individual horror, we have draped a number of objects with the old black
bunting which once shrouded the Kremlin. Our current spooks are terrorists, child abductors, AIDS,
and the underclass. I would say drugs, but anyone who thinks that the War on Drugs is not actually the
War on the Underclass hasn't been paying close enough attention,

There are a couple of problems with these Four Horsemen. For one thing, they aren't actually very
dangerous. For example, only seven Americans died in worldwide terrorist attacks in 1987. Fewer than
10 (out of about 70 million) children are abducted by strangers in the U.S. each year. Your chances of
getting AIDS if you are neither gay nor a hemophiliac nor a junkie are considerably less than your
chances of getting killed by lightning while golfing. The underclass is dangerous, of course, but only,
with very few exceptions, if you are a member of it.

The other problem with these perils is that they are all physical. If we are entering into a world in
which no one has a body, physical threats begin to lose their sting.

And now I come to the point of this screed: The perfect bogeyman for Modern Times is the Cyberpunk! He
is so smart he makes you feel even more stupid than you usually do. He knows this complex country in
which you're perpetually lost, he understands the value of things you can't conceptualize long enough to
cash in on. He is the one-eyed man in the Country of the Blind.

In a world where you and your wealth consist of nothing but beeps and boops of micro-voltage, he can
steal all your assets in nanoseconds and then make you disappear.

He can even reach back out of his haunted mists and kill you physically. Among the justifications for
Operation Sun Devil was this chilling tidbit:

Hackers had the ability to access and review the files of hospital patients. Furthermore, they could have
added, deleted, or altered vital patient information, possibly causing life-threatening situations.
[Emphasis added.]

Perhaps the most frightening thing about the Cyberpunk is the danger he presents to The Institution,
whether corporate or governmental. If you are frightened you have almost certainly taken shelter by
now in one of these collective organisms, so the very last thing you want is something which can
endanger your heretofore unassailable hive.

And make no mistake, crackers will become to bureaucratic bodies what viruses presently are to human
bodies. Thus, Operation Sun Devil can be seen as the first of many waves of organizational immune
response to this new antigen. Agent Baxter was a T-cell. Fortunately, he didn't know that himself and I
was very careful not to show him my own antigenic tendencies.

I think that herein lies the way out of what might otherwise become an Armageddon between the control
freaks and the neo-hip. Those who are comfortable with these disorienting changes must do everything
in our power to convey that comfort to others. In other words, we must share our sense of hope and
opportunity with those who feel that in Cyberspace they will be obsolete eunuchs for sure.

It's a tall order. But, my silicon brothers, our sell-interest is strong. If we come on as witches, they
will burn us. If we volunteer to guide them gently into its new lands, the Virtual World might be a more
amiable place for all of us than this one has been. Of course, we may also have to fight.

Defining the conceptual and legal map of Cyberspace before the ambiguophobes do it for us (with
punitive over-precision) is going to require some effort. We can't expect the Constitution to take care
of itself. Indeed, the precedent for mitigating the constitutional protection of a new medium has already
been established. Consider what happened to radio in the early part of this century.

Under the pretext of allocating limited bandwidth, the government established an early right of
censorship over broadcast content which still seems directly unconstitutional to me. Except that it
stuck. And now, owing to a large body of case law, looks to go on sticking.

New media, like any chaotic system, are highly sensitive to initial conditions. Today's heuristical
answers of the moment become tomorrow's permanent institutions of both law and expectation. Thus,
they bear examination with that destiny in mind.

Earlier in this article, I asked a number of tough questions relating to the nature of property, privacy,
and speech in the digital domain. Questions like: "What are data and what is free speech?" or "How does
one treat property which has no physical form and can be infinitely reproduced?" or "IS a computer the
same as a printing press?" The events of Operation Sun Devil were nothing less than an effort to
provide answers to these questions. Answers which would greatly enhance governmental ability to
silence the future's opinionated nerds.

In overreaching as extravagantly as they did, the Secret Service may actually have done a service for
those of us who love liberty. They have provided us with a devil. And devils, among their other
galvanizing virtues, are just great for clarifying the issues and putting iron in your spine. In the
presence of a devil, it's always easier to figure out where you stand.

While I previously had felt no stake in the obscure conundra of free telecommunications, I was, thanks
to Operation Sun Devil, suddenly able to plot a trajectory from the current plight of the Legion of Doom
to an eventual constraint on opinions much dearer to me. I remembered Martin Neimoeller, who said:
"In Germany they came first for the Communists, and I didn't speak up because I wasn't a Communist,
Then they came for the Jews, and I didn't speak up because I wasn't a Jew. They came for the trade
unionists, and I didn't speak up because I wasn't a trade unionist. Then they came for the Catholics, and I
didn't speak up because I was a Protestant. Then they came for me, and by that time no one was left to
speak up."

I decided it was time for me to speak up.

The evening of my visit from Agent Baxter, I wrote an account of it which I placed on the WELL. Several
days later, Mitch Kapor literally dropped by for a chat.

Also a WELL denizen, Kapor had read about Agent Baxter and had begun to meditate on the
inappropriateness of leaving our civil liberties to be defined by the technologically benighted. A man
who places great emphasis on face-to-face contact, he wanted to discuss this issue with me in person.
He had been flying his Canadair bizjet to a meeting in California when he realized his route took him
directly over Pinedale.

We talked for a couple of hours in my office while a spring snowstorm swirled outside. When I
recounted for him what I had learned about Operation Sun Devil, he decided it was time for him to speak
up too.

He called a few days later with the phone number of a civil libertarian named Harvey Silverglate, who,
as evidence of his conviction that everyone deserves due process, is currently defending Leona
Helmsley. Mitch asked me to tell Harvey what I knew, with the inference that he would help support the
costs which are liable to arise whenever you tell a lawyer anything.

I found Harvey in New York at the offices of that city's most distinguished constitutional law firm,
Rabinowitz, Boudin, Standard, Krinsley, and Lieberman. These are the folks who made it possible for
The New York Times to print the Pentagon Papers. (Not to dwell on the unwilling notoriety which
partner Leonard Boudin achieved back in 1970 when his Weathergirl daughter blew up the family
home. . . .)

In the conference call which followed, I could almost hear the skeletal click as their jaws dropped. The
next day, Eric Lieberman and Terry Gross of Rabinowitz, Boudin met with Acid Phreak, Phiber Optik,
and Scorpion.

The maddening trouble with writing this account is that Whole Earth Review, unlike, say, Phrack.
doesn't publish instantaneously. Events are boiling up at such a frothy pace that anything I say about
current occurrences surely will not obtain by the time you read this, The road from here is certain to
fork many times. The printed version of this will seem downright quaint before it's dry.

But as of today (in early June of 1990), Mitch and I are legally constituting the Electronic Frontier
Foundation, a two (or possibly three) -man organization which will raise and disburse funds for
education, lobbying, and litigation in the areas relating to digital speech and the extension of the
Constitution into Cyberspace.

Already, on the strength of preliminary stories about our efforts in the Washington Post and the New
York Times, Mitch has received an offer from Steve Wozniak to match whatever funds he dedicates to
this effort. (As well as a fair amount of abuse from the more institutionalized precincts of the computer
industry.)

The Electronic Frontier Foundation will fund, conduct, and support legal efforts to demonstrate that the
Secret Service has exercised prior restraint on publications, limited free speech, conducted improper
seizure of equipment and data, used undue force, and generally conducted itself in a fashion which is
arbitrary, oppressive, and unconstitutional.

In addition, we will work with the Computer Professionals for Social Responsibility and other
organizations to convey to both the public and the policy-makers metaphors which will illuminate the
more general stake in liberating Cyberspace.

Not everyone will agree. Crackers are, after all, generally beyond public sympathy. Actions on their
behalf are not going to be popular no matter who else might benefit from them in the long run.

Nevertheless, in the litigations and political debates which are certain to follow, we will endeavor to
assure that their electronic speech is protected as certainly as any opinions which are printed or, for
that matter, screamed. We will make an effort to clarify issues surrounding the distribution of
intellectual property. And we will help to create for America a future which is as blessed by the Bill of
Rights as its past has been.

John Perry Barlow is a Iyricist with the Grateful Dead and a former Wyoming cattle rancher. This
article appeared originally in The Whole Earth Review (Fall 1990), and is reprinted here with
permission. Barlow was a featured speaker at the 1990 CPSR Annual Meeting.

Barlow, Kapor, Wozniak Start Electronic Frontier Foundation

Shortly after the Operation Sun Devil raids in which young computer hackers were arrested across the
country, Mitch Kapor, founder of the Lotus Development Corporation, John Perry Barlow, and Steve
Wozniak of Apple Computer fame started the Electronic Frontier Foundation. A fourth donor who wishes
to remain anonymous also contributed to the financial resources of EFF. One of EFF's first acts was to
award a two-year $275,000 grant to Computer Professionals for Social Responsibility to support a
public education campaign on the importance of protecting civil liberties and First Amendment rights
in computer communication. Since then EFF has been providing legal support for specific individuals
who have been, in the view of the EFF Board of Directors, unfairly caught up in law enforcement's
crackdown on computer hackers. EFF has an office and staff in Cambridge, Massachusetts. The
organization is now trying to attract members. More information is available at the address and
telephone number listed below. The following text was released to the press at the official announcement
of the founding of the Electronic Frontier Foundation. ÑEd.

Electronic Frontier Foundation Mission Statement

A new world is arising in the vast web of digital, electronic media which connect us. Computer-based
communication media like electronic mail and computer conferencing are becoming the basis of new
forms of community. These communities without a single, fixed geographical location comprise the first
settlements on an electronic frontier.

While well-established legal principles and cultural norms give structure and coherence to uses of
conventional media like newspapers, books, and telephones, the new digital media do not so easily fit
into existing frameworks. Conflicts come about as the law struggles to define its application in a context
where fundamental notions of speech, property, and place take profoundly new forms. People sense both
the promise and the threat inherent in new computer and communications technologies, even as they
struggle to master or simply cope with them in the workplace and the home.

The Electronic Frontier Foundation has been established to help civilize the electronic frontier; to make
it truly useful and beneficial not just to a technical elite, but to everyone; and to do this in a way which
is in keeping with our society's highest traditions of the free and open flow of information and
communication.

To that end, the Electronic Frontier Foundation will:

1. Engage in and support educational activities which increase popular understanding of the
opportunities and challenges posed by developments in computing and telecommunications.

2. Develop among policy-makers a better understanding of the issues underlying free and open
telecommunications, and support the creation of legal and structural approaches which will ease the
assimilation of these new technologies by society.

3. Raise public awareness about civil liberties issues arising from the rapid advancement in the area of
new computer-based communications media. Support litigation in the public interest to preserve,
protect, and extend First Amendment rights within the realm of computing and telecommunications
technology.

4. Encourage and support the development of new tools which will endow non-technical users with full
and easy access to computer-based telecommunications.

The Electronic Frontier Foundation One Cambridge Center Cambridge, MA 02142 (617) 864-1550

Legal Overview: The Electronic Frontier and the Bill of Rights

Advances in computer technology have brought us to a new frontier in communications, where the law
is largely unsettled and woefully inadequate to deal with the problems and challenges posed by
electronic technology. How the law develops in this area will have a direct impact on the electronic
communications experiments and innovations being devised day in and day out by millions of citizens on
both a large and small scale from coast to coast. Reasonable balances have to be struck among:

¥ traditional civil liberties

¥ protection of intellectual property

¥ freedom to experiment and innovate

¥ protection of the security and integrity of computer systems from improper governmental and
private interference.

Striking these balances properly will not be easy, but if they are struck too far in one direction or the
other, important social and legal values surely will be sacrificed.

Helping to see to it that this important and difficult task is done properly is a major goal of the
Electronic Frontier Foundation. It is critical to assure that these lines are drawn in accordance with the
fundamental constitutional rights that have protected individuals from government excesses since our
nation was foundedÑfreedom of speech, press, and association, the right to privacy and protection from
unwarranted governmental intrusion, as well as the right to procedural fairness and due process of law.

The First Amendment

The First Amendment to the United States Constitution prohibits the government from "abridging the
freedom of speech, or of the press," and guarantees freedom of association as well. It is widely
considered to be the single most important of the guarantees contained in the Bill of Rights, since free
speech and association are fundamental in securing all other rights.

The First Amendment throughout history has been challenged by every important technological
development. It has enjoyed only a mixed record of success. Traditional forms of speechÑthe print
media and public speakingÑ have enjoyed a long and rich history of freedom from governmental
interference. The United States Supreme Court has not afforded the same degree of freedom to electronic
broadcasting, however.

Radio and television communications, for example, have been subjected to regulation and censorship by
the Federal Communications Commission (FCC), and by the Congress. The Supreme Court initially
justified regulation of the broadcast media on technological groundsÑsince there were assumed to be a
finite number of radio and television frequencies, the Court believed that regulation was necessary to
prevent interference among frequencies and to make sure that scarce resources were allocated fairly.
The multiplicity of cable TV networks has demonstrated the falsity of this "scarce resource" rationale,
but the Court has expressed a reluctance to abandon its outmoded approach without some signal from
Congress or the FCC.

Congress has not seemed overly eager to relinquish even counterproductive control over the airwaves.
Witness, for example, legislation and rule-making in recent years that have kept even important
literature, such as the poetry of Allen Ginsberg, from being broadcast on radio because of language
deemed "offensive" to regulators. Diversity and experimentation have been sorely hampered by these
rules.

The development of computer technology provides the perfect opportunity for lawmakers and courts to
abandon much of the distinction between the print and electronic media and to extend First Amendment
protections to all communications regardless of the medium. Just as the multiplicity of cable lines has
rendered obsolete the argument that television has to be regulated because of a scarcity of airwave
frequencies, so has the ready availability of virtually unlimited computer communication modalities
made obsolete a similar argument for harsh controls in this area. With the computer taking over the
role previously played by the typewriter and the printing press, it would be a constitutional disaster of
major proportions if the treatment of computers were to follow the history of regulation of radio and
television, rather than the history of freedom of the press.

To the extent that regulation is seen as necessary and proper, it should foster the goal of allowing
maximum freedom, innovation and experimentation in an atmosphere where no one's efforts are
sabotaged by either government or private parties. Regulation should be limited by the adage that quite
aptly describes the line that separates reasonable from unreasonable regulation in the First Amendment
area: "Your liberty ends at the tip of my nose."

As usual, the law lags well behind the development of technology. It is important to educate lawmakers
and judges about new technologies, lest fear and ignorance of the new and unfamiliar, create barriers to
free communication, expression, experimentation, innovation, and other such values that help keep a
nation both free and vigorous.

The Fourth Amendment

The Fourth Amendment guarantees "The right of the people to be secure in their persons, houses,
papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants
shall issue but upon probable cause, supported by oath or affirmation. and particularly describing the
place to he searched, and the persons or things to be seized." In short, the scope of the search has to be
as narrow as possible, and there has to be good reason to believe that the search will turn up evidence of
illegal activity.

The meaning of the Fourth Amendment's guarantee has evolved over time in response to changing
technologies. For example, while the Fourth Amendment was first applied to prevent the government
from trespassing onto private property and seizing tangible objects, the physical trespass rationale
was made obsolete by the development of electronic eavesdropping devices which permitted the
government to "seize" an individual's words without ever treading onto that person's private property.
To put the matter more concretely, while the drafters of the First Amendment surely knew nothing
about electronic databases, surely they would have considered one's database to be as sacrosanct as, for
example, the contents of one's private desk or filing cabinet.

The Supreme Court responded decades ago to these types of technological challenges by interpreting the
Fourth Amendment more broadly to prevent governmental violation of an individual's reasonable
expectation of privacy, a concept that transcended the narrow definition of one's private physical space.
It is now well established that an individual has a reasonable expectation of privacy, not only in his or
her home and business, but also in private communications. Thus, for example:

¥ Government wiretapping and electronic eavesdropping are now limited by state and federal statutes
enacted to effectuate and even to - expand upon Fourth Amendment protections.

¥ More recently, the Fourth Amendment has been used, albeit with limited success, to protect
individuals from undergoing certain random mandatory drug testing imposed by governmental
authorities.

Advancements in technology have also worked in the opposite direction, to diminish expectations of
privacy that society once considered reasonable, and thus have helped limit the scope of Fourth
Amendment protections. Thus, while one might once have reasonably expected privacy in a fenced-in
field, the Supreme Court has recently told us that such an expectation is not reasonable in an age of
surveillance facilitated by airplanes and zoom lenses.

Applicability of Fourth Amendment to Computer Media

Just as the Fourth Amendment has evolved in response to changing technologies, so it must now be
interpreted to protect the reasonable expectation of privacy of computer users in, for example, their
electronic mail or electronically stored secrets. The extent to which government intrusion into these
private areas should be allowed, ought to be debated openly, fully, and intelligently, as the Congress
seeks to legislate in the area, as courts decide cases, and as administrative, regulatory, and
prosecutorial agencies seek to establish their turf.

One point that must be made, but which is commonly misunderstood, is that the Bill of Rights seeks to
protect citizens from privacy invasions committed by the government, but, with very few narrow
exceptions, these protections do not serve to deter private citizens from doing what the government is
prohibited from doing. In short, while the Fourth Amendment limits the government's ability to invade
and spy upon private databanks, it does not protect against similar invasions by private parties.
Protection of citizens from the depredations of other citizens requires the passage of privacy
legislation.

The Fifth Amendment

The Fifth Amendment assures citizens that they will not "be deprived of life, liberty, or property,
without due process of law" and that private property shall not "be taken for public use without just
compensation." This Amendment thus protects both the sanctity of private property and the right of
citizens to be proceeded against by fair means before they may be punished for alleged infractions of the
law.

One aspect of due process of law is that citizens not be prosecuted for alleged violations of laws that are
so vague that persons of reasonable intelligence cannot be expected to assume that some prosecutor will
charge that his or her conduct is criminal. A hypothetical law, for example, that makes it a crime to do
"that which should not be done", would obviously not pass constitutional muster under the

Fifth Amendment. Yet the application of some existing laws to new situations that arise in the electronic
age is only slightly less problematic than the hypothetical, and the Electronic Frontier Foundation plans
to monitor the process by which old laws are modified, and new laws are crafted, to meet modern
situations.

One area in which old laws and new technologies have already clashed and are bound to continue to clash,
is the application of federal criminal laws against the interstate transportation of stolen property. The
placement on an electronic bulletin board of arguably propriety computer files, and the "re-
publication" of such material by those with access to the bulletin board, might well expose the sponsor
of the bulletin board as well as all participants to federal felony charges, if the U.S. Department of
Justice can convince the courts to give these federal laws a broad enough reading. Similarly, federal
laws protecting against wiretapping and electronic eavesdropping clearly have to be updated to take into
account electronic bulletin board technology, lest those who utilize such means of communication should
be assured of reasonable privacy from unwanted government surveillance.

Summary

The problem of melding old but still valid concepts of constitutional rights, with new and rapidly
evolving technologies is perhaps best summed up by the following observation. Twenty-five years ago
there was not much question but that the First Amendment prohibited the government from seizing a
newspaper's printing press, or a writer's typewriter, in order to prevent the publication of protected
speech. Similarly, the government would not have been allowed to search through, and seize, one's
private papers stored in a filing cabinet, without first convincing a judge that probable cause existed to
believe that evidence of crime would be found.

Today, a single computer is in reality a printing press, typewriter, and filing cabinet (and more) all
wrapped up in one. How the use and output of this device is treated in a nation governed by a
Constitution that protects liberty as well as private property, is a major challenge we face. How well
we allow this marvelous invention to continue to be developed by creative minds, while we seek to
prohibit or discourage truly abusive practices, will depend upon the degree of wisdom that guides our
courts, our legislatures, and governmental agencies entrusted with authority in this area of our
national life.

Notes from the CPSR Board

Eric Roberts

CPSR President

With the threat of war looming ever larger in the Middle East, it is sometimes difficult to remember
just how much the world has changed in the last few years. With a speed that surprised most observers,
the Cold War mentalityÑso long the core of our foreign policyÑhas evaporated along with any vestiges
of a credible Soviet threat.

Last week, the scope of that change was brought home to me in an unexpected way. Either for an escape
or out of a sense of nostalgia, I dusted off a videocassette from the shelf and popped it into my VCR. It
was WarGames, the 1983 thriller in which Matthew Broderick plays a high school student who
accidentally finds his way through a "back door" into the NORAD computer system and initiates a war
gameÑa game that the computer is playing for real. The film was still exciting, still clever, and still
charming in its moments, but it was not the same. The visceral fear was gone. The film had instead an
otherworldly quality, and I recognized that I was watching a period piece from a time that will someday
pass from our memories like a bad dream.

There are still nuclear missiles in the superpower arsenals, and perhaps as many as 1,000 with U.S.
forces in the Persian Gulf. There is still the possibility that overreliance on computing technology will
lead to disaster. In an article published on December 16 in The Los Angeles Times, Robert Toth reports
that "computer models of ground warfare convince the administration it can deliver on its promise of an
overwhelming victory" with little evidence of concern over the assumptions that were built into those
computer models. CPSR must continue to speak out against such abuses of technology, as long as those
abuses continue to threaten life on the planet. But we must also, as an organization, concentrate our
energy in other areas that address the critical problems of our new age.

CPSR has been in the process of making this transition for several years, beginning even before anyone
could have anticipated the extent of the global restructuring. Computers touch our lives in many ways,
and it is essential that CPSR remain a voice for responsibility in the use of that technology. Our civil
liberties program has had considerable success over the past few years, and continues to grow into new
areas, as evidenced by our recent campaign concerning the privacy implications of Lotus Marketplace
(see story, page 24). The CPSR Computers in the Workplace project had a very good year, with the
Participatory Design Conference in April. And we've taken on some new topics, as indicated by the
Portland chapter's extremely successful symposium on Computers and the Environment last month (see
page 30).

Finally, we are in the process of redirecting some of our energy toward a major new initiative. For the
1990s and into the next century, the dominant issues will be economic and environmental onesÑnot
military ones. The challenge of our time will be finding ways to reorient our national priorities and
resources so that we can address those new issues. Technology, and computing technology in particular,
will play a critical role in shaping the new world order, and we believe that CPSR can play an equally
critical role in determining how best to apply technology to the problems we face.

This is the motivation behind the new CPSR 21st Century Project, which is described on page 31. We
are excited by the potential of the project and have high hopes for its success. We are encouraged by the
fact that the planning phase of the project has already brought in a grant of $25,000 from the
Rockefeller Family Fund, supplemented by an anonymous grant of $15,000 from a member of the
Rockefeller family. We have submitted proposals to other foundations as well, and anticipate additional
support.

Beyond the changes in the world and in CPSR's program, we are going through several changes closer to
home, in the structure of National Office. After six years here in this office, Gary Chapman will be
moving early next year to Boston to pursue new opportunities related to the 21st Century Project and
will overtime move into a more programmatic role, assuming that we are able to attract continuing
support for the project. We will miss Gary and all of the energy he has brought to this office, but take
great comfort in the fact that he is still working for the good of the organization. We are also saying
goodbye to two long-time staff members, office manager Lois Toback and database manager Tera Martin.
Our sadness at their departure is mitigated by our joy at welcoming their replacements, Kathy Pounds
and Frank Quaratiello.

For the moment, we will not be replacing Gary in the National Office. We hope at some point to be able
to hire a new managing director who will assume oversight responsibilities for the work of the
organization. Unfortunately, the present state of CPSR finances does not allow us to add a new member
to the staff, and we will try to get by with additional meetings of the Executive Committee and increased
reliance on volunteers. We cannot, however, count on volunteer oversight for the long term. We look
towards a future in which CPSR has program offices and a national office. Program offices, such as the
Civil Liberties project in Washington and the 21st Century Project in Boston, are to be entirely
supported by project funds raised from foundations and earmarked individual grants.

Realistically, we can no longer expect foundations to support the day- to-day expenses of CPSR beyond
our program activities. We must be able to depend instead on membership support to keep our day-to-
day operations going, to publish the newsletter, to support the chapters, and to explore new program
opportunities as they arise. We need your support, and the support of your friends and colleagues who
share our goals but are not yet members of CPSR. We are in the middle of a membership contest. We
hope that each of you can take part in that program and make it a success. Every new member we sign
up brings us that much closer to financial stability. And, if you can, consider increasing your own
contributions or renewing at a higher rate. I know that these are hard economic times for all of us, but
CPSR certainly can make use of whatever additional support you can offer.

Thanks to all of you for your support over the years, and I wish you a happy 1991.

CHERYL C. BOYER Certified Public Accountant

2390 Williams Street, Palo Alto, CA 94306 . (415) 856-3131

Board of Directors Computer Professionals for Social Responsibility

I have compiled the accompanying statements of financial position of Computer Professionals for Social
Responsibility as of June 30, 1990 end dune 30, 1989, and the related statements of support,
revenue, functional expenses and fund balances and of cash flows for the years then ended, in accordance
with standards established by the American Institute of Certified Public Accountants.

A compilation is limited to presenting in the form of financial statements information that is the
representation of management. I have not audited or reviewed the accompanying financial statements
and, accordingly, do not express an opinion or any other form of assurance on them.

Cheryl C. Boyer

Palo Alto, California

November 19, 1990


Computer Professionals for Social Responsibility

Statement of Financial Position June 30, 1990 end June 30, 1989

Current Funds

June 30, 1990 June 30, 1989
Assets
Short term
Cash $ 10,984 $43,749
Accounts receivable 3,018 6,206
Prepaid expenses 1,152 1,419
Inventory 2,709 2,509
Long term
Educational projects (net
of $38,700 amortization) 3,780 17,941
Furniture and equipment (net
of $19,224 ace. depreciation) 20,306 15,759
Investments 577 577
Rent deposit 1,400 1,400
Total assets $43,926 $89,560
Liabilities and Fund Balances
Liabilities
Short term
Accounts payable $ 619 $ 1,761
PayableÑchapters 24,436 18,439
Long term
ReserveÑlife memberships 18,770 16,530
Total liabilities $43,825 $36,730

Fund Balance 101 52,830
Total Liabilities and Fund $43,926 $89,560

See accountant's compilation report. See accompanying notes.


Computer Professionals for Social Responsibility Statements of Support, Revenue, and Functional
Expenses and of Fund Balances7 for the Years ended June 30, 1990 and 1989 Current Funds

1989-90 1988-89
Unrestricted Restricted Total Total

Public support and revenue

ContributionsÑfoundations (N1, 4) $111,010 $ 10,000 $121,010 $117,600
Contributions - individuals (N1) 66,823 0- 66,823 56,984
Membership dues (N5) 81,939 0- 81,939 70,124
Publications donations, sales (N1, 2) 4,554 0- 4,554 2,787
Cost of sales (2,035) 0 (2,035) (647)
Interest income 1,744 0- 1,744 2,899
Miscellaneous income 22,434 -0- 22,434 1/,095
Total $286,469 $ 10,000 $296,469 $263,842
100% 100%
Functional expenses
Educational activities
Educational materials $ 13,517 $ 0- $ 13,517 $ 13,470
Newsletter 29,568 0- 29,568 21,620
Symposia 13,567 0- 13,567 2,081
Annual Meeting 30,122 0- 30,122 44,729
Subtotal $ 86,774 $ 0- $ 86,774 $ 81,900
29% 31%
Program activities (N4)
Reliability and risk $ 10,872 $ 10,000 $ 20,872 $ 21,732
Civil liberties 24,477 14,657 39,134 36,674
Other 5,218 0- 5,218 9,508
Subtotal $ 40,567 $ 24,657 $ 65,224 $ 67,91''
22% 26%

Chapter and member expenses

Member servicing $ 18,569 $ ~0~ $ 18,569 $ 20,108
Chapter payments (N5) 18,781 -0- 18,781 18,993
Chapter activities 7,987 0- 7,987 8,773
Regional representatives 753 0- 753 750
Subtotal $ 46,090 $ -0- $ 46,090 $ 48,624
16% 18%

Fundraising

Membership promotion $ 44,569 $ 0 $ 44,569 $ 28,541
Fundraising 37,217 0- 37,217 30,405
Subtotal $ 81,786 $ 0- $ 81,786 $ 58,946
28% 22%

General and administrative $ 69320 $ 0- $ 69,320 $ 51,069
23% 19%
Total Expenses $324,537 $ 24,657 $349,194 $308,453
Excess (deficit) of support and
revenue over expenses $(38,068) $(14,657) $(52,725) $(44,611)
Fund balances, beginning of year $ 38,173 $ 1/,657 $ 52,830 $ 97,441
Fund balances end of period $ 105 $ -0- $ 105 $ 52,830

See accompanying notes.

See accountant's compilation report.


Computer Professionals for Social Responsibility

Statement of Cash Flows for the Years Ended June 30, 1990 and 1989

1990 1989

Cash flows from operating activities

Clash receipts from:

Contributions $269,772 $240,305
Publications 4,554 2,141
Interest 1,744 2,899
Miscellaneous 18,634 14,095
$294,704 $259,440

Cash payments for:

Operating expense $328,269 $283,349
Net cash payments from
operating expenses $(33,565) $(23,909)

Cash flows from investing activities

Cash receipts from:

Lifetime members $2,240 $6,480

Cash payments for:

Purchase of fixed assets 1,440 11,837
Net cash payments from
investing activities $800 ($5,357)

Cash flows from financing activities None

Net decrease in cash $(32,765) $(29,266)

See accountant's compilation report.

See accompanying notes.


Computer Professionals for Social Responsibility

Notes to Financial Statements June 30, 1990 end dune 30, 1989

Note 1: Summary of significant accounting policies

The Organization follows the practice of capitalizing all expenditures for equipment and furniture in
excess of $50. The fair value of donated fixed assets and the costs of assets produced by the Organization
are similarly capitalized. Depreciation and amortization are provided over the estimated useful lives of
the assets using the straight-line method. Inventories are valued by specific identification or the first-
in-first-out method. All contributions are considered to be available for unrestricted use unless
specifically restricted by the donor. Donated materials and equipment are reflected as contributions in
the accompanying statements at their estimated value at date of receipt. No amounts have been reflected
in the statements for donated services inasmuch as no objective basis is available to measure the value
of such services.

Note 2: Educational materials inventory and sales

The Organization has produced educational materials which it offers for sale and for rent (N3). Certain
educational materials are purchased from third parties and offered for resale to members and the
public. The Organization also accepts donations for reprints. The cost of materials associated with
publication income represents the cost of resale materials and the direct costs of educational materials
produced in-house.

Note 3: Educational projects

The Organization has produced two educational projects: a slide and video show presentation entitled
"Reliability and Risk: Computers and Nuclear War," and a book, Computers in Battle: Will They Work?.
Both productions are offered to the public for sale and rent (N2). Amortization is being provided over a
period of three years and totals $39,900 et dune 30, 1990 ($25,740 et dune 30, 1989).

Note 4: Restricted contributions and expenses

The Organization received restricted support for several purposes in 1989-90 and 1988-89.
Foundation grants of $35,500 were received in 1988-89 to support the Computing and Civil Liberties
Project. A foundation grant of $10,000 received in 1989-90 to support the Risk and Reliability
Project has been spent. A membership drive conducted in 1988-89 was support by a foundation grant
of $20,000 in 1987-88.

Note 5: Payable to chapters and chapter distribution

Thirty-five per cent of membership dues from members in chapters is paid to chapters quarterly. In
addition, members may make contributions to chapters through the national office. The amount payable
represents the Organization's obligation for payments to the chapters in the next quarter. An allowance
has been deducted from the June 30, 1990 balance for an estimated amount that will not be claimed by
the chapters. No accounting is presented here of the outlay of funds by the individual chapters.

Note 6: Life memberships

The Organization offers life memberships at $ 1,000. The reserve represents the portion of these
memberships not used in the current year.

See accountant's compilation report


Computer Professionals for Social Responsibility Charts of Income and Expenses July 1, 1989 through
June 30, 1990

Income

Interest Income 0.6%

Miscellaneous Income

8%

Foundation Contributions 41%

Individual Contributions 23%

Membership Dues 28%

Publication Sales and Media Rentals 2%

Expenses

General and Administrative 20%

Educational Activities 25%

Program Activities 19%

Chapter and Membership Servicing Expenses 13%

Fundraising and Membership Promotion 23%


CPSR Chapters December 1990

CPSR/Acadiana, LA

Jim Grant
Center for Advanced Compuer Studies
University of Southwestern Louisiana
P O. Box S/B 40103
Lafayette, LA 70504
(318)231 5647

CPSR/Austin

Ivan M. Milman
4810 Placid Place
Austin, TX 78713
(512) 823-1588 (work)

CPSR/Berkeley
Steve Adams
3026 Shattuck. Apt C
Berkeley, CA 94705
(415) 845-3540 (home)

CPSR/Boston
Tom Thornton
2 Newland Road
Arlington, MA 02174
(617) 643-7102 (home)

CPSR/Chicago
Don Goldhamer
528 S Humphrey
Oak Park, IL 60304
(312) 702 7166 (work)

CPSR/Denver-Boulder
Randy Bloomfield
4222 Corriente Place
Boulder, CO 80301
(303) 938-8031 (home)

CPSR/Los Angeles

Rodney Hoffman
P.O. Box 66038
Los Angeles, CA 90066
(213) 932-1913 (home)

CPSR/Madison Deborah Servi
128 S. Hancock St, #2
Madison, WI 53703
(608) 257-9253 (home)

CPSR/Maine
Betty Van Wyck
Adams Street
Peaks Island, ME 04108
(207) 766-2959 (home)

CPSR/Milwaukee

Sean Samis
6719 W. Moltke St
Milwaukee, WI 53210
(414) 963-2132 (home)

CPSR/Minnesota

David J. Pogoff
6512 Belmore Lane
Edina, MN 55343-2062
(612) 933 6431 (home)

CPSR/New Haven
Larry Wright
1 Brook Hill Road
Hamden, CT 06514
(203) 248-7664 (home)

CPSR/New York

Michael Merritt
294 McMane Avenue
Berkeley Heights NJ 07922
(201) 582 5334 (work)
(201) 464-8870 (home)

CPSR/Palo Alto

Clifford Johnson
Polya Hall
Stanford University Stanford, CA 94305
(415) 723-0167 (work)

CPSR/Philadelphia

Lou Paul
314 N. 37th Street Philadelphia, PA 19104
(215) 898-1592 (work)

CPSR/Pittsburgh

Benjamin Pierce
School of Computer Science
Carnegie Mellon University
Pittsburgh, PA 15213
(412) 268-3062 (work)
(412) 361-3155 (home)

CPSR/Portland
Bob Wilcox
CPSR/Portland
P.O. Box 4332
Portland. OR 97208-4332
(503) 246-1540 (home)

CPSR/San Diego
John Michael McInerny
4053 Tennyson Street
San Diego, CA 92107
(619) 534 1783 (work)
(619) 224-7441 (home)

CPSR/Santa Cruz

Alan Schlenger
419 Rigg Street
Santa Cruz, CA 95060
(408) 425-1305 (home)

CPSR/Seattle

Doug Schuler
CPSR/Seattle
P.O. Box 85481
Seattle, WA 98105
(206) 865 3226 (work)

CPSR/Washington, D.C.

David Girard
2720 Wisconsin Ave., N.W., Apt. 201
Washington D C 20007
(202) 967-6220 (home)

CPSR, P.O. Box 717, Palo Alto, CA 94301 (415)322-3778


CPSR Educational Materials

The following materials may be ordered from the CPSR National Office. All orders must be prepaid.
Please include your name and address for shipping.

Back issues of The CPSR Newsletter are available for $2 each.

Some issues available in photocopy only.

Articles and papers

_ ANNOTATED BIBLIOGRAPHY ON COMPUTER RELIABILITY AND NUCLEAR WAR. Compiled by Alan
Borning (16 pages - updated October 1984 - $2.00)

_ COMPUTER SYSTEMS RELIABILITY AND NUCLEAR WAR. Alan Borning (20 pages--February 1987 -
$2.00)

_ COMPUTER UNRELIABILITY AND NUCLEAR WAR. CPSR/Madison (11 pages - June 1984 - $2.00)

_ THE RESPONSIBLE USE OF COMPUTERS; WHERE DO WE DRAW THE LINE? Christiane Floyd (4 pages -
June 1985 - $1.00)

_ THE "STAR WARS" DEFENSE WON'T COMPUTE. Jonathan Jacky (reprinted from The Atlantic, 6 pages
- June 1985 - $1 00)

_ THE STAR WARS COMPUTER SYSTEM. Greg Nelson and David Redell (10 pages - June 1985 - $1.00)

_ LIST OF ILLUSTRATIVE RISKS TO THE PUBLIC IN THE USE OF COMPUTER SYSTEMS AND RELATED
TECHNOLOGY. Compiled by Peter G. Neumann (9 pages - August 1987 - $1.00) DEADLY BLOOPERS.
Severo M. Ornstein (16 pages - June 1986 - $2.00)

_ LOOSE COUPLING: DOES IT MAKE THE SDI SOFTWARE TRUSTWORTHY? Severo M. Ornstein (4 pages -
October 1986 - $1.00)

_ RELIABILITY AND RESPONSIBILITY. Severo M Ornstein and Lucy A Suchman (reprinted from Abacus,
6 pages - Fall 1985 - $1.00)

_ STRATEGIC COMPUTING: AN ASSESSMENT. Severo M. Ornstein, Brian C. Smith, and Lucy A. Suchman
(4 pages - June 1984 - $1,00)

_ SOFTWARE AND SDI: WHY COMMUNICATION SYSTEMS ARE NOT LIKE SDI. David L. Parnas (Senate
testimony, 2 documents, 7 pages - December 1985 - $1.00)

_ WHY SOFTWARE IS UNRELIABLE. David L. Parnas (8 memoranda, 17 pages - June 1985 - $2.00)

PRIVACY IN THE COMPUTER AGE. Ronni Rosenberg (24 pages - October 1986 - $3.00)

SELECTED AND ANNOTATED BIBLIOGRAPHY ON COMPUTERS AND PRIVACY. Ronni Rosenberg (7 pages -
September 1986 - $1.00)

THE LIMITS OF CORRECTNESS. Brian Cantwell Smith (21 pages - June 1985 - $3.00)

_ ETHICAL QUESTIONS AND MILITARY DOMINANCE IN NEXT GENERATION COMPUTING Paul Smolensky
(6 pages - October 1984 - $1.00) STRATEGIC COMPUTING RESEARCH AND THE UNIVERSITIES. Terry
Winograd (28 pages - March 1987 - $3.00

THE CONSTITUTION vs. THE ARMS RACE. Clifford Johnson (8 pages - December 1986 - $1.00)

_ THE NATIONAL CRIME INFORMATION CENTER: A CASE STUDY. Mary Karen Dahl (4 pages - March
1988 - $ 1 .00 _ "SENSITIVE," NOT "SECRET": A CASE STUDY. Mary Karen Dahl (4 pages - January
1988 - $1.00)

__ THINKING ABOUT "AUTONOMOUS" WEAPONS. Gary Chapman (4 pages - October 1987 - $1.00)

_ COMPUTERS IN THE WORKPLACE: A WORKING BIBLIOGRAPHY, CPSR Workplace Project (19 pages -
last updated March 1990 - $2.00)

Videotapes and Slide Show

Reliability and Risk: Computers and Nuclear War. An award winning half-hour documentary on
accidental nuclear war, the reliability of computers in critical settings, and the computer aspects of
the SDI. November 1986 [Slide show rental: $75. Videotape rental: $25. Videotape purchase, Beta or
VHS: $35, U-matic: $50. Shipping and handling: $7.00.

"SDI: Is the Software Feasible?" Seminar sponsored by the Library of Congress for Congressional staff
members. 1 hour, April 1986. Features Danny Cohen (SDIO) and Dave Redell (CPSR) presenting
opposing views. Includes questions from the audience. [Available as a loan only. Shipping and handling:
$7.00, no sales tax]

"To Err..." WHA Madison Public Television presentation on computer failure. Features several
members of CPSR/Madison,

15 minutes, May 1985. [Available as a loan only. Shipping and handling: $7.00, no sales tax]

MIT debate on the feasibility of the SDI. Co-Sponsored by the MIT Laboratory for Computer Science and
CPSR/Boston, approx.

2 1/2 hours, October 1985. Moderator: Mike Dertouzos (head of LCS); pro-SDI: Danny Cohen end
shuck Seitz (SDIO); con-SDI: David Parnas (University of Victoria) and Joseph Weizenbaum (MIT).
[Rental: $50] Transcript also available (please call).

Books

COMPUTERS IN BATTLE: Will They Work? Edited by David Bellin and Gary Chapman, Harcourt Brace
Jovanovich, 224 pages, 1987. An anthology of perspectives on the role of computers in the arms race,
written and edited by CPSR members. Available in bookstores or from the National Office. Cost: $14.95.

EMPTY PROMISE: THE GROWING CASE AGAINST STAR WARS. Union of Concerned Scientists, John
Tirman, editor, Beacon Press, 230 pages, 1986. Features chapters by eight authors. Cost: $7.95.

CPSR, P.O. Box 717, Palo Alto, CA 94301 (415) 322-3778


CPSR-EFF Public Policy Roundtable Scheduled

The first CPSR-EFF Public Policy Roundtable is scheduled for February 21-22, 1991. The meeting
will be held at the Carnegie Foundation in Washington, D.C.

The roundtable will bring together lawmakers, public policy experts, civil liberties advocates,
criminal justice officials, telecommunications and computer security specialists, and representatives
of on-line communities to explore the current state of civil liberties in the digital domain and to
propose public policy goals.

This roundtable will focus on two issues: the promotion of free speech and the conduct of criminal
investigations in the digital domain. First, how do traditional forms of free speech translate to the on-
line community? How should the various claims to restrict communication be weighed against First
Amendment freedoms? Is there a role for Congress in the resolution of these competing claims? Second,
how should criminal investigations of on-line communities be conducted? Are new rules necessary for
the seizure of computer equipment, particularly when such equipment may be used for electronic mail
or newspaper publishing?

The purpose of this roundtable is to develop specific public policy goals. Discussions will feature panel
presentations that will outline the state of the law and explore current practice, and then examine areas
were public policy and the law should be reassessed. Participants will be asked to help develop a series
of recommendations that will form the basis for subsequent roundtable meetings and eventually the
development of new policy and legislation.

The general public and the press will be welcome to attend, though seating will be limited.
Arrangements also will be made to encourage on-line participation of individuals outside the
Washington area.

This event is made possible through the generous support of the Electronic Frontier Foundation (EFF).

For more information contact:

Richard Civille or Marc Rotenberg CPSR Washington Office, (202) 775-1588
cdp!civille@labrea.stanford. edu rotenberg@csli.stanford.edu


CPSR/Madison Sponsors Discussion on Privacy Thomas Ball and Samuel Bates

The November 8th meeting of CPSR/Madison, entitled "Information Privacy in the Information Age,"
was a very successful program (attended by about 70 people) featuring Marc Rotenberg, director of
CPSR's Washington, D.C., office, and three panelists from the Madison community: Gordon McQuillen,
lawyer and president of the Wisconsin American Civil Liberties Union; Jo Ann Oravec, member of the
Wisconsin Special Committee on Privacy and Information Technology; and Wayne Burmeister, MIS
Director of Planning and Research at American Family Insurance.

The program featured a short talk by Marc Rotenberg on the current status of information privacy in
the United States, followed by responses and comments by the panelists and 45 minutes of questions
from the audience. Questions and discussion continued for an hour after the program at a reception
given by CPSR.

Marc opened his talk by asking two members of the audience to share some of their personal
information with him. The first "volunteer" went as far as to give his name and address but refused to
divulge his annual household income, stating that this was personal information that he did not wish to
disclose. The second person shared her name, address, marital status, and income with the audience.
Marc noted that the information he elicited is a small part of a large range of personal data available
todayÑsuch data has been gathered for a CD-database called Lotus Marketplace that contains the buying
preferences of 80 million American households. The disk contains profiles on 120 million American
consumers, including:

¥ name

¥ address

¥ age

¥ gender

¥ marital status

¥ household income

¥ "lifestyle"

¥ dwelling type

¥ actual buying habits across 100 product categories

Marc noted that with 90 to 95 per cent certainty, most of the people in the audience are listed on the
Lotus Marketplace CD, even though they have never given their consent to

Lotus for the publication of this information. This illustrates that much of the threat to information
privacy comes from private organizations; for the most part, government organizations have dealt with
the privacy issues and implemented policies regarding the use of personal information (such as in the
1965 National Data Center proposal and ensuing legislation regarding such governmental data collection
activities). (See article on Lotus Marketplace on page 24Ñed.)

Marc cited another commercial use of personal information that touches on privacy issues: Equifax's
resume verification service. Upon request (and for a fee), Equifax will form a "resume" on an
individual based on available credit and other transactional data. This is an unusual information product
because it aggregates data from various sources about an individual. Marc contrasted it with the
phenomenon of junk mail. Companies that share their mailing lists (thus spawning reams of junk mail)
do so in a very restricted way; mailing lists are exchanged for one time use and only for the expressed
purpose of mailings. Because Equifax takes data from various sources and uses it for a new purpose
unrelated to the original reasons for its collection, it poses a larger threat to personal privacy than
does the kind of data transferal used in the junk mail business.

This illustrates what Marc regarded as being the greatest threat to personal privacy. This threat, posed
by both the Lotus Marketplace CD and Equifax's resume service, is the secondary use of personal data
without consent. This problem was recognized long ago: the Code of Fair Information Practice, released
in 1973, was the foundation of the 1974 Privacy Act and contains the following principle as its basis:
any information obtained for one purpose should not be used for another purpose without the consent of
the person.

As an example of this principle, Marc noted that when we answer whether or not we wear corrective
lenses in order to get a driver's license, we do not expect to be contacted the next week by the
neighborhood optometrist. When we give our personal information for a particular use we do not expect
it to be used for other purposes. The secondary use of transactional data should be the main focus of
discussions on information privacy.

Marc next gave a brief summary of what has been happening lately in the United States and the world
with respect to information privacy. In May of 1990, CPSR testified to the U.S. Congress on the need
for a Data Protection Agency in the U.S. This idea is not new or radicalÑthe same proposal was made
almost 20 years ago, around the time when the Code of Fair Information Practice was released. The
principles of this code have guided many countries that already have established data protection bodies
Ironically, it is the United States that lags behind Europe in data protection, as the U.S. has not
established such an agency when there is clearly need for one.

Other work on privacy issues comes as the result of an incident in Australia three years ago when the
Australian government proposed a national identification card system. Under this plan, each citizen
would have been assigned a unique identification number and required to carry a national ID card. This
ID card and number also would have been used to integrate various record systems. The ensuing protest
over the proposed cards was so great that the national government of Australia almost collapsed. Simon
Davies, who headed the Australian protests, has recently been in the United States meeting with data
protection experts about an international privacy effort called Privacy International (similar to
Amnesty International). This organization will work to protect the privacy rights of people around the
world and CPSR has been chosen as its secretariat.

Marc noted that we all have a personal stake in privacy issues, referring back to the members of
audience he quizzed at the beginning of the program. The main question is: do organizations have the
right to sell our personal information without our consent? Marc related a case that grew out of judge
Robert Bork's nomination to the Supreme Court. During the Senate hearings for the Bork nomination, a
reporter visited a video store and found out what movies Bork and his family had checked out, later
printing this information in a newspaper story. As a result of this incident, legislation was introduced
to restrict video stores from releasing such information (i.e., the Video Privacy Protection Act, or, as
known in political circles, the Bork Bill).

A key question in the consent issue is who carries the responsibility for saying how personal
information should and should not be used. An individual may have to act on their own behalf to prevent
their information from being used in a particular way (this is known as the "negative check-off
provision"), or the holder of the information may be required to obtain the individual's consent before
the secondary use of data ("positive check-off"). In the case of the Video Privacy Protection Act, video
store owners did not want the burden of the "positive check-off" (i.e., anytime a request for
information came in, the store owner would have to check with the person) and so the bill only requires
that store owners provide the "negative check-off" provision.

Marc noted that the lack of a policy guideline in the U.S. requiring "positive check-off" is why a product
like Lotus Marketplace can be developed easily here but not in Europe, where companies must seek
consent from individuals before using such information for secondary purposes. The biggest problem
with the "negative check-off" solution is that one must first know about a proposed use of personal
information before it is possible to do anything about it (as an example, most of the people in the
audience did not know about Lotus Marketplace and thus would never be able to prevent the use of this
information).

Marc wrapped up his talk with three important points:

1 ) The privacy problem is not about technology or the use of computers. It is about the misuse of
information. Such misuse can occur in a paper record environment as well as an electronic record
environment.

2) The United States has a tradition of privacy protection: witness the work in the 1 970's on the Code
of Fair Information Practice. Today, we need to rediscover this tradition of privacy protection and
remind ourselves of our privacy rights.

3) The assertion of privacy protection must come from the individuals and institutions that give out and
handle personal information. Responsibility for information protection must be put on the information
holder.

After Marc finished his presentation, each panelist gave a short description of his or her view on
privacy. Gordon McQuillen gave an overview of the ACLU's role in privacy issues. The ACLU has been
concerned with data collection and privacy issues for many years. Electronic data collection has been a
concern since the 1 970's, but modern computer technology has the potential to take the invasion of
individual privacy to a new level. Not only is data collection faster using computers, but the process is
frequently less visible to the common person. The current problem is less severe with government data
collection than with that done by private sector organizations, and the ACLU is accordingly moving into
the area of commercial uses of data.

Some of the ACLU's concerns with regard to privacy are:

¥ the uses of caller identification technology

¥ computer data banks of fingerprints and DNA "signatures;" and

¥ the accuracy of arrest and conviction records, medical records, and credit ratings.

The ACLU recommends two methods of dealing with privacy issues: legislation and litigation, and
individual actions to protect one's privacy. On the legislation/litigation side, the ACLU holds that people
have a right to know what information is being collected about them. This right can be legislated or
established through court cases. It is interesting to note that many of the people actually gathering the
information cannot tell people why they are collecting it. For instance, most companies that ask for a
credit card number over the phone also ask for a phone number; the latter information is generally not
used by the credit card company and is not necessary for the processing of such transactions.

The ACLU also counsels people to protect their own privacy by giving information only when it is
necessary. There should also be the option of calling a company that has personal information, and
requesting that the data be expunged from their records. The difficulty with both of these actions is
awareness: people frequently do not know when the data is gathered and who has access to it.

Jo Ann Oravec spoke next about the Special Committee on Privacy and Information Technology, set up by
the Wisconsin Legislative Council and chaired by Representative Marlin Schneider. (See accompanying
article on page 22Ñed.) The charge of the committee is "to study the state laws, policies, and
procedures for protecting citizens from invasion of their privacy resulting from the collecting
processing, use or sharing of personally identifiable information by state or local governments, or
from providing access to that information, or from caller identification."

The committee's charge is a broad one, and covers not only a wide range of topics, but also a large time
span. Some of the questions the committee is currently addressing are:

¥ What is privacy?

¥ What is important in privacy legislation?

¥ What will be important in privacy over the next 1 0 years?

The committee has examined the types of information kept by the major credit rating companies, as
well as that kept by

government agencies. One example of a possible threat to privacy is in the records kept by the
Department of Transportation. The DOT has a pilot program allowing people to pay their motor vehicle
registration fees with a credit card. The credit card number will go into the person's record. But
Wisconsin has open records legislation, which means that anyone can see any records that the state
holds. Thus the credit card number of the person paying his or her MVR fee is available to anyone who
looks for it. In particular, the information becomes available to the credit rating companies, who do ask
for this information. This raises an important question about whether the state should be in the
business of packaging information about Wisconsin residents for anyone's use.

Wayne Burmeister gave a view of the usefulness of personal information to companies, and some
reasons why companies should have access to the data. He works for American Family Insurance, which
is very careful to secure its data at all levels within the company. The company does not sell any of its
data as mailing lists, though it does buy mailing lists from other vendors. These lists can narrow
significantly the market targeted by the company, leading to a substantial economic saving.
Furthermore, narrowing the market means that the people receiving mail from the company are more
likely to be interested in it; the specialized mailing lists have reduced the amount of junk mail that
people get.

Another reason for access to personal information is very clear in the insurance business. Automobile
insurance rates are based partially on the arrest and conviction records of the individual being insured.
People want this information to be known accurately so that their rates reflect their safety records.


CPSR Privacy Work in Madison Jo Ann OravecÑCPSR/Madison

The State of Wisconsin has recently given a Special Committee on Privacy and Information Technology
the charge of studying the following areas, with an eye to framing appropriate legislative and policy
initiatives:

(1 ) the state's laws, policies and procedures for protecting citizens from invasions of their privacy
which may result from the collection, processing. use or sharing of personally identifiable
information, by the state or local units of government, or from providing access to that information;
(2) telephone caller identification services; and (3) other related issues.

Special Committee members include both state senators and representatives and "public members,"
individuals appointed to the Committee because of their special interest or background in the issues
involved. The Committee's public members include representatives from police departments, credit
bureaus, and the State Archives as well as a professor of communications, an attorney, and myself, a
member of the CPSR/Madison chapter. I have both a scholarly and an activist interest in privacy.

The Committee has met in public session since September. The meetings have provided committee
members with a broad overview of privacy issues. A speaker from TRW, one of the big three credit
reporting agencies, attempted to convince the Committee that TRW "owns" the data is has about
individuals, an assertion that several committee members vociferously challenged. Professor Larry
Travis (CPSR/Madison) exhorted the Committee not to accept the "excuses" of those who are in control
of computer resources that privacy safeguards are infeasible or too expensive to implement. Dr. Alice
Robbins (UW Madison) provided both personal and public policy perspectives on the competing values
that privacy issues involve; research and freedom of information interests are in constant "tension"
with privacy concerns.

The Committee has work to do, both in crafting policy initiatives in the privacy area and educating the
public about privacy issues. Privacy does not rank high among public concerns in Wisconsin. Only
slightly more than 10 per cent of Wisconsinites have unlisted telephone numbers (low in comparison
with the nation as a whole, with an average of about 20 per cent). Wisconsinites were the most willing
citizens to comply with the 1990 Census. There is no explicit right of privacy in the State Constitution
(as there is in a number of states, including Alaska and Arizona). Some of the Committee's projects
(including surveys of state data banks that have "personally identifiable information") may be
beneficial in raising Wisconsin's consciousness about privacy, most specifically about the scope of the
information the state keeps on its citizens.

The Committee is primarily interested in developing legislation for the collection, processing, and
dissemination of information on individuals by state agencies. Wisconsin is now undergoing a large-
scale examination of its information technology practices (a heavily funded Ernst & Young effort); the
Ernst & Young results are tipping the scales toward centralization and consolidation of state data
processing facilities. The lack of privacy and security in the study is a matter of concern for many
committee members, who hope that "centralization" and "consolidation" are not codewords for computer
matching or violations of the Code of Fair Information Practices.

Although Wisconsin's open records law and strong tradition of open government provide many benefits,
there are risks of privacy abuses. For example, Wisconsinites in several counties can now pay their
motor vehicle registration fees using Mastercard or Visa credit cards. Their Mastercard and Visa
numbers thus become a matter of public record. Should the state make this fact known to citizens who
desire the "convenience" of credit card payment options? Should the State make motor vehicle
registration information (such as my home address) publicly available? To restate the obvious, there
is a lot of work ahead.

New CPSR Staff Members in Washington

Richard Civille has joined CPSR as a Program Associate. He will be responsible for coordinating the
public policy forums planned for next year and for developing public education activities such as the
creation of a UUCP node. Richard was the founder of EcoNet, an international computer conferencing
system for environmentalists. He was also formerly the Program Director of the Public Interest
Computer Association (PICA) in Washington, D.G. Richard's e-mail address is civille@cdp.uucp or
cdp!civille@labrea.stanford.edu

David Sobel is now CPSR's Legal Counsel. David will be responsible for managing the organization's
litigation work, particularly that involving the Freedom of Information Act (FOIA), electronic
communications, and privacy. David was formerly Associate General Counsel for the National Security
Archive' a public interest research library in Washington, D.C. David is a member of several bars,
including the U.S. Court of Appeals, and he litigated the key FOIA case that established the right of public
interest groups to obtain favorable treatment under the amended FOIA fee provisions. David's e- mail
address is dsobel@cdp.uucp or cdp!dsobel@labrea.stanford.edu

CPSR is pleased to welcome Richard and David. We also thank the Electronic Frontier Foundation (EFF)
for the funding which made this possible.


1991 CPSR CONFERENCE
ON COMPUTERS,
FREEDOM, AND PRIVACY

March 25-28, 1991, at the San Francisco Airport Marriott Hotel, CPSR will sponsor a major national
conference on Computers, Privacy, and Freedom. The conference will assemble representatives from
the computing field, law enforcement, government agencies and legislatures, public interest
organizations, and the private sector. The conference is being organized entirely by volunteers, led by
CPSR member Jim Warren, founder of the West Coast Computer Faire and InfoWorld magazine.

The opening speaker at the conference will be Professor Laurence Tribe, a world-famous authority on
constitutional law from Harvard Law School.

The Conference on Computers, Privacy and Freedom intends to bring together people from diverse
backgrounds who are concerned about the intersection of information technology development and
principles of freedom of expression, security, property, and privacy. The conference will address
public and private information systems, electronic mail, teleconferencing and data communications,
information collection, surveillance, and freedom of "electronic speech." Attendance will be limited to
600 people, and a balanced audience is being sought. The conference will be a three-day, single track
program, with tutorials the day before the conference begins.

Co-sponsors of this conference include the Electronic Networking Association; the Videotex Industry
Association; the Well; the Electronic Frontier Foundation; Portal Communications; the American Civil
Liberties Union; the Cato Institute; the Association for Computing Machinery; IEEE-USA; and Autodesk,
Inc..

The program committee consists of Dorothy Denning, Peter Denning, Les Earnest, Elliot Fabric, Mark
Graham, Don Ingraham, Bruce Koball, Marc Rotenberg, Glenn Tenney, and Jim Warren.

For more information, call the CPSR National Office at (415) 322-3778, or use electronic mail with
the Interenet address cpsr-staff@csli.stanford. edu.

Privacy Concern Raised Over Lotus Marketplace

Lotus Development Corporation of Cambridge, Massachusetts, is now offering two CD-ROM-based
databases in a package called Lotus Marketplace. Marketplace: Households contains records on 120
million United States residents and 80 million households. The majority of adult Americans are listed
in the database. Marketplace: Businesses contains information on over 7 million businesses in the
United States. These products are meant to support a new concept called "desktop marketing." With a
Macintosh computer equipped with a CD-ROM reader, a user can access records according to a variety
of selection criteria, including household income, geographic location, name, age, marital status, and
"lifestyle" profiles that are determined from buying patterns from a hundred consumer goods and
services. Data in the Households database has been compiled by Equifax, the nation's largest credit
reporting agency. Data in the Businesses database comes from TriNet, Inc., a business information
service. The list price of each database is $695, and quarterly updates are available for $150 per
year. The user must also pay for the use of names on the list, at $400 per 5,000, with discounts in
quantities over 25,000.

Because Lotus and Equifax assert that the data in Marketplace: Households is not subject to the Fair
Credit Reporting Act, Lotus claims it has no legal obligation to inform each person on the list about the
information contained in his or her record, nor does Lotus provide a method for subjects to change
information in their file to reflect accuracy. The product is specifically designed for direct mail
solicitations, when many people feel inundated with "junk mail" already. The product is an apparent
violation of the Code of Fair Information Practices, which, while not legally binding, recommends that
no information be used for a purpose other than what it was collected for without the permission of the
subject. Lotus has added fuel to the fiery debate about Marketplace by an apparently cavalier attitude
about privacy. A Lotus press release for the product begins with the headline, "We Found You.... And
Quite Frankly, It Really Wasn't That Hard.' These are the words that Marketplace users are supposed to
be able to say to their target audience after using the database product.

Marketplace is based on Apple's HyperCard program, through which a user accesses data by selection
criteria. Most of the selections are done by pointing and clicking with the Macintosh mouseÑthe
program is very user-friendly. Once names and addresses are selected, they are displayed in an
abbreviated form. Lotus provides access to 5,000 names free. After using the initial 5,000 names
limit, the user has to pay for additional names to be released for mailing labels, reports, or exportable
data. The user buys a "software meter" in 5,000 name increments, so that lists of any size under
5,000 names can be generated, until the names used total 5,000 and an additional metering block must
be purchased. Once lists are purchased, they can be used as many times as the user wants to use them.
This is different from renting lists from mail list brokers, which typically limit use of lists to one
time only.

The Households database does not allow the viewing, printing, or exporting of data other than names and
addresses. Data on household income, marital status, buying habits, and so on are stored for selections
only. The Businesses database does allow the printing and exporting of detailed information about each
business, such as ownership, number of personnel, sales, parent company, etc.

According to Peter Lamm, a Lotus spokesperson who demonstrated the product in Portland, Oregon, on
December 11, anyone can purchase Marketplace, but only companies can register Marketplace, and
Lotus has a list of companies to which it won't sell Marketplace data. According to Lamm, "There are a
list [sic] of fraudulent companies that are marketing illegal or pornographic materials. The
government knows who these are. They publish this list. . . every year. We have that list, and match
buyers registering Marketplace with that list."

There are four fundamental concerns with Marketplace:

¥ It is substantially different from other forms of direct marketing because there are no effective
safeguards to prevent misuse of the information.

¥ The information is collected and sold without the informed consent of the record subjects, which
violates the central tenant of the Code of Fair Information Practices.

¥ The opt-out mechanism will not work.

¥ Single record access, which Lotus claims is impossible, can be accomplished either through
previewing data sets or by viewing directly the contents of the disks (the data is compressed, but not
encrypted).

Robert Ellis Smith, the publisher of Privacy Journal, has also said that the product violate the Fair
Credit Reporting Act because it contains credit data. Lotus has responded that no actual credit data is
contained in the product. They say that the buying propensity and lifestyle data are modelled, which
raises an interesting question if purchasers of Marketplace are led to believe that the data reflects
actual spending patterns.

Most of the information in Marketplace is available and has been available before Marketplace
appeared. It could be ordered according to selection criteria from the many information brokers that
are now in business. What makes Marketplace different is the browsing capability that is offered to
users. Now instead of paying for every selected list, users can browse records in abbreviated form and
find out information about people, businesses, and neighborhoods without ordering any lists at all. Or
the lists can be narrowed to such a fine degree that it becomes possible and cost effective to find lists of
less than a hundred people, or even less than ten. This has been untrue of information brokers, which
typically sell lists by the thousands of names.

CPSR has done a great deal of work to explore the privacy issues raised by Marketplace, beginning with
CPSR's testimony in Congress in support of a Data Protection Agency, on May 16, 1990. CPSR
distributed about 300 print copies of that testimony. Also the testimony will be published in an
upcoming issue of Government Information Quarterly, a scholarly journal on information policy issues.
CPSR was also featured in several stories on Marketplace, including the Wall Street Journal
(November 13,1990), and a special program on Cable News Network. Mary Culnan, a professor at
Georgetown Business School and a former CPSR National Program Associate, has also been frequently
quoted about Lotus Marketplace.

Lotus has agreed to accept requests that names and other information be deleted from the Marketplace
database. To have your name removed from future issues of Marketplace, you can call Lotus at 1-(800)
343-5414. This will get you information about Marketplace: Households, but you can tell Lotus that
you want your name removed from the database. You can also write to Lotus and request that your name
be removed, at Lotus Development Corporation, Attention: Marketplace Name Removal, 55 Cambridge
Parkway, Cambridge, MA 02142. Lotus representatives ominously suggest that to ensure your name is
correctly removed, you should include your Social Security number along with your name and address.
Lotus representatives will reportedly send written confirmation that your name has been removed if
you write to them, but not if you call. However, Lamm said that individuals may find themselves
removed from one quarterly Marketplace update only to appear on the next update. For a foolproof way
to stay off of the Marketplace database, he said, "Don't fill out any more registration forms. Don't
subscribe to any magazines. Don't use your Visa card any more."

Lotus Marketplace: Households contains information on 120 million Americans and 80 million
households. The information includes data on personal income, lifestyle, purchasing patterns,
geographic location, and: marital status. Marketplace: Businesses contains information on 7 million
businesses in the United States.

To register a protest about the Lotus Marketplace product, write Mary Ann Malloy Coffey, Marketing
Programs Manager, or Jim P. Manzi, President and chief executive officer at Lotus Development
Corporation, 55 Cambridge Parkway, Cambridge, MA 02143. You can also address protests to Jeff V.
White, Chairman of the Board, or C.B. Rogers, Jr., President, Equifax, Inc., 1600 Peachtree St., N.W.,
Atlanta, GA 30309.

1990 CPSR Annual Meeting Held at Stanford University

CPSR/Palo Alto hosted the 1990 CPSR Annual Meeting and Banquet on October 20 and 21 at Stanford
University and in Palo Alto, California. The weekend meeting was a great success, and showcased the
changing character of CPSR by featuring discussions on freedom for electronic communication, citizen
oversight of government through the use of computers, women and computing, and computers and the
popular media. The CPSR Banquet was highlighted by the presentation of the Norbert Wiener Award for
Social and Professional Responsibility to Professor Kristen Nygaard, and by a keynote address by James
Fallows, Washington editor of The Atlantic. The meeting was co-chaired by CPSR/Palo Alto members
Lesley Kalmin and Liz Wolf. Key volunteers included Cathie Dager, who handled publicity, and Joe
Karnicky, who served as volunteer coordinator.

The Saturday meeting began with a presentation by John Perry Barlow, co-founder of the Electronic
Frontier Foundation. Barlow described his interest in freedom for electronic communication in an
amusing talk that was largely taken from his article "Crime and Puzzlement," reprinted in this issue of
the newsletter. Barlow noted that since his article was written, the Craig Neidorf case involving the
electronic magazine Phrack had been concluded in Federal court in Chicago. After four days of
prosecution testimony, the government dropped the charges against Neidorf. New evidence appeared that
the document alleged to have been stolen from Bell South and published in Phrack was apparently
available in the public domain. Barlow considered the dismissal of the charges against Neidorf a victory
for the Electronic Frontier Foundation, which helped Neidorf in his legal defense. Barlow also stressed
the important work of CPSR in the public education campaign that is needed to improve understanding
about freedom of expression in electronic communication.

Barlow was followed by David Burnham, a longtime champion of privacy and enhanced public oversight
of government activities, and a new member of the CPSR National Advisory Board. Burnham authored
the classic book The Rise of the Computer State, and his recent book, A Law Unto Itself, is an expose of
the Internal Revenue Service.

Burnham described his work with an organization called the Transactional Records Access
Clearinghouse, or TRAC, based at Syracuse University in New York. Burnham and his colleagues at TRAC
use the Freedom of Information Act to acquire records from key federal agencies or regulatory bodies
like the Internal Revenue Service, the Justice Department, the Nuclear Regulatory Agency, and the
Environmental Protection Agency. The records obtained through these FOIA requests are on
computerized media, typically mainframe tapes. TRAC analysts pore over the data on the tapes and try
to find patterns of government activity. For example, through TRAC analysis, it has been determined
that citizens are subject to widely different chances of being audited by the Internal Revenue Service
depending on where they live. There is no reasonable explanation for the disparities, and the disparities
would not have been revealed except by statistical analysis of IRS records. Burnham argued that the
analysis of data from federal agencies does not provide answers to questions, typically, but instead
points to questions that need to be asked. TRAC offers its analytical services, for a fee, to citizens,
public interest organizations, journalists, and attorneys. Burnham speculated that TRAC may become a
model for investigative oversight of government by independent citizen organizations using
increasingly powerful desktop computers. At the same time, organizations like CPSR should be and are
pushing for more citizen access to government records, and more user-friendly access to such data
through CD-ROMs, dial-up access, and other technologies.

Panel Discussion on Women in Computing

The first panel discussion followed a lunch break, and it took up various issues of concern to women in
the computing field. The panel was moderated by Anita Borg of CPSR/ Palo Alto. The panelists included
Barbara Simons, Secretary of the Association for Computing Machinery (ACM); Elizabeth Wolf, most
recent chair of the now disbanded ACM Subcommittee on the Status of Women in Computer Science;
Shari Lawrence Pfleeger, chair of the ACM Committee on the Status of Women and Minorities; Sheila
Humphreys, Academic Coordinator, Department of Electrical Engineering and Computer Science at the
University of California at Berkeley; and Donna Lenhoff, Legal Director of the Women's Legal Defense
Fund in Washington, D.C. The panel was titled, "Women in Computing: Where We Are, Where We Want
To Be, and How to Get There."

In her opening remarks, Barbara Simons talked about the fact that many women she knows have gotten
into the field of computer science through "back doors," that is, by making the decision to enter the
field at a much later stage than is or was considered standard, and by taking advantage of various
opportunities that were not available on a general and advertised scale. She gave her own biography as a
case in point, speaking of how she got a Ph.D. without ever having gotten any other post-secondary
degree, and the consequent confusion this caused in university bureaucracy. She spoke of the closing of
these "back doors," usually inadvertently, and her perception that such doors have been slamming shut
more securely recently. She also quoted "a senior woman in computer science" who had observed that in
the 1950s, there were more women managers in computer science than she's seen since. Where have
they gone?

Elizabeth Wolf discussed the report written recently by the ACM Subcommittee on the Status of Women.
The subcommittee was commissioned by the ACM Committee on Scientific Freedom and Human Rights in
order to investigate the causes of the under-representation of women in the computer science field, and
to make recommendations for change. One can see the underrepresentation of women in the field as a
problem for either of (at least) two reasons. It is a national problem for the United States, because the
shrinking pool of white males in the population requires that the U.S. educate other segments of its
population to be the scientists and engineers needed for the future. It is also a human rights issue: the
numbers suggest that women are being discouraged from participating as equals in the field. (The
report of the subcommittee appeared in the November issue of The Communications of the ACM.Ñed.)

Shari Lawrence Pfleeger spoke about the new ACM Committee on the Status of Women and Minorities,
for which she wrote the proposal and of which she is chair. The committee will have four main
objectives: 1 ) to carefully document what some of the problems are, including data gathering and
analysis of the problems affecting underrepresentation, with the objective of forming some programs
that effectively address these problems; 2) to serve as a data depository on issues of women and
minorities. Until now, there has been no single address at which one could get comprehensive
information on existing special programs, etc.; 3) to establish some programs and see how they work,
especially mentoring programs in industry and academia; and 4) to publicize details of successful
programs, so they may serve as models for others interested in addressing the problem of under-
representation.

Sheila Humphreys explained that she works to create intervention programs at the secondary, college,
graduate, and reentry levels, to combat underrepresentation of women and minorities. She is a founder
of the UC Berkeley Reentry Program. She first became aware of the extent of the problem of under-
representation when she worked at Mills College in the Admissions Office, and found that most of the
women freshman had not had enough mathematics training to qualify for over half of the majors offered
at the college.

Donna Lenhoff described the work of the Women's Legal Defense Fund (WLDF). One of the main
activities of the WLDF is working for improvement of women's employment opportunities. The WLDF
spearheaded the effort to get the Family and Medical Leave Act passed (recently vetoed by President
Bush). This was an attempt to force the federal government to begin to address the conflicts between
work and family that affect equal employment opportunities. The bottom line, said Lenhoff, is that
women need to be economically independent in order to be able to protect and support themselves and
their children.

Her interest is in bringing public policy to bear on the problem of unequal employment opportunities.
Despite the fact of the traditional dichotomy between men's work and women's work, in which women
perform unpaid labor in the home, and men alone labor outside the home, which is no longer relevant to
the way contemporary men or women live, social processes to support existing new arrangements are
not yet in place. This is a social problem, not merely an individual one for each person affected, and it
needs to be solved through social and legal means.

Shari Lawrence Pfleeger and Sheila Humphreys showed viewgraphs documenting the significant drop-
out rate of women from the educational pipeline, in science and engineering in general, and in computer
science at the undergraduate level in particular. While the number of students graduating with a B.A. or
B.S. in computer science in the United States is decreasing, the percentage of those students who are
female is also decreasing; the numbers of young women choosing to enter the field of computer science
is decreasing even more rapidly than the number of young men choosing to do so. Pfleeger also displayed
government statistics showing why even those who do not perceive this as a human rights issue should
be concerned: demographic trends show that the pool of white males, from which scientists and
engineers have traditionally been drawn, constitutes only 31% of the new entrants to the U.S. Iabor
force from 1988 through the year 2000.

Lenhoff noted that when a minority group is represented in a workplace, stereotypes and discrimination
will continue as long as the percentage of people of that minority group is below one in six. At one-sixth
of the workplace population, a "critical mass" phenomenon is observed, in which the characteristics of
the minority group become somehow less noticeable, stand out less, and become less a subject for
comment. Until the ratio of one in six is achieved, the situation is sufficiently uncomfortable for a
member of such a minority group, that it is extremely difficult to increase the percentage
representation. This is why enforcement of affirmative action laws is necessary, said Lenhoff.

Anita Borg asked the panelists to address the problem of women having "two careers"Ñone in the
workplace and one doing work in the home. Elizabeth Wolf said that her subcommittee, in writing its
report, looked at the effect of the academic tenure system on balancing the responsibilities of career
and family. They found that the current tenure system is based on the assumption of a "helpmate-in-
the-background" who does all the work of home and childraising, thus freeing up the person attempting
to gain tenure to spend all of his or her time working on the responsibilities of the career. This model
of a "helpmate-in-the-background" is certainly not relevant to women, and is no longer relevant to
men either.

Barbara Simons mentioned that there is a conflict between the tenure clock and the biological clock, and
to tell "our young women" to go for academic positions (in order to become role models) and to go for
tenure, is to tell them to put off having a family until they're forty, which is not reasonable. It's true
that some women have raised a family while gaining tenure, but it is a very daunting, intimidating
thing to attempt.

The second panel of the day was called "'Mythinformation:' What and How Does the Public Learn About
Computers?"

The panel was organized and moderated by Paul Saffo, a research associate at the Institute for the
Future. Panelists included Rudy Rucker, a professor at San Jose State University and a noted science
fiction author; Andrew Pollack, a high technology business reporter for The New York Times; Michael
Rogers, general editor of Newsweek magazine; and Rob Swigert, an English professor and author of one
of the first interactive computer-based novels, Portal.

Rogers and Pollack both said that many people seem to believe that the press has a lot more power than
members of the press think they have. Rogers said he thinks the press is largely a passive reflection of
what is already going on in the culture, and that it has much less of a role in shaping public opinion
than many people seem to think. Pollack seemed to agree. He said that it is his job to convey to the
public what is going on with technology, and in terms that any reasonably educated person can
understand. He said he thinks that technology is moving so fast that it is almost impossible for the press
to play a significant role in shaping public opinion about it; it's a big enough job for the press just to
keep up with what is being developed.

Rudy Rucker said he thinks that there is a good and useful connection between fantasy and technological
development. Fantasies about robots, life on other planets, or artificial intelligence have been
inspiration to many engineers who try to take technology to its limits. There exists a domain of people
who are engaged with these fantasies in a useful way and who pursue technological innovation, and then
there is another domain of people who simply witness what this first group produces. The original
motivating fantasy can play a role in communicating technological vision to people who are not prone to
such utopian dreaming.

The CPSR Annual Banquet

At the CPSR Annual Banquet, held at Ming's Villa restaurant in Palo Alto, CPSR presented several
awards to key volunteers who had put in extraordinary work for the organization in 1990. Doug
Schuler and Coralee Whitcomb were noted for their contribution to DIAC-90 (co-chair Peter Russo
was not in attendance). Liz Wolf and Lesley Kalmin were thanked for their efforts in organizing the
Annual Meeting. Lucy Suchman was honored for her long service on the CPSR Board of Directors, of
which she was a member since its inception. And the CPSR Board gave a special gift to CPSR Executive
Director Gary Chapman for five years of service in his position. Then former CPSR president Terry
Winograd presented the Norbert Wiener Award for Professional and Social Responsibility to Professor
Kristen Nygaard of the University of Oslo (see accompanying story).

The keynote speaker for the evening was James Fallows, Washington editor of The Atlantic, and noted
author of two award-winning books, National Defense and More Like Us. Fallows is also a Rhodes
Scholar from Harvard University, a regular commentator on National Public Radio's Morning Edition,
and the former chief speechwriter for President Jimmy Carter. Fallows' talk at the CPSR dinner was
entitled, "The Cold War Is Over: Who Won?"

Fallows said that with the collapse of communism in the formerly Soviet-dominated bloc, the West is
congratulating itself on prevailing economically, ideologically, militarily, and socially in the long
struggle we've called the Cold War. There is a strong strain of millenarianism among many Western
analysts, who are offering a new version of the "end of history" story in which capitalism and liberal
democracy triumph. permanently, around the globe. Fallows said that even aside from the problems that
we have in the West that call this story into question, the counter-example of the Asian model of
economic development falsifies this account of our current situation.

Fallows described the differences between the Asian model of economic development and that of Western
liberal democracies. He said that because Asian economies seem to be based on market capitalism, and
because they are so strongly tied to the American market, Americans tend to think that Asians behave
"just like us" economically, and consequently share many of our values. But Fallows believes that the
differences between the Asian and Western models of economic development are so profound that the two
may constitute competing paradigms for the indefinite future.

The Japanese, said Fallows, do not believe in the "invisible hand" of the market, that guiding force of
market economics that allegedly produces the greatest good for the greatest number. The Japanese
actually believe that market capitalism requires a great deal of guidance, and guidance that promotes a
community or national, as opposed to an individualist, interest. This is a significant obstacle to
convincing the Japanese of the value of free trade, which is an American doctrine. Fallows also
described Asian society as one of determined internal homogeneity, while American, Canadian, and
European societies are increasingly heterogeneous. The American economy values entrepreneurial zeal
and the ability to accept riskÑat least in theoryÑwhile the Japanese value controlled and disciplined
paths to market dominance.

Fallows is concerned that the success of the Japanese and the emerging challenge from such previous
economic backwaters as Korea, Malaysia, and Taiwan, will convince American managers that they need
to emulate the Asian model for future prosperity. Fallows wants to assert that the American values of
individual liberty, risk-taking, democratic challenge to corporate authority, and other features of the
American political economy can be competitive with the Japanese and other Asian economies that have
followed a different path. While avoiding "Japan-bashing," we need to understand the historical and
cultural roots of a different model of economic development without generalizing it into economic law
because of its obvious success in its context. We need to maximize our own capabilities for economic
prosperity, and these come from different historical antecedents.

The 1990 CPSR Annual Meeting and Banquet were great successes because of the many volunteers who
helped make them that way. Next year's Annual Meeting will be on the East coast, and around the same
time of year. Members on the East coast should make plans to attend next year's meeting, because the
substance and spirit of CPSR Annual Meetings improve every year.


Computers and the Environment Symposium Hosted by CPSR/Portland Erik Nilsson and Kathleen Gygi

On November 3, 1990, 120 people attended the first Computers and the Environment Symposium
(CATE). The conference exceeded expectations in almost every respect. Attendance, excitement, and
information were all greater than anticipated.

Nineteen speakers, panelists, and moderators presented topics ranging from "Mapping Old Growth
Forests" to "Computers, Information and Transportation." The conference was sponsored by
CPSR/Portland, The Portland State University Computer Science Department, and the Oregon Graduate
Institute Department of Computer Science and Engineering. CPSR Board of Directors member Doug
Schuler and members of CPSR/Seattle contributed help as well.

The lively discussion both inside and outside of the sessions demonstrated that the application of
computers to environmental problems is an active area of interest to many people. This interest
includes the application of computers to environmental problems, as well as the environmental
problems computers themselves create.

Interest was high enough to justify repeating this conference next year. If anyone is interested in
helping out with next year's conference, contact Steve Biederman by electronic mail at the Internet
address sbiederman@pdx.mentor.com. The next conference may not be in Portland, so we are interested
in helping another CPSR chapter host the conference.

The organizing committee for CATE was John Bartholomew, Steve Biederman, Kathleen Gygi, Nick
Horton, Steve Mullinax, Erik Nilsson, Carl B. Page, and Marjorie Panditji.

Besides the sessions, the conference included an exhibit area that featured demonstrations of high-
performance graphics hardware, computer mapping, CPSR membership applications and materials,
land conservation projects, and other displays.

The following is a list of the papers presented at the conference. A mini-proceedings composed of
overhead copies and a bibliography will be distributed. For information, contact
sbiederman@pdx.mentor.com.

"Mapping Old Growth Forests." David Leversee, Wildlife Biologist, The Wilderness Society, Seattle.

"How Much is a Fish Worth?" Jeffrey Englin, Senior Research Economist, Battelle Pacific Northwest
Laboratory.

"The Long Term Ecological Research (LTER) Program." Mark Klopsch, Network Administrator, Forest
Science Department, Oregon State University.

"Geographic Information Systems: Avoiding the Tyranny of the Subgoal." William Benz, Western
Regional Manager, ComGrafix, Inc.

"Computers, Information and Transportation." Keith Lawton, Technical Manager for Transportation
Planning, Metropolitan Service District (METRO).

"Integrated Systems Policy Analysis." Mike Bull, Chief, Policy Analysis Section' Office of Energy
Resources, Bonneville Power Administration.

"Global Warming: A U.S. Perspective." Patrick Barton, Research Scientist, Battelle Pacific Northwest
Laboratories.

"GIS and Planning for Urban Natural Areas." Joe Poracsky, Associate Professor of Geography, Portland
State University.

"The Impact of Scientific Visualization Technologies." David Kerlick, Principal Scientist, Interactive
Technology Division, Tektronix, Inc.

"Computational Aspects of the Integrated Analysis of Coastal Systems." Antonio Baptista, Assistant
Professor, Department of Environmental Science and Engineering, Oregon Graduate Institute of Science
and Technology.

"Information Technology's Fall From Grace (Improved Productivity, Better Service and Other Myths)."
George Beard, Manager of Planning, Review and Education, Information Systems Division, Oregon
Executive Department.

"Planning for Growth." Jim Sitzman, Field Services Manager, Oregon Department of Land Conservation
& Development.

"Sharing Technology with the Third World." David Robboy, Project Manager, Unix Software
Development, Intel Corporation.

"Human and Environmental Impacts of Microelectronics Manufacturing." Peter Cervantes-Gautschi,
Representative for the Northwest United States, Campaign for Responsible Technology


Rockefeller Foundation Funds 21st Century Project Planning Phase

CPSR has been awarded a $25,000 grant from the Rockefeller Foundation in New York City to begin
planning a new national campaign on science and technology policy called the 21st Century Project. The
21st Century Project will be a coalition of organizations which will work to reorient research and
development funding for science and technology toward solutions to pressing national and international
problems such as environmental quality, industrial renewal, education, and the quality of public
infrastructure. The Project intends to lead a national campaign to redirect R&D funding priorities in
response to the end of the Cold War. The Project is in a planning phase now, and organizers expect the
full campaign to be underway by the fall of 1991. The Rockefeller Foundation grant is supporting the
planning phase.

Leading this new project will be CPSR executive director Gary Chapman, who will be relocating from
Palo Alto, California, to Cambridge, Massachusetts, in February, 1991. Chapman will be opening a new
CPSR office in Cambridge to support the 21st Century Project and other CPSR work. The Palo Alto
national headquarters of CPSR will remain in operation.

The 21st Century Project has been developed over the previous year by leaders in the fields of
economic conversion, science and high technology policy, environmental policy, and labor economics.
The steering committee of the 21st Century Project includes Gary Chapman; Michael Closson, director
of the Center for Economic Conversion; Robert L. Park, Washington director of the American Physical
Society; Lenny Siegel, director of the Pacific Studies Center; Barbara Simons, secretary of the
Association for Computing Machinery; Ted Smith, executive director of the Silicon Valley Toxics
Coalition; Rand Wilson, director of the Labor Resource Center; and Joel Yudken, research fellow at the
Project on Regional and Industrial Economics at Rutgers University.

More information on the 21st Century Project will be part of the next issue of The CPSR Newsletter.
Questions on the Project can be addressed to Gary Chapman at chapman@csli.stanford.edu.

Do Computer Terminals Make You Sick? Book Review Carolyn CurtisÑCPSR/Palo Alto

Currents of Death: Power Lines, Computer Terminals, and the Attempt to Cover Up Their Threat to Your
Health, by Paul Brodeur. Simon and Schuster, 1989. 333 pp. ($19.95).

Macworld magazine, July 1990. Special Report (cover story: four articles on on computers and health
risks, including an article by Paul Brodeur and a summary of radiation from 10 Macintosh monitors):
Commentary, by Jerry Borrell

Conspicuous Consumer, by Deborah Branscum "The Magnetic-Field Menace," by Paul Brodeur "Color
Monitors Put to the Test," by Robert Eckhardt

Terminal Shock: The Health Hazards of Video Display Terminals, by Bob DeMatteo. NC Press Limited,
Toronto, 1985. 224 pp. ($13.95).

Currents of Death

Paul Brodeur wrote The Zapping of America, a study of microwave installations and their health effects,
and the best-selling Outrageous Misconduct, an account of how Johns Manville, the major asbestos
company, spent decades covering up what it knew about the lethal effects of asbestos on its workers . He
is a staff writer for The New Yorker, like Currents of Death, those books appeared originally as series
in that magazine.

Currents of Death falls into three parts: "Power Lines," "Coverup," and "Computer Terminals." (The
coverup aspect, however, pervades all parts of the story.) Although only the last part of Currents of
Death is concerned with computers, in order to understand the case Brodeur builds about this subject,
it is necessary to digest the material he presents in the rest of the book.

The primary thesis of the book is that many studies and statistics show a link between electromagnetic
fields emitted by power lines, microwave radiation, and the very low frequency (VLF, such as 15-20
kHz), and extremely low frequency (ELF, such as 30-60 Hz) radiation, with associated magnetic
fields, from computer and terminal monitors and various types of cancer. The secondary thesis of the
book is that the industry and governmental bodies concerned are doing their best to cover up the study
results instead of finding out more, much less doing anything about the problems.

The point of departure for Currents of Death is a study by Nancy Wertheimer with Ed Leeper in the
mid- 1970s showing a correlation between childhood leukemia and the proximity of the childrens'
homes to utility poles carrying first-span secondary wires. The first span is the part of the wire that
runs past two houses on its way from a pole, which has a step-down transformer, to a second pole, from
which initial service drops to houses are made. This wire carries the current for a dozen or more
homes, and emits a strong magnetic field. The inhabitants of houses within 50 feet of first-span
secondary wires live in a strong electromagnetic field. This study and subsequent ones showed an
association between childhood cancer and 60 Hz magnetic field strengths of two to three milligauss.

Brodeur cites many other (laboratory and field) studies and statistics, and presents the stories of
several other researchers who, like Wertheimer and Leeper, met with apparent attempts by industry
to discredit them, instead of any kind of reasoned response to a perceived public health problem. Page
after page of the book cites these studies, for example, "Indeed, by early 1986, fifteen out of seventeen
surveys of electrical and electronic workers around the world showed a link between exposure to ELF
electric and magnetic fields and the development of cancer" (p.74).

Computer and terminal monitors (usually called VDTs in the context of health hazards) emit various
types of radiation, including ELF and VLF, the ones linked to cancer. The fact that some of the VLF
radiation is pulsed is further cause for concern, since some studies suggest pulsed VLF fields are more
dangerous than non-pulsed fields of the same strength. .

Throughout, Brodeur quotes arguments against the studies and refutes them by citing other authorities
and studies. I summarize some of the arguments here in case the reader has the same reservations.

There must be a thermal effect (tissue must be cooked) in order to produce biological damage.

Too many studies (scores? hundreds?) have shown a correlation between non-ionizing (that is, below
visible light) radiation and cancer. A weak electric or magnetic field is not necessarily a safe field.
Scientists theorize that we and other animals evolved within the earth's 30-Hz field and our systems
have no defense against (for example) a 60-Hz field.

The government has established safe levels for these fields, and the ones we're exposed to fall well
under these standards.

In the U.S., there are no standards restricting how much ELF and VLF radiation from computers we can
be exposed to. (The emission standards for computers are designed to restrict them from interfering
with communications.) The levels detectable at operator distances from most, if not all, computers and
terminals are well above the levels shown to cause cancer and birth defects in study after study (see the
discussion of the Macworld article below).

People are exposed to these fields all the time at home when they operate hair dryers, blenders,
electric drills, etc.

Magnetic fields produced by household appliances are a red herring because the fields they produce fall
away rapidly with distance. More importantly, the user is exposed to these fields for only minutes per
day. Most data entry personnel, programmers, and journalists and other writers are in front of a
computer or terminal eight hours or more a day, every day. The inhabitants of houses that are in the
path of power lines are exposed to those fields the whole time they are in the houses.

The problem I had with this material is its lack of organization. Though the book brings information
from a wealth of studies, there is no appendix or bibliography listing them in an orderly way. Besides
the text, divided into chapters with names, the book contains only an index. Currents of Death lacks
appendixes apparently because it began as magazine articles, but I feel its usefulness as a reference
would be multiplied with these appurtenances, as would the strength of its case. For example, M.
Granger Morgan, reviewing this book in Scientific American (April, 1990) claims that Brodeur does
not differentiate between valid and non- valid studies. With no systematic list to work from, it's
difficult to begin to judge whether Morgan is right or not.

Furthermore, though the book is roughly chronological (taking off from the Wertheimer study) and is
quite interesting as a story. it is difficult to follow, presenting as it does several researchers and the
various responses to their efforts. I would not, however, agree with Morgan's charge that Brodeur
"mixes and confuses adversarial, legal, and regulatory proceedings with honest scientific debate."

Morgan finds it incredible that news media, power companies, computer manufacturers, the World
Health Organization, many newspapers, various university scientists, the American Medical
Association, the Electric Power Research Institute (EPRI), and numerous branches of the U.S. and
Canadian governments participated in a coverup. Morgan particularly takes issue with Brodeur's
intimation that an entity's funding source affects its published opinions. Mindful of recent history,
others among us, including Macworld's editor-in-chief, have no such problem believing at least some
of these bodies might suppress information that hurts their interests.

Morgan admits that Brodeur has a case; and uses much of his review to present it. However, he charges
that Brodeur "deliberately oversimplifies and misrepresents the complexity of the scientific process
and the evidence it has produced" and damages his own arguments by using the research selectively.
According to Morgan:

Scientists assume that something is not so until clearly proven to be true (roughly, innocent till
proven guilty).

Public health officials tend to credit suggestive evidence and often act on it.

Others, like Brodeur (investigative journalists?) think that if a situation seems hazardous, we should
assume there is a risk until it is proven safe (guilty until proven innocent).

Morgan points out that conflict arises here because science cannot demonstrate absolute safety; he
advocates a middle path.

MacWorld Magazine

When Brodeur's book came out, the editors of Macworld responded by asking him to write an article for
them and by researching radiation from the major monitors for Macintoshes. Brodeur's nine-page
article presents some of the material on computers from his book, plus more recent information, such
as the exchange of letters between a college professor and Apple Computer regarding the safety of the
Macintosh SE. Like his book, Brodeur's article is not strictly chronological, but it presents all the main
points and the chief studies and researchers (e.g., Wertheimer, Kaiser) from his book.

Macworld tested ten monitors used with various Macs and has published the results in easy-to-read
charts. It also recommends working distances from monitorsÑ4 feet from the back or side of a monitor,
arm's length from the frontÑand looks at products that claim to mitigate monitor emissions.

The editorial ("Commentary") prefacing the Special Report detailed how the Macworld staff met with
manufacturers, with positive results. Macworld promises to keep us informed about manufacturers'
efforts to reduce ELF and VLF emissions. Best of all was the user-oriented attitude of the editorial,
including some righteous indignation.

Terminal Shock

The back cover of the paperback book Terminal Shock by Bob DeMatteo carries a plug from Paul
Brodeur ("a pioneering and thoroughly researched account of the insidious hazards of Video Display
Terminals ..."), but Brodeur does not cite it in his book.

Bob DeMatteo is coordinator of Occupational Health and Safety for the Ontario Public Service Employees
Union. Terminal Shock was written as a handbook for computer operators, to inform them of the
hazards of their work and possible solutions. It covers the range of health hazards associated with
computers and terminals, such as eye problems and RSI (repetitive strain injury, e.g., tendonitis and
carpal tunnel syndrome). Most of its chapters, however, are devoted to various types of radiation
emitted by computers. Features this book has that Brodeur's does not are, for example:

* an extensive, layperson-oriented explanation of radiation and the electromagnetic spectrum, with
charts and other illustrations;

*many references to European equipment standards and working conditions, which are much more
stringent than those in the U.S.;

*lists of radiation studies (international), arranged according to the type of radiation. Unfortunately,
the studies are all pre-1985, when this book was published;

*an appendix summarizing health effects of non-ionizing (below visible light) radiation, including ELF
and VLF;

*a chapter on controlling VDT radiation (e.g., swathing the monitor in nickel-impregnated cloth to
protect against electric (not magnetic) fields);

*appendixes outlining recommended eye tests and medical tests for radiation;

*an appendix showing VLF (but not ELF) emissions for various monitors (some familiar names),
including the agency that did the testing.

My first reaction to this book was panic, followed by denial. DeMatteo's tone is not sensationalistic, but
the information he presents is, especially because it's backed up with systematic lists of studies. The
fact that this book was published in Canada and includes so many studies done in other countries
indicates to me that the lid is very tight on this information in the U.S.

What to Do

What, if anything, should we do about the problem? On a personal level, you can do the following:

If you use a Macintosh, read the Macworld article to find out if your monitor is one of the "safer" ones;
replace your monitor with a safer one, if possible.

Get a gaussmeter and measure the magnetic fields around your computer and other features of your
environment.

Work as far away from the monitor as reasonable (arm's length, or 28" from the front, at least 4 feet
from the back and sides of any other monitors). Keep in mind that magnetic fields go through
everything: human tissue, walls, glass, and lead.

As much as possible, get rid of other long-term ELF field producers in your environment, or else use
or place them so that humans are not endangered. For example, an electrically heated waterbed can be
turned off while you're in it.

The local places I called trying to rent a gaussmeter required that I rent it for a full month (at the cost
of several hundred dollars). The Safe Computing Company (1-800222-3003, in Needham, Mass., near
Boston), which began advertising in The New Yorker shortly after Brodeur's articles ran, rents
gaussmeters for $59, which includes postage and handling, for three days. (It also sells them, as well
as low-radiation monitors.) The device, which measures ELF and VLF, turned out to be relatively
small, light, and easy to use. The 12-page instruction pamphlet is excellent, containing short
instructions, detailed instructions, some theory, and some solutions.

The Radius monitor I measured tested out at much higher levels than the one in the Macworld article: at
28" (I always sit at more than arm's length from the monitor), the ELF levels were 1.77 milligauss at
eye level, 1.23 mg at chest level, and 0.5 at stomach level. (Macworld measured 0.29 at 28", with
indication of height.) The sides were higher, and 6" above was horrendous, especially near the front.
Four inches from the back, surprisingly, l measured "only" 11 mg. A Sun 3/80 workstation tested out
much higher. Neither computer compared with our color television (8.8 mg at six feet!). There are
strong fields all around a fuse (that is, breaker) box, including inside the house on the other side of the
wall from it. My ionizer gives off double-digit milligauss magnetic fields at the lowest setting.

I'm reluctant to put too many numbers in this review without retesting my results with another brand
of gaussmeter, just to be (more) scientific about it. However, l will avoid, not quibble over, mg levels
of 3, or 8.8, or 30.

On a broader level, you can do the following:

¥ Support stricter radiation standards for monitors. As we know, Sweden manages to enforce this sort
of thing. Monitors with low VLF radiation were developed years ago; IBM is selling monitors in Sweden
that meet their standards.

¥ Support efforts at protective legislation, for example, a law allowing pregnant women to transfer out
of computer work with no loss of seniority.

¥ If you are the kind of engineer who can work on this sort of thing, find out if there is an alternative to
the flyback transformer for vertical and horizontal scanning, or if some other monitor technology can
be made to produce graphics quality comparable to what CRT technology is capable of now.

At one time, some of us thought that newer technology, such as gas plasma monitors, would eliminate
our exposure to VLF and ELF radiation from computers. However, the trend is toward larger and more
powerful CRTs, with color capability, for graphics; these things will be with us a while.

Summary

Currents of Death, Terminal Shock, Macworld April 1990, and the Safe Computing Company pamphlet
all have good information, and I am grateful for it. I would hope for a combination of them, that is, the
illustrated, systematic, practical approach taken by DeMatteo, combined with Brodeur's depth of
research and access to major media, along with frequent updates in mass-market magazines. I'd like
more information about the Safe Computing Company (I am investigating it myself), including whether
it has competitors in Silicon Valley or elsewhere. I'd especially like an end to the news blackout on
working conditions and regulations in Europe. (Item: By law, secretaries in Germany must work near a
window with natural light.)

I'm grateful that Brodeur's efforts have given this issue a high profile. Unlike Morgan in Scientific
American; I would rather take action in an ambiguous situation where my health is concerned than take
a middle course that might not "cost as much." How are we supposed to protect ourselves without
information? The power of industry lobbies is real. In the case of the computer industry, it's the
Coalition for Workplace Technology, which, according to DeMatteo (p.15), "boasts of having killed the
majority of VDT legislative initiatives in several U.S. states." How many books is it going to take to
convince some people?

We have known conclusively for several years that spending long days at a computer keyboard is apt to
result in hand injury, such as tendonitis and carpal tunnel syndrome. Although many people are now
crippled from these diseases, there is resistance to giving data-entry people work breaks every hour,
or even warning them about the hazard. I see a similar situation with ELF fields from monitors: the
knowledge, or certainly a strong suspicion, is there, but do we get warnings? We don't even have
standards.

Miscellaneous

The CPSR Newsletter is published quarterly by:

Computer Professionals for Social Responsibility P.O. Box 717

Palo Alto, CA 94302-0717 (415) 322-3778

(415) 322-3798 (FAX) cpsr-staff@csli.stanford.edu

The purpose of the Newsletter is to keep members informed of thought and activity in CPSR. We
welcome comments on the content and format of our publication. Most especially, we welcome
contributions from our members. Deadline for submission to the next issue is January 31, 1991.

This Newsletter was produced on an Apple Macintosh II, using the desktop publishing program
Pagemaker 3.02CE and Adobe Illustrator 3.0. The hardware and software used were donated to CPSR by
Apple Computer, the Aldus Corporation, and Adobe Systems. The Newsletter was typeset from a
Pagemaker file on a Linotronic 100.

If you move....

Please be sure to notify the CPSR National Office. The CPSR Newsletter is mailed bulk rate, and such
mail is not forwarded by the Post Office. Let us know if you move so we can keep your records current.
CPSR, P.O. Box 717, Palo Alto, CA 94302.