Cook had made it his business to construct this "new reality for hackers." He'd also made it his business to police corporate property rights to the intangible.
Had the Electronic Frontier Foundation been a "hacker defense fund" as that term was generally understood, they presumably would have stood up for Kyrie. Her 1990 sentence did indeed send a "message" that federal heat was coming down on "hackers." But Kyrie found no defenders at EFF, or anywhere else, for that matter. EFF was not a bail-out fund for electronic crooks.
The Neidorf case paralleled the Shadowhawk case in certain ways. The victim once again was allowed to set the value of the "stolen" property. Once again Kluepfel was both investigator and technical advisor. Once again no money had changed hands, but the "intent to defraud" was central.
The prosecution's case showed signs of weakness early on. The Task Force had originally hoped to prove Neidorf the center of a nationwide Legion of Doom criminal conspiracy. The *Phrack* editors threw physical get-togethers every summer, which attracted hackers from across the country; generally two dozen or so of the magazine's favorite contributors and readers. (Such conventions were common in the hacker community; 2600 Magazine, for instance, held public meetings of hackers in New York, every month.) LoD heavy-dudes were always a strong presence at these *Phrack*-sponsored "Summercons."
In July 1988, an Arizona hacker named "Dictator" attended Summercon in Neidorf's home town of St. Louis. Dictator was one of Gail Thackeray's underground informants; Dictator's underground board in Phoenix was a sting operation for the Secret Service. Dictator brought an undercover crew of Secret Service agents to Summercon. The agents bored spyholes through the wall of Dictator's hotel room in St Louis, and videotaped the frolicking hackers through a one-way mirror. As it happened, however, nothing illegal had occurred on videotape, other than the guzzling of beer by a couple of minors. Summercons were social events, not sinister cabals. The tapes showed fifteen hours of raucous laughter, pizza-gobbling, in-jokes and back-slapping.
Neidorf's lawyer, Sheldon Zenner, saw the Secret Service tapes before the trial. Zenner was shocked by the complete harmlessness of this meeting, which Cook had earlier characterized as a sinister interstate conspiracy to commit fraud. Zenner wanted to show the Summercon tapes to the jury. It took protracted maneuverings by the Task Force to keep the tapes from the jury as "irrelevant."
The E911 Document was also proving a weak reed. It had originally been valued at $79,449. Unlike Shadowhawk's arcane Artificial Intelligence booty, the E911 Document was not software -- it was written in English. Computer-knowledgeable people found this value -- for a twelve-page bureaucratic document -- frankly incredible. In his "Crime and Puzzlement" manifesto for EFF, Barlow commented: "We will probably never know how this figure was reached or by whom, though I like to imagine an appraisal team consisting of Franz Kafka, Joseph Heller, and Thomas Pynchon."
As it happened, Barlow was unduly pessimistic. The EFF did, in fact, eventually discover exactly how this figure was reached, and by whom -- but only in 1991, long after the Neidorf trial was over.
Kim Megahee, a Southern Bell security manager, had arrived at the document's value by simply adding up the "costs associated with the production" of the E911 Document. Those "costs" were as follows:
1. A technical writer had been hired to research and write the E911 Document. 200 hours of work, at $35 an hour, cost : $7,000. A Project Manager had overseen the technical writer. 200 hours, at $31 an hour, made: $6,200.
2. A week of typing had cost $721 dollars. A week of formatting had cost $721. A week of graphics formatting had cost $742.
3. Two days of editing cost $367.
`4. A box of order labels cost five dollars.
5. Preparing a purchase order for the Document, including typing and the obtaining of an authorizing signature from within the BellSouth bureaucracy, cost $129.
6. Printing cost $313. Mailing the Document to fifty people took fifty hours by a clerk, and cost $858.
7. Placing the Document in an index took two clerks an hour each, totalling $43.
Bureaucratic overhead alone, therefore, was alleged to have cost a whopping $17,099. According to Mr. Megahee, the typing of a twelve-page document had taken a full week. Writing it had taken five weeks, including an overseer who apparently did nothing else but watch the author for five weeks. Editing twelve pages had taken two days. Printing and mailing an electronic document (which was already available on the Southern Bell Data Network to any telco employee who needed it), had cost over a thousand dollars.
But this was just the beginning. There were also the *hardware expenses.* Eight hundred fifty dollars for a VT220 computer monitor. *Thirty-one thousand dollars* for a sophisticated VAXstation II computer. Six thousand dollars for a computer printer. *Twenty-two thousand dollars* for a copy of "Interleaf" software. Two thousand five hundred dollars for VMS software. All this to create the twelve-page Document.
Plus ten percent of the cost of the software and the hardware, for maintenance. (Actually, the ten percent maintenance costs, though mentioned, had been left off the final $79,449 total, apparently through a merciful oversight).
Mr. Megahee's letter had been mailed directly to William Cook himself, at the office of the Chicago federal attorneys. The United States Government accepted these telco figures without question.
As incredulity mounted, the value of the E911 Document was officially revised downward. This time, Robert Kibler of BellSouth Security estimated the value of the twelve pages as a mere $24,639.05 -- based, purportedly, on "R&D costs." But this specific estimate, right down to the nickel, did not move the skeptics at all; in fact it provoked open scorn and a torrent of sarcasm.
The financial issues concerning theft of proprietary information have always been peculiar. It could be argued that BellSouth had not "lost" its E911 Document at all in the first place, and therefore had not suffered any monetary damage from this "theft." And Sheldon Zenner did in fact argue this at Neidorf's trial -- that Prophet's raid had not been "theft," but was better understood as illicit copying.
The money, however, was not central to anyone's true purposes in this trial. It was not Cook's strategy to convince the jury that the E911 Document was a major act of theft and should be punished for that reason alone. His strategy was to argue that the E911 Document was *dangerous.* It was his intention to establish that the E911 Document was "a road-map" to the Enhanced 911 System. Neidorf had deliberately and recklessly distributed a dangerous weapon. Neidorf and the Prophet did not care (or perhaps even gloated at the sinister idea) that the E911 Document could be used by hackers to disrupt 911 service, "a life line for every person certainly in the Southern Bell region of the United States, and indeed, in many communities throughout the United States," in Cook's own words. Neidorf had put people's lives in danger.
In pre-trial maneuverings, Cook had established that the E911 Document was too hot to appear in the public proceedings of the Neidorf trial. The *jury itself* would not be allowed to ever see this Document, lest it slip into the official court records, and thus into the hands of the general public, and, thus, somehow, to malicious hackers who might lethally abuse it.
Hiding the E911 Document from the jury may have been a clever legal maneuver, but it had a severe flaw. There were, in point of fact, hundreds, perhaps thousands, of people, already in possession of the E911 Document, just as *Phrack* had published it. Its true nature was already obvious to a wide section of the interested public (all of whom, by the way, were, at least theoretically, party to a gigantic wire-fraud conspiracy). Most everyone in the electronic community who had a modem and any interest in the Neidorf case already had a copy of the Document. It had already been available in *Phrack* for over a year.
People, even quite normal people without any particular prurient interest in forbidden knowledge, did not shut their eyes in terror at the thought of beholding a "dangerous" document from a telephone company. On the contrary, they tended to trust their ow
n judgement and simply read the Document for themselves. And they were not impressed.
One such person was John Nagle. Nagle was a forty- one-year-old professional programmer with a masters' degree in computer science from Stanford. He had worked for Ford Aerospace, where he had invented a computer-networking technique known as the "Nagle Algorithm," and for the prominent Californian computer- graphics firm "Autodesk," where he was a major stockholder.
Nagle was also a prominent figure on the Well, much respected for his technical knowledgeability.
Nagle had followed the civil-liberties debate closely, for he was an ardent telecommunicator. He was no particular friend of computer intruders, but he believed electronic publishing had a great deal to offer society at large, and attempts to restrain its growth, or to censor free electronic expression, strongly roused his ire.
The Neidorf case, and the E911 Document, were both being discussed in detail on the Internet, in an electronic publication called *Telecom Digest.* Nagle, a longtime Internet maven, was a regular reader of *Telecom Digest.* Nagle had never seen a copy of *Phrack,* but the implications of the case disturbed him.
While in a Stanford bookstore hunting books on robotics, Nagle happened across a book called *The Intelligent Network.* Thumbing through it at random, Nagle came across an entire chapter meticulously detailing the workings of E911 police emergency systems. This extensive text was being sold openly, and yet in Illinois a young man was in danger of going to prison for publishing a thin six-page document about 911 service.
Nagle made an ironic comment to this effect in *Telecom Digest.* From there, Nagle was put in touch with Mitch Kapor, and then with Neidorf's lawyers.
Sheldon Zenner was delighted to find a computer telecommunications expert willing to speak up for Neidorf, one who was not a wacky teenage "hacker." Nagle was fluent, mature, and respectable; he'd once had a federal security clearance.
Nagle was asked to fly to Illinois to join the defense team.
Having joined the defense as an expert witness, Nagle read the entire E911 Document for himself. He made his own judgement about its potential for menace.
The time has now come for you yourself, the reader, to have a look at the E911 Document. This six-page piece of work was the pretext for a federal prosecution that could have sent an electronic publisher to prison for thirty, or even sixty, years. It was the pretext for the search and seizure of Steve Jackson Games, a legitimate publisher of printed books. It was also the formal pretext for the search and seizure of the Mentor's bulletin board, "Phoenix Project," and for the raid on the home of Erik Bloodaxe. It also had much to do with the seizure of Richard Andrews' Jolnet node and the shutdown of Charles Boykin's AT&T node. The E911 Document was the single most important piece of evidence in the Hacker Crackdown. There can be no real and legitimate substitute for the Document itself.
==Phrack Inc.==
Volume Two, Issue 24, File 5 of 13
Control Office Administration Of Enhanced 911 Services For Special Services and Account Centers
by the Eavesdropper
March, 1988
Description of Service ~~~~~~~~~~~~~~~~~~~~~~ The control office for Emergency 911 service is assigned in accordance with the existing standard guidelines to one of the following centers:
o Special Services Center (SSC) o Major Accounts Center (MAC) o Serving Test Center (STC) o Toll Control Center (TCC)
The SSC/MAC designation is used in this document interchangeably for any of these four centers. The Special Services Centers (SSCs) or Major Account Centers (MACs) have been designated as the trouble reporting contact for all E911 customer (PSAP) reported troubles. Subscribers who have trouble on an E911 call will continue to contact local repair service (CRSAB) who will refer the trouble to the SSC/MAC, when appropriate.
Due to the critical nature of E911 service, the control and timely repair of troubles is demanded. As the primary E911 customer contact, the SSC/MAC is in the unique position to monitor the status of the trouble and insure its resolution.
System Overview ~~~~~~~~~~~~~~~ The number 911 is intended as a nationwide universal telephone number which provides the public with direct access to a Public Safety Answering Point (PSAP). A PSAP is also referred to as an Emergency Service Bureau (ESB). A PSAP is an agency or facility which is authorized by a municipality to receive and respond to police, fire and/or ambulance services. One or more attendants are located at the PSAP facilities to receive and handle calls of an emergency nature in accordance with the local municipal requirements.
An important advantage of E911 emergency service is improved (reduced) response times for emergency services. Also close coordination among agencies providing various emergency services is a valuable capability provided by E911 service.
1A ESS is used as the tandem office for the E911 network to route all 911 calls to the correct (primary) PSAP designated to serve the calling station. The E911 feature was developed primarily to provide routing to the correct PSAP for all 911 calls. Selective routing allows a 911 call originated from a particular station located in a particular district, zone, or town, to be routed to the primary PSAP designated to serve that customer station regardless of wire center boundaries. Thus, selective routing eliminates the problem of wire center boundaries not coinciding with district or other political boundaries.
The services available with the E911 feature include:
Forced Disconnect Default Routing Alternative Routing Night Service Selective Routing Automatic Number Identification (ANI) Selective Transfer Automatic Location Identification (ALI)
Preservice/Installation Guidelines ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ When a contract for an E911 system has been signed, it is the responsibility of Network Marketing to establish an implementation/cutover committee which should include a representative from the SSC/MAC. Duties of the E911 Implementation Team include coordination of all phases of the E911 system deployment and the formation of an on-going E911 maintenance subcommittee.
Marketing is responsible for providing the following customer specific information to the SSC/MAC prior to the start of call through testing:
o All PSAP's (name, address, local contact) o All PSAP circuit ID's o 1004 911 service request including PSAP details on each PSAP (1004 Section K, L, M) o Network configuration o Any vendor information (name, telephone number, equipment)
The SSC/MAC needs to know if the equipment and sets at the PSAP are maintained by the BOCs, an independent company, or an outside vendor, or any combination. This information is then entered on the PSAP profile sheets and reviewed quarterly for changes, additions and deletions.
Marketing will secure the Major Account Number (MAN) and provide this number to Corporate Communications so that the initial issue of the service orders carry the MAN and can be tracked by the SSC/MAC via CORDNET. PSAP circuits are official services by definition.
All service orders required for the installation of the E911 system should include the MAN assigned to the city/county which has purchased the system.
In accordance with the basic SSC/MAC strategy for provisioning, the SSC/MAC will be Overall Control Office (OCO) for all Node to PSAP circuits (official services) and any other services for this customer. Training must be scheduled for all SSC/MAC involved personnel during the pre-service stage of the project.
The E911 Implementation Team will form the on-going maintenance subcommittee prior to the initial implementation of the E911 system. This sub-committee will establish post implementation quality assurance procedures to ensure that the E911 system continues to provide quality service to the customer. Customer/Company training, trouble reporting interfaces for the customer, telephone company and any involved independent telephone companies needs to be addressed and implemented prior to E911 cutover. These functions can be best addressed by the formation of a sub- committee of the E911 Implementation Team to set up guidelines for and to secure service commitments of interfacing organizations. A SSC/MAC supervisor should chair this subcom
mittee and include the following organizations:
1) Switching Control Center - E911 translations - Trunking - End office and Tandem office hardware/software 2) Recent Change Memory Administration Center - Daily RC update activity for TN/ESN translations - Processes validity errors and rejects 3) Line and Number Administration - Verification of TN/ESN translations 4) Special Service Center/Major Account Center - Single point of contact for all PSAP and Node to host troubles - Logs, tracks & statusing of all trouble reports - Trouble referral, follow up, and escalation - Customer notification of status and restoration - Analyzation of "chronic" troubles - Testing, installation and maintenance of E911 circuits 5) Installation and Maintenance (SSIM/I&M) - Repair and maintenance of PSAP equipment and Telco owned sets 6) Minicomputer Maintenance Operations Center - E911 circuit maintenance (where applicable) 7) Area Maintenance Engineer - Technical assistance on voice (CO-PSAP) network related E911 troubles
Maintenance Guidelines ~~~~~~~~~~~~~~~~~~~~~~ The CCNC will test the Node circuit from the 202T at the Host site to the 202T at the Node site. Since Host to Node (CCNC to MMOC) circuits are official company services, the CCNC will refer all Node circuit troubles to the SSC/MAC. The SSC/MAC is responsible for the testing and follow up to restoration of these circuit troubles.
Although Node to PSAP circuit are official services, the MMOC will refer PSAP circuit troubles to the appropriate SSC/MAC. The SSC/MAC is responsible for testing and follow up to restoration of PSAP circuit troubles.
The SSC/MAC will also receive reports from CRSAB/IMC(s) on subscriber 911 troubles when they are not line troubles. The SSC/MAC is responsible for testing and restoration of these troubles.
Maintenance responsibilities are as follows:
SCC* Voice Network (ANI to PSAP) *SCC responsible for tandem switch SSIM/I&M PSAP Equipment (Modems, CIU's, sets) Vendor PSAP Equipment (when CPE) SSC/MAC PSAP to Node circuits, and tandem to PSAP voice circuits (EMNT) MMOC Node site (Modems, cables, etc)
The Hacker Crackdown Page 28