Combat Arms 2869 Grove Way Castro Valley, California 94546-6709 Telephone (415) 538-6544 BBS: (415) 537-1777 December 5, 1990 The FBI Comes Rapping, Rapping At Your BBS by Brock N. Meeks The dog-eared manila envelope spilled a coffee stained report onto my cluttered desk. The title, "The FBI and Your BBS" sounded a little too nefarious, even for this curmudgeon of the information age. But I figured the report was worth at least a quick read. After all, somebody had gone to the effort to track down my address and forward a copy of the report to me. That someone turns out to be the report's author, Glen L. Roberts, director of The FBI Project an organization which publishes a newsletter, Full Disclosure, under the self defined category "privacy/surveillance." The report is chilling, almost paranoid. And if more people had known about its existence, a lot of grief might have been saved. As I read I remembered an old, coffee-ringed file folder I'd squirreled away. I remembered something about it's containing information on what I'd off-handedly labeled "FBI Computer Hit Squad." When I found the file, Roberts' report didn't seem so paranoid and knew I was in for a long night of research and bunch of early morning wake up interviews. IF YOU DIG, YOU HIT DIRT In 1984 a short series of discreet advertisements, placed by the FBI, appeared in a few computer trade publications and in The Wall Street Journal. The message was simple, and went something like: "We're looking for computer literate persons to join the Bureau." There was no mention of any special task force; however, it was clear that the Bureau wanted to upgrade their high-tech prowess. Although the FBI won't confirm the existence of a computerized "hit squad," an FBI public relations officer did confirm that they "have made an extraordinary effort to recruit more technically oriented personnel" since 1984. If you dig hard enough, you'll find substantial evidence that the FBI is most definitely working overtime in its efforts to monitor the electronic community. "They are desperately wary of the way information flows so freely in this medium," says Roberts. Indeed, one has only to recall this past May when some 150 Secret Service agents, assisted by local police (backed up with electronic "intelligence" gathered and provided by the FBI) served some 27 search warrants in a dozen cities across the U.S. The bust, code-named Operation Sun Devil, was patterned after the tactics used to take down suspected drug rings: simultaneous busts, synchronized arrests. All in an effort to preclude any "early warnings" reaching the West via grapevine information moving from the East. I was curious about all these high tech hit tactics and armed with my file folder and Roberts' report I called a number scrawled on the inside flap of my file folder. It was annotated "Former agent; possible source." I called the number, and got a story. "I was recruited in 1983 by the FBI for my computer skills," the former agent told me. Because he still does some consulting for the Bureau, he asked not to be identified, but he laid out a very specific plan by the FBI to increase their knowledge of the electronic communications world. He confided, "During my time the Bureau's monitoring of BBSs was extremely limited; we just didn't know how." In those days, he said, the FBI drew on the expertise of a small band of high-tech freelance snoops to augment their staff, "while we all honed our own skills." TRADITION Certainly the FBI has a tradition of "investigating" groups of people it deems "unsavory" or threatening. In Roberts' The FBI and Your BBS, there's a brief history of the FBl's willingness to gather all known information on a target group. Pulling from the Final Report of the Select (Senate) Committee to Study Governmental Operations with respect to Intelligence Activities, Book IV, Supplementary Reports on Intelligence Activities, Roberts includes this excerpt: "Detectives were sent to local radical publishing houses to take their books. In addition, they were to find every private collection or library in the possession of any radical, and to make the arrangements for obtaining them in their entirety. Thus, when the GID (General Intelligence Division) discovered an obscure Italian born philosopher who had a unique collection of books on the theory of anarchism, his lodgings were raided by the Bureau and his valuable collection become one more involuntary contribution to the huge and ever-growing library of the GID. [pages 87-88]." Change "any radical" to "any BBS" and "book" to "disk" and quite suddenly the electronic landscape turns into a winter still-life. DATA COLLECTION Roberts, quoting from his report, says, "Unlike other communications media, information on a BBS does not get read by anyone before its instantaneous publication. Therefore, the FBI has much less of a possibility of intimidating the owner of a BBS into not publishing certain information. The FBI also acts as if BBSs have a monopoly on the distribution of so-called 'illegal information.' The FBI often uses this 'danger' as justification to monitor the activities on these systems. In reality, however, BBSs transfer much less 'illegal information' than the phone system." Roberts statements are worth noting in light of the government's increased interest in the marriage of criminal activity and electronic communications. A 455-page report issued by the President's Commission on Organized Crime, dealing with drug abuse and trafficking cites that fact that crime has moved into the high-tech arena. The report states "To the extent that law enforcement agencies' capabilities and equipment are inferior to those of drug traffickers, immediate steps should be taken to rectify the situation." The report then recommends that data-gathering efforts of several agencies (including the FBI) should be tied together in one "all-source intelligence and operations center." ANY PROBLEM HERE? There are no laws prohibiting the FBI (or other agencies) from monitoring the public message traffic on a BBS; the Electronic Communications Privacy Act of 1986 protects private messages and privately stored files only. But what about an FBI agent monitoring a BBS solely for the purpose of gathering information on the board's users? Any problem here? The former FBI agent I spoke with raised the concern that such casual monitoring might be a violation of the 1968 Wiretap Act. "In order for a wire tap, you have to get a court order. Now if an FBI agent is monitoring a BBS to gather information, that becomes an interesting question, because there are very specific federal rules about a wire tap. My question to you about a BBS [being monitored] is: "At what point does monitoring turn into a wiretap-like act?" Good point. The reality is, however, that there are no rules. Unless that agent is asking for private message traffic, he can, without impunity, monitor, store, and otherwise manipulate your public messages as he sees fit. Roberts points out that a BBS with public access is fair game for any kind of governmental snooping. But there is a way to make such casual snooping by a federal agent a crime. "If you want your BBS readily accessible to the public but want to protect against unwarranted monitoring, you have to provide a warning to prospective users," says Roberts. "It should read: 'This BBS is a private system. Only private citizens who are not involved in government or law enforcement activities are authorized to use it. The users are not authorized to divulge any information gained from this system to any government or law enforcement agency or employee."' This does two things. It makes the entire board "private." Second, it makes any kind of monitoring by the FBl (or other agencies, such as the Secret Service) a criminal offense (because they are would be guilty of unauthorized access; it also forces them to use the established guidelines of gaining information via a court ordered search warrant. The warning also protects you in another way: it stops "freelancers" from doing the Bureau's work. GET REAL How real is the possibility of the FBI monitoring your BBS? Much more than I'd like to believe. Although details of Operation Sun Devil are still sketchy, it's clear that the FBI, working in tandem with the Secret Service, is monitoring several hundred "suspected" boards across the electronic landscape. What kind of board is a potential monitoring target? "Any board that advocates hacking," said a Secret Service spokesman. Yet when I asked for a definition of hacking, all I was told was "illegal activity." The information provided here bears out, if nothing else, an increased interest by the FBI in the hard ball practice of going after electronic criminals. But are the "good guys" getting caught up with the bad? How extensive is the FBl's actual fact gathering by monitoring BBSs? No one knows really knows. However, given the history of Bureau, and the hard facts that crime in the information age makes full use of all the technology it can get its hands on, it's a small leap to believe that at least specific monitoring, of certain target groups, is taking place. Where does that leave you and me in all this? Back to square one, watching carefully what we say online. If you're a member of a "controversial" BBS, you might pass the concerns of Roberts on to your sysop. If you are a sysop, you might want to consider adding a bit of protection to the board . . . for the rest of us. Brock Meeks is a Washington, D.C. based columnist whose articles have appeared in several publications including Byte Magazine. His favorite radical BBS is ... well...private. -= RESPONSE FROM MUSTANG SOFTWARE REGARDING THIS ISSUE =- Msg #: 107 Area: Wildcat_BBS Sent: 30 Nov 90 07:39:29 From: Rick Heming To: All Topic: Policy Statement - Mustang Software, Inc. This text is available in the file POLICY2.TXT on the Mustang Software, Inc. HQ BBS for registered WILDCAT! sysops. ------------------------------- SOFTWARE COPYRIGHT, PIRACY, AND THE BBS COMMUNITY Mustang Software, Inc. - 11/29/90 Recently several computer trade publications have published reports of computer software piracy through the use of bulletin board systems. The articles in question briefly outline the confiscation of computer hardware from several BBS system operators as a result of a year-long investigation by the FBI. This investigation solicited support from several software developers, including Novell, Inc. and Mustang Software, Inc. This policy statement is designed to clarify the activities and position of Mustang Software, Inc. in these activities. 1. In the fall of 1989 Mustang Software was approached by the FBI regarding an investigation they were conducting into the activities of several bulletin boards in the Nashville area. The agents indicated that they were in contact with Novell, Inc. as a part of their investigation and requested information on how BBS were operated in general. Our contact with the agents consisted of verbal telephone contacts on several occasions throughout the following year, during which we offered technical support and inquired as to the progress of the investigation. 2. At no time during the FBI's independent investigation did anyone connected with Mustang Software initiate or receive any BBS or modem-related calls for investigative purposes. We made absolutely no calls to any other BBS, WILDCAT! or otherwise, other than test calls requested by registered sysops of our technical support staff. Furthermore, Mustang Software was not involved in any verbal contacts or telephone call to any sysops with regard to this activity. 3. According to affidavits filed with the U.S. Attorney's Office in Nashville, the FBI gained access to the BBSs in question through paid memberships and by convincing the sysops that they were interested in exchanging copyrighted material. Access to the BBS systems involved was not gained using a back-door, trojan program, or a security breach. The WILDCAT! BBS has never incorporated code to allow access through a "back door", nor would such a provision be added for investigative purposes in the future. As a matter of record, the BBS software in operation on the systems in question was not WILDCAT! when the "sting" was conducted. Mustang Software, Inc. has every intention of continuing to strengthen our position as the fastest growing BBS in the world. To do so, we must rely heavily on our reputation in the international BBS community. We would not compromise that reputation for anything. You can continue to trust that WILDCAT!'s source code has no undocumented features which would compromise the security aspects of our product. The above statements are presented to provide factual information regarding Mustang Software's physical activities during the period of the FBI's investigation. Apart from our participation, it is also important to understand our company position on the matter of software copyright, piracy, and the BBS community. BBS systems have many potential applications, most of which are legitimate endeavors. We realize however that there are some uses which may be looked upon as questionable, and others which are clearly illegal. Mustang Software does not believe it is not our function to concern ourselves with the use to which our product is placed, nor will we ever become involved in gathering this information from system operators. We do however adhere to the principals and guidelines of Software Publishers Association (SPA) regarding software piracy, and cannot condone this type of activity when it is brought to our attention. Our cooperation with the FBI investigation is an example of our response when such activity becomes apparent. Should such an investigation request information beyond simple conversation and technical support in the future, we will provide it in response to a proper legal request. The FBI investigation represents the possible consequences when a BBS operator openly engages in activities of questionable legality, and does so over a long period of time. A more common situation is one which arises almost monthly at Mustang Software. We are often advised by sysops that WILDCAT! is being used without proper registration, or that a particular BBS has made the registered release of our product available for download. Our response is always a simple phone call to the system operator bringing the matter to his attention. This call is all that is needed 98% of the time, and others are cleared-up with a standard form letter. We have never had to resort to legal action when handling a copyright issue with any BBS operator or other individual. This cooperation by responsible sysops is in direct contrast to the blatant pirating of a wide range of titles alleged in the FBI affidavit. Mustang Software, Inc. has invested a great deal of time during the past 2 years in an attempt to integrate BBS Software and communications software to the level of other applications such as database software, word processing software, or spreadsheet software. This effort was undertaken to help move away from the common misconception that BBSs are primarily operated by individuals not a part of the mainstream. We believe this representation of sysops as roguish computer hackers is inaccurate, and does not lend credibility to the telecommunications aspect of the PC marketplace. The BBS community has made great strides in this regard during the past year. Many software and hardware manufacturers have implemented BBS support systems, major corporations are installing BBSs for employee support and communication, and retailers such as Software Etc. now carry BBS software on store shelves nationwide. Software piracy using BBSs hurts us all. We firmly believe that the vast majority of system operators try to operate their BBS in a responsible manner, and avoid activities which violate the rights of others. In order to prevent encroachment and limitation of our telecommunication activities, we must make it clear that the activities of a small minority of BBS operators do NOT represent those of the masses. One of the best ways to accomplish this is to stand united against software piracy and to let the press know that BBS operators in general do not engage in this activity. We appreciate your time in reviewing this policy statement, and hope it has answered any questions on your mind. Sincerely, Mustang Software, Inc. P.O. Box 2264 Bakersfield, CA 93303