Testo tratto dal
MAIN CATALOG 1992, pag.25-29
della LOOMPANICS UNLIMITED, Port Townsend, WA, USA


CIVILIZING THE ELECTRONIC FRONTIER:
An Interview with Mitch Kapor of the Electronic Frontier Foundation
Conducted by Michael Marotta



In 1982, Mitch Kapor founded Lotus Corp. marketers of the best-selling spreadsheet program, LOTUS 1-2-3. on July 10, I990, together with Grateful Dead Iyricist John Perry Barlow, and Apple co-founder Steve Wozniak, Kapor announced the creation of The
Electronic Frontier Foundation. Their goal was to "bring law and order to cyberspace." They were respording to a series of Federal law enforcement actions publicized under the banner "operation Sundevil."
These raids showed a disturbing lack of understanding
of computer technology and a cavalier attitude toward
the First A mendmen.

The EFF came to the defense of Steve Jackson and
Craig Neidorf. (See "Did Thomas Jefferson Wear Mir-
rorshades, or Why is the Secret Service Bsting Pu-
lishers?" Loompanics Catalog, 1991.) They filed an
amicus curiae brief in the case of Len Rose, a program-
mer who was swep up in the raids. The EFF has also
spoken up on issues relating to the policies of Prodigy,
a BBS run by Sears and IBM, because Prodigy has cen-
sored messages among its clienls. (See, for instance,
"When is Gardening a .Subversive Act?", New York
Time, Jan. 31, 1991.) In addition, the EFF helped the
state of Massachusetts draft a computer crime law which
can .serve as a model in balancing property and free speech interests.

(This interview was conducted via e-mail in the .Sum-
mer and Fall of 1991. Supporting Kapor was EFF legal
counsel, Mike Godwin)

MAROTTA: The EFF engaged in three highly visible
actions. You helped Craig Neidorf, Steve Jackson and
Len Rose. How do you see the differences in the issues
raised by each case? What attributes do these cases
share?

KAPOR: There are some common elements among
these three cases, not the least of which is that they all
arose from the same set of investigations: the E911
cases. These cases are all connected. in one way or
another, with the purported theft of an online document
concerning the Emergency 911 system. The government
maintained that this information was both secret and
dangerous in the wrong hands.

Craig Neidorf was prosecuted because he published
the document in his online newsletter, Phrack. The
government chose in that case to characterize Craig as
a conspirator who received stolen property but a better
analogy would be to the New York Times editors who
received the Pentagon Papers. First Amendment rights
were directly implicated by the Neidorf case, which also
raised issues of the propriety of the government's un-
critically accepting the "victim's" valuation of the "stolen property." (Bell South initially valued the E911
document as worth nearly $80,000; it was discovered
during preparation for trial that the information in the
document was publicly available for less than $20.)

Steve Jackson Games, unlike Craig, was never
charged with (or suspected of) wrongdoing. But the
E911 investigations led the government to a BBS run at
home by an SJG employee. Without any apparent
probable cause to search the company, the government
nevertheless did so, resulting in the company's near-
bankruptcy and the months-long delay in publication of
the company's latest game book, GURPS Cyberpunk.
The government also seized and searched the company's
bulletin-board system, which SJG used to maintain con-
tact with its writers and customers, and which was also
used for general discussions and electronic-mail cor-
respondence. Thus, the case involves Steve Jackson
Games' First Amendment and Fourth Amendment
rights, and the users' rights of freedom of association and
e-mail prlvacy.

Our formal involvement in the Len Rose case in-
volved a narrower issue: whether the Computer Fraud
and Abuse Act is unconstitutionally broad. Len Rose
was prosecuted on the basis of e-mail seized in Craig
Neidorf's student account at the University of Missouri.
In that e-mail, Rose explained how a program called
login.c could be modified to capture users' passwords.
EFF was concerned that the federal statute in question
seemed to forbid people even to talk about ways that
computer security could be breached--we regard this
as an unconscionable breach of First Amendment rights,
and filed an amicus brief to raise that issue. The case was
settled, however, before the issue could be resolved by
the court.

The three cases differ on the particular facts, but they
all arose out of the same set of investigations, and they
all implicate First Amendment issues.

MAROTTA: You focus on the First and Fourth
Amendments. The Ninth is the one that says you have
more rights than are listed in the Bill of Rights. Wouldn't
that include the right to privacy?

KAPOR: The Ninth Amendment seems to be less a
guarantee of additional rights than a rule of interpre-
tation for the other Amendments. But regardless of the
source, the right to privacy is a right that's (still) recog-
nized by the Supreme Court, and it's protected both in
Constitutional law and in some federal and state
statutes. And, if you'll recall, the reasoning behind the
Court's recognition of the right to privacy in Griswold
v. Connectlcut is based in part on interpretations of the
First and Fourth Amendments, so we can't focus on
those Amendments without raising privacy issues. The
First Amendment has been construed to guarantee free-
dom of association, and privacy is necessary for much
of the exercise of that freedom.

MAROTA: Well, if the police torture a confession out
of someone who is "really" guilty, we let the accused go
because that is better than living in a country where the
police are allowed to use torture. So some people have
said, "Yes, their rights may have been violated, but these
hackers were still violating property rights." In truth,
however, isn't it plain that the First Amendment would
completely cover Craig Neidorf as the publisher of
Phrack ? In other words, you have a right to receive mail?
And that would apply to Steve Jackson and Len Rose
as well?

KAPOR: This is really two questions, it seems to me.
The first question, about defendants' rights, points to one
of the hard things we always have to deal with when
we try to keep our criminal procedure within the
bounds of the Constitution. Basically, we have to work
to protect the rights of people who may turn out to be
guilty in order to protect the rights of the innocent. The
issues that are being raised in the prosecution of hackers
now will affect everyone's understanding of our rights
in the future, so it's important that we get recognition
of those rights now.

' The issues that are being
raised in the prosecution of
hackers now will affect every-
one 's understanding of our
rights in the future, so it* im-
portant that we get recognition
of those rights now. "

The second question, about the First Amendment,
deserves a qualified "yes." The First Amendment
doesn't "completely cover" anything, but it seems
certain that Neidorf would qualify as a publisher under
any reasonable interpretation of the First Amendment.
This does not squarely apply to what he was accused of,
however -- the government alleged that he had
conspired in the theft of information from Bell South.
Absent a conspiracy charge, it is certainly the case that
a publisher is not breaking a law if someone gives him
information. l'm not sure how you're connecting the
Steve Jackson and Len Rose cases, which have different
facts, to Neidort's.

MAROTTA: Len Rose was indicted under the Com-
puter Fraud and A buse Act. This law specif cally forbids
communicating the methods of frau Wouldn't this
apply to mJstery stories, as well?

"Absent a conspiracy charge, it
is certainly the case that a pub-
lisher is not breaking a law if
someone gives him informa-
tion. "

KAPOR: The original provision of the Computer
Fraud and Abuse Act, which seems to forbid ''traffick-
ing" in information that could be used to break into a
computer, is certainly overbroad, and probably uncon-
stitutional. Yes, it would seem to ban certain kinds of
mystery stories or discussions of computer security.
However, Len was originally indicted under the CFAA,
but his superseding indictment focused on wire fraud.
The Wire Fraud statute does not specifically forbid
communicating the methods of fraud. Only the CFAA
does that.

"The original provision o the
Computer Fraud and Abuse
Act, which seems to forbid
'trafficking' in information that
could be used to break into a
computer, is certainly over-
broad, and probably uncon-
stitutional. Yes, it would seem to
ban certain kinds of mystery
stories or discussions of com-
puter security. "

MAROTTA: ell, fhen, to what do JOU attribute the
zeal with which law enforcers are willing to ride rough-
shod over the Bill of Rights TheJ aren't busting Pocket
Books for publishing NancJ Drew and the ardy BoJs.
Why are the chasing computensts?

"It's important to remember
that law enforcement doesn't see
itsey as opposed to the Bill of
Rights. Their attitude tends to
be 'If we haven 't been told by the
courts that we can't do this, we
can do it. "'

KAPOR: It's important to remember that law enforce-
rnent doesn't see itself as opposed to the Bill of Rights.
Their attitude tends to be lf we haven't been told by
the courts that we can't do this, we can do it." There's
a certain amount of resistance to the notion that law
enforcement should be respectful of First and Fourth
Amendment rights in contexts that haven't been
addressed by the courts. They expect the adversarial
process to resolve any tricky rights issues over the long
run, resulting in guidelines for them to follow.

The problem is that, while they usually try to be
sticklers about the rules that already have been laid
down, they tend to "push the envelope" in gray areas
like computer-crime searches and seizures. Not until
case law clearly establishes the rights of computer
owners and users will this problem be resolved.

MAROTTA: What are the issues in the Prodi case?

KAPOR: Although EFF is not involved at the moment
in any activities directly relating to the Prodigy dispute,
we believe that the dispute touches some basic issues
with which we are very concerned, and that it illustrates
the potential dangers of allowing private entities such as
large corporations to control or even set the tone for the
market for online electronic services.

Prodigy management has hired editors 'with journal-
istic backgrounds" to review messages for suitability
before they are allowed to be publicly posted. The mem-
ber agreement allows the management to limit public
discussions of topics and to edit postings of individual
rnembers for obscenity or illegal content... or for any-
thing else, at Prodigy's discretion.

The result of this broad management prerogative?
One member is reported to have had his posting about
population problems in Catholic countries censored,
presumably out of the editors' fear that Catholic users
would be offended. More significantly, some whole
discussion topics, including a debate between Christian
fundamentalists and gay activists, have been removed
without warning from thc conferences.

The initial solution to the censorship problem was
simple: Take the discussions to e-mail. Prodigy users
began to rely on a mailing-list feature of the program to
continue their (now-uncensored) discussions. But soon
a crisis had brewed. The Prodigy users who had been
told to take their no-longer-welcome public discussions
to e-mail were now being told that they wouldn't be
able to use Ihe e-mail service at the flat rate any longer.

The result of this policy change was predictable: irate
Prodigy users began to protest, complaining on Prodi-
gy's public boards about the new usage fee and at-
tempting to organize a write-in campaign notifying
Prodigy's management and-- when management
turned a deaf ear to their protests--- its advertisers of
their disaffection. Prodigy management responded by terminating the accounts of 12 of the protestors,
claiming that the protestors had violated their member-
ship agreements, which forbade "harassment."

"The Prodigy experience to date
reveals a serious mismatch
between the expectations of
Prodigy's management and its
customers. "

The Prodigy experience to date reveals a serious mismatch between the expectations of Prodigy's manage-
ment and its customers. Here the market clearly seemed
to want unrestricted puWc conferencing and electronic
mail. But as demand for these features has mounted, the
supplier, rather than trying to satisfy its customers, has
cut back on the features' availability because it did not
correspond to or fit with the company's view of the
purpose of the service. To the extent to which this type
of thinking is representative of the general way large
commercial interests may offer on-line services, it clearly
represents a tuming away from the use of digital media
as open forums of public communication. In the
extreme case, in a situation in which Prodigy and its
commercial competition all choose to censor and
control communication on their services, the public
interest will not be well served.

MAROTTA: How does Prodigy essentially differ from
any other BBS?

KAPOR: With respect to the large degree of control it
has chosen to exercise over its subscribers' postings,
Prodigy is at the far end of the spectrum of BBSes. At
the opposite end are those BBSes which are entirely free
forums in which postings are never rejected or removed
by the sysop. Most BBSes fall somewhere in the middle,
with sysops foregoing prior review entirely, but reserv-
ing the right to remove messages (although this rarely
needs to be done). Prodigy is different because it has
chosen to employ a newspaper/magazine metaphor on
its service. It is clear that Prodigy management was
originally uncomfortable with the notion of a free
forum; they chose to describe their service as a "publi-
cation" rather than as a forum precisely because they
want to have an editor's prerogatives to dictate,
absolutely, what the content of the "publication" will
be. We hope that they will reconsider this posture and
loosen up.

MAROTTA: What is EFF's interest?

KAPOR: We at EFF do not dispute that Prodigy is
acting within its rights as a private concern when it
dictates restrictions on how its system is used. We do
think, however, that the Prodigy experience has a
bearing on EFF interests in a couple of ways.

First, it demonstrates that there is a market--a
perceived public need--for services that provide
electronic mail and public conferencing.

Second, it illustrates the fallacy that "pure" market
forces always can be relied upon to move manufacturers
and service providers in the direction of open commun-
ications. A better solution, we believe, is a national
network-access policy that, at the very least, encourages
private providers to generate the kind of open and
unrestricted network and mail services that the growing
computer-literate public clearly wants. One way to
implement such a policy would be to limit legal liability
for service providers who merely store and forward their
users' public and private messages. With such a policy
in place, Prodigy management might be more comfor-
table with the risks of providing a relatively unregulated
public forum.

"We at EFF do not dispute that
Prodigy is acting within its
rights as a private concern when
it dictates restrictions on how its
system is used. We do think,
however, that the Prodigy ex-
perience... illustrates the fallacy
that 'pure' marketforces always
can be relied upon to move
manufacturers and service pro-
viders in the direction of open
communications. "

MAROTTA: It is easy to agree that Prodigy has a
narrow viewpoint of computing They are not my service,
that's for sure. In fact, I have been kicked off FidoNet
Echoes I was bounced from the Virus Echo for saying
that self-reproducing programs have merit. I was ex-
cluded from the Stock Market Echo for saying that Ivan
Boesky is a political prisoner. I have run afoul of the
Communications Echo for posting about EFF. Are you
going to identify FidoNet as a restrictlve system? I think
they'd say that I have a perfect right to buy a computer
and start the Mike Marotta Echo. As long as I am a
guest, do I not bear a responsibility to observe the rules
of the house?

KAPOR: The mention of guests and houses is clearly
a metaphor. Responsibility in the online world should
be a function of the details of a particular situation, not
a metaphor. I don't know what else to say about this.

MAROTTA: In "Crime and Puzzlement" by John
Perry Barlow, the ignorance of law enforcement people
is noted. There was a case on the West Coast where a
BBS closed and the number was given to a doctor's
off ce. Then the police busted people who called the old
BBS number, on the grounds that they were trying to
break in to a medical computer system. The police
pleaded ignorance of computing (ne of the EFF's
primary goals is to bring law and order to cyberspace.
Have you been able to bring computer literacy to law
enforcement?

KAPOR: There's no question that the law enforcement
community itself is trying to increase its computer
literacy--they hold frequent seminars about computer
crime, for example, and there are a number of publica-
tions, available from the National Institute of Justice
and elsewhere, that are designed to bring law-enforce-
ment offcials up to speed on computer crime. The
problem has been that these education efforts are a bit
one-sided--- they focus on the means of committing and
of investigating and prosecuting computer crime, but
they tend to give little or no time to the civil-liberties
issues that are raised by such crimes and by those
investigations and prosecutions.

"Even when law enforcement
knows how not to make mis-
takes in handling and examin-
ing sof tware and hardware,
they may still engage in over-
broad seizures or overlook the
First Amendment significance
of bulletin-board systems or the
statutory restrictions on
searches of electronic mail. "

So, even when law enforcement knows how not to
make mistakes in handling and examining software and
hardware, they may still engage in overbroad seizures or
overlook the First Amendment significance of bulletin-
board systems or the statutory restrictions on searches of
electronic mail.

At EFF we're trying to fill that gap by publishing
articles ab2ut search-and-seizure law and policy, and by
conducting speaking events in which these issues are
raised. We also hope that the Steve Jackson case will
settle some of the issues about what a computer crime
investiator ought to be expected to know.

MAROTTA: NREN is he National Research and
Education Network, a proposal tha is likely to pass
Congress and be approved by the President. You ex-
pressed reservations earlier because many decisions
seem to be made by default on this. NREN will be built
with public money and it will be administered by a
private company. It seems that this contract will go to
ANS, Advanced Networks and Services. ANS was
founded by Merit, IBM and MCI and in turn, ANS sub-
contracts management oJ the National Science Found-
ation's NSFnet back to Merit. The president of ANS is
Alan Weis, formerly of IBM. How is NREN in the 21st
century essential/y different from railroads of the 19th?
More to the point, Western Union began with some
government contracts and after the Civil War, Washing-
ton signed over to them thousands upon thousands of
miles of line built with public funds. NRF_,N seems like
a tune we've heard before.

KAPOR: ANS has the contract for the NSFnet back-
bone, which expires in October 1992. NREN funds will
go for many things, including gigabit networking. It's
possible NREN funds may go to ANS, but this is not
the ANS danger. The danger is of the government
handing ANS an advantage over commercial corn-
petition. This would be unfair and must not be allowed.
There has to be equal access for all commercial carriers
to any government-supported network.

MAROTTA: Well as long as there are people like EFF
out there, I suppose the door is shut on cyber-fascisr
For one thing, Bifnet and Usenet on the Internet already
support fairly open communication. These people see
FidoNet as "priestly," while FidoNet's moderators are
restricted from inserting their own viewpoints the way
Usenet moderators do. So we have varying degrees of
openness. The folks at Merit are very proud of the fact
that .so much NSFnet and Bitnet traff c consists of file
transfers, people getting and sending data from and to
open systems with public accounts for what they call
"Anonymous FTP." So, overalL then, do you see EFF
as the focal point, as the expre.ssion, of a general
tendency towardfreedom in cyberspace?

KAPOR: It's not the focal poin, but it's a focal point
for freedom in cyberspace.




Electronic Frontier Foundation, Inc.
155 Second Street
Cambridge, MA 02141

Internet address efl-@well.sf.ca.us