I was over at the federal courthouse in SF on Friday, and copied documents from the court's file in _US v. Salgado_, the case which got national front-page coverage last week in which the defendant, a 30-something resident of Daly City, was able to gain access to many credit card numbers through security holes at some un-named ISP's. The documents (complaint + affidavit, indictment, pretrial release memo, and motion to seal record) are online at <http://www.parrhesia.com/smak/>, and also available at <http://jya.com/smak.htm>. The files were graciously and skillfully transferred from paper to digital/HTML format by John Young (thanks, John). I found this file interesting for two reasons: 1. Salgado used an unspecified crypto app/algorithm to encrypt his communications with his co-conspirator, an informant working for the FBI. (Details found in the affidavit accompanying the complaint). This case, a high-profile and high-value credit card/access fraud case, was brought quickly to a favorable conclusion for law enforcement, despite the use of crypto - there's no indication that crypto use hindered law enforcement at all. 2. The government has filed a motion to seal the transcripts of Salgado's guilty plea, because in the course of pleading guilty, he revealed the identity of some of his victims; the government would prefer that the public not learn which ISP's had security inadequate enough to protect their customers' and customers' customers credit cards. (Criminal defendants, as part of a guilty plea, are required to tell the court in their own words what it is that they did that constituted the crime - this is intended to help prevent defendants into being tricked/coerced into guilty pleas to crimes they don't understand.) The government's motion was filed on 8/25/97; no opposition was filed, and I don't believe it has been granted (yet). -- Greg Broiles | US crypto export control policy in a nutshell: gbroiles@netbox.com | http://www.io.com/~gbroiles | Export jobs, not crypto. |