Tired.Fighter@dhp.com wrote:

This thread is probably already due for a change in the Subject line, but I'll leave it untouched for the moment.

I changed it, because I'm very familiar with what's being discussed. I also snipped huge chunks, but tried to leave the salient stuff.

On 30 Nov 96 at 13:10, Black Unicorn wrote:

...

On Fri, 29 Nov 1996, Greg Broiles wrote:

...

I don't see any reason why this wouldn't be true for a computer. Fed.Rul.Crim.Pro. 41(b)(1) allows the seizure (but seizure is not forfeiture) of "property that constitutes evidence of the commission of a criminal offense". [....] Recall also that Ripco was never specifically charged (or the minor charges that they did try to pin didn't stick). Also recall that Ripco (now ripco.com) was raided with a -sealed- warrant. I dont think that the contents of that warrant have, even today, been released (though I could be mistaken). Certainly 5 years after they had not. [....]

Yes, it was & is sealed, the justification being that the investigation was "ongoing". The whole thig was weak & shameless, but it works for the feds. Never mind that it's total & utter bullshit.

...

...

But there's a big difference between "seizure" and "forfeiture".

Not really. Only technicly. The technique used by LEO's is one that is known as "Punative Seizure", and is well known in the Computer Underground. It's standard practice for LEO's to engage in seizure of computer equipment and just to keep it. Much of the time it is accompanied with an explicit and literal threat of prosecution if the unindited suspect asks for the equipment back. It's cheaper than prosecuting, easier to accomplish, and often achives the goal of "taking the bad guy off the street" without resort to such niceties as having a case that would hold the moisture of a drop of spit. It is such common practice, that most hackers who have been around for even short lengths of time are very familiar with the practice. In cases involving juviniles, it's a very effective technique. In those specific types of incidents the drill is as follows: Suspect "H", a 15 year old male, living at home with his parents, does something to bring him under suspicion that he is involved in computer fraud. Incidents are ongoing and seem to point to the suspect, local or federal agents become interested in the suspect due to information provided by a C.I. So they go fishing, and seize his equipment. Seizure is accompanied in concert with several other actions and goals, One of which is to explore the contents of the computer for further evidence of wrongdoing. Since aquiring search warrents for such actions are notoriously broad and relativly easy to come by, this is an effective technique. The seizure usualy is stratigicly done to minimize parental involvment and possible protections, in order to give investigators time alone with the juvinile suspect to question him without the intervention of his guardians. Basicly they want Mom or Pop out of the picture long enough to pump the kid for info before the parents can insist on legal counsel. Obviously they use whatever info they can get... Keep in mind a poorly socialized, but bright, teenager is likely to be a rather talkative target and an easy mark for interrogatory techniques. "We find they want to talk, and often brag about their exploits" is such a well worn quote, that I'd have to attribute it to about 7 sources if I tried... You can extrapolate on this. The next stage is threats to the parents of the juvinile, usualy big federal time, that sort of thing, to try to terroroize them into insisting on little Johnny's co-operation. Usualy this is done without the advice of counsel if the feds can pull it off. There's a tradition of inflating numbers far beyond anything rational, so the "damages" are insanely high, and markedly fictional to anyone who knows how to cost such stuff out. It's in the favor of everyone involved to 'play ball' on cost inflation, for a multitude of reasons. Again, you can extrapolate why. The E911 case is a great example of fictional cost inflation. At that point they have Johnny under the gun, the parents terrorized, and can either work that for further co-operation, or let the kid dangle for a few years & pretty much make sure he never sees a computer. What can I say, it works for them. Don't expect them to care any, they've accomplished their goals. Quite often, as I have said, they will explicitly say "Don't ask for your stuff back or we'll charge you". (And YES that is a direct quote given to me on more than one occasion by people who've had such encounters.) In the case of adult individuals, the setup is nearly the same, wether it is a consultant running a small buisness, or a college student. The only big differences are threats to reputation, either academicly, or in the community at large. After all, once branded an 'evil hacker' by the police or media, what company would do buisness with such a scoundrel. Never mind wether or not they have a thing to do with computer security, that part's utterly irrelivant. In the case of college students, usualy it's a threat of expusion & prosecution etc. Obviously techniques vary. But one thing is clear, there's plenty of "examples" that have been made to terrorize people. I'm sure you can think of a few, and probably will sit there and go 'yea but he deserved it...' Well, when you think that I suggest very strongly that you rethink it, and consider that perhaps you don't have all, or even any, facts that have not been spun and spoon fed to you. The nuber of such punative seizures that I am aware of runs into the hundreds.

And it sums to a very bleak picture, indeed.

Bleak? heh, get used to it. Hell, this is so damned common that it's made it into comic books as a normal operative procedure. Look in "The Hacker Files" to find it. It's a comic book put out in 1993 by D.C. Comics, and in the Jan issue, Vol 6, Page 14-15 you can see exactly what I'm referencing. Obviously this is not something new. This is why the guidelines that were procured via FOIA by EPIC are so important. Hell, look at the 2600 pentagon-city case for some real chilling stuff. The Secret Service mounted what amounts to a covert operation against attendee's at a 2600 meeting at a mall in Northern Virginia. In any case, the search guidelines are pretty important, so is the Steve Jackson Games case when it comes to ISP/Web Site providers and the like. As is the ECPA, as it relates to individuals and service providers. There is substantive law on this stuff, you just have to dig a bit to find it. Some of these "high profile examples" didn't work out too damned well cause of organizations like the EFF & later on EPIC and the ACLU. Pardon me if I don't seem alarmed or appropriatly indignant, but I've long since gotten used to getting calls as 4 am from some poor fucking kid who's had his life ripped to shreds because he was doing something relativly innocuous but altogether stupid and disruprive enough to have him attract attention. Much less having similar calls from peoples counsels who have no freaking clue how to proceed in defending their clients. As for this type of activity from LEO's? Get used to it, this is how it's done in America. I'm totaly sure that there's going to soon be some poor freaking ISP out there who's going to be hit with very similar techniques, and in all probability prosecuted to provide an example or 2. They need a few good examples for ISP's really, there arn't enough right now. And, I am equaly sure that there's been some quiet seizures & returns with deals involving "co-operation" of ISP's for warez and the like. I sure as hell have a very hard time beliving that Sameer and everyone else who got hit with him by the SPA and their fucking goons were unique. I suspect they were to be an "example" however, as the SPA has a traditional role of both being stooges & goons for Federal Law Enforcment, and an appropriately one-step-removed publicity outlet. The SPA is much like what "railroad security" was in the 1800's, basicly a private police force that operates allmost outside the law. As to what anyone can do? Well not much, from what I've seen. It's just not trendy to defend individual civil liberties, the EFF tossed in the towel in favor of Telco donations. EPIC is doing a good job with the resources they have, they could use some serious donations, and it would be money well spent. Beyond that you have the ACLU, and that's pretty much it. Too many software and hardware corporations lost any moral compass at the end of the 80's and in the early 90's, and don't consider such things to be a neccesary part of their world. It's hard to compete with guys in black suits who wave the flag allot and mutter about secrecy and such things. They're the same damned bunch that want us all to have GAK too, so don't think you're somehow immune cause you arn't a "hacker". You may soon be a "pirate cryptographer", and find yourself in the company of child pornographers and terrorists. (What? Oh you've noticed you allready ARE?, well, get used to it, it's only gonna get louder. First they came for the hackers, now it's your turn.) Tim