Computer underground Digest Wed Mar 5, 1997 Volume 9 : Issue 15 ISSN 1004-042X Editor: Jim Thomas (cudigest@sun.soci.niu.edu) News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu) Archivist: Brendan Kehoe Shadow Master: Stanton McCandlish Shadow-Archivists: Dan Carosone / Paul Southworth Field Agent Extraordinaire: David Smith Ralph Sims / Jyrki Kuoppala Ian Dickinson Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #9.15 (Wed, Mar 5, 1997) File 1--Childporn: Guardian Angels, Netpics File 2--Cu Digest, #9.14, Sun 2 Mar 97--Childporn: Guardian Angel File 3--CYBERANGELS FACE PROJECT File 4--CyberAngles Faces project: CuD #9.14, Sun Mar 2, 1997 File 5-- CUD Submission in reply to CuD 9.14 Guardian Angels File 6--Cu Digest Header Info (unchanged since 13 Dec, 1996) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. --------------------------------------------------------------------- Date: Mon, 3 Mar 1997 10:06:15 GMT From: charles@ANATOMY.UCL.AC.UK(Charles King) Subject: File 1--Childporn: Guardian Angels, Netpics Gabriel Hatcher's reply seem to be a form letter. I received an identical letter last week when I wrote to him complaining about the FACE project. Clearly, he is not concerned with mounting an adequate defence of his actions. As far as his protestations of legality go, such acts are specifically prohibited in the UK under section 97 of the Children's Act 1989. I suppose the law in America is different. ------------------------------ Date: Mon, 03 Mar 97 08:44:32 GMT From: dbell@ZHOCHAKA.DEMON.CO.UK("David G. Bell") Subject: File 2--Cu Digest, #9.14, Sun 2 Mar 97--Childporn: Guardian Angel I think the CyberAngels FACE scheme is pretty well thought out, but I do wonder if they quite realise the implications of the international nature of the Internet. There are, I suggest, two main problems. First, different countries do have different laws. Here in the UK, the definition of paedophile material has a lower age limit than in the USA, although the CyberAngels are setting a cut-off point of 15, which would also be illegal here. Perhaps more important are the way in which UK law makes 'faked' images as illegal as the real stuff, and the protections in law for the victims in sex cases. The FACE database, if published, would be at risk from such protection laws. The second problem is that the scheme depends on an Internet user who looks at the database, and recognises somebody. There are going to be false alarms. It's even possible that many of these victims are not known to _any_ Internet user. Here in the UK there have been several major cases of alleged "satanic child abuse" which have eventually collapsed, with dreadful effects on the innocent families involved. I don't want to see paedophiles escape, but I do know of the harm that can be done by a witch hunt. And, frankly, I find the average of 80 victims per paedophile, suggested by the CyberAngels, rather difficult to believe. I hope they can provide a good source for this claim. According to reports in the UK, most cases are within a family, and this figure suggests that other cases could routinely involve a couple of hundred victims. Since the "satanic ritual abuse" scares started in the USA, and have turned out to be largely unfounded here in the UK, I'm afraid that I tend to be sceptical. But if they can gather information that leads to a paedophile, without provoking the persecution of innocent families, it will be something wonderful, that they can be justly proud of. ------------------------------ Date: Wed, 5 Mar 1997 18:53 EDT From: "E. Allen Smith" Subject: File 3--CYBERANGELS FACE PROJECT A response to Colin Hatcher's letter to CuD: As a reader and occassional contributor to CuD, I find your characterization of CuD as a place where demonization occurs quite insulting. Indeed, it indicates that neither you nor your organization is responsive to criticism on ethical grounds. (I suspect my posting to CuD regarding your monitoring scheme may have contributed to your negative feelings regarding CuD; I will clarify my statements by that I was not advocating mail-bombing the CyberAngels, but simply that you would better serve the Internet community by concentrating on actual problems such as spam.) To the degree that "do-gooder" is treated negatively on CuD, it is because of such phenomena as "we're from the government and we're here to help you." Only organizations (e.g., the Red Cross) with a history of competent, helpful action should be free from this suspicion; neither the CyberAngels nor their parent organization the Guardian Angels match this description. Cooperation between the CyberAngels and such government organizations Another example of why the CyberAngels are not so trusted can be found in your claim that you should report any possible child pornography, even if it may be innocent (e.g., morphed), by asking if the person would do away with laws against child pornography. First, your statement shows an ignoring of the principle that letting the guilty go free is preferable to punishing the innocent - a principle found in all free legal systems. While your reporting of an event does not result in and of itself in direct judicial punishment, the investigation of child pornography production (like that for other emotion-charged crimes) is noticeably harrassing in and of itself. When you bring such harrassment (potentially including tabloid media involvement) on an innocent person, you are ethically if not legally to blame. An example of such a case (albeit not resulting from CyberAngel action, so far as I know) can be found in the same CuDigest as your article. Second, removing the possibility of prosecution for possibly morphed images does not remove the possibility of prosecution for the _production_ of child pornography - the only phase in which a child is being actually harmed. The claim that limits on free speech and freedom of the press regarding the distribution or possession of child pornography are necessary to prevent its creation is negated by phenomena on the Internet such as copyright violations. Quite simply, I find it highly unlikely that most persons paying for the reception of child pornography are paying money (directly or indirectly) to the producers of such material. Therefore, the remaining illegality of such possession or distribution can only be attributed to "do-gooder" intrusion of their morality on others, a fault for which politicians are often to blame. Given this consideration, I would therefore regard the CyberAngel search for "probable cause" (in this and in other cases) in about the same light as the encouraging of informing on one's neighbor in totalitarian states such as the USSR under Communism; while I am not in favor of making such behavior illegal (it is free speech, something that I wish to protect), I certainly find it ultimately unethical. I would like again to encourage the CyberAngels to concentrate on matters directly harmful to the Internet, such as the aforementioned spams. While you may claim that your activities are necessary to prevent governmental infringement (such as the CDA) on the rights of Internet users, I find this claim reminiscent of self-censorship resulting from threats of governmental censorship. Moreover, reporting information to the goverment cannot be described as discouraging government involvement and regulation. ------------------------------ Date: Wed, 5 Mar 1997 15:43:00 -0800 From: Jason Harrison Subject: File 4--CyberAngles Faces project: CuD #9.14, Sun Mar 2, 1997 In Mr Hatcher's posts to CuD, he has repeatedly stated the importance of stopping child pornographers and child abusers. His proposed method is to identify the child victims of the pornographer and abusers and used these children to identify the people many of us would like to remove from the streets. Many of the complaints about his method, hinge on the fact that identifying victims ignores the wishes of the victims and perhaps even their rights. Mr. Hatcher responds that "ending the abuse" is the goal that should be pre-eminent in our minds. Here's another take, from the victims. Mr Hatcher, the victims that you want to save do not want to be publicly identified. If there is any possible way for the identities of the victims to be released beyond the official Law Enforcement channels, and the CyberAngels are NOT in that group, then the CyberAngels may face suits by the identified victims for damages to their reputation. Why? Let me set the scenario. Recently here in Canada, which has slightly stronger laws against child pornography than in the States it has been recently realized that a "child sexual abuse" ring worked out of the Maple Leaf Gardens in Toronto. The Maple Leaf Gardens is a large hockey arena in downtown Toronto. Today, The Globe and Mail published the following article: Victims of sexual assaults went public, feel punished DEEP SCARS / After suffering as boys and teens, two men complain they can't find support and are unfairly painted as potential abusers. Wednesday, March 5, 1997 By Jane Gadd The Globe and Mail http://www.globeandmail.com/docs/news/19970305/GlobeFront/UVICTN.html I'll let you examine the content of the article yourself. To summarize: - All sexual abusers were sexually abused themselves. - Society is very afraid of (potential) sexual abusers. - Society is thus very afraid of sexual abuse victims. - But, only 7% of sexual abuse victims go on to become sexual abusers. An example taken from the article: Eric...was sexually molested beginning at the age of 9 by his stepfather's father. His visits to the man, and sexual relations, continued until Eric was 15, when he told his mother. She called the police, and his abuser was jailed for 10 years on numerous counts of sexual assault. Eric recalled the first visit: It was a winter evening, and his stepfather took him to visit the old man, leaving him there overnight. "I didn't know him. It was bedtime and he had a pullout couch. I remember him sitting beside me and saying everything was okay. And then he took my pants off." That first time, the sex was one-way--Eric submitted to caresses from the older man. But over the following six years he was drawn into full reciprocal sexual acts. "I have a tremendous amount of guilt and shame for staying in the relationship," he said. "What I remember is I didn't want the sexual relationship . . . but I wanted the companionship of a father-figure to do all the normal father-son things with--going to movies and arcades, shopping, things like that. He took me to work with him, and he let me drive even though I was too young. I felt he was the one person who cared about me." After his abuser was jailed, Eric buried the issue for close to 10 years. "I don't remember any counselling. I was given a pamphlet. . . . The police asked me if I had felt any serious effects from the relationship, and I said 'No, I have a girlfriend. I just want to put it behind me.' " The woman he married was sympathetic when he told her about the abuse shortly after the relationship began. But since then, the marriage has broken up and his former wife has withheld access to his two sons on the grounds that Eric is at risk of being a child abuser. So say that Eric's abuser had taken photographs and had uploaded them to the Internet, and thanks to the Faces project Eric's abuser had been arrested. Eric went on to get consulting, and had not told his wife that he was a victim of sexual abuse. She then found out through the Faces project that he had been a victim and thus had her laywer argue in court for controlled access to her AND his children because he was a child abuse victim, and MAY become a child abuser [note the 7% figure above for victims becoming perpetrators]. Eric would have grounds IMHO to sue the CyberAngels and all law enforcement agencies associated with the release of his sexual abuse victim status for damages to his reputation. -Jason -- ------------------------------------------------------------------------------- J. Harrison@cs.ubc.ca http://www.cs.ubc.ca/spider/harrison Graduate Motto: Free-time with guilt. ftp://ftp.cs.ubc.ca/pub/local/quotes ------------------------------ Received: (from NIU for via BSMTP) Received: (from A01STCS@NIU for MAILER@NIU via NJE) (UCLA/Mail V1.500 M-SMTP-7496-585); Wed, 05 Mar 97 23:49:35 CST Received: from anon.lcs.mit.edu by mvs.cso.niu.edu (IBM MVS SMTP V3R1) with TCP; Wed, 05 Mar 97 23:49:20 LCL Date: 6 Mar 1997 05:49:05 -0000 Message-ID: <19970306054905.25480.qmail@anon.lcs.mit.edu> From: Baal To: cudigest@SUN.SOCI.NUI.EDU Subject: File 5-- CUD Submission in reply to CuD 9.14 Guardian Angels References: Reply-To: Baal@NYM.ALIAS.NET Cc: Baal@NYM.ALIAS.NET, angels@WAVENET.COM, tk0jut2@MVS.CSO.NIU.EDU Jim, I'd like to submit this to CuD. I realize it is rather long, and would not object terribly if it was edited; I would just ask that you send me the edited copy for my perusal prior to posting in CuD. (I'll make a small note regarding the editing, and PGP-sign the edited copy.) I'm sending the full article to `Gabriel Hatcher', for his rebuttal/comments. Baal 1024/A21829FD 1995/07/10 PGP public key on keyservers PGP Key Fingerprint: 5A 64 DB DB 2C FE C0 FE 63 A7 A3 59 58 DA A6 EA -----BEGIN PGP SIGNED MESSAGE----- > Message-ID: > Date: Sun, 02 Mar 1997 20:35:34 GMT > Subject--Cu Digest, #9.14, Sun 2 Mar 97--Childporn--Guardian Angels, Netpics > Reply-To: tk0jut2@mvs.cso.niu.edu > Editor: Jim Thomas (cudigest@sun.soci.niu.edu) > CYBERANGELS FACE PROJECT BTW, Gabriel, your PGP-signature, at least as posted in CuD, failed to verify. You also haven't signed your PGP-key. > The concerns voiced about the CyberAngels FACE project are valid > concerns and deserve an answer. Thank you for acknowledging this. > The insulting tone of some of the posts to date however is sad to see. > Disagreement is often expressed in CuD by abusing and demonizing the > opponent. In other words the critic cannot conceive that another person > could be intelligent and yet disagree with them. This feature, for better or worse, is common to discourse on the net. > Thus our project is dismissed as "dim-witted" or ill thought out, when > what the writer perhaps means is that they disagree with it. Perhaps the writer means exactly what they said: i.e. that your project is dim-witted and ill thought out. Obviously they disagree with it, but I think that using these words conveys rather more than simple disagreement. Let's face it... this is an emotional issue, and emotions are going to run high on both sides. > I disagree with a number of the contributors to CuD but I would not > claim for a moment that they were stupid people based on the fact that I > didn't agree with their opinion. I consider it a weakness to be so > quick to judge and condemn when in fact the details of the project are > not even known by those criticising it. The fact that your project is dim-witted and ill thought out does not necessarily imply that you lack intelligence--mere intelligence does not automatically guarantee that one will embark on appropriate courses of action. > The main areas of concern about our FACE project appear to be: > A) CONCERN FOR THE CHILDREN WHO WILL BE "VICTIMIZED" BY THE PROJECT > Some critics have written that we are contributing to > "double-victimization", while one from England wrote that we were lucky > we didn't live in the UK as we would go to jail there for such a > project. You're lucky that you don't live in Canada either, as you would go to jail here also. > In other words this criticism equates us with the original abusers of > the children, Not at all. Possession of child pornography is illegal, regardless of the purpose for which it is held. In child pornography cases here in Canada, I understand that even defence counsel must go to the offices of the police to view the evidence--even counsel for the accused is not permitted to either possess or view the evidence except though the police. From: "Tracking high-tech pedophiles" The Toronto Globe & Mail, Saturday, December 14, 1996 page A1, A12 [...] "The printouts are required for defence lawyers, who must, however, view them in the Project P office, because otherwise the lawyers would technically possess the material. A written description, called a breakdown, of each shot is provided for the defence to keep." > and suggests that while we may well be well meaning "do-gooders" we are > in fact hurting the children and exploiting them for our own ends. The > term "do-gooders" is invariably used as a term of abuse as you can see > from the post in CuD - a "do-gooder" is by definition ignorant and > unskilled in the area they work. To a degree, is this not true? Are you not, in fact, exploiting them in order to further your own political agendas? (I see your agendas as cracking down on encryption, key-escrow, anonymity and general policing of the Net. Please correct me if you are not, in fact, in favour of all of these measures.) > It is my belief that a child who is being raped by adults for their > pleasure would like the torture to stop. This is an entirely reasonable assumption. > It is the FACE project's intent to assist in stopping the abuse. This next statement, however, is not. You are operating under the assumption that the current materials making the rounds of the net are in fact, current--when this is necessarily not the case. Quite a bit of it has been scanned in from materials published decades ago. Consider the following: From: "Tracking high-tech pedophiles" "Project P has also offered hope to people who have memories of being abused as children and believe it was recorded on film, or to parents who fear their children were assaulted by pedophiles. Every week Staff Sgt. Matthews gets letters accompanied by photographs of children asking whether investigators have seen them on the Internet, with the hope that they can identify the abusers. The smiling faces of these children, posing in class photographs or hamming it up in photo booths, are posted above the computer that is printing out the images of child pornography in Project P's back room. The investigators say it's almost impossible to look for ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ matches among the hundreds of printouts a day, but they like to ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ have the photos posted there as a reminder of the innocent victims hurt by the trade in such material." > Our FACE project has been carefully researched for the past 6 months and > we are proceeding slowly and with high regard for the victims. I find > it strange that people believe that a child who is being sexually abused > would prefer the rape to continue rather than face the "embarrassment" > of having themselves identified and rescued. Read the above, Gabriel. Even the officer in charge of "Project P" the largest unit dedicated to fighting child pornography in North America, is of the opinion that your methods aren't 't workable. The odds of your actually "saving" a child are therefore negligible. > It is certainly true that some children who are being raped by their > fathers are worried about getting him into trouble, and it is certainly > true that many children being abused inside families do not inform > teachers either because of shame and humiliation or in some cases > because they are threatened with terrible consequences if they ever > tell. Nevertheless it is in the best interests of all victims of child > abuse, and for our society as a whole, that child predators are stopped, > and part of stopping child abuse is by identifying child abuse victims. Granted. However, as stated in the article above, even the head of Project P apparently regards your methods as unworkable. I must commend you, however--you are one of the only persons engaged in the fight against child pornography who has *ever* raised the fact that the overwhelming majority of abuse takes place in families. (My understanding is that very little, if any, of this material makes it onto the net.) > The average pedophile predator abuses 80 children before they are finally > brought to justice. Your source for this statistic, please? > This being the case, it is in our interests to act fast when we discover > them. Identifying the victim of child abuse gives Law Enforcement in > many cases a direct lead to abusers. This may be true, in theory--in practice it is another thing entirely--witness Staff Sgt. Matthew's comments in the Globe and Mail article above. > B) CONCERN THAT CYBERANGELS FACE UNIT DOES NOT UNDERSTAND THE > TECHNOLOGY OF CHILD PORNOGRAPHY > It has been said that CyberAngels does not understand that child > pornography can be forged, and that any child's face can be pasted onto > any pornographic scene etc... Exactly what evidence does the critic > have of our lack of understanding in these matters? I would suggest no > evidence at all, for certainly none is offered. In fact we are > perfectly well aware that modern computer programs are very capable of > such things. I own and use Photoshop myself and am fully versed in what > it can do with photographs. Fair enough. > The laws on child pornography are very clear here in the USA: > > ================================================== > > "Child pornography" is defined as speech that: > > 1) visually depicts Visually depicts what? Has something been left out here? > 2) sexual conduct - which might include sex, masturbation, and "lewd > exhibition of genitals" -- Whatever `lewd exhibition of genitals' is... this is extremely subjective... > 3) by actual children under the age of 18, > > It is constitutionally UNPROTECTED. You can go to jail for > distributing it *or* for possessing it. Actually, U.S. law if fairly lenient. The laws here in Canada are *far* stricter, even covering artificial child pornography (morphed or hand-drawn images, and even *text*. It is my understanding that there is a bill by a Senator Hatch which would also criminalize artificial child pornography in the U.S.A., although your 1st Amendment would continue to protect expression in text form, as it should.) > The rationale behind this exception is that child pornography > necessarily involves the use of children in sexual contexts; and that to > suppress such use, the law can ban distribution and possession of child > pornography as well as its production. The category is therefore > limited to *actual* depictions of children; it almost certainly > excludes, say, paintings (or computer-generated images) of fictional > children, or verbal descriptions of sexual conduct involving children. As I said, Canadian law makes no such distinctions, which is the primary reason I am opposed to it. Senator Hatch's legislation would also change this state of affairs. > [From "Cyberspace Law for Non-Lawyers" by Larry Lessig, David Post, Eugene > Volokh > http://www.ssrn.com/cyberlaw ] > ================================================== > So what are our criteria for selecting images from which to crop? FACE > members must make decisions about the following: > 1) The original photo should have been taken in the last few years. > > a) Consider hair styles and clothing: are they something you > would see people wearing today? > > b) Does the photo have a yellow or brown tint to it, If so it may > be too old. > > c) Consider decor in the room like pictures, beds, wallpaper. > Could you buy something like that today? If not the photo may > be too old. While all of these are clues, they are hardly definitive. > 2. The child must appear to be under 15 years old. > a) Consider the hands and eyes of the victim. > > b) Try to determine if the photo has been changed in any way to > make it look like child porn. (If your viewer can magnify the > size of the image, you may be able to determine if there have > or have not been any alterations.) The most obvious retouch > methods used when fabricating child pornography is the masking > of pubic hair, the reduction of breast size in the case of > women, and the placing of a child's head on top of a adults's > body. All of these judgments are highly subjective--how the hell are you supposed to differentiate a 15-year-old from a 16-year-old? (I know women that are well into their twenties, yet they tell me they're often asked for I.D. going into bars, as they appear to be about 13-14.) Under Canadian law, even the morphing of an image to make it appear that the person depicted is underage (or even describing them as underage, even if they are not, makes the image or text child pornography.) > In the case of highly skilled graphic designers the changed image will > appear "seamless". In the case of a seamless image, CyberAngels are > advised to treat it as a piece of genuine child pornography. Advised by whom? > 3) If the child is just standing, sitting, or laying we can NOT use it > unless it meets one of the below requirements: > > a) The child is being sexually abused by someone else in the photo. > > b) The child is doing something sexual (eg. masturbation, pulling > her dress up to expose him or herself, or posing in an overtly > sexual nature). Direct sexual abuse, masturbation (or insertion of an object into the anus or vagina) I think I can agree with. However, the term `overtly sexual nature' is rather broad, and subject to wide interpretation. > One thing to be very careful of, is to try and determine if the image > comes from a nudist camp. If it does, and it is just child nudity > rather than sexual abuse, then we CANNOT use the image as these are > legal images. What the images are used for by pedophiles is sickening > and sad, but the images in and of themselves are legal under US law. If you had your way, would you have this changed under U.S. law? > 4) The image CANNOT be used if the child's face is showing pain > or distress or if the child is peforming oral sex and > therefore the face cannot be cropped. If FACE searcher can > find one unuseable image of a child involved in oral sex and > another simple nude picture of the same child that would > normally not be useable as it is legal, then we can couple the > two images and use the nudist face, as we have evidence that > sexual abuse occurred. A question, if I may--why the exclusion of images involving pain or distress? (Does this somehow make the child's face harder to identify?) > Images to be included in the FACE database must be approved by 5 separate > people. For an image to be included all 5 persons of the selection > committee must agree unanimously. Who are the members of this selection committee, and what are their qualifications? How were they selected, and by whom? > The logic of our critic appears to be that since child pornography can > be spoofed it is therefore not possible to ever decide whether something > is child pornography or not. Presumably the same critic would then > favor the abolition of the laws against child pornography on the same > grounds? The problem is, that the existence of decent morphing software breaks the link between the production of child pornography and the abuse of actual children. It is no longer necessary to abuse an actual child to produce such images. Accordingly, there is not always an actual victimized child to "rescue." > In fact what we are doing is searching for "probable cause" for deeper > investigation by Law Enforcement. It is not for CyberAngels to make a > judicial ruling about whether something is an illegal image or not. Really, now. You admitted above, that your 5-member committee judges whether to pass along an image to the police or not. You are already, ipso facto, making judgments about the legality or illegality of images. If you were truly making no judgments, you would pass along either *all* of the images, or *none*. > That decision is made by a court, and in some cases by a jury, following > expert witnesses and examination of the images by experts in the field > (compare for example OJ Simpson's Magli shoes, where a jury had to > decide whether the image was genuine after hearing expert testimony). > CyberAngels FACE Unit is selecting possible examples of child abuse, > asking for public assistance in identifying the faces used in the images > and presenting the evidence to Law Enforcement. Are any of the people on your "selection committee" qualified to make such legal or forensic judgments? If not, then you have no business to be making them. > And what if the face used in the child pornography belongs to a child > who has _never_ been abused? Wouldn't the parents wish to know that > someone was using their child's face to create such an image for the > sexual gratification of pedophiles worldwide? I certainly would like to > know that if one of my kids was being exploited in such a way. And how is this to be determined, exactly? If a child's picture is published, then the parents (and the child themselves) essentially lose any control over its use. > C) CONCERN THAT WE ARE BREAKING THE LAW BY GATHERING EVIDENCE > > Our critics continue to paint us as ignorant newbies who know nothing > about law, law enforcement, obscenity, pornography, child pornography, > child abuse, psychology or internet technology. Notice that the > accusation is always that we are "dim-witted" and rarely stops at "I > disagree". The only reasonable course of action is to make the assumption that you are unqualified, unless and until, you prove otherwise. > In fact CyberAngels core membership are experts in a wide range of the > above mentioned fields. I am a post graduate researcher and lecturer > (History, International Relations) with 17 years teaching experience, > including work at the University of London, England, and am also an > expert in security (20 years). Irrelevant. Given the nature of this medium, anyone can claim to be anyone, or have any qualifications they wish in this forum. I could just as easily claim to be an M.D., Ph.D. or a pink elephant for that matter. > Other members of CyberAngels core team are professional Law Enforcement > members, child psychologists and mental health counsellors, internet > system administrators, network managers, usenet admins, webmasters and > technicians, numerous lawyers from both criminal and civil fields, and > numerous representatives of child abuse/support organizations. Our FACE > project is being developed in consultation with as much expertise as we > can find. The difference, my dear Gabriel, is that experts who testify in court have to submit some sort of evidence as to their qualifications, in order for them to be accepted as experts by the court. Your `experts' do not. We have only your word for it. Care to name some of your CyberAngels or the people who have been advising you? > We are following guidelines for gathering evidence given to us after > discussion with the FBI "Innocent Images" project running out of > Baltimore. Our Usenet Director discussed how we could help the FBI in > their investigations with agent Doris Heppler who is one of those in > charge of the project. > The advice we received from the FBI is the advice we follow: > > 1) Images are downloaded to floppy disks for viewing purposes. Good thing you're in the U.S. In Canada, this would tend to automatically one make liable to charges of both making and possessing child pornography, under Section 163.1 of the Criminal Code. > 2) If the image is suspected to be illegal, the headers are recorded. Fine and good. However, given the relatively rapid expiration times of binary newsgroups, and the fact that (at least to my knowledge) none of the archiving services store intact binaries, what is the point? > 3) The floppy disk is reformatted to erase all trace of the suspected > illegal image. So, you destroy the actual `evidence'. > 4) The headers are passed up the chain of command to the next level > for verification. How is verification performed, given the constraints I've listed above? What is there to link a particular image with a particular set of headers? Are you not essentially, breaking the chain of evidence here? > 5) No suspected illegal images are EVER stored on computer, nor sent by email or snail mail. No doubt, this is to try and avoid charges of distribution... fair enough. > 6) Following verification either > > i) The headers are passed on to FBI agents. or > > ii) The encoded binary is downloaded to floppy disk (not decoded) and the disk is then carried physically to the local FBI office. The encoded binary is downloaded to floppy disk from where? Above, you stated that: " No suspected illegal images are EVER stored on computer, nor sent by email or snail mail." So, where *are* you getting them from? Further, how can you ensure that the images downloaded are identical to those identified by the headers, particularly if they are not decoded? > 7) All members involved in such activity should make contact with local or > regional FBI offices and ask for assistance and guidance. > All FACE project members are advised to make direct contact and meet > with both their local FBI agents AND with their ISP admins to discuss > their involvement in this project. It is not the case that CyberAngels > are operating alone and in secret and could therefore be confused with > pedophiles. Then you wouldn't mind publishing a membership list of the various personnel involved? > The same is true in other countries - members are advised to contact > their local or federal law enforcement and ask for guidelines as to how > they can assist in the gathering of evidence and the stopping of the > online trade in child pornography and the real life activities of > pedophiles and child predators. Just out of curiosity, are you aware of any Canadians who have approached either the Ontario Provincial Police (the OPP is responsible for Project "P") or the RCMP? If so, what was their response? > D) CONCERN THAT PEDOPHILES WILL JOIN CYBERANGELS AS A COVER FOR > GETTING THEIR HANDS ON CHILD PORNOGRAPHY > > Some critics are concerned that pedophiles will join CyberAngels as a > cover for getting their hands on child pornography and being immune from > prosecution. What evidence do these critics have of this? I have never > seen any. Even though I am opposed to what you are doing, nevertheless, I believe that you are correct here. I think that the probability of such an occurrence is extremely remote. [snip] > How many pedophiles do you know who would be happy to register their > names and addresses with the FBI and risk background investigations, > when they can obtain child pornography freely and safely without needing > to do that? Are you claiming then, that all of your CyberAngels (engaged in this project at least) have submitted themselves to (and passed) background checks by law-enforcement officials? Furthermore, you state that pedophiles, `can obtain child pornography freely and safely'; Staff Sgt. Matthews, the head of Project P, has made statements to the effect that methods (essentially identical to the ones you are using) to identify abuse victims are unworkable. So, therefore, what is the point of the project? > Any CyberAngel member who stores illegal images on a Hard drive is as > guilty as anyone else of possession of child pornography. Storing of > images is not permitted by law except for by Law Enforcement or their > agents, and, while we seek ultimately to act as official agents for the > FBI we are at present involved only at an informal level with them as > private citizens. What this means is that all CyberAngels members are > bound by the same laws as anyone else. Abuse it, you lose it. I'm not entirely certain about American law, but under Canadian law, even storage of an image to a floppy disk is illegal. I must admit to being disturbed by your admission that you seek to act as `official agents for the FBI.' My belief is that you and your CyberAngels are nothing more than a bunch of cyber-vigilantes. > Well, no doubt there will be more questions, but I hope I have answered > some of CuD reader's concerns. I would certainly appreciate it if > critics confined themselves to stating their disagreements and reasons, > rather than abusing me personally or insulting my intelligence or > expertise. Your expertise, Sir, not to mention that of your colleagues, has yet to be established. > There is nothing "dim-witted" about what we are doing - in fact it is > very carefully planned and thought out. Something can be very carefully planned and thought out, yet still be dim-witted, or ill-advised. > And by the way, if anyone is wondering why they cannot find our FACE > database yet, it is because 6 months after the project began we are > still researching and studying the legal, practical and moral aspects. > It seems to me that it is our critics who are running around > half-cocked, not CyberAngels. Ok, so you mean you've already *started* the project, without reaching a decision as to all the legal, moral and other implications?! If that isn't dim-witted or ill-advised, what is? ------------------------------ Date: Thu, 15 Dec 1996 22:51:01 CST From: CuD Moderators Subject: File 6--Cu Digest Header Info (unchanged since 13 Dec, 1996) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: cu-digest-request@weber.ucsd.edu DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-0303), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) Issues of CuD can also be found in the Usenet comp.society.cu-digest news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, and DL1 of TELECOM; on GEnie in the PF*NPC RT libraries and in the VIRUS/SECURITY library; from America Online in the PC Telecom forum under "computing newsletters;" On Delphi in the General Discussion database of the Internet SIG; on RIPCO BBS (312) 528-5020 (and via Ripco on internet); and on Rune Stone BBS (IIRGWHQ) (860)-585-9638. CuD is also available via Fidonet File Request from 1:11/70; unlisted nodes and points welcome. EUROPE: In BELGIUM: Virtual Access BBS: +32-69-844-019 (ringdown) In ITALY: ZERO! BBS: +39-11-6507540 In LUXEMBOURG: ComNet BBS: +352-466893 UNITED STATES: etext.archive.umich.edu (192.131.22.8) in /pub/CuD/CuD ftp.eff.org (192.88.144.4) in /pub/Publications/CuD/ aql.gatech.edu (128.61.10.53) in /pub/eff/cud/ world.std.com in /src/wuarchive/doc/EFF/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: nic.funet.fi in pub/doc/CuD/CuD/ (Finland) ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #9.15 ************************************