It's coming. Thrills like you've never seen before. Romance that will shock you. Exotic locations, a cast of thousands and the adventure of a lifetime. Sometimes I feel as if I was sparkling all over and I want to go out and do something absolutely crazy and marvelous. Just keep in mind that I and the boys is candidate for hanging. The first time any one of you makes a wrong move, I'm going to kill a whole lot of you. And to bring new vitality to every explosive chapter, to capture for you the stark realism of people who love so deeply, hate so fiercely, live so recklessly. All mixed up with Peter Beauchamp. Monday mornings at 9.30 here on WBAI. It doesn't bother him to answer to Miss Maple though, because I think it was Eve who started calling him that. Yeah, it must have been Eve, because she was the first person he met in here. Glory mail. Sugar Man swears he was wearing a crinoline skirt and high heels when he first walked in and announced out loud that his name was Miss Maple. Monday. Had Sugar Man so upset he almost threw up his food. October 19th. That is an out and out lie. To begin with, the man doesn't own a pair of high heels or a crinoline skirt. And second, I was right here where I'm standing now when he first came in, dressed like a Wall Street banker. The only thing odd about his clothes then was that he had his shirt unbuttoned and he was carrying the jacket to his gray flannel suit. I didn't have time to strike up a conversation with him. It was busy as the Dickens that day. And this is radio station WBAI New York. It's just after nine o'clock on a Wednesday night, and that means it's time for Off The Hook. They couldn't get much worse. But if they could, they would. Bum diddly bum for the best, expect the worst. I hope that's understood. Bum diddly bum! And a very good evening to one and all. This is Emanuel Goldstein, and the program is Off The Hook. We're together until 10 o'clock talking about all the nuances of high technology, the dangers therein and without, and all that kind of thing, and inviting your phone calls at 212-279-3400. And we've got quite a lot of interesting things to talk about tonight, some of the week's activities, and some of the things that have been developing over the past few months. So stay with us. And the program is Off The Hook. As we've mentioned, today we're supposed to have Bruce Sterling with us to talk about his new book, Hacker Crackdown. So far, we have not been able to reach him. We're going to keep trying throughout the hour. Sometimes people forget when they're supposed to be on the radio. Fortunately, I never forget. And regardless, we'll have plenty to talk about this hour, but we will try to continue getting a hold of him. We have a couple of interesting items that have come up over the past week. First of all, New York Telephone is seeking to cut 625 more jobs. This is starting to sound like Flint, Michigan. New York Telephone has begun notifying 625 managers that their jobs are at risk as part of a previously announced cost-cutting drive designed to trim 3,400 white-collar positions from NYNEX, its parent company. 625 jobs to be eliminated, most of which are located in the New York area, represent 7.3% of the company's 8,600 managers. Managerial jobs are also being cut at NYNEX corporate offices and New England Telephone, another NYNEX unit. This is not the first wave of New York Telephone workers to find their jobs in jeopardy in recent months. Last December, more than 5,000 employees took early retirement, and in March, 800 managerial positions were eliminated. You'd think with all these jobs being eliminated that somehow costs would go down, but it just doesn't seem to work that way. They're paying less people, but getting more from us. Where do you think it's all going? I don't know. Then there was an interesting event yesterday in Suffolk County, Long Island. For about two hours yesterday morning, more than 1 million residents of Suffolk County had no 911 emergency phone service as a power failure in the New York Telephone switching system in Central Islip disabled the system. A backup system in the Suffolk County Police Headquarters was not used because, according to the police, it would have taken too long to put into service. That's about all the logic that we need as far as that goes. As a result, anybody who called 911 yesterday got a busy signal. That's right. Call 911, you got a busy signal. And we're on the air tonight to tell you that if you call 911 and got a busy signal, they're off the phone now. You can call them now. They'll answer your call. Now, this is the great part. Police and emergency officials said that no serious criminal or life-threatening situations appeared to have arisen or been aggravated by the malfunction of the 911 service. How do they know? How do they know that people didn't die as a result of this or people didn't, you know, have to resort to calling vigilantes or something to deal with justice? I mean, you don't report it when you can't get through to 911 because how do you report it? It's kind of hard to imagine how they could say that nothing really went wrong because nobody could get through to 911 for two hours. They added the failure was inexcusable, an error that could have led to a loss of lives. This should never have happened, said Inspector Philip Robledo, the officer in charge of the police department's 911 service and the one in most danger of losing his job as a result of this. Yes, obviously you should be able to call and get through immediately. We know it. The phone company knows it. The whole world knows it. This is what happened. The main computer, according to New York Times, the main computer that handles 911 calls in Central Islip lost power at around 6 a.m. Maureen Flanagan, a New York Telephone spokeswoman, said that the erased, this erased part of the memory in the computerized switch that routes the 911 calls to dispatchers and phone company officials said engineers are required to reconfigure the hardware in the switch and to reprogram it. Ms. Flanagan said the new programs were loaded in the switch about 7 30 a.m. and the switch was fully operational about an hour later. While the switch also handled commercial and residential non-emergency calls, only government emergency lines were affected. Phone company officials added that they are puzzled why the emergency calls were singled out. The company officials said that routine maintenance was being performed on the switch earlier this morning, or yesterday morning actually, while a police official who asked not to be identified said that a phone company employee might have improperly tended to the equipment. Company officials said it was too soon to comment on what may have caused the problem. Inspector Robillato said that the police have a backup computer at the headquarters in Yap Bank that was recently installed by the phone company to handle 911 calls if the central system failed, but he said it would have taken longer for the phone company to reroute calls to the computer than to reprogram and reset the switch in Central Islip. I don't know what century these people are living in, but it takes about a second to rewrite a call if you have the proper programming. Obviously they do not, and it doesn't seem to be very high priority in Suffolk County to route emergency calls in a backup situation. I mean, what if... what if something else had happened? What if Shoreham had melted down, or there had been a hurricane, or power was lost everywhere? You've got to be ready for these things, and they're not even ready for their own failures. About the only thing they didn't do is blame hackers for this. Anyway, according to Inspector Robillato, we thought we had all the bases covered, but this shows there's a hole in the system from the phone company's end. We need to have a system that will automatically kick calls to our computer if theirs doesn't work. No kidding. I don't want to sound, you know, overly sarcastic here or disrespectful, but come on, this is 911, you know? I mean, let's have emergency 911 on TV, you know? And show what happens when you can't call 911. Show the emergencies then, I'm sure it'll be a much more entertaining program and really bring in the Nielsens. But that's part of the deal, you know? 911 should work everywhere, and it should work consistently. And yeah, you heard it from a hacker, because I think we can appreciate these things. Also, another thing involving 911, that story we mentioned last week is beginning to get actual coverage as another hacker story. Now, we went over this last week. Somebody apparently was pranking 911 or calling in false alarms someplace in Canada, and as a result, all kinds of people were being routed to the wrong place, and not very nice things were happening. And because somebody was apparently using a computer to make the calls, or using somebody's calling card to route the calls and bypass the immediate traceability of 911, it was linked, at least in this tabloid, as a hacker kind of a thing, a hacker story, which I don't think very many people have trouble understanding why it is not a hacker story. And if anyone does have a problem with that, please call in and tell us what the problem is, because it's really not something that has anything to do with hackers or people exploring computer systems. This is not about taking over a computer system and taking full control of it. This is not about anything of that nature. This is about somebody simply making false alarms. We have to be careful how we distribute blame here. If you blame hackers for everything that happens regarding 911, or regarding computer breakdowns, or phone snafus, then you're going to be creating a scapegoat the likes of which have not been seen in quite some time, and that's a very dangerous thing to do. Okay, we got a couple of letters in the mail today from a couple of different phone companies, and I figured I'd share some information with you on that. First of all, the word on the street is that AT&T calling cards only work with AT&T now. That's what AT&T is saying anyway. They say, because we appreciate you as a customer, we wanted to clarify an important aspect of your AT&T calling card which you may not be aware of. If you use your card to make a long-distance call at a non-AT&T phone, and this is in capital letters, boldface, and underlined, your call will not go through. But don't worry, there's nothing wrong with your card. In fact, we designed the card so that your long-distance calls are carried exclusively on the AT&T long-distance network. This protects you from overcharges by some other operator services companies. Keep in mind, though, it does not protect you from overcharges by AT&T. Right, how do you know if a phone is connected to AT&T? You can't always tell by looking at the phone. Even if a sign indicates AT&T is a long-distance carrier, listen for a tone followed by AT&T after dialing. If you hear it, the phone you're using is connected to AT&T or is trying to convince you otherwise, and you should continue dialing your calling card number. If you don't hear AT&T after you dial 0 plus the area code number, the phone you're using is not on the AT&T network. This is the cute part. That's your cue to hang up and dial 10ATT 0 plus the number. That's assuming you want to use AT&T, of course. Then we also got a letter from Metromedia, formerly ITT, and this one concerns a changed 800 number for their preferred calling card. Now, they have a pretty good deal with preferred calling cards. We were talking a few weeks back about how cable and wireless is slowly but surely eliminating their 950 service, which allows you to pay basically the same rate that you would pay from your home for a direct dialed call, except you can do it from any payphone in the area code that you call from. You know, it's a good deal. You can call somebody, say, and pay 10 cents for a one-minute call as opposed to using an AT&T calling card and paying a huge surcharge on top of that. It seemed like a good deal, and apparently it was too good a thing to last. That's why they're starting to phase it out. However, Metromedia still has such a deal, and I recommend people check this out. They say their preferred calling card retains the convenient surcharge-free 950 access it has always offered, and they also have an 800 number for use where 950 access is not available. That is more expensive, significantly more expensive, though. Their 950 number is 950-0488. You'll get a dial tone at that point, and the deal is you dial the number that you want to call, and then you enter your ITT or Metromedia calling card number. Those people interested in getting the Metromedia preferred calling card can call 1-800-275-0200. Now, what's particularly good about this calling card, this 950 access, is that it is not limited to local. This is the only company that really ever offered nationwide 950 service, which means you can go to Los Angeles, say. Let's say you go to Los Angeles. You pick up the phone, you dial 950-0488, enter your phone number, enter their calling card number, and you can make a phone call without paying a surcharge to companies like AT&T, MCI, and Sprint, which I've always said is, well, it's not a bit of a ripoff. It's a big ripoff, because you're using a calling card. The only thing the calling card does is make long-distance phone calls, yet somehow they charge you a surcharge. It doesn't really make much sense. So, anyway, we're going to attempt one more time to get a hold of Bruce Sterling, and if that fails, we will simply discuss his book in his absence, which might be a... might get a bit emotional at times. Our phone number, again, is 212-279-3400. If you have any questions, comments about anything that we have discussed, or things that we have not discussed, we'll be right back. Okay, we don't want to sit through that piece again. It is a nice piece by Kraftwerk, but I've had about enough of it. All right, we have tracked down Bruce Sterling. He's on the phone from his home in Austin, Texas. Bruce, you had some trouble, I understand. Yes, I did. I was out at the bookstore, and my car wouldn't start. However, I'm back now. I'm ready to answer all questions. Well, you know, frequently guests at BAI find their cars sabotaged by federal authorities to prevent them from speaking out. I think that's the case quite with mine. Well, we have thwarted them once again, and you're here to speak about it. All right, we're on the air. Now, your book, The Hacker Crackdown, I believe, is due for release tomorrow. It's already out. I just saw it at the bookstore, in fact. There's an enormous stack of them. Well, that was my first question to you, because actually, I had been told, and you had been telling people that it was going to be released on the 15th, and I've seen it in bookstores for about a week now. Well, apparently, they released it a week early. Uh-huh. Well, that's something. Now, in your words, The Hacker Crackdown, Law and Disorder on the Electronic Frontier, if you could describe it for us. What does this entail? Well, it's mostly about events that took place in 1990 and 91, when there was a fairly well-organized federal and local attempt to break the back of the American computer underground, as it were. And it impinged on my life, because a friend of mine here in Austin was raided, and I spent a lot of time trying to figure out why it was that he had aroused the ire of the federal authorities. And once I figured that out, I wrote a book about it. Uh-huh. Now, you had been involved in the computer underground before these events happened? I had. I mean, I certainly had a modem. I'd been on computer systems. I'd been on bulletin board services and so forth, but I never knew anybody who was a self-confessed computer underground person. Uh-huh. I see. Now, the book itself, it encompasses, as you say, 1990, 1991, but you cover a pretty wide range of people and events and places, everything from the Craig Neidorf trial to the Steve Jackson raids to hackers here in New York City. How did you decide how it all fit together? Are all these events, are all these people linked? Yes. Well, I see this as being a network of networks. You know, it's like a war between networks. All the cops are networked, and all the underground people are networked, and sometimes the links are rather loose, but they're definitely there. And I didn't feel that I could get the whole truth about the matter unless I sort of brought in the whole rattling, tied-together, bondage-infested mess of it. Yeah. Well said. Another thing that you have in the book is a chronology. Can you describe that to us a little bit? Yeah. I thought I'd start at the beginning, so I started with Alexander Graham Bell and the founding of the Secret Service, but the chronology doesn't really get hot and heavy until 90 and 91. I disagree, because in 1878, you say, first teenage males flung off phone system by enraged authorities. You want to describe what that entails? Well, that actually happened. You know, Bell and his backers were starting up this system in Boston, which is where he lived, and the first people they hired to work their switching station were teenage boys because, of course, they were cheap and easy to exploit, basically, and not only could they work the system, but they could run out and demand bills from people. But it turned out the teenage boys simply could not keep their hands out of the equipment. I mean, they were messing with it from the first days they were put in there, and they just had basically a bad attitude, and they were just incorrigibly curious about the workings of the system, and they just couldn't stop messing with it. So within a year, Bell and his people had to fire them, or at least they felt they had to fire them, and they did. That's a fascinating parallel to what goes on today. Oh, yes. When did you first find out about that? Well, I was reading about Bell's early life, and I was reading about the early career of the phone company. I was trying to get to the real roots of it and where the whole thing had come from, and it's in several different versions. I mean, there's mention made of it in Mr. Watson's autobiography, you know, as in Mr. Watson, come here, I want you. Yes, he wrote his autobiography, and he refers to one of the early Bell engineers referring to their teenage boys as wild Indians. Wild Indians, not a name for a hacker group. I think they were the first hacker group, the wild Indians. I don't believe anyone has ever pretty much pointed that out before, sort of linked the two together, 1878 and the present, and I think there's something that we need to do a bit more often to put it all in context. I think it's useful. When you're talking about high-tech activities, people always think they're entirely new, that nothing like this has ever happened before. It's been my experience that you can always find a historical parallel for this sort of thing, and that it really helps you. It sort of removes that ridiculous high-tech hype, you know, the kind of vaporware and the revolutionary rhetoric about everything. It's just not the way things are in the real world. Mm-hmm. Another thing you do in the book that I kind of like is you refer to the AT&T crash on Martin Luther King Day as something where one machine talks to another machine, and it just keeps getting bigger and bigger and wider and wider, and in a way you kind of parallel that to the way the raids were taking place, how one person would say something to another person, and more and more people got drawn into it. Uh-huh. It became bigger and bigger. Was that an intentional thing? Well, I think there's something to that. I mean, the thing that happened... if the thing that had happened to the switching stations had happened to human beings, it would have been called mass hysteria, because that's basically the, you know, that's the gut level dynamic at work. It's like this terrible rumor or something that is just propagated through the system and just rings from one side to it to the other until the whole thing just sort of vibrates itself to pieces. Mm-hmm. Well, we certainly have had our share of mass hysteria over the past couple of years, and... I don't question that for a moment. Now, you're a science fiction writer for the most part. How did you get involved writing something as a doc... I mean, I know you're involved with the people, but how did you feel changing gears and getting into documentary mode? Well, it was a big change for me. You know, and this thing cost me, I don't know, a year of my life. I thought it was important. I thought it was politically important, and I thought it was necessary for me to do it, basically, for, you know, ethical and political reasons. So I just had to put my entire career on hold and basically give up science fiction, which, you know, means more to me than anything else, and pursue this particular thing. But I just felt the time had come, and it was something that I was uniquely qualified to do and basically felt the moral obligation to do. So I went and I did it. So you looked upon this more as an obligation than something that you really wanted to, you know, to seek out and do yourself. Well, that's true, but they were busting people in my hometown, and I knew they were innocent. Uh-huh. Is there something you can add to where the book leaves off? Because a year or so has gone by. Yeah, a very bizarre development up in Toronto. I'm just now getting the first rumors of it. Apparently, some young man in Toronto, a 15-year-old, did, in fact, screw up Toronto's 911 system. So the very thing that was the crux of the NIDORF trial, and pretty much the crux of the trial of the Atlanta Legion of Doom kids, has now actually been carried out by some youngster in Toronto. Well, no, that's something, it's interesting you should mention that, because we've been talking about that story over the past couple of weeks, and it's my impression that this story really has not much more to do with hacking than some kid going out and making a lot of false alarms. Do you have more evidence to suggest something else? Well, he did make a lot of false alarms, but he was also into the system itself. I was told, I mean, I was on a radio show in Toronto just last week, in which a member of the Toronto Metro Police, who unfortunately was not a particularly computer literate gentleman, was describing this trouble. I must say that his attitude was very low-key and calm. He was not at all hysterical about what had been done. Well, that's Canadians for you. I suppose it is, but I think that the charges this kid was given were probably the proper charges. However, apparently the false alarms that he conveyed were not merely a matter of calling up 911 verbally and delivering a false report. Apparently, he actually entered false charges into the 911 system per se. This is what they're saying? Yes. He accessed the computer by his modem and was able to... Not only that, but he accessed it through some American computer network. I have no idea what that was, and neither did the policeman. Well, I mean, it's possible he had an out dial on any American computer network and just called that way. Well, Emanuel, you would probably know that better than I, but... Well, that's something, okay, we'll continue looking into that story. I wasn't aware of that particular aspect of it, but if that is true, we'll certainly focus on it. I think it's a nightmare. I mean, I hope this is not going to start happening right and left. My suspicion is that this little rascal, whoever he was, has been reading accounts of the 911 crimes, or the purported 911 accusations, and just thought to himself in typical underground fashion, well, hey, I can do better than that. I'll really crash 911. Now, it's interesting because in recent days, someone was arrested in New Jersey claiming to be part of the Legion of Doom, and of course, nobody has any connection with the Legion of Doom has ever heard of this person before, yet the whole story seems to be brought back into the press again just because somebody says they're affiliated with the group. Well, that's the hell of being in a group like Legion of Doom, which doesn't actually exist per se. I mean, anybody can call themselves Legion of Doom, and there's no way for anybody to stop them. That's true, yes. It shows you how organized they really are, which is not very organized at all. I couldn't agree more, but at the same time, these new kids who are calling themselves LOD, I'm sure, are taking it every bit as seriously as earlier LOD people did. I'm not sure. I'm not sure if it's one person just saying that, or if it actually is a group. If it's a group, I think we would have heard something from them at some point on a board or something. Too old and out of it, my man. Oh, maybe. The new coming generation of 14-year-olds is just going to run a generation gap on you. Let's move on to something else, then. Let's hastily change the subject. Yeah, let's do that. That is a scary thought, though. Now, you print the entire 9-1-1 document that's supposedly worth $79,449 in your book, so it makes quite a bargain for $23. You can get it for a mere $23. What a bargain, eh? Yeah. But did you have any kind of hesitance from your publishers in putting that document in there? My publishers were enormously courageous about that act, I must say. I mean, the only hesitation they had was that they felt that the thing was absolutely unreadable, and pretty much stopped the narrative dead, which I have to agree was the case. Yeah, it did. I sort of glossed over those couple of pages myself. I defy any human being to read every word in that thing, one after another. I'm not going to do it here, because, well, you know, this is prime time, and we're out for the commercials. I read it several times myself, but I read it in, like, little bitty pieces. Damage to my brain. Well, someone had to proofread it to make sure that you got it all right. Yes, I did. I had to proofread it. It was a horrible thing. Yeah. All right, well, we want to take some calls from listeners. We also have in the studio with us a couple of people that were in your book. Really? Acid Freak and Fiberoptic are among the people here. I'm very pleased to hear from Acid and Fiber. Yes, I guess it's been a while since... I don't believe I've ever met Acid. Did I meet Acid at the signing? I've met Fiber on several occasions. Well, I'm not sure if you have. No, I haven't. He says no. No, you haven't met me. So maybe you could say hello now. How are you? How are you, Acid? Okay, now you have met, and this historical moment has been brought to you live on WBAI. And, of course, Fiberoptic, you know. Hi, Bruce. I feel better about being late now. If I'd known you two dudes were in the audience, I'd have... I hardly see what my presence has required at all. Well, you did write the book, and that sort of qualifies you right there. Plus, we also have a lot of people calling in that want to ask you questions, and I should stress to our listeners that tonight we are talking to Bruce Sterling, author of The Hacker Crackdown, a book which is just hitting the shelves now. And that's why we want to make sure that the topic revolves around that. If you have a question about a weird phone number you found, save that for next week, because we're devoting the show to this particular topic. Let me ask our in-studio people if they have anything they want to ask Bruce, and then we'll move on to the phone calls. Yeah, I just wanted to ask Bruce something. Bruce? Yes, sir? How are you? I was bothered by the fact that you so sort of nonchalantly mentioned in the book how one day a hacker will kill someone, and not those exact words. And I thought that was a rather dangerous thing to put in a book such as that, especially when you have people reading the book who simply don't know any better in how seriously to take the subject matter of the book. Well, as I recall, that is in the Gail Thackeray section. Right, okay. Well, I didn't quote it directly. Those remarks are to be more or less attributed to Ms. Thackeray's point of view. Although I don't question that a hacker will in fact someday kill someone. You do think that's going to happen somehow? I don't see how anybody can avoid it. I mean, you know, machines crash. I mean, anybody who reads Risks Digest, right? I mean, computers have already killed people on many occasions. You know, this 911 system going down. You know, somebody in Toronto could have died. I suppose you could claim that it was this rascal's fault one way or the other. You know, I wouldn't be surprised if people died during the AT&T crash. Well, now, are you saying a hacker will do it accidentally? Yeah. Well, now, where do you lay the blame then if a hacker is able to get into something that is so inept that it can actually allow somebody remotely to do something that would result in the death of somebody else? Yeah. Is that the hacker's fault or is that the fault of a computer system that really shouldn't have the power to do that in the first place? And the wide openness to allow somebody to get in? Well, that strikes me as something of a zen question, you know? I mean, I don't know. I mean, suppose that there's a software failure in Long Island tonight and a switching station goes down, or a bunch of switching stations go down. Have you been reading the newspapers? Oh, yeah. Because that's exactly what happened yesterday. Oh, really? Did you know that? Long Island switching station failure yesterday? Yeah, resulting in 911 outages for two hours. Okay. Well, suppose somebody died yesterday who was trying to get on a 911 and you don't know about it yet. Mm-hmm. What fault is it? Well, according to the police, it was New York Telephone's fault, but it's a forest step to say that New York Telephone killed people. Hey, man, the chairman of 9X, AT&T, some guy with a hard hat who's a pole climber, the guy who wrote the software, the guy who implemented the software, the guy who designed the switching station. I mean, everybody's culpable, right? But nobody's guilty. Mm-hmm. I mean, you know, I don't see where the guilt lies there, although I think that, you know, if you're going to go mess around with systems and if you crash one accidentally, and if human lives are dependent on its operation, I think you may not be, you know, directly and as ultimately guilty as you would be if you'd, like, hit them with a car. But you mentioned that the feds will crucify you for it if they catch you. I would disagree there because I would say that the people in charge have some knowledge of the inefficiencies or deficiencies of their system, and if they don't set out to fix those, I think it's, you know, it's like negligent homicide. They don't take care of something. Well, I use a computer every day, and I hate that idea. I mean, suppose that, like, I've got something on my hard disk, and it's, like, some life-saving piece of information that's going to help somebody, and I go in and I, like, click on my Macintosh, and I decide I'm going to load that sucker and fax it off my fax modem, and all of a sudden my Macintosh just freezes up, and the hard disk crashes. I mean, is that going to be my fault? I'm the guy who's in charge of this little PC here. Well, I mean, there's a difference between your personal... I'm the man of the moon! But there's a difference between your personal computer and something that's being run for the public, like the phone network or the 911 network, and if there's a deficiency there, and the people know about it and don't take care of it, I would hold them responsible for that. And if somebody accidentally does something, and they have no idea what they're doing, well, first of all, they shouldn't be there in the first place. But if you leave open those holes so that virtually anybody can wander in, any unauthorized person, it's like a hospital. A hospital that doesn't care if you're a nurse or a doctor and are working on patients. There should be some kind of standard. Every day. I'm sorry? I think you're a harsh man. You're holding people to an inhuman standard of performance. People screw up. They just make mistakes all the time. And computers go down. They go down all the time. Right, which is why I think we need backup systems for something that's dependent on... I know that AT&T has backup systems, so that doesn't prevent their system from going down. And for backups from not going up. All the backups go down, and yeah, something doesn't happen, or they just run out of power, and they can't get anything to move. My experience in dealing with computing, in any question, is that they're just profoundly treacherous foxes. And the idea of holding anybody personally responsible for the activity of these things is like holding somebody personally responsible if a tornado hits your town. Well, yeah, I would agree with that. It's just that when I see the people in charge casting blame and blaming the hackers for virtually everything that goes wrong and saying that they're the problem, I don't see them as being the problem. I see them as demonstrating what the problem is. Maybe not intentionally, but the fact that they're able to get in and manipulate things, if they even do that much, shows that something is seriously wrong and something needs to be fixed. And just going after people, like you illustrate in the book, certainly doesn't solve anything, and it creates an environment of fear. Well, I would be happier if people who are in charge of running these large systems would in fact admit that their systems are too complex for human control and are basically out of control. That's true. They don't want to admit that because the whole idea is too horrifying. They would prefer to seek out scapegoats. And that's what happened in 1990 and 1991, basically. So do we live in an element of fear now, an environment of fear in the electronic underground and above ground as well? I think if you don't have at least some kind of fear, you're not alive. You just basically don't know what's going on. Mm-hmm. What I'm asking, though, is an unhealthy amount of fear, fear and suspicion, you know, in the internet, in telecommunications. Well, it's true that some people are utterly security obsessed. You know, my personal feeling is that you can't lock every, you know, you simply can't make computer systems secure and that it's sort of a hopeless attempt to block all security holes. I mean, it's true that hackers can break into systems and they can show that it's easy to do, but it's sort of always going to be. Many times you rewrite your Unix password software, if somebody could just go trash outside and get a password, problem. All right, let's go to the phones. Our phone number is 212-279-3400. We're talking with Bruce Sterling, author of The Hacker, Crackdown, Law and Disorder on the Electronic Frontier. Good evening. You're on the air. Yes, I am. I'm concerned about the attitude that you generally express on the show that sort of you try to bend over backwards to find rationales for people to basically go poking into people's systems where they don't belong. I mean, you can talk about the search for knowledge, but I think that if you were really concerned about the search for knowledge and hackers are so far superior in their ability to make good computer systems, then I think hackers ought to compete with each other to break into their own systems and stay the hell out of commercial systems. Well, they do break into their own systems and they do compete on that level, but I think you're missing the point because hackers aren't interested in breaking into people's computer systems or interested in breaking into, you know, large systems to discover how they work and learn how they work. They could buy books and find out how they work. I mean, they say that the systems are lousy designs because they say, well, we can break into them. It's no big deal. And I mean, you tried the people and say the systems are poorly designed. So if they're so poor, what's the educational value? No one's saying the systems are poorly designed. They're saying the security is poorly designed. Right. But if you're if this guy is saying that it's basically hopeless to be, I mean, if you make a system so secure that people can't use it, nobody can get in. I don't know if that's a fair statement to make, but... That's a perfectly fair statement, sir. Well, that's the point I'm trying to make. I don't think I should have to put 12 locks on my door just because you want to practice locksmithing. I don't want to put 12 locks on my door either. Well, now we're going into this whole house analogy here, which I've never accepted and I never will. A computer system is not a house. It's a rather a gathering place for information of all different kinds, lots of information about people who don't even know they're in there. And I think if you're going to draw any kind of analogy, the office building that's unlocked is a much better one than the private house. Hackers do not go around breaking into people's PCs. I'm not saying they do. I'm talking about people who own corporations or people who own companies and they've got computer systems in there. There are people involved at some point. You can depersonalize it all you want, but there are people there at some point or other, and nobody has a right to go poking in other people's property. Right, but you would never give that company credit if they left their file cabinets outside by the curb. You see, and that's what they're doing. They're leaving their computer systems wide open. They're not saying, you know, if somebody puts something out by the curb, that means they don't want it. They're throwing it away. But what they're doing is this thing is on their property. You found out some surreptitious way to go in there and invade their system. So if they leave their file cabinet outside their front door unlocked, then they're taking precautions because it's on their property. If we're going to use a property analogy, let's say, suppose they leave it inside their building unlocked and you go in there, that's trespassing, whether they've locked the door or not. Well, I've walked into plenty of office buildings and not been arrested for trespassing. I mean, it's I just don't think that's much more happy with this file cabinet analogy than I am with the house analogy. I just think that it seems like you're trying to rationalize an activity that I would suspect has a lot more to do with prurient interest than it does with the search for knowledge. I think that if people want to search for knowledge, their library is full of books on computer systems of design, and they don't need to go messing around. There's a difference between reading and doing. I understand the concern here, but you have to understand that you can't read a book on computer systems and become an expert on computers. You have to have hands-on access. And a lot of these people, a lot of these hackers that are breaking into these systems are people that have no access. This is the only way they can learn, and they do not go out and destroy things. Many times they know more about the systems and the people running them, and there's lots of cases where they actually help. Well, maybe their intent isn't to be destructive, but I think what they're doing is they're setting up everybody for a fall when it comes to this stuff. It makes everybody paranoid, people who don't know anything about computers. I think our reaction is what does that, and I think that's the real problem. We have to understand where these people are coming from and what their intentions are and realize that they're not out to mess up systems. They're out to learn about them and to ultimately help. I think they ought to get permission from the people who they're getting involved with before they do it. Maybe that would solve some of these problems. Maybe they should do it above board instead of saying, well, pardon me while I try to pick the lock on you. I still think we need physical examples. Well, the greatest businessmen and the greatest explorers of all time never got where they are today by asking permission for everything they did. I suppose. Well, I guess we differ on this. I just don't think it's a good thing to get involved in person. I take your point, sir, and I worry about hackers, and I do worry about hackers. My main difficulty is that I also worry about the police coming to take my computer. Well, that's what's provoking these guys. You give them any kind of an excuse they can get. I mean, if you're doing something that people can construe as an activity that seems criminalistic, I mean, that's the analogy I take, and I'm not against the idea of hacking. I mean, it interests the hell out of me, the idea that to have the kind of control that you can slide into a system unobserved. In a paranoid society, virtually any action can be construed that way. Acid Freak, you've got something to say. Yeah. One thing I think we're forgetting to note is that hackers aren't the only ones that are breaking into systems, and it's basically the hackers who are actually field-testing the systems. If these systems weren't field-tested, they would just be left in the first stages of development and be half-assed all the way through. There's reasons why there are updates. It's an advance in technology. That's a good point. The next time you think about hackers and how horrible they are breaking into systems, think about what would happen if a hacker never broke into a single system. Where would we be now? We'd still have the same bugs we had 20 years ago. Exactly. And not only that, but we'd be building upon those bugs and using them as a foundation. Let's go to another phone call. Good evening. Hi, I'd like to speak to Emanuel. Well, you're on the air now, so we're all here. Hello. The sir spoke of an instance in which one should come above ground with information to help security. Now, in instance, last Wednesday, are you familiar with the UAP system? The UAP system? Yeah, that's the University Applications Processing Center in New York City. Okay. That holds the New York City high school grades. Well, I came forward to my school with information on their lack of security, and they experienced a break-in last Wednesday. Several accounts were locked out, et cetera, and I was immediately pulled from class, being the number one suspect, harassed. I was threatened by the assistant principal in charge of security, as opposed to years in jail, and they were questioning me. I want to know how I knew this information. So I just want to say that coming above ground may not be the best way. I believe that sometimes a demonstration is necessary to be taken seriously. Bruce Sterling, any response? How did he do it? Uh, did, uh, did what, I'm sorry, did what occur? Guilty, man. Are you the one who threw everybody out of their machines? No, not at all. I was, uh, I had to- Hell did, man. I'm sorry? Do you know the guy who did it? Uh, I, I believe I actually, but that's not the point. But consider ratting on him so you wouldn't have any heat on yourself, man. No, no, they know nothing more than they did. All they know is that I didn't do it, but the point is they suspected me because of the knowledge I had. They- Oh, who did it, man? What does it matter who did it? Is that really the point? It doesn't matter much. Yeah, I think what he's saying is that because he had knowledge of something, he was immediately, uh, cast as somebody who would do something evil. And, uh, somebody who, I think it's a classic case of, uh, of those who, who are intelligent immediately being, uh, suspect. Exactly, and I don't know why- It's an unhealthy environment. For the trouble, I mean, right now, I mean, I don't think they, uh, they believe that I wasn't the one, uh, using, you know, various, uh- Sir, I mean, we still live in a society where you're innocent until proven guilty. They've got to prove that you did something. Now, do they have any evidence to prove that you did something? No, but that's enough to cause me aggravation. Just do social engineering, talking to people, um, they suspect- I mean, I mean, they, in their mind, they're sure that I'm the one, and that's just, uh, it just isn't right. I mean, does it take this kind of demonstration to, to show them that their security is weak? I mean, why can't I just come up and tell them and not have to go through this experience? That's a, that's a good question, and, uh, I know a lot of people have, have come up against that, where they have, uh, uh, problems because they know too much. The funny thing about this is that, uh, this was in the news a couple of years ago. This isn't the first time. This is about the, uh, third or fourth time that this has happened. I mean, when are they going to learn? This is, this has been the, with the, specifically with the UAPC machine, this has been going on for years and years, repeatedly, and either it's never detected, it goes unreported, or else they just hush it up, suspend the person, and just get rid of them. Well, it's, it's particularly of the, uh, security problems they have. Uh, I mean, even 22 Center Magazine has, you know, back issues of articles, all this information. Well, I think it was, what, back in 89 that we published an article, it specifically showing how people got into the high school grading computer system of New York City Board of Education. If I remember that. And, you know, if, if, if those bugs are still there today, I cannot for the life of me understand what, what's in these people's minds. I mean, we had, we had press conferences. We were on the news. We, we, we told everybody. We didn't try to hide anything. Yet, they still don't... Well, I'd rather try and punish the 12 guys who know this stuff. Uh, you know, of course, I know it's more than 12, but they think it's 12, that undergo the trouble and expense of improving their security. That's, uh, it's shocking. We wish you luck with, uh, and, and keep us updated in the future as to what, uh, what exactly happens, uh, with that particular case. Let's go to another call. Good evening. Hi. Um, I just, uh, want to really an experience that I had with, um, while I was at college. Um, I, um, uh, me and another, uh, student had designed a program. Uh, we used a VAX DMS system and we designed a program for our, um, own use with electronic mail that would tell you who is on the system. It'll, um, like 50 people could be on the system at once. And what this whole program will do is we'll tell you where the people are on what building they're located on and, and, um, and where they are and what their names are. And, um, the, the, you, the systems manager had taken away the privilege of one of the students, which was my friend that, uh, helped me design this program. And, uh, what had, he had thought was that he had been, uh, breaking into somebody's account, which was mine because I gave him access to my, uh, uh, account. And did he check first before he, uh, he punished this person? He did, uh, cause we were working together. I'm saying did the system administrator check first? Uh, I don't know. Well, did he contact you and say, does this person have permission to be in your directory or whatever? That was not the case. It was something else. Oh, okay. But the thing was that he, he had assumed that, um, you know, he had done something. So he had sort of assumed wrong. I see. So, so what, is there a point you want to make about this? Oh, actually the point is sort of that, um, because I'm, uh, happen to know a lot, um, somebody, uh, uh, had asked me, um, uh, oh, I, I had done something on a computer and somebody asked me, uh, one of the people who works in the main, you know, operations, uh, did I do something to the disk? Uh, uh, uh, something with the disk system. And I told them that I didn't cause I've been, you know, I like to play with commands and try different things. And, uh, because I had known a lot about the system. So basically it sounds like another element of suspicion thing. Right. I see. Well, uh, that kind of thing is, uh, is, is prevalent, uh, and, and spreading all over the place. And, uh, just another instance, we're almost out of time here. So Bruce, I want to give you the opportunity to, uh, to give any closing remarks that you want to give and, uh, tell us about the book a little bit more, who publishes it and, uh, that kind of thing. Well, I hate to hesitate to plug the book. Uh, you know, I think it's, it's an okay book, but it's not as good as 2600 magazine. Aw, shucks. Well, I don't know if you can really compare it to- I read 2600 religiously. I think it's a swell magazine. It's truly hilarious. Uh-huh. Well, we, we do try to inject humor into it and, uh- I think it's, it's convulsively funny. I would say that I do encrypt everything on my own machine that I think might be of interest to a police official. You recommend encrypting? I recommend encrypting very strongly. I, I have, you know, the gravest doubts about what it will mean to society as a whole when, when the government and corporations begin encrypting stuff in mass. But I think that if you are, if you have other people's mail on your system, if you have private email that you've received from other people on your system, if you have, as I do, journalistic interviews with people on your system, and you could, other people might be hurt if some unauthorized person looked into your machine, I think you should encrypt it. It's cheap to do. It's easy to do. Uh, you know, it's, it's sort of a hassle, but, you know, before you start bitching and moaning about other people's lousy security, I think you better look to your own. Okay. We're going to be, uh, focusing on encryption in weeks to come. I want to thank you, Bruce Sterling, author of The Hacker Crackdown, Law and Disorder on the Electronic Frontier. Thanks a lot for having me on, man. Okay. And, uh, that book is out. It's, uh, it's on, uh, what's the, what's the publisher again? Oh, it's Bantam. Bantam. That's it. For 23 bucks. And, uh, yeah, you can find it in most bookstores, and we'll be talking about it in weeks to come. Again, thanks for being on the program. Sure, man. And it's going to just about do it for us here tonight, uh, off the hook. We'll be back again next week. For now, stay tuned for The Personal Computer Show. This is Emanuel Goldstein. See you next week.