In 1982, Mitch Kapor founded Lotus Corp. marketers of the best-selling spreadsheet program, LOTUS 1-2-3. on July 10, I990, together with Grateful Dead Iyricist John Perry Barlow, and Apple co-founder Steve Wozniak, Kapor announced the creation of The Electronic Frontier Foundation. Their goal was to "bring law and order to cyberspace." They were respording to a series of Federal law enforcement actions publicized under the banner "operation Sundevil." These raids showed a disturbing lack of understanding of computer technology and a cavalier attitude toward the First A mendmen. The EFF came to the defense of Steve Jackson and Craig Neidorf. (See "Did Thomas Jefferson Wear Mir- rorshades, or Why is the Secret Service Bsting Pu- lishers?" Loompanics Catalog, 1991.) They filed an amicus curiae brief in the case of Len Rose, a program- mer who was swep up in the raids. The EFF has also spoken up on issues relating to the policies of Prodigy, a BBS run by Sears and IBM, because Prodigy has cen- sored messages among its clienls. (See, for instance, "When is Gardening a .Subversive Act?", New York Time, Jan. 31, 1991.) In addition, the EFF helped the state of Massachusetts draft a computer crime law which can .serve as a model in balancing property and free speech interests. (This interview was conducted via e-mail in the .Sum- mer and Fall of 1991. Supporting Kapor was EFF legal counsel, Mike Godwin)

MAROTTA: The EFF engaged in three highly visible actions. You helped Craig Neidorf, Steve Jackson and Len Rose. How do you see the differences in the issues raised by each case? What attributes do these cases share?

KAPOR: There are some common elements among these three cases, not the least of which is that they all arose from the same set of investigations: the E911 cases. These cases are all connected. in one way or another, with the purported theft of an online document concerning the Emergency 911 system. The government maintained that this information was both secret and dangerous in the wrong hands. Craig Neidorf was prosecuted because he published the document in his online newsletter, Phrack. The government chose in that case to characterize Craig as a conspirator who received stolen property but a better analogy would be to the New York Times editors who received the Pentagon Papers. First Amendment rights were directly implicated by the Neidorf case, which also raised issues of the propriety of the government's un- critically accepting the "victim's" valuation of the "stolen property." (Bell South initially valued the E911 document as worth nearly $80,000; it was discovered during preparation for trial that the information in the document was publicly available for less than $20.) Steve Jackson Games, unlike Craig, was never charged with (or suspected of) wrongdoing. But the E911 investigations led the government to a BBS run at home by an SJG employee. Without any apparent probable cause to search the company, the government nevertheless did so, resulting in the company's near- bankruptcy and the months-long delay in publication of the company's latest game book, GURPS Cyberpunk. The government also seized and searched the company's bulletin-board system, which SJG used to maintain con- tact with its writers and customers, and which was also used for general discussions and electronic-mail cor- respondence. Thus, the case involves Steve Jackson Games' First Amendment and Fourth Amendment rights, and the users' rights of freedom of association and e-mail prlvacy. Our formal involvement in the Len Rose case in- volved a narrower issue: whether the Computer Fraud and Abuse Act is unconstitutionally broad. Len Rose was prosecuted on the basis of e-mail seized in Craig Neidorf's student account at the University of Missouri. In that e-mail, Rose explained how a program called login.c could be modified to capture users' passwords. EFF was concerned that the federal statute in question seemed to forbid people even to talk about ways that computer security could be breached--we regard this as an unconscionable breach of First Amendment rights, and filed an amicus brief to raise that issue. The case was settled, however, before the issue could be resolved by the court. The three cases differ on the particular facts, but they all arose out of the same set of investigations, and they all implicate First Amendment issues.

MAROTTA: You focus on the First and Fourth Amendments. The Ninth is the one that says you have more rights than are listed in the Bill of Rights. Wouldn't that include the right to privacy?

KAPOR: The Ninth Amendment seems to be less a guarantee of additional rights than a rule of interpre- tation for the other Amendments. But regardless of the source, the right to privacy is a right that's (still) recog- nized by the Supreme Court, and it's protected both in Constitutional law and in some federal and state statutes. And, if you'll recall, the reasoning behind the Court's recognition of the right to privacy in Griswold v. Connectlcut is based in part on interpretations of the First and Fourth Amendments, so we can't focus on those Amendments without raising privacy issues. The First Amendment has been construed to guarantee free- dom of association, and privacy is necessary for much of the exercise of that freedom. MAROTA: Well, if the police torture a confession out of someone who is "really" guilty, we let the accused go because that is better than living in a country where the police are allowed to use torture. So some people have said, "Yes, their rights may have been violated, but these hackers were still violating property rights." In truth, however, isn't it plain that the First Amendment would completely cover Craig Neidorf as the publisher of Phrack ? In other words, you have a right to receive mail? And that would apply to Steve Jackson and Len Rose as well?

KAPOR: This is really two questions, it seems to me. The first question, about defendants' rights, points to one of the hard things we always have to deal with when we try to keep our criminal procedure within the bounds of the Constitution. Basically, we have to work to protect the rights of people who may turn out to be guilty in order to protect the rights of the innocent. The issues that are being raised in the prosecution of hackers now will affect everyone's understanding of our rights in the future, so it's important that we get recognition of those rights now. ' The issues that are being raised in the prosecution of hackers now will affect every- one 's understanding of our rights in the future, so it* im- portant that we get recognition of those rights now. " The second question, about the First Amendment, deserves a qualified "yes." The First Amendment doesn't "completely cover" anything, but it seems certain that Neidorf would qualify as a publisher under any reasonable interpretation of the First Amendment. This does not squarely apply to what he was accused of, however -- the government alleged that he had conspired in the theft of information from Bell South. Absent a conspiracy charge, it is certainly the case that a publisher is not breaking a law if someone gives him information. l'm not sure how you're connecting the Steve Jackson and Len Rose cases, which have different facts, to Neidort's.

MAROTTA: Len Rose was indicted under the Com- puter Fraud and A buse Act. This law specif cally forbids communicating the methods of frau Wouldn't this apply to mJstery stories, as well? "Absent a conspiracy charge, it is certainly the case that a pub- lisher is not breaking a law if someone gives him informa- tion. "

KAPOR: The original provision of the Computer Fraud and Abuse Act, which seems to forbid ''traffick- ing" in information that could be used to break into a computer, is certainly overbroad, and probably uncon- stitutional. Yes, it would seem to ban certain kinds of mystery stories or discussions of computer security. However, Len was originally indicted under the CFAA, but his superseding indictment focused on wire fraud. The Wire Fraud statute does not specifically forbid communicating the methods of fraud. Only the CFAA does that. "The original provision o the Computer Fraud and Abuse Act, which seems to forbid 'trafficking' in information that could be used to break into a computer, is certainly over- broad, and probably uncon- stitutional. Yes, it would seem to ban certain kinds of mystery stories or discussions of com- puter security. "

MAROTTA: ell, fhen, to what do JOU attribute the zeal with which law enforcers are willing to ride rough- shod over the Bill of Rights TheJ aren't busting Pocket Books for publishing NancJ Drew and the ardy BoJs. Why are the chasing computensts? "It's important to remember that law enforcement doesn't see itsey as opposed to the Bill of Rights. Their attitude tends to be 'If we haven 't been told by the courts that we can't do this, we can do it. "'

KAPOR: It's important to remember that law enforce- rnent doesn't see itself as opposed to the Bill of Rights. Their attitude tends to be lf we haven't been told by the courts that we can't do this, we can do it." There's a certain amount of resistance to the notion that law enforcement should be respectful of First and Fourth Amendment rights in contexts that haven't been addressed by the courts. They expect the adversarial process to resolve any tricky rights issues over the long run, resulting in guidelines for them to follow. The problem is that, while they usually try to be sticklers about the rules that already have been laid down, they tend to "push the envelope" in gray areas like computer-crime searches and seizures. Not until case law clearly establishes the rights of computer owners and users will this problem be resolved.

MAROTTA: What are the issues in the Prodi case?

KAPOR: Although EFF is not involved at the moment in any activities directly relating to the Prodigy dispute, we believe that the dispute touches some basic issues with which we are very concerned, and that it illustrates the potential dangers of allowing private entities such as large corporations to control or even set the tone for the market for online electronic services. Prodigy management has hired editors 'with journal- istic backgrounds" to review messages for suitability before they are allowed to be publicly posted. The mem- ber agreement allows the management to limit public discussions of topics and to edit postings of individual rnembers for obscenity or illegal content... or for any- thing else, at Prodigy's discretion. The result of this broad management prerogative? One member is reported to have had his posting about population problems in Catholic countries censored, presumably out of the editors' fear that Catholic users would be offended. More significantly, some whole discussion topics, including a debate between Christian fundamentalists and gay activists, have been removed without warning from thc conferences. The initial solution to the censorship problem was simple: Take the discussions to e-mail. Prodigy users began to rely on a mailing-list feature of the program to continue their (now-uncensored) discussions. But soon a crisis had brewed. The Prodigy users who had been told to take their no-longer-welcome public discussions to e-mail were now being told that they wouldn't be able to use Ihe e-mail service at the flat rate any longer. The result of this policy change was predictable: irate Prodigy users began to protest, complaining on Prodi- gy's public boards about the new usage fee and at- tempting to organize a write-in campaign notifying Prodigy's management and-- when management turned a deaf ear to their protests--- its advertisers of their disaffection. Prodigy management responded by terminating the accounts of 12 of the protestors, claiming that the protestors had violated their member- ship agreements, which forbade "harassment." "The Prodigy experience to date reveals a serious mismatch between the expectations of Prodigy's management and its customers. " The Prodigy experience to date reveals a serious mismatch between the expectations of Prodigy's manage- ment and its customers. Here the market clearly seemed to want unrestricted puWc conferencing and electronic mail. But as demand for these features has mounted, the supplier, rather than trying to satisfy its customers, has cut back on the features' availability because it did not correspond to or fit with the company's view of the purpose of the service. To the extent to which this type of thinking is representative of the general way large commercial interests may offer on-line services, it clearly represents a tuming away from the use of digital media as open forums of public communication. In the extreme case, in a situation in which Prodigy and its commercial competition all choose to censor and control communication on their services, the public interest will not be well served.

MAROTTA: How does Prodigy essentially differ from any other BBS?

KAPOR: With respect to the large degree of control it has chosen to exercise over its subscribers' postings, Prodigy is at the far end of the spectrum of BBSes. At the opposite end are those BBSes which are entirely free forums in which postings are never rejected or removed by the sysop. Most BBSes fall somewhere in the middle, with sysops foregoing prior review entirely, but reserv- ing the right to remove messages (although this rarely needs to be done). Prodigy is different because it has chosen to employ a newspaper/magazine metaphor on its service. It is clear that Prodigy management was originally uncomfortable with the notion of a free forum; they chose to describe their service as a "publi- cation" rather than as a forum precisely because they want to have an editor's prerogatives to dictate, absolutely, what the content of the "publication" will be. We hope that they will reconsider this posture and loosen up.

MAROTTA: What is EFF's interest?

KAPOR: We at EFF do not dispute that Prodigy is acting within its rights as a private concern when it dictates restrictions on how its system is used. We do think, however, that the Prodigy experience has a bearing on EFF interests in a couple of ways. First, it demonstrates that there is a market--a perceived public need--for services that provide electronic mail and public conferencing. Second, it illustrates the fallacy that "pure" market forces always can be relied upon to move manufacturers and service providers in the direction of open commun- ications. A better solution, we believe, is a national network-access policy that, at the very least, encourages private providers to generate the kind of open and unrestricted network and mail services that the growing computer-literate public clearly wants. One way to implement such a policy would be to limit legal liability for service providers who merely store and forward their users' public and private messages. With such a policy in place, Prodigy management might be more comfor- table with the risks of providing a relatively unregulated public forum. "We at EFF do not dispute that Prodigy is acting within its rights as a private concern when it dictates restrictions on how its system is used. We do think, however, that the Prodigy ex- perience... illustrates the fallacy that 'pure' marketforces always can be relied upon to move manufacturers and service pro- viders in the direction of open communications. "

MAROTTA: It is easy to agree that Prodigy has a narrow viewpoint of computing They are not my service, that's for sure. In fact, I have been kicked off FidoNet Echoes I was bounced from the Virus Echo for saying that self-reproducing programs have merit. I was ex- cluded from the Stock Market Echo for saying that Ivan Boesky is a political prisoner. I have run afoul of the Communications Echo for posting about EFF. Are you going to identify FidoNet as a restrictlve system? I think they'd say that I have a perfect right to buy a computer and start the Mike Marotta Echo. As long as I am a guest, do I not bear a responsibility to observe the rules of the house?

KAPOR: The mention of guests and houses is clearly a metaphor. Responsibility in the online world should be a function of the details of a particular situation, not a metaphor. I don't know what else to say about this.

MAROTTA: In "Crime and Puzzlement" by John Perry Barlow, the ignorance of law enforcement people is noted. There was a case on the West Coast where a BBS closed and the number was given to a doctor's off ce. Then the police busted people who called the old BBS number, on the grounds that they were trying to break in to a medical computer system. The police pleaded ignorance of computing (ne of the EFF's primary goals is to bring law and order to cyberspace. Have you been able to bring computer literacy to law enforcement?

KAPOR: There's no question that the law enforcement community itself is trying to increase its computer literacy--they hold frequent seminars about computer crime, for example, and there are a number of publica- tions, available from the National Institute of Justice and elsewhere, that are designed to bring law-enforce- ment offcials up to speed on computer crime. The problem has been that these education efforts are a bit one-sided--- they focus on the means of committing and of investigating and prosecuting computer crime, but they tend to give little or no time to the civil-liberties issues that are raised by such crimes and by those investigations and prosecutions. "Even when law enforcement knows how not to make mis- takes in handling and examin- ing sof tware and hardware, they may still engage in over- broad seizures or overlook the First Amendment significance of bulletin-board systems or the statutory restrictions on searches of electronic mail. " So, even when law enforcement knows how not to make mistakes in handling and examining software and hardware, they may still engage in overbroad seizures or overlook the First Amendment significance of bulletin- board systems or the statutory restrictions on searches of electronic mail. At EFF we're trying to fill that gap by publishing articles ab2ut search-and-seizure law and policy, and by conducting speaking events in which these issues are raised. We also hope that the Steve Jackson case will settle some of the issues about what a computer crime investiator ought to be expected to know.

MAROTTA: NREN is he National Research and Education Network, a proposal tha is likely to pass Congress and be approved by the President. You ex- pressed reservations earlier because many decisions seem to be made by default on this. NREN will be built with public money and it will be administered by a private company. It seems that this contract will go to ANS, Advanced Networks and Services. ANS was founded by Merit, IBM and MCI and in turn, ANS sub- contracts management oJ the National Science Found- ation's NSFnet back to Merit. The president of ANS is Alan Weis, formerly of IBM. How is NREN in the 21st century essential/y different from railroads of the 19th? More to the point, Western Union began with some government contracts and after the Civil War, Washing- ton signed over to them thousands upon thousands of miles of line built with public funds. NRF_,N seems like a tune we've heard before.

KAPOR: ANS has the contract for the NSFnet back- bone, which expires in October 1992. NREN funds will go for many things, including gigabit networking. It's possible NREN funds may go to ANS, but this is not the ANS danger. The danger is of the government handing ANS an advantage over commercial corn- petition. This would be unfair and must not be allowed. There has to be equal access for all commercial carriers to any government-supported network.

MAROTTA: Well as long as there are people like EFF out there, I suppose the door is shut on cyber-fascisr For one thing, Bifnet and Usenet on the Internet already support fairly open communication. These people see FidoNet as "priestly," while FidoNet's moderators are restricted from inserting their own viewpoints the way Usenet moderators do. So we have varying degrees of openness. The folks at Merit are very proud of the fact that .so much NSFnet and Bitnet traff c consists of file transfers, people getting and sending data from and to open systems with public accounts for what they call "Anonymous FTP." So, overalL then, do you see EFF as the focal point, as the expre.ssion, of a general tendency towardfreedom in cyberspace?

KAPOR: It's not the focal poin, but it's a focal point for freedom in cyberspace. Electronic Frontier Foundation, Inc. 155 Second Street Cambridge, MA 02141 Internet address efl-@well.sf.ca.us