Founded By: | _ _______ Guardian Of Time | __ N.I.A. _ ___ ___ Are you on any WAN? are Judge Dredd | ____ ___ ___ ___ ___ you on Bitnet, Internet ------------------+ _____ ___ ___ ___ ___ Compuserve, MCI Mail, \ / ___ ___ ___ ___ ___________ Sprintmail, Applelink, +---------+ ___ ___ ___ ___ ___________ Easynet, MilNet, | 06MAR91 | ___ ______ ___ ___ ___ FidoNet, et al.? | File 71 | ___ _____ ___ ___ ___ If so please drop us a +---------+ ____ _ __ ___ line at / \ ___ _ ___ elisem@nuchat.sccsi.com ------------------+ __ Editors: | _ Network Information Access Judge Dredd | Ignorance, There's No Excuse. Lord Macduff | ------------------+ Issue 071 :: Volume 02 "The liberty of the press is not confined to newspapers and periodicals. It necessarily embraces pamphlets and leaflets....The press in its historical connotation comprehends every sort of publication which affords a vehicle of information and opinion." -- Lowell v. City of Griffin, 303 U.S. 444, 452 (1938), quoted by Mike Godwin in comp.org.eff.talk ============================================================================= 1. Index .......................................................NIA Editors 2. Analysis of the 4-wire Line - An Explanation ........Donald E. Kimberlin 3. Using the UK Academic Network PSS Gateway ......Scantronics Publications 4. DoD Trusted System Evaluation Criteria [02/02] ..............Judge Dredd 5. List of Texas Internet Sites ...............................Lord Macduff 6. Steve Jackson Games vs. Secret Service....................EFF Foundation 7. Editor's Comments ...........................................NIA Editors. ============================================================================ / / / File 02 / NIA071 / / The Four Line - An Explanation / / Donald E. Kimberlin / / / [Editoral Info: Mr. Kimberlin has been a broadcasting engineer since 1957, with added time at AT&T in international communications, later at ITT preforming the same work with international cables and satellites. Then manufacturers of communications equipmnet as an export marketer to the government PTT's of 70 countries on five continents.] It seems many participants thought such a transmission circuit is a rather special form of transmission medium; one infrequently used and perhaps of exceedingly high cost. What follows is an attempt to describe what is actually a rather common and age-old technique in a way that might help readers know how to use it for their own benefit. Most people involved with telephony have only been exposed to local use, adn even local subscriber line physical plant, where a single pair of wires is used for a dial subscriber line for one over- riding reason: The cost of providing service to the majority of users, people who simply want dial voice-grade telephone service. Were the local telephone exchanges to use a "four-wire line" to each and every subscriber, we could have a far more idealized Public Switched Telephone Network (PSTN - the proper CCITT name). We in the US often mistitle the PSTN as "DDD," which actually is the Bell acronym for Direct Distance Dialing (long-distance subscriber dialing, called STD in the UK, or a close equivalent in other nations). Transmission losses could have historically been much less, as there would be no echoes to combat. We would transmit in one direction on one pair and transmit in the other direction on the other, without interaction between the two directions. However, to provide such a plant would require double the literally millions of tones of copper wire that have been installed worldwide. The economic cost factors are obvious. Paying for the local cable plant has been a major cost factor for public telephone networks worldwide. (Other alternatives such as fiber and coaxial cable used by cable TV companies are making some change, but the millions of tons of copper are already there ... and ISDN is planned in a way to try to continue to use that imbedded investment. So, a local telephone plant uses only one pair per subscriber. In engineering terms, it is far from a perfect transmission line. The main reason is that no transmission line operates at its normal electrical "impedance" until it is a significant portion of an electrical wavelength of the signal it carries. Studying a beginning physics book will show that one wavelength at 3000 Hertz in a perfect line is 61 miles, and at 300 Hertz, it would be 610 miles! (Another factor called the "propagation velocity" even stretches this _much_ more in practical wire.) Obviously, to have even reasonably well-matched wire would not be reasonable, and it wasn't at all economical in the developmental era of the PSTN. So, this network evolved assuming some very large tradeoffs were needed. An electrical transmission line has one interesting characteristic just opposite from water pipes or acoustical guides (hollow tubes). Instead of an open distant end letting all the energy spill out, an open-ended electrical line _reflects_ all its received power back toward the source. A shorted line absorbs all the energy (as you find out when you short a power line and blow the fuse!). What this characteristic means to telephone transmission is that with lines as short as they must be in local plant, echoes are reflected back toward the speaker, subject only to the losses they incur rattling back and forth. They really are pretty high, but we don't notice them. The reason: Echoes that return to our ear in less than about 10-15 thousandths of a second are heard by us a part of the outbound signal ... we just don't hear them. Local connections are short enough that for general telephony, echoes can be largely discounted, even thought they are there. Very early in the development of longer transmission paths, it was learned that transmission losses mount rapidly when one really does have miles and miles of wire to talk on. In intercity transmission lines, use of electronics to amplify the signal as intervals was seen to be mandatory to achieve commercially successful "long lines." Thus, as soon as the three-electrode vacuum tube was available, the telephone industry had a very real interest in it, and pressed to realize its use as soon as possible. (In fact, a Bell Labs worker contributed "negative feedback" to the early vacuum-tube circuitry, making the "tube" a controllable, useful technology instead of a physics lab curio.) But, the vacuum tube (as its descendant, the transistor) has one limitation. It can pass a signal in only one direction, a characteristic that happens to match that idealized "four-wire" transmission line. So, "long lines" very early on (in the 1910-15 time frame) all became "four-wire lines." They did, however, have to interface to the echo-prone and less controllable local "two-wire" (single pair) telephone networks. The method devised was the "hybrid," in telephony mostly an arrangement of trans- formers that had three windings, one for the local two-wire side and one each for the sending and receiving "long lines." Now, echoes were a real problem. Not only would echoes from the local two-wire line take long enough to return to the distant city to be heard, but impedance mismatching of the two-wire local line to the transformer could cause received distant signals to reflect right in the transformer back down the transmitting channel as well. "Echo control" became a major topic in handling "long lines." (The trick is to add a fourth winding set to the transformer with an "artificial line" that is adjusted to create the match. In telephony, its name is a "balancing network." All this sort of work was at first (and for decades) the work of the "long lines" people. Very little of it was in the hands of the local people. The "long lines" people were AC and electronics people, while the local people were DC and electrical people. The oeprational reasons for having a "Long Lines Department" are obvious in this context. As multichannel "carrier systems" evolved (and early, too, beginning around 1915 between Toledo, Ohio and South Bend, Indiana in the US), their intrinsic electronic transmission using vacuum tubes made a "four-wire" (of virtual wires, certainly) a commonplace in intercity transmission. And every "carrier system" since the beginning has been made of "four-wire" paths ... set up in pairs of channels, one for each direction of transmission, needing that "hybrid" function at each end to connect to the local plant. In intercity (and more so international) carrier systems, a "line" transiting a junction point can be (and is) connected on a "four-wire" basis, either _through_ a "four wire switching machine" for PSTN temporary connections, or hard-wired _around_ the switching machine if the use is a semi-permanent "special services" circuit, like a dedicated data line or indeed, a permanent speech circuit, as is CNN's "four-wire line," our subject here. At the end points, one local pair is used for each direction of transmission ... at a price reflective of using twice the local plant. Local wire pairs ... "loops" ... for "special services" are expensive to rent. After all, they are no longer available for the local telco to derive PSTN revenue on. If reaching the "long lines" point of presence (now called a "POP" in American jargon) requires use of local wire (nowadays local carrier channels) across a city, these are no longer available for "trunk" use between local PSTN exchanges, considerable revnue potential is lost, and is going to be paid for. Thus, many speech-only "private circuits" do have a hybrid in the "POP" and use only one local pair anyway ... but are STILL "four wire channels" between cities. The British have some excellent descriptive terminology we Americans never developed. They speak of transmission circuits as "two wire presented" or "four wire presented" to the end user. These terms, of course recognize that long circuits are all "four wire," regardless of how they are 'presented" to the end user. What are the advantages of "four wire presentation?" Avoidance of the electrical echo bugaboo. And, part of the "control" of echoes in "two-wire presentations" is to deliberately insert transmission loss to make the echoes a bit lower, so "four wire presented" channels can have less loss and sound louder ... and deliver the received signal higher above the noise ... making the signal sound "cleaner." This of course is why high-quality dedicated data circuits are four-wire presented ... to give the modem signals the most advantage possible. Hopefully, if you have persisted through this longish explanation, you now know that the "four wire line" is indeed not rare at all. Rather, it is the norm between cities, and especially between nations. You know it isn't new. It's just that most people have never seen one. Improvements in the local plant (including widespread deployment of digital carrier, the "T" carrier so often spoken of today) have made extension of the "four-wire line" right into your local exchange a reality in most places, so even your PSTN phone sounds much louder and cleaner than it did twenty years ago. That's what solid-state electronics coupled to digital transmission did for us all. Those who really _needed_ the advantages of "four-wire" have used it for a long time. Major examples were the FAA's network of dedicated lines that had to be interconnected at random (reflected in Bell parlance as the "FAA 300-type switching system), and the US military's AUTOVON network. While AUTOVON was based on four-wire switching machines throughout right to four-wire telephone sets, economics even there forced the allowance of two-wire user lines and telephones for voice-only stations, and many AUTOVON lines wound up being four-wire. But, AUTOVON also has many "four-wire" user stations where dedicated-line type "full-duplex' data modems can be used. For those who really want to learn more, I recommend the following books: 1.) "Basic Carrier Telephony" by David Talley, a real chestnut of telephone transmission for the non-technical reader who is weak on physics. Originally published by Hayden Book Company as their stock number 5749 (Library of Congress catalog number 60-10470 in its second edition, I understand that Wiley in New York has republished it and finds several Telcos use it for textbook for technicians. 2.) "Understanding Communications Systems," by Don L. Cannon and Gerald Luecke, originally published and sold by Radio Shack stores as part number 62-2018 (ISBN 0-89512-035-6) for $2.95, this book has been republished by Howard Sams at Indianapolis for about six times the price in hardback. It uses far less classic "telephonese" but has excellent ways of showing how analog and digital transmission are far more related than most non-technical people can understand. I recommend both of these books to the harried educators on here who are frustrated in finding short texts for introductory curricula. ============================================================================ / / / FILE 03 / NIA071 / / Scantronics Publications / / How to Use the U.K. Academic Network / / Packet SwitchStream (PSS) Gateway / / and PSS Address List / / Submitted By: /. The Gateway consists of a computer which holds a communications program and sits between two networks (JANET and PSS in this case). This allows the user to bridge the gap between the networks and access target computers on the other network. It is important to realise that there are two ways of communicating with the Gateway - you can make calls TO the Gateway computer to access its limited user facilities or you can make calls THROUGH it to a target computer on the other network. The Gateway operates as a Transport Level Gateway in accordance with the 'Yellow Book' Transport Service. However the present implementation does not have a full Transport Service and therefore, there are some limitations in the service provided. For X29 which is incompatible with the Yellow Book Transport Service, special facilities are provided for the input of user identification and addresses. The Gateway is a protocol transparent link. This means that the Gateway cannot be used for protocol conversion; to do this a third party machine must be used. __________________ 2.1 Your Contacts If you have any problems, or if you want additional information contact the JANET Network Executive. You can reach them at the following address:- * By Post at . . . . . . . Network Executive, c/o Rutherford Appleton Laboratory, Chilton, Didcot, OXON. OX11 0QX * By Electronic MAIL to . . PSS Gateway Support@RL.GB The network address for RL.GB is 00000000210 5 * By Telephone on . . . . . Abingdon (O235) 446748 How to Use the U.K. Academic Network - Packet SwitchStream (PSS) Gateway _______________________________________________________ 3. Summary of Facilities Available across the Network The network offers a number of facilities. These are listed below for your information. * Facilities Provided by the Gateway Machine - Help Facility - Accounting Facility * Facilities Available on the Way Through the Gateway - Demonstration Facility - Addresses and Mnemonics * Facilities Available on PSS - Fast Select Facility - Reverse Charge Facility - Access to IPSS (International Packet Switch Stream) - Calls to Other, Non-Transport Service Networks * Protocols Available if Supported by Both Local and Remote Host Machine s - Network Independent File Transfer Protocol (FTP) - JNT MAIL Protocol - Job Transfer and Manipulation Protocol (JTMP) __________________________________ 4. Permission to Use the Gateway _____________________________________ 4.1 Authentication and Authorisation No unauthenticated use of the Gateway from JANET is allowed regardless of whether charges are incurred at the Gateway or not. Therefore to use the Gateway you have to obtain authentication (a userid and password) and authorisation (a call allocation) from the JANET Network Executive. This consists of: a. USERID b. PASSWORD c. USAGE ALLOCATION Note that the authorisation for PSS and IPSS is managed separately, although a single USERID may have authoristation for both. There is no restriction on access from PSS. How to Use the U.K. Academic Network - Packet SwitchStream (PSS) Gateway ____________________________ 4.2 Charging and Accounting There are 4 separate charging rates, which are: PSS full rate: PSS (FULL) PSS discount rate: PSS (DISC) TLXN: Telex access via Interstream 1. IPSS full rate: IPSS (FULL) Note that the TELEX access is expensive, as the cost includes the use of PSS, Interstream 1 and TELEX. Anyone who is interested in TELEX access should first discuss it with the Network Executive. To be able to make chargeable calls you must request a call allocation to cover the charging rates you want to use when you ask for your authentication. For calls that are free e.g. calls within JANET or normal charge calls from PSS you do not need an allocation. The PSS discount rate applies from 1800 to 0800 each night and all day on Sundays, Christmas Day and New Year's Day. The PSS full rate applies at ALL OTHER times. The IPSS full rate applies at ALL times for international calls. For details of the international rates to various countries consult Network User Note 2. If your allocation runs out during an active call, then that call will be cleared and all further calls at that rate will be refused. ______________________________________________ 5. How to Make Terminal Calls to the Gateway It is possible to make calls to the Gateway to access the HELP and ACCOUNT facilities. The HELP facility contains the whole of this user guide in its most uptodate form. The facility allows random scans of the document and searches for text within the document. The Account facility allows the user to inspect the state of his account and to change the password for that account. _____________________________________ How to make contact with the Gateway. If you are calling the RAL Gateway from PSS use the DTE address 234223519191. If you are calling the RAL Gateway from JANET use the DTE address 000000000040. If you are calling the London Gateway from PSS use the DTE address 234219200100. If you are calling the London Gateway from JANET use the DTE address 000040000040. Make a terminal call to the Gateway. How to Use the U.K. Academic Network - Packet SwitchStream (PSS) Gateway A title message will appear on the terminal announcing the Gateway, followed by the lines: OS4000+Rlix V30 PSS Gateway Logging in user If nothing appears, keep pressing until the above message appears. It is now possible to log in and use the Help or Account facilities. For details of these facilities see section 7 of this document. ___________________________________________________ 6. How to Make Terminal Calls Through the Gateway The method used to make a call through the Gateway depends on the type of PAD being used. If your PAD supports TS29 the procedure is simplified as this protocol allows you to make calls that can cross several networks via several Gateways. If your PAD supports X29 then if you wish to cross several Gateways you normally have to stop at each one before you can pass through it. However a special facility is provided using the Call User Data Field to allow X29 calls non-stop through the JANET PSS Gateway. Whichever protocol your PAD supports, you must have some way of generating a Transport Service Called Address for onward routing by the Gateway. _________________________________________ 6.1 The Transport Service Called Address To make a call through the Gateway you have to supply the following information in the form of a Transport Service Called Address to your local PAD. a. Netname: the name of the network you are calling. b. Authentication: consisting of Userid and Password in that order. This can be omitted for free calls. c. Host address: the network address of the remote host. The format of the Transport Service Called Address is as follows: (). These are explained below. _______ Netname This is one of the following: JANET to connect to JANET PSS to connect to PSS J an alias for JANET. How to Use the U.K. Academic Network - Packet SwitchStream (PSS) Gateway ______________ Authentication This consists of 3 fields which must be entered in the order shown. a. user id, b. password, c. A request for the call to be reverse charged. The last field is optional. ____ Note that the whole authentication string must be enclosed in parentheses. _______ Example (FRED,XYZ,R) Requests a reverse charge call (FRED,XYZ) Requests a chargeable call. ____________ Host Address This is the numeric address of the machine being called. However to make things easier the numeric address can be replaced with an alphanumeric mnemonic if one has been set up on the Gateway. _______ Example use RLGB instead of 000000002105 to call the Rutherford GEC 'B' machine use SALF instead of 234261643210 to call Salford on PSS. For a list of these mnemonics see JANET User Notes 5 and 6. Host addresses can be complex and it is possible to specify several Gateways that you must pass through to reach a specific remote host and/or the service required. Note that a point (.) must be used to separate the numeric addresses or mnemonics from the service names. _______ Example RLPA - this calls the Rutherford ICF Prime on Janet. RLPA.FTP - this calls FTP on the Rutherford ICF Prime on Janet. To connect to some machines, an X25 sub-address is required, which consists of a number of extra digits added on to the machine address. This can be easily entered on the Gateway by using the delimiter '-' at the end of the mnemonic address and then typing the sub-address. When the mnemonic is translated the delimiter is ignored and the whole address is converted into a continuous string. _______ Example Janet-69 is translated to 23422351919169 How to Use the U.K. Academic Network - Packet SwitchStream (PSS) Gateway _____________________________________ 6.2 Making Calls Using TS29 Protocol TS29 is the ideal protocol to use through the Gateway, since there should be no problem entering the Transport Service Called Address. However, first make sure that the machine you are calling will support TS29. When using this protocol for network terminal calls the service name of the TS29 server should be entered explicitly. _____________________ 6.3 The Full Address Combining all these factors a full address might look like this. J(FRED,XYZ).RLGB.TS29 ____________________________________ 6.4 Making Calls Using X29 Protocol X29 is incompatible with the 'Yellow Book' Transport Service and some PADS are unable to generate the Transport Service Called Address. When making an X29 call, the onward Called Address may be entered into the Call User Data Field of the Call. Some PADs, e.g. the British Telecom PAD are unable to generate a Call User Data Field longer than 12 characters and so there may not be enough space to hold all the information required. In this case, a Call must be established only as far as the Gateway, and a dialogue held with the Gateway to establish the next part of the connection. If your PAD can generate a Call User Data Field, then the first character of the text is treated as a delimiter, and should be entered as the character '@' followed by the onward Called address. _______ Example On a CAMTEC PAD one might enter:- CALL 00004000004096 D=@(FRED,XYZ).SOMEWHERE t make a call through the London Gateway to SOMEWHERE on PSS. ________________________________________ Overcoming Call User Data Field Problems With X29 PADs the onward Called Address can be supplied interactively at the Gateway without having to set up a Call User Data field. To do this the Gateway must be called with the correct X25 sub-address. This involves adding an extra 2 digits onto the normal 12 digit address of the Gateway. The sub-address for JANET is 69 and 96 for PSS. The Gateway will then prompt for the onward Called Address. The procedure is as follows: Call the Gateway using the correct sub-address: 23422351919169 to call JANET from PSS via the RAL Gateway 00000000004096 (or the mnemonic RL.PSS) to call PSS from JANET via the RAL Gateway. 23421920010069 to call JANET from PSS via the London Gateway 00004000004096 (or the mnemonic LON.PSS) to call PSS from JANET via the London Gateway. How to Use the U.K. Academic Network - Packet SwitchStream (PSS) Gateway The response from the Gateway will be the following message: Please enter your authorisation and address required in form: (user,password).address > Reply with the appropriate response. _______ Example (FRED,XYZ).SOMEWHERE As the X29 protocol is being used there is no need to include the service name X29. Authentication is not required for incoming calls to JANET. In this case the string (FRED,XYZ) can be omitted, note however that the address should still be preceded with a point. _______ Example .RLGB There is a timeout of between 3 and 4 minutes for this response after which the call will be cleared, however there is no limit to the number of attempts which can made within this time limit. If the authorisation or adress entered is invalid the Gateway will request it again. To abandon the attempt clear the call from the PAD. For further details of how to do this see Network User Note 11. You will find that on some PADs a 'call connected' message will appear on the terminal as soon as the call has been connected to the Gateway. This does not mean that you have made contact with your ultimate destination. When you have contacted the remote host the Gateway will show a 'Call connected to remote address' message. _______________________________________________ 7. Facilities Provided by the Gateway Machine __________________ 7.1 HELP Facility A HELP Facility is available which contains the whole of this guide in its most uptodate form. The utility which is used to view the guide allows the text to be searched for strings as well as allowing random movement about the document. There is also additional up-to-the-minute information and details of forthcoming changes. Use the HELP system from time to time to find out about changes which may affect your access to the machine. How to Use the U.K. Academic Network - Packet SwitchStream (PSS) Gateway To connect to the HELP system, simply make a terminal call to the Gateway as described in section 5 above. When the Logging in / User prompt appears type HELP. The following message will then be displayed. OS4000+Rlix V30 PSS Gateway Logging in user HELP ID last used Wednesday, 10 December 1986 06:11 Started - Wed 10 Dec 1986 11:15:55 Please enter your name and establishment. Enter your name and establishment. You will be then be presented with the following message. The following options are available: NOTES GUIDE TITILES ERRORS TARRIF HELP QUIT Which option do you require? The following list describes each command briefly. NOTES replies to user queries and any other useful information. GUIDE the complete Gateway user guide. TITLES list of JANET and PSS addresses and mnemonics ERRORS list of error codes that you may receive. TARRIF list of the PSS and IPSS charges. HELP is the HELP option. QUIT exits from the session. When you exit from the HELP facility by typing QUIT, the following message will appear. If you have any comments, please type them now, terminate with E on a line on its own. Otherwise just type CPU used: 1 ieu, Elapsed: 2 mins, IO: 1583 units, Breaks: 14 Budgets: this period = 10.00 AUs, used = 0.010 AUs, left = 9.51 AUs User HELP terminal 2 logged out Wed 10 Dec 1986 09:20:12 The above prompt gives the user an opportunity to type in any queries or comments that he has about the Gateway. These comments are viewed daily by the support staff at RAL. ________________________________________________ 7.2 Account Facility and Changing Your Password An account can be inspected and the password changed by using this facility. First make a call to the Gateway as described in section 5. When the Logging in /User prompt appears type ACNT. After a short delay, there will be a prompt for a Userid. Enter your PSS userid, you will then be prompted for your password. Enter your password (this is not echoed), three attempts are allowed to enter the correct password. The message 'Enter command' will now appear. How to Use the U.K. Academic Network - Packet SwitchStream (PSS) Gateway _______ Example OS4000+Rlix V30 PSS Gateway Logging in user ACNT ID last used Wednesday, 10 December 1986 09:14 Enter userid FRED Password Enter command The following commands are available: ACCOUNT Prints the state of your account on the terminal PASSWORD Allows the password to be changed. The new password should be typed in twice on the following two lines when prompted. It is not echoed END Terminates the session. Note that each command may be abbreviated to a minimum of 2 characters. _____________________________________________ 8. Facilities Available Through the Gateway ___________________________ 8.1 Demonstration Facility There is an account available which has a small allocation available for users to try out the Gateway. The password will be supplied on request from the Network Executive. Note that excessive use of this account will soon exhaust its allocation and deprive others of its use. ___________________________________________________ 8.2 Address Mnemonics of Remote Hosts on Networks ________________________ Connected to the Gateway Many network addresses consist of 12 or even 14 digits which may be rm 33; Next> difficult to remember and awkward to enter. To make life easier the Gateway has a table which consists of a number of mnemonics and their respective network addresses. When these mnemonics are typed within a call through the Gateway the mnemonic is translated into the appropriate network address. Therefore if you have a frequently used network address which is not in the table, please contact the Network Executive with a request to insert the address along with an appropriate mnemonic. Equally if you know of mnemonics which are no longer useable contact the Network Executive. It is hoped that the Gateway will support the Network Registration Scheme (NRS) in the near future. JANET User Notes 5 and 6 include mnemonics for a number of remote machines and networks on both PSS and JANET. How to Use the U.K. Academic Network - Packet SwitchStream (PSS) Gateway _______________________________ 9. Facilities Available on PSS ________________ 9.1 Fast Select This allows calls to have up to 128 bytes in the Call User Data field. You can use this to expand address information available for the next hop of the call. As a PSS user we have subscribed to this facility; however you should note that some remote Hosts on PSS and IPSS cannot accept Fast Select calls. If a Fast Select call is made to an address which does not subscribe to the Fast Select facility the call will fail with clearing code Hex'29'. When a mnemonic is used, the Gateway will know whether the address can support Fast Select or not, and will make the correct call automatically. If the full numeric address is used, then the Gateway has to be told not to use Fast Select. This can be done by preceding the address with the string 'NFS-'. In fact the NFS is a mnemonic which translates to a null string with the No Fast Select attribute and the minus is just a delimiter which will be ignored. For example, calling TELENET PSS(FRED,XYZ).NFS-311012345678 ____________________________ 9.2 Reverse Charge Facility If this facility is used the remote Host will accept all the call charges, therefore your allocation on the Janet Gateway will not be debited. Note that there are not many remote Hosts which will accept 'reverse charging'. Unfortunately the only way to find out if a remote Host will accept reverse charging is to experiment. Do this by appending 'R' to the authorisation field, for example (FRED,XYZ,R) If this does not work, it could be because the remote host will only accept calls from 'known' network addresses and the JANET addresses are 'unknown' ___________________ 9.3 Access to IPSS It is possible to access IPSS, the International Packet Switch Stream, through PSS. This is done by entering the IPSS address in place of the PSS address. IPSS calls are accounted separately from PSS so you will have to make a specific request for an IPSS allocation before you make calls on IPSS. ___________________________________________________ 9.4 Calls to Other, Non-Transport Service Networks Some networks (for example, TYMNET) require a Call User Data Field with a different format from the one normally generated by the Gateway. A facility has been provided to enable an arbitrary string to be included in the Call User Data Field. This is done by terminating the numeric address (or mnemonic) with the delimiter '*D' followed by the required string. Everything following the '*D' is then copied into the Call User Data Field. How to Use the U.K. Academic Network - Packet SwitchStream (PSS) Gateway _______ Example PSS(FRED,XYZ).NFS-31060000*DZRRT;IPSSLON This would call a (fictitious) address on TYMMNET. Finally some machines do not expect to receive any user data at all, so you will need to enter '*D' on its own for these. _______ Example PSS(FRED,XYZ).YONDER*D ___________________________ 9.5 Adjusting Packet Sizes The Gateway normally tries to establish its calls with a packet size of 256 bytes, even if the incoming call had only 128 byte packets. This normally does not cause problems, but there may be difficulties with some systems. If you find your call being cleared even though all the addressing is correct, or if it fails as soon as data starts to flow, try calling with the additional data, '*P7W2', to force a packet size of 128 bytes. _______ Example PSS(FRED,XYZ).OVERTHERE*P7W2 If you also need to use the *D parameter that must follow the *P/W paramter. _______ Example PSS(FRED,XYZ).HERE*P7W2*DTOYOU ___________________________________________________ 10. Protocols Available if Supported by Both Local ________________________ and Remote Host Machines Other sorts of calls, besides terminal calls, may be possible through the Gateway. In these cases Transport Service is required. The mechanisms required for insertion of authorisation information vary from computer to computer, and therefore your local support staff should be consulted for information in this area. Care needs to be exercised here, especially when replying to MAIL from PSS without considering how the authorisation will be managed. Problems can also occur with FTP, which will continue to retry a call until it receives a fatal error, causing unnecessary network traffic. _____________________________________________________ 10.1 Network Independent File Transfer Protocol (FTP) This allows files from one computer's file store to be sent to the file store of another computer. Although the two computers may have very different ways of working internally, FTP will overcome these difficulties and arrange for the transfer of the file without the user being aware of the special procedures that are being carried out. How to Use the U.K. Academic Network - Packet SwitchStream (PSS) Gateway ______________________ 10.2 JNT MAIL Protocol This allows MAIL messages to be sent from one user to another user. The users may be using the same machine or may be using machines on different networks. In both cases the user types his message into the machine being used and the MAIL program then adds a header to the message, so that it can be transmitted to the remote Host by FTP. The received message is stored on the remote Host and made available to the addressee. __________________________________________________ 10.3 Job Transfer and Manipulation Protocol (JTMP) This protocol lets you: transfer files for storage or execution make status enquiries and get reports on these files. modify the progress of the above. This protocol requires standard FTP to carry out the transfers. ____________________________ 11. Restrictions and Errors _________________ 11.1 Restrictions Due to the present lack of a full Transport Service in the gateway, the ADDRESS, DISCONNECT and RESET primitives are not fully supported. However this should not present serious problems, since the ADDRESS and RESET primitives are not widely used, and the DISCONNECT primitive can be carried in a Clear Request packet. The gateway does however support continuation of Transport Service Connect messages into the first data packet. This is particularly useful when attempting file transfers for which the 12-byte CUDF limitation pertains (i.e. NSF- calls). ___________ 11.2 Errors When a call fails, there is an error code associated with the failure which will normally be displayed on your PAD. A list of the most common codes and their meanings is given in Network User Note 15. PSS Address List ____________ Introduction This is an address list of all the mnemonics that can be accessed via the JANET Packet SwitchStream Gateway. The list is sorted in numerical order using the machine address. The first three digits of the address are a code which indicates the country where the machine is situated. Headings appear throughout the list giving the country name followed by the machines available there. The list is divided into 3 columns which show: a. The numeric address (DTE address) b. A mnemonic for the address c. A description of where the machine is located. ____________ Address List _______ ________ ___________ ADDRESS MNEMONIC DESCRIPTION Netherlands 204 NL Netherlands 20412900433 SARA National Institute for High Enery Physics (NIKHEF) SARA network 20412900434 NIKHEF National Institute for High Enery Physics (NIKHEF) SARA network 204129004353 NIKHEFH NIKHEF Gould 20418800110680 CELEX CELEX Lexical Database, Nijmegen Belgium 206 B Belgium 2062210168 BBVA Brussels DEC A (Belgium) - 9600 bps 2062221006 BBDA Brussels DEC A (Belgium) - 2400 bps France 208 F France 2080 TRANSPAC French Transpac 208031001511 ARGOS Argos service at Toulouse 208034020258 CNUSC CNUSC Montpelier 20803802067602 ILLDA ILL DEC-10 at Grenoble 20806911011912 FRCPN11 HEP Computing Centre, Paris 208075000394 IRST ESA - Quest 208075001282 FRCPN11X HEP Computing Centre, Paris 208075040390*DV6 MINITEL French Prestel 208075040390*DV2 MINITEL1 French Prestel 20807802016901 INRIA Institute National de Recherche en Infoatique ... 208091000309*DCISIFMST CISI IBM - TSO 208091000309*DCISIFMST CISI1 IBM - TSO 208091000519*DCISIFMST CISI2 IBM - TSO 208091000270*DCISIFMST CISI3 IBM - TSO 208091010320 CJRCE 20809104057310 SIMBAD Stellar data centre CDC system 2080911101 SACLAY Saclay - France Spain 214 E Spain 2141 SPAIN Spanish data network 2145222020109 LAPALMA La Palma Observatory, Canaries Yugoslavia 220 Y Yugoslavia 2201 YUPAK Yugoslav YUPAK 220161120100 RRC RRC Computer Centre, Ljubljana 220161140001 LJUBLJANA University of Ljubljana, DEC 10 & 20 220161140015 STEFAN Institute of Jozef Stefan, Ljubljana 220162120031 MARIBOR University of Maribor - VAX 8800 Italy 222 I Italy 2222260164608 ISPRA Euratom Joint Research Centre 2222650143 ESA2 ESA - IRS Switzerland 228 CH Switzerland 228464110115 DATASTAR2 Data-Star, Switzerland 22846431007014 DATASTAR Data-Star, no-echo on password 22848411011014 DATASTAR1 Data-Star, no-echo on password 2284681140510*DLO CERNLO CERN 300 bps 2284681140510*DME CERNME CERN 1200 bps Austria 232 A Austria UK 234 GB United Kingdom 2341 IPSS IPSS UK network 23421230012000 DIALOG6 DIALOG2 in US 23421230012011*D DIALOG2 DIALOG2 in US 23421230012011*D DIALOG DIALOG2 in US 23421230012013*D DIALMAIL DIALMAIL in US 234212300120*D@ DIALNET IGS Leased line to DIALOG in US 234212300187 TELEMAIL Telemail 23421230021001 CAMPUS2000 Campus 2000 23421230021001 TTNS Times Network System 01 2342123012026 DATASTREAM Datastream Service 234212300331 LASER LASER 234213300124 PROFILE Was Datasolve 234215700117 CONTEXT Context Legal Systems 234215700147 ORBIT Orbit. 234216401146 GOULDUK Gould Uk in Surrey 234216700127 PCR Pfizer Central Research 234219200101 FINSBURY 234219200146*D CEGB CEGB, Park Street, London 23421920014870 EAN EAN Gateway at ULCC 234219200171 LEXIS LEXIS/NEXIS 234219200190 INFOLINE Pergamon - Infoline 234219200203 IPSH IP-SHARP 234219200300 UCL University College London - Computer Science 234219200394*D AREMOS Sianet 234219201002 POOLE PCL - Poole C.A.E. Service 23421920100404 BTGOLD04 BTGOLD service. 23421920100474 BTGOLD74 BTGOLD service. 23421920100476 BTGOLD76 BTGOLD service. 23421920100479 BTGOLD79 BTGOLD service. 23421920100479 LANET BTGOLD 79 service. 23421920100481 BTGOLD81 BTGOLD service. 23421920100482 BTGOLD82 BTGOLD service. 23421920100483 BTGOLD83 BTGOLD service. 23421920100484 BTGOLD84 BTGOLD service. 23421920100487 BTGOLD87 BTGOLD service. 234219201004 BTGOLD BTGOLD service. 23421920100513 EUROINFO Euronet Diane Information Service 23421920100515 HOSTESS Hostess system (BT) 23421920102517 PRESTEL Prestel 234219201156 ERS ESA - Quest 234219201156 ESA ESA - Quest 23421960116750 HRC GEC - Hirst Research (Mail) 234219709111 NPL1 NPL - use subaddress 04 234219709210 NPL2 National Physical Laboratory 2342212001450 OCLC 234222339399 CAMB University of Cambridge 234222715151 KENT University of Kent 234223519191 JANET Gateway to JANET at Rutherford 234227900102 BLAISE British Library Information System 234231354354 ERCC Edinburgh Regional Computer Centre 234233400101 BEST B.E.S.T. Database, Longman Cartermill, St. Andrews 234212900115 STL STL 234243800105 IDEC STL IDEC 23426164336548*P7*W2 ICLB ICL network at Manchester 23424830012489 SUNCAM SUN Microsystems - Camberley 234248300124 SUN SUN Microsystems - Camberley - mail 23425272424111 INFOSEARCH ISTEL Communications Network 23425330012406 CAMTEC Camtec, Leicester (hard copy printer) 234253300124 CAMTEC Camtec, Leicester 23426160013930 NCC National Computing Centre - LEO 234261600152 UMDAFL University of Manchester Dataflow VAX 23426164321090 NRS NRS 234261643210 SALF Salford University 234261643343 FERRANTI Ferranti Computer Systems 23423440016782 PRIME Prime - Leeds 234263259159 NUMAC University of Newcastle 234274200103*DCODUS CODUS Codus 234284400108 CULHAM Culham Laboratory 234284400162 PFDS Pergamon Financial Data Systems 23428580010801*D LIBTELVT Menzies LIBTEL for VT100 terminals. 23428580010802*D LIBTELTV Menzies LIBTEL for TV910, etc 23428580010803*D LIBTELADM Menzies LIBTEL for ADM3 terminals. 23429084011100*d POLIS SCION 234293765265 ARTTEL British Library, Boston Spa 2348 TELEX UK Telex network 23523592592500 KINGLINE Hull Telephone GOLD system Denmark 238 DK Denmark 238241745600 RECKU Univac in Copenhagen University Sweden 240 S Sweden 2405 SWEDEN Swedish data network 240200100110 QZDB QZ via reverse pad. 240200101915 QZCOM80 QZCOM NIFTP80 service. 240200101928 QZXA UPNOD local network 2402001027 QZXB Stockholm University Computing Centre Gateway. 240200102701 QZCOM QZ ODEN DEC-10 Norway 242 N Norway 2422 NORWAY Norwegian data network 242211000107 OSLO DEC10 at Oslo University 242223000151 RBK Cyber 170 at IFE (Energy Research Centre), Kjeller 242245000101 BERGEN Univac at Bergen University 242253000101 RUNIT Univac at Trondheim University 242265000101 TROMSOE Cyber at Troms University Finland 244 SF Finland 244203008 HELVA High Energy Physics Vax, University of Helsinki Russia 2502040300 NCADE NCADE USSR electronic mail, Moscow Germany 262 D Germany 2624 GERMANY German data network 26245221040006*d DIMDI 26245221040104*d DIMDI2 26245228040187 BNVA Bonn VAX 26245234040194 RUB Cyber 205, Ruhr University - Bochum 262453000217 HMI Hans Mietner Institute in Berlin 26245300043042 DFNHELP Help system at DFN in Berlin 2624540009306 DYVA MARK J VAX at DESY 26245615144000 ESOC European Space Operations Centre, Darmstadt 2624562213002 EMBL ALKOR VAX 26245724790114 CASGER2 STN International - 48K link 26245724720001 CASGER STN International - 64K link 262457610420*D FREIBURG Freiburg University 26245772340095 FURTWANGEN Furtwangen, W. Germany 26245890040220 IPP Max Planck Institute of Plasma Physics, Garching 26245890090218 MPE Max Planck Institute for Extra Terrestial Physics 2624589009301 ESO European Southern Observatory in Germany VAX 11/780 Portugal 268 P Portugal Luxembourg 270 L Luxembourg 270429200*D ODPECC Office for Official Publications, European Communities Commision. 270448112*D ECHO IES - DC Ireland 272 IRL Ireland 272431001992 EUROKOM EEC harmonisation COM system at UC, Dublin - inverse PAD 27243159000630 UCD EEC harmonisation COM system at UC, Dublin - local X25 net Canada 302 CDN Canada 3020 DATAPAC Canadian Datapac 302067200040 UBCVCR Amdahl, Univ British Columbia, Vancouver 302068100058 UVIC Victoria University, British Columbia 302068100256 UVICVVA Physics VAX, Victoria University, British Columbia 302083200013 TRIUMF The Tri-University Meson Facility, Vancouver 3025 GLOBEDAT Canadian Globedat 3029 INFOSWITCH Canadian Infoswitch 3103 ITT USA - ITT 31033010000542 DIALCOM42 DIALCOM - System 42 3104 WUI USA - WUI 3104004759 MCI MCII mail system USA - TYMNET 3106 TYMNET USA - Tymnet 3106*DENSCL ONTYME ONTYME information system 3106*DINFORMATION TYMNETINFO TYMNET information system 3106001475 SDC2 3106001509 SDC1 310690157800*D BIX Byte Information Exchange 310600232901*D MFE Magnetic Fusion Energy Centre, Lawrence Livermore 310600455141 UNINET U.N. database. 310600562200 FNAL Fermilab 31060061*DSDDC;IPSSLON ORBIT2 SDC Search Service 3106009211 ORBIT1 SDC Search Service 3106900803*D DIALOG3 Lockheed DIALOG service 3106900061*D DIALOG4 Lockheed DIALOG service 31069 SLAC SLAC via TYMNET USA - TELENET 3110 TELENET USA - Telenet 31102020010900 CIS Chemical Information Systems 311021200141 JPLM1 Jet Propulsion Laboratory mail 1, USA 311021200142 JPLM2 Jet Propulsion Laboratory mail 2, USA 31102130003300*D ORBIT SDC Search Service 31102130017000*D DIALOG2 Lockheed DIALOG service 311021300219 CALTECH Caltech VAX 11/780 31103010002000 NLM National Medical Library 31103010025442 DIALCOM42 DIALCOM - system 42 311030100341 UNINET1 U.N. database. 31103010047 SOURCE Source system in USA 311030200612 OCEANIC Database on oceans of the world. 31103150002002*d BRS Biblographic Research Services, NY 31103210010400 NASAMAIL NASA telemail system. 31103210016000 SPANSSL Space Science Lab, NASA Marshal Space Flight Control and SPAN 311032107035 NSSDCA National Space Science Data Centre, node NSSDCA on the SPAN Network. 31104150004800*D DIALOG1 Lockheed DIALOG service 31106070002000 CORNELL0 Cornell University 31106070002100 CORNELL1 Cornell University 31106070002200 CORNELL2 Cornell University 31106070002200 CORNELL Cornell University 31106070002300 CORNELL3 Cornell University 31106140002124 CASUSA STN International 311070300463 NOAANETB NOAAnet system B, Washington DC. 31108080004010 UKTH UK Telescope in Hawaii 31108080004010 JACH UK Telescope in Hawaii 31108080004020 UKIRT UK Infra Red Telescope in Hawaii 31108080004030 JCMT James Clerk Maxwell Telescope in Hawaii 311090900003 TELEMAIL1 Telemail on Telenet 311090900406 TELEMAIL2 Telemail on Telenet 311090900761 TELEMAIL3 Telemail on Telenet 31109090080000 JPLM3 Jet Propulsion Laboratory mail 2, USA USA - RCA 3113 RCA USA - RCA USA 312530300007 NCAR National Centre for Atmospheric Research, Boulder 312541500007 DIALOGUNI 3126 AUTONET USA - Autonet 31343155859900 CORNELLF Cornell F m/c on ACCUNET 340 FA French Antilles 342 BDS Barbados 425 IL Israel 426 BRN Bahrain 431 DXB United Arab Emirates - Dubai Japan 440 J Japan 4408 VENUSP Japanese data network 440820015 JOIST Japan Online Information System 454 HK Hong Kong Australia 505 AUS Australia 505202230003.SPCP UTAS UTAS 505233430001 DITMELB CSIRO 50523343000301 MELBOURNE University of Melbourne - VAX X 505272223015 QUT Queensland University of Technology 505273720000 UQXA University of Queensland ANF-10 gateway 5052737200001 UQKL10 University of Queensland 50527372000090 WOMBAT University of Queensland 50527372000094 UQVAX University of Queensland 505282720012 FLINDERS EDU.FLINDERS 50528622004 SAIT EDU.SAIT 505294320006 MURDOCH Murdoch University 505320000000 MINERVA MINERVA Mail service 525 SGP Singapore New Zealand 530 NZ New Zealand 530130000034 CANTERBURY Canterbury University 530130000047 LINCOLN Lincoln University 530147000049 VUWCOMP VUW.COMP 530163000005 MASSEY Massey University Computer Centre 530171000004 WAIKATO Waikato University 530197000073 AUCKLAND Auckland University South Africa 655 ZA South Africa 6550 SAPONET_P Saponet 655010601702 SACSIR CSIR, Pretoria 6559 SAPONET Saponet_P ============================================================================= / / / FILE 04 / NIA071 / / DOD-TCSEC Manual Part 02 of 02 / / Judge Dredd / / / CSC-STD-001-83 Library No. S225,711 DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA 15 August 1983 CSC-STD-001-83 7.0 THE RELATIONSHIP BETWEEN POLICY AND THE CRITERIA Section 1 presents fundamental computer security requirements and Section 5 presents the control objectives for Trusted Computer Systems. They are general requirements, useful and necessary, for the development of all secure systems. However, when designing systems that will be used to process classified or other sensitive information, functional requirements for meeting the Control Objectives become more specific. There is a large body of policy laid down in the form of Regulations, Directives, Presidential Executive Orders, and OMB Circulars that form the basis of the procedures for the handling and processing of Federal information in general and classified information specifically. This section presents pertinent excerpts from these policy statements and discusses their relationship to the Control Objectives. 7.1 Established Federal Policies A significant number of computer security policies and associated requirements have been promulgated by Federal government elements. The interested reader is referred to reference [32] which analyzes the need for trusted systems in the civilian agencies of the Federal government, as well as in state and local governments and in the private sector. This reference also details a number of relevant Federal statutes, policies and requirements not treated further below. Security guidance for Federal automated information systems is provided by the Office of Management and Budget. Two specifically applicable Circulars have been issued. OMB Circular No. A-71, Transmittal Memorandum No. 1, "Security of Federal Automated Information Systems,"[26] directs each executive agency to establish and maintain a computer security program. It makes the head of each executive branch, department and agency responsible "for assuring an adequate level of security for all agency data whether processed in-house or commercially. This includes responsibility for the establishment of physical, administrative and technical safeguards required to adequately protect personal, proprietary or other sensitive data not subject to national security regulations, as well as national security data."[26, para. 4 p. 2] OMB Circular No. A-123, "Internal Control Systems,"[27] issued to help eliminate fraud, waste, and abuse in government programs requires: (a) agency heads to issue internal control directives and assign responsibility, (b) managers to review programs for vulnerability, and (c) managers to perform periodic reviews to evaluate strengths and update controls. Soon after promulgation of OMB Circular A-123, the relationship of its internal control requirements to building secure computer systems was recognized.[4] While not stipulating computer controls specifically, the definition of Internal Controls in A-123 makes it clear that computer systems are to be included: "Internal Controls - The plan of organization and all of the methods and measures adopted within an agency to safeguard its resources, assure the accuracy and reliability of its information, assure adherence to applicable laws, regulations and policies, and promote operational economy and efficiency."[27, sec. 4.C] The matter of classified national security information processed by ADP systems was one of the first areas given serious and extensive concern in computer security. The computer security policy documents promulgated as a result contain generally more specific and structured requirements than most, keyed in turn to an authoritative basis that itself provides a rather clearly articulated and structured information security policy. This basis, Executive Order 12356, "National Security Information," sets forth requirements for the classification, declassification and safeguarding of "national security information" per se.[14] 7.2 DoD Policies Within the Department of Defense, these broad requirements are implemented and further specified primarily through two vehicles: 1) DoD Regulation 5200.1-R [7], which applies to all components of the DoD as such, and 2) DoD 5220.22-M, "Industrial Security Manual for Safeguarding Classified Information" [11], which applies to contractors included within the Defense Industrial Security Program. Note that the latter transcends DoD as such, since it applies not only to any contractors handling classified information for any DoD component, but also to the contractors of eighteen other Federal organizations for whom the Secretary of Defense is authorized to act in rendering industrial security services.* ____________________________________________________________ * i.e., NASA, Commerce Department, GSA, State Department, Small Business Administration, National Science Foundation, Treasury Department, Transportation Department, Interior Department, Agriculture Department, Health and Human Services Department, Labor Department, Environmental Protection Agency, Justice Department, U.S. Arms Control and Disarmament Agency, Federal Emergency Management Agency, Federal Reserve System, and U.S. General Accounting Office. ____________________________________________________________ For ADP systems, these information security requirements are further amplified and specified in: 1) DoD Directive 5200.28 [8] and DoD Manual 5200.28-M [9], for DoD components; and 2) Section XIII of DoD 5220.22-M [11] for contractors. DoD Directive 5200.28, "Security Requirements for Automatic Data Processing (ADP) Systems," stipulates: "Classified material contained in an ADP system shall be safeguarded by the continuous employment of protective features in the system's hardware and software design and configuration . . . ."[8, sec. IV] Furthermore, it is required that ADP systems that "process, store, or use classified data and produce classified information will, with reasonable dependability, prevent: a. Deliberate or inadvertent access to classified material by unauthorized persons, and b. Unauthorized manipulation of the computer and its associated peripheral devices."[8, sec. I B.3] Requirements equivalent to these appear within DoD 5200.28-M [9] and in DoD 5220.22-M [11]. >From requirements imposed by these regulations, directives and circulars, the three components of the Security Policy Control Objective, i.e., Mandatory and Discretionary Security and Marking, as well as the Accountability and Assurance Control Objectives, can be functionally defined for DoD applications. The following discussion provides further specificity in Policy for these Control Objectives. 7.3 Criteria Control Objective for Security Policy 7.3.1 Marking The control objective for marking is: "Systems that are designed to enforce a mandatory security policy must store and preserve the integrity of classification or other sensitivity labels for all information. Labels exported from the system must be accurate representations of the corresonding internal sensitivity labels being exported." DoD 5220.22-M, "Industrial Security Manual for Safeguarding Classified Information," explains in paragraph 11 the reasons for marking information: "Designation by physical marking, notation or other means serves to inform and to warn the holder about the classification designation of the information which requires protection in the interest of national security. The degree of protection against unauthorized disclosure which will be required for a particular level of classification is directly commensurate with the marking designation which is assigned to the material."[11] Marking requirements are given in a number of policy statements. Executive Order 12356 (Sections 1.5.a and 1.5.a.1) requires that classification markings "shall be shown on the face of all classified documents, or clearly associated with other forms of classified information in a manner appropriate to the medium involved."[14] DoD Regulation 5200.1-R (Section 1-500) requires that: ". . . information or material that requires protection against unauthorized disclosure in the interest of national security shall be classified in one of three designations, namely: 'Top Secret,' 'Secret' or 'Confidential.'"[7] (By extension, for use in computer processing, the unofficial designation "Unclassified" is used to indicate information that does not fall under one of the other three designations of classified information.) DoD Regulation 5200.1-R (Section 4-304b) requires that: "ADP systems and word processing systems employing such media shall provide for internal classification marking to assure that classified information contained therein that is reproduced or generated, will bear applicable classification and associated markings." (This regulation provides for the exemption of certain existing systems where "internal classification and applicable associated markings cannot be implemented without extensive system modifications."[7] However, it is clear that future DoD ADP systems must be able to provide applicable and accurate labels for classified and other sensitive information.) DoD Manual 5200.28-M (Section IV, 4-305d) requires the following: "Security Labels - All classified material accessible by or within the ADP system shall be identified as to its security classification and access or dissemination limitations, and all output of the ADP system shall be appropriately marked."[9] 7.3.2 Mandatory Security The control objective for mandatory security is: "Security policies defined for systems that are used to process classified or other specifically categorized sensitive information must include provisions for the enforcement of mandatory access control rules. That is, they must include a set of rules for controlling access based directly on a comparison of the individual's clearance or authorization for the information and the classification or sensitivity designation of the information being sought, and indirectly on considerations of physical and other environmental factors of control. The mandatory access control rules must accurately reflect the laws, regulations, and general policies from which they are derived." There are a number of policy statements that are related to mandatory security. Executive Order 12356 (Section 4.1.a) states that "a person is eligible for access to classified information provided that a determination of trustworthiness has been made by agency heads or designated officials and provided that such access is essential to the accomplishment of lawful and authorized Government purposes."[14] DoD Regulation 5200.1-R (Chapter I, Section 3) defines a Special Access Program as "any program imposing 'need-to-know' or access controls beyond those normally provided for access to Confidential, Secret, or Top Secret information. Such a program includes, but is not limited to, special clearance, adjudication, or investigative requirements, special designation of officials authorized to determine 'need-to-know', or special lists of persons determined to have a 'need-to- know.'"[7, para. 1-328] This passage distinguishes between a 'discretionary' determination of need-to-know and formal need-to-know which is implemented through Special Access Programs. DoD Regulation 5200.1-R, paragraph 7-100 describes general requirements for trustworthiness (clearance) and need-to-know, and states that the individual with possession, knowledge or control of classified information has final responsibility for determining if conditions for access have been met. This regulation further stipulates that "no one has a right to have access to classified information solely by virtue of rank or position." [7, para. 7-100]) DoD Manual 5200.28-M (Section II 2-100) states that, "Personnel who develop, test (debug), maintain, or use programs which are classified or which will be used to access or develop classified material shall have a personnel security clearance and an access authorization (need-to-know), as appropriate for the highest classified and most restrictive category of classified material which they will access under system constraints."[9] DoD Manual 5220.22-M (Paragraph 3.a) defines access as "the ability and opportunity to obtain knowledge of classified information. An individual, in fact, may have access to classified information by being in a place where such information is kept, if the security measures which are in force do not prevent him from gaining knowledge of the classified information."[11] The above mentioned Executive Order, Manual, Directives and Regulations clearly imply that a trusted computer system must assure that the classification labels associated with sensitive data cannot be arbitrarily changed, since this could permit individuals who lack the appropriate clearance to access classified information. Also implied is the requirement that a trusted computer system must control the flow of information so that data from a higher classification cannot be placed in a storage object of lower classification unless its "downgrading" has been authorized. 7.3.3 Discretionary Security The term discretionary security refers to a computer system's ability to control information on an individual basis. It stems from the fact that even though an individual has all the formal clearances for access to specific classified information, each individual's access to information must be based on a demonstrated need-to-know. Because of this, it must be made clear that this requirement is not discretionary in a "take it or leave it" sense. The directives and regulations are explicit in stating that the need-to-know test must be satisfied before access can be granted to the classified information. The control objective for discretionary security is: "Security policies defined for systems that are used to process classified or other sensitive information must include provisions for the enforcement of discretionary access control rules. That is, they must include a consistent set of rules for controlling and limiting access based on identified individuals who have been determined to have a need-to-know for the information." DoD Regulation 5200.1-R (Paragraph 7-100) In addition to excerpts already provided that touch on need-to- know, this section of the regulation stresses the need- to-know principle when it states "no person may have access to classified information unless . . . access is necessary for the performance of official duties."[7] Also, DoD Manual 5220.22-M (Section III 20.a) states that "an individual shall be permitted to have access to classified information only . . . when the contractor determines that access is necessary in the performance of tasks or services essential to the fulfillment of a contract or program, i.e., the individual has a need-to-know."[11] 7.4 Criteria Control Objective for Accountability The control objective for accountability is: "Systems that are used to process or handle classified or other sensitive information must assure individual accountability whenever either a mandatory or discretionary security policy is invoked. Furthermore, to assure accountability the capability must exist for an authorized and competent agent to access and evaluate accountability information by a secure means, within a reasonable amount of time, and without undue difficulty." This control objective is supported by the following citations: DoD Directive 5200.28 (VI.A.1) states: "Each user's identity shall be positively established, and his access to the system, and his activity in the system (including material accessed and actions taken) controlled and open to scrutiny."[8] DoD Manual 5200.28-M (Section V 5-100) states: "An audit log or file (manual, machine, or a combination of both) shall be maintained as a history of the use of the ADP System to permit a regular security review of system activity. (e.g., The log should record security related transactions, including each access to a classified file and the nature of the access, e.g., logins, production of accountable classified outputs, and creation of new classified files. Each classified file successfully accessed [regardless of the number of individual references] during each 'job' or 'interactive session' should also be recorded in the audit log. Much of the material in this log may also be required to assure that the system preserves information entrusted to it.)"[9] DoD Manual 5200.28-M (Section IV 4-305f) states: "Where needed to assure control of access and individual accountability, each user or specific group of users shall be identified to the ADP System by appropriate administrative or hardware/software measures. Such identification measures must be in sufficient detail to enable the ADP System to provide the user only that material which he is authorized."[9] DoD Manual 5200.28-M (Section I 1-102b) states: "Component's Designated Approving Authorities, or their designees for this purpose . . . will assure: . . . . . . . . . . . . . . . . . (4) Maintenance of documentation on operating systems (O/S) and all modifications thereto, and its retention for a sufficient period of time to enable tracing of security- related defects to their point of origin or inclusion in the system. . . . . . . . . . . . . . . . . . (6) Establishment of procedures to discover, recover, handle, and dispose of classified material improperly disclosed through system malfunction or personnel action. (7) Proper disposition and correction of security deficiencies in all approved ADP Systems, and the effective use and disposition of system housekeeping or audit records, records of security violations or security-related system malfunctions, and records of tests of the security features of an ADP System."[9] DoD Manual 5220.22-M (Section XIII 111) states: "Audit Trails a. The general security requirement for any ADP system audit trail is that it provide a documented history of the use of the system. An approved audit trail will permit review of classified system activity and will provide a detailed activity record to facilitate reconstruction of events to determine the magnitude of compromise (if any) should a security malfunction occur. To fulfill this basic requirement, audit trail systems, manual, automated or a combination of both must document significant events occurring in the following areas of concern: (i) preparation of input data and dissemination of output data (i.e., reportable interactivity between users and system support personnel), (ii) activity involved within an ADP environment (e.g., ADP support personnel modification of security and related controls), and (iii) internal machine activity. b. The audit trail for an ADP system approved to process classified information must be based on the above three areas and may be stylized to the particular system. All systems approved for classified processing should contain most if not all of the audit trail records listed below. The contractor's SPP documentation must identify and describe those applicable: 1. Personnel access; 2. Unauthorized and surreptitious entry into the central computer facility or remote terminal areas; 3. Start/stop time of classified processing indicating pertinent systems security initiation and termination events (e.g., upgrading/downgrading actions pursuant to paragraph 107); 4. All functions initiated by ADP system console operators; 5. Disconnects of remote terminals and peripheral devices (paragraph 107c); 6. Log-on and log-off user activity; 7. Unauthorized attempts to access files or programs, as well as all open, close, create, and file destroy actions; 8. Program aborts and anomalies including identification information (i.e., user/program name, time and location of incident, etc.); 9. System hardware additions, deletions and maintenance actions; 10. Generations and modifications affecting the security features of the system software. c. The ADP system security supervisor or designee shall review the audit trail logs at least weekly to assure that all pertinent activity is properly recorded and that appropriate action has been taken to correct any anomaly. The majority of ADP systems in use today can develop audit trail systems in accord with the above; however, special systems such as weapons, communications, communications security, and tactical data exchange and display systems, may not be able to comply with all aspects of the above and may require individualized consideration by the cognizant security office. d. Audit trail records shall be retained for a period of one inspection cycle."[11] 7.5 Criteria Control Objective for Assurance The control objective for assurance is: "Systems that are used to process or handle classified or other sensitive information must be designed to guarantee correct and accurate interpretation of the security policy and must not distort the intent of that policy. Assurance must be provided that correct implementation and operation of the policy exists throughout the system's life-cycle." A basis for this objective can be found in the following sections of DoD Directive 5200.28: DoD Directive 5200.28 (IV.B.1) stipulates: "Generally, security of an ADP system is most effective and economical if the system is designed originally to provide it. Each Department of Defense Component undertaking design of an ADP system which is expected to process, store, use, or produce classified material shall: From the beginning of the design process, consider the security policies, concepts, and measures prescribed in this Directive."[8] DoD Directive 5200.28 (IV.C.5.a) states: "Provision may be made to permit adjustment of ADP system area controls to the level of protection required for the classification category and type(s) of material actually being handled by the system, provided change procedures are developed and implemented which will prevent both the unauthorized access to classified material handled by the system and the unauthorized manipulation of the system and its components. Particular attention shall be given to the continuous protection of automated system security measures, techniques and procedures when the personnel security clearance level of users having access to the system changes."[8] DoD Directive 5200.28 (VI.A.2) states: "Environmental Control. The ADP System shall be externally protected to minimize the likelihood of unauthorized access to system entry points, access to classified information in the system, or damage to the system."[8] DoD Manual 5200.28-M (Section I 1-102b) states: "Component's Designated Approving Authorities, or their designees for this purpose . . . will assure: . . . . . . . . . . . . . . . . . (5) Supervision, monitoring, and testing, as appropriate, of changes in an approved ADP System which could affect the security features of the system, so that a secure system is maintained. . . . . . . . . . . . . . . . . . (7) Proper disposition and correction of security deficiencies in all approved ADP Systems, and the effective use and disposition of system housekeeping or audit records, records of security violations or security-related system malfunctions, and records of tests of the security features of an ADP System. (8) Conduct of competent system ST&E, timely review of system ST&E reports, and correction of deficiencies needed to support conditional or final approval or disapproval of an ADP System for the processing of classified information. (9) Establishment, where appropriate, of a central ST&E coordination point for the maintenance of records of selected techniques, procedures, standards, and tests used in the testing and evaluation of security features of ADP Systems which may be suitable for validation and use by other Department of Defense Components."[9] DoD Manual 5220.22-M (Section XIII 103a) requires: "the initial approval, in writing, of the cognizant security office prior to processing any classified information in an ADP system. This section requires reapproval by the cognizant security office for major system modifications made subsequent to initial approval. Reapprovals will be required because of (i) major changes in personnel access requirements, (ii) relocation or structural modification of the central computer facility, (iii) additions, deletions or changes to main frame, storage or input/output devices, (iv) system software changes impacting security protection features, (v) any change in clearance, declassification, audit trail or hardware/software maintenance procedures, and (vi) other system changes as determined by the cognizant security office."[11] A major component of assurance, life-cycle assurance, is concerned with testing ADP systems both in the development phase as well as during operation. DoD Directive 5215.1 (Section F.2.C.(2)) requires "evaluations of selected industry and government-developed trusted computer systems against these criteria."[10] 8.0 A GUIDELINE ON COVERT CHANNELS A covert channel is any communication channel that can be exploited by a process to transfer information in a manner that violates the system's security policy. There are two types of covert channels: storage channels and timing channels. Covert storage channels include all vehicles that would allow the direct or indirect writing of a storage location by one process and the direct or indirect reading of it by another. Covert timing channels include all vehicles that would allow one process to signal information to another process by modulating its own use of system resources in such a way that the change in response time observed by the second process would provide information. >From a security perspective, covert channels with low bandwidths represent a lower threat than those with high bandwidths. However, for many types of covert channels, techniques used to reduce the bandwidth below a certain rate (which depends on the specific channel mechanism and the system architecture) also have the effect of degrading the performance provided to legitimate system users. Hence, a trade-off between system performance and covert channel bandwidth must be made. Because of the threat of compromise that would be present in any multilevel computer system containing classified or sensitive information, such systems should not contain covert channels with high bandwidths. This guideline is intended to provide system developers with an idea of just how high a "high" covert channel bandwidth is. A covert channel bandwidth that exceeds a rate of one hundred (100) bits per second is considered "high" because 100 bits per second is the approximate rate at which many computer terminals are run. It does not seem appropriate to call a computer system "secure" if information can be compromised at a rate equal to the normal output rate of some commonly used device. In any multilevel computer system there are a number of relatively low-bandwidth covert channels whose existence is deeply ingrained in the system design. Faced with the large potential cost of reducing the bandwidths of such covert channels, it is felt that those with maximum bandwidths of less than one (1) bit per second are acceptable in most application environments. Though maintaining acceptable performance in some systems may make it impractical to eliminate all covert channels with bandwidths of 1 or more bits per second, it is possible to audit their use without adversely affecting system performance. This audit capability provides the system administration with a means of detecting -- and procedurally correcting -- significant compromise. Therefore, a Trusted Computing Base should provide, wherever possible, the capability to audit the use of covert channel mechanisms with bandwidths that may exceed a rate of one (1) bit in ten (10) seconds. The covert channel problem has been addressed by a number of authors. The interested reader is referred to references [5], [6], [19], [21], [22], [23], and [29]. 9.0 A GUIDELINE ON CONFIGURING MANDATORY ACCESS CONTROL FEATURES The Mandatory Access Control requirement includes a capability to support an unspecified number of hierarchical classifications and an unspecified number of non-hierarchical categories at each hierarchical level. To encourage consistency and portability in the design and development of the National Security Establishment trusted computer systems, it is desirable for all such systems to be able to support a minimum number of levels and categories. The following suggestions are provided for this purpose: * The number of hierarchical classifications should be greater than or equal to eight (8). * The number of non-hierarchical categories should be greater than or equal to twenty-nine (29). 10.0 A GUIDELINE ON SECURITY TESTING These guidelines are provided to give an indication of the extent and sophistication of testing undertaken by the DoD Computer Security Center during the Formal Product Evaluation process. Organizations wishing to use "Department of Defense Trusted Computer System Evaluation Criteria" for performing their own evaluations may find this section useful for planning purposes. As in Part I, highlighting is used to indicate changes in the guidelines from the next lower division. 10.1 Testing for Division C 10.1.1 Personnel The security testing team shall consist of at least two individuals with bachelor degrees in Computer Science or the equivalent. Team members shall be able to follow test plans prepared by the system developer and suggest additions, shall be familiar with the "flaw hypothesis" or equivalent security testing methodology, and shall have assembly level programming experience. Before testing begins, the team members shall have functional knowledge of, and shall have completed the system developer's internals course for, the system being evaluated. 10.1.2 Testing The team shall have "hands-on" involvement in an independent run of the tests used by the system developer. The team shall independently design and implement at least five system-specific tests in an attempt to circumvent the security mechanisms of the system. The elapsed time devoted to testing shall be at least one month and need not exceed three months. There shall be no fewer than twenty hands-on hours spent carrying out system developer-defined tests and test team-defined tests. 10.2 Testing for Division B 10.2.1 Personnel The security testing team shall consist of at least two individuals with bachelor degrees in Computer Science or the equivalent and at least one individual with a master's degree in Computer Science or equivalent. Team members shall be able to follow test plans prepared by the system developer and suggest additions, shall be conversant with the "flaw hypothesis" or equivalent security testing methodology, shall be fluent in the TCB implementation language(s), and shall have assembly level programming experience. Before testing begins, the team members shall have functional knowledge of, and shall have completed the system developer's internals course for, the system being evaluated. At least one team member shall have previously completed a security test on another system. 10.2.2 Testing The team shall have "hands-on" involvement in an independent run of the test package used by the system developer to test security-relevant hardware and software. The team shall independently design and implement at least fifteen system- specific tests in an attempt to circumvent the security mechanisms of the system. The elapsed time devoted to testing shall be at least two months and need not exceed four months. There shall be no fewer than thirty hands-on hours per team member spent carrying out system developer-defined tests and test team-defined tests. 10.3 Testing for Division A 10.3.1 Personnel The security testing team shall consist of at least one individual with a bachelor's degree in Computer Science or the equivalent and at least two individuals with masters' degrees in Computer Science or equivalent. Team members shall be able to follow test plans prepared by the system developer and suggest additions, shall be conversant with the "flaw hypothesis" or equivalent security testing methodology, shall be fluent in the TCB implementation language(s), and shall have assembly level programming experience. Before testing begins, the team members shall have functional knowledge of, and shall have completed the system developer's internals course for, the system being evaluated. At least one team member shall be familiar enough with the system hardware to understand the maintenance diagnostic programs and supporting hardware documentation. At least two team members shall have previously completed a security test on another system. At least one team member shall have demonstrated system level programming competence on the system under test to a level of complexity equivalent to adding a device driver to the system. 10.3.2 Testing The team shall have "hands-on" involvement in an independent run of the test package used by the system developer to test security-relevant hardware and software. The team shall independently design and implement at least twenty-five system- specific tests in an attempt to circumvent the security mechanisms of the system. The elapsed time devoted to testing shall be at least three months and need not exceed six months. There shall be no fewer than fifty hands-on hours per team member spent carrying out system developer-defined tests and test team-defined tests. APPENDIX A Commercial Product Evaluation Process "Department of Defense Trusted Computer System Evaluation Criteria" forms the basis upon which the Computer Security Center will carry out the commercial computer security evaluation process. This process is focused on commercially produced and supported general-purpose operating system products that meet the needs of government departments and agencies. The formal evaluation is aimed at "off-the-shelf" commercially supported products and is completely divorced >from any consideration of overall system performance, potential applications, or particular processing environments. The evaluation provides a key input to a computer system security approval/accreditation. However, it does not constitute a complete computer system security evaluation. A complete study (e.g., as in reference [18]) must consider additional factors dealing with the system in its unique environment, such as it's proposed security mode of operation, specific users, applications, data sensitivity, physical and personnel security, administrative and procedural security, TEMPEST, and communications security. The product evaluation process carried out by the Computer Security Center has three distinct elements: * Preliminary Product Evaluation - An informal dialogue between a vendor and the Center in which technical information is exchanged to create a common understanding of the vendor's product, the criteria, and the rating that may be expected to result from a formal product evaluation. * Formal Product Evaluation - A formal evaluation, by the Center, of a product that is available to the DoD, and that results in that product and its assigned rating being placed on the Evaluated Products List. * Evaluated Products List - A list of products that have been subjected to formal product evaluation and their assigned ratings. PRELIMINARY PRODUCT EVALUATION Since it is generally very difficult to add effective security measures late in a product's life cycle, the Center is interested in working with system vendors in the early stages of product design. A preliminary product evaluation allows the Center to consult with computer vendors on computer security issues found in products that have not yet been formally announced. A preliminary evaluation is typically initiated by computer system vendors who are planning new computer products that feature security or major security-related upgrades to existing products. After an initial meeting between the vendor and the Center, appropriate non-disclosure agreements are executed that require the Center to maintain the confidentiality of any proprietary information disclosed to it. Technical exchange meetings follow in which the vendor provides details about the proposed product (particularly its internal designs and goals) and the Center provides expert feedback to the vendor on potential computer security strengths and weaknesses of the vendor's design choices, as well as relevant interpretation of the criteria. The preliminary evaluation is typically terminated when the product is completed and ready for field release by the vendor. Upon termination, the Center prepares a wrap-up report for the vendor and for internal distribution within the Center. Those reports containing proprietary information are not available to the public. During preliminary evaluation, the vendor is under no obligation to actually complete or market the potential product. The Center is, likewise, not committed to conduct a formal product evaluation. A preliminary evaluation may be terminated by either the Center or the vendor when one notifies the other, in writing, that it is no longer advantageous to continue the evaluation. FORMAL PRODUCT EVALUATION The formal product evaluation provides a key input to certification of a computer system for use in National Security Establishment applications and is the sole basis for a product being placed on the Evaluated Products List. A formal product evaluation begins with a request by a vendor for the Center to evaluate a product for which the product itself and accompanying documentation needed to meet the requirements defined by this publication are complete. Non-disclosure agreements are executed and a formal product evaluation team is formed by the Center. An initial meeting is then held with the vendor to work out the schedule for the formal evaluation. Since testing of the implemented product forms an important part of the evaluation process, access by the evaluation team to a working version of the system is negotiated with the vendor. Additional support required from the vendor includes complete design documentation, source code, and access to vendor personnel who can answer detailed questions about specific portions of the product. The evaluation team tests the product against each requirement, making any necessary interpretations of the criteria with respect to the product being evaluated. The evaluation team writes a two-part final report on their findings about the system. The first part is publicly available (containing no proprietary information) and contains the overall class rating assigned to the system and the details of the evaluation team's findings when comparing the product against the evaluation criteria. The second part of the evaluation report contains vulnerability analyses and other detailed information supporting the rating decision. Since this part may contain proprietary or other sensitive information it will be distributed only within the U.S. Government on a strict need-to-know and non- disclosure basis, and to the vendor. No portion of the evaluation results will be withheld from the vendor. APPENDIX B Summary of Evaluation Criteria Divisions The divisions of systems recognized under the trusted computer system evaluation criteria are as follows. Each division represents a major improvement in the overall confidence one can place in the system to protect classified and other sensitive information. Division (D): Minimal Protection This division contains only one class. It is reserved for those systems that have been evaluated but that fail to meet the requirements for a higher evaluation class. Division (C): Discretionary Protection Classes in this division provide for discretionary (need-to-know) protection and, through the inclusion of audit capabilities, for accountability of subjects and the actions they initiate. Division (B): Mandatory Protection The notion of a TCB that preserves the integrity of sensitivity labels and uses them to enforce a set of mandatory access control rules is a major requirement in this division. Systems in this division must carry the sensitivity labels with major data structures in the system. The system developer also provides the security policy model on which the TCB is based and furnishes a specification of the TCB. Evidence must be provided to demonstrate that the reference monitor concept has been implemented. Division (A): Verified Protection This division is characterized by the use of formal security verification methods to assure that the mandatory and discretionary security controls employed in the system can effectively protect classified or other sensitive information stored or processed by the system. Extensive documentation is required to demonstrate that the TCB meets the security requirements in all aspects of design, development and implementation. APPENDIX C Summary of Evaluation Criteria Classes The classes of systems recognized under the trusted computer system evaluation criteria are as follows. They are presented in the order of increasing desirablity from a computer security point of view. Class (D): Minimal Protection This class is reserved for those systems that have been evaluated but that fail to meet the requirements for a higher evaluation class. Class (C1): Discretionary Security Protection The Trusted Computing Base (TCB) of a class (C1) system nominally satisfies the discretionary security requirements by providing separation of users and data. It incorporates some form of credible controls capable of enforcing access limitations on an individual basis, i.e., ostensibly suitable for allowing users to be able to protect project or private information and to keep other users from accidentally reading or destroying their data. The class (C1) environment is expected to be one of cooperating users processing data at the same level(s) of sensitivity. Class (C2): Controlled Access Protection Systems in this class enforce a more finely grained discretionary access control than (C1) systems, making users individually accountable for their actions through login procedures, auditing of security-relevant events, and resource isolation. Class (B1): Labeled Security Protection Class (B1) systems require all the features required for class (C2). In addition, an informal statement of the security policy model, data labeling, and mandatory access control over named subjects and objects must be present. The capability must exist for accurately labeling exported information. Any flaws identified by testing must be removed. Class (B2): Structured Protection In class (B2) systems, the TCB is based on a clearly defined and documented formal security policy model that requires the discretionary and mandatory access control enforcement found in class (B1) systems be extended to all subjects and objects in the ADP system. In addition, covert channels are addressed. The TCB must be carefully structured into protection-critical and non- protection-critical elements. The TCB interface is well-defined and the TCB design and implementation enable it to be subjected to more thorough testing and more complete review. Authentication mechanisms are strengthened, trusted facility management is provided in the form of support for system administrator and operator functions, and stringent configuration management controls are imposed. The system is relatively resistant to penetration. Class (B3): Security Domains The class (B3) TCB must satisfy the reference monitor requirements that it mediate all accesses of subjects to objects, be tamperproof, and be small enough to be subjected to analysis and tests. To this end, the TCB is structured to exclude code not essential to security policy enforcement, with significant system engineering during TCB design and implementation directed toward minimizing its complexity. A security administrator is supported, audit mechanisms are expanded to signal security- relevant events, and system recovery procedures are required. The system is highly resistant to penetration. Class (A1): Verified Design Systems in class (A1) are functionally equivalent to those in class (B3) in that no additional architectural features or policy requirements are added. The distinguishing feature of systems in this class is the analysis derived >from formal design specification and verification techniques and the resulting high degree of assurance that the TCB is correctly implemented. This assurance is developmental in nature, starting with a formal model of the security policy and a formal top-level specification (FTLS) of the design. In keeping with the extensive design and development analysis of the TCB required of systems in class (A1), more stringent configuration management is required and procedures are established for securely distributing the system to sites. A system security administrator is supported. APPENDIX D Requirement Directory This appendix lists requirements defined in "Department of Defense Trusted Computer System Evaluation Criteria" alphabetically rather than by class. It is provided to assist in following the evolution of a requirement through the classes. For each requirement, three types of criteria may be present. Each will be preceded by the word: NEW, CHANGE, or ADD to indicate the following: NEW: Any criteria appearing in a lower class are superseded by the criteria that follow. CHANGE: The criteria that follow have appeared in a lower class but are changed for this class. Highlighting is used to indicate the specific changes to previously stated criteria. ADD: The criteria that follow have not been required for any lower class, and are added in this class to the previously stated criteria for this requirement. Abbreviations are used as follows: NR: (No Requirement) This requirement is not included in this class. NAR: (No Additional Requirements) This requirement does not change from the previous class. The reader is referred to Part I of this document when placing new criteria for a requirement into the complete context for that class. Figure 1 provides a pictorial summary of the evolution of requirements through the classes. Audit C1: NR. C2: NEW: The TCB shall be able to create, maintain, and protect from modification or unauthorized access or destruction an audit trail of accesses to the objects it protects. The audit data shall be protected by the TCB so that read access to it is limited to those who are authorized for audit data. The TCB shall be able to record the following types of events: use of identification and authentication mechanisms, introduction of objects into a user's address space (e.g., file open, program initiation), deletion of objects, and actions taken by computer operators and system administrators and/or system security officers. For each recorded event, the audit record shall identify: date and time of the event, user, type of event, and success or failure of the event. For identification/authentication events the origin of request (e.g., terminal ID) shall be included in the audit record. For events that introduce an object into a user's address space and for object deletion events the audit record shall include the name of the object. The ADP system administrator shall be able to selectively audit the actions of any one or more users based on individual identity. B1: CHANGE: For events that introduce an object into a user's address space and for object deletion events the audit record shall include the name of the object and the object's security level. The ADP system administrator shall be able to selectively audit the actions of any one or more users based on individual identity and/or object security level. ADD: The TCB shall also be able to audit any override of human-readable output markings. B2: ADD: The TCB shall be able to audit the identified events that may be used in the exploitation of covert storage channels. B3: ADD: The TCB shall contain a mechanism that is able to monitor the occurrence or accumulation of security auditable events that may indicate an imminent violation of security policy. This mechanism shall be able to immediately notify the security administrator when thresholds are exceeded. A1: NAR. Configuration Management C1: NR. C2: NR. B1: NR. B2: NEW: During development and maintenance of the TCB, a configuration management system shall be in place that maintains control of changes to the descriptive top-level specification, other design data, implementation documentation, source code, the running version of the object code, and test fixtures and documentation. The configuration management system shall assure a consistent mapping among all documentation and code associated with the current version of the TCB. Tools shall be provided for generation of a new version of the TCB from source code. Also available shall be tools for comparing a newly generated version with the previous TCB version in order to ascertain that only the intended changes have been made in the code that will actually be used as the new version of the TCB. B3: NAR. A1: CHANGE: During the entire life-cycle, i.e., during the design, development, and maintenance of the TCB, a configuration management system shall be in place for all security-relevant hardware, firmware, and software that maintains control of changes to the formal model, the descriptive and formal top-level specifications, other design data, implementation documentation, source code, the running version of the object code, and test fixtures and documentation. Also available shall be tools, maintained under strict configuration control, for comparing a newly generated version with the previous TCB version in order to ascertain that only the intended changes have been made in the code that will actually be used as the new version of the TCB. ADD: A combination of technical, physical, and procedural safeguards shall be used to protect from unauthorized modification or destruction the master copy or copies of all material used to generate the TCB. Covert Channel Analysis C1: NR. C2: NR. B1: NR. B2: NEW: The system developer shall conduct a thorough search for covert storage channels and make a determination (either by actual measurement or by engineering estimation) of the maximum bandwidth of each identified channel. (See the Covert Channels Guideline section.) B3: CHANGE: The system developer shall conduct a thorough search for covert channels and make a determination (either by actual measurement or by engineering estimation) of the maximum bandwidth of each identified channel. A1: ADD: Formal methods shall be used in the analysis. Design Documentation C1: NEW: Documentation shall be available that provides a description of the manufacturer's philosophy of protection and an explanation of how this philosophy is translated into the TCB. If the TCB is composed of distinct modules, the interfaces between these modules shall be described. C2: NAR. B1: ADD: An informal or formal description of the security policy model enforced by the TCB shall be available and an explanation provided to show that it is sufficient to enforce the security policy. The specific TCB protection mechanisms shall be identified and an explanation given to show that they satisfy the model. B2: CHANGE: The interfaces between the TCB modules shall be described. A formal description of the security policy model enforced by the TCB shall be available and proven that it is sufficient to enforce the security policy. ADD: The descriptive top-level specification (DTLS) shall be shown to be an accurate description of the TCB interface. Documentation shall describe how the TCB implements the reference monitor concept and give an explanation why it is tamperproof, cannot be bypassed, and is correctly implemented. Documentation shall describe how the TCB is structured to facilitate testing and to enforce least privilege. This documentation shall also present the results of the covert channel analysis and the tradeoffs involved in restricting the channels. All auditable events that may be used in the exploitation of known covert storage channels shall be identified. The bandwidths of known covert storage channels, the use of which is not detectable by the auditing mechanisms, shall be provided. (See the Covert Channel Guideline section.) B3: ADD: The TCB implementation (i.e., in hardware, firmware, and software) shall be informally shown to be consistent with the DTLS. The elements of the DTLS shall be shown, using informal techniques, to correspond to the elements of the TCB. A1: CHANGE: The TCB implementation (i.e., in hardware, firmware, and software) shall be informally shown to be consistent with the formal top-level specification (FTLS). The elements of the FTLS shall be shown, using informal techniques, to correspond to the elements of the TCB. ADD: Hardware, firmware, and software mechanisms not dealt with in the FTLS but strictly internal to the TCB (e.g., mapping registers, direct memory access I/O) shall be clearly described. Design Specification and Verification C1: NR. C2: NR. B1: NEW: An informal or formal model of the security policy supported by the TCB shall be maintained that is shown to be consistent with its axioms. B2: CHANGE: A formal model of the security policy supported by the TCB shall be maintained that is proven consistent with its axioms. ADD: A descriptive top-level specification (DTLS) of the TCB shall be maintained that completely and accurately describes the TCB in terms of exceptions, error messages, and effects. It shall be shown to be an accurate description of the TCB interface. B3: ADD: A convincing argument shall be given that the DTLS is consistent with the model. A1: CHANGE: The FTLS shall be shown to be an accurate description of the TCB interface. A convincing argument shall be given that the DTLS is consistent with the model and a combination of formal and informal techniques shall be used to show that the FTLS is consistent with the model. ADD: A formal top-level specification (FTLS) of the TCB shall be maintained that accurately describes the TCB in terms of exceptions, error messages, and effects. The DTLS and FTLS shall include those components of the TCB that are implemented as hardware and/or firmware if their properties are visible at the TCB interface. This verification evidence shall be consistent with that provided within the state-of-the-art of the particular Computer Security Center- endorsed formal specification and verification system used. Manual or other mapping of the FTLS to the TCB source code shall be performed to provide evidence of correct implementation. Device Labels C1: NR. C2: NR. B1: NR. B2: NEW: The TCB shall support the assignment of minimum and maximum security levels to all attached physical devices. These security levels shall be used by the TCB to enforce constraints imposed by the physical environments in which the devices are located. B3: NAR. A1: NAR. Discretionary Access Control C1: NEW: The TCB shall define and control access between named users and named objects (e.g., files and programs) in the ADP system. The enforcement mechanism (e.g., self/group/public controls, access control lists) shall allow users to specify and control sharing of those objects by named individuals or defined groups or both. C2: CHANGE: The enforcement mechanism (e.g., self/group/public controls, access control lists) shall allow users to specify and control sharing of those objects by named individuals, or defined groups of individuals, or by both. ADD: The discretionary access control mechanism shall, either by explicit user action or by default, provide that objects are protected from unauthorized access. These access controls shall be capable of including or excluding access to the granularity of a single user. Access permission to an object by users not already possessing access permission shall only be assigned by authorized users. B1: NAR. B2: NAR. B3: CHANGE: The enforcement mechanism (e.g., access control lists) shall allow users to specify and control sharing of those objects. These access controls shall be capable of specifying, for each named object, a list of named individuals and a list of groups of named individuals with their respective modes of access to that object. ADD: Furthermore, for each such named object, it shall be possible to specify a list of named individuals and a list of groups of named individuals for which no access to the object is to be given. A1: NAR. Exportation of Labeled Information C1: NR. C2: NR. B1: NEW: The TCB shall designate each communication channel and I/O device as either single-level or multilevel. Any change in this designation shall be done manually and shall be auditable by the TCB. The TCB shall maintain and be able to audit any change in the current security level associated with a single-level communication channel or I/O device. B2: NAR. B3: NAR. A1: NAR. Exportation to Multilevel Devices C1: NR. C2: NR. B1: NEW: When the TCB exports an object to a multilevel I/O device, the sensitivity label associated with that object shall also be exported and shall reside on the same physical medium as the exported information and shall be in the same form (i.e., machine-readable or human-readable form). When the TCB exports or imports an object over a multilevel communication channel, the protocol used on that channel shall provide for the unambiguous pairing between the sensitivity labels and the associated information that is sent or received. B2: NAR. B3: NAR. A1: NAR. Exportation to Single-Level Devices C1: NR. C2: NR. B1: NEW: Single-level I/O devices and single-level communication channels are not required to maintain the sensitivity labels of the information they process. However, the TCB shall include a mechanism by which the TCB and an authorized user reliably communicate to designate the single security level of information imported or exported via single-level communication channels or I/O devices. B2: NAR. B3: NAR. A1: NAR. Identification and Authentication C1: NEW: The TCB shall require users to identify themselves to it before beginning to perform any other actions that the TCB is expected to mediate. Furthermore, the TCB shall use a protected mechanism (e.g., passwords) to authenticate the user's identity. The TCB shall protect authentication data so that it cannot be accessed by any unauthorized user. C2: ADD: The TCB shall be able to enforce individual accountability by providing the capability to uniquely identify each individual ADP system user. The TCB shall also provide the capability of associating this identity with all auditable actions taken by that individual. B1: CHANGE: Furthermore, the TCB shall maintain authentication data that includes information for verifying the identity of individual users (e.g., passwords) as well as information for determining the clearance and authorizations of individual users. This data shall be used by the TCB to authenticate the user's identity and to determine the security level and authorizations of subjects that may be created to act on behalf of the individual user. B2: NAR. B3: NAR. A1: NAR. Label Integrity C1: NR. C2: NR. B1: NEW: Sensitivity labels shall accurately represent security levels of the specific subjects or objects with which they are associated. When exported by the TCB, sensitivity labels shall accurately and unambiguously represent the internal labels and shall be associated with the information being exported. B2: NAR. B3: NAR. A1: NAR. Labeling Human-Readable Output C1: NR. C2: NR. B1: NEW: The ADP system administrator shall be able to specify the printable label names associated with exported sensitivity labels. The TCB shall mark the beginning and end of all human-readable, paged, hardcopy output (e.g., line printer output) with human- readable sensitivity labels that properly* represent the sensitivity of the output. The TCB shall, by default, mark the top and bottom of each page of human-readable, paged, hardcopy output (e.g., line printer output) with human-readable sensitivity labels that properly* represent the overall sensitivity of the output or that properly* represent the sensitivity of the information on the page. The TCB shall, by default and in an appropriate manner, mark other forms of human-readable output (e.g., maps, graphics) with human- readable sensitivity labels that properly* represent the sensitivity of the output. Any override of these marking defaults shall be auditable by the TCB. B2: NAR. B3: NAR. A1: NAR. ____________________________________________________________ * The hierarchical classification component in human-readable sensitivity labels shall be equal to the greatest hierarchical classification of any of the information in the output that the labels refer to; the non-hierarchical category component shall include all of the non-hierarchical categories of the information in the output the labels refer to, but no other non-hierarchical categories. ____________________________________________________________ Labels C1: NR. C2: NR. B1: NEW: Sensitivity labels associated with each subject and storage object under its control (e.g., process, file, segment, device) shall be maintained by the TCB. These labels shall be used as the basis for mandatory access control decisions. In order to import non- labeled data, the TCB shall request and receive from an authorized user the security level of the data, and all such actions shall be auditable by the TCB. B2: CHANGE: Sensitivity labels associated with each ADP system resource (e.g., subject, storage object) that is directly or indirectly accessible by subjects external to the TCB shall be maintained by the TCB. B3: NAR. A1: NAR. Mandatory Access Control C1: NR. C2: NR. B1: NEW: The TCB shall enforce a mandatory access control policy over all subjects and storage objects under its control (e.g., processes, files, segments, devices). These subjects and objects shall be assigned sensitivity labels that are a combination of hierarchical classification levels and non-hierarchical categories, and the labels shall be used as the basis for mandatory access control decisions. The TCB shall be able to support two or more such security levels. (See the Mandatory Access Control guidelines.) The following requirements shall hold for all accesses between subjects and objects controlled by the TCB: A subject can read an object only if the hierarchical classification in the subject's security level is greater than or equal to the hierarchical classification in the object's security level and the non-hierarchical categories in the subject's security level include all the non-hierarchical categories in the object's security level. A subject can write an object only if the hierarchical classification in the subject's security level is less than or equal to the hierarchical classification in the object's security level and all the non-hierarchical categories in the subject's security level are included in the non-hierarchical categories in the object's security level. B2: CHANGE: The TCB shall enforce a mandatory access control policy over all resources (i.e., subjects, storage objects, and I/O devices) that are directly or indirectly accessible by subjects external to the TCB. The following requirements shall hold for all accesses between all subjects external to the TCB and all objects directly or indirectly accessible by these subjects: B3: NAR. A1: NAR. Object Reuse C1: NR. C2: NEW: When a storage object is initially assigned, allocated, or reallocated to a subject from the TCB's pool of unused storage objects, the TCB shall assure that the object contains no data for which the subject is not authorized. B1: NAR. B2: NAR. B3: NAR. A1: NAR. Security Features User's Guide C1: NEW: A single summary, chapter, or manual in user documentation shall describe the protection mechanisms provided by the TCB, guidelines on their use, and how they interact with one another. C2: NAR. B1: NAR. B2: NAR. B3: NAR. A1: NAR. Security Testing C1: NEW: The security mechanisms of the ADP system shall be tested and found to work as claimed in the system documentation. Testing shall be done to assure that there are no obvious ways for an unauthorized user to bypass or otherwise defeat the security protection mechanisms of the TCB. (See the Security Testing guidelines.) C2: ADD: Testing shall also include a search for obvious flaws that would allow violation of resource isolation, or that would permit unauthorized access to the audit or authentication data. B1: NEW: The security mechanisms of the ADP system shall be tested and found to work as claimed in the system documentation. A team of individuals who thoroughly understand the specific implementation of the TCB shall subject its design documentation, source code, and object code to thorough analysis and testing. Their objectives shall be: to uncover all design and implementation flaws that would permit a subject external to the TCB to read, change, or delete data normally denied under the mandatory or discretionary security policy enforced by the TCB; as well as to assure that no subject (without authorization to do so) is able to cause the TCB to enter a state such that it is unable to respond to communications initiated by other users. All discovered flaws shall be removed or neutralized and the TCB retested to demonstrate that they have been eliminated and that new flaws have not been introduced. (See the Security Testing Guidelines.) B2: CHANGE: All discovered flaws shall be corrected and the TCB retested to demonstrate that they have been eliminated and that new flaws have not been introduced. ADD: The TCB shall be found relatively resistant to penetration. Testing shall demonstrate that the TCB implementation is consistent with the descriptive top-level specification. B3: CHANGE: The TCB shall be found resistant to penetration. ADD: No design flaws and no more than a few correctable implementation flaws may be found during testing and there shall be reasonable confidence that few remain. A1: CHANGE: Testing shall demonstrate that the TCB implementation is consistent with the formal top-level specification. ADD: Manual or other mapping of the FTLS to the source code may form a basis for penetration testing. Subject Sensitivity Labels C1: NR. C2: NR. B1: NR. B2: NEW: The TCB shall immediately notify a terminal user of each change in the security level associated with that user during an interactive session. A terminal user shall be able to query the TCB as desired for a display of the subject's complete sensitivity label. B3: NAR. A1: NAR. System Architecture C1: NEW: The TCB shall maintain a domain for its own execution that protects it from external interference or tampering (e.g., by modification of its code or data structures). Resources controlled by the TCB may be a defined subset of the subjects and objects in the ADP system. C2: ADD: The TCB shall isolate the resources to be protected so that they are subject to the access control and auditing requirements. B1: ADD: The TCB shall maintain process isolation through the provision of distinct address spaces under its control. B2: NEW: The TCB shall maintain a domain for its own execution that protects it from external interference or tampering (e.g., by modification of its code or data structures). The TCB shall maintain process isolation through the provision of distinct address spaces under its control. The TCB shall be internally structured into well- defined largely independent modules. It shall make effective use of available hardware to separate those elements that are protection- critical from those that are not. The TCB modules shall be designed such that the principle of least privilege is enforced. Features in hardware, such as segmentation, shall be used to support logically distinct storage objects with separate attributes (namely: readable, writeable). The user interface to the TCB shall be completely defined and all elements of the TCB identified. B3: ADD: The TCB shall be designed and structured to use a complete, conceptually simple protection mechanism with precisely defined semantics. This mechanism shall play a central role in enforcing the internal structuring of the TCB and the system. The TCB shall incorporate significant use of layering, abstraction and data hiding. Significant system engineering shall be directed toward minimizing the complexity of the TCB and excluding from the TCB modules that are not protection-critical. A1: NAR. System Integrity C1: NEW: Hardware and/or software features shall be provided that can be used to periodically validate the correct operation of the on-site hardware and firmware elements of the TCB. C2: NAR. B1: NAR. B2: NAR. B3: NAR. A1: NAR. Test Documentation C1: NEW: The system developer shall provide to the evaluators a document that describes the test plan and results of the security mechanisms' functional testing. C2: NAR. B1: NAR. B2: ADD: It shall include results of testing the effectiveness of the methods used to reduce covert channel bandwidths. B3: NAR. A1: ADD: The results of the mapping between the formal top-level specification and the TCB source code shall be given. Trusted Distribution C1: NR. C2: NR. B1: NR. B2: NR. B3: NR. A1: NEW: A trusted ADP system control and distribution facility shall be provided for maintaining the integrity of the mapping between the master data describing the current version of the TCB and the on-site master copy of the code for the current version. Procedures (e.g., site security acceptance testing) shall exist for assuring that the TCB software, firmware, and hardware updates distributed to a customer are exactly as specified by the master copies. Trusted Facility Management C1: NR. C2: NR. B1: NR. B2: NEW: The TCB shall support separate operator and administrator functions. B3: ADD: The functions performed in the role of a security administrator shall be identified. The ADP system administrative personnel shall only be able to perform security administrator functions after taking a distinct auditable action to assume the security administrator role on the ADP system. Non-security functions that can be performed in the security administration role shall be limited strictly to those essential to performing the security role effectively. A1: NAR. Trusted Facility Manual C1: NEW: A manual addressed to the ADP system administrator shall present cautions about functions and privileges that should be controlled when running a secure facility. C2: ADD: The procedures for examining and maintaining the audit files as well as the detailed audit record structure for each type of audit event shall be given. B1: ADD: The manual shall describe the operator and administrator functions related to security, to include changing the characteristics of a user. It shall provide guidelines on the consistent and effective use of the protection features of the system, how they interact, how to securely generate a new TCB, and facility procedures, warnings, and privileges that need to be controlled in order to operate the facility in a secure manner. B2: ADD: The TCB modules that contain the reference validation mechanism shall be identified. The procedures for secure generation of a new TCB from source after modification of any modules in the TCB shall be described. B3: ADD: It shall include the procedures to ensure that the system is initially started in a secure manner. Procedures shall also be included to resume secure system operation after any lapse in system operation. A1: NAR. Trusted Path C1: NR. C2: NR. B1: NR. B2: NEW: The TCB shall support a trusted communication path between itself and user for initial login and authentication. Communications via this path shall be initiated exclusively by a user. B3: CHANGE: The TCB shall support a trusted communication path between itself and users for use when a positive TCB-to-user connection is required (e.g., login, change subject security level). Communications via this trusted path shall be activated exclusively by a user or the TCB and shall be logically isolated and unmistakably distinguishable from other paths. A1: NAR. Trusted Recovery C1: NR. C2: NR. B1: NR. B2: NR. B3: NEW: Procedures and/or mechanisms shall be provided to assure that, after an ADP system failure or other discontinuity, recovery without a protection compromise is obtained. A1: NAR. (this page is reserved for Figure 1) GLOSSARY Access - A specific type of interaction between a subject and an object that results in the flow of information from one to the other. Approval/Accreditation - The official authorization that is granted to an ADP system to process sensitive information in its operational environment, based upon comprehensive security evaluation of the system's hardware, firmware, and software security design, configuration, and implementation and of the other system procedural, administrative, physical, TEMPEST, personnel, and communications security controls. Audit Trail - A set of records that collectively provide documentary evidence of processing used to aid in tracing from original transactions forward to related records and reports, and/or backwards from records and reports to their component source transactions. Authenticate - To establish the validity of a claimed identity. Automatic Data Processing (ADP) System - An assembly of computer hardware, firmware, and software configured for the purpose of classifying, sorting, calculating, computing, summarizing, transmitting and receiving, storing, and retrieving data with a minimum of human intervention. Bandwidth - A characteristic of a communication channel that is the amount of information that can be passed through it in a given amount of time, usually expressed in bits per second. Bell-LaPadula Model - A formal state transition model of computer security policy that describes a set of access control rules. In this formal model, the entities in a computer system are divided into abstract sets of subjects and objects. The notion of a secure state is defined and it is proven that each state transition preserves security by moving from secure state to secure state; thus, inductively proving that the system is secure. A system state is defined to be "secure" if the only permitted access modes of subjects to objects are in accordance with a specific security policy. In order to determine whether or not a specific access mode is allowed, the clearance of a subject is compared to the classification of the object and a determination is made as to whether the subject is authorized for the specific access mode. The clearance/classification scheme is expressed in terms of a lattice. See also: Lattice, Simple Security Property, *- Property. Certification - The technical evaluation of a system's security features, made as part of and in support of the approval/accreditation process, that establishes the extent to which a particular computer system's design and implementation meet a set of specified security requirements. Channel - An information transfer path within a system. May also refer to the mechanism by which the path is effected. Covert Channel - A communication channel that allows a process to transfer information in a manner that violates the system's security policy. See also: Covert Storage Channel, Covert Timing Channel. Covert Storage Channel - A covert channel that involves the direct or indirect writing of a storage location by one process and the direct or indirect reading of the storage location by another process. Covert storage channels typically involve a finite resource (e.g., sectors on a disk) that is shared by two subjects at different security levels. Covert Timing Channel - A covert channel in which one process signals information to another by modulating its own use of system resources (e.g., CPU time) in such a way that this manipulation affects the real response time observed by the second process. Data - Information with a specific physical representation. Data Integrity - The state that exists when computerized data is the same as that in the source documents and has not been exposed to accidental or malicious alteration or destruction. Descriptive Top-Level Specification (DTLS) - A top-level specification that is written in a natural language (e.g., English), an informal program design notation, or a combination of the two. Discretionary Access Control - A means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject. Domain - The set of objects that a subject has the ability to access. Dominate - Security level S1 is said to dominate security level S2 if the hierarchical classification of S1 is greater than or equal to that of S2 and the non-hierarchical categories of S1 include all those of S2 as a subset. Exploitable Channel - Any channel that is useable or detectable by subjects external to the Trusted Computing Base. Flaw Hypothesis Methodology - A system analysis and penetration technique where specifications and documentation for the system are analyzed and then flaws in the system are hypothesized. The list of hypothesized flaws is then prioritized on the basis of the estimated probability that a flaw actually exists and, assuming a flaw does exist, on the ease of exploiting it and on the extent of control or compromise it would provide. The prioritized list is used to direct the actual testing of the system. Flaw - An error of commission, omission, or oversight in a system that allows protection mechanisms to be bypassed. Formal Proof - A complete and convincing mathematical argument, presenting the full logical justification for each proof step, for the truth of a theorem or set of theorems. The formal verification process uses formal proofs to show the truth of certain properties of formal specification and for showing that computer programs satisfy their specifications. Formal Security Policy Model - A mathematically precise statement of a security policy. To be adequately precise, such a model must represent the initial state of a system, the way in which the system progresses from one state to another, and a definition of a "secure" state of the system. To be acceptable as a basis for a TCB, the model must be supported by a formal proof that if the initial state of the system satisfies the definition of a "secure" state and if all assumptions required by the model hold, then all future states of the system will be secure. Some formal modeling techniques include: state transition models, temporal logic models, denotational semantics models, algebraic specification models. An example is the model described by Bell and LaPadula in reference [2]. See also: Bell- LaPadula Model, Security Policy Model. Formal Top-Level Specification (FTLS) - A Top-Level Specification that is written in a formal mathematical language to allow theorems showing the correspondence of the system specification to its formal requirements to be hypothesized and formally proven. Formal Verification - The process of using formal proofs to demonstrate the consistency (design verification) between a formal specification of a system and a formal security policy model or (implementation verification) between the formal specification and its program implementation. Functional Testing - The portion of security testing in which the advertised features of a system are tested for correct operation. General-Purpose System - A computer system that is designed to aid in solving a wide variety of problems. Lattice - A partially ordered set for which every pair of elements has a greatest lower bound and a least upper bound. Least Privilege - This principle requires that each subject in a system be granted the most restrictive set of privileges (or lowest clearance) needed for the performance of authorized tasks. The application of this principle limits the damage that can result from accident, error, or unauthorized use. Mandatory Access Control - A means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (i.e., clearance) of subjects to access information of such sensitivity. Multilevel Device - A device that is used in a manner that permits it to simultaneously process data of two or more security levels without risk of compromise. To accomplish this, sensitivity labels are normally stored on the same physical medium and in the same form (i.e., machine-readable or human-readable) as the data being processed. Multilevel Secure - A class of system containing information with different sensitivities that simultaneously permits access by users with different security clearances and needs-to- know, but prevents users from obtaining access to information for which they lack authorization. Object - A passive entity that contains or receives information. Access to an object potentially implies access to the information it contains. Examples of objects are: records, blocks, pages, segments, files, directories, directory trees, and programs, as well as bits, bytes, words, fields, processors, video displays, keyboards, clocks, printers, network nodes, etc. Object Reuse - The reassignment to some subject of a medium (e.g., page frame, disk sector, magnetic tape) that contained one or more objects. To be securely reassigned, such media must contain no residual data from the previously contained object(s). Output - Information that has been exported by a TCB. Password - A private character string that is used to authenticate an identity. Penetration Testing - The portion of security testing in which the penetrators attempt to circumvent the security features of a system. The penetrators may be assumed to use all system design and implementation documentation, which may include listings of system source code, manuals, and circuit diagrams. The penetrators work under no constraints other than those that would be applied to ordinary users. Process - A program in execution. It is completely characterized by a single current execution point (represented by the machine state) and address space. Protection-Critical Portions of the TCB - Those portions of the TCB whose normal function is to deal with the control of access between subjects and objects. Protection Philosophy - An informal description of the overall design of a system that delineates each of the protection mechanisms employed. A combination (appropriate to the evaluation class) of formal and informal techniques is used to show that the mechanisms are adequate to enforce the security policy. Read - A fundamental operation that results only in the flow of information from an object to a subject. Read Access - Permission to read information. Reference Monitor Concept - An access control concept that refers to an abstract machine that mediates all accesses to objects by subjects. Resource - Anything used or consumed while performing a function. The categories of resources are: time, information, objects (information containers), or processors (the ability to use information). Specific examples are: CPU time; terminal connect time; amount of directly-addressable memory; disk space; number of I/O requests per minute, etc. Security Kernel - The hardware, firmware, and software elements of a Trusted Computing Base that implement the reference monitor concept. It must mediate all accesses, be protected from modification, and be verifiable as correct. Security Level - The combination of a hierarchical classification and a set of non-hierarchical categories that represents the sensitivity of information. Security Policy - The set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. Security Policy Model - An informal presentation of a formal security policy model. Security Testing - A process used to determine that the security features of a system are implemented as designed and that they are adequate for a proposed application environment. This process includes hands-on functional testing, penetration testing, and verification. See also: Functional Testing, Penetration Testing, Verification. Sensitive Information - Information that, as determined by a competent authority, must be protected because its unauthorized disclosure, alteration, loss, or destruction will at least cause perceivable damage to someone or something. Sensitivity Label - A piece of information that represents the security level of an object and that describes the sensitivity (e.g., classification) of the data in the object. Sensitivity labels are used by the TCB as the basis for mandatory access control decisions. Simple Security Property - A Bell-LaPadula security model rule allowing a subject read access to an object only if the security level of the subject dominates the security level of the object. Single-Level Device - A device that is used to process data of a single security level at any one time. Since the device need not be trusted to separate data of different security levels, sensitivity labels do not have to be stored with the data being processed. *-Property (Star Property) - A Bell-LaPadula security model rule allowing a subject write access to an object only if the security level of the subject is dominated by the security level of the object. Also known as the Confinement Property. Storage Object - An object that supports both read and write accesses. Subject - An active entity, generally in the form of a person, process, or device that causes information to flow among objects or changes the system state. Technically, a process/domain pair. Subject Security Level - A subject's security level is equal to the security level of the objects to which it has both read and write access. A subject's security level must always be dominated by the clearance of the user the subject is associated with. TEMPEST - The study and control of spurious electronic signals emitted from ADP equipment. Top-Level Specification (TLS) - A non-procedural description of system behavior at the most abstract level. Typically a functional specification that omits all implementation details. Trap Door - A hidden software or hardware mechanism that permits system protection mechanisms to be circumvented. It is activated in some non-apparent manner (e.g., special "random" key sequence at a terminal). Trojan Horse - A computer program with an apparently or actually useful function that contains additional (hidden) functions that surreptitiously exploit the legitimate authorizations of the invoking process to the detriment of security. For example, making a "blind copy" of a sensitive file for the creator of the Trojan Horse. Trusted Computer System - A system that employs sufficient hardware and software integrity measures to allow its use for processing simultaneously a range of sensitive or classified information. Trusted Computing Base (TCB) - The totality of protection mechanisms within a computer system -- including hardware, firmware, and software -- the combination of which is responsible for enforcing a security policy. It creates a basic protection environment and provides additional user services required for a trusted computer system. The ability of a trusted computing base to correctly enforce a security policy depends solely on the mechanisms within the TCB and on the correct input by system administrative personnel of parameters (e.g., a user's clearance) related to the security policy. Trusted Path - A mechanism by which a person at a terminal can communicate directly with the Trusted Computing Base. This mechanism can only be activated by the person or the Trusted Computing Base and cannot be imitated by untrusted software. Trusted Software - The software portion of a Trusted Computing Base. User - Any person who interacts directly with a computer system. Verification - The process of comparing two levels of system specification for proper correspondence (e.g., security policy model with top-level specification, TLS with source code, or source code with object code). This process may or may not be automated. Write - A fundamental operation that results only in the flow of information from a subject to an object. Write Access - Permission to write an object. REFERENCES 1. Anderson, J. P. Computer Security Technology Planning Study, ESD-TR-73-51, vol. I, ESD/AFSC, Hanscom AFB, Bedford, Mass., October 1972 (NTIS AD-758 206). 2. Bell, D. E. and LaPadula, L. J. Secure Computer Systems: Unified Exposition and Multics Interpretation, MTR-2997 Rev. 1, MITRE Corp., Bedford, Mass., March 1976. 3. Brand, S. L. "An Approach to Identification and Audit of Vulnerabilities and Control in Application Systems," in Audit and Evaluation of Computer Security II: System Vulnerabilities and Controls, Z. Ruthberg, ed., NBS Special Publication #500-57, MD78733, April 1980. 4. Brand, S. L. "Data Processing and A-123," in Proceedings of the Computer Performance Evaluation User's Group 18th Meeting, C. B. Wilson, ed., NBS Special Publication #500-95, October 1982. 5. Denning, D. E. "A Lattice Model of Secure Information Flow," in Communications of the ACM, vol. 19, no. 5 (May 1976), pp. 236-243. 6. Denning, D. E. Secure Information Flow in Computer Systems, Ph.D. dissertation, Purdue Univ., West Lafayette, Ind., May 1975. 7. DoD 5200.1-R, Information Security Program Regulation, August 1982. 8. DoD Directive 5200.28, Security Requirements for Automatic Data Processing (ADP) Systems, revised April 1978. 9. DoD 5200.28-M, ADP Security Manual -- Techniques and Procedures for Implementing, Deactivating, Testing, and Evaluating Secure Resource-Sharing ADP Systems, revised June 1979. 10. DoD Directive 5215.1, Computer Security Evaluation Center, 25 October 1982. 11. DoD 5220.22-M, Industrial Security Manual for Safeguarding Classified Information, January 1983. 12. DoD 5220.22-R, Industrial Security Regulation, January 1983. 13. DoD Directive 5400.11, Department of Defense Privacy Program, 9 June 1982. 14. Executive Order 12356, National Security Information, 6 April 1982. 15. Faurer, L. D. "Keeping the Secrets Secret," in Government Data Systems, November - December 1981, pp. 14-17. 16. Federal Information Processing Standards Publication (FIPS PUB) 39, Glossary for Computer Systems Security, 15 February 1976. 17. Federal Information Processing Standards Publication (FIPS PUB) 73, Guidelines for Security of Computer Applications, 30 June 1980. 18. Federal Information Processing Standards Publication (FIPS PUB) 102, Guideline for Computer Security Certification and Accreditation. 19. Lampson, B. W. "A Note on the Confinement Problem," in Communications of the ACM, vol. 16, no. 10 (October 1973), pp. 613-615. 20. Lee, T. M. P., et al. "Processors, Operating Systems and Nearby Peripherals: A Consensus Report," in Audit and Evaluation of Computer Security II: System Vulnerabilities and Controls, Z. Ruthberg, ed., NBS Special Publication #500-57, MD78733, April 1980. 21. Lipner, S. B. A Comment on the Confinement Problem, MITRE Corp., Bedford, Mass. 22. Millen, J. K. "An Example of a Formal Flow Violation," in Proceedings of the IEEE Computer Society 2nd International Computer Software and Applications Conference, November 1978, pp. 204-208. 23. Millen, J. K. "Security Kernel Validation in Practice," in Communications of the ACM, vol. 19, no. 5 (May 1976), pp. 243-250. 24. Nibaldi, G. H. Proposed Technical Evaluation Criteria for Trusted Computer Systems, MITRE Corp., Bedford, Mass., M79-225, AD-A108-832, 25 October 1979. 25. Nibaldi, G. H. Specification of A Trusted Computing Base, (TCB), MITRE Corp., Bedford, Mass., M79-228, AD-A108- 831, 30 November 1979. 26. OMB Circular A-71, Transmittal Memorandum No. 1, Security of Federal Automated Information Systems, 27 July 1978. 27. OMB Circular A-123, Internal Control Systems, 5 November 1981. 28. Ruthberg, Z. and McKenzie, R., eds. Audit and Evaluation of Computer Security, in NBS Special Publication #500-19, October 1977. 29. Schaefer, M., Linde, R. R., et al. "Program Confinement in KVM/370," in Proceedings of the ACM National Conference, October 1977, Seattle. 30. Schell, R. R. "Security Kernels: A Methodical Design of System Security," in Technical Papers, USE Inc. Spring Conference, 5-9 March 1979, pp. 245-250. 31. Trotter, E. T. and Tasker, P. S. Industry Trusted Computer Systems Evaluation Process, MITRE Corp., Bedford, Mass., MTR-3931, 1 May 1980. 32. Turn, R. Trusted Computer Systems: Needs and Incentives for Use in government and Private Sector, (AD # A103399), Rand Corporation (R-28811-DR&E), June 1981. 33. Walker, S. T. "The Advent of Trusted Computer Operating Systems," in National Computer Conference Proceedings, May 1980, pp. 655-665. 34. Ware, W. H., ed., Security Controls for Computer Systems: Report of Defense Science Board Task Force on Computer Security, AD # A076617/0, Rand Corporation, Santa Monica, Calif., February 1970, reissued October 1979. DoD STANDARD 5200.28: SUMMARY OF THE DIFFERENCES BETWEEN IT AND CSC-STD-001-83 Note: Text which has been added or changed is indented and preceded by > sign. Text which has been deleted is enclosed in slashes (/). "Computer Security Center" was changed to "National Computer Security Center" throughout the document. The FOREWORD Section was rewritten and signed by Mr. Don Latham on 26 Dec 85. The ACKNOWLEDGEMENTS Section was updated. The PREFACE was changed as follows: PREFACE The trusted computer system evaluation criteria defined in this document classify systems into four broad hierarchical divisions of enhanced security protection. The criteria provide a basis for the evaluation of effectiveness of security controls built into automatic data processing system products. The criteria were developed with three objectives in mind: (a) to provide users with a yardstick with which to assess the degree of trust that can be placed in computer systems for the secure processing of classified or other sensitive information; (b) to provide guidance to manufacturers as to what to build into their new, widely-available trusted commercial products in order to satisfy trust requirements for sensitive applications; and (c) to provide a basis for specifying security requirements in acquisition specifications. Two types of requirements are delineated for secure processing: (a) specific security feature requirements and (b) assurance requirements. Some of the latter requirements enable evaluation personnel to determine if the required features are present and functioning as intended. >The scope of these criteria is to be applied to >the set of components comprising a trusted system, and is >not necessarily to be applied to each system component >individually. Hence, some components of a system may be >completely untrusted, while others may be individually >evaluated to a lower or higher evaluation class than the >trusted product considered as a whole system. In trusted >products at the high end of the range, the strength of the >reference monitor is such that most of the system >components can be completely untrusted. Though the criteria are >intended to be application-independent, /it is recognized that/ the specific security feature requirements may have to be interpreted when applying the criteria to specific >systems with their own functional requirements, >applications or special environments (e.g., communications >processors, process control computers, and embedded systems >in general). The underlying assurance requirements can be applied across the entire spectrum of ADP system or application processing environments without special interpretation. The SCOPE Section was changed as follows: Scope The trusted computer system evaluation criteria defined in this document apply >primarily to /both/ trusted, commercially available automatic data processing (ADP) systems. >They are also applicable, as amplified below, to the >evaluation of existing systems and to the specification of >security requirements for ADP systems acquisition. ================================================================== / / / File 05 / NIA071 / / List of USENET Texas Nodes / / Lord Macduff / / / This is a list of all USENET nodes in Texas. They are presented in the following format: nodename Corporation that owns machine System Administrator Netmail address Phone Number Physical Address Have fun, and let me know if you have any luck getting accounts/etc. on any of these systems. accu-reg Accu-Reg, Inc. Brenda Brakebill accu-reg!root 214 934 9533 4220 Beltwood Parkway #107, Dallas, TX 75244 acsi Advanced Computing Solutions, Inc. Russ Helbig acsi!hrh 713 280 9917 17049 El Camino Real, Suite 202, Houston, TX 77058 actnet NEC America, Inc. Tom Scurlock actnet!root 214 907 4492 383 Omni Drive, Richardson, TX 75080 acw Austin Code Works Scott B. Guthery acw!guthery 512 258 0785 11100 Leafwood Lane, Austin, Texas 78750-3409 adaptex Adaptec Inc. Roy Neese adaptex!neese 817-481-3390 Adaptec Inc.;1701 W. Northwest Highway;Grapevine, Tx. 76051 adaptx1 Adaptec Inc. Roy Neese adaptx1!neese 817-481-3390 Adaptec Inc.;1701 W. Northwest Highway;Grapevine, Tx. 75051 aefvadh private system Ed Carp khijol!erc 512 832 5884 2000 Cedar Bend Dr., Austin, TX 78758 NOTES: aefvadh means "Be welcome" in Rihannsu (or Romulan, if you prefer) aerot Aero Tire and Tank Inc. David Kirby aerot!david 214 247 2845 P.O.Box 59889, Dallas, Tx, 75229-1889 afbs, afbs.af.mil Headquarters Air Force Broadcasting Service Durand C. 'Randy' Waters, Chief Information Resources Division xoidw@afbs.af.mil 512 925 8861 HQ AFBS/XOI, Kelly AFB, TX 78241-5000 afnews, afnews.af.mil Air Force News Center Michael L. Bergman, Chief Communications-Computer Systems afnews!bergman 512 925 8688 AFNEWS/SCC, Kelly AFB TX 78241-5000 agent99 Dell Computer Corporation Ron McDowell agent99!postmaster 512 338 4400 9505 Arboretum Blvd., Austin, TX 78759-7299 airgun, airgun.wg.waii.com Western Geophysical - Division of Western Atlas International Inc. Mark I. Whetzel, Frank Vance postmaster@airgun.wg.waii.com 713 789 9600 x2446, 713 789 9600 x2426 10,001 Richmond Avenue, Houston, TX 77042 aixserv IBM Jerome Park aixserv!jerome 512 823 2082 11400 Burnet Rd., Zip 2900, Austin, TX 78758 ajahnv, ajahnv.lonestar.org private system Alfredo Jahn V postmaster@ajahnv.UUCP 214-855-1316 3208 Cole Ave., #1303, Dallas, TX 75204 akasha The Akashic Records Ed Carp khijol!erc 512 832 5884 2000 Cedar Bend Dr., Austin, TX 78758 aldoe IRS ICS Micro Support Kenneth R. Moore aldoe!kmoore 214 308-1752 4050 Alpha Rd MC 5005 Dallas, Tx. 75244 amair American Airlines Jim Swanson amair!jim 817 963 4310 MD 4480, P.O.Box 619630, DFW Airport, TX 75261 amytree Donald A Kassebaum Donald A Kassebaum amytree!dak 512 462 9963 506 Strawberry Cove ; Austin, Tx 78745 angel Angels Retreat Larry Tenbush angel!larry 512 696 0995 P.O. Box 5659, San Antonio, TX 78201-0659 DIALUP: 512 696-7708 NOTES: Public System apcidfw Apollo Division, Hewlett-Packard Company Keith Cantrell apcidfw!keith 1 214-519-2399 3301 Royal Lane, Irving, Texas apiary Advanced Micro Devices, Inc. Terry Bush apiary!terry 512 356 3443 M.S. 511, 5204 E. Ben White Blvd., Austin, TX 78741 aquinas, aquinas.lonestar.org Privately Owned System Sean McCollister aquinas!postmaster 214 414 0936 1914 Sage Drive, Garland, TX 75040 armcomp ASC People Connection Byron Armstrong armcomp!sysop (512) 647-8189 No Known Address NOTES: Public Electronic Message System ataritx Atari MicroSystems Corp. Dave Hanna ataritx!postmaster 214 713 9111 4115 Keller Springs Rd, Suite 200, Dallas, TX 75244 austex JP Price JP Price austex!jprice 512 444 8691 810 W. St. Elmo, Austin TX 78745 austsun Sun Microsystems, Inc. Jim Thompson jthomp@Sun.COM 214 788 1951 14785 Preston Road, Suite 1050, Dallas, TX 75240-7607 avocado personal system Gary Morris, N5QWC avocado!postmaster 713 283 5195 (daytime) P.O. Box 580148, Houston, TX 77258-0148 awful a.out computer consultants Andrew Fullford awful!postmaster 214 386 2941 14930 Cypress Hills Drive, Dallas, Texas 75248 balkan, .tnt.com Tools & Techniques, Inc. William G. Bunton postmaster@balkan.tnt.com, wgb@balkan.tnt.com 512 482 0824 1620 W 12th St., Austin, TX 78703 baylor Baylor College of Medicine Stan Barber sob@tmc.edu 713 798 6042 One Baylor Plaza, Houston, Tx 77030 bcm Baylor College of Medicine Stan Barber postmaster@tmc.edu, sob@bcm.tmc.edu 713 798 6042 Baylor College of Medicine, One Baylor Plaza, Houston, Texas 77030 bearsw Bear Software K. Finkemeyer bearsw!karlf 817 962 8080 P.O. Box 729, Colleyville, TX 76034 bigboy Capital Institutional Services Steve Wheeler bigboy!root 214 720 0050 750 N St. Paul, Suite 2200, Dallas, TX 75201 bigtex, .cactus.org Institute of Applied Cosmology James Van Artsdalen postmaster@bigtex.cactus.org 512 338 8789 Dell Computer Co, AR3, 9505 Arboretum Blvd., Austin TX 78759 biogfx Biographics, Inc. Wade K. Smith biogfx!postmaster 214 637 4112 1221 Riverbend Drive Suite 273, Dallas TX 75247 blackice privately held Phil Brownfield blackice!postmaster 512 873 2022 PO Box 201480, Austin, TX 78720 USA bodedo, bodedo.ucm.org Jon Boede Consulting Jon Boede bodedo.ucm.org!postmaster 512 346-3142 7117 Wood Hollow #1013, Austin TX, 78731-2548 bonnell Mount Bonnell Inc. William King bonnell!uuadm 512 478 1122 1201 West 24th St, Suite 103, Austin, TX 78705 botany University of Texas at Austin Brook G. Milligan ut-emx!brook 512 471 3530 Department of Botany brain BIAP Systems, Mac Software Development Chuck Shotton brain!chuck 713 480-9489, 713 282-6444 1418 New Cedars Dr., Houston, TX 77062 buster, buster.stafford.tx.us Unix Software Development System Buster Irby buster!postmaster 713 499 5735, 713 556 3877 13019 Naples Lane, Stafford, Texas 77477 cadillac MCC CAD Program John Arisco, David Dow, Johnny Kwan arisco@mcc.com, dow@mcc.com, kwan@mcc.com 512 338 3576, 512 338 3777, 512 338 3483 3500 West Balcones Center Dr., Austin, TX 78759 NOTES:Cadillac will only call other sites. No dial in connections allowed. cairns Youth With a Mission Mercy Ships Lance Lenz cairns!root 903 963 8341 P.O Box 2020 Lindale Tx. 75771 caleb Private system Jim Pritchett caleb!jdp 817 377 2919 4605 Ranch View Road, Fort Worth, TX 76109 camdev Motorola Inc, Communications Sector; Mobile Products Division Steve Scott camdev!sscott 817 232 6317 CAMS 4G; P.O. Box 2931, Ft. Worth, Texas 76113 NOTES:gateway machine to Motorola Ft. Worth network carpet W.L. Kennedy Jr. & Associates William L. Kennedy, Jr. (Bill) bill@ssbn.WLK.COM 512 535 4966 Box 63449 Bandera Falls, Pipe Creek, TX 78063-3449 ccmaint University of Texas, Computation Center Frank L. Abernathy [Editor's Note: Any relation to Joe?] frank@ccmaint.UUCP (512) 471-3241 x291 Austin, TX 78712 cerebell Harrington Cancer Center Kim Anderson cerebell!root 806 359 4673 1500 Wallace Blvd, Amarillo, TX 79106 charlie ALFA Engineering, Inc. Donald Ninke don@charlie.UUCP 512 794 8680 8911 Capitol of Texas Highway North, Suite 3210, Austin, TX 78759 chemsh ChemShare Corporation Douglas L. Acker chemsh!postmaster 713 267 5602 PO Box 1885, Houston, Texas 77251 chinacat, .unicom.com Unicom Systems Development Chip Rosenthal chinacat!postmaster 512 482 8260 2813A Rio Grande, Suite 105, Austin, TX 78705 chron (chron.com) Houston Chronicle Matt Cohen postmaster@chron.com 713 220 7023 P.O. Box 4260, Houston, TX 77210 cleo Alternative Broadcast Technology Todd Nix cleo!news 512 339 2242 4503 Abelia Drive, Austin, Texas 78727-5866 cms2, cms2.lonestar.org Christian Medical & Dental Society Alan McCain cms2!alan 214 783 8384 1616 Gateway Blvd., Richardson, TX 75080 color48 Best Printing Co. James Howard color48!postmaster 512 477 9733 3218 Manor Rd. Austin, Tx 78723 convex, convex.com, .convex.com Convex Computer Corporation Coyne Gibson coyne@convex.com 214 497 4842 3000 Waterview Parkway, Richardson, TX 75083 cord Arco Oil & Gas Gary White cord!gwhite 214 754 6554 2300 W Plano Pkwy, Plano, TX 75075 cortex Division of Neuroscience, Baylor College of Medicine Mahmud Haque postmaster@soma.bcm.tmc.edu, mahmud@soma.bcm.tmc.edu 713 789 5985 Division of Neuroscience, Baylor College of Medicine, One Baylor Plaza, Houston, Texas 77030 cowboy Frontier Information Systems Kevin Langston cowboy!postmaster, frontier!postmaster 214 315 0942 2025 Frontier Trail, Lewisville, TX 75067 cpqhou Compaq Computer Corp. Michael Nikolaiev cpqhou!root 713 374 2716 M-206, PO Box 692660, Houston, TX 77269-2000 crick Baylor College of Medicine Stan Barber postmaster@watson.bcm.tmc.edu 713 798 6042 Baylor College of Medicine, One Baylor Plaza, Houston, Texas 77030 cronus Exxon Shipping Co. Lee Parsons cronus!root 713 656 5394 800 Bell, RM 3424, Houston, TX 77002 crucible PowerTools Al Evans crucible!al 512 454 8201 1206 Karen Avenue, Austin, TX 78757 cs.utexas.edu University of Texas, Austin, Dept. of Computer Sciences Fletcher Mattox, John Chambers cs.utexas.edu!postmaster +1 512 471 7316 U. Texas, Dept. of Computer Sciences, Austin, TX 78712 csccat, csccat.cs.com, .cs.com Computer Support Corporation Jack Hudler cscdec!jack 214 661 8960 15926 Midway Rd., Dallas, Texas 75244 csdnet CogniSeis Development John D. Deans csdnet!deans 713 630 3854 2401 Portsmouth, Houston, TX. 77098 csoftec, .csf.com CompSofTech Co. Cliff Manis csoftec!postmaster 512 654 9912 P. O. Box 33937, San Antonio, Texas 78265 ctbilbo Communications Technology Corporation Pete Ritter ctbilbo!root 214 991 8338 4100 McEwen Drive, Suite 244, Dallas, TX 75244 cygnusx1,cygnusx1.haus.com Private System Darrell Roberts cygnusx1!root 214 495 9105 2330 Jamaica Place, Garland, Tx 75044 dalitc DSC Communications, Richardson, Tx. Brian Pellerin dalitc!brian 214-234-3340 630 International Pwky., Richardson, Tx. 75081 dallastx Individual Pete Taliancich dallastx!root 214 416 0022 7825 McCallum Blvd., #210, Dallas, TX 75252 dalnet, dalnet.lonestar.org DalNet Unix BBS System Victor Turner dalnet!victor 214 484 7547 14025 Janwood, Farmers Branch, TX, 75234 dalsqnt Sequent Computer Systems, Inc. Chris Erickson dalsqnt!chris 214 770 5915 14881 Quorum Drive, Dallas, TX 75240 damark Damark Service Company Jon Boede damark!postmaster 512 339-9585 8006-F Cameron Road, Austin Texas, 78753 dcrt,dcrt.dla.mil Defense Contract Management Region Dallas Carolyn Gramm dcrt!postmaster (postmaster@dcrt.dla.mil) 214 670 9365 DCMR DAL-Z, 1200 Main Street, Dallas, TX 75202-4399 NOTES:Component organization of the U. S. Defense Contract Management Command dell, .dell.com Dell Computer Corporation Dewey Coffman dell!usenet 512 338 4400 9505 Arboretum Blvd., Austin, TX 78759-7299, AR4 deutsch The German Connection Dieter Belletz deutsch!sysop 512 532-4756 No physical address listed NOTES:Public Electronic Message System digi, digi.lonestar.org DSC Communications, Plano Tx. Keith Cantrell digi!kcantrel 214-519-2399 1000 Colt, Plano, Tx 75075 dinosaur Keith Cantrell dinosaur!keith 214-492-1088 2100 Sonata Ln. Carrollton TX 75007 dkwgate DKW Systems Corporation JR Jesson dkwgate!jr 214 746 5880 4050 Infomart, 1950 Stemmons Freeway, Dallas, TX 75207 dms3b1 Infotouch Systems, Inc. Dave Hanna dms3b1!dave 817 540-1524 3900 Cedar Ridge Dr., Suite 100, Bedford, TX 76021 dogface Bob Izenberg dogface!bei 512 346 7019 8535 Capitol of Texas Highway North, Austin, TX 78759 dogpnd Dana Ebersole tsci!dana 817 577 0367 3902 Butler Ct., Colleyville, TX 76034 donbaya Private system Taijan Wei donbaya!postmaster, donbaya!tjw 817 387 2218 P.O. Box 22734 TWU, Denton, TX 76204 dp7up Bill Harris Dr. Pepper/Seven-Up Company dp7up!bill 214-360-7000 8144 Walnut Hill Ln, Dallas Tx 75231 dptspd Datapoint Corporation, Product Development Lee Ziegenhals postmaster@sat.datapoint.com 512 593 7670 9725 Datapoint Drive, San Antonio, TX 78229-8552 drig Dallas Remote Imaging Group (Satellite Tracking & Imaging) Jeff Wallach, Ph.D. drig!jw 214 394 7325 4209 Meadowdale Dr., Carrollton, Tx. 75010 dungeon, dungeon.lonestar.org -[MCP] Systems Inc. Chert Pellett dungeon!chert 214 301-9108 P.O. Box 850132 Richardson, Tx 75085-0132 dunsel W. L. Kennedy Jr. and Associates William (Bill) L. Kennedy Jr. bill@ssbn.WLK.COM 512 535 4966 Box 63449 Bandera Falls, Pipe Creek, TX 78063-3449 dynsim1 Litwin Process Automation Vic Rice dynsim1!root 713 497 6200 580 Westlake Park Blvd., Houston, TX 77251-1281 eca Electrocom Automation, Inc. Robert Winter eca!root 817 695 5321 2910 Ave. F, Arlington, TX 76011-5276 ecaard ElectroCom Automation L.P. Rus Duderstadt ecaard!rad 817 695 7524 2910 Ave. F East, Arlington, TX 76011 ecor1 Home System Tod D. Romo ecor1!root 512 824 5121 318 Jeanette, San Antonio, TX 78216 edsr EDS Advanced Research Jimmy Niemann edsr!jcn 214 661 6052 7223 Forest Lane, Dallas, TX 75230 eec, .austin.eds.com Austin Laboratory; EDS Research Rob Mayoff mayoff@austin.eds.com, postmaster@austin.eds.com 512 477 1892 Austin Lab, EDS Research, 1601 Rio Grande Ste. 451, Austin, TX, 78701 egsner, egsner.cirr.com, cirr.com Central Iowa (Model) Railroad Eric Schnoebelen egsner!postmaster, egsner!eric 214 250-6899 7825 McCallum Blvd, #406, Dallas, Tx 75252 elpc Cam Fox Electro Plate Circuitry elpc!cam 214 466-0818 1430 Century - Dallas - Tx - 75006 els3 Equipment Listing Service Buddy Hilliker els3!root 512 341 4900 Isom Road, San Antonio, TX 78216 engcon LTV Aerospace and Defense Company Ben Rouse engcon!root 214 266 7268 P.O.Box 655907, M/S WT-25, Dallas, TX 75265 enigma, enigma.haus.com Harris Adacom Corporation Clay Luther cluther@enigma.haus.com 214 386 2356 P.O. Box 809022, Dallas, Tx 75380-9022 ernest Texas Instruments Alan Edmonds ernest!postmaster 214 575 6427 P.O. Box 869305, MS 8513, Plano, TX, 75086 execu,execu.execu.com Execucom Systems Corp Dewey Henize usenet@execu.com 512 327 7070 Two Wild Basin, 108 Wild Basin Road, Austin, Texas 78746 NOTES:Execucom Systems is a software company specializing in Decision Support Systems and Executive Decision Systems. At any given time there are likely to be a relatively wide range of machines at this site, including a Sequent, Suns, DECs, HPs, and Primes. exitech Exitech John J. McGrath ext-adm!admin 409 245 9023 1904 Stonesthrow Drive, Bay City, TX 77414 ext-adm Exitech John McGrath ext-adm!admin 409 245 9023 1904 Stonesthrow Drive, Bay City, TX 77414 fallout DECUS DFW Local User Group John Wisniewski fallout!system 214 686 8107 3308 Rockne, Mesquite, TX 75150 fcknfst Doug Davis Doug Davis letni!doug 214 270 9226 4409 Sarazen / Mesquite / Tx / 77150 ferus Private System Alan J. Caldera root@ferus.lonestar.org 817 294 2791 6062 Copperfield Dr. #842, Ft. Worth, TX 76132 ficc.ferranti.com Ferranti International Controls Corporation Peter da Silva ficc!peter 713 274 5180 12808 West Airport Blvd./ Sugar Land TX 77487-5012 fl2 Ron McDowell fl2!postmaster 512 655 3655 4418 Monaco, San Antonio, Texas 78218-4339 flatline row major J. Eric Townsend jet@uh.edu 713 863 9137 511 Parker #2, Houston, Tx 77007 flattop, .progcons.com Private Machine Ron McDowell flattop!postmaster 512 346 0138 9500 Jollyville Rd, #127, Austin, Texas 78759 foyinc Foy Inc James H. Foy postmaster@foyinc.WLK.COM 214 782 7282 100 McKinney Street, Farmersville, Texas 75031 fozzy Rockwell International Dennis W. Fail fozzy!fail 214 996 2471 (VOICE) 214 996 7768, 214 996 2412 (DIALUP) 1200 North Alma Road, M/S 448-100, Richardson, TX 75081 fquest Public access BBS "Future Quest" Kevin Basey fquest!postmaster, fquest!kevin 512 834 9877 2018 West Rundberg #2a Austin, Tx. 78758 frontier, frontier.lonestar.org Frontier Information Systems Kevin Langston frontier!postmaster 214 315 0942 2025 Frontier Trail, Lewisville, TX 75067 fubar Private Machine Damon Permezel fubar!dap 512 371 3545 pobox 9068, austin, tx 78766-9068 furp, furp.lonestar.org Strawberry Furp Suprise Kurt Grutzmacher furp!grutz 214 392 7312 13707 Rolling Hills Dallas, Tx. 75240 fuzzy, fuzzy.lonestar.org Privately Owned John Elliott IV iv@fuzzy.lonestar.org 817 249 2147 1050 Cottonwood Trail; Benbrook, TX 76126-2734 gbdata GB Data Systems gbdata!root 713 363 3074 2427 Falls Church, Houston, Texas, 77067 gbm General Business Machines Cedric Reddick gbm!root 713 984 8561 9610 Long Point, Suite 314, Houston, TX 77055 gdfwc3 General Dynamics, Fort Worth Division, C3 Systems Todd Shutts gdfwc3!todd 817 777 8168 General Dynamics Blvd., Fort Worth, TX 76108 gescorp1 Golden Era Services, Inc. Stuart C. Cater gescorp1!root 713 524 8881 2727 Allen Parkway, Suite 1900, Houston, TX 77019 global Global Advantage Gary Henderson global!ghenderson 713 356 6043 1105 Meyer, P.O. Box 434, Seabrook, TX 77586 gtmvax GTE Telemessager, GTE information services Steve Linebarger,Floyd Ferguson gtmvax!steve,gtmvax!floydf 214 929 7943, 214 929 7942 9150 Royal Lane, Suite 130, Irving, TX 75063 hackbox Harmonix Incorporated Jason Martin Levitt hackbox!jason 512 326-9102 PO Box 3344, Austin, TX 78764 hal6000 hal6000.tandy.com Tandy Systems Software Frank Durda IV hal6000.UUCP!uhclem 817 390 2865 1300 Two Tandy Center; Ft. Worth, TX 76102 halley Tandem Computers Brad Benton Jack Bell halley!postmaster 512 244 8000 14231 Tandem Blvd; Austin, Texas 78728 harlie Private System Mitch Mitchell harlie!postmaster 214 248 8149, 214 519 3257 18330 Gallery Drive #723, Dallas, TX, 75252-5143 hdrock Western Atlas International - CORE LABORATORIES John Charles Welch hdrock!john 214 566 1446 3230 GE Drive, Tyler, Tx, 75703 helps Howard Electronics Laboratories, Products & Services James Howard helps!postmaster 512 329 8910 P. O. Box 160184, Austin, TX 78716-0184 hiplot Houston Instrument, a division of Summagraphics, Inc. Gary Powell hiplot!postmaster 512 835 0900 8500 Cameron Road, Austin, TX 78753 hnb08 Eastman Christensen Larry Flournoy hnb08!root 713 985 3870 15355 Vantage Pkwy.,West, Houston, TX 77032 hounix Houston Unix Users Group Chuck Bentley hounix!chuckb 713 827-8133 5644 Westheimer #222, Houston, TX 77056 hpaustx Hewlett Packard - Austin Texas Office Stuart Jarriel hpaustx!stuart 512 338 7262 9050 Capitol of Texas Highway North, Suite 290, Austin TX 78759 hrnowl, hrnowl.lonestar.org Horned Owl BBS Paul Elliott anwyn@hrnowl.lonestar.org (713)781-4543 5857 South Gessner #224 Houston, texas 77036 hutto Private Machine Henry Melton hutto!henry 512 846 3241 Route 1 Box 274E, Hutto Texas 78643-9751 ibes IBES Corp. Tim Anderson ibes!ta 214 907 8475 1201 Richardson Dr. Richardson, TX 75080 ibnet214 Information Brokerage Network David Woods ibnet214!root 214 733 0466 P.O. Box 796514, Dallas, TX 75379 icus, .ICUS.COM ICUS Software Systems [Development Center I] Leonard B. Tropiano icus!lenny, icus!postmaster, postmaster@icus.ICUS.COM 14300 Tandem Blvd #222, Austin, TX 78728 icusdvlp, icusdvlp.ICUS.COM ICUS Software Systems [Development Center II] Leonard B. Tropiano icus!lenny, icus!postmaster, postmaster@icus.ICUS.COM 14300 Tandem Blvd #222, Austin, TX 78728 iex IEX Corporation Bob Blencowe, Robert Brazile iex!postmaster 214 612-2600 1400 Preston Road, Suite 350, Plano, Texas 75093 ijcr Institute Of Judaic-Christian Research John R. Hill hill@ijcr.merch.tandy.com 817 346 1247 P.O. Box 331564 Fort Worth, Texas 76163 imsl Individual Edward B. Herrera imsl!herrera 713 782 6060 2500 Parkwest Blvd., Houston, TX 77042 inebriae Tel-Account, Inc. Lawrence M. Wesson, C.P.A. postmaster@inebriae.WLK.COM 214 788-2582 12740 Hillcrest #107 Dallas, TX 75230 infohub Radio Shack Computer Merchandising G. David Butler, II root@infohub.TANDY.COM 817 457 4043 1500 One Tandy Center, Ft Worth, TX, 76102 iphase Interphase Corporation Larry Hale iphase!lsh 214 919 9204 13800 Senlac, Dallas, TX 75234 iquery Programmed Intelligence Corp. Matthew C. Reedy postmaster@pic.com, iquery!postmaster 512 490 6684 400 N Loop 1604 E, Ste 100, San Antonio, TX 78232 issi International Software Systems, Inc Lisa A. Gerlich issi!postmaster 512 338 5724 9430 Research Blvd, Suite 250, Austin, TX 78759 itcdal Integral Technology Corporation Doug Workings itcdal!root 214 690 2770 2201 Waterview Parkway, Suite 1703, Richardson, TX 75080 jantor Microlink Inc. Herb Crosby jantor!postmaster 713 338-2010 403 Nasa Rd. 1 E. Bx 349, Webster, TX 77598 jassys private system Tony Holden jassys!news,jassys!tony 817 280-0282 729 Briarwood, Hurst, Tx. 76053 jcpenne JC Penney Company Inc. Robert J. Davis jcpenne!rjdavis2 214 387 6156 12712 Park Central Place, Dallas, TX 75251 jkh0 John Kay Harris and Associates John Harris jkh0!root 713 667 1781 5650 Kirby, Suite 150, Houston, TX 77005 jmdst Home System Joe M. Doss jmdst!postmaster 817 468 8932 904 Tennis Villa Drive, Arlington, TX, 76017 joshua, joshua.lonestar.org Contract Programming in FoxBase+ Bill Harris joshua!bill 214-424-1030 (DIALUP) 214-424-7626 (VOICE) 3396 Ave P, Plano, Texas 75074 k5qwb Amatuer Radio Station k5qwb Lyn R. Kennedy k5qwb!lrk 214 217 0212 P. O. Box 5133, Ovilla, TX 75154 kawhou Kurt A. Welgehausen Kurt A. Welgehausen kawhou!root 713 528 7132 P.O. Box 270835, Houston, TX 77277-0835 keys Christopher L. Winemiller (personal system) Chris Winemiller keys!postmaster 214 393 0850, 214 519 3451 328 Plantation Drive, Coppell, TX USA 75019-3213 kf5iw Honda Sport Touring Association Jim Blocker kf5iw!jim 214 996 6875 2524 Sundance Lane, Dallas, TX 75287-5871 khijol Assault Weapons 'R Us Ed Carp khijol!erc 512 445 2044 1800 E. Stassney #1205, Austin, TX 78744 NOTES:khijol means "Beam me up!" in Klingon kvue KVUE-TV Edward Sparks sparks@kvue.UUCP 512 459 6521 PO Box 9927, Austin, TX 78766 laczko, laczko.ti.com Private system Frank L. Laczko, Sr postmaster@laczko.ti.com 214 997 3988 P.O. Box 867676 Plano TX 75086 lad-shrike Lockheed Missles & Space Co., Austin Division David Capshaw lad-shrike!usenet 512 448 5757 O/96-10 B/30E, 6800 Burleson Road, Austin, Texas 78744 lark Lark Sequencing Technologies, Ltd. Charlie Lawrence 713 798 6226 chas@mbir.bcm.tmc.edu Medical Towers Building, Texas Medical Center, Houston, Tx 77030 lcra Lower Colorado River Authority Mike O'Donnell lcra!postmaster 512 473-4058 3001 Lake Austin Blvd, #201, Austin, TX 78703 learjet personal Faisal Awada learjet!postmaster 512 339 0961 3220 Duval Rd #1606, Austin, TX 78759 lerami, lerami.lonestar.org, lerami.cirr.com Private System Larry Rosenman lerami!postmaster 214 399 0210 900 Lake Isle Circle, Irving, Texas 75060-7709 lescsse Lockheed Engineering and Sciences Co. Gary Morris lobster!lescsse!postmaster 713 283 5195 1150 Gemini Avenue A-22, Houston, TX 77058 letni, letni.lonestar.org, .lonestar.org Private System Doug Davis doug@letni.lonestar.org 214-908-2522 4409 Sarazen Mesquite Tx 75150 leviathn Personal Machine Adrian J. Hardesty leviathn!adrian 713 862 1398 1134 Dorothy, Houston, TX 77008 lgc, .lgc.com Landmark Graphics Chris Martin uucp@lgc.com 713 579 4891 333 Cypress Run, Suite 100, Houston, TX 77094 lib The Texas Medical Center Stan Barber postmaster@tmc.edu, sob@bcm.tmc.edu 713 798 6042 Baylor College of Medicine, One Baylor Plaza, Houston, Texas 77030 NOTES:lib is a mail portal between THEnet and the internet limbic Southwest Systems Development Labs (Division of ICUS) Gilbert C. Kloepfer, Jr. gil@limbic.ssdl.com 8622 Maplecrest, Houston, TX 77099 lobster Private System Judy Scheltema judy@lobster.hou.tx.us 8622 Maplecrest, Houston, TX 77099 lodestar Lodestar Systems Inc. Clifton M. Bean, Murry E. Page lodestar!root 214 845 8245 14651 Dallas Parkway Suite 700 Dallas TX 75240 longway, .tic.com Texas Internet Consulting Smoot Carl-Mitchell, John S. Quarterman postmaster@longway.tic.com 512-320-9031 701 Brazos Suite 500, Austin, TX 78701-3243 lotex Chuck Bentley lotex!chuckb 713 789 8928 5644 Westheimer #222, Houston, TX 77056 loyola Comstock Connections Jack L Bell loyola!jack 512 928 8706 3103 Loyola Lane, Austin, TX 78723 lsg The LAN Support Group, Inc. Eric Pulaski lsg!epulaski 713 621 9166 520 Post Oak Blvd., Suite 100, Houston, TX 77027 lwb Univ. of Texas at Arlington, Dept. of Foreign Languages and Linguistics Bob Mugele lwb!root 817 273 3695 Box 19557, UTA, Arlington, Texas 76019 martian Commodore-AMIGA 2000HD; AmigaDos 1.3.2, Amiga-UUCP V1.05D(0.40W/0.60W) Robert J. Zepeda Robert J. Zepeda martian!rjz 512 794 8219 9500 Jollyville Road Apt. 197 ; Austin, Tx 78759 mavrick Private System Luis Basto mavrick!luis 512 255 8350 12707 Poquoson Dr., Austin, TX 78727 maxwell Southwest Research Institute Keith S. Pickens maxwell!postmaster 512 684 5111 6220 Culebra Road, San Antonio, Texas 78284 mbir Molecular Biology Information Resource, Baylor College of Medicine Charlie Lawrence 713 798 6226 chas@mbir.bcm.tmc.edu Department of Cell Biology, Baylor College of Medicine, One Baylor Plaza, Houston, Texas 77030 mcomp Micro-Comp Consulting William B. Dow mcomp!bill 214 306 3165 214 306 1596 3309 Sam Rayburn Run, Carrollton, Tx, 75007 mcreate MicroCreations Darin Arrick mcreate!darin 817 281 0612 P.O. Box 820054, North Richland Hills, TX, 76182 mdaeng,.mdaeng.com MDA Engineering Inc. Ralph W. Noack mdaeng!postmaster 817 860 6660 500 E. Border St. Suite 401 Arlington Tx 76013 meddle Discovery Hall Hands On Science Museum Dennis Little meddle!root 512 474 7616 401 Congress, Austin, TX 78752 memqa Motorola Mos Memory R&QA Henry Melton memqa!postmaster 512 928 6328 3501 Ed Bluestein Blvd, Austin Texas merch Radio Shack Computer Merchandising G. David Butler, II root@merch.tandy.com 817 457 4043 1500 One Tandy Center, Ft Worth, TX, 76102 mercy Mercy Medical Equipment Company Ron McDowell fl2!postmaster 512 655 3716 8527 Village Dr. #103, San Antonio, Texas 78217 mic RGL Consulting Richman G. Lewin gary@mic.lonestar.org 214 278-4074 P.O.Box 2010, Dallas, Tx, 75221-2010 micrtk Microtek Microbiology Raymond C. Schafer micrtk!postmaster 512 441 1066 5004 Emerald Forest Circle, Austin, TX 78745 milano MCC Software Technology Program Charles Sandel,Jim Knutson milano!usenet,sandel@mcc.com,knutson@milano.uucp 512 338 3498, 512 338 3362 9390 Research Blvd. Austin, TX 78759 mitek, mitek.com, sequent.mitek.com, .mitek.com Mitek Open Connect Systems David M. Lyle mitek!postmaster 214 490 4090 2033 Chennault Drive; Carrollton, Tx 75006 mizarvme Mizar, Inc. mizarvme!usenet 214 446 2664 1419 Dunn Drive, Carrollton, TX 75006 montagar Privately Owned and Operated David L. Cathey montagar!system 214 618-2117 6400 Independence #601, Plano, TX 75023 motaus Motorola Inc., Semiconductor Products Sector Phil Brownfield motaus!postmaster 512 873 2022 11120 Metric Blvd., Austin, TX 78758 USA moxie, moxie.hou.tx.us Greg Hackney hack@moxie.hou.tx.us 713+351-2125 P.O. Box 1173, Tomball, Texas 77377-1173 mwi Mueller & Wilson, Inc. Ron C. Wilson mwi!ron 512 824 9461 P.O. Box 17659, San Antonio, TX 78217 mwk M. W. Kellogg Lee K. Gleason mwk!postmaster 713 753 4455 601 Jefferson, Houston, TX 77210 n5lyt,n5lyt.boerne.tx.us Amateur radio station n5lyt Lee Ziegenhals n5lyt!postmaster 512 699 5670 P.O. Box 815, Boerne, TX 78006 natinst National Instruments Corporation Brian H. Powell natinst!postmaster 512 794 5506 6504 Bridge Point Parkway, Austin, Texas 78730-5039 ncmicro, ncmicro.lonestar.org NC Microproducts, Inc., Development/Field Support Lance Franklin postmaster@ncmicro.lonestar.org 214-234-6655 2323 N. Central Expressway, Suite 380, Richardson, Tx, 75080 necbsd NEC America Ying-Da Lee necbsd!ylee 214 518 5000 1525 Walnut Hill Lane, Irving, TX 75038 nemesis, nemesis.lonestar.org Privately Owned Frank Durda IV uhclem@nemesis.lonestar.org 817 292 2270 5951 Ashford Ct; Fort Worth, TX 76133-3013 netdev, .comsys.com Communication Systems Research Alex Huppenthal netdev!alex 214 250-3807 6045 Buffridge Trail, Dallas, TX 75252 nidhog, nidhog.cactus.org CACTUS (Capitol Area Central Texas UNIX Society) Henry D. Reynolds(hdr) nidhog!hdr 512 448 3617(VOICE) 1718 Valeria Austin, TX 78704 ninja db Systems G. David Butler, II root@ninja.UUCP 817 457 4043 6940 Misty Glen Court, Ft Worth, TX, 76112 nominil Lonesome Dove Computing Services Mark C. Linimon usenet@nominil.lonestar.org 512 218 0805 14300 Tandem Boulevard #239, Austin, TX 78728 nowhere Software Solutions Steven King nowhere!sking 512 339 8642 1615 A West Braker Ln, Austin, Tx, 78758 npqc Tandy National Parts, Quality Control Department Keith Ward npqc!qcdev!root 817 870 5650 900 E. Northside Dr., Fort Worth, TX 76102 nthropy Nth Graphics, Ltd. Andy Lowe nthropy!postmaster 512 832 1944 1807-C W. Braker Ln., Austin, TX 78758 ntpal Bell Northern Research, Inc. Dana Cavasso ntpal!dcavasso, ntpal!postmaster 214 301-2664 2435 N. Central Expressway, Richardson, TX 75080 nuchat South Coast Computing Services, Inc. Steve Nuchia nuchat!postmaster 713 964 2462 POB 270249 Houston, Texas 77277-0249 nuke, nuke.conmicro.com Private System Ron Harter postmaster@nuke.conmicro.com 713 334 2023 3007 Twinleaf, League City, TX 77573 oakhill Motorola Ed Rupp ed@oakhill.sps.mot.com 512 891-2224 Motorola Inc., Mail Drop OE37, 6501 William Cannon Dr. West, Austin, TX 78735-8598 obiwan Privately owned Bob Willcox obiwan!bob 512 258 4224, 512 331 0865 11209 Della Torre Drive, Austin, TX 78750 ohdoor Overhead Door Corp. Steven Forrester ohdoor!steve 214 556-2726 1910 Crown Dr., Farmers Branch, Tx, 75234 omnicomp Omnicomp Graphics Corporation H. H. Parker omnicomp!root 713 464 2990 1734 West Belt North, Houston, TX 77043 osgiliath Personal Marc St.-Gil osgiliath!marc 214 250 3014 4912 Haverwood Lane #913, Dallas, Tx 75287 ozdaltx Robert Scott, XENIX systems Consultant/OZ BBS Robert Scott ozdaltx!root 214 247-5609, 214 247-2367 No physical address known palace The Palace BBS Barry Dunlap palace!root 713 488 2721 (VOICE) 713 280 9116 (DIALUP) 15102 Penn Hills, Houston, TX 77062 para1 Paranet Richard L. Sonnier III para1!root 713 467 3100 1743 Stebbins Dr, Houston, TX 77043 pcinews Publications & Communications, Inc. Bill Lifland pcinews!wdl 512 250 9023 12416 Hymeadow Dr., Austin, Texas 78750-1896 pemrac Southwest Research Institute Richard Murphy pemrac!karen, karen@pemrac.space.swri.edu 512 522 5322 6220 Culebra Rd., San Antonio, TX 78284 pensoft Pencom Software Inc. David Bryant, Mike Heath, Lorne Wilson pensoft!postmaster 512 343 1111 9050 Capitol of Texas Hwy North, Austin TX, 78759 petro G.M. Andreen & Associates, Inc. Gilbert B. Andreen petro!postmaster 512 826 1733 235 Rockhill Dr. San Antonio, Texas 78209 peyote Capital Area Central Texas Unix Society Jim Knutson,Charles Sandel peyote!postmaster 512 338 3362, 512 338 3498 9390 Research Blvd., Austin, TX 78759 pisces, pisces.lonestar.org Privately owned system David Aldrich dga@pisces 817 267 9587 13709 West Rim Dr. #807 Euless Texas USA 76040 piziali Pizialis Andrew J. Piziali piziali!postmaster 214 442 7483 6616 Estados Drive, Parker, Texas 75002-6800 pojen MicroAge Jimmy Ko pojen!root 214 348 1523 11601 Plano Rd. #108, Dallas, TX 75243 ponder University of North Texas, Computer Science Department Johnny Carroll ponder!carroll 817 565 2279 PO Box 13886 Denton, Texas 76203 procon Pro Consultants, Inc. Monte Daily, Rick San Soucie procon!monte,procon!rick 214 637 7710 1230 River Bend Drive #215 Dallas, TX 75247 prosoft Prosoft, Inc. Jim Holmes prosoft!postmaster 512 836 6328 2011 Rutland Drive, Austin Texas, 78758 qcdev Tandy National Parts, Quality Control Department Keith Ward qcdev!root 817 870 5650 900 E. Northside Dr., Fort Worth, TX 76102 qtdallas Quickturn Systems Inc. Dasha Estes qtdalllas!root 214 516 3838 101 E. Park Blvd, Suite 600, Plano, TX 75045 radar.aca.mcc.com MCC; ACT Program Beth Paxton postmaster@radar.aca.mcc.com 512 338 3494 MCC / ACT Program; 3500 W. Balcones Center Dr.; Austin, Tx 78759 rancor IBM Advanced Workstations Division (AWD) Bob Willcox rancor!bob 512 258 4224, 512 331 0153 11209 Della Torre Drive, Austin, TX 78750 ray Raymond Schafer Associates Raymond C. Schafer ray!postmaster 512 441 1066 5004 Emerald Forest Circle, Austin, TX 78745 rcc1 Realistic Computing Company Richard C. McIntosh Jr. rcc1!rcmjr 214 528 4071 (Voice) 4524 McKinney Ave. Suite 104, Dallas, Texas 75205 rdsoftwr Robert M. Dunaway Robert M. Dunaway rdsoftwr!bob 214 252 3745 3541 Esplendor Avenue, Irving, TX 75062 redsim Hughes Simulation Systems Inc. (formerly Rediffusion Simulation Inc.) Ronald B. Adams redsim!postmaster , postmaster@redsim.lonestar.org 817 695 2270 2200 Arlington Downs Road, Arlington, TX 76011-6382 rei2 Recognition Equipment, Incorporated Mike Grabert rei2!mike 214 579 6171 P.O. Box 660204, Dallas, Texas 75266-0204 rice Rice University, Houston, TX Evan Wetstone postmaster@rice.edu 713-527-8101 Neworking & Computer Systems, P.O. Box 1892, Houston, Tx 77251 rmc,rmc.liant.com Ryan McFarland Corporation Tom Grubbs rmc!trg 512 343 1010 8911 Capital of Texas Highway North, Austin, Texas 78759 romp IBM Advanced Workstations Division Bob Willcox romp!bob 512 838 3585 4B-76/803, 11400 Burnet RD, Austin, TX 78758 ross ROSS Technology, Inc. Carl Dobbs ross!postmaster 512 448 8968 7748 Hwy. 290 West, Austin TX 78736 rover DPI Workplace Dennis W. Wimer rover!dwimer 817 281 4562 6130 Glenview Drive, #110, N. Richland Hills, TX 76180 rpp386, rpp386.cactus.org, rpp68k D/B/A River Parishes Programming John F. Haugh II rpp386!jfh 512-pri-vate No Known Address rrbible Personal System Bryan Bible rrbible!btb 512 255 2258 313 Rawhide Loop, Round Rock TX 78681 rrm Martin Computer Services Richard R. Martin rrm!postmaster 214 647 4145 634 Dallas Avenue, Grand Prairie, TX 75050 rtc Reed Tool Company Richard Herdell rtc!root 713 924 5521 6501 Navigation, Houston, TX 77011 rtjpc Tom Jacob Tom Jacob rtjpc!jacob 214 528 6733 4306 Emerson Avenue, Dallas, TX 75205 rwsys, rwsys.lonestar.org R/W Systems - Fine purveyors of custom computation and control James X. Wyatt rwsys!jim, rwsys!root, rwsys!uucpmgr 817 595 0571 3529 Ruth Road, Ste: 2121, Richland Hills, Tx 76118-5849 satcom Iguana Binary Systems David Kuykendall satcom!root 512 558 3826 4115 Goshen Pass, San Antonio, TX 78230 sawdust, .n382.z1.fidonet.org June Parchman sawdust!jip 1401 E. Rundberg Ln. #50, Austin, TX 78753 scisoft Scientific Software Intercomp Doug Scogman scisoft!root 713 953 8702 10333 Richmond Ave., Suite 1000 Houston, TX 77042 scorpio Micro Engineering Co. Donald A. Ninke, P.E. !scorpio!ninke 512 926 7520 2307 Lehigh Drive, Austin, TX 78723 sctc-1 Air Force Advanced Systems SC (SMSCRC Users Group coordinator) Milton J. Turner Jr., Unix Systems Analyst (512) 652-UNIX (8649) sctc-1!milt 512 652 3098 San Antonio, Texas Metropolitan Area sentinel W. L. Kennedy Jr. and Associates William (Bill) L. Kennedy Jr. bill@ssbn.WLK.COM 512 535 4966 Box 63449 Bandera Falls, Pipe Creek, TX 78063-3449 sequoia,sequoia.execu.com Execucom Systems Corp Dewey Henize usenet@execu.com 512 327 7070 Two Wild Basin, 108 Wild Basin Road, Austin, Texas 78746 sessun SES, Inc. John Osborn sessun!root 512 474 4526 1301 W. 25th St., Austin, TX 78705 shared Shared Financial Systems D.H. Close shared!davec 214 233 8356 15301 Dallas Parkway, #600, Dallas, TX 75248 shell,.shell.com Shell Oil Co. Susan Dang, Barry Myers postmaster@shell.com 713 795 3208, 713 795 3287 Shell Information Center, 1500 OST, Houston, TX 77054 shibaya Private system Augustine Cano shibaya!postmaster, shibaya!afc 817 382 0211 P.O. Box 2382, Denton, TX 76202 siswat Photon Graphics, Inc. A. Lester Buck siswat!usenet 713 665 2258 3618 Glen Haven, Houston, TX 77025 skeeter Privately Owned Robert Wallace tnessd!mechrw 214 464 6552 Dallas, Texas smu Southern Methodist University, Dept of Computer Science and Engineering Bob Mazanec smu!manager 214 692-2859, 214 692-3080 Department of Computer Science and Engineering, Dallas, TX 75275 smubic Southern Methodist University R. Allen Gwinn, Jr. sulaco!allen smunews Department of Electical Engineering; S.M.U. Dr. James George Dunham smunews!jgd 214 692-2812 Dallas, TX 75275 smx Individual Steve Musacchia smx!root 713 984 9600 1640 Sul Ross Houston, TX 77006 sneaky Gordon L. Burditt Gordon L. Burditt gordon@sneaky.lonestar.org 817 249 4898 (Voice: evenings only!) 1206 Duane, #2121, Benbrook, TX 76126 snoc Hackercorp Karl Lehenbauer sugar!karl, sugar!usenet 713 438 4964 3918 Panorama, Missouri City, TX 77099 solo, solo.csci.unt.edu University of North Texas, Computer Science Department Johnny Carroll solo!root 817 565 2279 PO Box 13886 Denton, Texas 76203 soma Division of Neuroscience, Baylor College of Medicine Mahmud Haque postmaster@soma.bcm.tmc.edu, mahmud@soma.bcm.tmc.edu 713 789 5985 Division of Neuroscience, Baylor College of Medicine, One Baylor Plaza, Houston, Texas 77030 sooner Dewey Coffman sooner!dewey 512 452 7354 5907 Cary Dr, Austin, Texas 78759-3109 spdyne, spdyne.lonestar.org Spectradyne, Inc. Chert Pellett spdyne!chert 214 301-9108 1501 Plano Road, Richardson, Tx. 75085 splut, .conmicro.com Confederate Microsystems Jay Maynard postmaster@splut.conmicro.com +1 713 332 3376 6027 Leafwood Circle, League City, TX 77573 ssbn, .wlk.com W.L. Kennedy Jr. & Associates William L. Kennedy, Jr. (Bill) bill@ssbn.WLK.COM 512 535 4966 Box 63449 Bandera Falls, Pipe Creek, TX 78063-3449 ssi600 Seay Systems, Inc. Vernon E. Hurdle vernon@ssi600.lonestar.org 214 522-2324 5327 N. Central Expressway, Suite 320, Dallas, TX 75205 starlite Personal Eric C. Rosen starlite!postmaster, uunet!cs.utexas.edu!rosen 512 346 6543 No Physcal address known starsoft The Starbound Software Group, a part of Starbound Enterprises David W. Lowrey postmaster@starsoft 713 894 7447 12519 Lusterleaf Dr., Cypress, TX. 77429 starweb EarthScan Systems Jose A. Sancho starweb!jas 214 242 2997 1000 Summit Circle, Carrollton, TX 75006 statham Private System Perry L. Statham statham!perry 512 335 3881 7920 San Felipe #616, Austin, TX 78729 steel Chaparral Steel Company Shans Basiti steel!shans 214 775 8241 300 Ward Road, Midlothian, TX 76065 strirc James A. Tower James A. Tower strirc!jim 214 871 3311 c/o Huitt-Zollars 3131 McKinney Ave. STE 600, Dallas, TX 75204 sugar, .hackercorp.com Hackercorp Karl Lehenbauer sugar!karl, sugar!usenet 713 438 4964 3918 Panorama, Missouri City, TX 77459 sulaco, .sigma.com Southern Methodist University R. Allen Gwinn, Jr. sulaco!allen 214 692 3186 (VOICE) Rm 150 Mc Guire Bldg., S.M.U., Dallas, TX 75275 (USMail) sunanes, sunanes.hscsa.utexas.edu Univ. of Texas Health Science Ctr. San Antonio, Dept of Anesthesiology Buddy Hilliker sunanes!buddy 512 567 4528 7703 Floyd Curl Drive #328F, San Antonio, TX 78284-7838 sunriv SunRiver Corp. John Crittenden sunriv!root 512 835 8001 1150 Metric Blvd., Suite 150, Austin, TX 78758 supernet, supernet.haus.com, .haus.com, .dallas.haus.com Harris Adacom Corporation Clay Luther cluther@supernet.haus.com 214 386 2356 P.O. Box 809022, Dallas, Tx 75380-9022 swrinde Southwest Research Institute Keith S. Pickens swrinde!postmaster 512 684 5111 6220 Culebra Road, San Antonio, Texas 78284 tadusa Tadpole Technology Tonya Butcher tadusa!butcher 512 338 4221 8310 Capitol of Texas Hwy. N, Suite 375, Austin, TX 78759 taliesin Personal Roger Florkowski taliesin!postmaster 512 255 9003 14300 Tandem Blvd #251, Austin TX 78728 taronga, taronga.hackercorp.com Individual Peter da Silva peter@taronga.hackercorp.com 713 274 5180 No physical address known tcsoft Third Coast Software, Inc. Haran Boral tcsoft!o2 512 343 8294 8716 N. MoPac, Suite 200, Austin, Texas 78759 teamcom Team Air Express David Swank teamcom!david 214 342 3692 639 W Broadway, Winnsboro, TX 75494 techsup Tandy/Radio Shack Technical Support # 0220 Gary Kueck root@techsup.UUCP 817 390 2911 400 Atrium, One Tandy Center, Ft. Worth, TX 76102 tedpc Private system William Ted Mahavier tedpc!postmaster, tedpc!ted 817 382 7036 400 Congress, Denton, TX 76201 teuton Personal System Bob Mugele teuton!root 214 780-8844 602 Madison Ct. Duncanville, TX 75137 texbell, texbell.sbc.com, sbc.com Southwestern Bell Corporation Howard Cox uocshc@swuts.sbc.com 214 464 8371 Two Bell Plaza, Room 340, Dallas, Texas 75202 NOTES:Internet gateway for Southwestern Bell Corporation texhrc TEXACO Houston Research Center Lyle Meier, Susan Willis texhrc!ldm,texhrc!sew 713-954-6000 3901 Briarpark, Houston, Tx 77072 texsun, central.sun.com, .central.sun.com Sun Microsystems, Inc. William Reeder william.reeder@Central.Sun.COM texsun!william.reeder 214 788 3176 14785 Preston Road Suite 1050, Dallas, TX 75240-7607 thnkpos EPH Information Systems Buddy Hilliker thnkpos!buddy 512 366 4785 2389 N.W. Military, #514, San Antonio, TX 78231 thot1 THOT Corporation Jim Fiegenschue thot1!jim 214 539 9281 120 Oak Grove Circle; Double Oak, TX 75067-8461 ti-csl Texas Instruments Joe Ramey ti-csl!postmaster 214 995 5728 P.O. Box 655474, MS 238, Dallas, TX, 75265 tigon TIGON Phil Meyer mages!phil 214 733 8625 17080 Dallas Parkway, Dallas, TX 75248 tmcvax Houston Academy of Medicine/Texas Medical Center Library Stan Barber/Susan Bateman sob@bcm.tmc.edu,susan_bateman@library.tmc.edu 713 798 6042 HAM/TMC Library, Texas Medical Center, Houston, Tx 77030 toyshop Private system Eric Lipscomb toyshop!postmaster, toyshop!root 817 387 6200 1608 McCormick Denton TX 76205 tqc, .n382.z1.FIDONET.ORG Personal "The Q Continuum" Eric Rouse tqc!postmaster, tqc!eric 512 266 3867 2100 Red Fox Rd, Austin, Tx. 78734-2927 track29 ECP technical consulting Charles Forsythe track29!postmaster 214 739 3276 8215 Meadow Rd. #1005,Dallas, TX 75231 tramark TraMark Software, Inc. Mark McCollom tramark!usenet 214 369 1777 10210 N. Central Expy., Suite 320, Dallas, TX 75231 trashy Individual Steve Talmage steve@trashy.hou.tx.us 713 556 5830 12630 Ashford Point Drive, Apt. 419, Houston, TX 77082 trillium University of Texas at Austin Brook G. Milligan ut-emx!brook 512 471 3530 Department of Botany trimara Trimarand, Inc. Jeff Collins trimara!root 713 358 2764 600 Rockmead, Suite 200, Kingwood, TX 77339 trsvax trsvax.tandy.com Tandy Electronics, Research and Development Frank Durda IV uhclem@trsvax.tandy.com 817 390 2865 1300 Two Tandy Center, Ft. Worth, TX 76102 tsci, tsci.lonestar.org System Center, Inc David R. Wood tsci!wood 214 550 0318 x132 2477 Gateway Drive, Suite 101, Irving, TX 75063-2728 tssnet Thursday Software Systems, Inc. Paul Nelson tssnet!nelson 817 478 5070 5840 W. Interstate 20, Suite 115, Arlington, TX 76017 tusol Trinity University CS Department Aaron Konstam tusol!akonstam 512 736-7484 715 Stadium Dr., San Antonio, TX 78284 txsil Summer Institute of Linguistics Dan Lord, Steve McConnel txsil!postmaster 214 709 3319 7500 W Camp Wisdom Road, Dallas Texas 75236 ucmsa ALAMO Matchmaker Buddy Hilliker ucmsa!news 512 366 4785 (VOICE) 512 366 4752 (DIALUP) 2389 N.W. Military, #514, San Antonio, TX 78231 uhc UHC Steve Talmage uhc!steve, uhc!root, uhc!postmaster 713 782 2700 3600 South Gessner, Suite 110, Houston, TX 77063 uhnix1 University of Houston, Academic Computing Services Alan Pfeiffer-Traum postmaster@uh.edu 713 749 1490 4800 Calhoun, Houston, TX 77204-1961 uhura1 Mark Weber uhura1!root 713 626 9568 5177 Richmond Avenue, Suite 1075, Houston, TX 77056 uller ATL inc... Michael F. Angelo uller!postmaster 713 586 7761 No physical address known unidos UniDos, Inc. Bill Van Zandt unidos!bvz 713 785 4709 7660 Woodway, Suite 580, Houston, TX 77063 unisql UniSQL, Inc. Alfred Correira unisql!usenet 512 343 7297 9390 Research Blvd, Kaleido II, Suite 220, Austin, Texas 78759 urchin, .n106.z1.fidonet.org Two Wheelers FidoNet BBS Howard Gerber urchin!postmaster 713 682 4759 1031 West 43rd Street, Houston, TX 77018-4301 usdalmkt, usdalmkt.haus.com, usdalmkt.dallas.haus.com Harris Adacom Corporation, Dallas Marketing Tony Druery usdalmkt!tony 214 386 1229 P.O. Box 809022, Dallas, Tx 75380-9022 ut-botany University of Texas at Austin Brook G. Milligan ut-emx!brook 512 471 3530 Department of Botany ut-emx The University of Texas at Austin, Computation Center Vance Strickland ut-emx!uucp (512) 471-3241 Austin, TX 78712 utacfd, utacfd.arl.utexas.edu Univ. of Tx at Arlington; Aerospace Eng. Dept. Ralph W. Noack utacfd!postmaster 817 273 2860 UTA Box 19018, Arlingtion, Tx 76019 utanes Univ. of Texas Health Science Ctr. San Antonio, Dept of Anesthesiology Buddy Hilliker utanes!eph 512 567 4528 7703 Floyd Curl Drive #328F, San Antonio, TX 78284-7838 utastro University of Texas, Astronomy/McDonald Observatory David Way postmaster@utastro.UUCP 512 471 7439 Univ of Texas, Dept of Astronomy, Austin TX 78712 utep-vaxa University of Texas at El Paso, EE and CS Dept. Edgar Gandara utep-vaxa!sys_man 915 747 5470 El Paso, Texas 79968-0523 uudell, .dell.com Dell Computer Corporation James Van Artsdalen postmaster@uudell.dell.com 512 338 8789 Dell Computer Corporation, AR3, 9505 Arboretum Blvd., Austin TX 78759 val, .val.com Video Associates Labs, Inc. Ben Thornton val!ben 512 346 5781 4926 Spicewood Springs Rd., Austin, TX 78759 vector, vector.dallas.tx.us Dallas Semiconductor Ed Higgins vector!edso 214 450 5391 4401 South Beltwood Parkway, Dallas, TX 75244-3292 virago Private System Mitch Mitchell virago!postmaster 214 519 3257, 214 248 8149 18330 Gallery Drive #723, Dallas, TX, 75252-5143 vitec Visual Information Technologies - VITec Jay Thompson vitec!jay 214 596 5600 3460 Lotus Dr, Plano, TX 75075 vitsun Visual Information Technologies (VITec) Jay Thompson vitsun!jthompson 214 596 5600 3460 Lotus Dr, Plano, TX 75075 void, void.lonestar.org Cam Fox cam@void.lonestar.org 214-306-0148 18175 Midway, #253 - Dallas - Tx - 75287 vortech Vortech Data, Inc. Peter Stephens postmaster@vortech.UUCP 214 669 3448 2929 North Central Exprwy, Suite 240, Richardson, TX 75080 w5veo,w5veo.boerne.tx.us Amateur radio station w5veo Larry Becker w5veo!w5veo 512 249 3168 Rt 2 Box 2741, Boerne, TX 78006 walrus ACECO Dave Minor walrus!root 512 661 4111 5355 Dietrich Rd, San Antonio, TX 78219 warble Private system Wayne Ross wayne@warble.UUCP 214 987 1478 3415 Westminster Suite 201 Dallas Texas USA 75205 watson, bcm.tmc.edu Baylor College of Medicine Stan Barber postmaster@bcm.tmc.edu 713 798 6042 Baylor College of Medicine, One Baylor Plaza, Houston, Texas 77030 wb9rxw American Airlines - STIN Gary Partain wb9rxw!gary 817 963 3311 2748 Timber Ct., Grand Prairie, TX 75052-4443 wcscnet Willies Computer Software Co. Egberto Willies wcscnet!root 713 498 4832 10507 Swan Glen, Houston, TX 77099 westech Western Atlas/Integrated Technologies David Waddell westech!root 713 972 4618 10205 Westheimer, Room 774, Houston, TX 77042 whitwiz, whitwiz.lonestar.org Private System Danny White whitwiz!postmaster 214-422-7131 1429 Glacier, Plano, Tx 75023 witte Private System Ken Witte witte!witte 512 990 2529 14302 Jennave Ln., Austin, Texas 78728 wixer Wixer Industries Douglas Barnes wixer!dorf 512 454 8134 504 W. 24th St #30, Austin, TX 78705 wizlair Wizard's Lair Private BBS Robert D. Greene rgreene@bnr.ca 214-pri-vate 9150 Fair Oaks #915, Dallas, Texas 75231 wnss We'll Never Stop Searching Lance Spangler spangler@wnss.UUCP 512 454-2038 PO Box 9927, Austin, TX 78766 woodwrk, woodwrk.lonestar.org Kingswood Software Associates Richard H. Wood woodwrk!postmaster 214 530 2595, 214 519 3559 246 Bancroft Drive East, Garland, Tx 75040 wotan, wotan.compaq.com, compaq.com Compaq Computer Corporation Greg Hackney hackney@compaq.com 713+378-8427 20555 SH 249, M-050701, Houston, Texas, 77070-2698 woton Shriners Burns Institute R.J. Nichols III woton!postmaster 409 761 4701 SBI, Computer Department, 610 Texas Ave., Galveston, TX 77550 USA wrangler W.L. Kennedy Jr. & Associates William L. Kennedy, Jr. (Bill) bill@ssbn.WLK.COM 512 535 4966 Box 63449 Bandera Falls, Pipe Creek, TX 78063-3449 wroach, wroach.cactus.org personal Walter Butler postmaster@wroach.cactus.org 512 326 2421 905 E. Oltorf, Austin, TX 78704 wylie CIM Systems Steve Hickman wylie!root 214 437 5171 2425 N. Central Expressway Suite 432 Richardson, TX 75080 ywamtxs Youth With A Mission Robert G. Smith ywamtxs!robert 214 882 5591 PO Box 4600, Tyler, TX 75712-4600 zippee TPC Services Tim Dawson zippee!root 214 221 7385 1502 Live Oak, Lewisville, TX 75067 zitt Syntax Performance Group Joe Zitt zitt!postmaster 512 450 1916 2819 Foster Lane, Apt F112, Austin TX 78757 zycorus Zycor, Inc. Bill Curtis zycorus!root 512 282 6699 220 Foremost Austin, TX 78745 =================================================================== / / / File 06 / NIA071 / / Electronic Frontier Foundation / / Mike Godwin (mnemonic@eff.org) / / / [Editors Note: The following release was Faxcast to 1500+ media organizations and interested parties where it was followed up released in EFFector (Ref: EFF Newsletter, Editor: Mike Godwin). This is a case I feel that is _very_ important to our community and so therefore will be covered by NIA as developements continue.] EXTENDING THE CONSTITUTION TO AMERICAN CYBERSPACE: TO ESTABLISH CONSTITUTIONAL PROTECTION FOR ELECTRONIC MEDIA AND TO OBTAIN REDRESS FOR AN UNLAWFUL SEARCH, SEIZURE, AND PRIOR RESTRAINT ON PUBLICATION, STEVE JACKSON GAMES AND THE ELECTRONIC FRONTIER FOUNDATION TODAY FILED A CIVIL SUIT AGAINST THE UNITED STATES SECRET SERVICE AND OTHERS. On March 1, 1990, the United States Secret Service nearly destroyed Steve Jackson Games (SJG), an award-winning publishing business in Austin, Texas. In an early morning raid with an unlawful and unconstitutional warrant, agents of the Secret Service conducted a search of the SJG office. When they left they took a manuscript being prepared for publication, private electronic mail, and several computers, including the hardware and software of the SJG Computer Bulletin Board System. Yet Jackson and his business were not only innocent of any crime, but never suspects in the first place. The raid had been staged on the unfounded suspicion that somewhere in Jackson's office there "might be" a document compromising the security of the 911 telephone system. In the months that followed, Jackson saw the business he had built up over many years dragged to the edge of bankruptcy. SJG was a successful and prestigious publisher of books and other materials used in adventure role-playing games. Jackson also operated a computer bulletin board system (BBS) to communicate with his customers and writers and obtain feedback and suggestions on new gaming ideas. The bulletin board was also the repository of private electronic mail belonging to several of its users. This private mail was seized in the raid. Despite repeated requests for the return of his manuscripts and equipment, the Secret Service has refused to comply fully. Today, more than a year after that raid, The Electronic Frontier Foundation, acting with SJG owner Steve Jackson, has filed a precedent setting civil suit against the United States Secret Service, Secret Service Agents Timothy Foley and Barbara Golden, Assistant United States Attorney William Cook, and Henry Kluepfel. "This is the most important case brought to date," said EFF general counsel Mike Godwin, "to vindicate the Constitutional rights of the users of computer-based communications technology. It will establish the Constitutional dimension of electronic expression. It also will be one of the first cases that invokes the Electronic Communications and Privacy Act as a shield and not as a sword -- an act that guarantees users of this digital medium the same privacy protections enjoyed by those who use the telephone and the U.S. Mail." Commenting on the overall role of the Electronic Frontier Foundation in this case and other matters, EFFs president Mitch Kapor said, "We have been acting as an organization interested in defending the wrongly accused. But the Electronic Frontier Foundation is also going to be active in establishing broader principles. We begin with this case, where the issues are clear. But behind this specific action, the EFF also believes that it is vital that government, private entities, and individuals who have violated the Constitutional rights of individuals be held accountable for their actions. We also hope this case will help demystify the world of computer users to the general public and inform them about the potential of computer communities." Representing Steve Jackson and The Electronic Frontier Foundation in this suit is James George,Jr. of Graves, Dougherty, Hearon & Moody of Austin, Rabinowitz, Boudin, Standard, Krinsky & Liberman of New York,and Harvey A. Silverglate and Sharon L. Beckman of Silverglate & Good of Boston . Copies of the complaint, the unlawful search warrant, statements by Steve Jackson and the Electronic Frontier Foundation, a legal fact sheet and other pertinent materials are available by request from the EFF. --- Also made available to members of the press and electronic media on request were the following statementby Mitchell Kapor and a legal fact sheet prepared by Sharon Beckman and Harvey Silverglate of Silverglate & Good, the law firm central to the filing of this lawsuit. WHY THE ELECTRONIC FRONTIER FOUNDATION IS BRINGING SUIT ON BEHALF OF STEVE JACKSON. With this case, the Electronic Frontier Foundation begins a new phase of affirmative legal action. We intend to fight for broad Constitutional protection for operators and users of computer bulletin boards. It is essential to establish the principle that computer bulletin boards and computer conferencing systems are entitled to the same First Amendment rights enjoyed by other media. It is also critical to establish that operators of bulletin boards JQJ whether individuals or businesses JQJ are not subject to unconstitutional, overbroad searches and seizures of any of the contents of their systems, including electronic mail. The Electronic Frontier Foundation also believes that it is vital to hold government, private entities, and individuals who have violated the Constitutional rights of others accountable for their actions. Mitchell Kapor, President, The Electronic Frontier Foundation --- LEGAL FACT SHEET: STEVE JACKSON GAMES V. UNITED STATES SECRET SERVICE, ET AL This lawsuit seeks to vindicate the rights of a small, successful entrepreneur/publisher to conduct its entirely lawful business, free of unjustified governmental interference. It is also the goal of this litigation to firmly establish the principle that lawful activities carried out with the aid of computer technology, including computer communications and publishing, are entitled to the same constitutional protections that have long been accorded to the print medium. Computers and modems, no less than printing presses, typewriters, the mail, and telephones -being the methods selected by Americans to communicate with one another -- are all protected by our constitutional rights. Factual Background and Parties: Steve Jackson, of Austin, Texas, is a successful small businessman. His company, Steve Jackson Games, is an award- winning publisher of adventure games and related books and magazines. In addition to its books and magazines, SJG operates an electronic bulletin board system (the Illuminati BBS) for its customers and for others interested in adventure games and related literary genres. Also named as plaintiffs are various users of the Illuminati BBS. The professional interests of these users range from writing to computer technology. Although neither Jackson nor his company were suspected of any criminal activity, the company was rendered a near fatal blow on March 1, 1990, when agents of the United States Secret Service, aided by other law enforcement officials, raided its office, seizing computer equipment necessary to the operation of its publishing business. The government seized the Illuminati BBS and all of the communications stored on it, including private electronic mail, shutting down the BBS for over a month. The Secret Service also seized publications protected by the First Amendment, including drafts of the about-to-be-released role playing game book GURPS Cyberpunk. The publication of the book was substantially delayed while SJG employees rewrote it from older drafts. This fantasy game book, which one agent preposterously called "a handbook for computer crime," has since sold over 16,000 copies and been nominated for a prestigious game industry award. No evidence of criminal activity was found. The warrant application, which remained sealed at the government's request for seven months, reveals that the agents were investigating an employee of the company whom they believed to be engaged in activity they found questionable at his home and on his own time. The warrant application further reveals not only that the Secret Service had no reason to think any evidence of criminal activity would be found at SJG, but also that the government omitted telling the Magistrate who issued the warrant that SJG was a publisher and that the contemplated raid would cause a prior restraint on constitutionally protected speech, publication, and association. The defendants in this case are the United States Secret Service and the individuals who, by planning and carrying out this grossly illegal search and seizure, abused the power conferred upon them by the federal government. Those individuals include Assistant United States Attorney William J. Cook, Secret Service Agents Timothy M. Foley and Barbara Golden, as well Henry M. Kluepfel of Bellcore, who actively participated in the unlawful activities as an agent of the federal government. These defendants are the same individuals and entities responsible for the prosecution last year of electronic publisher Craig Neidorf. The government in that case charged that Neidorf's publication of materials concerning the enhanced 911 system constituted interstate transportation of stolen property. The prosecution was resolved in Neidorf's favor in July of 1990 when Neidorf demonstrated that materials he published were generally available to the public. Legal Significance: This case is about the constitutional and statutory rights of publishers who conduct their activities in electronic media rather than in the traditional print and hard copy media, as well as the rights of individuals and companies that use computer technology to communicate as well as to conduct personal and business affairs generally. The government's wholly unjustified raid on SJG, and seizure of its books, magazines, and BBS, violated clearly established statutory and constitutional law, including: . The Privacy Protection Act of 1980, which generally prohibits the government from searching the offices of publishers for work product and other documents, including materials that are electronically stored; . The First Amendment to the U. S. Constitution, which guarantees freedom of speech, of the press and of association, and which prohibits the government from censoring publications, whether in printed or electronic media. . The Fourth Amendment, which prohibits unreasonable governmental searches and seizures, including both general searches and searches conducted without probable cause to believe that specific evidence of criminal activity will be found at the location searched. . The Electronic Communications Privacy Act and the Federal Wiretap statute, which together prohibit the government from seizing electronic communications without justification and proper authorization. STEVE JACKSON LAWSUIT: FULL TEXT OF COMPLAINT (long) This document was filed May 1 in federal court in Austin, Texas UNITED STATES DISTRICT COURT WESTERN DISTRICT OF TEXAS AUSTIN DIVISION STEVE JACKSON GAMES INCORPORATED, STEVE JACKSON, ELIZABETH McCOY, WALTER MILLIKEN, and STEFFAN O'SULLIVAN, Plaintiffs, v. UNITED STATES SECRET SERVICE, UNITED STATES OF AMERICA, WILLIAM J. COOK, TIMOTHY M. FOLEY, BARBARA GOLDEN, and HENRY M. KLUEPFEL, Defendants. COMPLAINT AND DEMAND FOR JURY TRIAL I. INTRODUCTION AND SUMMARY This is a civil action for damages to redress violations of the Privacy Protection Act of 1980, 42 U.S.C. 2000aa et seq; the Electronic Communications Privacy Act, as amended, 18 U.S.C. 2510 et seq and 2701 et seq; and the First and Fourth Amendments to the United States Constitution. Plaintiffs are Steve Jackson Games Incorporated ("SJG"), an award-winning publisher of books, magazines, and games; its president and sole owner Steve Jackson; and three other users of an electronic bulletin board system operated by SJG. Defendants are the United States Secret Service, the United States of America, an Assistant United States Attorney, Secret Service agents, and a private individual who acted at the direction of these federal officers and agents and under color of federal authority. Although neither Steve Jackson nor SJG was a target of any criminal investigation, defendants caused a general search of the business premises of SJG and the wholesale seizure, retention, and conversion of computer hardware and software and all data and communications stored there. Defendants seized and retained work product and documentary materials relating to SJG books, games, and magazines, thereby imposing a prior restraint on the publication of such materials. Defendants also seized and retained an entire electronic bulletin board system, including all computer hardware and software used to operate the system and all data and communications stored on the system, causing a prior restraint on the operation of the system. Defendants also seized and retained computer hardware and software, proprietary information, records, and communications used by SJG in the ordinary course of operating its publishing business. The search of this reputable publishing business and resulting seizures constituted a blatant violation of clearly established law. The search and seizure violated the Privacy Protection Act of 1980, which strictly prohibits law enforcement officers from using search and seizure procedures to obtain work product or documentary materials from a publisher, except in narrow circumstances not applicable here. The seizure and retention of SJG's work product and bulletin board system, as well as the seizure and retentionof the computers used to prepare SJG publications and to operate the bulletin board system, violated the First Amendment. The search and seizure, which encompassed proprietary business information and private electronic communications as well as materials protected by the First Amendment, also violated the Fourth Amendment. Defendants conducted an unconstitutional general search pursuant to a facially invalid, general warrant. The warrant was issued without probable cause to believe that any evidence of criminal activity would be found at SJG and was issued on the basis of false and misleading information supplied by the defendants. Defendants also invaded plaintiffs' privacy by seizing and intercepting the plaintiffs' private electronic communications in violation of the Electronic Communications Privacy Act. Defendants' wrongful and unlawful conduct amounted to an assault by the government on the plaintiffs, depriving them of their property, their privacy, their First Amendment rights and inflicting humiliation and great emotional distress upon them. II. DEFINITIONS When used in this complaint, the following words and phrases have the following meanings: Computer Hardware: Computer hardware consists of the mechanical, magnetic, electronic, and electrical devices making up a computer system, such as the central processing unit, computer storage devices (disk drives, hard disks, floppy disks), keyboard, monitor, and printing devices. Computer Software: Computer software consists of computer programs and related instructions and documentation. Computer Program: A computer program is a set of instructions that, when executed on a computer, cause the computer to process data. Source Code: Source code is a set of instructions written in computer programming language readable by humans. Source code must be "compiled," "assembled," or "interpreted" with the use of a computer program before it is executable by a computer. Text File: A computer file is a collection of data treated as a unit by a computer. A text file is a memorandum, letter, or any other alphanumeric text treated as a unit by a computer. A text file can be retrieved from storage and viewed on a computer monitor, printed on paper by a printer compatible with the computer storing the data, or transmitted to another computer. Modem: A modem, or modulator-demodulator, is an electronic device that makes possible the transmission of data to or from a computer over communications channels, including telephone lines. Electronic mail: Electronic mail (e-mail) is a data communication transmitted between users of a computer system or network. E-mail is addressed to one or more accounts on a computer system assigned to specific users and is typically stored on the system computer until read and deleted by the addressee. The privacy of electronic mail is typically secured by means of a password, so that only individuals withknowledge of the account's password can obtain access to mail sent to that account. Electronic Bulletin Board System (BBS): A BBS is a computerized conferencing system that permits communication and association between and among its users. A systems operator ("sysop") manages the BBS on a computer system that is equipped with appropriate hardware and software to store text files and communications and make them accessible to users. Users of the BBS gain access to the system using their own computers and modems and normal telephone lines. A BBS is similar to a traditional bulletin board in that it allows users to transmit and "post" information readable by other users. Common features of a BBS include: (1) Conferences in which users engage in an ongoing exchange of information and ideas. Conferences can be limited to a specific group of users, creating an expectation of privacy, or open to the general public. (2) Archives containing electronically stored text files accessible to users; (3) Electronic mail service, in which the host computer facilitates the delivery, receipt, and storage of electronic mail sent between users. Bulletin board systems may be maintained as private systems or permit access to the general public. They range in size from small systems operated by individuals using personal computers in their homes, to medium-sized systemsoperated by groups or commercial organizations, to world-wide networks of interconnected computers. The subject matter and number of topics discussed on a BBS are limited only by the choices of the system's operators and users. Industry estimates indicate that well over a million people in the United States use bulletin board systems. III. PARTIES 1. Plaintiff SJG is a corporation duly organized and existing under the laws of the State of Texas. At all relevant times, SJG was engaged in the business of publishing adventure games and related books and magazines. Its place of business is 2700-A Metcalfe Road, Austin, Texas. 2. Plaintiff Steve Jackson ("Jackson"), the president and sole owner of SJG, is an adult resident of the State of Texas. 3. Plaintiffs Elizabeth McCoy, Walter Milliken, and Steffan O'Sullivan are adult residents of the State of New Hampshire. At all relevant times, they were users of the electronic bulletin board system provided and operated by SJG and known as the "Illuminati Bulletin Board System" ("Illuminati BBS"). 4. The United States Secret Service, an agency within the Treasury Department, and the United States of America sued in Counts I, IV, and V. 5. Defendant William J. Cook ("Cook") is an adult resident of the State of Illinois. At all relevant times,Cook was employed as an Assistant United States Attorney assigned to the United States Attorney's office in Chicago, Illinois. Cook is sued in Counts II-V. 6. Defendant Timothy M. Foley ("Foley") is an adult resident of the State of Illinois. At all relevant times, Foley was employed as a Special Agent of the United States Secret Service, assigned to the office of the United States Secret Service in Chicago, Illinois. At all relevant times, Foley was an attorney licensed to practice law in the State of Illinois. Foley is sued in Counts II-V. 7. Defendant Barbara Golden ("Golden") is an adult resident of the State of Illinois. At all relevant times, Golden was employed as a Special Agent of the United States Secret Service assigned to the Computer Fraud Section of the United States Secret Service in Chicago, Illinois. 8. Defendant Henry M. Kluepfel ("Kluepfel") is an adult resident of the state of New Jersey. At all relevant times, Kluepfel was employed by Bell Communications Research as a district manager. Kluepfel is sued in Counts II-V. III. JURISDICTION AND VENUE 9. This Court's jurisdiction is invoked pursuant to 28 U.S.C. 1331 and 42 U.S.C. 2000aa- 6(h). Federal question jurisdiction is proper because this is a civil action authorized and instituted pursuant to the First and Fourth Amendments to the United States Constitution, 42 U.S.C. 2000aa-6(a) and 6(h), and 18 U.S.C. 2707 and 2520. 10. Venue in the Western District of Texas is proper under 28 U.S.C. 1391(b), because a substantial part of the events or omissions giving rise to the claims occurred within this District. IV. STATEMENT OF CLAIMS FACTUAL BACKGROUND Steve Jackson Games 11. SJG, established in 1980 and incorporated in 1984, is a publisher of books, magazines, and adventure games. (a) SJG books and games create imaginary worlds whose settings range from prehistoric to futuristic times and whose form encompass various literary genres. (b) The magazines published by SJG contain news, information, and entertainment relating to the adventure game industry and related literary genres. 12. SJG games and publications are carried by wholesale distributors throughout the United States and abroad. 13. SJG books are sold by national retail chain stores including B. Dalton, Bookstop, and Waldenbooks. 14. Each year from 1981 through 1989, and again in 1991, SJG board games, game books, and/or magazines have been nominated for and/or received the Origins Award. The Origins Award, administered by the Game Manufacturers' Association, is the adventure game industry's most prestigious award. 15. SJG is not, and has never been, in the business of selling computer games, computer programs, or other computer products. 16. On March 1, 1990, SJG had 17 employees. Steve Jackson Games Computer Use 17. At all relevant times, SJG relied upon computers for many aspects of its business, including but not limited to the following uses: (a) Like other publishers of books or magazines, and like a newspaper publisher, SJG used computers to compose, store, and prepare for publication the text of its books, magazines, and games. (b) SJG stored notes, source materials, and other work product and documentary materials relating to SJG publications on its computers. (c) Like many businesses, SJG used computers to create and store business records including, but not limited to, correspondence, contracts, address directories, budgetary and payroll information, personnel information, and correspondence. 18. Since 1986, SJG has used a computer to operate an electronic bulletin board system (BBS) dedicated to communication of information about adventure games, the game industry, related literary genres, and to association among individuals who share these interests. (a) The BBS was named "Illuminati," after the company's award-winning board game. (b) At all relevant times, the Illuminati BBS was operated by means of a computer located on the business premises of SJG. The computer used to run the Illuminati BBS (hereafter the "Illuminati computer") was connected to the telephone number 512-447-4449. Users obtained access to communications and information stored on the Illuminati BBS from their own computers via telephone lines. (c) The Illuminati BBS provided a forum for communication and association among its users, which included SJG employees, customers, retailers, writers, artists, competitors, writers of science fiction and fantasy, and others with an interest in the adventure game industry or related literary genres. (d) SJG, Jackson, and SJG employees also used the Illuminati BBS in the course of business to communicate with customers, retailers, writers, and artists; to provide customer service; to obtain feedback on games and new game ideas; to obtain general marketing information; to advertise its games and publications, and to establish good will and a sense of community with others who shared common interests. (e) As of February 1990, the Illuminati BBS had over 300 users residing throughout the United States and abroad. (f) At all relevant times, plaintiffs SJG, Jackson, McCoy, Milliken, and O'Sullivan were active users of the Illuminati BBS. (g) Each user account was assigned a password to secure the privacy of the account. (h) The Illuminati BBS gave users access to general files of electronically stored information. General files included, but were not limited to, text files containing articles on adventure games and game-related humor, including articles published in SJG magazines and articles contributed by users of the BBS, and text files containing game rules. These general files were stored on the Illuminati computer at SJG. (i) The Illuminati BBS provided several public conferences, in which users of the BBS could post information readable by other users and read information posted by others. The discussions in the public conferences focused on SJG products, publications and related literary genres. All communications transmitted to these conferences were stored in the Illuminati computer at SJG. (j) SJG informed users of the Illuminati BBS that "any opinions expressed on the BBS, unless specifically identified as the opinions or policy of Steve Jackson Games Incorporated, are only those of the person posting them. SJ Games will do its best to remove any false, harmful or otherwise obnoxious material posted, but accepts no responsibility for material placed on this board without its knowledge. (k) The Illuminati BBS also provided private conferences that were accessible only to certain users authorized by SJG and not to the general public. All communications transmitted to these conferences were stored in the Illuminati computer at SJG. (l) The Illuminati BBS provided a private electronic mail (e-mail) service, which permitted the transmission of private communications between users on the system as follows: (i) E-mail transmitted to an account on the Illuminati BBS was stored on the BBS computer until deleted by the addressee. (ii) The privacy of e-mail was secured by the use of passwords. (iii) The privacy of e-mail was also secured by computer software that prevented the system operator from reading e-mail inadvertently. (iv) The privacy of e-mail was also secured by SJG policy. SJG informed users of the Illuminati BBS that "[e]lectronic mail is private." (v) As a matter of policy, practice, and customer expectations, SJG did not read e-mail addressed to Illuminati users other than SJG. (vi) At all relevant times, all plaintiffs used the e-mail service on the Illuminati BBS. (vii) On March 1, 1990, the Illuminati computer contained stored e-mail sent to or from each of the plaintiffs. The Illegal Warrant and Application 19. On February 28, 1990, defendant Foley filed an application with this Court, for a warrant authorizing the search of the business premises of SJG and seizure of "[c]omputer hardware (including, but not limited to, central processing unit(s), monitors, memory devices, modem(s), programming equipment, communication equipment, disks, and prints) and computer software (including, but not limited to, memory disks, floppy disks, storage media) and written material and documents relating to the use of the computer system (including networking access files), documentation relating to the attacking of computers and advertising the results of computer attacks (including telephone numbers and location information), and financial documents and licensing documentation relative to the computer programs and equipment at the business known as Steve Jackson Games which constitute evidence, instrumentalities and fruits of federal crimes, including interstate transportation of stolen property (18 USC 2314) and interstate transportation of computer access information (18 USC 1030(a)(6)). This warrant is for the seizure of the above described computer and computer data and for the authorization to read information stored and contained on the above described computer and computer data." A copy of the application and supporting affidavit of defendant Foley (hereafter "Foley affidavit") are attached as Exhibit "A" and incorporated herein by reference. 20. The search warrant was sought as part of an investigation being conducted jointly by defendant Cook and the United States Attorney's office in Chicago; defendants Foley, Golden, and the Chicago field office of the United States Secret Service; and defendant Kluepfel. 21. On information and belief, neither SJG nor Jackson nor any of the plaintiffs were targets of this investigation. 22. The Foley affidavit was based on the investigation of defendant Foley and on information and investigative assistance provided to him by others, including defendants Golden and Kluepfel and unnamed agents of the United States Secret Service. Foley Affidavit para. 3. 23. The Foley affidavit alleged that defendant Klu%p}el had participated in the execution of numerous federal and state search warrants. Id. 24. On information and belief, Defendant Cook participated in the drafting, review, and submission of the warrant application and supporting affidavit to this Court. 25. The warrant application and supporting affidavit were placed under seal on motion of the United States. 26. On February 28, 1990, based on the Foley affidavit, a United States Magistrate for the Western District of Texas granted defendant Foley's warrant application and issued awarrant authorizing the requested search and seizure described in paragraph 19 above. A copy of the search warrant is attached as Exhibit B. 27. The warrant was facially invalid for the following reasons: (a) It was a general warrant that failed to describe the place to be searched with particularity. (b) It was a general warrant that failed to describe things to be seized with particularity. (c) It swept within its scope handwritten, typed, printed, and electronically stored communications, work product, documents, and publications protected by the First Amendment. (d) It swept within its scope SJG proprietary information and business records relating to activities protected by the First Amendment. (e) It swept within its scope a BBS that was a forum for speech and association protected by the First Amendment. (f) It swept within its scope computer hardware and software that were used by SJG to publish books, magazines, and games. (g) It swept within its scope computer hardware and software used by SJG to operate a BBS. 28. The warrant was also invalid in that it authorized the seizure of work product and documentary materials from apublisher "reasonably believed to have a purpose to disseminate to the public a newspaper, book, broadcast, or other similar form of public communication, in or affecting interstate or foreign commerce," which is generally prohibited by 42 U.S.C. 2000aa(a) and (b), without showing the existence of any of the narrow statutory exceptions in which such a search and seizure is permitted. Specifically, the Foley affidavit did not establish the existence of any of the following circumstances: (a) The Foley affidavit did not establish probable cause to believe that SJG, or any employee in possession of work product materials at SJG, had committed or was committing a criminal offense to which such materials related. (b) The Foley affidavit did not establish probable cause to believe that SJG or any employee of SJG in possession of work product materials at SJG, had committed or was committing a criminal offense to which such materials related consisting of other than the receipt possession, communication, or withholding of such materials or the information contained therein. (c) The Foley affidavit did not establish probable cause to believe that SJG, or any employee of SJG in possession of work product materials at SJG, had committed or was committing a criminal offense consisting of the receipt, possession, or communicationof information relating to the national defense, classified information, or restricted data under the provisions of 18 U.S.C. 793, 794, 797, or 798 or 50 U.S.C. 783. (d) The Foley affidavit did not establish reason to believe that immediate seizure of work product materials from SJG was necessary to prevent the death of, or serious bodily injury to, a human being. (e) The Foley affidavit did not establish probable cause to believe that SJG, or any employee of SJG in possession of documentary materials at SJG, had committed or was committing a criminal offense to which the materials related. (f) The Foley affidavit did not establish probable cause to believe that SJG, or any employee of SJG in possession of documentary materials at SJG had committed or was committing a criminal offense to which the materials related consisting of other than the receipt, possession, communication, or withholding of such materials or the information contained therein. (g) The Foley affidavit did not establish probable cause to believe that SJG, or any employee of SJG in possession of documentary materials at SJG, had committed or was committing an offense consisting of the receipt, possession, or communication of information relating to the national defense, classifiedinformation, or restricted data under the provisions of 18 U.S.C. 793, 794, 797, or 798 or 50 U.S.C. 783. (h) The Foley affidavit did not establish reason to believe that the immediate seizure of such documentary materials was necessary to prevent the death of, or serious bodily injury to, a human being. (i) The Foley affidavit did not establish reason to believe that the giving of notice pursuant to a subpoena duces tecum would result in the destruction, alteration, or concealment of such documentary materials. (j) The Foley affidavit did not establish that such documentary materials had not been produced in response to a court order directing compliance with a subpoena duces tecum and that all appellate remedies had been exhausted or that there was reason to believe that the delay in an investigation or trial occasioned by further proceedings relating to the subpoena would threaten the interests of justice. 29. The warrant was invalid because the warrant application and supporting affidavit of defendant Foley did not establish probable cause to believe that the business premises of SJG was a place where evidence of criminal activity would be found, in that: (a) The Foley affidavit did not allege that evidence of criminal activity would be found at SJG. Rather, the affidavit alleged that "E911 source code and text file"and a "decryption software program" would be "found in the computers located at 1517G Summerstone, Austin, Texas, or at 2700-A Metcalfe Road, Austin, Texas [SJG], or at 3524 Graystone #192, or in the computers at each of those locations." Foley Affidavit para. 30 (emphasis added). (b) The Foley affidavit did not establish probable cause to believe that E911 source code would be found at the business premises of SJG. (c) The Foley affidavit did not establish probable cause to believe that an E911 text file would be found at the business premises of SJG. (d) The Foley affidavit did not establish probable cause to believe that a decryption software program would be found at the business premises of SJG. 30. Even assuming, arguendo, that the warrant affidavit demonstrated probable cause to believe that "E911 source code and text file" and a "password decryption program" would be found at the business premises of SJG, the warrant was still invalid because its description of items to be seized was broader than any probable cause shown, in that: (a) The warrant authorized the seizure of computer hardware, software, and documentation that did not constitute evidence, instrumentalities, or fruits of criminal activity; (b) The warrant authorized the seizure and reading of electronically stored data, including publications, work product, proprietary information, business records, personnel records, and correspondence, that did not constitute evidence, instrumentalities, or fruits of criminal activity; (c) The warrant authorized the seizure and reading of electronically stored communications that were not accessible to the public, including private electronic mail, and that did not constitute evidence, instrumentalities, or fruits of criminal activity. 31. The warrant is invalid because there is nothing in the Foley affidavit to show that the information provided by defendant Kluepfel regarding the BBS at SJG was not stale. 32. The warrant was invalid because the Foley affidavit was materially false and misleading, and because defendants submitted it knowing it was false and misleading or with reckless disregard for the truth, as set forth in paragraphs 33-40 below. 33. The Foley affidavit did not inform the Magistrate that SJG was a publisher of games, books, and magazines, engaged in the business of preparing such materials for public dissemination in or affecting interstate commerce; (a) This omission was material; (b) Defendants omitted this material information >from the warrant application knowingly or with reckless disregard for the truth or falsity of the application. 34. The Foley affidavit did not inform the Magistrate that SJG used computers to compose and prepare publications for public dissemination; (a) This omission was material; (b) Defendants omitted this material information >from the warrant application knowingly or with reckless disregard for the truth or falsity of the application. 35. The Foley affidavit did not inform the Magistrate that the computer at SJG used to operate the BBS contained electronically stored texts, work product, documentary materials, and communications stored for the purpose of public dissemination in or affecting interstate commerce; (a) This omission was material; (b) Defendants omitted this material information >from the warrant application knowingly or with reckless disregard for the truth or falsity of the application. 36. The Foley affidavit did not inform the Magistrate that a computer used to operate the BBS at SJG operated a forum for constitutionally protected speech and association regarding adventure games and related literary genres; (a) This omission was material; (b) Defendants omitted this material information >from the warrant application knowingly or with reckless disregard for the truth or falsity of the application. 37. The Foley affidavit did not inform the Magistrate that the computer used to operate the BBS at SJG contained stored private electronic communications; (a) This omission was material; (b) Defendants omitted this material information >from the warrant application knowingly or with reckless disregard for the truth or falsity of the application. 38. The Foley affidavit falsely alleged that the E911 text file was a "program." Foley Affidavit paras. 8, 14, 17; (a) This false allegation was material; (b) Defendants made this material false allegation knowingly or with reckless disregard for its truth or falsity; (c) Defendants Cook and Foley have acknowledged that the E911 text file is not a program. 39. The affidavit of defendant Foley falsely alleges that the information in the E911 text file was "highly proprietary" and "sensitive". Foley Affidavit paras. 13, 14, 22; (a) This false allegation was material; (b) Defendants made this material false allegation knowingly or with reckless disregard for its truth or falsity; (c) Defendant Cook has acknowledged that much of the information in the E911 text file had been disclosed to the public. 40. The affidavit of defendant Foley falsely alleges that the E911 text file was "worth approximately $79,000.00," para. 4, and "engineered at a cost of $79,449.00," para. 14; (a) This false allegation was material; (b) Defendants made this material false allegation knowingly or with reckless disregard for its truth or falsity; (c) Defendant Cook has acknowledged that the value of the nondisclosed information in the E911 text file was less than the $5000.00 jurisdictional minimum for Interstate Transportation of Stolen Property, 18 U.S.C. 2314. 41. Reasonable persons in defendants' position would have known that the warrant was invalid for the reasons given in paragraphs 27-40 and would not have requested or relied on the warrant.The Search and Seizure: 42. Nevertheless, on March 1, 1990, defendant Golden, other agents of the United States Secret Service, and others acting in concert with them, conducted a general search of the SJG office and warehouse. 43. The searching officers prevented SJG employees from entering their workplace or conducting any business from 8:00 a.m. until after 1:00 p.m. on March 1, 1990. 44. The agents seized computer hardware and related documentation, including, but not limited to, the following: (a) three central processing units; (b) hard drives; (c) hundreds of disks; (d 2 monitors; (e) 3 keyboards; (f) 3 modems; (g) a printer; (h) electrical equipment including, but not limited to, extension cords, cables, and adapters; (i) screws, nuts, and other small parts. 45. The agents seized all computer hardware, computer software, and supporting documentation used by SJG to run the Illuminati BBS, thereby causing the following to occur: (a) the seizure of all programs, text files, and public communications stored on the BBS computer; (b) the seizure of all private electronic communications stored on the system, including electronic mail; (c) preventing plaintiffs from operating and using the BBS. 46. The agents seized computer software and supporting documentation that SJG used in the ordinary course of its business including, but not limited to, word processing software. 47. The defendants seized all data stored on the seized SJG computers and disks, including, but not limited to, the following: (a) SJG work product, including drafts of forthcoming publications and games; (b) Communications from customers and others regarding SJG's games, books, and magazines; (c) SJG financial projections; (d) SJG contracts; (e) SJG correspondence; (f) SJG editorial manual, containing instructions and procedures for writers and editors; (g) SJG address directories, contacts lists, and employee information, including the home telephone numbers of SJG employees. 48. The defendants seized all current drafts -- both electronically stored copies and printed ("hard") copies -- of the book GURPS Cyberpunk, which was scheduled to go to the printer later that week. (a) GURPS Cyberpunk was part of a series of fantasy roleplaying game books published by SJG called the Generic Universal Roleplaying System. (b) The term "Cyberpunk" refers to a science fiction literary genre which became popular in the 1980s. The Cyberpunk genre is characterized by the fictional interaction of humans with technology and the fictional struggle for power between individuals, corporations, and government. One of the most popular examples of the Cyberpunk genre is William Gibson's critically acclaimed science fiction novel Neuromancer, which was published in 1984. (c) GURPS Cyberpunk is a fantasy roleplaying game book of the Cyberpunk genre. (d) SJG eventually published the book GURPS Cyberpunk in 1990. (e) The book has been distributed both nationally and internationally. (f) To date SJG has sold over 16,000 copies of the book. (g) The book has been nominated for an Origins Award for Best Roleplaying Supplement. (h) The book is used in at least one college literature course as an example of the Cyberpunk genre. 49. The search and seizure exceeded the scope of the warrant, in that the searching officers seized computer hardware, computer software, data, documentation, work product, and correspondence that did not constitute evidence, instrumentalities or fruits of any crime. 50. The search was conducted in a reckless and destructive fashion, in that the searching officers caused damage to SJG property and left the SJG office and warehouse in disarray. Post-seizure Retention of Property 51. Plaintiffs Jackson and SJG put defendants on immediate notice that they had seized the current drafts of the about-to-be-published book GURPS Cyberpunk and the computer hardware and software necessary to operate a BBS and requested immediate return of these materials. 52. SJG and Jackson made diligent efforts to obtain the return of the seized equipment and data, including but not limited to, retention of legal counsel, numerous telephone calls to defendants Cook and Foley by Jackson and SJG counsel, a trip to the Austin Secret Service office, and correspondence with defendants Cook and Foley and with other federal officials. 53. On March 2, 1990, Jackson went to the Austin office of the Secret Service in an unsuccessful attempt to obtain the return of seized documents and computer data, including the drafts of the forthcoming book GURPS Cyberpunk and the software and files stored on the Illuminati BBS. 54. On March 2, 1990, the Secret Service refused to provide Jackson with the files containing current drafts of GURPS Cyberpunk, one agent calling the book a "handbook for computer crime." 55. On March 2, 1990, the Secret Service also refused to return copies of the software used to run the Illuminati BBS and copies of any of the data or communications stored on the BBS. 56. In the months following the seizure, defendant Cook repeatedly gave Jackson and his counsel false assurances that the property of SJG would be returned within days. 57. In May of 1990, Jackson wrote to Senators Philip Gramm and Lloyd Bentsen and Congressman J. J. Pickle, regarding the search and seizure conducted at SJG and requesting their assistance in obtaining the return of SJG property. 58. On June 21, 1990, the Secret Service returned most, but not all, of the computer equipment that had been seized from SJG over three months earlier. 59. The Secret Service did not return some of SJG's hardware and data. 60. The Secret Service did not return any of the printed drafts of GURPS Cyberpunk. 61. In July 3, 1990, letters to Senator Bentsen and Congressman J. J. Pickle, Robert R. Snow of the United States Secret Service falsely stated that all of the items seized from SJG had been returned to Jackson. 62. In his July 16, 1990, letter to Senator Gramm, Bryce L. Harlow of the United States Department of Treasuryfalsely stated that all of the items seized from SJG had been returned to Jackson. 63. Through counsel, SJG wrote to defendant Foley on July 13, 1990, requesting, inter alia, a copy of the application for the search warrant and return of the property the government had not returned. A copy of this letter was mailed to Defendant Cook. Though the letter requested a response by August 1, 1990, neither defendant responded. 64. Through counsel, plaintiff SJG again wrote to defendant Cook on August 8, 1990, requesting, inter alia, a copy of the application for the search warrant and return of the property the government had not returned. Copies of this letter were sent to other Assistant United States Attorneys in Chicago, namely Thomas Durkin, Dean Polales, and Michael Shepard. 65. Defendant Cook responded to this request with an unsigned letter dated August 10, 1990. The letter enclosed a number of documents that had not previously been returned to SJG. The letter further stated that "the application for the search warrant is under seal with the United States District Court in Texas since it contains information relating to an ongoing federal investigation." 66. On September 17, 1990, the warrant affidavit was unsealed by the United States Magistrate for the Western District of Texas on the motion of the United States Attorney for the Northern District of Illinois. 67. The United States Attorney's office did not provide Jackson, SJG or their counsel with notice of its motion to unseal the warrant affidavit or of this Court's order granting its motion. Prior Restraint on Publication and Other Damages: 68. Defendants' seizure and retention of the computer hardware and software used to operate the Illuminati BBS prevented and interfered with plaintiffs' operation and use of the Illuminati BBS, including the following: (a) In an attempt to minimize the damage caused by defendants' conduct, SJG purchased replacement computer hardware and software to operate the Illuminati BBS; (b) As a result of defendants' conduct, SJG was unable to operate or use the Illuminati BBS for over a month; (c) As a result of defendants' conduct, plaintiffs were deprived of the use of the Illuminati BBS for over a month; (d) Defendants seized and intercepted electronic mail in which plaintiffs had a reasonable expectation of privacy; (e) Users of the BBS were substantially chilled in their exercise of their constitutionally protected rights of freedom of speech and association; (f) Some of the data previously available to users of the Illuminati BBS was lost or destroyed. 69. Defendants' conduct caused a prior restraint of the publication of the book GURPS Cyberpunk, in that: (a) On March 1, 1990, the book GURPS Cyberpunk was nearly completed and scheduled to be sent to the printer the following week; (b) On March 1, 1990, defendants caused the illegal seizure of all of the current drafts of GURPS Cyberpunk, including both printed drafts and electronically stored drafts. (c) On March 1, 1990, Defendants caused the illegal seizure of electronic communications stored on the Illuminati BBS containing comments on GURPS Cyberpunk. (d) Defendants unreasonably refused for weeks to return the electronically stored drafts of GURPS Cyberpunk. (e) Defendants have not yet returned the printed drafts of GURPS Cyberpunk. (f) Defendants refused to return electronically stored comments regarding GURPS Cyberpunk for over three months. (g) By their conduct, defendants prevented SJG >from delivering GURPS Cyberpunk to the printer on schedule, and caused SJG to miss its publication deadline. (h) As a result of defendants' conduct, and in an attempt to minimize damages, SJG and its employeesreconstructed and rewrote GURPS Cyberpunk >from older drafts. (i) As a result of defendants' conduct, the publication of GURPS Cyberpunk was delayed for six weeks. 70. Defendants' conduct caused substantial delay in the publication and delivery of other SJG publications. 71. As a result of defendants' conduct, SJG suffered substantial financial harm including, but not limited to, lost sales, lost credit lines, interest on loans, late payment penalties, and attorney's fees and costs. 72. As a result of defendants' conduct, SJG was forced to lay off 8 of its 17 employees. 73. As a result of defendants' conduct, SJG suffered damage to its business reputation. 74. As a result of defendants' conduct, SJG has suffered loss of, damage to, and conversion of computer equipment and data, including, but not limited to, the following: (a) loss of and damage to computer hardware; (b) loss and destruction of seized data; 75. Defendants have retained copies of data seized >from SJG. 76. As a result of defendants' conduct, plaintiff Steve Jackson has suffered additional harm including, but not limited to, lost income, damage to professional reputation,humiliation, invasion of privacy, deprivation of constitutional rights, and emotional distress. 77. As a result of defendants' conduct, plaintiffs McCoy, Milliken, and O'Sullivan have suffered additional harm including, but not limited to, damages resulting from the seizure of their private electronic mail and the interference with, and temporary shut down of, the Illuminati forum for speech and association, deprivation of their constitutional rights, invasion of their privacy, and emotional distress. COUNT I: PRIVACY PROTECTION ACT OF 1980, 42 U.S.C. 2000aa et seq Against the United States Secret Service and the United States of America 78. The allegations in paragraphs 1-77 are incorporated herein by reference. 79. At all relevant times, SJG and its employees were persons "reasonably believed to have a purpose to disseminate to the public a newspaper, book, broadcast, or other similar form of public communication, in or affecting interstate or foreign commerce" within the meaning of 42 U.S.C. 2000aa(a) and (b). 80. At all relevant times, SJG and its employees possessed work product and documentary materials in connection with a purpose to disseminate to the public a newspaper, book, broadcast, or other similar form of publiccommunication, in or affecting interstate or foreign commerce. 81. Defendants caused the submission of an application for a warrant to search the business premises of SJG and to seize work product materials therefrom, in violation of 42 U.S.C. 2000aa, in that: (a) The Foley affidavit did not inform the Magistrate that SJG and its employees were persons "reasonably believed to have a purpose to disseminate to the public a newspaper, book, broadcast, or other similar form of public communication, in or affecting interstate or foreign commerce" within the meaning of 42 U.S.C. 2000aa(a) and (b). (b) The Foley affidavit did not inform the Magistrate that SJG and its employees possessed work product materials and documentary materials in connection with a purpose to disseminate to the public a newspaper, book, broadcast, or other similar form of public communication, in or affecting interstate or foreign commerce. (c) The Foley affidavit did not establish that any of the exceptions to the statutory prohibition of searches and seizures set out in 42 U.S.C. 2000aa(a) and (b) existed. 82. Defendants caused the March 1, 1990, search of the business premises of SJG and seizure of work product anddocumentary materials therefrom in violation of 42 U.S.C. 2000aa et seq. 83. Defendants Cook, Foley, and Golden were federal officers and employees acting within the scope or under color of federal office or employment. 84. Defendant Kluepfel acted in concert with federal agents under color of federal office. 85. Plaintiffs SJG, Jackson, McCoy, Milliken, and O'Sullivan are all persons aggrieved by defendants' conduct, having suffered damages, attorney's fees, and costs, as a direct result of defendants' conduct. 86. The United States of American and the United States Secret Service are liable to plaintiffs for damages, attorney's fees and costs caused by defendants' conduct. COUNT II: FIRST AMENDMENT Against Defendants Cook, Foley, Golden & Kluepfel 87. The allegations in paragraphs 1-86 are incorporated herein by reference. 88. Defendants violated plaintiffs' rights to freedom of speech, freedom of the press, and freedom of association as guaranteed by the First Amendment, in that: (a) At all relevant times SJG was a publisher of books, magazines, and games protected by the First Amendment; (b) At all relevant times SJG was the operator of a BBS that was a forum for speech and association protected by the First Amendment; (c) At all relevant times, plaintiffs SJG, Jackson, McCoy, Milliken, and O'Sullivan used the Illuminati BBS for speech and association protected by the First Amendment; (d) At all relevant times, plaintiff SJG used computers to publish books, magazines, and games and to operate the Illuminati BBS; (e) The search, seizure, and retention of SJG work product--both printed and electronically stored--caused a prior restraint on SJG publications in violation of plaintiffs' First Amendment rights of freedom of speech and of the press; (f) The search and seizure of the Illuminati BBS constituted a prior restraint on plaintiffs' exercise of their First Amendment rights of freedom of speech, of the press, and of association; (g) The seizure and retention of computer hardware and software used by SJG to publish books, magazines, and games violated plaintiffs' rights to freedom of speech and of the press; (h) The seizure and retention of computer hardware and software used by SJG to operate a BBS violatedplaintiffs' First Amendment rights to freedom of speech, of the press, and of association. 89. Defendants knew or reasonably should have known that their conduct violated plaintiffs' clearly established First Amendment rights of freedom of speech, freedom of the press, and freedom of association. 90. Defendants acted with intent to violate, or with reckless indifference to, plaintiffs' clearly established First Amendment rights to freedom of speech, freedom of the press, and freedom of association. 91. Defendants Cook, Foley, and Golden acted as federal agents and under color of federal law. 92. Defendant Kluepfel acted in concert with the federal defendants under color of federal law. 93. As a direct result of the defendants' conduct, plaintiffs have suffered damages. COUNT III: FOURTH AMENDMENT Against Defendants Cook, Foley, Golden, and Kluepfel 94. The allegations in paragraphs 1-93 are incorporated herein by reference. 95. The defendants, by their actions, violated plaintiffs' clearly established right to be free from unreasonable searches and seizures as guaranteed by the Fourth Amendment to the United States Constitution, in that: (a) Plaintiffs SJG and Jackson had a reasonable expectation of privacy in the business premises of SJG and in all SJG work product, SJG records, and SJG documents kept there, including in all data stored in the computers at SJG; (b) All plaintiffs had a reasonable expectation of privacy in private electronic communications stored on the Illuminati BBS at SJG; (c) The search and seizure at SJG games was a general search; (d) The search and seizure at SJG was not authorized by a valid warrant particularly describing the place to be searched and the things to be seized; (e) The search and seizure at SJG was conducted without probable cause to believe that evidence of criminal activity would be found at SJG; (f) The search and seizure at SJG was based on information that was not shown to be current; (g) Defendants' warrant application was materially false and misleading, and was submitted by defendants with knowledge of its false and misleading nature or with reckless disregard for its truth or falsity. 96. The defendants knew, or reasonably should have known, that their conduct violated plaintiffs' clearly established constitutional right to be free >from unreasonable searches and seizures. 97. The defendants acted with intent to violate, or with reckless indifference to, plaintiffs' clearly established Fourth Amendment rights. 98. Defendants Cook, Foley, and Golden acted as federal agents and under color of federal law. 99. Defendant Kluepfel acted in concert with the federal defendants and under color of federal law. 100. As a direct result of the defendants' actions, plaintiffs suffered damages, attorney's fees and costs. COUNT IV: ELECTRONIC COMMUNICATIONS PRIVACY ACT, 18 U.S.C. 2707 Seizure of Stored Electronic Communications Against All Defendants 101. The allegations in paragraphs 1-100 are incorporated herein by reference. 102. At all times relevant times, plaintiff SJG was the provider of an electronic communication service within the meaning of 18 U.S.C. 2510(15) and 2707. 103. At all relevant times, plaintiffs SJG, Jackson, McCoy, Milliken, and O'Sullivan were subscribers to or customers of the electronic communication service provided by SJG within the meaning of 18 U.S.C. 2510(15) and 2707. 104. At all relevant times, plaintiffs had electronic communications in electronic storage on the communicationservice provided by SJG that were not accessible to the general public. 105. Defendants applied for a warrant to search and seize the computer operating the electronic communication service provided by SJG and all data stored thereon, but failed to inform the Magistrate that the computer contained stored electronic communications that were not accessible to the general public. 106. Defendants, acting without a valid warrant, required SJG to disclose the contents of electronic communications that were not accessible to the general public and that were in electronic storage for 180 days or less, in violation of 18 U.S.C. 2703(a). 107. Defendants disrupted the normal operations of the communication service operated by SJG without compensation to plaintiffs in violation of 18 U.S.C. 2706(a). 108. Defendants Cook, Foley, and Golden acted as federal agents and under color of federal law. 109. Defendant Kluepfel acted in concert with the federal defendants and under color of federal law. 110. Defendants acted knowingly and intentionally. 111. Defendants did not act in good faith. 112. Plaintiffs were aggrieved by defendants' conduct, and suffered damages, attorney's fees and costs. COUNT V: ELECTRONIC COMMUNICATIONS PRIVACY ACT, 18 U.S.C. 2510 et seq. Interception of Electronic Communications Against All Defendants 113. The allegations in paragraphs 1-112 are incorporated herein by reference. 114. Defendants intercepted, disclosed, or intentionally used plaintiffs' electronic communications in violation of 18 U.S.C. 2510 et seq and 2520. 115. Defendants intentionally intercepted, endeavored to intercept, or procured others to intercept or endeavor to intercept, plaintiffs' electronic communications in violation of 18 U.S.C. 2511(1)(a). 116. Defendants did not comply with the standards and procedures prescribed in 18 U.S.C. 2518. 117. The warrant application was not authorized by the Attorney General, Deputy Attorney General, Associate Attorney General, or any Assistant Attorney general, acting Assistant Attorney General, or any Deputy Assistant Attorney General in the Criminal Division specially designated by the Attorney General, in violation of 18 U.S.C. 2516. 118. Defendants Cook, Foley, and Golden acted as federal agents and under color of federal law. 119. Defendant Kluepfel acted in concert with the federal defendants and under color of federal law. 120. Defendants did not act in good faith. 121. Defendants did not compensate plaintiffs for reasonable expenses incurred by defendants' seizure of the Illuminati BBS, in violation of 18 U.S.C. 2518(4). 122. As a direct result of defendants' conduct, plaintiffs suffered damages, attorney's fees and costs. Prayers for Relief WHEREFORE, plaintiffs SJG, Jackson, McCoy, Milliken, and O'Sullivan pray that this Court: 1. Assume jurisdiction of this case. 2. Enter judgment against defendants and in favor of plaintiffs. 3. Enter an order requiring defendants to return all property and data seized from the premises of SJG, and all copies of such data, to SJG. 4. Award plaintiffs damages. 5. Award plaintiffs punitive and liquidated damages. 6. Award plaintiffs all costs incurred in the prosecution of this action, including reasonable attorney's fees. 7. Provide such additional relief as may appear to the Court to be just. PLAINTIFFS DEMAND A JURY TRIAL ON ALL CLAIMS TRIABLE BY JURY Dated: May 1, 1991 Respectfully submitted by their attorneys, _____________________________ Sharon L. Beckman Harvey A. Silverglate Andrew Good SILVERGLATE & GOOD 89 Broad St., 14th floor Boston, MA 02110 (617) 542-6663 Fax: (617) 451-6971 ____________________________ Eric M. Lieberman Nicholas E. Poser Rabinowitz, Boudin, Standard, Krinsky & Lieberman, P.C. 740 Broadway, at Astor Place New York, NY 10003-9518 (212) 254-1111 Fax: (212) 674-4614 ___________________________ R. James George, Jr. Graves, Dougherty, Hearon & Moody 2300 NCNB Tower 515 Congress Street Austin, Texas 78701 (512) 480-5600 Fax: (512) 478-1976 ==================================================================== / / / File 07 / NIA071 / / Comments From Editors / / JD & LMcD / / / Hello, welcome to the new issue NIA071. This issue was primarily to put out things that do not go anywhere else. It is a collection of some text that would not normaly fit into a normal issue. We realize it has been quite some time between NIA070 and NIA071, we do remind you that NIA is released on a non-scheduled basis. Rather, it is released when we have enough material for a new issue. On that note, please share what you have with the rest of the community. Submissions go to elisem@nuchat.sccsi.com We have received a lot of attention regarding Sir Hackalot's article in the previous release. We appreciate your comments, but let us remind you that we are editors, not censors. This file contained information useful not only to the underground community but also to system administrators, operators and users about general unix security. If this file was presented in an offensive manner, than excuse us. It was not meant to please everybody. In releasing issue 70, a problem with our maillist occured. We apologize for anyone who was inconvenienced by this. The problem has been fixed. Look for the new NIA072 coming out within the next month, it will be a very informative issue. Also to add to this note, Phrack will be releasing (hopefully) an issue in late May. To EFF, the best of luck in your case against the SS. A final note, Doctor Dissector has officially retired but can be reached at doctord@darkside.com Submissions, questions, comments and subscriptions can be mailed to elisem@nuchat.sccsi.com. Our files can be found on Ripco BBS and the CuD archive server (Ref: CuD Newsletter). "There's something about a beautiful woman without a brain in her head that can still be exiting." --Oliver Stone JD & LMcD Ignorance, There's No Excuse. "Forcing the issue was always worth it."--Jello Biafra NIA - Network Information Access =============================================================================