How Can Sysops Protect Themselves? (August, 1985)
-------------------------------------------------

A wave of anxiety is sweeping across the nation as BBS operators wonder if they
ll be next, and BBS users worry about whether or not their names will show up
in raided userlogs. As we ve now seen, it makes no difference whether or not
you're actually engaged in illegal activity. Any bulletin board anywhere could
be next and there's not all that much that can be done to prevent it. Not until
we get some laws passed to protect us.

In the meantime, however, there are a few suggestions we can pass along to
either lessen the odds of a raid or to thwart the invaders before they manage
to get into confidential material.

Obviously, if you have a bulletin board that frequently posts codes and
passwords, you can almost expect to get visited, even if it's only being done
in private mail. What's very important at this stage is the role the system
operator is playing with regards to this information. If he/she is an active
participant, there will most certainly be an attempt to make an example of
them. It's similar to draft registration evaders who publicize their opposition
they are the ones that get prosecuted, not the ones who keep a low profile
about it. By running a bulletin board, you are calling attention to yourself,
so it stands to reason that you should keep your act clean.

Had this article been written before July 12, we would have advised Sysops to
encourage people not to post credit card numbers, passwords, etc. in order not
to get hassled. But this is no longer the case. With the Private Sector,
authorities moved in even though the board was kept spanking clean of the
above. So now, the only way we can guarantee that your board won't be snatched
from you is if you unplug it and put it in a closet. Using a bulletin board for
communication between two or more people can now be considered risky.

Assuming that you still want your board up, there are other precautionary
measures. For one thing, the boards that ask the caller whether or not they
work for law enforcement really are working against themselves. First off, do
they honestly expect all law enforcement types to dutifully say yes and never
call back when they re denied access? Do they really think that these people
can't get their foot in the door even if it is an "elite" board? Even if there
is nothing illegal on such a board, attention is drawn to it by such statements
and it will become impossible to persuade the authorities that there simply
isn't a higher access level. By the same token, Sysops that run a disclaimer 
with words to the effect of "the Sysop takes no responsibility for what is said
on this board" are kidding themselves if they think this is going to save them
from harassment. Those words should apply, naturally, but at the moment they
don't seem to.

Whether or not you want to censor the messages on your system is up to you.
Sometimes it helps to weed out undesirables and sometimes it's an intrusion
into someone's privacy. We never liked the practice, although it was done
regularly on the Private Sector. It's your board and you have the right to run
it your way.

What really needs to be addressed at this point is the concept of protection.
Yes, you have the right to protect yourself against thugs that come into your
home, no matter who sent them. One way is by scrambled data. There are many
scrambling programs around and some of them are quite good; even the NSA would
have a time cracking the code. We feel that all userlogs should be scrambled,
at the very least. (In some cases, a valid form of protection would be to keep
no userlog at all.) System operators should try to figure out a way to scramble
everything so that nothing is available to unauthorized parties. When raids
become totally fruitless, maybe then they will stop. Of course, now there is
the problem of being forced, under penalty of law, to unscramble everything. A
vivid imagination can probably find a way around this as well.

The best method of protection is complete destruction of data. Some people hook
up their computers so that if the wrong door is opened or a button isn't
pressed, a magnet activates and wipes the disk clean. Bookies like to do this
with their Apples. Similar systems can be rigged so that if a computer is
unplugged, the first thing it does upon revival is a purge (not a directory
purge, which comes with simply deleting file names - a complete reformatting of
the disk, which erases all data). This means, though, that every power failure
will have the same effect. It will take some time to make a good system of
protection, but this is probably the most constructive project that BBS
operators can engage in. It doesn't matter if you have "nothing to hide." The
fact is you have everything to protect from intruding eyes. Because when they
seize equipment they read everything without concern that the Sysop may be the
caretaker of people's personal messages and writings.

We'd like to hear other methods of outsmarting these goons. It's not very hard.
For instance, you could have a bulletin board dial-in at one location, which
will then callforward to the real location, or still another dummy location.
Each of these requires another phone line, but you'll get plenty of warning,
especially if a dummy computer is set up at one of the locations. And this is
only the beginning.

We don't enjoy having to suggest these courses of action. We'd like very much
to be able to get on with what we're supposed to be doing: discussing
telecommunications and computers in our own way. Instead we have to pause again
to defend our right to say these things. It's a necessary course of action and,
if we hold our heads up, it will be a successful one.