Download the full version of the ebook at

https://ebookmass.com

The Definitive Guide to PCI DSS Version 4:

Documentation, Compliance, and Management 1st
Edition Arthur B. Cooper Jr.

https://ebookmass.com/product/the-definitive-
guide-to-pci-dss-version-4-documentation-
compliance-and-management-1st-edition-arthur-b-
cooper-jr/

Explore and download more ebook at https://ebookmass.com

 Recommended digital products (PDF, EPUB, MOBI) that
you can download immediately if you are interested.

The Definitive Guide to PCI DSS Version 4: Documentation,

Compliance, and Management 1st Edition Arthur B. Cooper
Jr.
https://ebookmass.com/product/the-definitive-guide-to-pci-dss-
version-4-documentation-compliance-and-management-1st-edition-arthur-
b-cooper-jr/
testbankdeal.com

How to Manage: The Definitive Guide to Effective

Management, 6th Edition Jo Owen

https://ebookmass.com/product/how-to-manage-the-definitive-guide-to-
effective-management-6th-edition-jo-owen/

testbankdeal.com

Guide to Clinical Documentation 2nd Edition

https://ebookmass.com/product/guide-to-clinical-documentation-2nd-
edition/

testbankdeal.com

The Data Warehouse Toolkit: Definitive Guide to

Dimensional Modeling, 3rd – Ebook PDF Version

https://ebookmass.com/product/the-data-warehouse-toolkit-definitive-
guide-to-dimensional-modeling-3rd-ebook-pdf-version/

testbankdeal.com
Taming the Megabanks Arthur E. Wilmarth Jr

https://ebookmass.com/product/taming-the-megabanks-arthur-e-wilmarth-
jr/

testbankdeal.com

Guide to Clinical Documentation 3rd Edition, (Ebook PDF)

https://ebookmass.com/product/guide-to-clinical-documentation-3rd-
edition-ebook-pdf/

testbankdeal.com

The Hitchhiker's Guide to AI Arthur Goldstuck

https://ebookmass.com/product/the-hitchhikers-guide-to-ai-arthur-
goldstuck/

testbankdeal.com

The Practitioner’s Encyclopedia of Flower Remedies:

Definitive Guide to

https://ebookmass.com/product/the-practitioners-encyclopedia-of-
flower-remedies-definitive-guide-to/

testbankdeal.com

The Definitive Guide to Gaydon era Aston Martin: The

Ultimate Aston Martin Guide

https://ebookmass.com/product/the-definitive-guide-to-gaydon-era-
aston-martin-the-ultimate-aston-martin-guide/

testbankdeal.com
Arthur B. Cooper Jr., Jeff Hall, David Mundhenk and Ben Rothke
The Definitive Guide to PCI DSS Version
4
Documentation, Compliance, and Management
Foreword by Bob Russo, Former General Manager, PCI Security
Standards Council
Arthur B. Cooper Jr.
Colorado Springs, CO, USA

Jeff Hall
Minneapolis, MN, USA

David Mundhenk
Austin, TX, USA

Ben Rothke
Clifton, NJ, USA

ISBN 978-1-4842-9287-7 e-ISBN 978-1-4842-9288-4

https://doi.org/10.1007/978-1-4842-9288-4

© Arthur B. Cooper Jr., Jeff Hall, David Mundhenk, Ben Rothke 2023

This work is subject to copyright. All rights are solely and exclusively
licensed by the Publisher, whether the whole or part of the material is
concerned, specifically the rights of translation, reprinting, reuse of
illustrations, recitation, broadcasting, reproduction on microfilms or in
any other physical way, and transmission or information storage and
retrieval, electronic adaptation, computer software, or by similar or
dissimilar methodology now known or hereafter developed.

The use of general descriptive names, registered names, trademarks,

service marks, etc. in this publication does not imply, even in the
absence of a specific statement, that such names are exempt from the
relevant protective laws and regulations and therefore free for general
use.

The publisher, the authors, and the editors are safe to assume that the
advice and information in this book are believed to be true and accurate
at the date of publication. Neither the publisher nor the authors or the
editors give a warranty, expressed or implied, with respect to the
material contained herein or for any errors or omissions that may have
been made. The publisher remains neutral with regard to jurisdictional
claims in published maps and institutional affiliations.

This Apress imprint is published by the registered company APress

Media, LLC, part of Springer Nature.
The registered company address is: 1 New York Plaza, New York, NY
10004, U.S.A.
Foreword
My father always told me that if you stick around long enough, you get
to see some pretty amazing things. In the case of credit card security, he
was 1,000% right. I was lucky enough to be in the data and network
security business most of my career and even luckier to be loosely
associated with the major credit card companies in that capacity early
on. I was fortunate to play a very small part in the early days and
proliferation of the PCI Security Standards Council and the promotion
of most of the standards they created.
The authors of this book, Jeff, Coop, Dave, and Ben, on the PCI DSS
have also collectively been associated with the security business,
specifically these standards, for over 50 years. Like my dad said, you see
some pretty amazing things if you stick around long enough and, more
importantly, if you’re paying attention!
The authors have been in the thick of it right from the beginning
and have obviously been paying very close attention. They have seen
the industry go from what a security expert might refer to as the wild
wild west to one that has become the poster child for the saying that
you “must bake security in from the beginning” on everything it does.
They not only know this standard and all of its iterations, but
throughout the years, they have worked with it closely and helped vast
amounts of companies secure their customers’ credit card and personal
data. They have been involved in the review of these standards and the
implementation of them in every scenario you could possibly imagine.
They have watched how credit card data security has evolved and
worked with the PCI DSS from its first version and through all of its
iterations up to today’s version 4.
The PCI SSC DSS was developed to encourage and enhance payment
account data security and facilitate the broad adoption of consistent
data security measures globally. It provides a baseline of technical and
operational requirements designed to protect payment account data.
The updated PCI DSS v4.0, released in March 2022, continues that
mission by ensuring the DSS continues to meet the security needs of
the payments industry, adds flexibility to support different
methodologies used to achieve security, and enhances validation
methods and procedures. Security needs to be a continuous process,
and adherence to the PCI DSS v4.0 helps make that possible.
So whether you’re a merchant trying to protect your customers’
credit card and personal data or a security person responsible for
implementing and maintaining the PCI DSS in your organization, this
book will help you understand and have the best possible chance of
keeping your precious information safe and secure.
And to quote Hill Street Blues (look it up): Let’s be safe out there,
people.

Bob Russo

Former General Manager, PCI Security Standards Council

Author Introductions
Arthur B. Cooper Jr. (“Coop”)
First of all, let me thank Ben Rothke. It was Ben who actually pulled
together four ragtag old farts to assemble what would become known
as the PCI Dream Team: Ben, Jeff, Dave, and myself. Together we have
participated in many town hall–based webinars called “PCI Dream
Team: Ask Us Your Toughest Questions,” many of which were captured
for posterity by BrightTalk.
Ben has also been very patient with me, as I am probably THE
greatest procrastinator on writing anything for this book. This is not
due to me not caring. In fact, quite the opposite. I care greatly about
payment card security, and I have devoted the past 20 years of my life
to the cause.
If anyone had ever predicted this is where I’d end up, I would have
laughed and rebuffed them immediately. At the tender age of 17, I
convinced my mother to sign some documentation allowing me to
become a member of the US Air Force (USAF). No need to go into it all,
but suffice it to say payments and payment security didn’t rank high on
my list of reasons to join up. However, the idea of security as a “calling”
came to me at that very tender age of 17 when I saw what we (the
USAF) were trying to accomplish. Security of my country rang loud in
my ears, and I was hooked, pole, line, and sinker.
Some injuries, a “capture” of sorts, and some other maladies forced
my hand, and I found myself being trained to work in military
telecommunication centers. I didn’t want to do that; I wanted to be
some kind of superhero. Alas, my fortunes aimed elsewhere. At first, it
didn’t seem too exciting to me working in a closed building with no
windows, and I questioned my purpose and contributions greatly.
Thank God I had some great military supervisors over the years, for
they led me to the “promised land” of maturity and wisdom.
Let’s flash forward many years and several ladder steps in my
career. Around late 2004, I heard about the PCI standards being
created. I jumped into the PCI arena with both feet and my eyes wide
open. I was also fortunate enough to work for the PCI Council for a few
years as a trainer, and all of my time on this journey has been very
enjoyable. Hopefully I have been of some help to all of my clients over
the years. I still love being a PCI QSA, and I always try to do the best I
can when ensuring a client’s compliance validation is accurate and
 Visit https://ebookmass.com
now to explore a rich
collection of eBooks and enjoy
exciting offers!
timely and keeps them out of the news. I have been very fortunate, as
NONE of my clients have ever been breached when I was working with
them, and I’d like to think I had a small part in that.
I have no plans of ever retiring, unless it becomes medically
impossible for me to help folks with their compliance and security
needs. I work for the best cybersecurity firm on earth, and I will remain
here until they pry my hands from the keyboard.
It has always been my honor and privilege to work with Ben, Jeff,
and Dave on the PCI Dream Team and also with the entire PCI
community for all these years.
Jeff Hall
The Guru and PCI
I started into the world of Payment Card Industry (PCI) compliance
before PCI was even an acronym. In Fall 2002, I was running the
information security practice at what is now RSM US and got a call from
a partner to handle an engagement called a Visa security review – what
turned out to be a Visa Cardholder Information Security Program
(CISP) for one of the largest ecommerce retailers at the time, Circuit
City.
My experience with security, as my experience with compliance, has
followed a long and surreptitious route. I had flirted with both off and
on throughout my career – first at KPMG, where I worked on occasional
SAS 70 audits and did the odd mainframe security assessment, to finally
coming fully into information security at RSM US.
From that first Visa CISP assessment, there was a lull for about a
year, and then CISP assessments were becoming more and more
common. I had been replaced as the head of the information security
practice and moved into developing this new CISP service.
In January 2006, I was sent out to Foster City, California, to attend
Visa’s Qualified Data Security Professional (QDSP) training and obtain
that certification as Visa was now requiring that to continue conducting
CISP assessments. It was shortly thereafter that the PCI Security
Standards Council was formed, and everything from the Visa CISP to
Mastercard’s Site Data Protection (SDP) program was transferred to the
Council and became the PCI DSS version 1 and the Approved Scanning
Vendor (ASV) scanning program.
As I did more and more PCI engagements, I had a lot of clients tell
me I should write a book on the subject as they would tell me I had
answers that they could not get anywhere else. While writing a book
sounded intriguing, I thought the new form of publishing called
“blogging” was an easier way to write, and so I created the PCI Guru
blog in February 2009.1 Since then, for better or worse, people have
called me the PCI Guru.
At that time, there were plenty of topics to be discussed. My idea
was to write something at least once a week, and I was easily able to
make that happen. I also caught a lot of heat calling it the PCI Guru blog.
After all, who was I to think that I was a guru of anything, let alone PCI?
But as I have found out over all these years, there is still no source of
PCI information quite like my blog.
That leads to the importance of this book. There have been
numerous books written about PCI over the decade and a half that the
PCI DSS has existed. What makes this book unique is that it is written
by QSAs that have more than a decade each of experience in the subject
matter.
We have encountered all sorts of issues in those years that had to be
resolved, from a vendor that deleted their customers’ vulnerability
scans in a software update to a client that had their SIEM fail and lost all
their log data, to an equipment vendor managing a client’s network that
turned out to be unsegmented when they claimed it was segmented.
Yes, we have the audacity to call ourselves the PCI Dream Team, but
that is exactly what we are. We are QSAs that are possibly some of the
best if not the best QSAs around. Are we perfect? Oh, certainly not, and
every one of us would admit that we have all made mistakes in our
years of conducting PCI assessments.
But we have also solved some of the messiest and most complicated
problems PCI has thrown at QSAs. It is not unusual for other QSAs to
reach out to each of us personally or through our email account looking
for advice as they encounter something they have never seen before.
From that, we have shared our experiences so that the PCI
community can learn from our mistakes and successes so that the
community is not continuously reinventing the wheel. This book is a
continuation of that service to the PCI community by providing
guidance for PCI DSS version 4.
David Mundhenk
Historically speaking, a measurably significant number of data breaches
have been caused by flaws in applications and by the hackers who
attempted to exploit them. In addition, hackers and threat actors have
repeatedly targeted payment applications including ecommerce sites
and point-of-sale (POS) systems. They do so because that’s where the
money is. Payment card applications have been specifically targeted
and attacked for more than two decades. This is why the major card
brands have, and do still maintain, their own payment card security
programs, in addition to supporting the PCI SSC and the PCI Data
Security Standard (DSS).
I have worked in the payment card security space for more than 20
years now. I began working with payment card security first as an
operational security engineer for the state of Texas, helping to ensure
security and PCI DSS compliance of their state ecommerce portal and
cardholder data environment (CDE).
Later, I moved on to work with IBM Security Services for seven
years, first getting myself certified as a Visa Cardholder Information
Security Program (CISP) assessor and then later as a PCI Qualified
Security Assessor (QSA) and Payment Application QSA. Eventually I was
selected to head up the IBM PA-QSA practice, which I led for six years.
From 2008 to 2010 and while still working for IBM, I was the sole
QSA and PA-QSA for the world’s largest payment processor. I traveled
the globe at their request to help them assess their many different
payment processing environments and applications.
I also helped them test and certify almost a dozen PA-DSS qualified
applications from point-of-sale (POS) systems and ecommerce
applications running on mid-range systems all the way up through tier
1 payment card switches that connected directly to the major payment
card networks. It was almost like going to graduate school in payment
card security.
I eventually left IBM to join Coalfire’s Application Security team
where I worked to test and certify all manner of application
architectures, but with a special focus on PCI applications. It was there
that I also got P2PE QSA and P2PE PA-QSA certified.
 After leaving Coalfire I moved on to the Herjavec Group (HG) as a
GRC team lead working on all things GRC but especially PCI DSS work.
As of the writing of this book, I am currently working as the PCI
practice lead for eDelta based in NYC.
I have also been publishing and copublishing online articles and
papers related to cyber- and PCI security since 2007, many of which
have been co-authored with my good friend and co-author of this book
Ben Rothke. It was Ben who actually pulled together what would
become known as the PCI Dream Team: Ben, Jeff, Coop, and myself.
Together we have participated in many town hall–based webinars
called “PCI Dream Team: Ask Us Your Toughest Questions,” many of
which were captured for posterity by BrightTalk.
I truly believe that payment card security has done more to raise
cybersecurity awareness for the general public than any other
cybersecurity standard I have worked with. After all, the majority of the
public use payment cards in one form or another.
Many of us have gotten that dreaded letter from our banking
institution informing us that our payment card account has been
compromised. So most people fully understand how important this
subject is because most of them use payment cards in one form or
another.
One of my favorite sayings is “…a rising tide floats all boats.” I often
close our webinars with the premise that the PCI Dream Team is not
four crusty old farts espousing the virtue of payment card security. The
PCI Dream Team is really a “community” of folks including all of you
who understand how important this subject is and do their part as well
to help ensure payment card security is paramount and maintained at
the highest levels of quality possible.
It has been my honor and privilege to work with Ben, Jeff, Coop, and
all of you while we work together to help raise the tide of awareness for
all.
Ben Rothke
My PCI Journey
In 2016, I was a senior security consultant with Nettitude, an
information security consultancy. I had been a Qualified Security
Assessor (QSA) for a few years and found that even as detailed and
prescriptive as the PCI Data Security Standard (DSS) was, my clients
still had many PCI questions.
I found that, too often, these clients would direct their PCI questions
to their hardware or software vendors expecting an unbiased answer.
As often is the case with vendors, they will push their own solutions,
rather than look out for the customers’ best interests.
Sometimes these clients would ask their security consultants or
advisors – who, while having extensive information security
experience, were not QSAs or lacked expertise in the payment space –
for advice, and their suggestions would often not be in line with what
the PCI DSS required. At the same time, their suggested answers were
acceptable from an overall security perspective. By not answering
relevant to the PCI DSS, these answers put clients in a PCI non-
compliant state.
With such issues in mind, I thought it would be a good idea to get
some experienced security PCI professionals together and answer PCI
questions. We would do this unbiasedly, not pushing products or
services of the firms we were working for.
I reached out to three of the smartest PCI professionals I knew and
suggested we do a webinar, which was the start of the PCI Dream Team.
The first iteration2 of the PCI Dream Team consisted of authors David
(whom I worked with previously on a PCI project for a large
entertainment company) and Coop (who led my QSA training and, in
my experience, is one of the best technical trainers ever), in addition to
my Nettitude colleague at the time, Jim Seaman.
In 2017, the next and current iteration3 of the PCI Dream Team bid
adieu to Jim and welcomed author Jeff to the team, and we’ve been a
band of PCI brothers since. Many people know Jeff via his PCI Guru
blog.4 It’s not just the name of his blog; Jeff really is a PCI guru.
 So why is this book necessary? There are several existing books
about PCI in print, from PCI DSS: An Integrated Data Security Standard
Guide (Apress) by former Dream Team member Jim Seaman to PCI
Compliance: Understand and Implement Effective PCI Data Security
Standard Compliance (Syngress) by Branden Williams and Anton
Chuvakin, the upcoming book by Branden PCI Compliance: Understand
and Implement Effective PCI Data Security Standard Compliance, and
more.
What is unique about this book is twofold. Here, we tell you exactly
what you need to provide your QSA for every PCI requirement. Even
though the PCI DSS is quite prescriptive (much more so than standards
and regulations such as ISO 27001, HIPAA, GLBA, SOC 2, GDPR, and
others), a merchant or service provider can often be left scratching
their head not knowing precisely what they need to show their QSA
during an audit.
Here, we detail what specific documents we, as QSAs, need to see to
attest to your PCI compliance. No other reference has this
documentation list the particular documentation requirements for
every one of the over 400 requirements of PCI DSS version 4.
The second benefit of the book is that we bring real-world
experience and unbiased advice to every page of the book. We are
keeping theory to a minimum and focusing on the real-world scenarios
that most merchants and service providers face in their quest to
achieve and maintain PCI compliance.
We are not reinventing the wheel here, so we won’t be sharing
information that has already been printed, the objectives of PCI DSS
compliance, or other information easily available on the PCI website.
We could have easily made this into a 1,000-page reference, which
would gather dust. But we’d rather have it be leaner and of value. Our
book is meant for PCI practitioners, so we expect the readers to have a
decent understanding of payment systems, the PCI DSS itself, and other
things fundamental to PCI.
The authors have more than 50 years of combined PCI experience
and 100 years of information security and risk management
experience. We have seen it all, been there, and done that. And we are
sharing our combined knowledge with you, to make your PCI journey
easier.
 We hope you enjoy reading this book as much as we enjoyed writing
it. In case we didn’t answer your question here, feel free to email us at
[email protected].
Any source code or other supplementary material referenced by the
author in this book is available to readers on the Github repository:
https://github.com/Apress/The-Definitive-Guide-to-PCI-DSS-Version-
4. For more detailed information, please visit
http://www.apress.com/source-code.
 Visit https://ebookmass.com
now to explore a rich
collection of eBooks and enjoy
exciting offers!
Table of Contents
Chapter 1:​A Brief History of PCI
Welcome to the PCI DSS
How We Got to Today’s PCI DSS
PCI Is More Than Just the DSS
PCI Version 4
Chapter 2:​Install and Maintain Network Security Controls
Overview
Evidence
Pitfalls
Famous Fails
Requirements and Evidence
Summary
Chapter 3:​Apply Secure Configurations to All System Components
Overview
Evidence
Pitfalls
Famous Fails
Requirements and Evidence
Summary
Chapter 4:​Protect Stored Account Data
Overview
Evidence
Pitfalls
Famous Fails
Requirements and Evidence
 Summary
Chapter 5:​Protect Cardholder Data with Strong Cryptography
During Transmission Over Open, Public Networks
Overview
Evidence
Pitfalls
Famous Fails
Requirements and Evidence
Summary
Chapter 6:​Protect All Systems and Networks from Malicious
Software
Overview
Pitfalls
Requirements and Evidence
Chapter 7:​Develop and Maintain Secure Systems and Software
Overview/​Intro
Requirements and Evidence
Chapter 8:​Restrict Access to System Components and Cardholder
Data by Business Need to Know
Overview
Two Important Concepts
The Concepts in Use
All-Encompassing View
Access Control Model
Maintaining Control
Keys to the Kingdom
Requirements and Evidence
Random documents with unrelated
content Scribd suggests to you:
 Me tunnustamme, tunnustamme.

MIES.

Kun valitsitte minut, vannoin minä kaatuvani näille muureille.

Pidän sanani, ja te kaikki kaadutte minun kanssani.

Haa! te tahtoisitte vielä elää.

Haa! kysykää esi-isiltänne miksi he sortivat ja hallitsivat.

(Kreiville.)

Ja sinä, miksi näännytit alamaisiasi?

(Toiselle.)

Miksi kulutit sinä nuoren ikäsi korttipeliin ja matkoihin kauas

isänmaastasi?

(Taas toiselle.)

Sinä matelit ylempien edessä, ylenkatsoit alempiasi.

(Eräälle naisista.)

Miksi et kasvattanut lapsiasi itsellesi puolustajiksi, ritareiksi? Nyt

he kelpaisivat johonkin. Vaan sinä rakastelit juutalaisia, asianajajia —
pyydä nyt heiltä elämää.

(Nousee ja ojentaa kätensä.)

Mikä kiire teillä on häpeään, mikä teitä niin viettelee tahraamaan

viimeiset hetkenne? Eteenpäin toki ennen, minun jälessäni
eteenpäin, arvoisat herrat, luoteja ja painetteja kohti, — eikä sinne
missä hirsipuu ja äänetön mestaaja köysi kädessä odottaa
kaulojanne.

MUUTAMIA ÄÄNIÄ.

Hyvin puhuttu. Luoteja ja painetteja kohti.

TOISIA ÄÄNIÄ.

Ei ole enään palastakaan leipää.

NAIS-ÄÄNIÄ.

Meidän lapsemme, teidän lapsenne.

USEITA ÄÄNIÄ.

On antautuminen. Sovitteluihin, sovitteluihin.

RISTI-ISÄ.

Lupaan teille elämänne, niin sanoakseni, personanne ja ruumiinne

koskemattomuuden.

MIES (lähestyy risti-isää ja tarttuu häntä rintaan).

Lähettilään pyhä persona, mene kätkemään harmaa pääsi

kastettujen juutalaisten ja suutarien telttoihin, etten tahraisi sitä
omalla verelläsi.

(Sisään tulee ryhmä asestettua väkeä Jakobin johdolla.)

 Ottakaa ja viekää maaliksenne tuo halpahintaisen opin uurtama
otsa, samoin tuo vapauden lakki, joka sanojeni henkäyksestä vapisee
tuossa aivottomassa päässä.

(Risti-isä katoaa näkyvistä.)

KAIKKI (yhtaikaa).

Kiinni hänet ja Pankratiuksen käsiin.

MIES.

Hetkinen vielä, arvoisat herrat.

(Kulkee sotilaasta sotilaaseen.)

Sinun kanssasi olen muistaakseni samoillut kauas vuoristoon

metsästysretkille. Muistatko, kun nostin sinut kuilusta?

(Toisille.)

Teidän kanssanne jouduin haaksirikkoon Tonavan kallioille.

Hieronymus,
Kristoffer, te olitte kanssani Mustalla merellä.

(Toisille.)

Teille rakennutin palaneiden mökkien sijalle uudet.

(Toisille.)

Te pakenitte luokseni pahaa herraanne. Sanokaa nyt, seuraatteko

minua vai jätättekö minut yksin pilkka huulille, etten noin suuresta
joukosta löytänyt ainoatakaan ihmistä.
KAIKKI.

Eläköön kreivi Henrik, eläköön!

MIES.

Mitä vielä on jälellä lihaa ja viinaa, se jakakaa heille. Ja sitten

muureille.

KAIKKI SOTAMIEHET.

Viinaa, lihaa, ja sitten muureille.

MIES.

Mene heidän kanssaan ja ole tunnin kuluttua valmis taisteluun.

JAKOB.

Siihen Herra minua auttakoon.

NAIS-ÄÄNIÄ.

Pienokaistemme tähden kiroamme sinut.

TOISIA ÄÄNIÄ.

Isäimme tähden.

TOISIA ÄÄNIÄ.

Vaimojenne tähden.
MIES.

Ja minä teidät kurjan sielunne tähden.

*****

Pyhän Kolminaisuuden vallit. Ruumiita ylt'ympäri. Pirstoutuneita

tykkejä. Maassa aseita. Siellä täällä juoksee sotamiehiä. Mies nojaa
vallitusta vasten. Jakob hänen vieressään.

MIES (työntäen sapelinsa huotraan).

Ei ole suurempaa riemua kuin leikkiä vaaraa ja voittaa aina, ja kun

tulee tappion vuoro niin se ainoastaan yhden kerran.

JAKOB.

He ovat peräytyneet saatuaan viimeisen haulisateemme, mutta

tuolla alhaalla he taas parveilevat ja palaavat pian hyökkäykseen.
Turhaan — ei kukaan ole säädettyä kohtaloaan päässyt pakoon niin
kauan kuin maailma on seissyt.

MIES.

Eikö ole enää raehauleja?

JAKOB.

Ei kuulia, ei sudenhauleja eikä raehauleja. Kaikki tyhjenee viimein.

MIES.

Tuo sitten tänne poikani syleilläkseni häntä vielä kerran.

 (Jakob poistuu.)

Taistelun sauhu on sumentanut silmäni. Minusta näyttää kuin

laakso kohoilisi ja kaatuisi takaisin. Kalliot pirstoutuvat sadoista
saumoistaan ja risteilevät. Kummallisessa jonossa kulkevat myös
ajatukseni.

(Istuu muurille.)

Ei kannata elää ihmisenä — eikä enkelinä. Muutaman vuosisadan

kuluttua, samoin kuin me muutaman vuoden oltuamme olemassa,
tunsi ensimäinen ylienkeli ikävää sydämessään ja himoitsi
väkevämpiä voimia. On oltava joko Jumala tai olemattomuus.

(Jakob tulee Orcion kanssa.)

Ota mukaasi muutamia miehiämme, kierrä linnan salit ja aja

muureille kaikki ketä tapaat.

JAKOB.

Pankkiirit, kreivit ja ruhtinaat.

(Menee.)

MIES.

Tule poikani. Pane kätesi tuohon minun kädelleni ja paina otsasi

minun huulilleni. Äitisi otsa oli muinoin yhtä valkea ja pehmeä.

ORCIO.
 Kuulin hänen äänensä tänään ennenkuin miehesi tarttuivat
aseisiin. Hänen sanansa liitivät kevyesti kuin tuoksahdus, ja hän
sanoi: »Tänä iltana istut minun vieressäni.»

MIES.

Mainitsiko hän edes nimeäni?

ORCIO.

Hän sanoi: »Tänä iltana odotan poikaani.»

MIES (syrjään).

Loppuvatko voimani tien päättyessä? Jumala siitä varjelkoon.

Hetkinen rohkeutta — sitten saat pitää minua vankinasi läpi
iankaikkisuuden.

(Ääneen.)

Poikani, anna anteeksi, että annoin sinulle elämän. Me eroamme

— tiedätkö kuinka kauaksi?

ORCIO.

Ota minut äläkä jätä. Älä jätä, minä vedän sinut jälestäni.

MIES.

Meidän tiemme kulkevat erilleen. Sinä unohdat minut

enkeliparvien keskessä, sinä et heitä ylhäältä minulle
kastepisaraakaan, oi Yrjö, Yrjö, oma poikaseni!
ORCIO.

Mitä huutoja — minä aivan vapisen — yhä hurjemmin, yhä

lähempänä. Tykkien ja pyssyjen pauke jyrisee, ennustettu viimeinen
hetki saapuu luoksemme.

MIES.

Kiirehdi, kiirehdi, Jakob.

(Joukko asestettuja kreivejä ja ruhtinaita kulkee alapihan

yli. Jakob sotamiehineen menee heidän jälkeensä.)

JONKUN ÄÄNI.

Olette antaneet aseiden palasia ja käskette taistelemaan.

TOINEN ÄÄNI.
 Henrik, armahda meitä.

KOLMAS.

Älä aja meitä väsyneitä ja nälkäisiä muureille.

TOISIA ÄÄNIÄ.

Minne meitä ajetaan, minne?

MIES (heille).

Kuolemaan.

(Pojalleen.)

Tällä syleilyllä tahtoisin yhtyä sinuun iäksi. Mutta minun on

meneminen toiseen suuntaan.

(Orcio kaatuu luodin satuttamana.)

ÄÄNI YLHÄÄLTÄ.

Tänne luokseni, puhdas henki! Tänne luokseni, poikaseni!

MIES.

Hei! Tänne luokseni, pieni väkeni.

(Vetää esiin miekan ja panee makaavan huulille.)

Terä on kirkas kuin äskenkin, henki ja elämä ovat kiitäneet pois

yhtaikaa.
 Hei, tänne, eteenpäin! He ovat tunkeutuneet jo sapelin ylettyville.
Takaisin kuiluun, vapauden pojat.

(Sekasortoa ja tappelua.)

*****

Toinen puoli vallituksia. Kuuluu taistelun ääniä. Jakob pitkällään

muurilla. Mies juoksee verissään hänen luokseen.

MIES.

Mikä sinun on, uskollinen vanhukseni?

JAKOB.

Maksakoon sinulle piru helvetissä itsepäisyytesi ja minun tuskani.

Niin
Herra minua auttakoon!

(Kuolee.)

MIES (heittäen sapelinsa.)

En sinua enää tarvitse, väkeni on kaatunut, ja nuo tuolla polvillaan

ojentavat käsiään voittajille ja änkyttävät armoa!

(Katselee ympärilleen.)

He eivät tule vielä tänne päin. On aikaa vielä, levätkäämme

hetkinen.
Haa, he ovat jo päässeet pohjoisen tornin kimppuun, uutta väkeä on
tunkeutunut pohjoiselle tornille — katselevat eikö löydy kreivi
Henrikiä. — Täällä olen, täällä, mutta te ette pääse tuomareikseni.
Minä olen jo lähtenyt matkalle, minä astun Jumalan tuomiolle.

(Asettuu kuilun yli riippuvalle tornin jätteelle.)

Näen sen sysimustana, luokseni vyöryvinä pimeyden nummina,

ijäisyyteni, rannattoman, saarettoman, loputtoman — ja sen keskellä
Jumalan kuni auringon, joka ikuisesti paistaa, ijäti säteilee vaan ei
mitään valaise.

(Siirtyy askeleen eteenpäin.)

He juoksevat, he näkivät minut. Jesus, Maria! Runous, ole kirottu

sinä kuten itse olen ainiaaksi. Kädet, tulkaa ja lävistäkää nämä
muurit.

(Syöksyy syvyyteen.)

*****

Linnan piha. Pankratius. Leonard. Blanchetti joukkojen nenässä.

Heidän edellään kulkee kreivejä ja ruhtinaita vaimoineen ja lapsineen
rautoihin sidottuina.

PANKRATIUS.

Nimesi?

KREIVI.

Kristoffer Volsagunilainen.

PANKRATIUS.
 Lausuit sen viimeisen kerran. Entä sinun?

RUHTINAS.

Vladislav, Tšarnolasin herra.

PANKRATIUS.

Lausuit sen viimeisen kerran, — ja sinun?

PARONI.

Aleksanteri Godalbergistä.

PANKRATIUS.

Poispyyhitty elävien kirjoista — mene!

BLANCHETTI (Leonardille).

Kaksi kuukautta ovat vastustaneet, vaikka aseet ovat kurjat ja

vallitukset kelvottomat.

LEONARD.

Onko niitä siellä vielä paljon?

PANKRATIUS.

Minä jätän heidät kaikki sinulle. Vuotakoon heidän verensä

maailman nähtäväksi. Vaan sille, joka sanoo minulle missä kreivi
Henrik on, lahjoitan minä elämän.
USEITA ÄÄNIÄ.

Hän katosi aivan viime hetkessä.

RISTI-ISÄ.

Minä rupean nyt välittäjäksi sinun ja niiden arvoisain kansalaisten

välille, jotka ovat laskeneet Pyhän Kolminaisuuden linnan avaimet
sinun käsiisi ja ovat nyt vankejasi, suuri mies.

PANKRATIUS.

En tahdo tietää välittäjistä siinä missä olen omalla voimallani

voittoni saavuttanut. Saat itse valvoa heidän kuolemaansa.

RISTI-ISÄ.

Koko elämäni on ollut tosi kansalaisen elämää, josta on paljon

todistuksia, ja jos olen yhtynyt teihin niin en siksi että antaisin omat
aatelisveljeni…

PANKRATIUS.

Kiinni tuo vanha viisastelija, pois! Samaan matkaan muiden

kanssa.

(Sotamiehet piirittävät risti-isän ja vangit.)

Missä on Henrik? Eikö kukaan teistä ole nähnyt häntä elävänä tai
kuolleena? Pussillinen kultaa Henrikistä — vaikkapa olisikin ruumiina.

(Joukko sotamiehiä laskeutuu muureilta.)

 Ettekö te ole nähneet Henrikiä?

OSASTON JOHTAJA.

Johtaja-kansalainen, poikkesin kenrali Blanchetin käskystä vallien

länsipuolelle juuri kun olimme saapumassa linnoitukseen ja näin
vallitornin kolmannessa kaarroksessa haavoittuneen miehen
seisomassa aseettomana toisen ruumiin ääressä. Käskin lisätä
marssin kahta kiivaammaksi ottaaksemme hänet kiinni. Mutta
ennenkuin olimme perillä, laskeutui mies hiukan alemmas, nousi
huojuvalle kielekkeelle ja katseli hetken mielettömin katsein. Sitten
ojensi hän kätensä kuin uija, joka aikoo heittäytyä sukeltamaan, ja
ponnistihe kaikin voimin eteenpäin — me kuulimme kaikki
kallionkamaraan putoavan ruumiin kumahduksen, ja tässä on sapeli,
joka löytyi muutaman askeleen päästä.

PANKRATIUS (ottaen sapelin).

Veren jälkiä kahvassa. Alempana hänen sukunsa vaakuna.

Tämä on kreivi Henrikin sapeli. Hän yksin teistä on pitänyt

sanansa.
Siksi kunnia hänelle, teloitusrauta teille.

Kenrali Blanchetti, pidä huolta linnan hajoittamisesta ja tuomion

täyttämisestä.

Leonard!

(Astuu torniin Leonardin kanssa.)

LEONARD.
 Niin monen unettoman yön jälkeen pitäisi sinun levätä, mestari.
Kasvoissasi näkyy väsymyksen jälkiä.

PANKRATIUS.

Ei ole vielä hetkeni levätä, lapseni, sillä vasta puolet työstäni on

päättynyt heidän heittäessään henkensä. — Katso noita kenttiä,
noita äärettömiä aloja, jotka ovat minun ja ajatukseni välillä. Nuo
erämaat on kansoitettava, hakattava tieltä nuo kalliot, yhdistettävä
nuo järvet, jaettava kullekin maa-alansa, että näille lakeuksille
nousisi kaksi kertaa niin paljon elämää, kuin niissä nyt on kuolemaa.
Muuten ei hävityksen työ tule lunastetuksi.

LEONARD.

Vapauden Jumala antaa meille voimia.

PANKRATIUS.

Mitä puhut Jumalasta — tässä jalka liukahtaa ihmisverestä. Kenen

verta se on? Takanamme ovat linnan pihat — olemme yksin, mutta
minusta tuntuu kuin joku kolmas olisi kerällämme.

LEONARD.

Kenties tuon surmatun ruumis.

PANKRATIUS.

Hänen uskollisen seuralaisensa ruumis, kuollut ruumis — mutta

täällä hallitsee jonkun henki — entä tuo lakki — sama vaakuna on
siinä. Katso tuonnemmas, kiveä, joka pistää kuilun yli — sillä paikalla
pakahtui hänen sydämensä.

LEONARD.

Sinä kalpenet, mestari.

PANKRATIUS.

Näetkö tuolla, korkealla, korkealla?

LEONARD.

Terävän huipun yllä näen kaltevan pilven, johon auringon säteet

sammuvat.

PANKRATIUS.

Kauhea merkki palaa siinä.

LEONARD.

Varmaan silmäsi pettävät.

PANKRATIUS.

Miljonajoukot kuuntelivat minua hetki sitten. Missä ovat joukkoni?

LEONARD.

Kuuletko heidän huutoaan? He huutavat sinua, he odottavat sinua.

PANKRATIUS.
 Eukot ja lapset ovat lörpötelleet, että semmoinen on ilmestyvä,
mutta vasta viimeisenä päivänä.

LEONARD.

Kuka?

PANKRATIUS.

On kuin lumivalkea patsas seisoisi kuilujen yllä — nojaa molemmin

käsin ristiin kuten kostaja sapeliinsa — yhteenpunotuista salamoista
orjantappurakruunu.

LEONARD.

Mikä sinua vaivaa? Mikä sinun on?

PANKRATIUS.

Tuon katseen salamasta voi elävänä kuolla.

LEONARD.

Puna pakenee pakenemistaan kasvoiltasi — menkäämme täältä —

menkäämme.
Kuuletko minua?

PANKRATIUS.

Pane kätesi silmilleni, paina nyrkeilläsi silmäluomiani — eroita

minut tuosta katseesta, joka musertaa minut tuhaksi.
LEONARD.

Onko nyt hyvä?

PANKRATIUS.

Sinulla on viheliäiset kädet — niinkuin hengellä, jolla ei ole luuta

eikä lihaa, läpinäkyvät kuin vesi, läpinäkyvät kuin ilma. Näen
kerrassaan kaikki.

LEONARD.

Nojaa minua vasten.

PANKRATIUS.

Anna minulle edes hiven pimeyttä.

LEONARD.

Voi, mestarini!

PANKRATIUS.

Pimeyttä, pimeyttä!

LEONARD.

Hoi, kansalaiset, hoi! Apuun, veljet demokratit. Hoi, apua, apua,

auttakaa!

PANKRATIUS.
Galilæe vicisti.

(Vaipuu Leonardin syliin ja kuolee.)

 *** END OF THE PROJECT GUTENBERG EBOOK EI-JUMALAINEN
KOMEDIA ***

Updated editions will replace the previous one—the old editions will
be renamed.

Creating the works from print editions not protected by U.S.

copyright law means that no one owns a United States copyright in
these works, so the Foundation (and you!) can copy and distribute it
in the United States without permission and without paying
copyright royalties. Special rules, set forth in the General Terms of
Use part of this license, apply to copying and distributing Project
Gutenberg™ electronic works to protect the PROJECT GUTENBERG™
concept and trademark. Project Gutenberg is a registered trademark,
and may not be used if you charge for an eBook, except by following
the terms of the trademark license, including paying royalties for use
of the Project Gutenberg trademark. If you do not charge anything
for copies of this eBook, complying with the trademark license is
very easy. You may use this eBook for nearly any purpose such as
creation of derivative works, reports, performances and research.
Project Gutenberg eBooks may be modified and printed and given
away—you may do practically ANYTHING in the United States with
eBooks not protected by U.S. copyright law. Redistribution is subject
to the trademark license, especially commercial redistribution.

START: FULL LICENSE

THE FULL PROJECT GUTENBERG LICENSE
 PLEASE READ THIS BEFORE YOU DISTRIBUTE OR USE THIS WORK

To protect the Project Gutenberg™ mission of promoting the free

distribution of electronic works, by using or distributing this work (or
any other work associated in any way with the phrase “Project
Gutenberg”), you agree to comply with all the terms of the Full
Project Gutenberg™ License available with this file or online at
www.gutenberg.org/license.

Section 1. General Terms of Use and

Redistributing Project Gutenberg™
electronic works
1.A. By reading or using any part of this Project Gutenberg™
electronic work, you indicate that you have read, understand, agree
to and accept all the terms of this license and intellectual property
(trademark/copyright) agreement. If you do not agree to abide by all
the terms of this agreement, you must cease using and return or
destroy all copies of Project Gutenberg™ electronic works in your
possession. If you paid a fee for obtaining a copy of or access to a
Project Gutenberg™ electronic work and you do not agree to be
bound by the terms of this agreement, you may obtain a refund
from the person or entity to whom you paid the fee as set forth in
paragraph 1.E.8.

1.B. “Project Gutenberg” is a registered trademark. It may only be

used on or associated in any way with an electronic work by people
who agree to be bound by the terms of this agreement. There are a
few things that you can do with most Project Gutenberg™ electronic
works even without complying with the full terms of this agreement.
See paragraph 1.C below. There are a lot of things you can do with
Project Gutenberg™ electronic works if you follow the terms of this
agreement and help preserve free future access to Project
Gutenberg™ electronic works. See paragraph 1.E below.
1.C. The Project Gutenberg Literary Archive Foundation (“the
Foundation” or PGLAF), owns a compilation copyright in the
collection of Project Gutenberg™ electronic works. Nearly all the
individual works in the collection are in the public domain in the
United States. If an individual work is unprotected by copyright law
in the United States and you are located in the United States, we do
not claim a right to prevent you from copying, distributing,
performing, displaying or creating derivative works based on the
work as long as all references to Project Gutenberg are removed. Of
course, we hope that you will support the Project Gutenberg™
mission of promoting free access to electronic works by freely
sharing Project Gutenberg™ works in compliance with the terms of
this agreement for keeping the Project Gutenberg™ name associated
with the work. You can easily comply with the terms of this
agreement by keeping this work in the same format with its attached
full Project Gutenberg™ License when you share it without charge
with others.

1.D. The copyright laws of the place where you are located also
govern what you can do with this work. Copyright laws in most
countries are in a constant state of change. If you are outside the
United States, check the laws of your country in addition to the
terms of this agreement before downloading, copying, displaying,
performing, distributing or creating derivative works based on this
work or any other Project Gutenberg™ work. The Foundation makes
no representations concerning the copyright status of any work in
any country other than the United States.

1.E. Unless you have removed all references to Project Gutenberg:

1.E.1. The following sentence, with active links to, or other

immediate access to, the full Project Gutenberg™ License must
appear prominently whenever any copy of a Project Gutenberg™
work (any work on which the phrase “Project Gutenberg” appears,
or with which the phrase “Project Gutenberg” is associated) is
accessed, displayed, performed, viewed, copied or distributed:
 This eBook is for the use of anyone anywhere in the United
States and most other parts of the world at no cost and with
almost no restrictions whatsoever. You may copy it, give it away
or re-use it under the terms of the Project Gutenberg License
included with this eBook or online at www.gutenberg.org. If you
are not located in the United States, you will have to check the
laws of the country where you are located before using this
eBook.

1.E.2. If an individual Project Gutenberg™ electronic work is derived

from texts not protected by U.S. copyright law (does not contain a
notice indicating that it is posted with permission of the copyright
holder), the work can be copied and distributed to anyone in the
United States without paying any fees or charges. If you are
redistributing or providing access to a work with the phrase “Project
Gutenberg” associated with or appearing on the work, you must
comply either with the requirements of paragraphs 1.E.1 through
1.E.7 or obtain permission for the use of the work and the Project
Gutenberg™ trademark as set forth in paragraphs 1.E.8 or 1.E.9.

1.E.3. If an individual Project Gutenberg™ electronic work is posted

with the permission of the copyright holder, your use and distribution
must comply with both paragraphs 1.E.1 through 1.E.7 and any
additional terms imposed by the copyright holder. Additional terms
will be linked to the Project Gutenberg™ License for all works posted
with the permission of the copyright holder found at the beginning
of this work.

1.E.4. Do not unlink or detach or remove the full Project

Gutenberg™ License terms from this work, or any files containing a
part of this work or any other work associated with Project
Gutenberg™.

1.E.5. Do not copy, display, perform, distribute or redistribute this

electronic work, or any part of this electronic work, without
prominently displaying the sentence set forth in paragraph 1.E.1
with active links or immediate access to the full terms of the Project
Gutenberg™ License.

1.E.6. You may convert to and distribute this work in any binary,
compressed, marked up, nonproprietary or proprietary form,
including any word processing or hypertext form. However, if you
provide access to or distribute copies of a Project Gutenberg™ work
in a format other than “Plain Vanilla ASCII” or other format used in
the official version posted on the official Project Gutenberg™ website
(www.gutenberg.org), you must, at no additional cost, fee or
expense to the user, provide a copy, a means of exporting a copy, or
a means of obtaining a copy upon request, of the work in its original
“Plain Vanilla ASCII” or other form. Any alternate format must
include the full Project Gutenberg™ License as specified in
paragraph 1.E.1.

1.E.7. Do not charge a fee for access to, viewing, displaying,

performing, copying or distributing any Project Gutenberg™ works
unless you comply with paragraph 1.E.8 or 1.E.9.

1.E.8. You may charge a reasonable fee for copies of or providing

access to or distributing Project Gutenberg™ electronic works
provided that:

• You pay a royalty fee of 20% of the gross profits you derive
from the use of Project Gutenberg™ works calculated using the
method you already use to calculate your applicable taxes. The
fee is owed to the owner of the Project Gutenberg™ trademark,
but he has agreed to donate royalties under this paragraph to
the Project Gutenberg Literary Archive Foundation. Royalty
payments must be paid within 60 days following each date on
which you prepare (or are legally required to prepare) your
periodic tax returns. Royalty payments should be clearly marked
as such and sent to the Project Gutenberg Literary Archive
Foundation at the address specified in Section 4, “Information
 about donations to the Project Gutenberg Literary Archive
Foundation.”

• You provide a full refund of any money paid by a user who

notifies you in writing (or by e-mail) within 30 days of receipt
that s/he does not agree to the terms of the full Project
Gutenberg™ License. You must require such a user to return or
destroy all copies of the works possessed in a physical medium
and discontinue all use of and all access to other copies of
Project Gutenberg™ works.

• You provide, in accordance with paragraph 1.F.3, a full refund of

any money paid for a work or a replacement copy, if a defect in
the electronic work is discovered and reported to you within 90
days of receipt of the work.

• You comply with all other terms of this agreement for free
distribution of Project Gutenberg™ works.

1.E.9. If you wish to charge a fee or distribute a Project Gutenberg™

electronic work or group of works on different terms than are set
forth in this agreement, you must obtain permission in writing from
the Project Gutenberg Literary Archive Foundation, the manager of
the Project Gutenberg™ trademark. Contact the Foundation as set
forth in Section 3 below.

1.F.

1.F.1. Project Gutenberg volunteers and employees expend

considerable effort to identify, do copyright research on, transcribe
and proofread works not protected by U.S. copyright law in creating
the Project Gutenberg™ collection. Despite these efforts, Project
Gutenberg™ electronic works, and the medium on which they may
be stored, may contain “Defects,” such as, but not limited to,
incomplete, inaccurate or corrupt data, transcription errors, a
copyright or other intellectual property infringement, a defective or
damaged disk or other medium, a computer virus, or computer
codes that damage or cannot be read by your equipment.

1.F.2. LIMITED WARRANTY, DISCLAIMER OF DAMAGES - Except for

the “Right of Replacement or Refund” described in paragraph 1.F.3,
the Project Gutenberg Literary Archive Foundation, the owner of the
Project Gutenberg™ trademark, and any other party distributing a
Project Gutenberg™ electronic work under this agreement, disclaim
all liability to you for damages, costs and expenses, including legal
fees. YOU AGREE THAT YOU HAVE NO REMEDIES FOR
NEGLIGENCE, STRICT LIABILITY, BREACH OF WARRANTY OR
BREACH OF CONTRACT EXCEPT THOSE PROVIDED IN PARAGRAPH
1.F.3. YOU AGREE THAT THE FOUNDATION, THE TRADEMARK
OWNER, AND ANY DISTRIBUTOR UNDER THIS AGREEMENT WILL
NOT BE LIABLE TO YOU FOR ACTUAL, DIRECT, INDIRECT,
CONSEQUENTIAL, PUNITIVE OR INCIDENTAL DAMAGES EVEN IF
YOU GIVE NOTICE OF THE POSSIBILITY OF SUCH DAMAGE.

1.F.3. LIMITED RIGHT OF REPLACEMENT OR REFUND - If you

discover a defect in this electronic work within 90 days of receiving
it, you can receive a refund of the money (if any) you paid for it by
sending a written explanation to the person you received the work
from. If you received the work on a physical medium, you must
return the medium with your written explanation. The person or
entity that provided you with the defective work may elect to provide
a replacement copy in lieu of a refund. If you received the work
electronically, the person or entity providing it to you may choose to
give you a second opportunity to receive the work electronically in
lieu of a refund. If the second copy is also defective, you may
demand a refund in writing without further opportunities to fix the
problem.

1.F.4. Except for the limited right of replacement or refund set forth
in paragraph 1.F.3, this work is provided to you ‘AS-IS’, WITH NO
OTHER WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR ANY PURPOSE.

1.F.5. Some states do not allow disclaimers of certain implied

warranties or the exclusion or limitation of certain types of damages.
If any disclaimer or limitation set forth in this agreement violates the
law of the state applicable to this agreement, the agreement shall be
interpreted to make the maximum disclaimer or limitation permitted
by the applicable state law. The invalidity or unenforceability of any
provision of this agreement shall not void the remaining provisions.

1.F.6. INDEMNITY - You agree to indemnify and hold the Foundation,

the trademark owner, any agent or employee of the Foundation,
anyone providing copies of Project Gutenberg™ electronic works in
accordance with this agreement, and any volunteers associated with
the production, promotion and distribution of Project Gutenberg™
electronic works, harmless from all liability, costs and expenses,
including legal fees, that arise directly or indirectly from any of the
following which you do or cause to occur: (a) distribution of this or
any Project Gutenberg™ work, (b) alteration, modification, or
additions or deletions to any Project Gutenberg™ work, and (c) any
Defect you cause.

Section 2. Information about the Mission

of Project Gutenberg™
Project Gutenberg™ is synonymous with the free distribution of
electronic works in formats readable by the widest variety of
computers including obsolete, old, middle-aged and new computers.
It exists because of the efforts of hundreds of volunteers and
donations from people in all walks of life.

Volunteers and financial support to provide volunteers with the

assistance they need are critical to reaching Project Gutenberg™’s
goals and ensuring that the Project Gutenberg™ collection will
remain freely available for generations to come. In 2001, the Project
Gutenberg Literary Archive Foundation was created to provide a
secure and permanent future for Project Gutenberg™ and future
generations. To learn more about the Project Gutenberg Literary
Archive Foundation and how your efforts and donations can help,
see Sections 3 and 4 and the Foundation information page at
www.gutenberg.org.

Section 3. Information about the Project

Gutenberg Literary Archive Foundation
The Project Gutenberg Literary Archive Foundation is a non-profit
501(c)(3) educational corporation organized under the laws of the
state of Mississippi and granted tax exempt status by the Internal
Revenue Service. The Foundation’s EIN or federal tax identification
number is 64-6221541. Contributions to the Project Gutenberg
Literary Archive Foundation are tax deductible to the full extent
permitted by U.S. federal laws and your state’s laws.

The Foundation’s business office is located at 809 North 1500 West,

Salt Lake City, UT 84116, (801) 596-1887. Email contact links and up
to date contact information can be found at the Foundation’s website
and official page at www.gutenberg.org/contact

Section 4. Information about Donations to

the Project Gutenberg Literary Archive
Foundation
Project Gutenberg™ depends upon and cannot survive without
widespread public support and donations to carry out its mission of
increasing the number of public domain and licensed works that can
be freely distributed in machine-readable form accessible by the
widest array of equipment including outdated equipment. Many
small donations ($1 to $5,000) are particularly important to
maintaining tax exempt status with the IRS.

The Foundation is committed to complying with the laws regulating

charities and charitable donations in all 50 states of the United
States. Compliance requirements are not uniform and it takes a
considerable effort, much paperwork and many fees to meet and
keep up with these requirements. We do not solicit donations in
locations where we have not received written confirmation of
compliance. To SEND DONATIONS or determine the status of
compliance for any particular state visit www.gutenberg.org/donate.

While we cannot and do not solicit contributions from states where

we have not met the solicitation requirements, we know of no
prohibition against accepting unsolicited donations from donors in
such states who approach us with offers to donate.

International donations are gratefully accepted, but we cannot make

any statements concerning tax treatment of donations received from
outside the United States. U.S. laws alone swamp our small staff.

Please check the Project Gutenberg web pages for current donation
methods and addresses. Donations are accepted in a number of
other ways including checks, online payments and credit card
donations. To donate, please visit: www.gutenberg.org/donate.

Section 5. General Information About

Project Gutenberg™ electronic works
Professor Michael S. Hart was the originator of the Project
Gutenberg™ concept of a library of electronic works that could be
freely shared with anyone. For forty years, he produced and
distributed Project Gutenberg™ eBooks with only a loose network of
volunteer support.