Human-Nets-Request%rutgers@brl-bmd.UUCP (Human-Nets-Request@rutgers) (11/03/83)
HUMAN-NETS Digest Thursday, 3 Nov 1983 Volume 6 : Issue 68 Today's Topics: Computers and People - More Than Just a Game (3 msgs) & Hackers victim of Newspeak, Computers on TV - `Whizzy' kidnicks/urchins Computers and the Law - kids and computer crime ---------------------------------------------------------------------- Date: 28 Oct 1983 13:50:31-EDT From: csin!cjh@CCA-UNIX Subject: reality disguised as a game There was a Hugo-nominated SF novella a few years back, ("Ender's Game?") in which a cadet, having won at all the physical training problems produced, was assigned to what he thought was a simulator (complete with a vicious instructor for his opponent); at the end of the story he finds that only his first battle was a simulation, the others being direction of drone ships against the enemy homeworld. (He also finds himself, after saving the world, mustered out at age 11.) ------------------------------ Date: Fri, 28 Oct 83 11:00 PST From: John Palevich <palevich.atari@Rand-Relay> Subject: More than just a game "Ender's Game" was published in Analog magazine sometime between 79 and 82. There's this kid, Ender, who's extremely good at winning games, and they give him harder, and harder games. Eventually it comes out that he's fighting (and winning) their space battles for them. Did you know that the controls on the new Atari coin-operated game "Star Wars" are based upon current military tank controls? The game controller was originally developed for a version of "Battle Zone". It's kind of neat, you can control six buttons and a joystick at the same time. ------------------------------ Date: Thu, 27 Oct 83 22:54 PDT From: Gloger.es@PARC-MAXC.ARPA Subject: Re: Whiz Kids, episode #2 You suggested a very interesting "generalization of the Whiz Kids idea," such that the DOD arranges for "World War 3 [to] be run not by generals but by a computer hooked up to millions of teenagers who think they're just playing a game." There is an absolutely stunning 40-page short story, "Ender's Game," by Orson Scott Card, which develops almost exactly the idea you suggest. I read it in Jerry Pournelle (as editor)'s book "There Will Be War," a collection of short stories and essays on the subject of war, published this year. Pournelle there acknowledges "Analog Science Fiction/Fact Magazine" of August 1977 for first publication of "Ender's Game." The story is well worth the price of admission. ------------------------------ From: ian%utcsstat@BRL-BMD.ARPA Date: Sat, 29 Oct 83 03:18:30 edt Subject: Re: Hackers victim of Newspeak (HUMAN-NETS Digest V6 #64) REM says that "somebody" should castigate the media for using "hacker" when they mean "cracker". That "somebody", gentle reader, is you, baby, nobody but you. If you don't do it, nobody else will. You, and you, and you, and you and, of course, you. Write a letter to the T.V. station or the local newspaper each and every time you hear them use "hacker" when they mean "cracker". It can be the same short letter each time, with the station name and program or paper name and article changed. Keep it online (unless you are paranoid about DOD and computer use, see article in same issue of HUMAN-NETS); change the details and print it to lpr (or however you get hardcopy). This will be easier when E-Com hookups become prevalent; for now, keep licking stamps and mailing to the media. They may listen iff they get enough abuse from real hackers (the good side, not the dark side, of hackerdom!). ------------------------------ Date: 29 October 1983 21:58 EDT From: Robert Elton Maas <REM @ MIT-MC> Subject: HUMAN-NETS Digest V6 #66 `whizzy' kidnicks/urchins After thinking about this for a few days, I am beginning to think the writer for "Whiz Kids" is smarter than the rest of us. If we want to set up a secret account wherby we can do unauthorized work without even being detected as being logged in, the obvious places to patch the system are (1) the LOGIN program, (2) the kernel, (3) the password/account file. So those places are where the security personnel will look first when unauthorized use is suspected. Who would think of looking in the LOGOUT program for a hack whereby if you say you don't want your files closed and you go against the warnings that you may lose some data, then it leaves you secretly logged in? I.e. if you really want to be undetected even when a security audit is in progress, this is a perfect way to gain time, remaining undetected for a few days or weeks while you complete your unauthorized work. Of course now that the secret is out that trick won't work, you gotta invent a new one next time, because the security personnel now have item (4) the LOGOUT program on their hit list. Trojan horses work only the first time. "Fool me once, shame on you; fool me twice, shame on me." (Scotty on Startrek) No military commander in the past 2000 years would accept a physical horse without checking it for soldiers inside, because the idea has been public knowledge all this time. I think the "Whiz Kids" writer was right in using a "stupid" way of setting up a secret account instead of the "right" way. - Regarding Tops-10, it might be easy, just have the LOGOUT program not issue a LOGOUT UUO when it should, and instead change the login name to something innocent like [100,100] and the job name to something not-logged-in uses are allowed to do like WHO or FINGER or MAIL. ------------------------------ Date: 28 October 1983 23:33 edt From: Dehn at MIT-MULTICS (Joseph W. Dehn III) Subject: kids and computer crime It is indeed an unfortunate situation when computer crime has to be dealt with by having FBI agents break into kids rooms, but this is just another symptom of the tremendous ignorance and confusion that still exists among the general public regarding computers and their use. Yes, it is 1983, but experience with computers has not been integrated into peoples' values, and even those institutions that are trying to deal with the problem often seem to proposing solutions based on the 1973 situation. Where are those kids supposed to have learned what is right and wrong in computer access? Where are kids supposed to learn about any kind of right and wrong? Presumably the process begins in the home -- you construct a primitive model of property rights when you defend your teddy bear. As you get older, your parents point out more subtle distinctions, and you learn that it is OK to knock on someone's door, but not to pry open their window. To the extent that this home learning fails, you encounter additional guidance in school and in the experience of interacting with your peers. All of this happens gradually, together with increasing access to the outside world (potential to harm others). The FBI-type interaction is one of the last steps in this process, one that most people don't need to get involved in as part of their personal learning experience. And, by the time most people are exposed to movies that glorify robbery or murder, they have other ideas to compare them against. With the kind of computer crime that is getting the publicity today, people are making the leap from no access (home computer game playing) to nation-wide access in one step, with nothing to guide them. A parent can't point out the difference between knocking on a door and breaking a window when they both take the form of unintelligible keyboard incantations. The experience of being rebuked by peers does not occur, since in the current state of home computer use a peer's computer is unlikely to be accessible remotely or to contain anything more exciting than ones own. For the same reason, it is hard to apply ethical generalizations such as "do unto others as..."; the situation is not symmetric, the reverse case being so implausible as to not even be envisioned. This part of the problem is complemented by the inconsistency and ignorance of the victims. By not "locking their doors", the victims further confuse their potential attackers, who are left, in some cases, uncertain as to where the doors even are located. Actually, some of the victims don't even seem to know where the doors are. They think they are located in some secluded, out of the way location, when they are actually located on a busy main street. They fail to post "no trespassing" and "authorized personnel only" signs. They have no means to observe who is wandering around and thus cannot warn them away. Finally, something happens and they, literally, "make a federal case out of it". None of this is meant as a defense of the malicious computer vandal, or even of the inexperienced kid "taking a joyride on the electronic highways". There are many clues to guide people, and most people end up behaving reasonably. But this is why the confrontation ends up being between kids and the FBI: in too many cases, the less extreme confrontations have been skipped over. Instead of warnings and incremental adjustments to behavior, we get arrests, panic, and headlines. It is a great hindrance to the education process that there is not even general agreement on what computer crime is. In the recent press coverage, there has been so much emphasis on the "paraphernalia" of computer crime that the real issues may be missed by much of the public. A home computer (less than $100!!), a modem (ah -- technical jargon, mysterious); add a kid and some code names, and PRESTO: a computer criminal. I saw a modem in your house, are you sure you're not a criminal? The FBI confiscates a modem, as if it were a knife. What did they actually DO, and to whom? The average reader might remember something about Sloan-Kettering, a bank, or the "highly secure Arpanet", but what was the actual injury, to what property or other rights? The press reports give very little coverage to this, and what little they say is not even consistent. Before people can come to understand what computer crime is (or should be defined as, since in most cases there are no laws that yet define it), they have to understand the different kinds of access involved. They have to understand that it is OK to drive on a public highway, that you have to walk up to someone's door before you can knock on it, that some buildings have public lobbies, and that just because someone lets you into his house it doesn't mean you can take the silverware. Another thing that makes education difficult is that the concern about computer crime has emphasized different things at different times. In the past, there was a lot of concern about "stealing computer time", which naturally makes mere "access" to a computer something to be suspicious of. This has helped obscure the fact that the real "computer crime" problem is access to information, not hardware. People did use their employer's computers to store their bowling league databases (although in many organizations it was never clear whether this was even improper), and kids did use other people's computer accounts to compute the Nth digit of PI (although most of today's kids may not care about that sort of programming), but these are not the future problems that people need to be educated about or that laws need to address. To the extent that certain resources remain expensive (e.g., telecommunications), there will still be an incentive to try to get them without paying for them, and to the extent that it is more convenient for an employee to take care of his personal affairs in his office than at home, employers will need to set guidelines to prevent interference with job responsibilities, but none of this has anything to do with "computer crime". Until people understand the real issues of access to information, they will not understand what to do about "computer crime". They will not be able to enact reasonable laws, and they will not be able to teach their children. They will be confused by the hackers that say "we do not believe in property rights" or that "it is OK when you do it to big impersonal organizations", because they will not understand that these are statements of philosophies that have nothing to do with computers, that most hackers do not agree with them, and that it is one thing for a person who believes them to use them to guide his own behavior, and quite another to base an information-intensive economy and its laws on them, or for that matter, to base laws on the assumption that most computer users follow such philosophies, and thus must be severely restricted if government and business are to be secure. I offer no specific remedies for this situation, but only the hope that as more people learn about computers, and understand the importance of information in their lives, they will come to understand the issues of computer access, and that that the result will be attitudes and laws that (1) recognize the rights and responsibilities of all computer users, large and small, and (2) allow for the variety of access policies that will be established by various parties. -jwd3 ------------------------------ End of HUMAN-NETS Digest ************************