Human-Nets-Request%rutgers@brl-bmd.UUCP (Human-Nets-Request@rutgers) (11/03/83)
HUMAN-NETS Digest Thursday, 3 Nov 1983 Volume 6 : Issue 68
Today's Topics:
Computers and People - More Than Just a Game (3 msgs) &
Hackers victim of Newspeak,
Computers on TV - `Whizzy' kidnicks/urchins
Computers and the Law - kids and computer crime
----------------------------------------------------------------------
Date: 28 Oct 1983 13:50:31-EDT
From: csin!cjh@CCA-UNIX
Subject: reality disguised as a game
There was a Hugo-nominated SF novella a few years back, ("Ender's
Game?") in which a cadet, having won at all the physical training
problems produced, was assigned to what he thought was a simulator
(complete with a vicious instructor for his opponent); at the end of
the story he finds that only his first battle was a simulation, the
others being direction of drone ships against the enemy homeworld. (He
also finds himself, after saving the world, mustered out at age 11.)
------------------------------
Date: Fri, 28 Oct 83 11:00 PST
From: John Palevich <palevich.atari@Rand-Relay>
Subject: More than just a game
"Ender's Game" was published in Analog magazine sometime between 79
and 82. There's this kid, Ender, who's extremely good at winning
games, and they give him harder, and harder games. Eventually it
comes out that he's fighting (and winning) their space battles for
them.
Did you know that the controls on the new Atari coin-operated game
"Star Wars" are based upon current military tank controls? The game
controller was originally developed for a version of "Battle Zone".
It's kind of neat, you can control six buttons and a joystick at the
same time.
------------------------------
Date: Thu, 27 Oct 83 22:54 PDT
From: Gloger.es@PARC-MAXC.ARPA
Subject: Re: Whiz Kids, episode #2
You suggested a very interesting "generalization of the Whiz Kids
idea," such that the DOD arranges for "World War 3 [to] be run not by
generals but by a computer hooked up to millions of teenagers who
think they're just playing a game."
There is an absolutely stunning 40-page short story, "Ender's Game,"
by Orson Scott Card, which develops almost exactly the idea you
suggest. I read it in Jerry Pournelle (as editor)'s book "There Will
Be War," a collection of short stories and essays on the subject of
war, published this year. Pournelle there acknowledges "Analog
Science Fiction/Fact Magazine" of August 1977 for first publication of
"Ender's Game." The story is well worth the price of admission.
------------------------------
From: ian%utcsstat@BRL-BMD.ARPA
Date: Sat, 29 Oct 83 03:18:30 edt
Subject: Re: Hackers victim of Newspeak (HUMAN-NETS Digest V6 #64)
REM says that "somebody" should castigate the media for using
"hacker" when they mean "cracker". That "somebody", gentle reader,
is you, baby, nobody but you. If you don't do it, nobody else will.
You, and you, and you, and you and, of course, you. Write a letter
to the T.V. station or the local newspaper each and every time
you hear them use "hacker" when they mean "cracker". It can be
the same short letter each time, with the station name and
program or paper name and article changed. Keep it online (unless
you are paranoid about DOD and computer use, see article in same
issue of HUMAN-NETS); change the details and print it to lpr
(or however you get hardcopy). This will be easier when E-Com
hookups become prevalent; for now, keep licking stamps and mailing
to the media. They may listen iff they get enough abuse from real
hackers (the good side, not the dark side, of hackerdom!).
------------------------------
Date: 29 October 1983 21:58 EDT
From: Robert Elton Maas <REM @ MIT-MC>
Subject: HUMAN-NETS Digest V6 #66 `whizzy' kidnicks/urchins
After thinking about this for a few days, I am beginning to think the
writer for "Whiz Kids" is smarter than the rest of us. If we want to
set up a secret account wherby we can do unauthorized work without
even being detected as being logged in, the obvious places to patch
the system are (1) the LOGIN program, (2) the kernel, (3) the
password/account file. So those places are where the security
personnel will look first when unauthorized use is suspected. Who
would think of looking in the LOGOUT program for a hack whereby if you
say you don't want your files closed and you go against the warnings
that you may lose some data, then it leaves you secretly logged in?
I.e. if you really want to be undetected even when a security audit is
in progress, this is a perfect way to gain time, remaining undetected
for a few days or weeks while you complete your unauthorized work. Of
course now that the secret is out that trick won't work, you gotta
invent a new one next time, because the security personnel now have
item (4) the LOGOUT program on their hit list.
Trojan horses work only the first time. "Fool me once, shame on you;
fool me twice, shame on me." (Scotty on Startrek) No military
commander in the past 2000 years would accept a physical horse without
checking it for soldiers inside, because the idea has been public
knowledge all this time.
I think the "Whiz Kids" writer was right in using a "stupid" way of
setting up a secret account instead of the "right" way. - Regarding
Tops-10, it might be easy, just have the LOGOUT program not issue a
LOGOUT UUO when it should, and instead change the login name to
something innocent like [100,100] and the job name to something
not-logged-in uses are allowed to do like WHO or FINGER or MAIL.
------------------------------
Date: 28 October 1983 23:33 edt
From: Dehn at MIT-MULTICS (Joseph W. Dehn III)
Subject: kids and computer crime
It is indeed an unfortunate situation when computer crime has to be
dealt with by having FBI agents break into kids rooms, but this is
just another symptom of the tremendous ignorance and confusion that
still exists among the general public regarding computers and their
use. Yes, it is 1983, but experience with computers has not been
integrated into peoples' values, and even those institutions that are
trying to deal with the problem often seem to proposing solutions
based on the 1973 situation.
Where are those kids supposed to have learned what is right and wrong
in computer access? Where are kids supposed to learn about any kind
of right and wrong? Presumably the process begins in the home -- you
construct a primitive model of property rights when you defend your
teddy bear. As you get older, your parents point out more subtle
distinctions, and you learn that it is OK to knock on someone's door,
but not to pry open their window. To the extent that this home
learning fails, you encounter additional guidance in school and in the
experience of interacting with your peers. All of this happens
gradually, together with increasing access to the outside world
(potential to harm others). The FBI-type interaction is one of the
last steps in this process, one that most people don't need to get
involved in as part of their personal learning experience. And, by
the time most people are exposed to movies that glorify robbery or
murder, they have other ideas to compare them against.
With the kind of computer crime that is getting the publicity today,
people are making the leap from no access (home computer game playing)
to nation-wide access in one step, with nothing to guide them. A
parent can't point out the difference between knocking on a door and
breaking a window when they both take the form of unintelligible
keyboard incantations. The experience of being rebuked by peers does
not occur, since in the current state of home computer use a peer's
computer is unlikely to be accessible remotely or to contain anything
more exciting than ones own. For the same reason, it is hard to apply
ethical generalizations such as "do unto others as..."; the situation
is not symmetric, the reverse case being so implausible as to not even
be envisioned.
This part of the problem is complemented by the inconsistency and
ignorance of the victims. By not "locking their doors", the victims
further confuse their potential attackers, who are left, in some
cases, uncertain as to where the doors even are located. Actually,
some of the victims don't even seem to know where the doors are. They
think they are located in some secluded, out of the way location, when
they are actually located on a busy main street. They fail to post
"no trespassing" and "authorized personnel only" signs. They have no
means to observe who is wandering around and thus cannot warn them
away. Finally, something happens and they, literally, "make a federal
case out of it".
None of this is meant as a defense of the malicious computer vandal,
or even of the inexperienced kid "taking a joyride on the electronic
highways". There are many clues to guide people, and most people end
up behaving reasonably. But this is why the confrontation ends up
being between kids and the FBI: in too many cases, the less extreme
confrontations have been skipped over. Instead of warnings and
incremental adjustments to behavior, we get arrests, panic, and
headlines.
It is a great hindrance to the education process that there is not
even general agreement on what computer crime is. In the recent press
coverage, there has been so much emphasis on the "paraphernalia" of
computer crime that the real issues may be missed by much of the
public. A home computer (less than $100!!), a modem (ah -- technical
jargon, mysterious); add a kid and some code names, and PRESTO: a
computer criminal. I saw a modem in your house, are you sure you're
not a criminal? The FBI confiscates a modem, as if it were a knife.
What did they actually DO, and to whom? The average reader might
remember something about Sloan-Kettering, a bank, or the "highly
secure Arpanet", but what was the actual injury, to what property or
other rights? The press reports give very little coverage to this,
and what little they say is not even consistent. Before people can
come to understand what computer crime is (or should be defined as,
since in most cases there are no laws that yet define it), they have
to understand the different kinds of access involved. They have to
understand that it is OK to drive on a public highway, that you have
to walk up to someone's door before you can knock on it, that some
buildings have public lobbies, and that just because someone lets you
into his house it doesn't mean you can take the silverware.
Another thing that makes education difficult is that the concern about
computer crime has emphasized different things at different times. In
the past, there was a lot of concern about "stealing computer time",
which naturally makes mere "access" to a computer something to be
suspicious of. This has helped obscure the fact that the real
"computer crime" problem is access to information, not hardware.
People did use their employer's computers to store their bowling
league databases (although in many organizations it was never clear
whether this was even improper), and kids did use other people's
computer accounts to compute the Nth digit of PI (although most of
today's kids may not care about that sort of programming), but these
are not the future problems that people need to be educated about or
that laws need to address. To the extent that certain resources
remain expensive (e.g., telecommunications), there will still be an
incentive to try to get them without paying for them, and to the
extent that it is more convenient for an employee to take care of his
personal affairs in his office than at home, employers will need to
set guidelines to prevent interference with job responsibilities, but
none of this has anything to do with "computer crime".
Until people understand the real issues of access to information, they
will not understand what to do about "computer crime". They will not
be able to enact reasonable laws, and they will not be able to teach
their children. They will be confused by the hackers that say "we do
not believe in property rights" or that "it is OK when you do it to
big impersonal organizations", because they will not understand that
these are statements of philosophies that have nothing to do with
computers, that most hackers do not agree with them, and that it is
one thing for a person who believes them to use them to guide his own
behavior, and quite another to base an information-intensive economy
and its laws on them, or for that matter, to base laws on the
assumption that most computer users follow such philosophies, and thus
must be severely restricted if government and business are to be
secure.
I offer no specific remedies for this situation, but only the hope
that as more people learn about computers, and understand the
importance of information in their lives, they will come to understand
the issues of computer access, and that that the result will be
attitudes and laws that (1) recognize the rights and responsibilities
of all computer users, large and small, and (2) allow for the variety
of access policies that will be established by various parties.
-jwd3
------------------------------
End of HUMAN-NETS Digest
************************