[net.legal] Computer Bulletin Boards and Responsibility

ian@utcsstat.UUCP (Ian F. Darwin) (05/29/84)

	From: rh@mit-eddie.UUCP (Randy Haskins)

	How would any of you people feel if (somehow, it doesn't matter
	how it happened...) the superuser password for your system
	appeared on one of these BBoards (along with dial-in numbers)?
	We still have a rash of children with TRaSh-80's calling up our
	DEC-20 trying to break in (fortunately, it's a little tougher
	than most people could manage).  This started about January
	when some of our phone numbers appeared on a TRaSh-80 BBoard
	that someone locally was running.

I would be justifiably upset, as you would. But I would be just as
upset if my root password appeared in a world-readable file on *your*
system. Or if my system operations password appeared in net.unix posted
from *your* system.  If (by your logic) the owner of a public-access
bulletin board system should be held responsible for messages which
appear on it, then perhaps *you* should be held responsible for what
users put on your system. Aha - you don't like that idea? Neither do I,
of course. The answer is that the person who steals the information and
makes it public is the criminal, not the person who operates the media.

As has been said, the post office is not responsible if criminals keep
in touch by mail, nor the phone company if criminals plan a bank
robbery by phone, nor the newspaper if kidnappers place coded messages
in the personals section.

By the way, not all of them are kids with TRS-80's.
We had one with a Z80 (not all TRS-80's are Z80's) and a clever program
break an instructor's password by encrypting an entire dictionary and
finding accounts which had English-word passwords.

	If someone had managed to crack our system, they couldn't have
	done too much damage, just made a few people who were taking
	courses lose work, you know, little trivial things like that
	(extreme sarcasm mode).

You and the rest of us. We're all vulnerable. If the data is important,
don't keep it on a machine with dial-ups or a system reachable by
networks. Period.

	Yeah, yeah, I know, we should make our system breakin proof.
	Well, it practically is, but I think it's just a bit annoying
	that these little BBoards can be used to spread information
	that probably shouldn't be spread.

See comments above. The impulse to ``pass a law everytime something you
don't like happens'' is so widespread that it is taken for granted,
both in your country and mine. This impulse should be checked before we
sink under a sea of laws (sarcasm mode - look at a law library today).

	Someone should be held responsible for the BBoard....

For the most part, the BBS operators are not supportive of system
crackers.  There are exceptions; if the BBS whose seizure started this
brouhaha was in fact a system-crackers' BBS then perhaps shutting it
down is a good thing. But don't use this as a generalization to close
them all down.

Toronto's reputable bulletin boards have already (without legislation or
threat of it) taken steps such as controlling membership or requiring a
code for access.  The point of this is so that users will behave
responsibly, or be cut off if they don't.  There will always be
``pirates' cove'' type BBS's, which are underground.

But if you want to have an open society (as I think most of
us do), you have to tolerate other people's free speech, not all of
which will be to your liking. And occasional criminals. But send the
police after the criminals, not the computer operators.


Ian F. Darwin, Toronto, Canada
ihnp4!utcsstat!ian
-- 
Ian Darwin, Toronto   uucp: utcsstat!ian   Arpa: decvax!utcsstat!ian@Berkeley