[news.sysadmin] RESULTS: DID HE DO US A SERVICE OR NOT?

pda@stiatl.UUCP (Paul Anderson) (11/16/88)

Well, here it is, in all its smoldering glory, the results of:

>yes) the recent worm was a service and the fellow should
>     at least be left to die in peace (...if not thanked).
>no)  did us a great disservice and should be prosecuted to
>     the fullest extent of the law.

			56  (57%) yes (he did a service)
			41  (42%) no  (he did us a disservice)
			---------
			97  total votes

What can be said?  I have a few musings:

1) At a certain level, Mr. Morris has pointed out that we all have
   a great deal of job security because we do a lousy job at the 
   execution of our profession.  *We* leave these holes in systems.
   I suspect that the great Knashing Of Teeth is due to the fact 
   that we are embarrassed by our own incompetance.

2) I have noticed several folks saying that "of course there are
   holes, by definition of writing systems, there will be holes".
   That thought process typically lead to the conclusion that one
   should not even bother to plug those holes. I challenge that.  
   The fact that you can't plug holes doesn't mean that you 
   shouldn't try.  Not all athletes win every competition, but 
   they practice and try.

3) I did this poll because I was wondering if a rift was opening up.
   I thought perhaps the University System was indicating that they
   wanted a utopian society where morality governed computer usage
   and that the business world was going to respond with the attitude 
   'protect yourself, morality be damned'. This didn't happen.  There 
   appears to have been close split on this issue. (I did not spend 
   exhaustive time analyzing this, so I could be in error.)

4) I purposely asked a Schottky pair of questions.  I wanted to
   establish a discriminator that would be the same as how a jury
   would be asked to decide a case by the prosecutor and defender.

5) I had 3 messages to my mailbox saying that a yes/no decision is
   not valid.  I found about 8 more on the net, so a total of about
   8% thought that the poll was invalid.  Most of these folks were
   pretty vociferous in their objection to it.  One flamed me pretty 
   hard via mail.  I gave in, I flamed back.  Perhaps having another 
   decision like how to handle Mr. Morris on the heels of the 
   Bush/Dukakis election was more than we should have been asked to 
   deal with.  I hope none of you suffered any form of cerebral 
   overload.  :-)

6) It is curious to note that the ratios held constant from the
   very first day of the vote till the last day (7 days total).

Observations on the mechanics of holding a vote:

1) Approximately 30 people sent votes to my mailbox, instead of the
   one listed.  Approximately 15 people did not format their Subject:
   line according to directions.  All 45 people received reject letters
   indicating where and how to vote.  End result: when holding a vote, 
   expect about 40% of people to not follow directions.  Suggestion:
   *never* post a call for votes from any account other than the one
   that will be used to receive the votes!

2) Many, many mailers out there are broke.  A number of you never got
   a response from me: I know, I'm sorry.  I spent a lot of time 
   deciphering mailer-daemon error messages.  The uunet network was 
   particularly inflexible/incapable of letting me reply to several 
   vote posters.

3) I wish more folks would have responded. Sigh. :-(  Thanks to those
   of you who responded!  :-)


Quotes from some of the voters:

--------------
I don't happen to agree with either sentiment in the
way the vote was presented, however I agree more with the 'yes he should
not vbe prosecuted' sentiment even though I don't think it was a great
service which he did.
--------------
Boy, you guys in net.land are lucky. I've know more destructive people
in my past who would have wrecked 1 million times more damage at the drop
of a hat, and without ANY remorse on top of that.
--------------
Destruction for the sake of destruction?  Hardly a favor....
--------------
You got it!  Hang the turkey.
--------------
He didn't do us any service - he just wasted our time.  However, I
*don't* think he should be prosecuted.  He's not going to do it
again (if he does, then he *is* stupid and should be strung up so
we don't have to deal with him again), so pursuing the matter in this
case is also a waste of our time.
--------------
In my opinion, he just made a mistake that happened to be quite a 
bit bigger than any mistakes the rest of us are likely to make.
But his intent wasn't evil enough to warrant severe punishment.
--------------
It was a service one I hope we learn from before someone does us a disservice
in the same vein.
--------------
It's rather an oversimplification of the situation
to say so, but I believe that it was in the main good.
--------------
[yes, he did do us a service]
I am aware that this is a tremendous over-simplification,
and maybe even outright wrong, but that's my vote on the matter.
--------------
Not a hero, but not a criminal, either - just an incautious hacker.
--------------
[referring to internet]
Attractive nuisance, anyone? [ed: interesting argument. works for children]
--------------
The worm, intentional or otherwise, served to point out the damage
that could be caused by someone so inclined.  Imaging if, in addition
to the self-propagation, it had executed an rm * in every directory
it infiltrated....
--------------
I think that he is a criminal and should be prosecuted to the fullest extent
of the law, but that we can salvage some good results through his crime,
that is, patching the security holes thus exposed.  The fact that he exposed
the holes and the fact that they will be patched as a result DOES NOT
mitigate the damages he did; it is merely the response of the mature 
members of society to take advantage of a bad situation.  He is responsible
for the negative effects; we (society) are responsible for the positive.
--------------
[yes, let him off the hook]
But I sure wouldn't thank him.  According to reports, he was trying
to make a benign worm that would just live in the system forever.
It was just a little voracious in its reproduction.  This tells us
that it wasn't just a little project that went astray, he WAS trying
to get this thing into other systems.  The fact that the worm was
designed to be benign is the only reason I vote "yes"...
--------------
I don't think that Morris should be executed, but I do think that he should be
punished just as someone who went into an insecure parking structure and
slashed 6000 tires should be punished.  No matter how many benign worms we have,the net will never be secure until the day it's dismantled.
--------------
I think it is good that
he brought to light some security problems, and it is good that the net will
be more alert for this kind of thing in the future, and it is good that we
have had a chance to practice what to do in "a real emergency", but if we dont
prosecute this [explitive] to the fullest extent of the law then we are sending
a message to all future hackers.....  And there will be future hackers....)
--------------
He should be punished to some extent, but far short of a prison term.
--------------
He may have done us a service just like the thief does a service
for the person who leaves his keys in his car.  A lesson is learned
and in that sense a service is done.  However, foolishness on the
part of a victim does not in any way make the crime justifiable.
The perpeptrator should be prosecuted for his intent.  If his intent
was murder, he should be prosecuted for attempted murder.  If it is
attempted theft, he should be prosecuted for the crime.  We cannot
tell the world that computer crime committed by anyone is ok,
no matter how brilliant or cute a stunt he pulls.  Brilliancy can
be illustrated in non-destructive ways.
--------------
This guy did no one a service...
--------------
This guy did everyone a service!
--------------


Vote Respondants:

Them that voted NO
------------------
"Bret A. Shefter" <gatech!harvard!yale!shefter-bret>
Bill Sommerfeld <gatech!ATHENA.MIT.EDU!wesommer>
Gene Spafford <gatech!purdue!spaf>
John T Kohl <gatech!ATHENA.MIT.EDU!jtkohl>
Marilyn R. Wulfekuhler <gatech!ames!rex!mrw>
Mark Davis <gatech!cs.unc.edu!davis>
Pat Barron <gatech!SEI.CMU.EDU!pdb>
Theodore Ts'o <gatech!ATHENA.MIT.EDU!tytso>
gatech!alliant.Alliant.COM!cook (Dale C. Cook)
gatech!aplvax.jhuapl.edu!trn@warper.jhuapl.edu
gatech!cardiology.ummc.umich.edu!m-net!m2-net!mju (Marc Unangst)
gatech!cbnews.ATT.COM!wbt (William B. Thacker)
gatech!cory.Berkeley.EDU!atn (Alan Nishioka)
gatech!cs.utexas.edu!astro.as.utexas.edu!sun!mcrware!jejones
gatech!cs.utexas.edu!execu!cedar!dewey (Dewey Henize)
gatech!cs.utexas.edu!execu!lime!keith (Keith Pyle)
gatech!cs.utexas.edu!rpp386.dallas.tx.us!jfh (John F. Haugh II)
gatech!dcatla!sund!itwaf (Bill A. Fulton)
gatech!decvax!cg-atla!mallett (Bruce Mallett)
gatech!frith.egr.msu.edu!kaplanj (Jeff Kaplan)
gatech!harvard!haddock!johna (John Adams)
gatech!harvard!talcott!encore!gloom!cory
gatech!ihlpm!hartman (Mark A Hartman +1 312 979 1216)
gatech!maxwell.physics.purdue.edu!ray (Ray Moody)
gatech!mcnc.org!convex!williams (Bradley Williams)
gatech!mimsy.umd.edu!cvl!umabco!lwilson
gatech!ncspm.ncsu.edu!jay (Jay C. Smith)
gatech!philabs.Philips.Com!pqb (Pieter Blonk)
gatech!pyramid.com!sultra!dtynan (Der Tynan)
gatech!sco.COM!keithr (Keith Reynolds)
gatech!steinmetz.ge.com!crdos1!davidsen
gatech!ucsd!megatek!grich (John Mangrich)
gatech!uflorida!proxftl!twwells!bill (T. William Wells)
gatech!umix!rphroy!pte!car (Chris Rende)
gatech!uunet.UU.NET!auspex!bae (Brian Ehrmantraut)
gatech!uunet.UU.NET!desint!geoff
gatech!uunet.UU.NET!drd!mark (Mark Lawrence)
gatech!uunet.UU.NET!frksyv!frk
gatech!uunet.UU.NET!watmath!electro!electro!carlo (Carlo Sgro)
richard greenall <gatech!lotus.waterloo.edu!rdgreenall>
stiatl!dm (Doug Moreland)

Them that voted YES
-------------------
"Keith Ericson at TekLabs (resident factious factotum)" <gatech!tekgvs.gvs.tek.com!keithe>
"R. W. F. Clark" <gatech!PSUVM.gatech.edu!RWC102>
"Robert Maier" <gatech!amethyst.ma.arizona.edu!rsm>
"Samudra E. Haque" <gatech!cs.umn.edu!haque>
<gatech!cup.portal.com!r-michael>
Adam J. Kucznetsov <gatech!cunixc.cc.columbia.edu!adam>
Benjamin Ellsworth <gatech!hplabs!hp-sde!hpcvaah!hpcvxben!ben>
Bradley Dyck Kliewer <gatech!purdue!iuvax!bkliewer>
Dan Smith <gatech!harvard!island!daniel>
David Schachter <gatech!pyramid.com!daisy!david>
Jim Duncan <gatech!cs.odu.edu!jim>
Joe Keane <gatech!andrew.cmu.edu!jk3k+>
Mark Copley <gatech!hp-lsd!hpctdlb!mhc>
Mark Hall <gatech!rice.edu!foo>
Mark W Wheatley <gatech!sunatl!texsun!uokmax!uokmax!mwwheatl>
Nike Horton <gatech!ogccse!horton>
USENET Administrator <gatech!uunet.UU.NET!comdesign!ivucsb!usenet>
emcard!gatech!arizona.edu!naucse!mlc.UUCP (Marci Cox)
emory!sunatl!sun!sacto!pldote1!rvireday (~Richard Vireday)
gatech!ATHENA.MIT.EDU!jik
gatech!SSD.HARRIS.COM!dougs (Doug Scofield)
gatech!Sun.COM!dhsu (David Hsu)
gatech!att!occrsh!rjd
gatech!att!twitch!tjt
gatech!att.att.com!neptune!tba (Todd Aubin)
gatech!cpsin3.cps.msu.edu!rang (Anton Rang)
gatech!cs.utexas.edu!bigtex!texbell!sw1e!uucibg
gatech!cs.utexas.edu!cs.utah.edu!krebs (Randall S. Krebs)
gatech!cs.utexas.edu!oakhill!smeagol!josephc (Joseph Carbonaro)
gatech!ddsw1.mcs.com!karl (Karl Denninger)
gatech!fabscal!dorn (Alan Dorn Hetzel Jr.)
gatech!marob.MASA.COM!daveh (Dave Hammond)
gatech!pawl.rpi.edu!tale
gatech!presto.ig.com!krone (Larry Krone)
gatech!quick.com!srg (Spencer Garrett)
gatech!sgi.com!gavin (Gavin Alexander Bell)
gatech!suns.UMD.EDU!wls
gatech!tab13.larc.nasa.gov!msf (Mike Fischbein)
gatech!topaz.rutgers.edu!msmith (Mark Robert Smith)
gatech!ucbvax.berkeley.edu!unisoft!achut (Achut Reddy)
gatech!ucsd!sceard!mrm (M.R.Murphy)
gatech!ucsd!sdsu!polyslo!ctuel (Cliff Tuel)
gatech!uhura.cc.rochester.edu!joss (Josh Sirota)
gatech!uiucdcs!uiucuxc!happym!kent (Kent Forschmiedt)
gatech!uiucdcs!uiucuxc!tarpit!rd (Bob Thrush)
gatech!uunet.UU.NET!ficc!keller
gatech!uunet.UU.NET!ficc!spenser
gatech!uunet.UU.NET!frith!frith.egr.msu.edu!raisch (Rob Raisch)
gatech!uunet.UU.NET!ingr!b11!jim
gatech!uunet.UU.NET!lsuc!dave (David Sherman)
gatech!uunet.UU.NET!pnbell!dwf (Don Ford)
gatech!uunet.UU.NET!smsdpg!seg (Scott Garfinkle)
stiatl!pda (Paul Anderson)
stiatl!john (John DeArmond)
stiatl!meo (Miles O'Neal)
stiatl!steve (Steve Lyle)
-- 
Paul Anderson		gatech!stiatl!pda		(404) 841-4000
	    X isn't just an adventure, X is a way of life...