pda@stiatl.UUCP (Paul Anderson) (11/16/88)
Well, here it is, in all its smoldering glory, the results of: >yes) the recent worm was a service and the fellow should > at least be left to die in peace (...if not thanked). >no) did us a great disservice and should be prosecuted to > the fullest extent of the law. 56 (57%) yes (he did a service) 41 (42%) no (he did us a disservice) --------- 97 total votes What can be said? I have a few musings: 1) At a certain level, Mr. Morris has pointed out that we all have a great deal of job security because we do a lousy job at the execution of our profession. *We* leave these holes in systems. I suspect that the great Knashing Of Teeth is due to the fact that we are embarrassed by our own incompetance. 2) I have noticed several folks saying that "of course there are holes, by definition of writing systems, there will be holes". That thought process typically lead to the conclusion that one should not even bother to plug those holes. I challenge that. The fact that you can't plug holes doesn't mean that you shouldn't try. Not all athletes win every competition, but they practice and try. 3) I did this poll because I was wondering if a rift was opening up. I thought perhaps the University System was indicating that they wanted a utopian society where morality governed computer usage and that the business world was going to respond with the attitude 'protect yourself, morality be damned'. This didn't happen. There appears to have been close split on this issue. (I did not spend exhaustive time analyzing this, so I could be in error.) 4) I purposely asked a Schottky pair of questions. I wanted to establish a discriminator that would be the same as how a jury would be asked to decide a case by the prosecutor and defender. 5) I had 3 messages to my mailbox saying that a yes/no decision is not valid. I found about 8 more on the net, so a total of about 8% thought that the poll was invalid. Most of these folks were pretty vociferous in their objection to it. One flamed me pretty hard via mail. I gave in, I flamed back. Perhaps having another decision like how to handle Mr. Morris on the heels of the Bush/Dukakis election was more than we should have been asked to deal with. I hope none of you suffered any form of cerebral overload. :-) 6) It is curious to note that the ratios held constant from the very first day of the vote till the last day (7 days total). Observations on the mechanics of holding a vote: 1) Approximately 30 people sent votes to my mailbox, instead of the one listed. Approximately 15 people did not format their Subject: line according to directions. All 45 people received reject letters indicating where and how to vote. End result: when holding a vote, expect about 40% of people to not follow directions. Suggestion: *never* post a call for votes from any account other than the one that will be used to receive the votes! 2) Many, many mailers out there are broke. A number of you never got a response from me: I know, I'm sorry. I spent a lot of time deciphering mailer-daemon error messages. The uunet network was particularly inflexible/incapable of letting me reply to several vote posters. 3) I wish more folks would have responded. Sigh. :-( Thanks to those of you who responded! :-) Quotes from some of the voters: -------------- I don't happen to agree with either sentiment in the way the vote was presented, however I agree more with the 'yes he should not vbe prosecuted' sentiment even though I don't think it was a great service which he did. -------------- Boy, you guys in net.land are lucky. I've know more destructive people in my past who would have wrecked 1 million times more damage at the drop of a hat, and without ANY remorse on top of that. -------------- Destruction for the sake of destruction? Hardly a favor.... -------------- You got it! Hang the turkey. -------------- He didn't do us any service - he just wasted our time. However, I *don't* think he should be prosecuted. He's not going to do it again (if he does, then he *is* stupid and should be strung up so we don't have to deal with him again), so pursuing the matter in this case is also a waste of our time. -------------- In my opinion, he just made a mistake that happened to be quite a bit bigger than any mistakes the rest of us are likely to make. But his intent wasn't evil enough to warrant severe punishment. -------------- It was a service one I hope we learn from before someone does us a disservice in the same vein. -------------- It's rather an oversimplification of the situation to say so, but I believe that it was in the main good. -------------- [yes, he did do us a service] I am aware that this is a tremendous over-simplification, and maybe even outright wrong, but that's my vote on the matter. -------------- Not a hero, but not a criminal, either - just an incautious hacker. -------------- [referring to internet] Attractive nuisance, anyone? [ed: interesting argument. works for children] -------------- The worm, intentional or otherwise, served to point out the damage that could be caused by someone so inclined. Imaging if, in addition to the self-propagation, it had executed an rm * in every directory it infiltrated.... -------------- I think that he is a criminal and should be prosecuted to the fullest extent of the law, but that we can salvage some good results through his crime, that is, patching the security holes thus exposed. The fact that he exposed the holes and the fact that they will be patched as a result DOES NOT mitigate the damages he did; it is merely the response of the mature members of society to take advantage of a bad situation. He is responsible for the negative effects; we (society) are responsible for the positive. -------------- [yes, let him off the hook] But I sure wouldn't thank him. According to reports, he was trying to make a benign worm that would just live in the system forever. It was just a little voracious in its reproduction. This tells us that it wasn't just a little project that went astray, he WAS trying to get this thing into other systems. The fact that the worm was designed to be benign is the only reason I vote "yes"... -------------- I don't think that Morris should be executed, but I do think that he should be punished just as someone who went into an insecure parking structure and slashed 6000 tires should be punished. No matter how many benign worms we have,the net will never be secure until the day it's dismantled. -------------- I think it is good that he brought to light some security problems, and it is good that the net will be more alert for this kind of thing in the future, and it is good that we have had a chance to practice what to do in "a real emergency", but if we dont prosecute this [explitive] to the fullest extent of the law then we are sending a message to all future hackers..... And there will be future hackers....) -------------- He should be punished to some extent, but far short of a prison term. -------------- He may have done us a service just like the thief does a service for the person who leaves his keys in his car. A lesson is learned and in that sense a service is done. However, foolishness on the part of a victim does not in any way make the crime justifiable. The perpeptrator should be prosecuted for his intent. If his intent was murder, he should be prosecuted for attempted murder. If it is attempted theft, he should be prosecuted for the crime. We cannot tell the world that computer crime committed by anyone is ok, no matter how brilliant or cute a stunt he pulls. Brilliancy can be illustrated in non-destructive ways. -------------- This guy did no one a service... -------------- This guy did everyone a service! -------------- Vote Respondants: Them that voted NO ------------------ "Bret A. Shefter" <gatech!harvard!yale!shefter-bret> Bill Sommerfeld <gatech!ATHENA.MIT.EDU!wesommer> Gene Spafford <gatech!purdue!spaf> John T Kohl <gatech!ATHENA.MIT.EDU!jtkohl> Marilyn R. Wulfekuhler <gatech!ames!rex!mrw> Mark Davis <gatech!cs.unc.edu!davis> Pat Barron <gatech!SEI.CMU.EDU!pdb> Theodore Ts'o <gatech!ATHENA.MIT.EDU!tytso> gatech!alliant.Alliant.COM!cook (Dale C. Cook) gatech!aplvax.jhuapl.edu!trn@warper.jhuapl.edu gatech!cardiology.ummc.umich.edu!m-net!m2-net!mju (Marc Unangst) gatech!cbnews.ATT.COM!wbt (William B. Thacker) gatech!cory.Berkeley.EDU!atn (Alan Nishioka) gatech!cs.utexas.edu!astro.as.utexas.edu!sun!mcrware!jejones gatech!cs.utexas.edu!execu!cedar!dewey (Dewey Henize) gatech!cs.utexas.edu!execu!lime!keith (Keith Pyle) gatech!cs.utexas.edu!rpp386.dallas.tx.us!jfh (John F. Haugh II) gatech!dcatla!sund!itwaf (Bill A. Fulton) gatech!decvax!cg-atla!mallett (Bruce Mallett) gatech!frith.egr.msu.edu!kaplanj (Jeff Kaplan) gatech!harvard!haddock!johna (John Adams) gatech!harvard!talcott!encore!gloom!cory gatech!ihlpm!hartman (Mark A Hartman +1 312 979 1216) gatech!maxwell.physics.purdue.edu!ray (Ray Moody) gatech!mcnc.org!convex!williams (Bradley Williams) gatech!mimsy.umd.edu!cvl!umabco!lwilson gatech!ncspm.ncsu.edu!jay (Jay C. Smith) gatech!philabs.Philips.Com!pqb (Pieter Blonk) gatech!pyramid.com!sultra!dtynan (Der Tynan) gatech!sco.COM!keithr (Keith Reynolds) gatech!steinmetz.ge.com!crdos1!davidsen gatech!ucsd!megatek!grich (John Mangrich) gatech!uflorida!proxftl!twwells!bill (T. William Wells) gatech!umix!rphroy!pte!car (Chris Rende) gatech!uunet.UU.NET!auspex!bae (Brian Ehrmantraut) gatech!uunet.UU.NET!desint!geoff gatech!uunet.UU.NET!drd!mark (Mark Lawrence) gatech!uunet.UU.NET!frksyv!frk gatech!uunet.UU.NET!watmath!electro!electro!carlo (Carlo Sgro) richard greenall <gatech!lotus.waterloo.edu!rdgreenall> stiatl!dm (Doug Moreland) Them that voted YES ------------------- "Keith Ericson at TekLabs (resident factious factotum)" <gatech!tekgvs.gvs.tek.com!keithe> "R. W. F. Clark" <gatech!PSUVM.gatech.edu!RWC102> "Robert Maier" <gatech!amethyst.ma.arizona.edu!rsm> "Samudra E. Haque" <gatech!cs.umn.edu!haque> <gatech!cup.portal.com!r-michael> Adam J. Kucznetsov <gatech!cunixc.cc.columbia.edu!adam> Benjamin Ellsworth <gatech!hplabs!hp-sde!hpcvaah!hpcvxben!ben> Bradley Dyck Kliewer <gatech!purdue!iuvax!bkliewer> Dan Smith <gatech!harvard!island!daniel> David Schachter <gatech!pyramid.com!daisy!david> Jim Duncan <gatech!cs.odu.edu!jim> Joe Keane <gatech!andrew.cmu.edu!jk3k+> Mark Copley <gatech!hp-lsd!hpctdlb!mhc> Mark Hall <gatech!rice.edu!foo> Mark W Wheatley <gatech!sunatl!texsun!uokmax!uokmax!mwwheatl> Nike Horton <gatech!ogccse!horton> USENET Administrator <gatech!uunet.UU.NET!comdesign!ivucsb!usenet> emcard!gatech!arizona.edu!naucse!mlc.UUCP (Marci Cox) emory!sunatl!sun!sacto!pldote1!rvireday (~Richard Vireday) gatech!ATHENA.MIT.EDU!jik gatech!SSD.HARRIS.COM!dougs (Doug Scofield) gatech!Sun.COM!dhsu (David Hsu) gatech!att!occrsh!rjd gatech!att!twitch!tjt gatech!att.att.com!neptune!tba (Todd Aubin) gatech!cpsin3.cps.msu.edu!rang (Anton Rang) gatech!cs.utexas.edu!bigtex!texbell!sw1e!uucibg gatech!cs.utexas.edu!cs.utah.edu!krebs (Randall S. Krebs) gatech!cs.utexas.edu!oakhill!smeagol!josephc (Joseph Carbonaro) gatech!ddsw1.mcs.com!karl (Karl Denninger) gatech!fabscal!dorn (Alan Dorn Hetzel Jr.) gatech!marob.MASA.COM!daveh (Dave Hammond) gatech!pawl.rpi.edu!tale gatech!presto.ig.com!krone (Larry Krone) gatech!quick.com!srg (Spencer Garrett) gatech!sgi.com!gavin (Gavin Alexander Bell) gatech!suns.UMD.EDU!wls gatech!tab13.larc.nasa.gov!msf (Mike Fischbein) gatech!topaz.rutgers.edu!msmith (Mark Robert Smith) gatech!ucbvax.berkeley.edu!unisoft!achut (Achut Reddy) gatech!ucsd!sceard!mrm (M.R.Murphy) gatech!ucsd!sdsu!polyslo!ctuel (Cliff Tuel) gatech!uhura.cc.rochester.edu!joss (Josh Sirota) gatech!uiucdcs!uiucuxc!happym!kent (Kent Forschmiedt) gatech!uiucdcs!uiucuxc!tarpit!rd (Bob Thrush) gatech!uunet.UU.NET!ficc!keller gatech!uunet.UU.NET!ficc!spenser gatech!uunet.UU.NET!frith!frith.egr.msu.edu!raisch (Rob Raisch) gatech!uunet.UU.NET!ingr!b11!jim gatech!uunet.UU.NET!lsuc!dave (David Sherman) gatech!uunet.UU.NET!pnbell!dwf (Don Ford) gatech!uunet.UU.NET!smsdpg!seg (Scott Garfinkle) stiatl!pda (Paul Anderson) stiatl!john (John DeArmond) stiatl!meo (Miles O'Neal) stiatl!steve (Steve Lyle) -- Paul Anderson gatech!stiatl!pda (404) 841-4000 X isn't just an adventure, X is a way of life...