[comp.org.eff.talk] hacker = computer criminal

trivedi@motcid.UUCP (Kamlesh Trivedi) (10/03/90)

I have read some posts here and the articles in c.u.d that try to preserve the
label hacker.  I think it's a lost cause.  Yesterday's _Nova_ on Cliff Stoll's
story proves it.  The popular media has "latched" onto the term and are
indiscriminately using it to mean: an individual who breaks into corporate/
government computers and maliciously changes things.  Stoll and the "hackers"
from Germany referred to the activities of the Germans as "hacking" not as
"intruding", "espionage", etc.

I just keep thinking of the time Wozniak was on _Nightline_ talking about
how he wanted his kids to grow up to be like the hackers he was seeing in '83.
-- 
Kamlesh Trivedi -  ...!uunet!motcid!trivedik - My opinions not Motorola's
"Since everyone knows me, everything I do now is newsworthy.
I'm a cultural icon." - Calvin 10/2

howell@grover.llnl.gov (Louis Howell) (10/03/90)

In article <4761@bone25.UUCP>, trivedi@motcid.UUCP (Kamlesh Trivedi) writes:
|> I have read some posts here and the articles in c.u.d that try to preserve the
|> label hacker.  I think it's a lost cause.  Yesterday's _Nova_ on Cliff Stoll's
|> story proves it.  The popular media has "latched" onto the term and are
|> indiscriminately using it to mean: an individual who breaks into corporate/
|> government computers and maliciously changes things.  Stoll and the "hackers"
|> from Germany referred to the activities of the Germans as "hacking" not as
|> "intruding", "espionage", etc.

I was also disappointed in the way the show completely ignored privacy
issues, both for the "hacker" and for the other users.  Stoll was shown
making printouts of login sessions, tapping phone lines, and so on,
without any mention whatsoever that there might be other ethical issues
involved than "get the bad guy at all costs".  I expect gibberish from
the mainstream press, but Nova usually displays higher standards.

For those who haven't yet seen it, the title of the show is "The KGB,
the computer, and me".

With regard to the word hacker, we should distinguish between its use
in jargon and its use by mainstream society.  Can the word continue to
hold the meanings we know and love, even while being distorted by
outsiders?  Other words mean very different things in jargon and in
everyday usage, but does it make a difference that the word "hacker"
is so emotionally charged?

-- 
Louis Howell

  "A few sums!" retorted Martens, with a trace of his old spirit.  "A major
navigational change, like the one needed to break us away from the comet
and put us on an orbit to Earth, involves about a hundred thousand separate
calculations.  Even the computer needs several minutes for the job."

brnstnd@kramden.acf.nyu.edu (Dan Bernstein) (10/04/90)

In article <69148@lll-winken.LLNL.GOV> howell@grover.llnl.gov (Louis Howell) writes:
> I was also disappointed in the way the show completely ignored privacy
> issues, both for the "hacker" and for the other users.  Stoll was shown
> making printouts of login sessions, tapping phone lines, and so on,
> without any mention whatsoever that there might be other ethical issues
> involved than "get the bad guy at all costs".  I expect gibberish from
> the mainstream press, but Nova usually displays higher standards.

Be serious. There are lots of legal issues involved, but it's perfectly
ethical for (e.g.) a corporation to videotape an employee in the hall if
they suspect that he's been stealing things, trying office doors other
than his own, etc. Do you see the analogy?

Sure, Stoll made printouts of every dial-in session; the corporation
makes videotapes of everybody in the hall. It's just not possible to
selectively record an event if you don't know when that event happens.

Sure, Stoll tapped a phone line---a phone line he was responsible for.
The corporation makes videotapes of a hall in its own building. What's
wrong with recording what goes on under your own roof?

---Dan

gl8f@astsun7.astro.Virginia.EDU (Greg Lindahl) (10/04/90)

In article <20225:Oct319:48:5690@kramden.acf.nyu.edu> brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:

> What's wrong with recording what goes on under your own roof?

I believe Epson America is going to find out in court, real soon now.
They had a manager who read all of his employee's email, including
mail with rude comments about the manager that the employees thought
was confidential.

Next they'll be putting videocameras in the bathrooms and a bug by the
water cooler. Catching criminals at any cost if often at odds with
privacy. Here's another case.

--
"Restraint, hell. I'm just too fucking busy." -- Bill Wisner

TK0JUT2@netsys.NETSYS.COM (10/04/90)

brnstnd@KRAMDEN.ACF.NYU.EDU(Dan Bernstein) writes:

>>Be serious. There are lots of legal issues involved, but it's perfectly
>>ethical for (e.g.) a corporation to videotape an employee in the hall if
>>they suspect that he's been stealing things, trying office doors other
>>than his own, etc. Do you see the analogy?

You'll have to explain the analogy to some of us denser folk.  There's a
rather significant difference between authorized security folks in a
corporation spying on employees and individual employees acting as vigilantes
spying. The NOVA program did not address this hardly subtle difference.

>>Sure, Stoll made printouts of every dial-in session; the corporation
>>makes videotapes of everybody in the hall. It's just not possible to
>>selectively record an event if you don't know when that event happens.

>>Sure, Stoll tapped a phone line---a phone line he was responsible for.
>>The corporation makes videotapes of a hall in its own building. What's
>>wrong with recording what goes on under your own roof?

Employers have no right to tap phone lines. There is both a technological and
a legal difference between "tapping" and simple in-house monitoring.  Further,
as Stoll notes in his book, he did not have authorization for much of this
activity.  Nova failed to address these distinctions. The similarities between
Stoll's behavior and the hacker(s) he was pursuing were ignored, and Nova
treated the chase uncritically.

Many of us have been critical of Stoll's a-moral chase and contemptuous of his
irresponsible and one-sided depiction of "hackers." Some of us had second
thoughts about the stridency of our critiques. One mark of intellectual
maturity is the ability to reflect on past behavior and use the wisdom of this
reflection to develop deeper understandings and insights into the world around
us. Judging from the Nova program, it appears that Stoll has remains mired in
the self-righteousness of his quest, and neither he nor the producers of Nova
seem to recognize the affinity he and his quarry have in common: The obsessive
games of both led to violations of privacy, ethics, and perhaps the law. Is it
really permissible for Stoll to "appropriate" equipment and have Nova portray
it as a semi-comedic scene?  Is there really any difference between Stoll's
"social engineering" to obtain numbers? How could Nova so glibly pass over the
issue of privacy by making it seem a 'crime' that telecom people in one state
wouldn't give out information on a phone line because the warrant wasn't good
for that state?

A few months ago I was feeling quite badly for the tone of a review I had
written about Cuckoo's Egg. However, after seeing Nova, one wonders why Stoll
seems to have learned virtually nothing from the critiques of his work?

Anybody know if he got paid for the program, and if so, how much??

josef@nixpbe.UUCP (Moellers) (10/04/90)

In <69148@lll-winken.LLNL.GOV> howell@grover.llnl.gov (Louis Howell) writes:

[stuff deleted]

>With regard to the word hacker, we should distinguish between its use
>in jargon and its use by mainstream society.  Can the word continue to
>hold the meanings we know and love, even while being distorted by
>outsiders?  Other words mean very different things in jargon and in
>everyday usage, but does it make a difference that the word "hacker"
>is so emotionally charged?

I doubt You can keep on distinguishing, lest society will look upon all
of us "hackers" as being criminals.
Imagine You wanted to say that You are quite happy and said, e.g. in a
newletter:
		Coputer user's are gay!
When I learned English some 24 years ago, "gay" meant "happy". And look
what it means today!
I think we should be carefull in using the term "hacker" unless society
sort of forgets it's bad second meaning.

--
| Josef Moellers		| c/o Siemens Nixdorf Informatonssysteme AG |
|  USA: mollers.pad@nixdorf.com	| Abt. PXD-S14				    |
| !USA: mollers.pad@nixdorf.de	| Heinz-Nixdorf-Ring			    |
| Phone: (+49) 5251 104662	| D-4790 Paderborn			    |

kehoe@scotty.dccs.upenn.edu (Brendan Kehoe) (10/04/90)

In <20225:Oct319:48:5690@kramden.acf.nyu.edu>, brnstnd@kramden.acf.nyu.edu writes:
>Be serious. There are lots of legal issues involved, but it's perfectly
>ethical for (e.g.) a corporation to videotape an employee in the hall if
>they suspect that he's been stealing things, trying office doors other
>than his own, etc. Do you see the analogy?
>
>Sure, Stoll made printouts of every dial-in session; the corporation
>makes videotapes of everybody in the hall. It's just not possible to
>selectively record an event if you don't know when that event happens.


 This doesn't quite ring true with me. Sure, a company might pay closer 
attention to an employee that's suspected of that -- but they wouldn't have
*every* employee tailed, or install cameras in *every* employee's cubicle.
What Stoll did could make a dangerous precedent if opinions like this grow
too wide-spread.
 Your analogy fails on the fact that the people logging in and out and
subsequently getting printed out were doing their own work in what they
assumed was a 'private' session. What if they were doing some research or
programming that they didn't want seen by anyone (save root) until it was
time to have it released? Many corporate entities are well acquainted with
the problem of information being disseminated before they planned.

>Sure, Stoll tapped a phone line---a phone line he was responsible for.
>The corporation makes videotapes of a hall in its own building. What's
>wrong with recording what goes on under your own roof?

 They videotape the HALL -- they don't videotape the offices.

Brendan Kehoe | Soon: brendan@cs.widener.edu [ Oct 16 they say; tune in & see ]
 For now: kehoe@scotty.dccs.upenn.edu | Also: brendan.kehoe@cyber.widener.edu
   "I've tried to forget you, but my Calvins won't let me."   "Oh PuhLEEZ."

wv@cbnews.att.com (william.e.duncan) (10/04/90)

In article <20225:Oct319:48:5690@kramden.acf.nyu.edu>, brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:
> 
> Sure, Stoll tapped a phone line---a phone line he was responsible for.
> The corporation makes videotapes of a hall in its own building. What's
> wrong with recording what goes on under your own roof?

Isn't recording a phone conversation without the other party's
knowledge of it illegal? One would have to determine whether
recording a "computer" conversation isn't illegal, also.

Bill Duncan
bill@picard.att.com

riddle@hoss.unl.edu (Michael H. Riddle) (10/05/90)

In <1990Oct4.031131.2296@murdoch.acc.Virginia.EDU> gl8f@astsun7.astro.Virginia.EDU (Greg Lindahl) writes:

>In article <20225:Oct319:48:5690@kramden.acf.nyu.edu> brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:

>> What's wrong with recording what goes on under your own roof?

>I believe Epson America is going to find out in court, real soon now.
>They had a manager who read all of his employee's email, including
>mail with rude comments about the manager that the employees thought
>was confidential.

My understanding of employment/labor law is that employees have almost no
legitimate expectation of privacy in the workplace.  Unless Epson created
such an expectation, there just wasn't any such thing as "private" mail on
the system installed, operated, and paid for by the company for company
business.
 
Whether there was a moral expectation of privacy is another issue, one
which I think is much more favorable to the employee, but . . . .

It's too bad that Ms. Shoar's case is "cluttered" with the
employer/employee problem, since I think all of us agree that we need some
good judicial precedent and construction of email privacy rights.
 
(A final note.  I may be wrong, but I thought the supervisor ran across
the email while looking into some trouble with the system, as opposed to
"eavesdropping," but I may be wrong on this.)

--
riddle@hoss.unl.edu                  |  "I've been going to school for
riddle@crchpux.unl.edu               |  so long that it ought to be     
mike.riddle@f27.n285.z1.fidonet.org  |  obvious they can't teach me and
Sysop on 1:285/27 @ Fidonet          |  therefore aren't responsible." 

lear@turbo.bio.net (Eliot) (10/05/90)

niu.bitnet!TK0JUT2@netsys.NETSYS.COM writes:
>You'll have to explain the analogy to some of us denser folk.  There's a
>rather significant difference between authorized security folks in a
>corporation spying on employees and individual employees acting as vigilantes
>spying. The NOVA program did not address this hardly subtle difference.

You're being much too hard on Cliff Stoll, and you seem to be
forgetting the other side of his story.

There is a vast difference between accessing such private information
and using it (both legally and ethically), is there not?  Did Stoll
use information which authorized users considered private?  He was
responsible for the security of the LBL computer in question.  The
users of that machine must vest in him their trust, because sooner or
later, as a system administrator, he will come across sensitive
information, be it in mail bounces, or with files in the lost+found,
etc.  The key moral test is whether or not he takes advantage of that
information.  More importantly, Cliff Stoll was attempting to protect
the privacy of those individuals whose accounts were being compromised
by the intruder (and not just at LBL).  So it sounds to me that Cliff
did his job.
-- 
Eliot Lear
[lear@turbo.bio.net]

howell@grover.llnl.gov (Louis Howell) (10/05/90)

In article <Oct.4.10.48.14.1990.29551@turbo.bio.net>, lear@turbo.bio.net (Eliot) writes:
|> You're being much too hard on Cliff Stoll, and you seem to be
|> forgetting the other side of his story.
|> 
|> There is a vast difference between accessing such private information
|> and using it (both legally and ethically), is there not?  Did Stoll
|> use information which authorized users considered private?  He was

I would not say that Stoll actually did anything wrong; for one thing,
I don't have enough information to make any kind of valid assessment.
What I do find troubling, however, is that the Nova program did not even
consider the ethical questions to be worthy of comment.  There ARE
ethical questions involved when people start tapping in to supposedly
private communications.  Maybe Stoll was justified, maybe he wasn't.
(Personally, I think most if not all of his actions WERE reasonable.)
That doesn't mean that Nova should have just ignored the issue, though.

-- 
Louis Howell

  "A few sums!" retorted Martens, with a trace of his old spirit.  "A major
navigational change, like the one needed to break us away from the comet
and put us on an orbit to Earth, involves about a hundred thousand separate
calculations.  Even the computer needs several minutes for the job."

brnstnd@kramden.acf.nyu.edu (Dan Bernstein) (10/05/90)

In article <185@netsys.NETSYS.COM> niu.bitnet!TK0JUT2@netsys.NETSYS.COM writes:
> Further,
> as Stoll notes in his book, he did not have authorization for much of this
> activity.

That's a good point. However, you don't need authorization to carry out
your job duties; and presumably Stoll's duties as a system manager could
have been interpreted to include monitoring Hess's activities. In fact,
I get the impression from the book that his boss made exactly that
interpretation. It's always a judgment call...

> Nova failed to address these distinctions. The similarities between
> Stoll's behavior and the hacker(s) he was pursuing were ignored, and Nova
> treated the chase uncritically.

What similarities are you talking about? That they both recorded the
sessions---on computers Stoll was responsible for? That they both used
computers? That they both breathe? Come on.

---Dan

brnstnd@kramden.acf.nyu.edu (Dan Bernstein) (10/05/90)

In article <30571@netnews.upenn.edu> kehoe@scotty.dccs.upenn.edu (Brendan Kehoe) writes:
> This doesn't quite ring true with me. Sure, a company might pay closer 
> attention to an employee that's suspected of that -- but they wouldn't have
> *every* employee tailed, or install cameras in *every* employee's cubicle.

That's true. They'd try to record only as much as would reasonably cover
where they expected the criminal to go. That's exactly what Stoll did.

---Dan

brnstnd@kramden.acf.nyu.edu (Dan Bernstein) (10/05/90)

In article <1990Oct04.173551.606@hoss.unl.edu> riddle@hoss.unl.edu (Michael H. Riddle) writes:
> Whether there was a moral expectation of privacy is another issue, one
> which I think is much more favorable to the employee, but . . . .

True. And the balance swings way back in favor of the machine's owner
when the owner suspects criminal activity on the part of the employee.

In Stoll's case, the criminal wasn't even an employee, so I don't know
how he could expect any privacy at all. It wasn't possible to print out
(or locate) his sessions without also printing out other 1200-baud
sessions; it's like the cop responding to a cry for help and
accidentally discovering a crime in progress.

---Dan

tenney@well.sf.ca.us (Glenn S. Tenney) (10/05/90)

In article <20225:Oct319:48:5690@kramden.acf.nyu.edu> brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:
> ...
>Sure, Stoll tapped a phone line---a phone line he was responsible for.
>The corporation makes videotapes of a hall in its own building. What's
>wrong with recording what goes on under your own roof?

In California, it is illegal to record a telephone conversation
unless a notification (that "beep" every x seconds) is made to
(if I recall correctly) *both* parties of the conversation.  This
hasn't, to my knowledge, been tested with data calls.

That's what's wrong with recording phone calls and tapping lines.
It is interesting, but that's why our country has laws -- protecting
people from "the end justifies the means" approach.

How different would it be if this had been voice calls?

Glenn Tenney

p.s.

Every time I heard Cliff use the word "hacker" as if the word equated
"criminal"reminded me of a thing my kid said when he saw a slanted
news piece about The Hackers Conference -->  Why did they say
*that*, we're not criminals?

bei@halley.UUCP (Bob Izenberg) (10/05/90)

In article <20959@well.sf.ca.us> tenney@well.sf.ca.us (Glenn S. Tenney) writes:

>p.s.
>
>Every time I heard Cliff use the word "hacker" as if the word equated
>"criminal"reminded me of a thing my kid said when he saw a slanted
>news piece about The Hackers Conference -->  Why did they say
>*that*, we're not criminals?

I remember reading a good putdown somewhere... so-and-so "likes to get his
labels on straight."  Remember, the Nova episode (and the book?) was a
dramatization.  To my dad, who is "digiphobic" in the extreme, Cliff Stoll
>and< the Germans were all hackers.  The use of the label depends upon who's
using it.  I do feel that Nova fell into the habit that some film-makers
have, of introducing a protagonist portrayed in an unrealistic light, so as
to make the protagonist's fight more black and white.
-- 

                       Bob Izenberg [ ] Tandem Computers, Inc.
           cs.utexas.edu!halley!bei [ ] 512 244 8837

mbrown@tonic.osf.org (Mark Brown) (10/06/90)

|> In article <20225:Oct319:48:5690@kramden.acf.nyu.edu>,
brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:
|> > 
|> > Sure, Stoll tapped a phone line---a phone line he was responsible for.
|> > The corporation makes videotapes of a hall in its own building. What's
|> > wrong with recording what goes on under your own roof?

I'm not even sure why this thread exists...Stoll was monitoring 
**the serial port** of a **computer he was responsible for**.
(note that Stoll was on the other side of the modems...)

The issues raised here seems to be,
"In the absence of an explicit policy or law(s) concerning privacy, is there 
an *implicit* right to privacy granted the users of a given service (computer,
or other)?"

and

"Given the above, are unauthorized users protected?"

----
Mark Brown   IBM AWD / OSF  |"Coffee for my breakfast, whiskey by the side
The Good     mbrown@osf.org | it's a dark and gloomy mornin',
The Bad     uunet!osf!mbrown| gonna rain outside, outside ---
The Ugly     (617) 621-8981 |              ...and the forecast calls for pain."

bzs@world.std.com (Barry Shein) (10/06/90)

>Isn't recording a phone conversation without the other party's
>knowledge of it illegal? One would have to determine whether
>recording a "computer" conversation isn't illegal, also.

Gak. I would not even entertain the concept of a separate ruling on a
"computer" conversation. Computers don't have conversations, people
do, even if both ends were computer initiated it's *people's* privacy
that can get violated.

The (voice) phone system itself is largely digital, would this
reasoning lead us to believe that at the point it becomes digital it's
somehow "just a computer conversation" and might lose its legal rights?

The whole thing is a semantic minefield.

I realize a lot of people have negative knee-jerk reactions to this
sort of thing, but something we may have to strive to do is take back
the language. If they take it from you they've got you.

Look at what happened to the Hacker's Conference a few years back, the
whole negative incident was purely semantic. The conference was named
back when "hacker" had a positive connotation, and never changed in
spirit. But the word did, so suddenly some people read it as some sort
of terrorist's meeting or something, and there was some trouble.

Purely semantic.

Don't even admit the phrase "computer phone conversation".

If someone does just look at them with blank affect and ask if
artificial intelligence has really gotten that far along. Or did they
really mean a people conversation with computers somehow involved.
-- 
        -Barry Shein

Software Tool & Die    | {xylogics,uunet}!world!bzs | bzs@world.std.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD

brnstnd@kramden.acf.nyu.edu (Dan Bernstein) (10/06/90)

In article <20959@well.sf.ca.us> tenney@well.sf.ca.us (Glenn S. Tenney) writes:
> In article <20225:Oct319:48:5690@kramden.acf.nyu.edu> brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:
> >Sure, Stoll tapped a phone line---a phone line he was responsible for.
> >The corporation makes videotapes of a hall in its own building. What's
> >wrong with recording what goes on under your own roof?
> In California, it is illegal to record a telephone conversation
> unless a notification (that "beep" every x seconds) is made to
> (if I recall correctly) *both* parties of the conversation. 

As I said, I was just commenting on the ethical issues.

But are you sure about your legal statements? Wasn't there a Supreme
Court case a couple of years ago establishing that you didn't need the
beep? Reporters still beep you every fifteen seconds to be polite, and
smart answering machines do it because their manufacturers are behind
the times, but I think the law has finally caught up with common sense.

> This
> hasn't, to my knowledge, been tested with data calls.

There isn't, to my knowledge, any legal distinction between voice calls
and modem calls, despite what certain ``entities'' might make you think.

---Dan

bei@halley.UUCP (Bob Izenberg) (10/06/90)

In article <21534:Oct605:29:4690@kramden.acf.nyu.edu> brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:

>But are you sure about your legal statements? Wasn't there a Supreme
>Court case a couple of years ago establishing that you didn't need the
>beep?

Circa 1982, the rule at the radio station where I worked was that identifying
yourself as an employee of the station was sufficient notice to record the
subsequent conversation.  It was deemed especially important to record the
reporter identifying his or herself.  That was eight years ago, and I'm No
Lawyer.
We had an FCC-approved beep box putting the tones on at one of the college
stations that I worked in... But it had an off switch.  Good psychological
effect here:  Start the tape, call someone, and if they object to being
recorded, the interviewer makes a decision.  Stop the tape, or stop the beep.
The choice that the budding journalism undergrads usually made is left to your
imagination.
-- Bob
-- 

                       Bob Izenberg [ ] Tandem Computers, Inc.
           cs.utexas.edu!halley!bei [ ] 512 244 8837

mnemonic@well.sf.ca.us (Mike Godwin) (10/06/90)

In article <185@netsys.NETSYS.COM> niu.bitnet!TK0JUT2@netsys.NETSYS.COM writes:

>Employers have no right to tap phone lines. There is both a technological and
>a legal difference between "tapping" and simple in-house monitoring.  Further,
>as Stoll notes in his book, he did not have authorization for much of this
>activity.  Nova failed to address these distinctions. The similarities between
>Stoll's behavior and the hacker(s) he was pursuing were ignored, and Nova
>treated the chase uncritically.

I think you're going out of your way to characterize Stoll as 
some kind of heedless violator of privacy rights here. Not only
did Stoll keep his snooping of other folks' dial-up sessions
to a minimum (the main thing he did with the printouts was determine
whether the hacker had used that line), but you seem to forget 
that hacker ethic of the '50s, '60s, and '70s (see Steven Levy,
HACKERS) was built on the assumption that everyone beyond a certain
level of expertise would be able to read everyone else's files
on a system. UNIX was *designed* around this assumption, and it's
still the case that many new UNIX systems default to allowing
anyone else to read a user's files.

Secondly, Stoll himself is quite concerned with privacy rights--
he raised them as an issue at a user group meeting here in Cambridge
just this week. 

Third, the scope of the NOVA show pretty much limited the extent 
to which a balanced view (e.g., "not all hackers are bad") could
be presented. The story was Stoll's attempt to figure out a mystery,
and his disregard of privacy rights, if any, was far less than, say,
Sherlock Holmes's.

Fourth, the NOVA show was filmed before the federal-government
abuses during its investigation of computer crime had hit the
major media (March and April of this year, except for a few minor
stories). Stoll encountered a hacker who was a genuine villain,
which naturally shapes the way he tells his story in the book, and
which cannot help but shape the focus of the NOVA episode.

>Many of us have been critical of Stoll's a-moral chase and contemptuous of his
>irresponsible and one-sided depiction of "hackers."

Stoll rarely criticized the intellectually curious hacker, as 
distinguished from the Hanover Hacker, who was trying to conduct espionage,
and the Kaos Klub, which vandalized systems. As Stoll mentions in his
book, his girlfriend Martha cautioned him about chasing after someone
who may be no more than an intellectually curious computer
user--like Cliff himself. As it turns out, the Hanover Hacker
didn't fall into this category.

I find the unnecessary characterization of Stoll as "amoral"
(he clearly is not) far more irresponsible than anything Stoll
said about hackers in general (on the rare occasions that he talked
about hackers generally in the book).

>A few months ago I was feeling quite badly for the tone of a review I had
>written about Cuckoo's Egg. However, after seeing Nova, one wonders why Stoll
>seems to have learned virtually nothing from the critiques of his work?

For one thing, you seem to be unaware of the fact that the critiques
of his work were published *after* the NOVA episode was filmed.




--Mike




-- 
Mike Godwin, (617) 864-0665 |"If the doors of perception were cleansed
mnemonic@well.sf.ca.us      | every thing would appear to man as it is,
Electronic Frontier         | infinite."
Foundation                  |                 --Blake

lear@genbank.bio.net (Eliot) (10/07/90)

tenney@well.sf.ca.us (Glenn S. Tenney) writes:
>In California, it is illegal to record a telephone conversation
>unless a notification (that "beep" every x seconds) is made to
>(if I recall correctly) *both* parties of the conversation.  This
>hasn't, to my knowledge, been tested with data calls.

What about the telephone company?  Can they monitor and record calls
for their own internal purposes?  Certainly, under ECPA they can
monitor calls for their own purposes, so long as they do not divulge
the information learned.

In this case, would not Cliff Stoll be an extension of the phone
company?
-- 
Eliot Lear
[lear@turbo.bio.net]

dick@cca.ucsf.edu (Dick Karpinski) (10/08/90)

In article <BZS.90Oct5210031@world.std.com> bzs@world.std.com (Barry Shein) writes:
>
>... The whole thing is a semantic minefield.
>
>I realize a lot of people have negative knee-jerk reactions to this
>sort of thing, but something we may have to strive to do is take back
>the language. If they take it from you they've got you.
>
>Look at what happened to the Hacker's Conference a few years back, the
>whole negative incident was purely semantic. The conference was named
>back when "hacker" had a positive connotation, and never changed in
>spirit. But the word did, so suddenly some people read it as some sort
>of terrorist's meeting or something, and there was some trouble.
>
>Purely semantic.

May I gently suggest that we avoid calling these redefinition-of-terms
difficulties "semantic" and use "terminological" instead.  Semantics 
has to do with the meanings, and the conflict between two rather
incompatible definitions of "hacker" is over their different meanings
but I think the emphasis is wrong.  The problem is that one term is
being used in two different ways, thus neither spelling nor pronunciation
gives guidance to the receiver of the term with two meanings.

Besides, this change in usage benefits one of my favorite rewordings
used to indicate a liar: "He's committed a terminological inexactitude."

Dick

pplacewa@bbn.com (Paul W Placeway) (10/08/90)

brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:

< That's true. They'd try to record only as much as would reasonably cover
< where they expected the criminal to go. That's exactly what Stoll did.

And when he found a more selective way to monitor _only_his_target_,
he switched to that.

Have you ever used an ATM?  Do you remember to smile at the camara?

The basic problem here is a clash of rights.  On the one hand, as a
user I (should) have the right to use my account in private, even over
the phone, just as I (might) have the right to talk to someone on the
phone privately.

On the other hand, I should have the right to detect and prevent (and
perhaps catch in the act) someone from using my system without my
prior aproval, just as I have the right to put locks on the doors of
my residence.

And I (probably) shouldn't have to search warrant to monitor my own
front door (back door, side window, etc).  But it might be reasonable
to require some kind of prior legal aproval for me to monitor all the
doors of an apartment building.

Finally, someone who has trespassed into my system should definitely
have the right to due process.

No, these analogies arn't perfect, but they are pretty close.  I have
to live and work in this corner if "cyberspace", and should be able to
do so without some other person breaking into my "house"/"office".
I ask nothing more than courtesy, but demand nothing less.

		-- Paul Placeway

zane@ddsw1.MCS.COM (Sameer Parekh) (10/10/90)

In article <59871@bbn.BBN.COM> pplacewa@bbn.com (Paul W Placeway) writes:
>Have you ever used an ATM?  Do you remember to smile at the camara?

I have been informed by the mass-media (Note that I didn't say it was the truth
never beleive what they say) that the camera was so if you get mugged they can
see who it was.  (You ALMOST ALWAYS have cash at an ATM)  I don't know
of any other reason they would have a camera there. You have any ideas.

(And I always like to smile at the camera, sometimes it is hard to find though(


-- 
Sameer Parekh  :-)      |  "Censorship is the worst crime ever commited"
zane@ddsw1.MCS.COM      |      -Sameer Parekh
Censors should be shot, |  "If cartoons were meant for adults they'd be shown
 hung, and quartered!   |   on prime time" --Lisa Simpson

edp@jareth.enet.dec.com (Eric Postpischil (Always mount a scratch monkey.)) (10/10/90)

In article <1990Oct10.013545.16689@ddsw1.MCS.COM>, zane@ddsw1.MCS.COM (Sameer
Parekh) writes:

>I have been informed by the mass-media (Note that I didn't say it was the
truth
>never beleive what they say) that the camera was so if you get mugged they can
>see who it was.  (You ALMOST ALWAYS have cash at an ATM)  I don't know
>of any other reason they would have a camera there. You have any ideas.

Another reason is to prove that you were at the ATM receiving the money, in case
you dispute the transaction.  I think this reason is more likely, as it serves
the bank's interests directly, and the other reason does not.


				-- edp

chris@bushido.uucp (Chris Estep) (10/10/90)

In article <15929@shlump.nac.dec.com> edp@jareth.enet.dec.com (Eric Postpischil (Always mount a scratch monkey.)) writes:
>In article <1990Oct10.013545.16689@ddsw1.MCS.COM>, zane@ddsw1.MCS.COM (Sameer
>Parekh) writes:
>
>>I have been informed by the mass-media (Note that I didn't say it was the
>truth
>>never beleive what they say) that the camera was so if you get mugged they can
>>see who it was.  
>
>Another reason is to prove that you were at the ATM receiving the money, in case
>you dispute the transaction.  I think this reason is more likely, as it serves
>the bank's interests directly, and the other reason does not.
>
I would think the reason to be more of the usual "scare tactics" employed 
INSIDE the bank.  A prevention method if you will.  The chances of them
actually having to use the video are minimal at best.  Kind of like having
a watchdog.  It's total purpose is to deter, but it'll probably never bite
anyone

mvp@hsv3.UUCP (Mike Van Pelt) (10/11/90)

In article <1990Oct10.013545.16689@ddsw1.MCS.COM> zane@ddsw1.MCS.COM (Sameer Parekh) writes:
>I have been informed by the mass-media (Note that I didn't say it was the truth
>never beleive what they say) that the camera was so if you get mugged they can
>see who it was.  (You ALMOST ALWAYS have cash at an ATM)  I don't know
>of any other reason they would have a camera there. You have any ideas.

A friend works at a bank, and he told me of the time some slimebucket
came in, raising an uproar about how he had tried to withdraw $200 from
the ATM, and it hadn't given him any money, but it had debited his
account.  Whey they showed him the videotape of him holding the money
up to the camera and counting it, he said "Never mind" and ran out.
-- 
Mike Van Pelt                                 "Hey, hey, ho ho,
Headland Technology/Video 7                   Western culture's got to go."
...ames!vsi1!v7fs1!mvp                        Stanford students and faculty.