[comp.org.eff.talk] Ships in the night and other, ah, sordid points

TK0JUT2@netsys.NETSYS.COM (10/06/90)

TK0JUT2 is the address of CuD, and although accessible by several people,
there is only one (me) who generally hits the "send" button for messages.

Seems too many people are talking past each other, not reading what others are
saying but responding with knee-jerk comments like "bullshit," "grow up,"
"stop whining," without addressing the issues.

Some who have seen the Nova program think that the book on which it was based
is irrelevant, and odd position for those claiming that "facts" are important.
According to both the book and the program, Stoll didn't simply monitor an
intruder, but also intruded into the space of other users.  Stoll suffered
only the briefest of qualms when he himself monitored the communications of
others.  His fiance, a law student, absolved him of any ethical violations:

    "'Look,' she mumbled, burning the roof of her mouth on the vulcanized
    mozzarella. 'You're not the government, so you don't need a search
    warrant. THE WORST IT WOULD BE IS AN INVASION OF PRIVACY {emphasis added}.
    And people dialing up a computer PROBABLY HAVE NO RIGHT TO INSIST THAT THE
    SYSTEM'S OWNER NOT LOOK OVER THEIR SHOULDER {emphasis added}.  So I don't
    see why you can't.'
         So with a clear conscience, I started building a monitoring system"
    (p. 20).

Why be bothered that he neither is the owner of the system nor, according to
his account, possessed the authorization to monitor from his superiors.

Stoll "borrows," without authorization, "thirty or forty monitors" by
"liberating personal computers from secretaries' desks." No big deal.
"THERE'D BE HELL TO PAY ON MONDAY, BUT IT'S EASIER TO GIVE AN APOLOGY THAN GET
PERMISSION" (p. 22, emphasis added).

How does Stoll's excitement for learning about phone traces (p. 30) differ
from the typical hacker's? How do his own efforts in phone traces differ from
a phreak's?  Like any good p/hacker, he enlists allies to feed him
information, and then uses that information.

     "I worried about how the hacker might abuse our network connections over
     the weekend. Rather than camping out in the computer room, I pulled the
     plugs to all the networks.  To cover my tracks, I posted a greeting for
     every user logging in:  'Due to building construction, all networks are
     down until Monday.' It wold surely isolate the hacker from the Milnet.
     By counting complaints, I could take a census of how many people relied
     on this network.
          Quite a few, it turned out. Enough to get me into trouble."

Complaints led to a request for Stoll to look into the "problem."

     "It took five minutes to patch the network through. The boss thought I'd
     done magic. I kept my mouth shut" (p. 88).


Stoll would never wreck "a wonderful playground for everybody else by putting
razor blades in the sand," and analogy he uses to describe hackers in a recent
NEWSWEEK article ("The Hacker Dragnet," NEWSWEEK, April 30, 1990: p.  50). Or,
if he did, he would just apologize on Monday morning!  (Newsweek, however, may
have quoted him out of context. In a note on The Well, Stoll indicated he was
referring to those who plant viruses, not hackers).

A few issues:
1) How can we balance the legitimate security needs of users
   and maintain privacy at the same time?
2) How far can a sysop go in protecting a system?
3) How can the the legitimate concerns of law enforcement be
   protected while at the same time protecting computerists from
   excesses such as Operation Sun Devil, seizure of equipment
   without subsequent indictment, or inflammatory language in
   charges?

One (of many) dangers of law-enforcment's appropriation of the hacker
definition is obvious, as we have seen in both of Craig Neidorf's indictments:
If a person uses the term "hacker" to describe activities that may be
perfectly legal, "evidence" may be adduced refering to that use and the
meanings distorted, even fabricated, as a way of illustrating guilt. Language
is a powerful tool, so let's get away from these ad hominem attacks (such as
the silly comment about how I'm trying to justify my own activity).

Jim Thomas