TK0JUT2@netsys.NETSYS.COM (10/06/90)
TK0JUT2 is the address of CuD, and although accessible by several people, there is only one (me) who generally hits the "send" button for messages. Seems too many people are talking past each other, not reading what others are saying but responding with knee-jerk comments like "bullshit," "grow up," "stop whining," without addressing the issues. Some who have seen the Nova program think that the book on which it was based is irrelevant, and odd position for those claiming that "facts" are important. According to both the book and the program, Stoll didn't simply monitor an intruder, but also intruded into the space of other users. Stoll suffered only the briefest of qualms when he himself monitored the communications of others. His fiance, a law student, absolved him of any ethical violations: "'Look,' she mumbled, burning the roof of her mouth on the vulcanized mozzarella. 'You're not the government, so you don't need a search warrant. THE WORST IT WOULD BE IS AN INVASION OF PRIVACY {emphasis added}. And people dialing up a computer PROBABLY HAVE NO RIGHT TO INSIST THAT THE SYSTEM'S OWNER NOT LOOK OVER THEIR SHOULDER {emphasis added}. So I don't see why you can't.' So with a clear conscience, I started building a monitoring system" (p. 20). Why be bothered that he neither is the owner of the system nor, according to his account, possessed the authorization to monitor from his superiors. Stoll "borrows," without authorization, "thirty or forty monitors" by "liberating personal computers from secretaries' desks." No big deal. "THERE'D BE HELL TO PAY ON MONDAY, BUT IT'S EASIER TO GIVE AN APOLOGY THAN GET PERMISSION" (p. 22, emphasis added). How does Stoll's excitement for learning about phone traces (p. 30) differ from the typical hacker's? How do his own efforts in phone traces differ from a phreak's? Like any good p/hacker, he enlists allies to feed him information, and then uses that information. "I worried about how the hacker might abuse our network connections over the weekend. Rather than camping out in the computer room, I pulled the plugs to all the networks. To cover my tracks, I posted a greeting for every user logging in: 'Due to building construction, all networks are down until Monday.' It wold surely isolate the hacker from the Milnet. By counting complaints, I could take a census of how many people relied on this network. Quite a few, it turned out. Enough to get me into trouble." Complaints led to a request for Stoll to look into the "problem." "It took five minutes to patch the network through. The boss thought I'd done magic. I kept my mouth shut" (p. 88). Stoll would never wreck "a wonderful playground for everybody else by putting razor blades in the sand," and analogy he uses to describe hackers in a recent NEWSWEEK article ("The Hacker Dragnet," NEWSWEEK, April 30, 1990: p. 50). Or, if he did, he would just apologize on Monday morning! (Newsweek, however, may have quoted him out of context. In a note on The Well, Stoll indicated he was referring to those who plant viruses, not hackers). A few issues: 1) How can we balance the legitimate security needs of users and maintain privacy at the same time? 2) How far can a sysop go in protecting a system? 3) How can the the legitimate concerns of law enforcement be protected while at the same time protecting computerists from excesses such as Operation Sun Devil, seizure of equipment without subsequent indictment, or inflammatory language in charges? One (of many) dangers of law-enforcment's appropriation of the hacker definition is obvious, as we have seen in both of Craig Neidorf's indictments: If a person uses the term "hacker" to describe activities that may be perfectly legal, "evidence" may be adduced refering to that use and the meanings distorted, even fabricated, as a way of illustrating guilt. Language is a powerful tool, so let's get away from these ad hominem attacks (such as the silly comment about how I'm trying to justify my own activity). Jim Thomas