spaf@cs.purdue.EDU (Gene Spafford) (08/24/90)
I just finished reading through mailing #3, and I am disappointed.
Why? Because there is a very important mission statement missing from
the list given: helping to establish a sense of responsibility in
users of networks and computers.
I am all in favor of the other stated goals. It is clear that
telecommunications and computer technology are opening up whole new
avenues of information flow that can drastically change our way of
life. It certainly is true that we must come to terms with the nature
of these new capabilities, define the rights inherent in their use,
and help educate the rest of the world about this new medium.
At the same time, we cannot have rights without responsibilities -- be
they legal, ethical, or just plain etiquette. In our rush to define
and protect our rights, let us also consider that there must be
corresponding standards of "good" behavior that need to be developed
an encouraged. Failure to recognize and respect those
responsibilities will make it more difficult to get broad support in
the definition and protection of appropriate freedoms.
For instance: publishing a newsletter or sending e-mail may be
something we want to define as protected forms of free speech. But
suppose the material is slanderous, or violates a company's trade
secrets, or spreads a virus, or breeches national defense secrets?
How about cases where someone is just unceasingly rude? There are
social and legal concerns here on both sides, and focusing on only one
side will keep everyone from being supportive of the effort.
I've been using bulletin boards and the network for a decade. In that
time, I've seen some wonderful things happen. I've also seen an
increasing tide of impolite, inconsiderate, harassing, and even
hurtful traffic. Perhaps the posters have a right to write what they
wish -- but should they have the right to use other people's machines
and networks to spread it? Do they have the right to inject that
material into inappropriate forums for others to stumble across? Do
they have the right to forge their name, and violate accepted
protocols to make their statements that almost no one wants to read?
What and who exactly is it that needs the protection?
There is also the issue of criminal use of computers and networks.
Recent situations that have made such headlines in the news may not be
such good examples; likewise in any court there are likely to be some
mistaken or bad cases of other types of crime. Still, there are
people writing viruses, breaking into computers, altering and stealing
code and data, and crashing systems. Don't their victims have rights,
too? Shouldn't we all share some sense of manners and ethics to
prevent such activity?
I've heard some "crackers" claim it is their "right" to break into any
machine they can and read the data. I've also heard someone suggest
that writing computer viruses may be a protected form of free speech.
I'm appalled by both attitudes, and I suspect that most people who
depend on their computers would be similarly alarmed by such
statements. Most people want reasonable guarantees of freedom, but
they don't want anarchy. I have the right to bear arms, but not to
use them wherever and whenever I wish. I have freedom of worship, but
I don't have the freedom to sacrifice you to my dieties. Defining and
protecting our freedoms is perhaps less than half the necessary task.
I'm glad there are people other than me worried about the future and
freedoms of our brave new world of telecommunications and computing.
Still, I'm troubled that an organization with as much promise as the
EFF fails to stress the development of responsibility and proper usage
of computers as one of its aims. From what I have read and been told,
I have no problem believing that the EFF would help defend someone
wrongly accused of computer trespass, or that they would sponsor
lobbying to defeat passage of an unwise piece of legislation
concerning telecommunications. However, I also find it difficult to
believe that the EFF would help sponsor a campaign in schools to teach
kids not to break into others' systems, or that they would help
legislators draft balanced computer crime bills, or that the EFF would
marshall its resources to help catch computer virus authors.
From my point of view, that is badly unbalanced -- and I *believe* in
all of the EFF's stated goals! It is no wonder there is such a strong
image that the group is just a "cracker's defense fund." Time and
events will tell if this is just growing pains and poor publicity, or
whether it is a skewed philosophy. I dearly hope it is the former.
--
Gene Spafford
NSF/Purdue/U of Florida Software Engineering Research Center,
Dept. of Computer Sciences, Purdue University, W. Lafayette IN 47907-2004
Internet: spaf@cs.purdue.edu uucp: ...!{decwrl,gatech,ucbvax}!purdue!spaftom@ssd.csd.harris.com (Tom Horsley) (08/24/90)
>>>>> Regarding Missing mission; spaf@cs.purdue.EDU (Gene Spafford) adds: spaf> For instance: publishing a newsletter or sending e-mail may be spaf> something we want to define as protected forms of free speech. But spaf> suppose the material is slanderous, or violates a company's trade spaf> secrets, or spreads a virus, or breeches national defense secrets? spaf> How about cases where someone is just unceasingly rude? There are spaf> social and legal concerns here on both sides, and focusing on only one spaf> side will keep everyone from being supportive of the effort. We have had freedom of the written press for 200 years, but we have also had libel laws. Electronic media should fall in the same category and be subject to the same libel laws as print media. I have not seen (yet) anyone advocating a different position. Likewise, there is no reason a corporation should not have recourse to the same remedies for electronic violation of trade secrets as they currently have for people who carry the information out in brief cases. Defense secrets are already protected by being secret. If a 17 year old cracker can get to them, surely the KGB can as well. In the case of the Pentagon Papers the courts established the precedent that once the secrecy has been violated nothing can keep the information out of the press (unless the press chooses to withold the information itself). spaf> I've been using bulletin boards and the network for a decade. In that spaf> time, I've seen some wonderful things happen. I've also seen an spaf> increasing tide of impolite, inconsiderate, harassing, and even spaf> hurtful traffic. Perhaps the posters have a right to write what they spaf> wish -- but should they have the right to use other people's machines spaf> and networks to spread it? Do they have the right to inject that spaf> material into inappropriate forums for others to stumble across? Do spaf> they have the right to forge their name, and violate accepted spaf> protocols to make their statements that almost no one wants to read? spaf> What and who exactly is it that needs the protection? I think they have a right to try. As a reader, I have a right to ignore them (I can even ignore them with machine assistance using kill files). If I was an an operator of a machine being used as a bulletin board (especially if it was a non-profit one), I would also have a right to deny access to sufficiently disruptive users. The fact is that almost *every* statement that anyone makes on a BBS falls into the category of a "statement that almost no one wants to read". This fact is why electronic media is so important, you can pick out the few topics that interest you and have discussions in great detail on subjects that bore the vast majority of other people. The primary challenge for all forms of electronic media will be to make the job easier for the users to sort out the wheat from the chaff in a media where one person's wheat is another person's chaff. Admittedly, disruptive crackers can make this harder, but it is pretty hard just to ignore the calm considerate and erudite discussions that I just happen to not be interested in. The best solution to disruptive users is to ignore them and not engage in raging flame wars (which is what they usually want to start in the first place). spaf> There is also the issue of criminal use of computers and networks. spaf> Recent situations that have made such headlines in the news may not be spaf> such good examples; likewise in any court there are likely to be some spaf> mistaken or bad cases of other types of crime. Still, there are spaf> people writing viruses, breaking into computers, altering and stealing spaf> code and data, and crashing systems. Don't their victims have rights, spaf> too? Shouldn't we all share some sense of manners and ethics to spaf> prevent such activity? Crimes are crimes, but when the law enforcement establishment knows less than nothing about computers they need education so they can tell the difference between criminals and computer game developers. I have absolutely no sympathy for criminals that use computers or guns, but the legal establishment needs to learn a lot more to deal effectively with the ones that use computers. -- ====================================================================== domain: tahorsley@csd.harris.com USMail: Tom Horsley uucp: ...!uunet!hcx1!tahorsley 511 Kingbird Circle Delray Beach, FL 33444 +==== Censorship is the only form of Obscenity ======================+ | (Wait, I forgot government tobacco subsidies...) | +====================================================================+
mtv@milton.u.washington.edu (David Schanen) (08/24/90)
In article <11446@medusa.cs.purdue.edu> spaf@uther.cs.purdue.edu (Gene Spafford) writes: >I just finished reading through mailing #3, and I am disappointed. >Why? Because there is a very important mission statement missing from >the list given: helping to establish a sense of responsibility in >users of networks and computers. > Definitely, social awareness and responsibility should be *Priority* > ...... buncha stuff deleted..... However, I also find it difficult to >believe that the EFF would help sponsor a campaign in schools to teach >kids not to break into others' systems, > Why is that so dificult to believe, sounds like a perfectly appropriate endeavor.... > ............... or that they would help >legislators draft balanced computer crime bills, > Isn't that one of the main ideas? Perhaps I'm wrong. It seems to me they would be eager to move in this direction.... > ............ or that the EFF would >marshall its resources to help catch computer virus authors. > Now I wouldn't expect them to do this... I don't think they want to be police... >From my point of view, that is badly unbalanced -- and I *believe* in >all of the EFF's stated goals! It is no wonder there is such a strong >image that the group is just a "cracker's defense fund." Time and >events will tell if this is just growing pains and poor publicity, or >whether it is a skewed philosophy. I dearly hope it is the former. > Have faith Gene! These are, after all, grown men are they not? And a few rather respected grown men I might add... >-- >Gene Spafford >NSF/Purdue/U of Florida Software Engineering Research Center, >Dept. of Computer Sciences, Purdue University, W. Lafayette IN 47907-2004 >Internet: spaf@cs.purdue.edu uucp: ...!{decwrl,gatech,ucbvax}!purdue!spaf Thanks for your comments Gene! I always light up when I see your address in the From: field, keep em coming! I sure would like to see more from *inside* the EFF. How many emplyees are there now? Anyone? John? Mitch? Looking forward to some (more) substance! -Dave -- Internet: mtv@milton.u.washington.edu * UUNET: ...uunet!uw-beaver!u!mtv
alms@cambridge.apple.com (Andrew L. M. Shalit) (08/25/90)
In article <11446@medusa.cs.purdue.edu> spaf@cs.purdue.EDU (Gene Spafford) writes: I just finished reading through mailing #3, and I am disappointed. Why? Because there is a very important mission statement missing from the list given: helping to establish a sense of responsibility in users of networks and computers. In response, I'll post an extract from the original posting to this group, which describes the EFF: >> What can you do? >> ... >> You can turn some of the immense processing horsepower of your >> distributed Mind to the task of finding useful new metaphors for >> community, expression, property, privacy and other realities of >> the physical world which seem up for grabs in these less tangible >> regions. The people involved in the EFF realize that the advent of widespread computer networks creates a new "reality". This reality includes individuals, communities, shared resources, private resources, etc. It's a whole new world out there. They are saying, "Let's build this world in a way that makes sense". Obviously, building a world requires the definition of a social contract. I think EFF wants to work on that social contract, among other things. The situation in the comuter world is currently similar to the Old West. First you have outlaws: these are people who see the whole frontier as their own. Might makes right. Obviously, such behavior is unnacceptable. Unfortunately, the analogy doesn't stop there. In the old west, a sheriff (or other local law enforcement) wasn't very accountable to the US constitution. Because the land was wild and the people were wild, outside the reach of the normal courts, the legal system had carte blanche. A local sheriff (like the modern day FBI) didn't have to answer to anyone. I think we should all be worried that the US legal beauracracy (sp?) feels it has carte blanche in controlling the electronic world. This is especially true in light of their ignorance about the electronic world. Moreover, they will get a lot of their information from large corporations who may be acting in self-interest, rather in the interest of the general public. -andrew --
gl8f@astsun9.astro.Virginia.EDU (Greg Lindahl) (08/26/90)
In article <11446@medusa.cs.purdue.edu> spaf@uther.cs.purdue.edu (Gene Spafford) writes: >I just finished reading through mailing #3, and I am disappointed. >Why? Because there is a very important mission statement missing from >the list given: helping to establish a sense of responsibility in >users of networks and computers. Responsibility can be instilled locally; rights can only be defended globally. I find that I can do most of the work needed to make sure MY users are responsible by simply talking to them. But I can't keep the FBI from violating my rights by talking to them. So I do my part to educate my users, but I need the EFF to educate the FBI. -- "In fact you should not be involved in IRC." -- Phil Howard
cos@chaos.cs.brandeis.edu (Ofer Inbar) (08/26/90)
In article <11446@medusa.cs.purdue.edu> spaf@uther.cs.purdue.edu (Gene Spafford) writes: >I just finished reading through mailing #3, and I am disappointed. >Why? Because there is a very important mission statement missing from >the list given: helping to establish a sense of responsibility in >users of networks and computers. The EFF was established to fight against our government/infrastructure's extrem position, so it may sound that the EFF itself is too far on one side. If you get in a debate with a rabid anti-American, for example, you would probably sound like a right wing nationalist even though you may not be one. >I am all in favor of the other stated goals. It is clear that >telecommunications and computer technology are opening up whole new >avenues of information flow that can drastically change our way of >life. It certainly is true that we must come to terms with the nature >of these new capabilities, define the rights inherent in their use, >and help educate the rest of the world about this new medium. > >At the same time, we cannot have rights without responsibilities -- be >they legal, ethical, or just plain etiquette. In our rush to define >and protect our rights, let us also consider that there must be >corresponding standards of "good" behavior that need to be developed >an encouraged. Failure to recognize and respect those >responsibilities will make it more difficult to get broad support in >the definition and protection of appropriate freedoms. Consider the fact that these responsiblities may have already been over-defined, and the EFF is trying to balance that. >For instance: publishing a newsletter or sending e-mail may be >something we want to define as protected forms of free speech. But >suppose the material is slanderous, or violates a company's trade >secrets, or spreads a virus, or breeches national defense secrets? >How about cases where someone is just unceasingly rude? There are >social and legal concerns here on both sides, and focusing on only one >side will keep everyone from being supportive of the effort. Well, what is illegal is already illegal. Slander, for example, is illegal. No reason for the EFF to try to make it such, when it already is. The EFF's raison-d'etre was that the govt was seemingly ignoring constitutional rights when it came to telecommunications, but no one ever said they were not enforcing the laws... Have you read Crime and Puzzlement? If not, I recommend it as an important background piece for this discussion. >I've been using bulletin boards and the network for a decade. In that >time, I've seen some wonderful things happen. I've also seen an >increasing tide of impolite, inconsiderate, harassing, and even >hurtful traffic. Perhaps the posters have a right to write what they >wish -- but should they have the right to use other people's machines >and networks to spread it? Do they have the right to inject that People have a right to breathe, but do they have a right to breathe other people's air? They may have a right to move around freely, but must they do it on someone else's streets? They should be allowed to listen to the news on TV, but should they be allowed to do it by intercepting the government's airwaves? My point is that Cyberspace, the Net, or whatever you choose to call it, may not be the same thing as property. Why shouldn't the elctronic world be public, just as the real world is? Why shouldn't the cost of keeping network links up be a part of the function of government, just as the cost of maintainig roads is today? This is not to say that the government cannot prosecute criminals who use the net, just as they can prosecute criminals who do no use the net. >material into inappropriate forums for others to stumble across? Do >they have the right to forge their name, and violate accepted >protocols to make their statements that almost no one wants to read? >What and who exactly is it that needs the protection? Does a radio station have the right to broadcast opinions that almost no one wants to hear? Does anyone have the right to violate accepted protocols, on the Net or off it? >There is also the issue of criminal use of computers and networks. >Recent situations that have made such headlines in the news may not be >such good examples; likewise in any court there are likely to be some >mistaken or bad cases of other types of crime. Still, there are >people writing viruses, breaking into computers, altering and stealing >code and data, and crashing systems. Don't their victims have rights, >too? Shouldn't we all share some sense of manners and ethics to >prevent such activity? This makes me think that you haven't read Crime and Punishment, or much of the other recent (past year or so) news on the subject. The EFF was fromed because the government is over-prosecuting; making sure they get every guilty criminal even if it means getting a lot of innocents as well. This is not the way our justice system is supposed to work. >I've heard some "crackers" claim it is their "right" to break into any >machine they can and read the data. I've also heard someone suggest >that writing computer viruses may be a protected form of free speech. >I'm appalled by both attitudes, and I suspect that most people who >depend on their computers would be similarly alarmed by such >statements. Most people want reasonable guarantees of freedom, but >they don't want anarchy. I have the right to bear arms, but not to >use them wherever and whenever I wish. I have freedom of worship, but >I don't have the freedom to sacrifice you to my dieties. Defining and Agreed. >protecting our freedoms is perhaps less than half the necessary task. >I'm glad there are people other than me worried about the future and >freedoms of our brave new world of telecommunications and computing. >Still, I'm troubled that an organization with as much promise as the >EFF fails to stress the development of responsibility and proper usage >of computers as one of its aims. From what I have read and been told, >I have no problem believing that the EFF would help defend someone >wrongly accused of computer trespass, or that they would sponsor >lobbying to defeat passage of an unwise piece of legislation >concerning telecommunications. However, I also find it difficult to >believe that the EFF would help sponsor a campaign in schools to teach >kids not to break into others' systems, or that they would help >legislators draft balanced computer crime bills, or that the EFF would >marshall its resources to help catch computer virus authors. Why do you have trouble believing this? Have you read about the CSPR grant from the EFF? I have seen nothing so far that would lead me to believe the EFF would not sponsor such a thing. As for catching computer virus authors - I don't think the EFF should get involved in a case, unless there is good reason to. Individual EFF people may indeed help track down a computer virus author, but I see no reason for the EFF as an organization to get involved in a case unless they see some injustice in the way the government is handling it. And that's enough to swamp their resource alread! :) :( >From my point of view, that is badly unbalanced -- and I *believe* in >all of the EFF's stated goals! It is no wonder there is such a strong >image that the group is just a "cracker's defense fund." Time and >events will tell if this is just growing pains and poor publicity, or >whether it is a skewed philosophy. I dearly hope it is the former. I think you are probably just misinterpreting the whole thing. Before you respond to me, please read Crime and Puzzlement, if you have not done so already. It is the most important piece of background to this whole thing. If you can't find it, I have a copy I could mail, plus a few other related articles, and a whole slew of press releases. This article is intended to provoke thought, rather than to prove a point. Think about that as you formulate your flame :) >Gene Spafford >NSF/Purdue/U of Florida Software Engineering Research Center, >Dept. of Computer Sciences, Purdue University, W. Lafayette IN 47907-2004 >Internet: spaf@cs.purdue.edu uucp: ...!{decwrl,gatech,ucbvax}!purdue!spaf -- Cos (Ofer Inbar) -- cos@chaos.cs.brandeis.edu -- WBRS (BRiS) -- WBRS@binah.cc.brandeis.edu WBRS@brandeis.bitnet "Good literature is about Love and War." "Junk Fiction is about Sex and Violence."
kingdon@pogo.ai.mit.edu (Jim Kingdon) (08/26/90)
Spaf writes: Perhaps the posters have a right to write what they wish -- but should they have the right to use other people's machines and networks to spread it? Ofer Inbar writes: Why shouldn't the elctronic world be public, just as the real world is? Why shouldn't the cost of keeping network links up be a part of the function of government, just as the cost of maintainig roads is today? Well, the general position of the EFF is that electronic media should be able to take advantage of the same kinds of safeguards that are present for other media (print more so than TV). And in print "Freedom of the press only applies to those who own the presses." And that's probably the way I'd want it. Getting the government to take over everything means you are stuck with what they give you--if you want to get a faster link, or deal with a net which is losing packets, you have to deal with some bureaucrat. But whether government ownership of the nets is good isn't the issue as much as whether freedom implies government ownership, and I think the answer to the latter question is "no".
miron@fornax.UUCP (Miron Cuperman) (08/27/90)
cos@chaos.cs.brandeis.edu (Ofer Inbar) writes: >People have a right to breathe, but do they have a right to breathe >other people's air? They may have a right to move around freely, but >must they do it on someone else's streets? They should be allowed to >listen to the news on TV, but should they be allowed to do it by >intercepting the government's airwaves? >My point is that Cyberspace, the Net, or whatever you choose to call >it, may not be the same thing as property. Why shouldn't the >elctronic world be public, just as the real world is? Why shouldn't >the cost of keeping network links up be a part of the function of >government, just as the cost of maintainig roads is today? It seems contradictory to me that you want to fight government oppression and yet you want to enlarge the public sector. Why should everything be privately owned? Compare west Germany and east Germany. The government will either spend too little or too much on 'public' goods (for example - networks ). If it does get it right - it will be trough some studies which would also cost money. And since the government is inefficient too, everybody will pay for this more than if it were private. And by letting the government have control over the networks, you will let it censor the traffic. It will be very easy to justify it with 'the public interest'. (as censorship of things on the airwaves is done now). The world is not and should not be public. Some parts of it are common because it is inefficient to divide those parts explicitly. The government should not be given custody of these resources since it does not protect individual rights correctly. Only individuals can protect their own interests. See for example polution, victimless crimes etc. Common resources must be controlled through courts of justice, like any other resource. Communism is dead. I wish that people would start learning from history. > -- Cos (Ofer Inbar) -- cos@chaos.cs.brandeis.edu > -- WBRS (BRiS) -- WBRS@binah.cc.brandeis.edu WBRS@brandeis.bitnet > "Good literature is about Love and War." > "Junk Fiction is about Sex and Violence." -- By me: Miron Cuperman <miron@cs.sfu.ca>
jjewett@math.lsa.umich.edu (Jim Jewett) (08/27/90)
In article <1990Aug26.063940.29357@chaos.cs.brandeis.edu>, cos@chaos.cs.brandeis.edu (Ofer Inbar) writes: |> In article <11446@medusa.cs.purdue.edu> spaf@uther.cs.purdue.edu (Gene Spafford) writes: ... |> >suppose the material is slanderous, or violates a company's trade |> >secrets, or spreads a virus, or breeches national defense secrets? |> >How about cases where someone is just unceasingly rude? There are |> >social and legal concerns here on both sides, and focusing on only one |> >side will keep everyone from being supportive of the effort. |> |> Well, what is illegal is already illegal. Slander, for example, is |> illegal. No reason for the EFF to try to make it such, when it |> already is. It hasn't really sunk into the culture yet though. Forgeries seem almost a game -- should the EFF promote good net-citizen classes as part of either a civics or an introductory computer class? ... |> >material into inappropriate forums for others to stumble across? Do |> >they have the right to forge their name, and violate accepted |> >protocols to make their statements that almost no one wants to read? |> >What and who exactly is it that needs the protection? |> |> Does a radio station have the right to broadcast opinions that almost |> no one wants to hear? Does anyone have the right to violate accepted |> protocols, on the Net or off it? It is illegal to break in on a regulated frequency; I don't have a right to broadcast over the frequency of a local station. So what about moderated newsgroups? Normally, only the moderators post. But in alt.hackers, a qualification for posting is bypassing this security. If alt.hackers didn't exist, how many more BIFFs would there be showing off? Should this be illegal? -jJ jjewett@math.lsa.umich.edu Take only memories. Jewett@ub.cc.umich.edu Leave not even footprints.
mnemonic@walt.cc.utexas.edu (Mike Godwin) (08/27/90)
Gene Spafford says he is disappointed with items he believes are
"missing" from the Electronic Frontier Foundation missing statement.
One thing that seems to be missing from his own statements is
an admission that he was wrong to accept the government's characterization
of the "theft" in the Neidorf and related Bell South cases.
If it had not been for the efforts of Spafford and like-minded
individuals who promoted the all-hackers-are-dangerous-criminals-who-
deserve-extreme-sanctions mentality, it is possible that no one would
have seen the need for an EFF.
--Mike
Mike Godwin, UT Law School | "We need a new cosmology.
mnemonic@ccwf.cc.utexas.edu | New Gods. New Sacraments.
(512) 346-4190 | Another drink."
| --Patti Smithmnemonic@walt.cc.utexas.edu (Mike Godwin) (08/29/90)
In article <1151@fornax.UUCP> miron@fornax.UUCP (Miron Cuperman) writes: >cos@chaos.cs.brandeis.edu (Ofer Inbar) writes: > >>My point is that Cyberspace, the Net, or whatever you choose to call >>it, may not be the same thing as property. Why shouldn't the >>elctronic world be public, just as the real world is? Why shouldn't >>the cost of keeping network links up be a part of the function of >>government, just as the cost of maintainig roads is today? >It seems contradictory to me that you want to fight government >oppression and yet you want to enlarge the public sector. Why should >everything be privately owned? Compare west Germany and east Germany. In West Germany, the government owns and regulates many things. Ofer's not talking about state ownership of everything or even state ownership of the Net, so far as I can tell. There is no doubt that government involvement in the networks, as in anything else, entails inefficiency. It is not clear, however, how much greater that inefficiency will be than that of the private sector. And it is also unclear whether government involvement might bring benefits that outweigh the inefficiencies. >The government will either spend too little or too much on 'public' >goods (for example - networks ). As opposed to the private sector, which always spends "just right"? Do we really want to analogize the government to Papa Bear and Mama Bear? >And by letting the government have control over the networks, you will >let it censor the traffic. I've made several phone calls today, using a government-regulated service, and--amazingly--no one censored me, even though (knowing me) I almost certainly said an objectionable thing or two. >Communism is dead. I wish that people would start learning from history. And I wish people would learn enough from history to see past the archaic communism-versus-capitalism paradigm. We're about to enter the 21st century; must we carry ideological and rhetorical baggage from the 19th? Ofer doesn't advocate communism in any case. While I'm not sure Ofer's suggestion is the best solution or even a workable one, he deserves a little more consideration than red-baiting. He compared the Net to streets and highways, and I think it's comparison that's worth considering. And, after all, the government owns streets and highways, yet we are not a communist country, by most people's standards. --Mike Mike Godwin, UT Law School | "We need a new cosmology. mnemonic@ccwf.cc.utexas.edu | New Gods. New Sacraments. (512) 346-4190 | Another drink." | --Patti Smith
libove@libove.det.dec.com (Jay Libove) (08/29/90)
In article <11446@medusa.cs.purdue.edu> spaf@cs.purdue.EDU (Gene Spafford) writes: Path: lemans.dec.com!shlump.nac.dec.com!rust.zso.dec.com! bacchus.pa.dec.com!decwrl!sdd.hp.com!samsung!xylogics!bu.edu!purdue!spaf From: spaf@cs.purdue.EDU (Gene Spafford) Newsgroups: comp.org.eff.talk Date: 24 Aug 90 09:06:22 GMT Sender: news@cs.purdue.EDU Reply-To: spaf@uther.cs.purdue.edu (Gene Spafford) Organization: Department of Computer Science, Purdue University Lines: 83 I just finished reading through mailing #3, and I am disappointed. Why? Because there is a very important mission statement missing from the list given: helping to establish a sense of responsibility in users of networks and computers. I'd like to add my suggestion to the EFF that it make Gene's excellent statement above in to one of its stated goals. [ ... excellent discussion about the need for the new statement ... ] I've heard some "crackers" claim it is their "right" to break into any machine they can and read the data. I've also heard someone suggest that writing computer viruses may be a protected form of free speech. I'm appalled by both attitudes, and I suspect that most people who depend on their computers would be similarly alarmed by such statements. Most people want reasonable guarantees of freedom, but they don't want anarchy. I have the right to bear arms, but not to use them wherever and whenever I wish. I have freedom of worship, but I don't have the freedom to sacrifice you to my dieties. Defining and protecting our freedoms is perhaps less than half the necessary task. I think that we have to be very cautious in one place here: in fact, Gene provided the analogy that I will use to make my case... You do indeed have the right to bear arms, as does a cracker have the right to author code that could, improperly applied, be dangerous/viral/etc; you do not have the right to use your weapons indiscriminately, neither does the cracker have the right to unleash his/her creation(s) indiscriminately. But neither does he have the right to stop you from bearing arms, nor do you (or I) have the right to stop him from creating viruses &etc. Not that I'm advocating that everyone create their electronic stockpile of viral warfare, but it should be legal to have them. Unlike real stockpiles of nerve gas &etc a simple accident can't set off an electronic viral infection - that has to be done deliberately by someone. [ There are very definite ways of disputing this, but I think that a little responsibility would prevent all of them. ] I'm glad there are people other than me worried about the future and freedoms of our brave new world of telecommunications and computing. Still, I'm troubled that an organization with as much promise as the EFF fails to stress the development of responsibility and proper usage of computers as one of its aims. From what I have read and been told, I have no problem believing that the EFF would help defend someone wrongly accused of computer trespass, or that they would sponsor lobbying to defeat passage of an unwise piece of legislation concerning telecommunications. However, I also find it difficult to believe that the EFF would help sponsor a campaign in schools to teach kids not to break into others' systems, or that they would help legislators draft balanced computer crime bills, or that the EFF would marshall its resources to help catch computer virus authors. I think that you misunderstood the EFF's goals; I am certain that it is within their scope and intent to sponsor educational campaigns to teach people why breaking and entering electronically is no different than doing so physically, and as above I dispute the item about the authors of computer viruses. From my point of view, that is badly unbalanced -- and I *believe* in all of the EFF's stated goals! It is no wonder there is such a strong image that the group is just a "cracker's defense fund." Time and events will tell if this is just growing pains and poor publicity, or whether it is a skewed philosophy. I dearly hope it is the former. Hopefully, this image is smaller than you believe, Gene; I have not seen enough response anywhere to it to indicate how it is yet being perceived. Let's work together with the EFF to make sure it has a positive image, and see the electronic world flourish, and maybe even grow more reasonable. -- Gene Spafford NSF/Purdue/U of Florida Software Engineering Research Center, Dept. of Computer Sciences, Purdue University, W. Lafayette IN 47907-2004 Internet: spaf@cs.purdue.edu uucp: ...!{decwrl,gatech,ucbvax}!purdue!spaf -- Jay Libove libove@libove.det.dec.com Digital Equipment Corporation decwrl!libove.det.dec.com!libove Detroit ACT/Ultrix Resource Center Opinions? They're mine, mine, all mine! Farmington Hills, Michigan and D.E.C. Can't have 'em!
spaf@cs.purdue.EDU (Gene Spafford) (08/31/90)
In article <36814@ut-emx.UUCP> mnemonic@walt.cc.utexas.edu (Mike Godwin) writes: >Gene Spafford says he is disappointed with items he believes are >"missing" from the Electronic Frontier Foundation missing statement. > >One thing that seems to be missing from his own statements is >an admission that he was wrong to accept the government's characterization >of the "theft" in the Neidorf and related Bell South cases. > >If it had not been for the efforts of Spafford and like-minded >individuals who promoted the all-hackers-are-dangerous-criminals-who- >deserve-extreme-sanctions mentality, it is possible that no one would >have seen the need for an EFF. As a law student, Mike, I believe you would understand the definitions of libel and slander? Making false statements about another in a public forum falls under such definitions, does it not? I have never promoted any such philosophy as you claim. Nor have I ever expended any effort on behalf of such a cause. I have, however, objected to the false characterization that "anyone who calls himself a hacker and is prosecuted by the government is obviously a wrongly-persecuted innocent." I don't believe I owe anyone an apology. You do. I have worked as a consultant for a number of firms and government agencies. I have seen transcripts of login sessions where hackers damaged files, boody-trapped systems, stole proprietary information, and crashed systems. I have had my own machine broken into and damaged. I know from personal experience that there are some real rotten people out there. The existance of those people certainly doesn't excuse slipshod or incorrect prosecution. But it does mean that there are legitimate reasons why law enforcement officials are trying to catch and prosecute some of them. I haven't seen any evidence of the sinister conspiracy theories some people have been promoting. Ignorance, perhaps. Frustration, perhaps. But not evil intent. People are losing time and money because of unauthorized users, and the law enforcement personnel are trying to respond -- that's their job. Unfortunately, they don't have the tools or training to do it as well as they should, nor do they have the cooperation. That doesn't mean they are going to ignore the victims. Along with the vigorous protestations about rights, I think it would be much more constructive to think up ways to stop cracking/hacking and help catch the transgressors than it would be to continue to publicly slam people who don't necessarily agree with you. -- Gene Spafford NSF/Purdue/U of Florida Software Engineering Research Center, Dept. of Computer Sciences, Purdue University, W. Lafayette IN 47907-2004 Internet: spaf@cs.purdue.edu uucp: ...!{decwrl,gatech,ucbvax}!purdue!spaf
yamauchi@heron.cs.rochester.edu (Brian Yamauchi) (09/02/90)
In article <11502@medusa.cs.purdue.edu>, spaf@cs.purdue.EDU (Gene Spafford) writes: > In article <36814@ut-emx.UUCP> mnemonic@walt.cc.utexas.edu (Mike Godwin) writes: > > > >If it had not been for the efforts of Spafford and like-minded > >individuals who promoted the all-hackers-are-dangerous-criminals-who- > >deserve-extreme-sanctions mentality, it is possible that no one would > >have seen the need for an EFF. > The existance of those people certainly doesn't excuse slipshod or > incorrect prosecution. But it does mean that there are legitimate > reasons why law enforcement officials are trying to catch and > prosecute some of them. I haven't seen any evidence of the sinister > conspiracy theories some people have been promoting. Ignorance, > perhaps. Frustration, perhaps. But not evil intent. People are > losing time and money because of unauthorized users, and the law > enforcement personnel are trying to respond -- that's their job. > Unfortunately, they don't have the tools or training to do it as well > as they should, nor do they have the cooperation. That doesn't mean > they are going to ignore the victims. I don't think anyone is arguing that the victims should be ignored, but I have yet to see any reasonable justification for actions such as the confiscation of equipment from Steve Jackson Games just because they publish a Cyberpunk role-playing game. I would agree that this action is probably due more to fear and ignorance than conspiracy, but this hardly makes it any better -- some of the most brutal actions in human history have been the result of fear and ignorance. > Along with the vigorous protestations about rights, I think it would > be much more constructive to think up ways to stop cracking/hacking > and help catch the transgressors than it would be to continue to > publicly slam people who don't necessarily agree with you. Certainly there is a role for anti-cracking, anti-virus organizations, but such organizations exist (CERT and NCSC, for example). However, up until now there have been no organizations devoted to protecting electronic rights from government infringement -- EFF seems to be ready to do so. I think it's unreasonable to require that EFF do the job of CERT, just as it would be unreasonable to require that the ACLU do the job of the FBI. _______________________________________________________________________________ Brian Yamauchi University of Rochester yamauchi@cs.rochester.edu Computer Science Department _______________________________________________________________________________
macrakis@osf.fr (Stavros Macrakis) (09/03/90)
In article <LIBOVE.90Aug29095130@libove.det.dec.com> libove@libove.det.dec.com (Jay Libove) writes: In article <11446@medusa.cs.purdue.edu> spaf@cs.purdue.EDU (Gene Spafford) writes: ... I've heard some "crackers" claim it is their "right" to break into any machine they can and read the data. I've also heard someone suggest that writing computer viruses may be a protected form of free speech. I'm appalled by both attitudes, and I suspect that most people who depend on their computers would be similarly alarmed by such statements. Most people want reasonable guarantees of freedom, but they don't want anarchy. I have the right to bear arms, but not to use them wherever and whenever I wish. I have freedom of worship, but I don't have the freedom to sacrifice you to my dieties. Defining and protecting our freedoms is perhaps less than half the necessary task. I think that we have to be very cautious in one place here: in fact, Gene provided the analogy that I will use to make my case... You do indeed have the right to bear arms, as does a cracker have the right to author code that could, improperly applied, be dangerous/viral/etc; you do not have the right to use your weapons indiscriminately, neither does the cracker have the right to unleash his/her creation(s) indiscriminately. But neither does he have the right to stop you from bearing arms, nor do you (or I) have the right to stop him from creating viruses &etc. Not that I'm advocating that everyone create their electronic stockpile of viral warfare, but it should be legal to have them. Unlike real stockpiles of nerve gas &etc a simple accident can't set off an electronic viral infection - that has to be done deliberately by someone. [ There are very definite ways of disputing this, but I think that a little responsibility would prevent all of them. ] ... I believe in individual responsibility. This does not exclude the legitimacy of the state's restricting the possession (as well as the use) of dangerous things, and in particular things whose only use is criminal. It is thus illegal to possess machine guns. It is illegal to possess heroin. It is illegal to possess lock-picking equipment. It is illegal to possess forged money and presses for forging money. It is probably illegal to possess blueprints of Stealth bombers. (Most of these have exceptions involving licenses etc.) The `hazard' argument is actually a good one too. It is indeed illegal to possess nerve gas or explosives.... And it is not true that an electronic viral infection cannot be set off unintentionally. I believe that most researchers who have played with viruses have discovered that what started as an experiment ended as a bad infection. And Morris's worm was apparently mis-tuned.... ((Discussion of right-to-bear-arms self-censored to avoid flames.)) Obviously, in all of these cases of illegality, there has to be some reason for the state to investigate -- there aren't weekly inspections of people's cellars to see if they're building bombs. However, if there is a pattern of abuse by some person and investigation shows that there is some vicious virus sitting on his computer along with an illegitimate collection of passwords from net hosts, that's dangerous! -s
mnemonic@walt.cc.utexas.edu (Mike Godwin) (09/05/90)
In article <11502@medusa.cs.purdue.edu> spaf@cs.purdue.edu (Gene Spafford) writes: > >As a law student, Mike, I believe you would understand the definitions >of libel and slander? Making false statements about another in a >public forum falls under such definitions, does it not? It does not. As always, Spaf, you forget the all-important element of intent. I may well have misrepresented you, but I never knew I was stating a falsehood nor did I lack concern as to whether the statements were true or false. Assuming you are a public figure in the world of computer security, my comments were protected speech, even if, due to my possible misunderstandings, they were false. The reason I say "as always" above, Spaf, is that you often seem to forget the significance of the element of "intent" when it comes to hacking as well. Most hackers lack serious criminal intent. Morris seems to have lacked criminal intent altogether, but you (as I recall) wanted to ban him from the computer industry forever. >I have never promoted any such philosophy as you claim. Nor have I >ever expended any effort on behalf of such a cause. I have, however, >objected to the false characterization that "anyone who calls himself >a hacker and is prosecuted by the government is obviously a >wrongly-persecuted innocent." I don't believe I owe anyone an >apology. You do. I apologize if I misrepresented you, but based on what you have said publicly about both the Morris case and the Neidorf case, it is hard for me to see how I have done so. In any case, I didn't suggest you apologize; what I said was this: >One thing that seems to be missing from his own statements is >an admission that he was wrong to accept the government's characterization >of the "theft" in the Neidorf and related Bell South cases. You assured me and other people, Gene, that the facts of the Bell South cases would demonstrate the wisdom of the prosecutions. This demonstration has yet to come to pass. Perhaps if you are unwilling to admit you were mistaken, you might be willing to say the teensiest tiniest positive thing in favor of Neidorf, who's out tens of thousands of dollars? >I know from personal experience that there are some real >rotten people out there. Indeed there are, but this is an odd comment, since no one is disputing you here. >The existance of those people certainly doesn't excuse slipshod or >incorrect prosecution. This comes close to the admission about the Neidorf case I suggested you make. > But it does mean that there are legitimate >reasons why law enforcement officials are trying to catch and >prosecute some of them. Again, an odd comment, since no one disputes that there are legitimate reasons to prosecute hackers. > I haven't seen any evidence of the sinister >conspiracy theories some people have been promoting. I don't mean to give credence to any particular conspiracy theory here, Spaf--I don't think there are any conspiracies in the ordinary sense, and I don't know anyone who does. I think it may be a rhetorical strategy on your part to classify those who criticize certain patterns of government behavior as "conspiracy theorists." The question that comes to my mind is this: Would you allow yourself to recognize such evidence if you saw it? > Ignorance, >perhaps. Frustration, perhaps. But not evil intent. People are >losing time and money because of unauthorized users, and the law >enforcement personnel are trying to respond -- that's their job. You forget to mention those who have lost time and money not because of unauthorized users but because of uninformed prosecutions. >Unfortunately, they don't have the tools or training to do it as well >as they should, nor do they have the cooperation. That doesn't mean >they are going to ignore the victims. Indeed. They seem to have created a new class of victims that *wishes* it had been ignored. >Along with the vigorous protestations about rights, I think it would >be much more constructive to think up ways to stop cracking/hacking >and help catch the transgressors than it would be to continue to >publicly slam people who don't necessarily agree with you. Well, by Net standards what I wrote earlier hardly qualifies as a "slam." But I do apologize for misrepresenting you, if in fact I did. I still wish, however, that you would admit you were mistaken about the Neidorf case. --Mike Mike Godwin, UT Law School | "We need a new cosmology. mnemonic@ccwf.cc.utexas.edu | New Gods. New Sacraments. (512) 346-4190 | Another drink." | --Patti Smith