Interesting People mailing list archives
IP: Follow-up on Oklahoma whistleblower: [risks] Risks Digest 21.62
From: David Farber <dave () farber net>
Date: Sun, 26 Aug 2001 21:05:32 +1000
Date: Sat, 25 Aug 2001 10:12:13 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: Follow-up on Oklahoma whistleblower Sheldon Sperling <Sheldon.Sperling () usdoj gov>, the U.S. Attorney in the Brian K. West case, has responded to various e-mail protests on his handling of the case. He claims that West was not arrested and has not been charged. However, an investigation is pending, to determine whether West "intentionally accessed a computer without authorization or exceeded authorized access (to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter), (2) whether the employee thereby obtained information from a protected computer (a computer which is used in interstate or foreign commerce or communication), and (3) whether the conduct involved an interstate communication. 18 USC 1030." [The full statement from Sperling is included in a message from Declan McCullagh, which is accessible at http://www.politechbot.com/ .] I have noted in this space before that when there is no security in place, the alleged culprit cannot have exceeded authority when no authority is implied. As long-time RISKS readers will recall, this issue came up relating to the trial of Robert Tappan Morris: in 1988, the Internet worm never exceeded authority, because no authority was required to use the sendmail debug option, to use the .rhosts mechanism, to execute the finger daemon, or to read an unprotected encrypted password file. I wonder how if prosecutors will ever figure this out! As long as we attempt to shoot the messenger and hide lame security behind overly broad laws, weak security will prevail, and whistleblowers will be much rarer than glassblowers. (For example, DMCA is among other things an attempt to outlaw whistleblowers.)
For archives see: http://www.interesting-people.org/
Current thread:
- IP: Follow-up on Oklahoma whistleblower: [risks] Risks Digest 21.62 David Farber (Aug 26)