Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

IP: Follow-up on Oklahoma whistleblower: [risks] Risks Digest 21.62

From: David Farber <dave () farber net>
Date: Sun, 26 Aug 2001 21:05:32 +1000



Date: Sat, 25 Aug 2001 10:12:13 PDT
From: "Peter G. Neumann" <neumann () csl sri com>
Subject: Follow-up on Oklahoma whistleblower

Sheldon Sperling <Sheldon.Sperling () usdoj gov>, the U.S. Attorney in the
Brian K. West case, has responded to various e-mail protests on his handling
of the case.  He claims that West was not arrested and has not been charged.
However, an investigation is pending, to determine whether West
"intentionally accessed a computer without authorization or exceeded
authorized access (to access a computer with authorization and to use such
access to obtain or alter information in the computer that the accesser is
not entitled so to obtain or alter), (2) whether the employee thereby
obtained information from a protected computer (a computer which is used in
interstate or foreign commerce or communication), and (3) whether the
conduct involved an interstate communication.  18 USC 1030."  [The full
statement from Sperling is included in a message from Declan McCullagh,
which is accessible at http://www.politechbot.com/ .]

I have noted in this space before that when there is no security in place,
the alleged culprit cannot have exceeded authority when no authority is
implied.  As long-time RISKS readers will recall, this issue came up
relating to the trial of Robert Tappan Morris: in 1988, the Internet worm
never exceeded authority, because no authority was required to use the
sendmail debug option, to use the .rhosts mechanism, to execute the finger
daemon, or to read an unprotected encrypted password file.  I wonder how
if prosecutors will ever figure this out!

As long as we attempt to shoot the messenger and hide lame security behind
overly broad laws, weak security will prevail, and whistleblowers will be
much rarer than glassblowers.  (For example, DMCA is among other things an
attempt to outlaw whistleblowers.)




For archives see: http://www.interesting-people.org/
Previous By Date Next
Previous By Thread Next

Current thread: