Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
The Courts Government News

Gilmore Commission Recommends Secret 'Cyber Court' 229

Posted by michael from the quis-custodiet dept.
hillct writes: "Yesterday the House Committee on Science received newly released cyber security recommendations from Virginia Governor James S. Gilmore, III of the Gilmore Commission. Most disturbing among these recommendations was a call for "Establishment of a special 'Cyber Court' patterned after the court established in the Foreign Intelligence Surveillance Act"." See also the Wired story. Do we really need another secret, unaccountable court?
This discussion has been archived. No new comments can be posted.

Gilmore Commission Recommends Secret 'Cyber Court' More

Gilmore Commission Recommends Secret 'Cyber Court'

Comments Filter:

  • Great (Score:2, Insightful)

    by All Dat ( 180680 )
    Just what we need, more people who know little about technology trying to rein in technology.

    Next thing you know, I'll be needed to license my palm pilot.

    Can't they just keep up instead of trying to hold everyone else back?

    • License for palm pilot (Score:2, Interesting)

      by doogieh ( 37062 )
      >Next thing you know, I'll be needed to license my palm pilot.

      Actually, you may soon need a license for your palm pilot. There is a patent case where Xerox claims that palm's graffiti language infringes its patent. If Xerox wins, you will have to pay royalties on any new palm/handspring/sony you buy.

      Now, to the point: if a private party can make you license a palm pilot, the government can probably try. Do you use your palm in interstate commerce?

    • Re:Great (Score:2, Funny)

      by Winged Cat ( 101773 )
      Next thing you know, I'll be needed to license my palm pilot.

      What, you mean like a pilot's license? ;)
    • Just what we need, more people who know little about technology trying to rein in technology.

      US heads for Taliban style technology laws, News at 11

  • "* Youth" (Score:2, Insightful)

    by Hard_Code ( 49548 )
    "Cyber Youth"
    "Big Brother Youth"
    "Hitler Youth"
    ...

    I think the "Youth" should be able to make up their own minds how they want to contribute to society. Not be used as a tool for ruling elites.
    Bah...that's my little rant.

  • We need a secret court.... (Score:5, Insightful)

    by M-2 ( 41459 ) on Thursday October 18, 2001 @11:44AM (#2446935) Homepage
    like a fish needs a ham sandwich.

    Wasn't a BIG part of the whole freedom thing supposed to be to give us a TRANSPARENT legal system, so that EVERYONE could see what was going on? Isn't that the theoretical basis of the entire judicial system of the United States?

    Isn't that why the hell anyone who's actually read history understands the sheer terror that the words 'Star Chamber' means?

    I'm going to change my name to something like Cromwell, I think. Oliver Cromwell. That would be a suitable name for the US of the 21st century.
    • So you're willing to let a target know when they get wiretapped or traced, right? Surely such a person would of course ignore the summons to the court, and simply carry on business as usual.

      Give me a break. Yes, you need something like this. You sometimes need the ability to get a secret court order. You've got to have people at the court who are extremely skeptical, and intentionally make it difficult to get the orders.
      • We already HAVE that option. We don't NEED a completely new set of courts - use what we already HAVE!

        And yes, we need more judges who hate the very IDEA of these things and require a tremendous amount of proof to allow them. The courts themselves are helping to cause this problem.

      • Re:We need a secret court.... (Score:5, Insightful)

        by tdye ( 308813 ) <`ei.eerteulb' `ta' `ynot+llunved'> on Thursday October 18, 2001 @12:03PM (#2447044) Homepage Journal
        Oh, brother. Of course you don't inform the subject of a wiretap that they're being monitored. The point here is that, even though a wiretap is secret, you still have to prove to a judge, in documents that are publicly available during a trial (if any), that there was 'probable cause' to perform the wiretap. What Gilmore is proposing is that you should be able to ignore probable cause, and that the govt. should be able to use secret evidence, unavailable even to the defense in a trial, to justify the wire.

        Of course surveillance should be secret. The judicial branch, however, thrives only if the people trust it, and secrecy destroys trust.
      • That's not even the same damn thing. I wonder if the Freedom of Info Act would allow someone that's being wiretapped to find out. But I digress. What we're talking about here is not the investigation where there is a need for secrecy. It's the hearing after the investigation, where the evidence is laid out and and you are judged by a jury of your peers.

        Without examination of the procedings, the evidence, and the findings, you're giving a court far too much power. Our founders knew that because it's common sense. "Abosolute power corrupts absolutely."
        • Although I've always been too chicken to ask for my FBI file under FOIA, it's clear from the FBI FAQ on it, that they review the file before release and will block out anything that could endanger an ongoing investigation. So no, you cannot ask for your file in an attempt to determine if you are currently being tapped. However, if you get your file and the whole thing is blocked out, you might want to implement some security measures. :)
      • So you're willing to let a target know when they get wiretapped or traced, right?



        I'm not entirely sure what you're talking about. It's already legal to tap or trap-and-trace someone without telling him. Changing the venue of the court that signs the court order wouldn't change that. All it would do, is make it harder for a defendant to see the evidence against him when it actually goes to trial.



        Surely such a person would of course ignore the summons to the court, and simply carry on business as usual.



        I'm not sure what you're talking about. It's not hard for anybody to ignore a summons-someone blows off one of mine at least once every other week. All that happens is the court puts out a bench warrant for them.



        Give me a break. Yes, you need something like this. You sometimes need the ability to get a secret court order.



        Um, no we don't. Taps/traps-and-traces are already secret until they get introduced into court. Having a Star Chamber only means that the defendant wouldn't be able to see the probable cause used to justify the invasion when the case goes to trial. Never mind the legal requirements of discovery in the US...



        But then, I'm just a dumb-shit cop. You obviously know more than me about what we need.

        • But then, I'm just a dumb-shit cop.

          Don't suppose you have any other cop freinds who are tech aware enough to campaign against this? I mean if the cops say they don't want the law then the politicains would look like fools to go ahead with it, if you'd do us all a good turn and talk to your union reps etc about it, maybe you could help everyone.
    • > Isn't that why the hell anyone who's actually read history understands the sheer terror that the words 'Star Chamber' means?

      Well, y'see, that's British history, and us 'murricans dun fought a war t'git away from y'all limey types. This hear's America, and we gunna teach our young'uns American history, dammit!

      So the sad thing is that most of our countrymen never learned what Star Chamber was, nor why it's a mistake we should strive never to repeat.

      There's a place for secrecy -- for instance, I have no fundamental problem with the philosophy behind FISA's secret court - if there's evidence which, if published, would result in the dissemination of classified material or other threats to national security - then so be it. And in such cases, the judge has a need to know everything, but I'd argue that the defence doesn't. It's a fine line, but we saw the system work in the case of the FBI's keylogger -- it took a while, but ultimately, enough information was released that the defence could prepare a defence, without compromising operational security.

      (That is, the purpose of FISA is to prevent the openness of the court from being used as an excuse to bring things into evidence that would compromise national security -- just think of the damage that could be done by some twit just reciting classified information into the court record as part of his "testimony".)

      But for Joe Skr1ptk1ddie - where the only "security threat" I can see is the publication of security holes that become widely known to the security community within hours of the crime (and the investigation won't happen for days, and the trial won't happen for months), this is worse than overkill, it's dangerous.

    • Let's get a few things clear. The FISA court is not a trial court. It does not try and convict anyone. It's primary purpose was to create a secret means by which to approve the usage of CIA, NSA, and other (supposed to be) foriegn directed intelligence technology against people residing in the US. Court records are sealed so that you never know who they are spying on or why.

      In theory, having a court to keep national security issues out of the public record, while building your case, doesn't sound like a bad thing. In practice FISA is a rubber stamp. The court has been invoked a few dozen times and only once denied an application for surveillance powers, and that time was because the adminstration reversed themselves and said they no longer wanted those powers, in that case.

      I would guess we are looking at a similar rubber stamp for monitoring hackers. I don't think they would try to create a secret trial court, but I can imagine the government wanting a secret court to permit breaking into and monitoring hacker computers and communications. This bothers me, because hacking and national security seem to be rather far apart in the scale of things.

      The principle behind the FISA court seems sound, until you realize it's a rubber stamp. Doing the same for hacking doesn't seem to make sense even in the first case. How much programming knowledge does one need before they revoke your right to privacy?
      • hacking and national security seem to be rather far apart in the scale of things.

        I think you're wrong. If a hacker (unethical hacker that is) goes after a power grid, that's a problem for national security, as the hacker could knock out power for an entire region, or worse, the entire country. Having no electricity in the entire United States seems like an issue of national security to me.
        • IF it is an issue of national security then you could use national security channels, including the FISA court.

          That they want to create a special court for hacker crimes implies to me that they want to go after things that aren't covered by the current system, and by implication, aren't neccesarily matters of national security.
      • I don't think they would try to create a secret trial court, but I can imagine the government wanting a secret court to permit breaking into and monitoring hacker computers and communications.

        Why bother with a trial? Just announce that there was a "gun battle" with those horrible "hackers" and classify all information relating to the incident, you just need some bod to have a press conference and tell the world justice has been done, its called a whitewash and thats what politicians do see Warren Commision, Nixon, Bill/Monica etc for why we should not trust politians or their cronies.

    • what is Star Chamber (Score:4, Informative)

      by onepoint ( 301486 ) on Thursday October 18, 2001 @12:30PM (#2447180) Homepage Journal
      For those that don't know what Star Chamber is please go to
      http://www-2.cs.cmu.edu/~altmann/star-chamber.ht ml

      it's a quick summary.

      -onepoint

      • This link seems to be SlashDOSed.

        So here goes my explanation. A Star Chamber is essentially identical to what is described in the article. A secret court with secret members, which conducts a secret trial, and meets out summary punitive 'justice'. Whilst the concept predate history the name "Star Chamber" is taken from such a court that existed to deal with suspected Tories/Collaborators in the American insurrection/rebellion.

      • sorry I forgot about the slashdot effect. here is the cut and paste from that above mentioned site

        Start

        An English court of law active in the Tudor and early Stuart periods, abolished by the Long Parliament in 1641. An outgrowth of the royal council, it was made up of privy councilors as well as judges and supplemented the activities of the common-law and equity courts in both civil and criminal matters. Initially well regarded because of its speed and flexibility, Star Chamber became unpopular as the Stuart kings used it with increasing arbitrariness to enforce the royal prerogative. Its name thus became synonymous with secret, irresponsible court proceedings. (Academic American Encyclopedia)

        End

    • Here's what scares the crap out of me:

      Instead, Gilmore told the House Science committee, the commission will recommend that a "cyber court" be created with extraordinary powers to authorize electronic surveillance and secret searches of suspected hackers' homes and offices.

      Extraordinary Powers!!! Ack! I think the whole Office of Homeland Security. [whitehouse.gov] is malformed idea.

      It doesn't fit well within the govt. already existing structure, it duplicates many efforts, and it has yet to be determined exactly how & why it will function.

      Secret courts... anything secret in the Govt. scares the crap out of me... and not only that:

      Rep. Vernon Ehlers (R-Michigan) suggested additional punitive measures. "I think hackers should also be considered terrorists and sentences that hackers get should be in line with terrorist sentences," Ehlers said.

      First there was the blurring and redifinition of the word 'hacker' to become the word 'cracker', and now hackers ARE being called terrorists!

      Beware Linux hackers... you are terrorists!

  • Isn't this a bit redundant? (Score:5, Interesting)

    by weez75 ( 34298 ) on Thursday October 18, 2001 @11:47AM (#2446954) Homepage
    The federal courts are equipped to handle cyber-terrorism or threats. In fact, they already handle a very similar thing: mail fraud. There are a million varieties of danger posed by use of networked systems. However, the basic premis of the federal courts having authority is that 1) it generally uses and affects entities in multiple states 2) it can pose a threat to national security. That being said, why do we need another court? It seems to me the old coots that wrote this thing called the Constitution already have this covered...
    • Before we worry about cyber-terrorism, can we at least establish that it actually exists?

      Dispite dire warnings from the usual suspects, nothing since the Morris worm has had any significant effect on the Internet as a whole. Code Red & the mafiaboy attacks have had effects on some sites, but these have been self-limitting - the knowledge that Code Red is possible has resulted in people installing the patches, and made future occurances less likely. None of these are what I'd call terrorism either, any more than someone getting all their friends to flush their toilets or call the same phone number at the same time is.

      • since the Morris worm has had any significant effect on the Internet as a whole

        Nimda trashed a decent portion of the internet by overloading it to the point that router traffic couldn't get through. This caused widescale route flapping for a day or two which caused regional instability.

        Earlier this year, a train fire in Baltimore took out a good part of the local network infrastructure - this could easily be much worse if someone attacked the fiber deliberately and in multiple places.

    • With "Hackers" sentensed like terrorists and whose search warrants are overseen by some shadowy court, I can see this going two ways. Because, unless the Constitution was amended, these would still be tried by jury, it may make it harder to get convictions in these cases, and a jury may be FAR more inclined to allow for reasonable doubt if the sentense is harsh than they would if the sentense was not.

      If your mother was on a jury, would she be able to convict someone guilty of industrial espionage as a terrorist? This recomendation could essentially pardon all the sc121p7 k1dd13s out there and make this sort of crime MUCH harder to prosecute because a jury may not be as likely to call them terrorists...

      OTOH, if this sort of case did not become harder to prosecute, then it could create a chilling effect in the security industry, sort of like the DMCA is doing how.
  • For over 200 years the USA has suffered under it's impractical Constitution [nara.gov] and the unworkable so-called "Bill of Rights". We need to move forward into a new era where we can compete with every tin-pot dictatorship and repressive regime on their own level!

    Only criminals need fear this - you're not a criminal are you?

    • First get elected in dodgy election where you win after some strange goings on in the State run by your brother and your electoral agent gets to deny the opposition a recount.

      Next up closed courts.....

      Next thing you know he'll bomb the Red Cross....

  • Why do 'Hacker Cases' Need a Secret Court? (Score:4, Interesting)

    by Fatal0E ( 230910 ) on Thursday October 18, 2001 @11:50AM (#2446968)
    I mean, come on. Realistcally I can at least empathize when the gov't says that sometimes it has to operate outside the legal system in issues of National Sec. I wouldnt want a suspected terrorist to know he's being monitored. I might fall under that same watchfull eye but that's a sacrifice I'd make.

    But why would a hacker court need to be so secretive? If the gov't is afraid of a group of people being able to shut down and disrupt major networks, then those networks need to be secured, not the system for monitoring them and prosecuting them! I mean, those old farts in office invented that stupid saying of ounce of prevention, pound of cure!

  • Beautiful. (Score:4, Informative)

    by dave-fu ( 86011 ) on Thursday October 18, 2001 @11:52AM (#2446978) Homepage Journal
    Forget the right to a fair trial, hackers are threatening our country's very lifeblood! Or something equally dramatic.
    The good news is that they won't be high-profile cases where there's some sort of onus on the government to come through in a big, excessively punitive way (are shoplifters forbidden to walk in stores after they've served their time? are murderers forbidden to be around people after they've served their time? embezzlers forbidden to be around company books after they've done theirs? then why exactly are mitnick et. al forbidden to be around computers/electronic equipment after they've served theirs?). The bad news is that we'll have a new branch of the government with a minimum of public overview running wild on an increasingly marginalized subset of society.

  • if they can do it so can we (Score:5, Funny)

    by how_would_i_know ( 526620 ) on Thursday October 18, 2001 @11:52AM (#2446981)
    "Instead, Gilmore told the House Science committee, the commission will recommend that a "cyber court" be created with extraordinary powers to authorize electronic surveillance and secret searches of suspected hackers' homes and offices."

    Well... maybe we should convice some judge to create a new 'cyber congress' with extraordinary powers of resistance to soft money.
    • We obsess here a lot about network security for very good reasons. Proposals like this from government and industry also make obvious the need for equally thorough physical security.

      I don't think prevention is possible in the case of an adversary like a well heeled business or the government. They can get in your house and fiddle with your equipment any time they want with "courts" like these. Detection on the other hand should be investigated.

      I'm thinking of things like a switch on the inside of cases that causes emails and log entries when tripped. Ditto for mucking about with the keyboard or any other periphreals. How about a motion detection system monitoring the workstations and other hardware....that itself trips all manner of indications if it is tampered with.

      Of course, Tripwire or a similar utility should be monitoring the integrity of files as well.

      I like the idea of Mr. Federal Agent seeing my face pop up on the monitor as I ask him "Can I help you with something or did you just come in here to surf some porn?"

  • Yeah That's Just What We Need (Score:4, Funny)

    by Greyfox ( 87712 ) on Thursday October 18, 2001 @11:53AM (#2446987) Homepage Journal
    Secret courts and a national ID card. We also need to be able to create laws and retroactively punish people under them, be able to jail people for speaking out against the government and be able to house troops in normal peoples' houses. Oh, and tax tea at 3x its normal price.

  • Biased (Score:1, Flamebait)

    by Reality Master 101 ( 179095 )

    A government anti-terrorism commission will recommend that Congress create a shadowy court to oversee investigations of suspected computer intruders.

    "Shadowy"? Nice bias, Wired. I pretty much discounted everything in the article after that. It's clear that the writer of the article has an agenda that they are pushing.

    But back to the topic: Where, exactly, does it say that this is going to be a "secret, accountable" court? It just sounds like a court that specializes in technology matters. Many Slashdotters complain that the courts are clueless when it comes to technology; why not have a court that specializes in these matters so they can make informed judgements?

    Personally, I think hacking should be cracked down on HARD. Not life imprisonment, but at least, say, six months in jail.

    • OK, you don't like the word shadowy and think it shows bias. How about the press release from the House of Representatives?

      "
      The Commission's recommendations regarding cyber security include:
      ...
      Establishment of a special "Cyber Court" patterned after the court established in the "Foreign Intelligence Surveillance Act."
      "

      Now the FISA court is notorious for having virtually no oversight and its specifically used only in cases of grave national security (I'm taking the government's word on this because I can't check it, which is the whole problem, isn't it?) where the fate of the nation can hang in the balance. Hacking cases, for the most part are not a case of national security, nor is the fate of the nation visibly changed whether police are required to have probable cause before they take down slashdot because somebody posted a deCSS haiku.

      What, pray tell, is the possible justification in your mind to treat hack case evidence with the same paranoia as properly classified government secrets?

      DB
      • Now, if they wanted to set up a "Cyber Court" which was like a normal court only with clueful judges, it would be a good thing. But apparently they want this special court just because it's too hard for the poor incompetents in the FBI and Justice Dept to have to actually show probable cause... AAAGHHH!

        The one good thing about this -- after the Supreme Court tosses this out, they might take a good hard look at the FISA too...

  • Could be interesting (Score:4, Interesting)

    by Magumbo ( 414471 ) on Thursday October 18, 2001 @11:54AM (#2446991)
    A cyber court should exist only online, and all cyber jurors should have a minimum of a BS in computer science, computer engineering or electrical engineering.
    • This cyber court you speak of, it already exists. We call it slashdot. All we need to do is tie it into the legal system somehow.
      • This cyber court you speak of, it already exists. We call it slashdot. All we need to do is tie it into the legal system somehow.

        Yes, that is exactly what we need, a legally recognised Slashdot, where I get ``modded'' to 5 years in prison for using FreeBSD instead of the ever-so-worderfully communist Linux. Heaven help me if the court discovered that I don't want to kill Bill Gates on sight.

    • Sometime in 2004...

      "Hi, I'd like to apply for a position on the cyber court."

      "That's fine, could you please establish your education for us?"

      "Well, I went to Harvard for three years before I dropped out to form my own New World Or... er... company."

      "I'm sorry, sir, but we require a bachelor's degree for all members of the court."

      "I'm Bill Gates, dammit! I founded MicroSoft! I'm the richest man in the world!"

      "Oh, you should go see the summons department then. They've been wanting to meet with you about why people who have Office FU keep reporting lost data due to someone sniffing around from an IP we traced to Redmond."

      "Err... it was Nintendo of America! Yeah, that's the ticket!"

      "Do you have a toothbrush, sir?"
    • A cyber court should exist only online...

      So, would it be cause for a retrial if they found out the members of the jury were looking up pr0n during the trial? Or would that be considered standard practice?

  • Do we really need another secret, unaccountable court?

    Lisa: It's a rhetorical question! ... Do you know what rhetorical means?

    Homer: Do _I_ know what _rhetorical_ means?

  • Two good points, actually. (Score:5, Insightful)

    by Stonehand ( 71085 ) on Thursday October 18, 2001 @11:56AM (#2447008) Homepage
    1. The article specifically mentions that one problem with putting these cases through the general court system is that the technical details are important, but often not terribly understood. A specialized court could be composed of jurists who have technical knowledge, which IMHO is something that would be welcomed instead of blasted.

    2. Of course FISA is secret. Of course, if this court deals with network surveillance it should be, too. There isn't much of a point in tipping off a suspect by telling them that they're under surveillance. What, you'd rather that they use TEMPEST ELINT from vans prominently marked, "Flowers By Irene?
    • 2. Of course FISA is secret. Of course, if this court deals with network surveillance it should be, too. There isn't much of a point in tipping off a suspect by telling them that they're under surveillance. What, you'd rather that they use TEMPEST ELINT from vans prominently marked, "Flowers By Irene?

      Wouldn't any investigation need to be secret? How is this different from, say, a racketeering or murder or fraud investigation? Should we have secret courts for them, too?

      "If it ain't broke, don't fix it" seems to apply here.
      • Yeah, but: by their logic, we should have secret courts for all investigations. "We suspect this dotcom must be laundering money or something, because they refused our buddy's offer to buy out their business for $1000 (even though the office hardware alone is worth more than that). But of course we can't run an effective investigation if anyone knows we're investigating them. Oh, yeah, and we're outsourcing this particular investigation to our buddy's firm. No, we're not particularly concerned that they'll use the investigation to find out the dotcom's customers and harass them into switching to our buddy or at least stop buying from the dotcom. But how could we run this investigation if that became public knowledge?"

  • Of course we don't (Score:3, Interesting)

    by alewando ( 854 ) on Thursday October 18, 2001 @11:57AM (#2447014)
    There is precisely one justification for the secret courts established under the Foreign Intellgence Surveillance Act: national security. The secret courts that meet in that jurisdiction concern themselves with matters of espionage and highly sensitive information that would jeopardize national security if made public.

    I personally can't stand it. The 5th amendment and 6th amendments clearly lay out due process and the rights of the accused who stands trial, and few if any of these guarantees are honored by these secret tribunals. There is no textual basis for a national-security exception to any of the Bill of Rights, and it flies in the face of fundamental principles of fairness.

    However, at least with national security, we have a really damn important interest being protected; if anything would justify tearing up the Bill of Rights, it would be on the level of national security. But what in tarnation is there to protect in a cyber court? Trade secrets? The integrity of corporate networks? Is this truly something so pernicious and of such overriding importance? Hardly.

    They've got their national-security exception. If it's "terrorism" and it's conducted by foreign agents, then the Foreign Intelligence court already has jurisdiction. If we go down this path, then nothing will remain protected under the Bill of Rights and the Constitution in general, and that is a very scary prospect.

    Hooray for corporate interests, indeed.
    • There is precisely one justification for the secret courts established under the Foreign Intellgence Surveillance Act: national security. The secret courts that meet in that jurisdiction concern themselves with matters of espionage and highly sensitive information that would jeopardize national security if made public.

      This is a really weak justificaton. None of the other rights has any sort of limitation, except if the right infringes on another right. National Security is almost always a cover for something that someone has screwed up or something that if known the public wouldn't buy at all. Or in the worst and most unfortunate case to take away constitutional rights because no other means of accomplishing that task is available. If the government is a government of the people and for the people, there should be no need for things to be classified from the people. Worry about our plans falling into others hands? Not really, because the others either know the plans already or that we should have plans that are so fool proof that knowing them will show the other side the invetablity of their actions will lead to them losing. We don't except secrecy in information security plans, why should it be all that different for physical security plans? The information is needed for all those conserned to make an informed descision.
  • As the first Governor in the union to sign UCITA, Gilmore is a certified shit. I don't trust ANYTHING this jerk says.

  • Ummm... already in place. (Score:3, Funny)

    by FortKnox ( 169099 ) on Thursday October 18, 2001 @11:59AM (#2447023) Homepage Journal
    Do we really need another secret, unaccountable court?

    I'm assuming you aren't including the courts of judgement under the juristiction of the trilateral commission? Icarus is already watching you, and soon you'll be in the secret court of the illuminati. The US government is just trying to mimic this.

    If we could only locate the aquantus hub and destroy it...

  • Not another FISA (Score:2, Informative)

    by ardran ( 90992 )
    I reserve a certain amount of cynicism towards "The Government is Out to Get Me" and related mindsets, but FISA is one thing that scares the living fuck out of me.

    The idea that a similar court (proceedings so secret that the accused doesn't get to know the charges; has denied only *one* wiretap request in its history) is needed to deal with computer crime is nuts.

    A couple of links:
    http://www.ainfos.ca/98/aug/ainfos00031.html
    http://mediafilter.org/caq/Caq53.court.html

  • Slippery slopes and poor logic (Score:4, Insightful)

    by raumdass ( 210351 ) on Thursday October 18, 2001 @12:03PM (#2447039)

    Next time someone tries to say that the slippery slope argument is an invalid one in regards to the "adjustment" of ones liberties, remember this:

    Clinton passed the Affective Death Penalty and Anti-Terrorism act, that amongst other rather non-liberal ideas made it possible to hold a non-US citizen for as long as we like, without letting them know the charges or evidence against them, and allows us to try them in what amounts to a secret court. You combine this with the legislation passed and pending referenced in the article and it doesn't take a political scientist to see a pattern.

    So much for jurisprudence. Now we look to aim this thinking at "hackers"? We want to equate hacking with terrorism? To even mention someone damaging a computer system and killing thousands of innocent people in the same breath only serves to trivialize those that have died at the hands of real terrorists.
    So what's next? If you protest the WTO, does that make you a terrorist? How about standing up for the rights of others, or god forbid, the planet? How about interfering with commerce by say, trafficking in copyrighted material?

    Everyday I hear of more and more extreme measures to combat "terrorism". What point will there be in protecting our country if what we are left with is a government as totalitarian as those we claim to oppose?

    ~raum
  • According to the article, Rep. Vernon Ehlers (R-Michigan) [house.gov] stated: "I think hackers should also be considered terrorists and sentences that hackers get should be in line with terrorist sentences," Ehlers said.

    Probably the best thing any person can do is to contact each and every member of the House Science Committee [house.gov] who will consider this proposal. The members include:

    Lamar S. Smith, Texas
    Constance A. Morella, Maryland
    Christopher Shays, Connecticut
    Curt Weldon, Pennsylvania
    Dana Rohrabacher, California
    Joe Barton, Texas
    Ken Calvert, California
    Nick Smith, Michigan
    Roscoe G. Bartlett, Maryland
    Vernon J. Ehlers, Michigan
    Dave Weldon, Florida
    Gil Gutknecht, Minnesota**
    Chris Cannon, Utah
    George R. Nethercutt, Jr., Washington
    Frank D. Lucas, Oklahoma
    Gary G. Miller, California
    Judy Biggert, Illinois
    Wayne T. Gilchrest, Maryland
    W. Todd Akin, Missouri
    Timothy V. Johnson, Illinois
    Mike Pence, Indiana
    Felix J. Grucci, Jr., New York
    Melissa A. Hart, Pennsylvania
    J. Randy Forbes, Virginia
    Ralph M. Hall, Texas, RMM*
    Bart Gordon, Tennessee
    Jerry F. Costello, Illinois
    James A. Barcia, Michigan
    Eddie Bernice Johnson, Texas
    Lynn C. Woolsey, California
    Lynn N. Rivers, Michigan
    Zoe Lofgren, California
    Sheila Jackson Lee, Texas
    Bob Etheridge, North Carolina
    Nick Lampson, Texas
    John B. Larson, Connecticut
    Mark Udall, Colorado
    David Wu, Oregon
    Anthony D. Weiner, New York
    Brian Baird, Washington
    Joseph M. Hoeffel, Pennsylvania
    Joe Baca, California
    Jim Matheson, Utah
    Steve Israel, New York
    Dennis Moore, Kansas
    Michael M. Honda, California
    • If you are pressed for time, at least contact:
      Hon. Sherwood L. Boehlert, New York

      Chairman Boehlert's homepage is here [house.gov].
      His email address is Rep.Boehlert@mail.house.gov [mailto].

      Contact information:
      10 Broad Street
      Utica, NY, 13501
      315-793-8146
      315-798-4099 (fax)
      Toll-Free in NYS: 800-235-2525

      2246 Rayburn House Office Building
      Washington, DC 20515-3223
      202-225-3665
      202-225-1891 (fax)

  • Time for Sesame Street again. (Score:5, Funny)

    by Tackhead ( 54550 ) on Thursday October 18, 2001 @12:08PM (#2447071)
    From Wired:
    > Rep. Vernon Ehlers (R-Michigan) suggested additional punitive measures. "I think hackers should also be considered terrorists and sentences that hackers get should be in line with terrorist sentences,"

    Let's see here...

    • Scanning port 137.
    • DDOSing eBay.
    • r00ting j00r b0x3n and writing 4LL J00r B4$3 R B3L0NG 2 US on your website!
    • Flying three 767s, fully-loaded with fuel, into office buildings, murdering 6000-7000 people in the process.

    "One of these things is not like the other. One of these things does not belong."

    I'm gave up expecting wisdom out of our Congresscritters years ago. As for their ability to grasp complex technological and constitutional issues, that's also hoping too much.

    But at the moment, I'd settle for a demonstration that they're capable of understanding Sesame Street.

    • While I'm no fan of r00ting boxen, you might consider some more malicious hacking activities aimed at large companies dumb enough to trust M$ shitware. At my company we use a remote access program, Outlook, and MSIE on NT. Wow, look at all the holes! Try this list:

      Disable all desktops with email virus and cripple Engineering.

      Root a few select boxen and mess with plant paramiters.

      Root a some other select boxen and take out plant instrumentation.

      Kill the plant process computer and cripple the control room.

      Well, this might not kill 7,000 people but doing all of them at once to a chlorine plant could. Yes, that would be terrible. Done large scale, this could disrupt the economy almost as much as M$'s intentionally inflicted losses. So you see, hacking can be more devious than r00ting cable boxes.

      The rememdy is not a secret court.

      • Uh, yeah, and exactly how are you going to do steps 2, 3, and especially 4 without physical access to the company's offices? Especially to those control computers that don't have network connections precisely because they'd be a security risk?
        • Those are not steps. Though a company desktop or two would have to be owned to get to more important computers, some of them actually have modems! Anyone with a war dialer and plant knowledge already knows about them. Why bother. Owning desktops should be a trivial exploit, considering how brain dead NT, Outlook and MSIE are. This company has alowed people to install whatever stupid little screen saver, icon program they felt like. Any of those programs with backdoors can be detected by watching company web traffic and broken into. You would be supprised at what systems have network connections. I could tell you exactly how to do it for my company, but then I'd have to kill you for not being able to figure it out for youself.

          The point of my post was that "hacking" can be a little more malicious than defacing a web site, and can involve real terrorist activity. Just shutting down desktops is dammaging.

          • The point of my post was that "hacking" can be a little more malicious than defacing a web site, and can involve real terrorist activity. Just shutting down desktops is dammaging.

            True...but my point was, judging by the chemical plants I've helped design, truly life threatening damage would be beyond the capabilities of someone not physically present. Not just to own the desktop, but to get into the more critical machines in the first place. True, one could quite possibly download schematics et al to make the physical visit a cakewalk, and maybe all you'd have to do would be to install a wireless modem into a certain computer originally built without any network connections, but physical access would eventually be required.

  • What we need, and now more than ever, are laws that bind the police/FBI/CIA/NSA/whoever, to disclose all information on surveilance/monitoring to any and all persons who were subject to it, immediately when the the investigation is closed, and no longer than 5 years after it took place.

    That is in the interest of the people.

  • The reason for the FISA court is intelligence and security. I don't understand why that would be neccessary against domestic hackers. Are you saying we need secrecy against our own people? That smacks of a government not for the people and not by the people. This just sounds like more paranoid prattle that furthers someone's agenda in the wake of a major tragedy.

    I've got a good recommendation for a law. Mandatory debate in both houses, a mandatory review time, and possibly mandatory vote by the people on any law that is being pushed to increase national security in the wake of the tragedy. Yes, we need to tighten things up, but the public should be aware and able to have their voice heard above the political din. I wish we could completely trust our representatives, but they're people too, and checks and balances need to be in place to keep them from acting irrationally...and this recommendation is a fine example of said irrational acts.
  • I, for one, and appalled and disgusted that anyone would suggest that any computer hack could possibly rise (or sink, as it were) to the level of a terrorist act. I challenge the Senate to ask the people of New York if they feel that 'Code Red' is a threat of the same, or even slightly similar magnitude.

    It is an insult to the memory of all those that have died to suggest that any hacker could cause enough destruction and fear to be labelled 'terrorist' and treated accordingly. Anyone who says otherwise should be forced to try and explain their case to the family of a dead NYC fireman.

    For more in this vein (and just in case you don't hate the RIAA enough yet) check out this editorial: [yahoo.com]

  • Jesus, here we go again (Score:5, Insightful)

    by Jennifer Ever ( 523473 ) on Thursday October 18, 2001 @12:20PM (#2447132) Homepage
    So, run this by me one more time...

    We need to bend the rules to get these "hackers" because..?

    a) My AOL password is of greater importance than the guy who got shot down by the river.
    b) Current courts are too slow in dealing with hackers, who we all know move at incredible speeds, often using 5 keyboards--Matrix-style--to gain access to both secret CIA files and ICBM launch codes in a matter of minutes.
    c) Government is in the pocket of corporate America, and corporate America will never be able to convince people to hand over control of their lives and money if there's concern that someone other than the good folks at MS will have access to it.

    Well, figure it out for yourself.

    Anyway...

    The problem with laws like these is that they're pushed as being a response to a specific threat, but once in place, are never limited to dealing with that threat. So this is to protect our national security? How many "hackers" in this country are threats to national security? Wouldn't it be safer to say that the actual threat is the vulnerability in government systems? After all, if someone in America can gain access to classified information, it stands to reason that someone in China or Iraq could do the same. And what constitutes a threat anyway? Someone who gets into systems that are secured tighter than the government's is a potential threat--even though that person has never acted against the government, will they be tried and jailed as a threat to national security simply for what they can do, not what they've done?

    And does anyone in a position of power consider these sorts of things?

  • Gilmore also called for an "unprecedented partnership between the public and private sectors" in sharing intelligence and real-time information. In a nod to privacy, he recommended that Congress create a not-for-profit entity to oversee the process.

    I'm sure Bill Gates will pay everyone's salary! Really. This kind of co-operations makes me very uneasy. Setting aside the constitution and human rights in general, does this make sense? Is the government going to just trust what the private sector gives them? I don't believe it for a minute.

    The private sector will be gleeful untill they understand the obligations federal complience will put them under. This will be Nationalization, much as has happened to health care.

  • Ye Flipping Gods! (Score:5, Insightful)

    by bill.sheehan ( 93856 ) on Thursday October 18, 2001 @12:25PM (#2447161) Homepage
    What's next? An anonymous denunciation hotline for turning in your neighbors? "His attic light is on. He's probably up there with his computer again. He's one of those strange quiet types - keeps to himself. Can't be trusted."

    I'm reminded of two lessons from my wasted youth. The first was a book called, "It Can't Happen Here," by Sinclair Lewis in 1935. It chronicled the creation of a totalitarian state in America. An excellent cautionary tale, I recommend it.

    The second was a lesson I received in group dynamics from my high school theater group's director, a guy named Lou. About a hundred of us kids had gathered together in the gym, doing warmup exercises. Lou got up and introduced a new exercise. We were going to count up from one to ten, slowly adjusting our attitude and appearance from utter dejection to triumphant at ten. One... We were slumped over and suicidal. Two... we straighted a little... Three... perhaps I shall not hang myself today. And so on to a hearty, confident, triumphant roar of TEN! "TEN!" shouted Lou. "TEN!!" we yelled back. "SEIG HEIL!" shouted Lou. "SEIG HEIL!!" we roared. "SEIG HEIL!!! SEIG HEIL!!! SEIG..."

    Lou clapped his hands sharply for attention. He looked at us for a long moment. "Never forget," he said softly, "how easy it was for one man to make you do that."

    I never will.

    Remember Peter McWilliams
    • Stanley Milgram ran an experiment [otago.ac.nz] that explored this topic. The basic idea was that he took volunteers for a "teaching experiment". The volunters who were the "teachers" would agree to shock the crap out of people, simply because an authority figure told them to.


      Quoted from the link:


      When Milgram conducted the study, he found that with a little bit of coaxing, the majority (60%) of subjects would administer shocks right through to 450 volts. The people administering the shocks were not "pathological sadists" as the psychologists had described them, but normal everyday people. At this point I think I should point out that nobody actually received electric shocks... the learner was a confederate of the experimenter and was pretending to be in pain. The only real subject in the experiment was the "teacher".

      (I think I first saw this on Slashdot or Kuro5hin. Thanks to whoever posted it first.)

      • There was a similar study simulating prisons, in the 70s...I think it was done by Berkeley, or one of those schools in California. Anyway, they got a bunch of undergrads and completely randomly separated them into "prisoners" and "guards". The experiment was amazing: the guards eventually became sadistic and really mean to the prisoners, employing punishment, and rewards for good behavior...the prisoners squabbled and fought each other, became depressed, revolted. I think they had to call it off because people were becoming suicidal - completely forgetting that it was all *an experiment*, they really thought they were a prisoner, or that as a guard it was their duty to "stick it" to the prisoners...even though these were the same people that would have been studying and going out together just two weeks before. I think PBS had a show on about this. Totally fascinating.

  • Wow.. (Score:4, Insightful)

    by Mike Schiraldi ( 18296 ) on Thursday October 18, 2001 @12:31PM (#2447185) Homepage Journal
    Who would have ever thought that Mitnick got off easy?
  • Gilmore's current job as chairman of the Republican Party and his reputation of being tech-savvy -- AOL Time Warner's online operations are in Virginia -- add to his clout.

    Yeh, he sounds like a pretty 1337 d00d.

  • Where are the senior system administrators, etc? (Score:3, Insightful)

    by browser_war_pow ( 100778 ) on Thursday October 18, 2001 @12:46PM (#2447274) Homepage
    Why is it that elected idiots with law degrees are the ones that do "fact finding" for the government? Wouldn't it be easier to make good decisions that will get respect and not create strife by having experts in a field make the suggestions only?

    Usual comments about them not caring don't necessarily apply. Any good congresscritter wants respect and very bad proposal like this certainly does not engender such a sentiment in our country among the electorate
  • I mean - how technologically advanced do these terrorists seem? They are trained in mountain camps for hand-to-hand combat and they have to have some chemistry education to make explosives, but there is a pretty steep learning curve for anyone who wishes to do more than DDOS some websites.

    The computer security industry has major players in the U.S, Europe, Australia, South America and Canada but how much input comes from the Mideast? I know of no computer security companies in that region - someone please enlighten me if I am wrong.

    I am not saying that our systems are not vulnerable - they obviously are. But how likely are terrorist groups to have the requisite clue to make real use of those vulnerabilities?

    • They weren't trained to fly 747's in their mountain camps. They were trained in America. What's to stop them from coming over here and taking classes at colleges.

      They aren't stupid people. Definitely misled, but far from stupid. They are humans and have the same capacity to learn like as we do.

      They may not have the capabilities today, but I think 9/11 has taught us to expect the unexpected. We can't wait for them to disable a major cities telephone service, because they would most likely do it to prevent communication during a physical attack. It would me much worse if they could gain remote control of a satellite or the major fiber lines running across the country.

  • None of the articles indicate what problem this is supposed to solve.

    From the problems we're having now, it might be necessary to prohibit anonymous paper mail. This is quite possible. All mail would bear digitally signed stamps, bar-coded stamps. [stamps.com], which are available right now and are accepted by the USPS. ("Stamps from your printer!") Retail outlets that sold stamps would have to authenticate buyers, perhaps using Ellison's new ID card.

  • is the word "Cyber". Maybe we should get an iTechno-X-Court. Anyone who can say "cyber-court" without snickering, dripping sarcasm, or making finger quotes does not deserve our ears.
    If anything, /. needs to be the hacker court, moderating good hacks up, and bad hacks down. For example, I saw an ASP reference site where someone had done a global find and replace, s/default/defect/gi
    This should be modded up. Media, and politicians especially, don't make the distinction between hackers and crackers. If someone breaks into my machine and just plays around, doing harmless things, then I'd be interested in emailing this person to ask how they did it, not prosecute. If they did something malicious, then yes, they need some punishment.
    I believe most people in Congress are techno-phobes, (all with websites, most likely) and are using this tragedy as an excuse to take power away from the people. Personally, I would vote for a techonophile over an older man, regardless of party affiliation, because they wouldn't suggest stupid things like "cyber-court" or crypto-backdoors.
  • The newly-established kangaroo court convicted three wallabies.


    This was all supposed to have been settled in the 13th century, under the terms of the Great Charter. Mind you, a later king's refusal to honor that same charter led to the eventual independence of the northern part of a well-known continent, which then took that charter, simplified it, and turned it into it's own Constitution.


    The score so far: King John - Nil, Civilization - 2.


    I don't know who's "right" or "wrong" on this issue, and I don't particularly care. If it happens, it happens, and if it doesn't, it doesn't. What I think isn't worth a damn. All I know is that, historically, certain decisions are made, time and time again, all with much the same results. Nobody -has- to explain anything, but I would really like it if someone could tell me why this time should be any different.

  • Let us define the function F(X, Y), where X is the current economic climate, Y is the pressure on the economy and the output of the function F(X) is the likely future economic climate.


    Let us now define X as "depression", and Y as "perceived hostility to technology || actual hostility to experimentation || actual hostility to cottage industries".


    What is the probable value of F(X, Y)?

  • are they going to be responsible for coming up with the 'double secret probation'?
  • &nbsp&nbsp&nbsp&nbsp&nbsp The poster (hillct) and Slashdot employee Michael state that

    "Most disturbing among these recommendations was a call for "Establishment of a special 'Cyber Court' patterned after the court established in the Foreign Intelligence Surveillance Act [FISA]." . . . . Do we really need another secret, unaccountable court?

    I am a lawyer-shyster. I think that hillct and Michael (in addition to everyone mentioning the term "Star Chamber," a synonym for a secret trial) may have overreacted or misinterpreted this news. First, secret trials contravene the U.S. Constitution. Any statute (federal or state) purporting to empower a court to hear and decide crimial liability in secret would be unconstitutional. A judicial hearing is not a trial, however, and the hearings contemplated under FISA are only those relating to whether law enforcement agents may surveil a particular communication or party/parties.

    &nbsp&nbsp&nbsp&nbsp&nbsp And secrecy in the judicial branch is not always undesirable. Nearly ALL grand juries meet, hear evidence (while a judge presides), and deliberate in secret. But they make no determination as to criminal liability. They simply indict (or fail to indict), a step necessary to having a person tried. Secrecy in certain judicial proceedings is absolutely necessary -- secrecy is not always undesirable.

  • What all of these proposals miss is the incredible service that "nuisance" hackers and virus-writers perform.

    Imagine if Osama bin Laden, or the "evil" terrorist or dictator of your choice, had spent a few million dollars developing a really dangerous version of Code Red or Nimda, and released it before those security holes had already mostly been closed as a result of more benign attacks.

    A truly dangerous virus would remain fairly dormant, attracting little attention, until it had spread widely. It would then attack with the most devastating attack possible, which probably means deleting all files it can find. If it was really smart, it would figure out a way to compromise backup data without being detected, so that recent backups would be useless. An attack like this could cripple technological nations and cost trillions of dollars to recover from.

    A truly dangerous virus like this is a little more difficult to deploy now, thanks to Nimda and Code Red. In other words, the cyber-equivalent of the World Trade Center tragedy has been at least partially averted, but without truly serious cost. In fact, rather than try to stamp out hackers (crackers), we should wish for a real-world equivalent - petty criminals who could have forced us, prior to Sep. 11, to close some of the enormous holes in security and strategic thinking that made the attack possible.

    The real issue should be what the hackers actually do. In real life, small crimes (misdemeanours) such as defacement and minor vandalism get small penalties. The danger in cyberspace is that fear leads to an environment in which any cybercrime, no matter how small, is punished extremely. If this approach succeeds in inhibiting petty cybercrime, all this will do is open up huge loopholes to be exploited by those with a more dangerous agenda.

  • Gilmore is my Governor (Score:3, Informative)

    by ca1v1n ( 135902 ) <snook.guanotronic@com> on Thursday October 18, 2001 @03:43PM (#2448362)
    He won the election because he promised eliminating the personal property (car) tax. This is a local tax, which he was going to reimburse the localities for out of state funds coming from the temporary budget surplus. This means that localities with a high personal property tax, generally the rich ones, get more money, while the poorer localities get the shaft, as they always have. Now we have a budget crisis in Virginia.

    Whatever Gilmore claims about being tech-savvy is a load of BS. He's politically savvy, and he tried to get through a bunch of laws that would give Virginia jurisdiction over the whole internet because of the traffic that gets routed through Northern Virginia. The man wants power and knows how to get it while convincing a lot of people they'll be better off for it.

    Curious why Gilmore would be interested in more police powers? Because he's being groomed to be the next Attorney General of the US. I'd personally prefer him over Ashcroft because he doesn't seem to harbor any ethnic biases, but that's about it. Watch out for this man. You'll probably hear from him again.
  • Treating computer "viruses" and "hacking" as "weapons of mass destruction" is absurd. The destructive power of computer viruses is a myth. In reality, critical systems are usually embedded and well-protected. The Windows desktop computers and web sites that are compromised by the millions by viruses and hackers are generally easily restored. If particular systems are critical, their owners could protect them with little more effort than that required to have a lock on their front door, something any reasonable person would do.

    This is just a long range in a long series of poor judgements in public policy. Horrible as the WTC attacks were, most people are not at risk from those kinds of attacks. Anthrax is not a pleasant disease, but it is common in many countries and easily treatable in most cases. The hysterical reaction to terrorism and resulting policies in the US is causes more damage than the terrorism itself.

Slashdot Top Deals

It is easier to write an incorrect program than understand a correct one.

Close