Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
The Courts Government News Your Rights Online

Oregon Supreme Court Declines To Hear Schwartz Case 327

Posted by timothy from the merry-christmas dept.
merlyn writes "The Oregon Supreme Court declined to hear my case, leaving standing the unfavorable decision of the Oregon Appeals Court as the final authority on this eight-year-long case, well known to many sysadmin and Perl hacker alike. Details at my fors-announce posting." If you're not sure what that means, you probably want to read at least this site which offers a straightforwardly partisan look at the complicated case of Intel vs. Schwartz as well as Schwartz's own page; it's a strange world where programmers and sysadmins can be convicted for seemingly innocent activities.
This discussion has been archived. No new comments can be posted.

Oregon Supreme Court Declines To Hear Schwartz Case More

Oregon Supreme Court Declines To Hear Schwartz Case

Comments Filter:

  • Seemingly innocent activities? (Score:1, Flamebait)

    by Anonymous Coward
    I'm sorry, but cracking is NOT an innocent activity. He should fess up for his actions and accept the punishment, end of story.
    • cracking with intent to do harm is definately not an innocent activity. If it is done with good intentions that in no way cause problems, perhaps it is not so evil.

      example... if the government hired someone to crack al qaeda systems it would be considered patriotic, or maybe even heroic by some. there would be very few people considering this a felony.

      this is just an example of someone doing something that the people with the $$$ doesn't like, and using the "justice" system to their advantage.
      • If the government hires a hacker or cracker to perform his skills against a foreign enemy it's called intelligence operations or information warfare. Just like the US Government hires tens of thousands of young Americans to kill others. That's why those in the armed forces don't get charged with murder when they drop bombs.
      • Cracking terrorist systems is not a fair analogy. Mr. Schwartz did the cyber-equivalent of forcibly entering a locked room in his employer's building with a sign on the door that says "Authorized Peronnel Only", just so he could get his email quicker.

        I do believe the court overreacted in the penalty phase of the trial. IMO, it should have been more like a B&E conviction. Mr. Schwartz' cooperation and apparent minimal moral terpitude (he admitted he knew it was wrong) should have earned him some mercy from the court.

        The lesson here for the rest of us: "You have the right to remain silent". Once you're in an interrogation, the cops are hardly ever your friends. Those cops screwed him just like Sipowicz does his "skellz" every day.

    • Right, except.. (Score:2, Interesting)

      by mindstrm ( 20013 )
      He didn't break into anything.

      He ran a brute force crack against some password files that he *did* have legit access to, if I remember correctly. That's ALL he did.
      • Apparently he didn't get OK from management. Now if he didn't ask, what are they supposed to think? They have a lot of sensitive files that even the sys admins aren't supposed to look at.

      • Re:Right, except.. (Score:2, Informative)

        by gclef ( 96311 )
        Not true. See the link to an affidavit in my earlier post. One of the passwd files he was running the crack against belonged to a company that he was no longer employed by (his contract had run out several months before).

        Yes, they left his account active, which was their mistake. No, that does not give him the right to log in & crack their passwords.
      • You remember incorrectly, which is why he admitted he was wrong afterwards.

        Now ... should he've been convicted of three felony counts? Probably not, but there's undoubtably more history here. Intel normally would handle such stuff internally, I'm sure. It seems pretty clear that there were already bad feelings. Hell, I know plenty of Intel folks, including hackers much more on the ball than Randal (part of his problem being ego), and they don't seem disturbed. This is not how Intel normally handles such things. Note that there's been no avalanche of follow-on persecutions of supposedly-innocent people.

        So, it is safe to say that Randal pissed off some folks at Intel in a very, very major way before this incident, and that afterwards they decided to chew his nuts off.

        And did so.

        • Re:Right, except.. (Score:2, Interesting)

          by Hexi-Mage ( 466442 )
          In a radical departure from most Felony crime definitions, this one doesn't require showing any damage or criminal intent (both absent in this case). In this Computer Crime law, legislators replaced the usual criminal intent element with a "...for personal gain" clause. In an amazing feat of legal gymnastics, this clause was apparently satisfied by Mr. Schwartz' open admission that he expected his employer (Intel, the victim) to appreciate and reward his unauthorized efforts to help improve their security. Thus, his intent to help the 'victim' was key to successfully making a felon of him.

          While it's clear that Mr. Schwartz made mistakes, and that they are particularly obvious mistakes in today's atmosphere, they were mistakes well within the bountries of socially positive 'common practice' in earlier times.

          When 'wizards' saw or suspected a problem on any system that they were associated with, and it was within their power to 'fix' it easily, they did so, regardless of whether it was their job or not. They were rarely chastised and often praised for behaving this way.

          There are several practical lessons every computer professional in Oregon should learn from this case:

          1) The Computer Crime law is so broad that it's easy to violate unintentionally, and avoiding doing so at all costs may sometimes conflict with what you see as the best interests of your employer. In these cases, pull back emotionally a bit and think what the real consequences are to you personally. If policy doesn't let you do a good job, let management know. If they don't care after you've explained it a few times, document your concern and then let it go.

          2) Stay beyond even the appearance of impropriety. If you're doing something that may look weird, let potential witnesses know in advance what you're up to. If you don't actively communicate, and it looks like a crime, your employers will probably call the police instead of asking directly for an explaination. Once the police are called, you start losing. The least damage you can hope for is some professional embarassment, and the mess can accelerate quickly into complete disruption of life and career. It's much easier to avoid raising unfounded suspicion than to quell it once it's been raised.

          3) Remember that, ultimately, the police work for more for the prosecutor than 'the truth'. Their job is not to find the truth, it's to collect as much evidence as possible that you're guilty, whether you are or not. Once they start looking at you like a suspect, shut up. Don't try to explain what really happened without consulting a lawyer. Mr. Schwartz freely answered all their questions which, taken out of context, supported his conviction.

          4) If case goes to court, realize that all the jury needs to hear is "blah blah blah, computer crime" and they'll convict, even if they don't understand a word of it. If you feel like crying, read the transcript of the prosecutors case devolving from mild incoherence into a completely meaningless string of buzzwords, and still getting a conviction.

          http://www.rahul.net/jeffrey/ovs/cs2.html

          The real unanswered (and mostly unaddressed) question left over from the Intel/Schwartz case is: Why did Intel continue to push for prosecution, once it became clear they had over-reacted? Possibly just for CYA (cover your ass-ets). Intel security freaked when they noticed randal was running the 'crack' program (a standard tool for both good guys and bad guys). They called the police, who got a warrant and searched Schwartz' residence for signs of IP theft (there were none). Intel representatives went in with the officers and helped with the search, which was argueably improper. At that point 2 things probably became clear: Schwartz wasn't up to anything nefarious, and Intel might have legal exposure for damaging Schwartz' reputation and wandering into his house on the coattails of the police. Since it was never revealed who at Intel decided to press for prosecution, we'll probably never completely understand their motivations.
    • As I understand it, the "cracking" in this case was a test to verify that people were following the password policy that the company's management had published. The only way you can possibly verify that such a policy is being followed is by running a password cracker against the password file(s).

      What the company was saying, in effect, was "Yes, we have a policy, but if anyone attempts to verify that we are following it, we will have them arrested and tried for criminal activity."

      The Oregon courts seem to agree with this.

      Meanwhile, of course, the word has probably gotten out to the real criminal types that Intel is actively making sure that there are no internal audits of the safety of their passwords. It doesn't take a genius to figure out the likely consequences of this.

  • What is the case about? (Score:2, Insightful)

    by alen ( 225700 )
    What exactly was he charged with doing? While I'm not familiar with the case I know that as an employee you are paid to perform certain services for your employer and to respect their property. The employer and the law draw the line in the sand and an employee should keep any experimentation not having to do with work onto their home network. I would personally get written permission before doing anything that can be construed as illegal or suspect on my employer's network.
    • it seems as if he was framed.. there's probably a lot of background that isnt being shown here, maybe him getting too snotty with administration, or jealousy over his uber-l33tness, or possibly an alien conspiracy. either way, the courts are definately not going to let him go, oregon is notorious for two things: hippies and guns, both of which keep authority in the wrong hands. anyone hear about the $30mil campout at university of oregon? my god that was dumb. point being, he's screwed. poor guy.

    • Re:What is the case about? (Score:5, Informative)

      by rendler ( 141135 ) on Sunday December 23, 2001 @11:09PM (#2746074)
      http://www.mega.nu:8080/batf/www.boogieonline.com/ revolution/science/schwartz.html [www.mega.nu]:

      While working as a consultant with multinational microchip manufacturer Intel Corporation, Schwartz set up two ways of checking his Intel email via the Internet, and in an attempt to verify the security of one of Intel's computers, he ran the "crack" password-guessing program on an Intel password file. Intel considered the Internet access a security breach, and the password crack to be theft of sensitive information.

      In March 1994, Schwartz was indicted on three felony counts of computer crime under Oregon state law. He was convicted in July 1995, and sentenced in September 1995 to 5 years probation, 480 hours of community service, and 90 days jailtime (which may be dismissed for excellent behavior). Intel is also seeking $72,000 restitution. Schwartz has spent over $130,000 on his legal defense, most of it his own money, with additional contributions from individuals and organizations on the Internet.

      • Like I said in another post. Apparently he didn't get the OK from management to do that little stunt. Where I work we need the approval of the Director of IT and sometimes the VP of IT in addition to maybe some programmers just to reboot a server or install software.

    • Re:What is the case about? (Score:5, Insightful)

      by YU Nicks NE Way ( 129084 ) on Sunday December 23, 2001 @11:50PM (#2746195)
      There's a good summary at the SANS Institute [sans.org] site. Schwartz did three different things: (1) installed a backdoor in a firewall, (2) did an unauthorized password scan, and (3) used one of the passwords he obtained through this scan to log into a system to which he should have had no access. He then copied the /etc/passwd file off that last machine, apparently to run an attack against it, as well.

      Even a cursory review of the documents in the case make it clear that he wasn't framed, that he actually did the things he was charged with, and that at least one of the activities with which he was charged was not only unauthorized, but had been explicitly forbidden by his managers. He had been ordered to take his gateway down at one point. He did so, waited a few days, and then brought an equivalent service up on the same machine under a different name. (See this site [ods.com.ua] for some more details.)

      In my opinion, what he did was certainly grounds for dismissal, and almost certainly technically criminal. That said, I think the district attorney was unwise to pursue the case against Schwartz, since the damage done to his reputation just on the basis of what is clearly the case would have been punishment enough. Even without the convictions, no major site will ever touch him again: security geeks are dangerous, and the last one you need is one that won't obey the policies about what he or she may attack at any given time.

  • Huh? (Score:1, Redundant)

    by GigsVT ( 208848 )
    I have to confess that I am not too familiar with this case. The links in the story weren't too helpful either.

    Apparently he messed around with some Intel servers? Was he employed by them at the time?

    Can anyone give me a quick summary, someone who is more familiar with the case?

    Also, is Schwartz in jail now? You get /. in jail? :)

  • and since when is... (Score:5, Insightful)

    by Anonymous Coward on Sunday December 23, 2001 @11:07PM (#2746068)
    ...cracking passwords an innocent activity?

    You know... most everyone I know who has followed the case seems to agree that the only reason you got in trouble to begin with was because of your inability (some call it emotional ignorance) to communicate properly with the admins within Intel.

    Still, all in all, I believe you've managed to do well for yourself. Written a couple of books, entrenched in the perl community, regular magazine article contributer, etc. You should feel lucky that you did not do any time in "pound you in the ass" Club Fed. You *should not* feel that somehow it's your god given right to have this little blight on your history removed (and to be honest, do you know *anyone* of any note or repute that doesn't have a bit of netorious past?).

    So, just get over it, continue to pay off your legal bills (and that's really that this appeal is about, right?) and get on with your life.

    • Re:and since when is... (Score:3, Interesting)

      by Anonymous Coward
      > ...cracking password an innocent activity?

      Well the answer to that is when the cracking is not being done to secure access to the systems in question.

      Having a key to a safe shouldn't be a problem. Opening the safe and removing contents is a problem.

      I have been in very much the same situation as this in the UK. Although I was not running crack myself a friend of mine was, and was using my account to do so. His interest in doing so was mere curiosity to see what percentage of passwords could be cracked.

      At no time were any of these cracked accounts used for anything and as far as I can tell from the reports neither did Randal.

      This point was what resulted in my case being dismissed.

      Cracking passwords is a potentialy suspisious activity and Randal was bloody stupid for doing it on company machines but until the accounts are used this should not be a crime.
      • I suspect if you were caught trying to crack into a bank vault you'd be thrown in jail whether or not you actually intended to steal any of the money inside.

        "His interest in doing so was mere curiosity to see what percentage of passwords could be cracked. "

        Well now he knows what the consequences of his curiousity is.

        A child may have been left off because they don't know any better, but adults are supposed to understand the boundaries of acceptable behavior.
        • " I suspect if you were caught trying to crack into a bank vault you'd be thrown in jail whether or not you actually intended to steal any of the money inside. "

          Enough with the stupid analogies. They don't apply in this case.
          • I'm sorry. I didn't mean to totally shred your stupid argument with a simple analogy.
            • You were nor arguing with me. I told you to cut out the analogies, somebody else was arguing on the thread with you.

              You may not realize this but on public forums like this different people may join the thread and make comments. you should look at the names before you shoot off your mouth perhaps.
    • What cynical tripe! Not ONE OF US is safe as long as the courts act this way and the laws are stacked like this. The "Patriot" Act has made it much worse. Now the prosecution can, at its discretion, claim you are a cyber-terrorist! Wake up and stop sniping at the victims before you become one of them.

  • I know how he feels (Score:2, Interesting)

    by GombuMstr ( 532073 )
    I know exactly how he feels this is currently happening to me. One of the charges was dropped in the prelimary hearing. The owner of the server learned the hard way that permissions/Logon banners/Policies are critical if you want to prove that the person did not have permission. I read his case thoroughly when I was first charged and found some items that were the same.
  • Certainly the law is far too broad, but this is merely a side effect of the drafters not having any idea how it might be applied. I wouldn't go so far as to say the drafters had no technical knowlege (because I have no idea if they did) but certainly they had only a vague idea of what specific crimes that cover within the legislation.

    That said, Randall should have been more careful and Intel should Intel should have acted more wisely. Certainly a contractor messing with a client's password file without security consulting requiring 'complete network access and authority to alter' should have such things explicitly spelled out in his contract. It is truly disappointing though, to see that the appeals court will have the final say in this matter.

    --CTH

    • Re:The law is too broad, but Randall should have.. (Score:5, Insightful)

      by topham ( 32406 ) on Sunday December 23, 2001 @11:34PM (#2746165) Homepage
      Unless specificly authorized in his capacity as a consultant he never should have touched the password file.

      As a consultant you may be in the situation, on a daily basis, that you have access to information which is not yours to do anything with. Thats the nature of the beast, don't screw with it.

      As a consultant I have access to data on the customers of my clients. That data is confidential. Unless specificly using the data for testing I have zero right to that data. Even if it is in the database I have access to, and available to me based on my access privledges.

      Having access to data doesn't mean you have the right to that data.

      • Re:The law is too broad, but Randall should have.. (Score:5, Informative)

        by dhogaza ( 64507 ) on Monday December 24, 2001 @01:06AM (#2746338) Homepage
        Hear hear. I've been in this position and I always have asked, too.

        Not because I live in the state of Oregon but because it is the right thing to do (and my knowledge of right and wrong far predate the law in question).

        I think the major problem with Randal was that Intel had no idea of what he was actually doing, found out, freaked out. Freaki
        ng out was a reasonable response.

        The fact that the freaking out resulted in a criminal charge and conviction is unfortunate. Washington County (where Intel's Oregon facilities are located) is far, far more conservative than Multnomah County (where Portland, OR is mostly located). In Multnomah County some sort of non-criminal solution would've been the result, most likely.

        The Appeals Court and Supreme Court, though, don't rule on whether or not the conviction is "reasonable" but whether or not the conviction meets the test of law.

        That's not unreasonable, that's how judicial review is meant to work. The law as written is unreasonable, but not unconstitutional and therefore no constitutional grounds for overturning the conviction exist. There's no doubt about the evidence, so there's no evidenciary grounds for overturning the conviction.

        So ...

        1. Randal sinned in a relatively minor way, but sinned nonetheless.

        2. Intel and a hard-assed Washington County prosecutor decided to go after him in a major way (makes you wonder about past interactions, doesn't it? I would think that a single well-placed manager could've derailed this train if she'd thought Randal deserved grace).

        3. The law doesn't violate the Oregon or Federal Constitution (nor your state's, most likely). Therefore the Court of Appeals and Supreme Court, whatever their private view of the overreaction resulting in his conviction, have no basis for overturning it. (of course, they may actually want him to burn at the stake, but we don't know that, the Oregon Supreme Court is actually fairly liberal).

    • Re:The law is too broad, but Randall should have.. (Score:4, Insightful)

      by phred ( 14852 ) on Monday December 24, 2001 @12:24AM (#2746252)
      For years now we have been reading comments about What Randal Should Have Done.

      It's easy to be critical from a distance. But before you're too smug in your assessment, walk a mile in his shoes, or in today's terms, sit for an hour at Randal's shell prompt. Many of us do every single day.

      Randal was doing pretty much what many sysadmins do as an ordinary matter of course: secure and protect the systems they are responsible for. It's the job they're hired for, you know?

      I've always felt that this amounted to a personality clash that spun out of control, bruised the ego of an Intel senior PHB, and then completely escaped from reality when it was referred as a criminal matter to the local gendarmerie.

      Unless you live in or next to Washington County, Oregon, as I do, it may be hard to understand the pressure that develops when the local cops get a call from the largest employer in your area and the most powerful company in the state.

      I remind everyone here that Randal was an Intel contractor with a one-line contract that basically ended up being interpreted in a completely arbitrary way.

      Randal would be the first to say he did some things that weren't wise, but there was never any intent of illegality or damage to his client, the mighty Intel Corporation.

      Intel has rightly gotten a big old black eye over this entire episode, at least among those who bother to learn the details, and at least as far as I know has not repeated this stupidity.

      Randal has managed to keep going, dealing with an onerous legal case, the threat of jail, an extraordinarily out of whack fine, and daunting legal costs.

      The Oregon law that all this hooked on is widely regarded as badly written and prone to misuse (I've written some Oregon law in my time, not in this particular area, and it's easy to see how this happens in the legislative process).

      The gross sense of disproportion is the lesson I have learned from this sorry episode. It is sobering for any of us who take on sysadmin duties under any circumstances. As security becomes an ever more complex and consequential issue, that is a lesson everyone should take seriously. Just because you are doing the best you can, all of us have our flaws. What protection do you have if someone decides to settle a grudge with you and have the full weight of an ill-defined law and an immensely powerful legal apparatus thrown on you?

      Good luck to Randal. He handled this with a lot more diplomacy and good cheer than many of us would probably have mustered.

      --------

  • Oh Please (Score:5, Informative)

    by Laplace ( 143876 ) on Sunday December 23, 2001 @11:11PM (#2746083)
    Randall Schwartz was doing some shit that Intel didn't like. It also happened to be illegal. Intel asked him to stop. They asked him nicely. He didn't, and Intel had him prosecuted. Randall Schwartz made his own bed.

    Flame on.
    • >Intel asked him to stop. They asked him nicely.

      I'm just curious where you got that information?

      • From Randall's own web site. I spent a lot of time there reading about the case. Granted, up not up to date on the most recent postings; it has been at least a year since I have read about it.

  • Innocent Activites?! (Score:5, Informative)

    by gclef ( 96311 ) on Sunday December 23, 2001 @11:13PM (#2746085)
    You must be joking. He was caught cracking the passwd file for Intel and O'Reilly without their permission. His activities were anything but innocent.

    Some background from the other side: an affidavit from one of the Intel folks is here:

    http://www.lightlink.com/spacenka/fors/police/inte lrep.txt [lightlink.com]


    Basically, he cracked more than one companies passwd file without permission...one of them was a company he'd been dismissed from earlier (he was still logging into their machines and was cracking their passwd file,too).

    Personally, I'm not at all surprised that they threw the book at him.

    • Re:Innocent Activites?! (Score:5, Interesting)

      by sinnergy ( 4787 ) on Monday December 24, 2001 @02:31AM (#2746518) Homepage
      Well, that's certainly one way to look at it, isn't it. However, things aren't that simple. You and I both know that. Anyone who has had the opportunity to hear his side of the story in person knows it goes a little deeper than that. I had the privelage of hearing him speak at Ic0n hear in Cleveland earlier in the year and again at Phreaknic in Nashville.

      Yeah, he isn't completely blameless and he doesn't claim to be. However, he's being railroaded on some serious charges. If you know the laws he was tried under you know how vague and broad in scope they could be. Under those laws and a liberal interpretation, I would be unable to effectively do my own job.

      So, in short, let's look at both side of the story here. I encourage anyone who will dismiss Schwartz right off the bat to hear his side of the case.

      He's a pretty nice guy, to boot. A hacker's hacker, if you will.

  • America, why bother? (Score:2, Interesting)

    by Mongoose ( 8480 )
    I'm not posting this as an AC b/c this is _my_ opinon, so don't read further if you feel you may be offended by grammar, content, and spelling...

    I think America isn't any better than China as far as my profession of programming is concerned. Sure we have a few more civil liberities, but the way lawy enforcement works here still stamps out any dissant agianst the 'masters in the house'.

    The government is just a lacky for corporations these days, as the Adobe, intel, and other cirus shows. DMCA, anti-terror, and other acts are just smoke screen for control of the populis.

    How much longer can America keep going? America only has a military and an economy going for it -- and one of those is faultering. I can't believe the government recommending "go out and buy" to "save the economy". Capitialism isn't a one sided equation -- companies should suffer for poor investments and managment. ( The Enron's, S & L's, etc )

    I'm planning on moving to a nation that's 'worse' in many eyes already. I know their aren't any utopias, but hell if I'm not going to look for options. They want to take away my guns, computers, and now my 'inalienable rights'.

    It makes me sick to think about it all. I have black hair so I should get hassled. I have knowelge so I should be arrested. I have a dissanting opinon maybe I'll be hung.

  • Don't do anything without written permission (Score:5, Insightful)

    by mttlg ( 174815 ) on Sunday December 23, 2001 @11:15PM (#2746096) Homepage Journal
    Ok, so in Oregon it is a crime to "unlawfully, knowingly and without authorization alter a computer and computer network." The obvious solution here (for people working on computer networks in Oregon) is to obtain written permission from the appropriate authorities before altering a computer and/or computer network. Print up forms with the full text of the appropriate laws and give them to the appropriate people. Whenever you need to do anything, request permission in writing. If they complain, have them provide authorization in writing for performing specific common tasks at the discretion of the individual, but keep requiring written authorization for anything else. If the law really is as broad as it is being described, there is too great a risk of prosecution to do otherwise, especially if you deal with security testing. Either get permission or don't do it - there's no sense putting yourself at risk to do something that the network's owner probably won't care about anyway.
    • Yeah, but suppose we reach the point where M$ has altered its Windows license agreement again to the point that they state that you are in legal violation of the license if you remove it or replace it with Linux, or configure it oddly by adding third party products to certain parts of it that THEY consider an OS (and by extention, may be considered part of the "computer network" or "computer" as an OEM might define it, especially if .NET is considered by them to be part of the OS and therefore part of the "computer network"), such as replacing IIS with Apache 2.0...

      Then basic system manipluation of YOUR box becomes illegal, because Windows has declared YOUR box part of ITS computer .NETwork. The vocabulary here is restrictive to individual rights.

  • Some useful info (Score:1, Offtopic)

    by sasha328 ( 203458 )
    It seems that this guy stole some PERL scripts and password files using a hole in IIS using FrontPage from some news website. Here is a link [kellybreed.com] I found while going through the not very helpful links in this thread.
    I hope people don't confuse the security flaws in IIS with code theft. Code theft is "stealing" regardless of how you got to it.

  • Schwartz used bad judgement, nothing more. (Score:4, Interesting)

    by Schwarzchild ( 225794 ) on Sunday December 23, 2001 @11:17PM (#2746107)
    IIRC from one of his web sites [lightlink.com] he pretty much describes all of the events that led up to his being arrested. He is honest about the fact that his contract at Intel's Supercomputer division was about to expire and he was trying to find a reason for them to continue to keep him employed and he decided to use their weak computer security as a reason for them to continue to use him as a contractor. Unfortunately, he wasn't an admin and he didn't get permission to crack the passwords. So when the admin found out that Schwartz was running Crack he informed the security guys at Intel.

    Also IIRC it seemed like Intel management wanted to handle it differently than Intel Security which called up the Sheriffs office, I think, to have Randal arrested.

    IMHO he only used really bad judgement and is obviously not a cracker bent on maliciousness.

    I think it's too bad that the courts came down as hard as they did on him. At least he's not still in prison.

    • I don't see how it matters if he was malicious. It seems he's been convicted, but is not going to be serving a long sentance in jail, so maybe he should feel lucky. I was an intern at Ford this summer, and I'm sure if I decided to demostrate to them that they should hire me by cracking the passwords of executives I would have been arrested and charged with a crime.


      This case ended exactly as it should have

    • >Unfortunately, he wasn't an admin and he didn't
      >get permission to crack the passwords. So when
      >the admin found out that Schwartz was running
      >Crack he informed the security guys at Intel.


      In other words, intel security was a lot better than this wannabe suspected . . .


      hawk

  • Companies like Intel who pursue such ill-advised prosecution should not be financially rewarded for their misbehaviour.

    Buy AMD instead of Intel. Tell everyone you know to buy AMD instead of Intel. If you are in a position to influence purchasing decisions, make sure it is AMD.

    The only message these companies are going to understand is one that hits them in the pocketbook.

    BTW, the same goes for Adobe.

  • bad decision, but... (Score:3, Insightful)

    by markj02 ( 544487 ) on Sunday December 23, 2001 @11:20PM (#2746114)
    Sounds like a bad legal decision and it reflects poorly on Intel. But one thing to keep in mind: workplaces are all about politics. People who play their cards right seem to be able to get away with murder. People who hack and don't shmooze, on the other hand, are very vulnerable. If you are of the latter persuasion, do things completely by the book and get permission for anything even remotely out of the ordinary in writing.
  • Oregon Supreme Court declined to hear my case, leaving standing the unfavorable decision of the Oregon Appeals Court as the final authority

    I'm sure merlyn/Mr. Schwartz has allready discussed this with his council, but of course the supreme court can take the case and over-rule the state court, the plaintive cries of certain states rights activitists notwithstanding. That's not going to happen, which basically means we need a political solution.

    Individuals in Oregon can contact their governor [state.or.us] individually, although such petitions are, unfortunately, unlikely to work.

    Some form of organised lobbying - from an oregon based trade organisation of engineers or programmers, mayhap? (I'm a biologist) - might successfully generate a pardon, or at least get the law struck from the books. Certainly, I think it's a legitimate avenue for such an association to act, since the oregon computer crime law (which I can't find under that title but which is somewhere here [state.or.us]) obviously opens its membership up to wanton and unjustified prosecution.

    Although Intel is likely to announce that it's a criminal trial and Intel cannot drop charges, we could bring pressure to bear on Intel. I only buy AMDs anyway, but a threatened slashdot-sponsored boycott, if everyone on slashdot is as convinced of his fundamental innocence as I am, might scare them a little.

    More than likely the poor slob is screwed.

  • *Seemingly*??? (Score:4, Redundant)

    by autopr0n ( 534291 ) on Sunday December 23, 2001 @11:34PM (#2746166) Homepage Journal
    I'm sorry, but at first blush what he was doing would not seem inocent to anyone. He was cracking passwords, and sent out some VPs password to other people. He was also not a fully employee and didn't authorization to do what he was doing.

    He may not have meant any harm by what he did. And when you look closer you can see that. But what he did does not seem innocent in any sense of the word.

    Yeh, now mod me flamebait like that first post AC. God forbid we should go against the Editors

    (btw, sorry this post hasn't been spellchecked. I'm away from home and my spellchecker)

  • Overview Mirror (Score:5, Informative)

    by corby ( 56462 ) on Sunday December 23, 2001 @11:49PM (#2746189)
    The hyperlink in the story to the overview of the Schwartz case is responding, "User over daily limit".

    Use the mirror here [lightlink.com].

  • Site's down. Try this one... (Score:4, Informative)

    by evilviper ( 135110 ) on Sunday December 23, 2001 @11:50PM (#2746192) Journal
    Pulled Straight from Google's cache: http://www.google.com/search?q=cache%3Awww.rahul.n et%2Fjeffrey%2Fovs%2F

    Intel v. Schwartz

    Intel's Prosecution of Randal Schwartz

    Cybersalem [slashdot.org]|
    &nbspPress [slashdot.org]|
    &nbspWhat can you do? [slashdot.org]|
    &nbsp [slashdot.org]
    Kevin Mitnick on Hacking
    Note:
    The Open Letter to Intel closed to new signatures
    on October 4, 1999.
    Thanks to all who have signed!

    Geek Kahuna Goes Bad?


    It began prosaicly enough.
    Randal Schwartz, who I knew from Usenet and his
    very successful books on the Perl language,
    was on business in Silicon Valley and agreed to meet me at
    Frankie, Johnnie & Luigi Too,
    an Italian restaurant in
    Mountain View CA, to offer me advice for a program I was
    writing.

    It might seem surprising
    that Randal would agree to take time
    from a hectic schedule two weeks before going on trial to give
    what amounted to free consulting to a stranger.

    However, those who
    have been interested in the Perl language for a while
    know that Randal
    is a legend for his generosity.


    Actually, I didn't know Randal was going on trial in two weeks.
    I had heard rumors that he had some sort of legal difficulties
    (a civil suit I assumed) which involved Intel.
    I'd known many people with matters before the
    courts, some close personal friends,
    and few liked to discuss them.
    Therefore it was not until
    Randal had fielded my Perl questions, the talk
    turned to minor chit chat and Randal unexpectedly proved
    willing to discuss the matter that

    I discovered the person I was drinking beer with
    was looking at fifteen years in a few days, and, if convicted,
    would have the biggest legitimate reputation by far of
    any computer criminal.

    I didn't necessarily credit the story he told me -- every
    accused felon tells you it was all a misunderstanding, and
    they are almost always just plain guilty.
    Neither, I must confess, do I have unquestioning faith in
    all the conclusions D.A.'s draw.


    Days later, an Oregon Jury convicted Randal of
    three felonies.
    Randal Schwartz was, in the eyes of the law, a
    Geek Kahuna Gone Bad,
    the first.



    Especially eerie about the Schwartz matter
    was the silence surrounding it.

    This clearly was a very significant case, far more so than
    some which have drawn a lot of attention.
    Randal Schwartz was either
    the most dangerous computer criminal ever,
    or something was terribly amiss, I had to know which.
    That night I put the project I had discussed with Randal
    on a shelf, where it remains.

    "Feel free to stop dancing around the issue
    any time you like and
    tell me what this is all about."


    On July 25, 1995, a Washington County jury in Hillsboro, Oregon
    convicted Randal Schwartz of three felony counts:


    Count 1: Randal did
    between November 1, 1992 and November 1, 1993,
    "unlawfully, knowingly and without authorization alter a computer and
    computer network consisting of Intel computers Mink and Brillig".


    Count 2:
    Randal did between August 1, 1993 and November 1, 1993,
    "unlawfully, and knowingly access and use a computer
    and computer network for the purpose of committing theft of the Intel SSD's
    password file".


    Count 3: Randal did,
    between October 21, 1993 and October 25, 1993,
    "unlawfully, knowingly
    access and use a computer and computer system for the purpose of committing
    theft of the Intel SSD individual user's passwords."

    "Look, son, Randal may be a what you call a Geek Kahuna,
    but the law is the same for him as everyone else."


    Actually, Randal was not tried under the usual criminal
    laws, but Oregon's Computer Crime law.
    Uses of this law are rare.
    I can discover only two convictions under it since 1991,
    and in one there was no trial.
    The purpose for a separate Computer Crime Law
    was to avoid having bad guys escape on technicalities,
    something its drafters felt that
    even an extensive revision of traditional criminal law would allow.
    This they accomplished by making it a felony
    to knowingly do anything
    "unauthorized" on a computer.
    Unusually for a law with severe penalties,
    there is no requirement to show the defendant caused or intended
    any harm.
    All that is necessary is to show
    that the proper authority did
    not like whatever was done.


    The first count is that, pure and simple --
    Randal putting a
    program on an Intel computer which Intel did not like.
    The "stolen" property of the second and third counts
    was never removed from Intel's premises, Intel was never
    deprived of any of the economic benefit of the
    property, and no evidence was presented
    Randal intended to do either of these things.
    These "thefts" consist entirely, again, of doing things
    which Intel decided afterwards
    it did not like and which it claims that Randal
    was not allowed to do -- this time with
    password files involved.


    Criminal laws with wide applicability and severe
    penalties are a feature of totalitarian states, and
    may be a necessary evil in free ones.
    In Randal's case, where he was trying to be helpful
    and caused no harm,
    the potential evil in applying such a law
    is far more apparent than its necessity.

    At the least,
    a free society asks that a serious crime
    genuinely reflect one of its serious concerns,
    and not simply be a tool the powerful can use
    against the powerless whom they find obnoxious.

    A good test of this can be made when a powerful
    individual breaks the law.
    But for computer crime, which is complex and
    technical, such tests are
    available only as a matter of luck, since
    the powerful decide who gets investigated.


    However, we have such a stroke of luck in this case.
    An Intel VP confessed on the stand to a more serious
    infraction of Oregon's computer crime law.
    And the Washington County D.A.'s office,
    which so eagerly talked tough when facing the
    powerless Randal,
    has observed a demure silence on this topic.


    The defects in the law should easily have
    been enough to prevent
    this case ever coming to trial, and made discussion of the rest
    of this matter moot.
    But at each step of the way, as one person or another faced
    the prospect of telling Intel "no", they chose instead to
    praise the Emperor's fine new suit.

    Some Highlights from the Ongoing Farce


    • No evidence that Intel disapproved of Randal's behavior
      exists, except as remembered after the decision
      was made to prosecute him.
      Not so much as a hand-written note indicates anyone had a
      problem with Randal beforehand.

    • Lest those testifying for the prosecution,
      all of whom had financial interests in the good will of Intel,
      forget Intel's concern in this matter,
      an Intel Security person sitting at table next to the prosecutor
      served as a convenient reminder.

    • Intel was heavy-handed in making its presence felt throughout.
      The police prepared the search warrant at Intel premises,
      three Intel employees helped search Randal's house,
      and one helped police interrogate Randal.

    • This interrogation produced the prosecution's "best" evidence:
      police statements that put the words of a full confession
      in Randal's mouth.
      Indeed they claim Randal confessed to a history of hacking
      everyone he had done business with.
      (All these other "victims" provided witnesses for the defense,
      and Randal was charged with none of this activity.)

    • The police claim to have memorized Randal's highly technical
      statements with the aid of a few "cryptic" notes,
      and reproduced them accurately later at the station.
      It is hard to overstate what an incredible
      feat of memory this is.
      Det. Lilley, who produced the more complete statement,
      didn't know what the word "directory" means in computer lingo.
      Mere mortals with similar backgrounds would have found it
      impossible to follow the discussion,
      much less memorize it verbatim.

    • In other contexts, Intel had previously
      authorized Randal to commit both the acts
      allegedly unauthorized in this instance:
      cracking passwords and building a gateway to the Internet.

    • Randal was well aware of the steps a computer criminal usually takes
      to avoid detection of his activities and took none of them.


    As I go through the records in this matter, more and more
    startling and troubling material continues to come out.
    It is as if this case was an entry in a contest to see
    how much misbehavior could be squeezed into a case where nobody
    was shot or beaten.
    I document my progress into this shambles in the
    Letters from Cybersalem.

    [prestigeart.com]


    The Letters From Cybersalem


    CS0: Announcement [slashdot.org].
    Obviously, the letter which announced the series.


    CS1: Disclosures and Disclaimers [slashdot.org].
    My connections
    to Intel and Randal, and various other things which need to
    be said. Nothing stunning IMHO, but you have a right to know and
    to judge that for yourself.


    CS2: Wizard Prosecutions: Then and Now [slashdot.org].
    A comparison of the quality of
    the prosecution in the Salem, Massachusetts of 1692 and
    the Hillsboro, Oregon of 1995.
    Witchcraft prosecutions have declined sadly in the last
    300 years.


    CS3: The Unindicted: Ed Masi [slashdot.org].
    It is so easy to make a case for the crime of which
    Randal was convicted,
    an Intel VP testifying against Randal made a
    full confession under oath on the stand.
    It's all here.


    CS4: Shocked, Shocked [slashdot.org].
    Randal's "crime" caused no harm, which is perplexing
    since harm is basic to both the legal theory and lay
    intuition of what "crime" means.
    The policy infraction to which Ed Masi confessed
    is shown to have quite likely caused real and serious harm to Intel.

    CS5: Leadfinger [slashdot.org].
    This imbecility is not without its literary appeal.
    A nicely Kafkaesque touch is added by the reluctance of the
    Intel nabob who ordered Randal nailed to identify himself.
    Of course, nobody forced him to come forward.

    CS6: Unlearn Perl in 41 days! [slashdot.org]
    Rich Cower of Intel security, adds to the list of
    remarkable intellectual feats performed on behalf of the
    prosecution. On June 13, 1995, he answers most questions about
    Randal's Perl scripts with assurance, but passes on others
    until he can look at the code.
    41 days later he testifies under oath he does not know Perl.

    CS7: The Essential Cower [slashdot.org].
    As Network Security Expert at Intel,
    Cower played quite a role in the case.
    He was present at the search,
    participated in Randal's interrogation,
    was an expert witness and
    as State's Expert sat next to the prosecutor
    for the whole trial.

    CS8: What Does Familiar Mean? [slashdot.org]
    However, this Intel "expert", when shown the seminal
    work in modern network security, Cheswick and Bellovin,
    does not recognize the cover.

    CS9: Shortcut to Expertise [slashdot.org].
    An examination of Cower's background and qualifications,
    as revealed in his testimony.

    CS10: Too Stupid for Their Own Good? [slashdot.org]
    Randal's local paper was
    The Oregonian,
    already notorious for ignoring the Packwood scandal.
    It heaped abuse on Randal and the whole
    "computer programming subculture"
    during the trial.
    I recommend anyone planning to work as a programmer
    in Oregon read this one.

    CS11: Oregon Employees have No First Amendment Rights [slashdot.org]
    Unbelievable?
    That is Judge Nachtigal's ruling.
    Read it.

    CS12: [slashdot.org]
    Oops! There Goes Another Personal Right
    Judge Nachtigal also discovered that the law
    allowed "silly" (her word) prosecutions,
    which in the D.A.'s words
    show his "office must have an awful lot of time on their hands".
    These are forbidden by the due process protections of the
    14th Amendment,
    but Nachtigal finds that
    "we may want that authority there with computers",
    and the charges against Randal stand.

    CS13: The Confidence of the Public [slashdot.org]
    This one is entirely uncommented quotes.
    Here are some snippets.
    The prosecutor: "I don't represent Intel."
    The judge: "Not yet."
    The detective: "We could probably use two or three more people".
    The Associated Press:
    "Intel Corp. is handing the local police $100,000 to have two
    detectives concentrate their computer theft efforts
    at the company."

    CS14: Moore's Lawlessness [slashdot.org]
    It would be surprising if Intel's heavy-handed contempt for the law
    were unique to this case.
    As Tim Jackson's new book shows, it is not.

    An Open Letter to Intel

    We wish to express our strong objection to the prosecution of
    Randal Schwartz and Intel's role in it. We believe it necessary
    that Intel repudiate the criminal charges made against Randal in
    Oregon v. Schwartz, refund any "restitution" paid based on those
    charges and offset the costs of Randal's defense against them.
    This is the minimum that fairness requires since what happened
    was at worst a policy breach and since Randal also suffered loss
    of income, loss of reputation and a good deal of anguish.


    [slashdot.org]
    The full list of signers


    [slashdot.org]
    The current signature count, with subtotals by country


    [slashdot.org]
    Signers whose names you might recognize


    [slashdot.org]
    Comments made by the Signers


    The Open Letter closed to new signatures on October 4,
    1999. Thanks to all the over 2000 signers!



    [wednet.edu]


    Links


    To get an auto-reply giving Randal's own statement, and
    discussing how you can contribute to his Legal Defense Fund, send
    an empty message to
    [mailto]
    Randal's Defense Fund mail daemon
    .


    Steve Pacenka maintains
    [lightlink.com]
    the Friends of Randal Schwartz website
    ,
    which is dedicated to archiving all relevant materials from
    all sides of this issue.


    There is also [stonehenge.com]
    Randal's award-winning website
    .
    How come he gets an award and I don't? :-)


    You can subscribe to
    [mailto]
    the fors-discuss mailing list,
    by sending a empty message to
    join-fors-discuss@telelists.com.


    There is also
    fors-announce [mailto],
    a moderated announcement list for Randal's case.
    This can be subscribed to by
    sending a empty message to join-fors-announce@telelists.com.

    Press Coverage [slashdot.org]

    I want to thank this site's host ISP
    A2I (rahul.net) [rahul.net].
    for its steadfastness and generosity.

    [webtechs.com]


  • One of my good friends here in Phoenix worked for them for several years in a contract programmer deal. A neighbor of his was a high ranking executive at Intel also. The guy [the neighbor] was an avid golfer and developed a friendship with another golfer and they would hit the greens frequently together, even sharing a frothy beverage after a round. A few months later, this executive is dismissed, arrested and tossed into the pokey for disclosure violations. It turns out that the his alleged golf "buddy" was a Intel paid spy - and that he mentioned in casual conversations results of some chip tests (at least according to my friend's neighbor's story ...) - and that was the nail that did him in. I forget the exact bail but it was a serious deal.

    Of course, one can retort that this blurb is entirely anecodotal and without hard empirical evidence. Nevertheless, others who have worked for Intel are full of interesting anecdotes themselves, albeit not as serious as the story in the previous paragraph.

    • I suppose one could always hire some P.I.s and sic them on various Intel executives. When the inevitable photographs of some of these guys cheating on their wives come around -- and believe me, they will -- make sure to distribute the photos far and wide.

      Spying goes both ways. LOL.

      C//
      • one can retort that this blurb is entirely anecodotal

      Actually, it's a plotline from King of the Hill. You probably watched it when you were high as a kite. If you think that the show just copied it to sow confusion and cover up the real event, that's the paranoia from the weed talking. ;-)

  • What's the problem here? (Score:5, Funny)

    by duffbeer703 ( 177751 ) on Monday December 24, 2001 @12:29AM (#2746264)
    Randal is totally innocent.

    If I found out that someone who was not a sysadmin or security analyst was running a password cracker on my systems, I'd be very pleased.

    Lets face it, it's a pain in the ass to setup passwords crackers, and if a "White Hat" Hacker decides to break into my mailserver, he's really doing me a service.

    As an example of similar activity, just the other day I found a man trying to unlock my mailbox with a screwdriver by prying the door off. I was actually comforted by the gesture, since I can now send a bug report to the post office and request that they install a stronger door.

  • Just took Stonehenge learning perl in portland. (Score:3, Informative)

    by BrookHarty ( 9119 ) on Monday December 24, 2001 @12:30AM (#2746268) Journal
    I was looking forward to meeting Randal at the "Learning Perl" class in portland, but he was sick. Thou a nice guy named Tad McClellan tought the class. We talked about Randal for a few minutes. Randal just used bad judgement, but there was never criminal intent.

    I really hate how the laws are using this non-violent, non-profit hacking as a crime. He should of been fired for breaking company policy, but a crime? He didnt steal anything, a password file was used on a company computer to run crack, he was planing to use it for the good of the company.

    I wish I owned a large enough company like microsoft or oracle, I could use my business and political weight to bring attention to matters like this. If Bill Gates announce he was moving all his companies from Oregon because of the way they treat thier citizens, maybe Randal would get a pardon. Look how Adobe called the FBI and they acted, the government supports the larger companies.

    Is it me, or is the laws and poltical dealings of of our Goverment piss you off? If it wasnt for 911 goverment reform would be taking place. But now its Terrorist threats and cyber laws.

    I better watch what I say, freedom of speech seems to be a passing fad.

  • Innocent my left ass-cheek (Score:5, Funny)

    by ilsa ( 197564 ) on Monday December 24, 2001 @12:34AM (#2746280) Homepage
    Crackers are bad enough. Password stealing crackers who put INLINE SOUND on thier webpages should be shot.
  • I recently read an article in The Oregonian (newspaper) that said politicians are seriously looking at Oregon's court system; they've made some rather unpopular rulings lately. As I recall the issue the article discussed was regarding a ballot measure that voters passed, but the state Supreme Court ruled unconstitutional, because in the eyes of the court, the ballot measure combined two seperate issues on the same measure, which is illegal (as it should be, IMHO), but the two issues really didn't look like they were unrelated at all.

    Sorry I don't remember the details, but anyway, don't think everyone in Oregon agrees with the courts on this sort of thing.

    • Found the article (Score:4, Informative)

      by Phroggy ( 441 ) <slashdot3@@@phroggy...com> on Monday December 24, 2001 @12:56AM (#2746320) Homepage
      Of course, just after I hit Submit, I found the link to the article:

      Rulings may put Oregon courts on trial next year [oregonlive.com]

      The article is dated 11/26/01 and the only keep one month available for free online, so that link may expire soon.

    • Re:FYI about Oregon courts (Score:4, Informative)

      by dhogaza ( 64507 ) on Monday December 24, 2001 @01:15AM (#2746350) Homepage
      Actually, the Oregon Supreme Court's ruling in the case that you're mentioning was eminently reasonable. The measure on the ballot *clearly* addressed separate issues, and the Oreogn Constitution is veyr clear on the issue.

      We have one of the most liberal constitutional amendment amendment procedures in the country. All you need is 50% + 1 vote to change it.

      If the right (or the left, though the right has been the side playing the game) wants to put multiple issues under a single ballot measure, all they need to do is to pass a Constitutional Amendment by a 50%+1 vote margin to rewrite our Constitution to allow it.

      The reason why this is important is that they put up tax-cutting measures that then have unrelated stuff tacked on in a single ballot measure. They hope that the promise of lower taxes will attract enough votes to pass the ballot measure regardless of whatever else they stuff into it.

      I personally think that those who write my state's Constitution were wise to specify that every initiative ballot measure must address one, and only one, issue. (it is incredibly easy to put a ballot measure up here, popular democracy at its best, the least we can ask is to be given one question at a time to vote on).

  • Double standard (Score:2, Insightful)

    by jdavidb ( 449077 )

    Eight years later and Randall's still trying to get the blot off of his record and get his money back. (Thank goodness the highly rated comment that said noone would hire him is completely misinformed!)



    Yet, the Intel VP who picked 'pre$ident' for his password and shared it with his secretary, thus compromising secure information, in violation of company policy ("knowingly and without authorization," as the Oregon law says) is not in court at all. Same law. Same crime.



    "Oh, but that law's not too vague. It's only intended to be used against bad people, and the judges will make sure of that."

  • This has already been discussed to death but I'll put my $0.02 in.

    Schwartz is an ass, who also happens to be a good tech. writer. Personally I think the folks at Intel should have de-listed him from their list of contractors on the first incident and notified his employers at O'Reilly, who also should have terminated any contracts due to breach of trust.

    Indeed, that's the situation: breach of trust and breach of security. Perhaps theft in the case of password files, but not to the degree of felony charges. Does stealing a key or card-key usually result in anything more than petty thief charges unless further thefts occur??

    Any reprimands/punishments should not have gone further than his employement.

  • First hand... (Score:2, Insightful)

    by bobbabemagnet ( 247383 )

    As a student at Oregon State University (go Beavs) I had the opportunity to listen to Schwartz explain the situation in which he was currently a victim. There is no doubt in my mind that his behavior was professional and responsible. He was doing a favor, volunteering his time and clock cycles, to improving a gaping security hole. It is the responsibility I would hope for from any professional.

    To be condemned for his behavior sends a message to all that security problems should be ignored to be exploited later by the truly dangerous, rather than exposed by the people whose job it is to improve the security of his and his peer's domains.

    I was glad to have heard him speak to us, and I think this man is certainly not the criminal he is accused. Rather than condemn him, we, as a community that believes in improving security and protecting systems, should support him in his endeavor to beat a law that was inappropriately inaugurated on him.

  • Re: (Score:2, Flamebait)

    by account_deleted ( 4530225 )
    Comment removed based on user account deletion

  • I know I shouldn't say this but... (Score:3, Funny)

    by DarkHelmet ( 120004 ) <mark&seventhcycle,net> on Monday December 24, 2001 @05:13AM (#2746795) Homepage
    Well, I guess the Schwartz wasn't with him...

    (Look at my friggin' nickname, I just had to say it).

  • Once in a while, we run up against a person who truly and arrogantly believes that ability to do something equates to permission. Perhaps the notion is also somewhat childlike as well.

    I'm not sure why exactly, but I get flashbacks to movies like "Lawnmower Man."

    I understand the giddy feeling of power some of us have over the people we work for -- they don't fully understand what we do, what we know or what we're capable of. We're wizards, magicians and gods. SOMETIMES the power goes to our heads and the case with this guy is NOT unique.

    The unfortunate side effect of being a wizard/magician/god is that people will fear us as well as admire us. The current trends in legislation prove it. Much of it amounts to "you're guilty because we suspect you of it."

    Even I went through my "script kiddy" phase... had more than one internet account/connection pulled out from under me due to suspected hacking activities. Luckily, that's the worst that happened to me and I learned my lesson in life.

    I can't agree with the "witch hunt" atmosphere used in the judicial systems at the moment. If they want to create special laws for handling "cyber crimes" then do so by using judges and juries capable of handling these cases! Don't expect laypeople to be able to understand what it is they are judging in this case. And when it comes to the notion of "jury of peers" I can certainly see where the system is failing to address what a peer is in this case.

    They aren't stupid -- the situation is geared to give the prosecution the edge where ignorance and fear is the weapon used against the accused. But that does deny the accused of a fair trial doesn't it? How can this important issue be brought out into the open and corrected?

  • One big lesson from this for big companies like Intel and Adobe is that having your problems discussed on Slashdot is VERY costly.

    I've read a lot of the posts, and they have the effect of making Intel seem less like an interesting place to work. The good people may just not apply in the future, and that may mean that nothing will stop Intel's decline.
  • If you're going to link to a page that has the posting from Randall, you'd be much better off linking to http://www.stonehenge.com/fors/archive/discuss/154 9 [stonehenge.com] than to the Yahoo page.

    The Yahoo page requires cookies and other junk in order to be able to be displayed, while Randall's own archive does not.

  • I think there is, or should be, a line between what is ethical and what is lawful. Breaching your employing company's security policies is certainly unethical: in the end, when you are part of an enterprise, you have a duty to live by its rules on the understanding that these rules are there to protect the organisation from harm. This duty is most relevant when you think these rules are stupid.

    With regard to the criminal law, though, the law in Oregon appears flawed in the sense that there appears to be no suggestion that Mr. Schwartz cracked the password file for any other reason than to test the security of the system. There appears to be no motive to steal, or kill, or cover up evidence of a non-computer related crime.

    You effectively have a law here which was framed with the external intruder in mind, which when applied to an internal user - one employed to work on the computers of the company - fails the test of reasonability.

    Speaking personally, my experience with computer consultants is that playing around with technology and doing things with company systems that they are not supposed to is just what they do, at least the good ones. It is the nature of the beast.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close