McOwen Case Settled 286
ewilts writes: "Back in July, you ran a story about David McOwen, a computer adminstrator at DeKalb Technical College in Georgia, who was being charged for installing SETI software on school computers. This case has now been settled. See also the EFF press release
on McOwen's web site." Update: 01/18 16:11 GMT by M : It was software from distributed.net, not SETI.
He got off easy... (Score:2, Informative)
Seems reasonable (Score:3, Informative)
Already in Slashback (Score:4, Informative)
Re:$2100 and 80 hours community service (Score:4, Informative)
He ran the dnetc.exe client on a ton of school PC's in Georgia.
The funny thing, is that it took several "security experts" a lot of work to figure out what dnetc.exe actually was
Re:Powerful implications (Score:2, Informative)
Still at the same time, I very much dislike the aspect of the justice system that scares innocent people (or at the very least people who are not in the wrong) into accepting a sentance because they are afraid and do not want to fight. Oh well.
mirror incase it gets slashdotted (Score:2, Informative)
Electronic Frontier Foundation Media Release
For Immediate Release: January 17, 2002
Contact:
Lee Tien
Senior Staff Attorney
Electronic Frontier Foundation
tien@eff.org
+1 415 436-9333 x102 (office), +1 510 290-7131 (cell)
David Joyner
Attorney
Kenney & Solomon
CDJoyner66@aol.com
+1 770 564-1600
Distributed Computing Prosecution Ends with Whimper Not Bang
Georgia Man's Ordeal Ends
San Francisco - David McOwen can finally see the light at
the end of the tunnel. After about two years of facing the
prospect of years in prison and more than $400,000 in fines
and restitution, the former DeKalb Technical College systems
administrator has accepted an offer by the state of Georgia
that will bring his legal nightmare to an end.
Since February 2000, McOwen has been the target of a
"computer trespass" investigation and then prosecution. His
crime? In 1998, he installed a distributed-computing client
(like the SETI@home screensaver) on the college's PCs in
order to participate in a distributed decryption contest. In
early 2000, the school administrators threatened McOwen with
criminal charges and called in the Georgia Bureau of
Investigation. The threat of more than $400,000 in liability
was based solely on the use of the school computers, valued
at 59 cents per second.
Under the terms of the deal, announced today, McOwen will
receive one year of probation for each criminal count, to
run concurrently, make restitution of $2100, and perform 80
hours of community service unrelated to computers or
technology. McOwen will have no felony or misdemeanor record
under Georgia's First Offender Act.
"David never should have been prosecuted in the first place,
but we're glad that the state decided to stop," said Senior
Staff Attorney Lee Tien of the Electronic Frontier
Foundation (EFF). "This is a very good result for David. He
very likely could have won if the case had gone to trial,
but trials cost money and you never know what will happen."
Tien explained that much of the case against McOwen turned
on whether he had fair notice that installing the
Distributed.net client software was prohibited. Under the
Georgia computer trespass statute, criminal liability may
only be imposed if the person uses the computer or network
with knowledge that the use is unauthorized. "From what I
can tell, the state would have had a hard time proving
beyond a reasonable doubt that David knew he wasn't
authorized to install the software," Tien said. "I can't
help but feel that this was a face-saving deal for the
state."
"The state's claim of up to $815,000 for computer time seems
to fit an old pattern that we've seen before," Tien said. In
one of the first cases championed by EFF, a man faced years
in prison for obtaining and publishing an internal BellSouth
document initially valued at almost $80,000. The case was
dropped after evidence was introduced that it was publicly
available for $13.
The issue raised by McOwen's prosecution isn't an isolated
one, Tien added. Distributed computing is an important
scientific tool that can harness the spare cycles of
numerous personal computers into the virtual equivalent of a
supercomputer. The SETI@home screensaver, for instance,
allows computer users all over the world to aid in the
search for extraterrestrial intelligence. Last year,
however, the Tennessee Valley Authority banned the SETI@home
program from its computers, declaring it a risk to computer
security.
While McOwen's legal problems appear over, they've taken a
serious toll. He resigned from his job at DeKalb soon after
the school threatened him. And he was fired from his next
job at Cingular Wireless last August because of the bad
publicity surrounding the case.
EFF wishes to praise and give special thanks to David
Joyner, McOwen's attorney at Kenney & Solomon, for all of
his hard work. Thanks are also owed to McOwen's supporters
at FreeMcOwen.com and MachineThoughts.com for publicizing
the case and raising money for his legal fund.
Legal defense fund for the McOwen case:
http://forums.anandtech.com/messageview.cfm?catid
About EFF:
The Electronic Frontier Foundation is the leading civil
liberties organization working to protect rights in the
digital world. Founded in 1990, EFF actively encourages and
challenges industry and government to support free
expression, privacy, and openness in the information
society. EFF is a member-supported organization and
maintains one of the most-linked-to websites in the world at
http://www.eff.org/
It wasn't SETI@home! (Score:5, Informative)
Well, he was running some distrubuted.net-type decryption client where he would have WON MONEY had he been the one to find a key.
Not so humanitarian and innoculous now, is it?
Years in prison and a $400,000 fine are extremely way beyond reason, but I can see how this was a crime as he stole company resources for personal gain.
The $2100 fine does seem reasonable as I think he would have won $2000.
Re:Powerful implications (Score:5, Informative)
Although he got off relatively light, the precident set here is that sysadmins can no longer choose to install software at will.
The case was settled out of court. Absolutely no precedent was set.
Distributed.net trojans and worms (Score:4, Informative)
...or opening up a security hole [distributed.net].
Every piece of software installed present a potential threat. Did it come from a reliable source? Does it have security flaws? Obviously, there has a be a reasonable balance between maintaining security and giving users the flexibility they need to do their jobs. I get very irritated when a company won't let me install software I need -- or just want! -- on my desktop at work.
This balance tips increasingly in favor of security as if installation is (1) on a server, (2) on a production server, (3) on a lot of machines. Maintaining that balance is a sysadmin's job. And this guy was definitely not doing his job.
All that said, aren't criminal charges just a little out of line? He should just have been professionally reprimanded, or maybe fired. But a lawsuit?
Re:He got off easy... (Score:3, Informative)
My guess is that he was accused of "appropriating" the computers at the school, which the Act defines as "computer theft." But as I read the Act, it sounds like using one's work computer to visit a non-work-related website without one's employer's permission would also qualify as the crime of "computer theft," even if it were on your own time. In fact, it might be arguable that using one's work computer on one's own time to write a letter to one's congressman could be "computer theft" as defined under the Act, if your boss didn't give you permission to do it.
Take a look at it, it is pretty interesting reading . . .
Re:Georgia a backwater? (Score:2, Informative)
A perfect example is a case like this. Regardless of how you, your brother, or the lawyer down the street *feel* about the alleged criminal (keyword: alleged), he is entitled to full and fair representation when his day in court comes. If, in the case of that trial, it comes to light that his basic rights have been violated (for example, he gave a confession after being beaten), it is the job of the lawyer to advise the judge of that fact. Why? Because we understand that certain aspects of our society - the "justice system", for example - supercede any act that one individual commits. A lawyer who acts on his moral sense instead of his professional sense in such a case ("this guy is a murderer, and despite the fact that he confessed under duress, I won't represent him because I don't like murderers") should not be a lawyer.
Ultimately, we vest the power of judgement in a jury (or in some cases, a judge), not in our lawyers. Lawyers are like referees - they make sure that everyone is playing by the rules, and has an equal chance. We do this, presumably, because we understand that morality is a fleeting thing, and different from person to person. Occasionally that means that someone gets to raise a ridiculous case (such as this one!), but I'll take a lifetime of such cases if it means that I can get fair representation were I to be accused of a heinous crime.
Re:Distributed.net trojans and worms (Score:3, Informative)
McOwen Was Warned (Score:3, Informative)
SecurtyFocus [securityfocus.com]
Financial Motive Alleged
Willard says that McOwen was singled out for prosecution partly because he had ignored his supervisor's warnings. "In this case, Mr. McOwen was expressively prohibited by his superiors from downloading these programs and was informed on many occasions by his supervisors to stop downloading programs," said Willard. "They were aware that he was doing it and he had gone in and cleaned it up on numerous occasions." Joyner insists McOwen received no such warning.
Prosecutors also claim that McOwen had a financial motive for volunteering the school's machines. McOwen was a top producer on distributed.net for "Team AnandTech," a group sponsored by a hardware forum site which is still the second ranking contributor to the RC5 research project. A $1,000 prize goes to the individual contributor who recovers the RC5 encryption key. "McOwen placed a program on computers, that in his estimation would benefit him personally, including computers that has sensitive student financial and identity information without authorization," says Willard. "There is concern about the program itself compromising or providing the basis to compromise sensitive personal or financial information, there is the matter of Mr. McOwen's unauthorized activities on this computer, and finally there is the point that there was misappropriation of state property."
He was warned several times, and the software had repeatedly been uninstalled. This isn't the only article I've read that discussed this fact. I may not agree with the charge or the penalty, but he should have been fired for ignoring his supervisors continued requests.
Re:Fire 'em (Score:2, Informative)