McOwen Case Settled

ewilts writes: "Back in July, you ran a story about David McOwen, a computer adminstrator at DeKalb Technical College in Georgia, who was being charged for installing SETI software on school computers. This case has now been settled. See also the EFF press release on McOwen's web site." Update: 01/18 16:11 GMT by M : It was software from distributed.net, not SETI.

THIS WASN'T SETI SOFTWARE

[Lester67]

There... I said it.

Re:He got off easy...

[the_2nd_coming]

he should have been just ired then.....saying he HACKED a system that he had full administrative rights to is rediculous....its like calling the police on your house keeper for breaking and entering even though she has a key and is contracted to do work in your house.....if she was having parties then you fire her, you can not get her on breaking and entering.

Re:Powerful implications

[swordgeek]

Hacking in??? What version of the case did you read?!

He installed unauthorised and inappropriate software. Same thing could have happened if he'd installed Quake, but only played it during off hours.

Regardless of the end goal (research?), SETI is effectively entertainment software from the client side. It serves no useful function for the company whose machines he ran it on.

He deserved and got a slap on the wrist. Not a bad settlement all round.

He originally faced 30 YEARS?????

[Em Emalb]

Jesus, folks, Our government needs a head dunking. 30 years for a benign program on a few machines, (I live near there, it isn't a large campus) as opposed to 6-10 for MURDER? Hot damn, he didn't kill anybody....let's just be really glad he got off "light"

Re:$2100 and 80 hours community service

[Darkness Productions]

Actually, he was running RC5. The problem the school had with this is that with RC5, there is a change (albeit a very limited one) that you could win money. He had not stated that he would give the money to the school...

Read about it here:
http://arstechnica.infopop.net/OpenTopic/page?a=tp c&s=50009562&f=122097561&m=1110950822 [infopop.net]
http://arstechnica.infopop.net/OpenTopic/page?a=tp c&s=50009562&f=122097561&m=7450963242&r=5150986242 #5150986242 [infopop.net]
http://forums.anandtech.com/messageview.cfm?catid= 39&threadid=518510&start=1 [anandtech.com]
http://forums.anandtech.com/messageview.cfm?catid= 39&threadid=518184 [anandtech.com] This was widely discussed among many of the more well known distributed computing teams. Check it out.

Re:Powerful implications

[zangdesign]

It might be helpful to think of the sysadmin as more of a caretaker of the system, rather than as an absolute master of the machine. Owen's job (as I understand it) was to maintain the systems in a running state to provide computing services to faculty, staff, and students. While this occasionally includes installing software, it does not include installing software that is not necessary to the mission of the school.

The presumption that he was the absolute master of the machines was in error. In this case, the System Administrator's job was not to set policy, but rather to advise. You would do well to clarify whether this is the administration policy with whatever company you work for.

Owen's got lucky - and probably got about what he deserved for screwing around with state equipment.

Re:Powerful implications

[mccalli]

...the precident set here is that sysadmins can no longer choose to install software at will.

And thank god for that.

Production systems are controlled environments - last thing you need is some unaudited, unexpected and unauthorised changes messing them up.

Cheers,
Ian

Re:Powerful implications

[the_2nd_coming]

fine, I understand that he is nor the master of the machine, but for not following company policy, you lose your job, not get prosecuted (unless you steal office supplys ;-)) costing a company money by loss of bandwidth is waising resources, not stealing.....you get fired for making personal copies at the copier, not prosecuted for theft, and in this case, HACKING!!!

59 cents / second??

[ch-chuck]

Wow! I'm sitting on a friggin' gold mine. Who in their right mind would ever pay upwards of $35 for ONE MINUTE of time on a PC?? You can buy a good system that's paid for itself in just one hour of time!! Lets see, going by the usual inflated legal dollers, this 1.5Ghz P4 I've been burning in for the last two weeks has just wasted $713,000. boggle.

Re:Powerful implications

[Erasmus Darwin]

"how the heck can you charge a sysadmin with hacking into a system that they have full privleges to in the first place?"

Having full system access (such as 'root' on a *NIX box) does not always translate into having full authority (i.e. direct permission from real humans) to do all actions that are permitted by that level of access. The anti-hacking law he was charged under most likely has a clause about using a computer system in excess of the user's authority.

For example, while a sysadmin may have root access to a system that he must maintain, he may not necessarily be permitted to use that access to snoop through the VP's mail spool. Similarly, a McDonald's employee that has the restaurant keys so he can lock up at night is still trespassing if he abuses those keys to throw a wild party there at 4am. Finally, it's still car theft if a chauffer decides to just drive away with the car that he's got full physical access to.

What it all boils down to is how explicitly defined the sysadmin's authority was in this matter.

Re:Powerful implications

[Anonymous Coward]

Lots of things are illegal in Georgia ;)

Re:$2100 and 80 hours community service

[dasunt]

While lets try my way of figuring out what a program is.

First stop - groups.google.com and search for dnetc.exe

3rd one down (first english post) links to one of the viruses that install dnetc

4rth one down links to the distributed.net's virus/trojan page that talks about dnetc.

First www.google.com search for dnetc.exe gives me distribute's page.

Searching is a good skill to have. :)

Re:Seems reasonable

[Restil]

I don't think its unreasonable at all. While I think that what he did was more of a fireable offense rather than a legal one, there's still no doubt that what he did was wrong, and that it cost the company money to root out the problem and correct it.

Remember, when this whole thing started, the company was under the impression that there was some program leaking out information. They thought that this was MUCH more serious than a simple distributed program. And when they went
running to law enforcement, this was their original complaint.

As we saw in the Adobe case, just because the complaintant backs down, that doesn't mean the government will. Once you choose to press charges, its out of your hands. This isn't a civil case. Parties in a civil case can settle their differences any way they want and only need to go to court if they can't. This was a criminal case, and while a criminal case is somewhat hurt by the loss of cooperation by the "victim" it does not mean they have to stop prosescution.

I would prefer that the EFF and the community at whole give more attention to those cases where people aren't actually guilty of anything. Not where someone did something wrong and everyone else is just overreacting. Certainly, I don't agree with the initial time he was facing, but if he had been doing his job correctly he never would have had this problem in the first place.
Show some responsibility people!

-Restil

Re:This is but a symptom of our ongoing decline

[Erasmus Darwin]

"By giving that person a housekey you have granted them access to your premesis. By definition they cannot be tresspassing."

You've granted them physical access. You have not, however, granted them absolute permission -- you've granted them conditional permission to enter your house to perform their job duties, and you've explicitly denied permission for them to be in your study at all. By definition, trespassing has to do with going where you don't have permission to be, rather than going where you don't have access to -- you can trespass on an empty lot that lacks physical access control but has signs specifically denying you permission to go there.

Re:Fire 'em

[anthony_dipierro]

Perhaps it's a precedent for telling sys admins to stick to their jobs and keep the best interests of their employers in mind when installing software.

Considering that the $2100 probably didn't even pay for the university's legal fees, this actually sends a message to universities that if they make such spurious lawsuits they'll lose more money than they make. Maybe the university will think twice next time, and reprimand and/or fire the kid without going through the legal system.

Re:Fire 'em

[The_Rook]

fine. fire the guy. that's the right way to handle this. but you didn't call the attorney general and have the guy arrested, did you? that would be an overreaction.

now, if he installed a back door and used that to break into your system afterwards...