As a sysadmin who uses perl, I must respectfully disagree. I find the fact that computer crimes laws could be used against me for doing my job extremely disturbing.

Have you actually read any of the documents surrounding this case? Computer crime laws were not used against Randal for doing his job. That is simply plain false and I am disappointed that Randal isn't doing a better job trying to clear up that misconception. In no way was running crack on password files part of his job description at Intel at the time. Installing programs to subvert Intel's security policies regarding machine access was also clearly outside the realm of any of his stated duties, and was an activity which he admitted to having been repeatedy told by superiors to cease.

If you wish to persist in your belief that Randal was busted for doing his job, that's your affair. Please do not continue to spread such unsupported allegations here. Please do show us how computer crime laws were used against Randal for doing his job! There is a great deal of stuff floating around claiming that Randal was blindsided by laws that made his job-related activities illegal. The activities he engaged in that led to the charges and convictions against him were simply not part of his job. I'd feel much more sympathy for the man if he would more publicly assert the fact that he did break the law, that he was operating well outside of his then current job description when he did so, and that he had been warned on more than one occassion by superiors to doing some of things he was eventually charged for.

Yes I think there were certain miscarriages of justice involved. They just aren't the miscarriages you and many others seem more than willing to believe.

He Who Must Not Be Named wrote:

Have you actually read any of the documents surrounding this case?

Well, here we have the pot and kettle all over again. Have you paid attention to the controversy at hand? Now, I'll be the first to admit that what Randal did could be seen in a dubious light. The question, though, is about the law. Let me repeat that: the question is about the law.

The question is about the law.

Sorry if I seem carried away, but so many people seem to miss this point. The law has nothing to do with right or wrong (though they often overlap); it has everything to do with legal or illegal and the question in this case is exactly what is illegal. Here are Randal's felony convictions:

1. Mr. Schwartz unlawfully, knowingly and without authorization altered a computer and computer network consisting of Intel computers Mink and Brillig.
2. Mr. Schwartz unlawfully, and knowingly access and use a computer and computer network for the purpose of committing theft of the Intel SSD's password file.
3. Mr. Schwartz unlawfully, knowingly access and use a computer and computer system for the purpose of committing theft of the Intel SSD individual user's passwords.

Those convictions are a load of horse pucky. See the word "computer" up there, repeated so many times? Randal was convicted of a computer crime. What's a computer crime? At the time of his trial, Oregon law was pretty ridiculous. Here are some excertps:

"Computer" means, but is not limited to, an electronic device which performs logical, arithmetic or memory functions by the manipulations of electronic, magnetic or optical signals or impulses, and includes all input, output, processing, storage, software or communication facilities which are connected or related to such a device in a system or network.

By the definition of Oregon state law, my coffee pot is a computer. Here's what "access" means (remember, that's what got Randal in trouble):

To "access" means to instruct, communicate with, store data in, retrieve data from or otherwise make use of any resources of a computer, computer system or computer network.

Now for the coup de grace:

Any person who knowingly and without authorization uses, accesses or attempts to access any computer, computer system, computer network, or any computer software, program, documentation or data contained in such computer, computer system or computer network, commits computer crime.

You should read the entire law. It's pretty stupid. It's written by well-intentioned people who don't have a clue what they're doing. Under the law, let's say that I an ex-girlfriend who tells me never to call her again. I find that she left some clothes at my apartment, so I leave a message on her answering machine to that effect.

Since her answering machine is a computer (164.377.1.b) and I since I have knowlingly altered the contents of its memory (164.377.3), I am guilty of a Class C felony (164.377.5) (and perhaps a Class A misdemeanor (164.377.5) for leaving a message (164.377.4)).

That's a friggin' joke. The law is stupid. The lawmakers are ignorant. For the court to refuse to hear such a patently aburd case is a threat to all who work around computers. I suppose that technically, I might be guilty of crimes for using the Internet if someone posts a notice on their site that you're not allowed to surf their without authorization.

Of course, that was back in 1993 when lawmakers were still coming to grips with things. The 1995 revision to that law is no better (and it's what we currently have to put up with).

I don't care whether or not you think Randal did anything wrong. The law is an abomination and that is what this is about. If a law is this rotten, it needs to be thrown out. That anyone could think this is acceptable is puzzling to me.

Cheers,
Ovid

Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

.

Yep. This law may be stupid. It may even be worded poorly. And thank god it is an Oregon specific law (although the DMCA may well apply to cases such as this as well).

However, when it comes to arguing about whether or not laws are good or bad, the system depends on cases where we actually consider the defendent innocent except for the unjust law. merlyn's case is nothing of the sort. My impression in reading about this over the last year or two has been that the acts in question are clearly out of bounds, thus deserving of a legal penalty.

I don't consider this a felony type of thing, though. And this is where the law and I part company. There needs to be an additional crime here: downloading informational files, damage to information, misuse of the CPUs (which some might argue running crack on them is), fraud, forgery, *something* besides simply cracking. I mean, people who beat their wives usually get to plea down to various minor misdemeanors, yet a guy who cracked a computer account or two and did nothing worth mentioning is a three time felon? Bass ackwards, IMO. Of course, IMO we should legalize a whole lot of currently forbidden stuff, so IMO ain't worth a whole lot sometimes. But apparently a bunch of Oregonians agree with this law, many of them highly trained lawyers, judges, and the like.

And it is for that reason we cannot afford to muddle the issues surrounding this by on the one hand declaring merlyn to have committed offenses as described, but then attempt to state that he is innocent because the law is no good. Clearly the law is intended to proscribe the very things he did. Is it vague about it? Yes. Is it unusually harsh? Yes. But does his case really nullify the law the way your absurd example might? OR Supreme Court says no way. So when you hear that this law was used in a way that was unintended by lawmakers (like your answering machine example), then we have a clear case where the law is too vague. If we find that someone is convicted of a felony according to this statute because they received a quick email from their mom at work (and "personal" email is forbidden), then I think we have a case that the law is way too harsh. And then maybe the lawyers for the defense will have something to use in court.

But that's not what we have here. What we have is merlyn, who seems given to outburst and unpredictability. We have him running password cracks on machines he is reportedly not to be using against password files he is not to have possession of. That either Intel, ORA, or SSD had bad password files didn't sound like it was any business of his at the time he was doing this. So what are we to think? Sounded to me like all he wanted was to read his email and help out-- those sound like good intentions, even if his methods leave a lot to be desired.

Imagine if I, in the interest of making sure my web hosting service is "secure enough", decide to run crack on their machine against the local /etc/passwd. Or what if I ran that utility that scans websites for vulnerabilities like old versions of formmail.pl? Sure I can say I was doing this to protect them and to protect myself, but it is not my place to do such a thing without clear communication and permission. I cannot help but think that monks the world over would rally around the hosting service for kicking a cracker (the hypothetical me) off the system. Especially if I was looking for formmail.pl! That would clearly mark me as a spammer looking for open relays! I mean in that case jail time is warranted, right?

And FWIW, I do think this is Perl news, because for better or worse (mostly better *grin*), merlyn is one of the top ten names in Perl history. But *that* is the reason the story is perhaps appropriate here, not because of its far reaching implications for sysadmins or Perl users. Of those I see none.

Addendum: having read merlyn's answers to princepawn in So why did you crack..., I just want to say that obviously things have changed since the good old days, and I doubt any of us on the outside can judge the nature of the working relationships he had with the Intel people (among others) and so will have an impossible time judging whether or not (even in hindsight) this or that action or that action was appropriate or expected or whatever. The warning is clear, though. The people who write these laws are serious, but does this mean that I think a sysadmin should suddenly fear to do his job? No.