Index
Previous
Next
Letter from Cybersalem #3
From Charles MacKay, Extraordinary Popular Delusions and the Madness of Crowds [1]:
"It was a crime imputed with so much ease, and repelled with so much difficulty, that the powerful, whenever they wanted to ruin the weak, and could fix no other imputation upon them, had only to accuse them of witchcraft to ensure their destruction. Instances, in which this crime was made the pretext for the most violent persecution, both of individuals and of communities, whose real offenses were purely political or religious, must be familiar to every reader. The extermination of the Stedinger, in 1234; of the Templars, from 1307 to 1313; the execution of Joan of Arc, in 1429; and the unhappy scenes of Arras, in 1459; are the most prominent."
From Ed Masi's testimony in Oregon v. Schwartz (Ed Masi was Intel corporate vice president and the general manager of SSD) [2]:
Q: "Policy 3.5 indicates that you're not to give out your password to anybody. Are you familiar with that policy?"
A: "Right."
Q: "But you gave out your password to your secretary?"
A: "That's correct."
From Tom Tintera's summation [3]:
"If he didn't want to do it, he should have quit. Don't take their money any more and go somewhere else where you can do whatever you wanted to do. But when he agrees to take their money, he agrees to stay within the corporate policy, and his actions are unauthorized if he goes beyond that. And he was told over and over again, but he just didn't want to do it. He wanted to do it his own way with that special license and privilege he granted himself."
Tom Tintera, by the way, is talking about Randal Schwartz in the above, even though the facts he cites describe Ed Masi's testimony much better than Randal's. In his testimony, Intel's ranking accuser graciously volunteers himself as an example of how sweeping the law under which Randal was prosecuted actually is. Mr. Masi's flagrancy is a bit out of the ordinary, but not just Ed and Randal are caught up. In practice, the law is so broad that it makes nearly everyone who uses a computer at work a criminal.
Randal was accused of "knowingly altering a computer without authorization". This has four elements. First, a computer must be altered. Second, the accused must know he is altering it. Third, the alteration must be unauthorized. Fourth, the accused must know about the lack of authority.
Under Oregon law, "alteration" is easily shown. From Tom Tintera's summation:
"[ ... ] if you typed in your name, wouldn't that alter a computer? Sure, it would." [4]
So every time Ed Masi typed in the password that he'd shared with his secretary, he "altered" his computer. And unless he uses the computer in his sleep he does so knowingly. Policy 3.5 forbids it, so it's unauthorized. Finally, Mr. Masi points out he knows this, but does it anyway.
Additionally, Ed Masi's password was "pre$ident" [5] and this may well be in violation of the Intel policy mandating "good passwords". The depth of Mr. Masi's concern about his adherence to this policy will be seen shortly.
Randal's defense was NOT allowed to question his accusers to discover whether they had violated the same law they were prosecuting him under. Despite this, Masi is not the only witness to wind up admitting to all the elements of the same crime. Oregon "computer crime" cases are so trivial to make that witnesses questioned about other matters would incidentally supply complete cases against themselves. The cases were usually considerably better than the one against Randal, the actual defendant.
Randal's attorney asked Ed Masi whether he was subject to Intel's password policy as enforced by the system administrators. Masi received this idea with indifference:
"What the Systems Administrators do is not visible to me." [6]
The irony of flouting Intel's security policy while prosecuting Randal for harmless and benignly intended infractions of the same probably escaped Mr. Masi. Likely still does.
Note 1: Pages 472 to 473, of the L. C. Page & Co., 1932 edition. This book is also available on the Web.
Note 2: Tr. 7-14-95, page 13, line 24 to page 14, line 5.
Note 3: Tr. 7-25-95, page 34, line 24 to page 35, line 8.
Note 4: Tr. 7-25-95, page 18, lines 21 to 23.
Note 5: Actually, the password was only significant in the first 8 letters, so, strictly speaking, it is a conjecture that a final "t" is intended.
Note 6: Tr. 7-14-95, page 15, lines 24 to 25.
Index
Previous
Next