Re: Intel v. Randal Schwartz: Why care?

• Subject: Re: Intel v. Randal Schwartz: Why care?
• From: adt@netcom.com (Anthony D. Tribelli)
• Date: Thu, 4 Jan 1996 20:20:18 GMT
• Followup-To: comp.org.eff.talk,comp.security.unix,comp.security.misc,misc.legal.computing,comp.sys.intel
• Newsgroups: comp.org.eff.talk, comp.security.unix, comp.security.misc, misc.legal.computing, comp.sys.intel
• Organization: NETCOM On-line Communication Services (408 261-4700 guest)
• References: <slrn4egrc2.974.jeffrey@jeffrey.vip.best.com>
• Sender: adt@netcom8.netcom.com
• Xref: nntp.teleport.com comp.org.eff.talk:68745 comp.security.unix:23441 comp.security.misc:24442 misc.legal.computing:18570 comp.sys.intel:70869

Jeffrey Kegler (jeffrey@algor2.algorists.com) wrote:
:  ... the minor nature of the charges, especially when contrasted with the
: penalties ...

Why are these crimes minor? Aren't they the sort of acts one might commit 
during industrial espionage (I'm not saying that this is what occurred in 
this case)?

: ... Randal, by his own admission, decrypted passwords ... 
: ... and the decrypted passwords never left Intel.

Except in Randal's memory. Is this any less dangerous than if they were 
in a file?

: ... The
: presumption of innocence, and simple common sense, would seem to argue
: that an employee or contractor is routinely presumed to have authorized
: access to a company's computers unless there are reasons to think
: otherwise ...

Presumed to have LIMITTED access in order to perform one's job. Randal
obviously exceeded his authorization. Are you arguing that an
employee/contractor should be allowed go anywhere they wish? 

: ...  The alternative in today's world is to generate a mountain
: of forms to authorize a day's work ...

Grossly exaggerated, approval would only be necessary to access areas 
outside of one's normal responsibilities and duties.

: ... He had been sysadmin of the computers whose
: passwords he was checking ... When he moved on to other duties ...

And he violated law not when he was sysadmin, but after he was relieved of
that responsibility. Furthermore, I believe he did not inform the new
sysadmin of what he was doing. Are you suggesting that a person should get
privelages for life once they become a sysadmin? 

: ... he suspected that
: password checking had lapsed again...

And the ethical thing to do would be to inform those responsible, not to
exploit the weakness himself since he had no right to do so.

: ... Of course, nobody
: at Intel ever told Randal not to check for weak passwords.

More importantly, did anyone at Intel tell him he should do so at the 
time he committed his crimes?

: ... it also shows that it was generally recognized at Intel that Randal
: was allowed to and did run gateways ...

Only when Intel authorities are aware of his actions, not whenever Randal
feels like it. 

: ... There was no evidence that
: Randal made any attempt to get Intel secrets ...

Aren't passwords a secret?

IMHO, Randal did some pretty serious things. The fact that he probably had
no malicious intent does not mean his crimes should be ignored. His intent
is something that is taken into consideration only at sentancing time. 
Weren't his sentences at the lighter end of the sentencing range?

Tony
-- 
------------------
Tony Tribelli
adtribelli@acm.org

• Re: Intel v. Randal Schwartz: Why care?
• From: "John K. Taber" <jktaber@onramp.net>

• Intel v. Randal Schwartz: Why care?
• From: jeffrey@algor2.algorists.com (Jeffrey Kegler)

• Prev: Re: Intel v. Randal Schwartz: Why care?
• Next: Re: Intel v. Randal Schwartz: Why care?
• Index: Mail Index
• Thread: Mail Thread Index