Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!usc!neuro.usc.edu!blackcat From: blackcat@neuro.usc.edu Newsgroups: alt.hackers Subject: Re: Computer Abuse / Product Liability / Criminal Statutes / ECPA Message-ID: <22406@usc.edu> Date: 19 Jan 90 19:24:23 GMT References: <22359@usc.edu> <4948@sugar.hackercorp.com> <9738@hoptoad.uucp> Sender: news@usc.edu Organization: University of Southern California, Los Angeles, CA Lines: 26 Approved: me In article <9738@hoptoad.uucp> gnu@hoptoad.uucp (John Gilmore) writes: >On the other hand, if Mr. Morris loses his freedom, a lot of security >problems will go unreported, since who wants to go to jail for telling >a stranger that his system is insecure? Best to just keep it to yourself >or tell your cracker friends. > BTW ... which employee or contractor is going to be prosecuted under the same statutes for introducing the software program that exploited a bug in the AT&T long distance switching system and fooled most switches into thinking all of their circuits were busy? This "worm/virus/germ" seems to have completely unintended effects. However, it did disrupt a very large communications network, denying service to millions of customers, and costing untold millions of dollars in direct and indirect damages. Certainly no one was "authorized" to cause this disruption. So, who is going to be prosecuted, fined, and put in jail for this software fiasco? Let's find another poor bugger who apparently had the technical knowledge to cause a potent software disruption is a network that is undeniably more vital to public health, business interests, and national security than the measly little problems caused by the INTERNET virus. bc p.s. You can read the GAO report on the INTERNET virus if you need a much more lengthly reason for calling this code a virus. Fundamentally, they decided on this nomenclature because it was already in most common use.