Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!elroy.jpl.nasa.gov!decwrl!mcnc!uvaarpa!murdoch!astsun7.astro.Virginia.EDU!gl8f
From: gl8f@astsun7.astro.Virginia.EDU (Greg Lindahl)
Newsgroups: comp.org.eff.talk
Subject: Re: Student suspended for distributing /etc/passwd
Message-ID: <1991Jun12.011740.20751@murdoch.acc.Virginia.EDU>
Date: 12 Jun 91 01:17:40 GMT
References: <31124@hydra.gatech.EDU> <1991Jun11.221521.14402@athena.cs.uga.edu>
Sender: usenet@murdoch.acc.Virginia.EDU
Organization: Department of Astronomy, University of Virginia
Lines: 18

In article <1991Jun11.221521.14402@athena.cs.uga.edu> mcovingt@athena.cs.uga.edu (Michael A. Covington) writes:

>>What if a student runs cops on /etc/passwd... would this
>>be considered intent to break into a system and could he thus
>>be suspended?
>
>Yes. Obtaining other users' passwords without proper authorization
>is forbidden. Even if you do it by using a standard software tool
>rather than by breaking into their desks.

One would hope this was sarcasm, or a complete mis-reading of the
question, but I'm afraid it probably isn't. Most laws consider such
things as "intent" -- if the student intends to use the information as
part of a research paper on security issues (e.g. "30% of the
passwords were found in the dictionary"), and discards the broken
passwords, then one could hardly claim that he had evil intent.  Many
of the laws relating to computer crime don't consider intent, but they
certainly should.