Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!sdd.hp.com!wuarchive!uunet!ogicse!ucsd!brian From: brian@ucsd.Edu (Brian Kantor) Newsgroups: comp.org.eff.talk Subject: Re: Should we let students run COPS to get each other's passwords? Message-ID: <35627@ucsd.Edu> Date: 13 Jun 91 16:42:08 GMT References: <1991Jun13.042534.16952@athena.cs.uga.edu> <50445@ut-emx.uucp> <1991Jun13.152800.28492@athena.cs.uga.edu> Organization: The Avant-Garde of the Now, Ltd. Lines: 40 mcovingt@athena.cs.uga.edu (Michael A. Covington) writes: >Honest people do not go around picking the locks on people's houses or >cars, not even "to test security." I see no reason why the ethics of >computers should be any different. Actually, some of the most honest people in the world DO just that - locksmiths. They do it for money. There are also amateur locksmiths who do it for the intellectual challenge. Many computer geeks consider computer system security barriers in exactly the same as an amateur locksmith considers a lock - it's a challenge to his intellect. Where the difference comes in is that most people learning to pick locks do it on locks that don't protect something - typically, the lock is mounted in a little piece of wood. They don't practice on bank vaults, the neighbor's front door, or in the car park. Computer security systems, rarely exist in isolation - they're usually attached to a computer that's got lots of other stuff on it. But in my experience, the people who want to pick their way through locks and computer security systems are insatiably curious - and once one of them is inside somewhere that has a lot of OTHER interesting stuff to examine, the temptation is overwhelming. I don't believe that any significant number of those people, students or not, who pick their way into a computer system are going to just leave without also looking around and prying into data stored there - data that is quite possibly personal and private. And I can't believe that some of them won't do some unintended damage in the process of getting in or looking around - they are, after all, learning, and one learns by making mistakes. So overall, I prefer to keep the uninvited out of my systems. I'd like to provide some place for people to play, but I haven't the time to do the kind of monitoring that's required to make such a system work. I wish I had an answer to this. I don't. If only we has some magic touchstone.... - Brian