Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!elroy.jpl.nasa.gov!swrinde!mips!dimacs.rutgers.edu!rutgers!mcdchg!ddsw1!learn
From: learn@ddsw1.MCS.COM (William Vajk)
Newsgroups: comp.org.eff.talk
Subject: Re: I Accuse (the New Gestappo...)
Message-ID: <1991Jun27.025842.4333@ddsw1.MCS.COM>
Date: 27 Jun 91 02:58:42 GMT
References: <1991Jun16.171754.24492@athena.cs.uga.edu> <1991Jun18.023039.10671@ddsw1.MCS.COM> <1991Jun18.044042.8266@athena.cs.uga.edu>
Organization: Dares No Organization Like Dis Organization
Lines: 134


> I think _your_ problem is that you do not think computer break-ins are
> crimes at all. 

I don't feel any need to defend myself against your opinion. But I do think
this ties in quite nicely with a bit of your text I am relocating from
a spot somewhat earlier in your latest discourse:

> We are _not_ punishing this student for the (past or future) "misbehavior
> of others." He himself knew he was aiding a series of break-ins in
> progress. That is, he willingly endangered a computer that hundreds of
> people were relying on. 

I believe the concepts of 'criminality of a breakin' and 'endangered a 
computer' need to be addressed in one fell swoop to make any sense of all
this.

There's an inflamatory aspect which is part and parcel of the term
"endangered." When a human deing is endangered, (this is our built-in
response to the term, after all) we are willing to take whatever extraordinary 
measures necessary to improve the situation. But a computer is only a piece of 
hardware with software and files, a peculiar storehouse of value in terms of 
intellectual property. And we are not, after all, speaking of endangering the 
hardware, with some madman standing over the computer with an axe, prepared
to chop its guts out. 

What is at risk on a university computer is intellectual property. I cannot
believe that athena contains significant proprietary information. If I am
not mistaken, the perception is also that computers owned by universities
aren't generally considered to have the privacy expectations of user
owned equipment.

What is the real risk ? That it is all erased. This, then, brings to the
fore the maximum costs potentially associated with an unauthorized entry
by an unknown individual with pure malice at heart. The maximum cost is
a combination of three elements:

	1) The manhours required to reload the system from scratch.

	2) The loss of availability and productive time during the reload.

	3) The loss of files which represents the difference between the last
	   backup and the restoration of the system.

I am a system administrator of a very small Unix system. At its peak, my
little box served 175 active users. The December 1990 report issued by Brian 
Reed regarding "The influence of a site is a measure of how much news it
carries for other places." places my little box at 864 out of the top 1000
rated. I haven't looked since. I probably don't even make the list any more.

I mention this only to place my opinion in perspective. I've had to do the
reloads I mention. They're not particularly fun. They're time consuming. But
the cost isn't anywhere near the arm waving "endangered" genre we see used
for illustration.

Yes, people rely on the computer in question. They depend on the system
administrators to function in ways that will maximize the recovery of 
data entrusted to the machine. One cannot blindly assume that the machine
will perform flawlessly and the data will always be there, thus one makes
backups as necessary. This is a necessity for all machines, hackers or no.

What has truly been endangered ? A few manhours, and at worse one day of
work for each user. This represents an unnecessary nusiance, not much more.

But back to your interpretation that I don't believe break-ins are crimes.
What I believe doesn't lend any value to the discussion at hand. My thoughts
on this issue belong to me, and you can read my articles and draw your own
conclusions. I have never advocated break-ins. The fact that I seem to
see them differently from you, and some others on the net, doesn't imply
that I approve, nor have I stated whether I think it a crime or not. All
that matters is that at this time unauthorized access to computers is
codified and is thus, by definition, a crime. What I think those laws should
have to say on the subject is another issue perhaps worthy of a general
discussion by people interested, perhaps a separate thread is in order for
such discourse. Such discussions fall within the intent of the charter for
this newsgroup.

> What do you think we should do if we caught a student breaking and 
> entering the University Bookstore?  (This has actually happened.) 
> Give him a job in the bookstore?

You've asked a loaded question, and that's fine. It deserves the same
consideration as the question of the computer break-in, but we have far
fewer facts to work with. So it is hardly a parallel circumstance. There
are always circumstances which can make the student in this example the
worse of all possible individuals, or a folk hero, or a real hero. You
have simply loaded the question in catch 22 terms. Smacks of yellow
journalism.

I see on track students (typically aged 17 to 23) as having one foot
in the real world, one still in the tail end of childhood. I remember
some very mature 17 year olds, and some very immature "adults" of 23.

I see the world of academia as a place apart from the harshness of the
real world, a place where students are supposed to complete their transition
from juvenile to thinking adult. There are two schools of thought regarding
education, and I see little overlap or commonality between them. There is
a philosophy which mandates that a proper education permits the student
more choices. And then there's Dewey, whose philosophy deigns to make
'good citizens.' Both manifest themselves in the same basic set of rules.
Study hard, do all your assignments, EARN a good grade, the world is yours.

The differences lie both in the teachings and the administrative attitude.

That aside, I can address the business of the 'great bookstore caper' a
little better, given a severe shortage of facts. Any time we deal with a
'first offender' we are dealing with someone without a history of
bad behaviors. I believe it a reasonable assumption, based on centuries
of data available, that someone who behaves in such a manner as to come
to the attention of whatever disciplinary arm of the local society has
control over those who perform misdeeds will accept any punishment they
believe fair for the offense given. Actually, they will usually accept
punishment slightly more severe than they feel is fair, perhaps with mild
protest.

I believe the a student caught breaking into the bookstore should be asked
what they feel is a proper punishment. If you want to teach your students 
something, the university probably should devote the energies necessary
to make the student understand the misbehavior in the framework acceptable to
society, and then punish accordingly. We assume that the student is 'normal'
and not a sociopath who is lacking the conscience. And it is quite clear that
punishing an individual who has not accepted their criminality as fact will
probably be a repeater. One who has truly accepted responsibility, and the
punishment, is much more likely to be a model citizen in future.

What would I do in terms of punishing this 'bookstore bandit' ??

With a little work I would hope to have him set his own punishment, one
which satisfies everyone. Rubber stamp student judiciaries are generally 
far too harsh in their zeal to please the administration and to promulgate
their own apparent powers under generally adverse circumstances. This may
sound stupid to some readers, too bad. But I suggest you find a Mr. Chipps.

Bill Vajk