Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 (Denver Mods 4/2/84) 6/24/83; site drutx.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!mhuxl!ihnp4!drutx!nugent
From: nugent@drutx.UUCP (NugentCP)
Newsgroups: net.misc,net.legal
Subject: Re: Password hacker gets probation (& other electronic crimes)
Message-ID: <270@drutx.UUCP>
Date: Sat, 5-May-84 14:38:58 EDT
Article-I.D.: drutx.270
Posted: Sat May  5 14:38:58 1984
Date-Received: Sun, 6-May-84 01:31:59 EDT
References: <90@tilt.UUCP>, <308@ihu1g.UUCP> <822@ihuxw.UUCP>, <739@ihuxx.UUCP>, <1444@dartvax.UUCP>
Organization: AT&T Information Systems Laboratories, Denver
Lines: 20

***
>      ...But I think that the difficulty of breaking into the system
> should be considered.  It takes a lot of time, effort, and money
> to make a difficult system, and if some high school/college
> student breaks into it on a rainy Sunday afternoon, it shows
> one that the system can't have been that difficult and two (sic)
> that the company has to get someone to design another system.

     The argument here appears to be that the hacker deserves compen-
sation for the valuable service he has provided the company in 
exposing the security weakness.  Certainly this has been of benefit
to the company, as long as this is not the hacker who is the damage-
causing one the company is trying to keep out.  Shouldn't the one
who receives the benefit of this service be the one to provide the
compensation, if any is to be given?   But if the company is to provide 
the compensation, this implies the existence of an implied contract
between the company and *all* hackers.  I don't think this contract
exists, unless the legislature has recently imposed it upon all
companies with computer systems.