Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site watmath.UUCP
Path: utzoo!watmath!ljdickey
From: ljdickey@watmath.UUCP (Lee Dickey)
Newsgroups: net.misc,net.legal
Subject: Re: Password hacker gets probation (& other electronic crimes)
Message-ID: <7659@watmath.UUCP>
Date: Thu, 3-May-84 07:41:56 EDT
Article-I.D.: watmath.7659
Posted: Thu May  3 07:41:56 1984
Date-Received: Fri, 4-May-84 02:13:14 EDT
References: <90@tilt.UUCP>, <308@ihu1g.UUCP>
Organization: U of Waterloo, Ontario
Lines: 23

>1) Computer security may be a matter for the law, but in my opinion,
>   any organization that is too stupid, lazy, or cheap to implement
>   effective security measures deserves to get their passwords hacked.
>   If I had a computer system that had been broken into by a 21-year-old
>   amateur, I'd prosecute the sheisskopf who set it up for me, not the
>   guy that broke into the system.
I think that the real problem here is that society has not come to a definition
of what "reasonable, effective security measures" are.  If you consider the
analogy of a home, and the security measures that are taken to prevent entry
there, I think that you will agree that most homes are not "secure", but that
there is a line of modest defense (lock(s) on the door) that most consider
"reasonable".  Homeowners make a decision, consious or not, to bolster these
defenses with other measures, sometimes weighing the expense against the risk.
When someone is caught "breaking and entering", they get some punnishment,
dished out by society, because there is general agreement (a social contract)
that this is a naughty thing to do.

Society has to come to a consensus about how serious it is to "break and enter"
a computer system, and the owner of a system has to make a decision about how
much is to be spent on security.  
-- 
  Lee Dickey, University of Waterloo.  (ljdickey@watmath.UUCP)
 	... {allegra, decvax} !watmath!ljdickey