Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!tut.cis.ohio-state.edu!purdue!decwrl!hplabs!well!dave From: dave@well.UUCP (Dave Hughes) Newsgroups: comp.misc Subject: Re: Computer Virus Hearings Summary: Passwords are keys to closed premises Keywords: virus, goddard, congress, leahy Message-ID: <11813@well.UUCP> Date: 24 May 89 02:10:47 GMT References: <154@oldcolo.UUCP> <4246@ficc.uu.net> Distribution: usa Lines: 38 In article <4246@ficc.uu.net>, peter@ficc.uu.net (Peter da Silva) writes: > In article <154@oldcolo.UUCP>, dave@oldcolo.UUCP (Dave Hughes) writes: > > A system > > which permits uncontrolled access to its ports, or self-assigned > ^^^^^^^^^^^^^ > > passwords is not even covered under the Electronic Privacy Act. > ^^^^^^^^^ > > Nor need it be. Such computer systems are 'public' as far as > > privacy is concerned. Even if the system is privately owned. > > What possible relationship does this have to do with coverage under the > Electronic Privacy Act? Every UNIX system on the net permits users > to assign their own passwords. It is ludicrous to presume that the > existence of a "Password" command should have anything to do with the > public nature of a system. > > Either you're confusing passwords with accounts, or the EPA is grossly > misdesigned, or you're misinterpreting it. > -- Well, what I was trying to put into layman language was the fact that, according to the Electronic Privacy Act, the managers of systems have to prevent 'ready access' to their system for it to be considered a 'private' system. i.e. if one can just dial a numebr, get a modem connect, having never dialed it before, and get into the system without anybody's permission the system is not a closed system. One typical way is to have either no passwords required, or to permit the first time caller to assign himself an id and a password and then to have full access. Without a sysop individually approving his access (or giving him an 'account'). Which means that anyone can log on. Which then makes it public, not private. Thus not covered under the Electronic Privacy Act. There was a major debate over just what electronic forms could be covered under the act. Radio was a major debate. No matter what the 'intent' of the broadcaster, the broadcast was public unless is was scrambled in some way, so there was a physical effort to deny access without deliberate permission. Maybe you have some fancier words for all that - ones that Congressmen will understand who don't 'do modems'?