Slashdot Mirror
Oregon Supreme Court Declines To Hear Schwartz Case
merlyn writes "The Oregon Supreme Court declined to hear my case, leaving standing the unfavorable decision of the Oregon Appeals Court as the final authority on this eight-year-long case, well known to many
sysadmin and Perl hacker alike. Details at my fors-announce posting." If you're not sure what that means, you probably want to read at least this site which offers a straightforwardly partisan look at the complicated case of Intel vs. Schwartz as well as Schwartz's own page; it's a strange world where programmers and sysadmins can be convicted for seemingly innocent activities.
I'm sorry, but cracking is NOT an innocent activity. He should fess up for his actions and accept the punishment, end of story.
after this resolves, im going to assume that the press is going to start using "perl" as a buzzword synonomous with hacker, cracker, and the like. now, we all know microsoft would much rather have us use something other than perl to do our business, and this is the perfect chance for them to accomplish their next step in global takeover.
next, they're going to confuse the word perl with the oyster-rock pearl, and all fisheries will have to follow pearl-free sanctions on their oyster catches.
What exactly was he charged with doing? While I'm not familiar with the case I know that as an employee you are paid to perform certain services for your employer and to respect their property. The employer and the law draw the line in the sand and an employee should keep any experimentation not having to do with work onto their home network. I would personally get written permission before doing anything that can be construed as illegal or suspect on my employer's network.
"seemingly" innocent activities are just that. They are not innocent activities. The case stands.
I have to confess that I am not too familiar with this case. The links in the story weren't too helpful either.
/. in jail? :)
Apparently he messed around with some Intel servers? Was he employed by them at the time?
Can anyone give me a quick summary, someone who is more familiar with the case?
Also, is Schwartz in jail now? You get
I've had enough abrasive sigs. Kittens are cute and fuzzy.
Yahoo is now as bad as the NYT?
Those behind Junkbuster proxies apparently can't see the URL!
"Your browser is not accepting our cookies. To view this page, please set your browser preferences to accept cookies"
Can anyone post the content of the site for the rest of us please?
Man, this sucks!
He didn't break into anything.
He ran a brute force crack against some password files that he *did* have legit access to, if I remember correctly. That's ALL he did.
...cracking passwords an innocent activity?
You know... most everyone I know who has followed the case seems to agree that the only reason you got in trouble to begin with was because of your inability (some call it emotional ignorance) to communicate properly with the admins within Intel.
Still, all in all, I believe you've managed to do well for yourself. Written a couple of books, entrenched in the perl community, regular magazine article contributer, etc. You should feel lucky that you did not do any time in "pound you in the ass" Club Fed. You *should not* feel that somehow it's your god given right to have this little blight on your history removed (and to be honest, do you know *anyone* of any note or repute that doesn't have a bit of netorious past?).
So, just get over it, continue to pay off your legal bills (and that's really that this appeal is about, right?) and get on with your life.
I know exactly how he feels this is currently happening to me. One of the charges was dropped in the prelimary hearing. The owner of the server learned the hard way that permissions/Logon banners/Policies are critical if you want to prove that the person did not have permission. I read his case thoroughly when I was first charged and found some items that were the same.
Certainly the law is far too broad, but this is merely a side effect of the drafters not having any idea how it might be applied. I wouldn't go so far as to say the drafters had no technical knowlege (because I have no idea if they did) but certainly they had only a vague idea of what specific crimes that cover within the legislation.
That said, Randall should have been more careful and Intel should Intel should have acted more wisely. Certainly a contractor messing with a client's password file without security consulting requiring 'complete network access and authority to alter' should have such things explicitly spelled out in his contract. It is truly disappointing though, to see that the appeals court will have the final say in this matter.
--CTH
--Got Lists? | Top 95 Star Wars Line
Randall Schwartz was doing some shit that Intel didn't like. It also happened to be illegal. Intel asked him to stop. They asked him nicely. He didn't, and Intel had him prosecuted. Randall Schwartz made his own bed.
Flame on.
The middle mind speaks!
Some background from the other side: an affidavit from one of the Intel folks is here:
e lrep.txt
http://www.lightlink.com/spacenka/fors/police/int
Basically, he cracked more than one companies passwd file without permission...one of them was a company he'd been dismissed from earlier (he was still logging into their machines and was cracking their passwd file,too).
Personally, I'm not at all surprised that they threw the book at him.
I'm not posting this as an AC b/c this is _my_ opinon, so don't read further if you feel you may be offended by grammar, content, and spelling...
I think America isn't any better than China as far as my profession of programming is concerned. Sure we have a few more civil liberities, but the way lawy enforcement works here still stamps out any dissant agianst the 'masters in the house'.
The government is just a lacky for corporations these days, as the Adobe, intel, and other cirus shows. DMCA, anti-terror, and other acts are just smoke screen for control of the populis.
How much longer can America keep going? America only has a military and an economy going for it -- and one of those is faultering. I can't believe the government recommending "go out and buy" to "save the economy". Capitialism isn't a one sided equation -- companies should suffer for poor investments and managment. ( The Enron's, S & L's, etc )
I'm planning on moving to a nation that's 'worse' in many eyes already. I know their aren't any utopias, but hell if I'm not going to look for options. They want to take away my guns, computers, and now my 'inalienable rights'.
It makes me sick to think about it all. I have black hair so I should get hassled. I have knowelge so I should be arrested. I have a dissanting opinon maybe I'll be hung.
Ok, so in Oregon it is a crime to "unlawfully, knowingly and without authorization alter a computer and computer network." The obvious solution here (for people working on computer networks in Oregon) is to obtain written permission from the appropriate authorities before altering a computer and/or computer network. Print up forms with the full text of the appropriate laws and give them to the appropriate people. Whenever you need to do anything, request permission in writing. If they complain, have them provide authorization in writing for performing specific common tasks at the discretion of the individual, but keep requiring written authorization for anything else. If the law really is as broad as it is being described, there is too great a risk of prosecution to do otherwise, especially if you deal with security testing. Either get permission or don't do it - there's no sense putting yourself at risk to do something that the network's owner probably won't care about anyway.
It seems that this guy stole some PERL scripts and password files using a hole in IIS using FrontPage from some news website. Here is a link I found while going through the not very helpful links in this thread.
I hope people don't confuse the security flaws in IIS with code theft. Code theft is "stealing" regardless of how you got to it.
Also IIRC it seemed like Intel management wanted to handle it differently than Intel Security which called up the Sheriffs office, I think, to have Randal arrested.
IMHO he only used really bad judgement and is obviously not a cracker bent on maliciousness.
I think it's too bad that the courts came down as hard as they did on him. At least he's not still in prison.
"sweet dreams are made of this..."
Companies like Intel who pursue such ill-advised prosecution should not be financially rewarded for their misbehaviour.
Buy AMD instead of Intel. Tell everyone you know to buy AMD instead of Intel. If you are in a position to influence purchasing decisions, make sure it is AMD.
The only message these companies are going to understand is one that hits them in the pocketbook.
BTW, the same goes for Adobe.
Sounds like a bad legal decision and it reflects poorly on Intel. But one thing to keep in mind: workplaces are all about politics. People who play their cards right seem to be able to get away with murder. People who hack and don't shmooze, on the other hand, are very vulnerable. If you are of the latter persuasion, do things completely by the book and get permission for anything even remotely out of the ordinary in writing.
first you say "I know nothing about this case"
then you say "But he should shut up and accept his punishment, 'cause he's a criminal."
What a bunch of idiots.
Comment removed based on user account deletion
He sure does sound guilty. I went to the site listed and I saw a bunch of references to Kahuna and a 3 stooges picture, but no real expalnation of why he's not guilty. That site says "yeah he stole passwords but they never left the building" and that " he put a program on Intel's machines they didn't like" sounds like guilty to me.
Use PowerPC processors with Windows NT 3.51/4, Mac OS, AIX, or Linux instead. Unless you have issues with Motorola.
"Evil will always triumph because good is dumb." -- Dark Helmet
Oregon Supreme Court declined to hear my case, leaving standing the unfavorable decision of the Oregon Appeals Court as the final authority
I'm sure merlyn/Mr. Schwartz has allready discussed this with his council, but of course the supreme court can take the case and over-rule the state court, the plaintive cries of certain states rights activitists notwithstanding. That's not going to happen, which basically means we need a political solution.
Individuals in Oregon can contact their governor individually, although such petitions are, unfortunately, unlikely to work.
Some form of organised lobbying - from an oregon based trade organisation of engineers or programmers, mayhap? (I'm a biologist) - might successfully generate a pardon, or at least get the law struck from the books. Certainly, I think it's a legitimate avenue for such an association to act, since the oregon computer crime law (which I can't find under that title but which is somewhere here) obviously opens its membership up to wanton and unjustified prosecution.
Although Intel is likely to announce that it's a criminal trial and Intel cannot drop charges, we could bring pressure to bear on Intel. I only buy AMDs anyway, but a threatened slashdot-sponsored boycott, if everyone on slashdot is as convinced of his fundamental innocence as I am, might scare them a little.
More than likely the poor slob is screwed.
The good and new comes from no quarter where it is looked for, and is always something different from what is expected.
When I first heard about the case I thought it was a travesty of justice. However I have come to think this feeling was because I liked his writings and felt a certain empathy for Randall.
I have wondered about how I would feel about probing security weaknesses at a company where I was a contractor, on by own iniative and where this kind of thing wasn't in my remit.
I find it hard to understand that one could consider it professional behaviour and find it hard to believe that one could act in this way without thinking that the there was a significant risk that some very bad things could come out of it.
I am not saying that I like the way he was treated, but as my mother says - if you play with matches, you could end up being charged with arson.
<-- You are here.
to do!
He wasn't asked by Intel to crack the file.
Ergo, Unauthorized.
Ergo, guilty.
Ergo, do the time like a man.
Unless specificly authorized in his capacity as a consultant he never should have touched the password file.
As a consultant you may be in the situation, on a daily basis, that you have access to information which is not yours to do anything with. Thats the nature of the beast, don't screw with it.
As a consultant I have access to data on the customers of my clients. That data is confidential. Unless specificly using the data for testing I have zero right to that data. Even if it is in the database I have access to, and available to me based on my access privledges.
Having access to data doesn't mean you have the right to that data.
I'm sorry, but at first blush what he was doing would not seem inocent to anyone. He was cracking passwords, and sent out some VPs password to other people. He was also not a fully employee and didn't authorization to do what he was doing.
He may not have meant any harm by what he did. And when you look closer you can see that. But what he did does not seem innocent in any sense of the word.
Yeh, now mod me flamebait like that first post AC. God forbid we should go against the Editors
(btw, sorry this post hasn't been spellchecked. I'm away from home and my spellchecker)
autopr0n is like, down and stuff.
The hyperlink in the story to the overview of the Schwartz case is responding, "User over daily limit".
Use the mirror here.
Intel v. Schwartz
Intel's Prosecution of Randal Schwartz
Cybersalem|
 Press|
 What can you do?|
 
Kevin Mitnick on Hacking
Note:
The Open Letter to Intel closed to new signatures
on October 4, 1999.
Thanks to all who have signed!
Geek Kahuna Goes Bad?
It began prosaicly enough.
Randal Schwartz, who I knew from Usenet and his
very successful books on the Perl language,
was on business in Silicon Valley and agreed to meet me at
Frankie, Johnnie & Luigi Too,
an Italian restaurant in
Mountain View CA, to offer me advice for a program I was
writing.
It might seem surprising
that Randal would agree to take time
from a hectic schedule two weeks before going on trial to give
what amounted to free consulting to a stranger.
However, those who
have been interested in the Perl language for a while
know that Randal
is a legend for his generosity.
Actually, I didn't know Randal was going on trial in two weeks.
I had heard rumors that he had some sort of legal difficulties
(a civil suit I assumed) which involved Intel.
I'd known many people with matters before the
courts, some close personal friends,
and few liked to discuss them.
Therefore it was not until
Randal had fielded my Perl questions, the talk
turned to minor chit chat and Randal unexpectedly proved
willing to discuss the matter that
I discovered the person I was drinking beer with
was looking at fifteen years in a few days, and, if convicted,
would have the biggest legitimate reputation by far of
any computer criminal.
I didn't necessarily credit the story he told me -- every
accused felon tells you it was all a misunderstanding, and
they are almost always just plain guilty.
Neither, I must confess, do I have unquestioning faith in
all the conclusions D.A.'s draw.
Days later, an Oregon Jury convicted Randal of
three felonies.
Randal Schwartz was, in the eyes of the law, a
Geek Kahuna Gone Bad,
the first.
Especially eerie about the Schwartz matter
was the silence surrounding it.
This clearly was a very significant case, far more so than
some which have drawn a lot of attention.
Randal Schwartz was either
the most dangerous computer criminal ever,
or something was terribly amiss, I had to know which.
That night I put the project I had discussed with Randal
on a shelf, where it remains.
"Feel free to stop dancing around the issue
any time you like and
tell me what this is all about."
On July 25, 1995, a Washington County jury in Hillsboro, Oregon
convicted Randal Schwartz of three felony counts:
Count 1: Randal did
between November 1, 1992 and November 1, 1993,
"unlawfully, knowingly and without authorization alter a computer and
computer network consisting of Intel computers Mink and Brillig".
Count 2:
Randal did between August 1, 1993 and November 1, 1993,
"unlawfully, and knowingly access and use a computer
and computer network for the purpose of committing theft of the Intel SSD's
password file".
Count 3: Randal did,
between October 21, 1993 and October 25, 1993,
"unlawfully, knowingly
access and use a computer and computer system for the purpose of committing
theft of the Intel SSD individual user's passwords."
"Look, son, Randal may be a what you call a Geek Kahuna,
but the law is the same for him as everyone else."
Actually, Randal was not tried under the usual criminal
laws, but Oregon's Computer Crime law.
Uses of this law are rare.
I can discover only two convictions under it since 1991,
and in one there was no trial.
The purpose for a separate Computer Crime Law
was to avoid having bad guys escape on technicalities,
something its drafters felt that
even an extensive revision of traditional criminal law would allow.
This they accomplished by making it a felony
to knowingly do anything
"unauthorized" on a computer.
Unusually for a law with severe penalties,
there is no requirement to show the defendant caused or intended
any harm.
All that is necessary is to show
that the proper authority did
not like whatever was done.
The first count is that, pure and simple --
Randal putting a
program on an Intel computer which Intel did not like.
The "stolen" property of the second and third counts
was never removed from Intel's premises, Intel was never
deprived of any of the economic benefit of the
property, and no evidence was presented
Randal intended to do either of these things.
These "thefts" consist entirely, again, of doing things
which Intel decided afterwards
it did not like and which it claims that Randal
was not allowed to do -- this time with
password files involved.
Criminal laws with wide applicability and severe
penalties are a feature of totalitarian states, and
may be a necessary evil in free ones.
In Randal's case, where he was trying to be helpful
and caused no harm,
the potential evil in applying such a law
is far more apparent than its necessity.
At the least,
a free society asks that a serious crime
genuinely reflect one of its serious concerns,
and not simply be a tool the powerful can use
against the powerless whom they find obnoxious.
A good test of this can be made when a powerful
individual breaks the law.
But for computer crime, which is complex and
technical, such tests are
available only as a matter of luck, since
the powerful decide who gets investigated.
However, we have such a stroke of luck in this case.
An Intel VP confessed on the stand to a more serious
infraction of Oregon's computer crime law.
And the Washington County D.A.'s office,
which so eagerly talked tough when facing the
powerless Randal,
has observed a demure silence on this topic.
The defects in the law should easily have
been enough to prevent
this case ever coming to trial, and made discussion of the rest
of this matter moot.
But at each step of the way, as one person or another faced
the prospect of telling Intel "no", they chose instead to
praise the Emperor's fine new suit.
Some Highlights from the Ongoing Farce
No evidence that Intel disapproved of Randal's behavior
exists, except as remembered after the decision
was made to prosecute him.
Not so much as a hand-written note indicates anyone had a
problem with Randal beforehand.
Lest those testifying for the prosecution,
all of whom had financial interests in the good will of Intel,
forget Intel's concern in this matter,
an Intel Security person sitting at table next to the prosecutor
served as a convenient reminder.
Intel was heavy-handed in making its presence felt throughout.
The police prepared the search warrant at Intel premises,
three Intel employees helped search Randal's house,
and one helped police interrogate Randal.
This interrogation produced the prosecution's "best" evidence:
police statements that put the words of a full confession
in Randal's mouth.
Indeed they claim Randal confessed to a history of hacking
everyone he had done business with.
(All these other "victims" provided witnesses for the defense,
and Randal was charged with none of this activity.)
The police claim to have memorized Randal's highly technical
statements with the aid of a few "cryptic" notes,
and reproduced them accurately later at the station.
It is hard to overstate what an incredible
feat of memory this is.
Det. Lilley, who produced the more complete statement,
didn't know what the word "directory" means in computer lingo.
Mere mortals with similar backgrounds would have found it
impossible to follow the discussion,
much less memorize it verbatim.
In other contexts, Intel had previously
authorized Randal to commit both the acts
allegedly unauthorized in this instance:
cracking passwords and building a gateway to the Internet.
Randal was well aware of the steps a computer criminal usually takes
to avoid detection of his activities and took none of them.
As I go through the records in this matter, more and more
startling and troubling material continues to come out.
It is as if this case was an entry in a contest to see
how much misbehavior could be squeezed into a case where nobody
was shot or beaten.
I document my progress into this shambles in the
Letters from Cybersalem.
The Letters From Cybersalem
CS0: Announcement.
Obviously, the letter which announced the series.
CS1: Disclosures and Disclaimers.
My connections
to Intel and Randal, and various other things which need to
be said. Nothing stunning IMHO, but you have a right to know and
to judge that for yourself.
CS2: Wizard Prosecutions: Then and Now.
A comparison of the quality of
the prosecution in the Salem, Massachusetts of 1692 and
the Hillsboro, Oregon of 1995.
Witchcraft prosecutions have declined sadly in the last
300 years.
CS3: The Unindicted: Ed Masi.
It is so easy to make a case for the crime of which
Randal was convicted,
an Intel VP testifying against Randal made a
full confession under oath on the stand.
It's all here.
CS4: Shocked, Shocked.
Randal's "crime" caused no harm, which is perplexing
since harm is basic to both the legal theory and lay
intuition of what "crime" means.
The policy infraction to which Ed Masi confessed
is shown to have quite likely caused real and serious harm to Intel.
CS5: Leadfinger.
This imbecility is not without its literary appeal.
A nicely Kafkaesque touch is added by the reluctance of the
Intel nabob who ordered Randal nailed to identify himself.
Of course, nobody forced him to come forward.
CS6: Unlearn Perl in 41 days!
Rich Cower of Intel security, adds to the list of
remarkable intellectual feats performed on behalf of the
prosecution. On June 13, 1995, he answers most questions about
Randal's Perl scripts with assurance, but passes on others
until he can look at the code.
41 days later he testifies under oath he does not know Perl.
CS7: The Essential Cower.
As Network Security Expert at Intel,
Cower played quite a role in the case.
He was present at the search,
participated in Randal's interrogation,
was an expert witness and
as State's Expert sat next to the prosecutor
for the whole trial.
CS8: What Does Familiar Mean?
However, this Intel "expert", when shown the seminal
work in modern network security, Cheswick and Bellovin,
does not recognize the cover.
CS9: Shortcut to Expertise.
An examination of Cower's background and qualifications,
as revealed in his testimony.
CS10: Too Stupid for Their Own Good?
Randal's local paper was
The Oregonian,
already notorious for ignoring the Packwood scandal.
It heaped abuse on Randal and the whole
"computer programming subculture"
during the trial.
I recommend anyone planning to work as a programmer
in Oregon read this one.
CS11: Oregon Employees have No First Amendment Rights
Unbelievable?
That is Judge Nachtigal's ruling.
Read it.
CS12:
Oops! There Goes Another Personal Right
Judge Nachtigal also discovered that the law
allowed "silly" (her word) prosecutions,
which in the D.A.'s words
show his "office must have an awful lot of time on their hands".
These are forbidden by the due process protections of the
14th Amendment,
but Nachtigal finds that
"we may want that authority there with computers",
and the charges against Randal stand.
CS13: The Confidence of the Public
This one is entirely uncommented quotes.
Here are some snippets.
The prosecutor: "I don't represent Intel."
The judge: "Not yet."
The detective: "We could probably use two or three more people".
The Associated Press:
"Intel Corp. is handing the local police $100,000 to have two
detectives concentrate their computer theft efforts
at the company."
CS14: Moore's Lawlessness
It would be surprising if Intel's heavy-handed contempt for the law
were unique to this case.
As Tim Jackson's new book shows, it is not.
An Open Letter to Intel
We wish to express our strong objection to the prosecution of
Randal Schwartz and Intel's role in it. We believe it necessary
that Intel repudiate the criminal charges made against Randal in
Oregon v. Schwartz, refund any "restitution" paid based on those
charges and offset the costs of Randal's defense against them.
This is the minimum that fairness requires since what happened
was at worst a policy breach and since Randal also suffered loss
of income, loss of reputation and a good deal of anguish.
The full list of signers
The current signature count, with subtotals by country
Signers whose names you might recognize
Comments made by the Signers
The Open Letter closed to new signatures on October 4,
1999. Thanks to all the over 2000 signers!
Links
To get an auto-reply giving Randal's own statement, and
discussing how you can contribute to his Legal Defense Fund, send
an empty message to
Randal's Defense Fund mail daemon
.
Steve Pacenka maintains
the Friends of Randal Schwartz website
,
which is dedicated to archiving all relevant materials from
all sides of this issue.
There is also
Randal's award-winning website
.
How come he gets an award and I don't?
You can subscribe to
the fors-discuss mailing list,
by sending a empty message to
join-fors-discuss@telelists.com.
There is also
fors-announce,
a moderated announcement list for Randal's case.
This can be subscribed to by
sending a empty message to join-fors-announce@telelists.com.
Press Coverage
I want to thank this site's host ISP
A2I (rahul.net).
for its steadfastness and generosity.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
And this one: http://www.google.com/search?q=cache%3Awww.stonehe nge.com%2Fmerlyn%2F
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
One of my good friends here in Phoenix worked for them for several years in a contract programmer deal. A neighbor of his was a high ranking executive at Intel also. The guy [the neighbor] was an avid golfer and developed a friendship with another golfer and they would hit the greens frequently together, even sharing a frothy beverage after a round. A few months later, this executive is dismissed, arrested and tossed into the pokey for disclosure violations. It turns out that the his alleged golf "buddy" was a Intel paid spy - and that he mentioned in casual conversations results of some chip tests (at least according to my friend's neighbor's story ...) - and that was the nail that did him in. I forget the exact bail but it was a serious deal.
Of course, one can retort that this blurb is entirely anecodotal and without hard empirical evidence. Nevertheless, others who have worked for Intel are full of interesting anecdotes themselves, albeit not as serious as the story in the previous paragraph.
AZspot
Since this is Christmas...
If you take the Jesus and the Apostle Paul seriously, then "there is no one who does good, no not one" [Rom 3:12]. So a Diety who focuses on smiting the bad peope would be a quick cure for overpopulation. Which is why, "God did not send His Son into the world to judge the world, but that the world might be saved through Him."
is on Schwartz's own site. He is very objective about the situation, but justifiably mystified by the seriousness of the charges. Three felony counts? C'mon.
If this had been anything but a password cracker I doubt Intel would have gotten it's panties in a bunch. I've worked for some of these big companies and when I felt the need or inclination to do anything that could compromise the security of the organization I've talked to the sysadmin.
I've never had one say no. I've been told to please close it when you're done, report back, etc. you know reasonable stuff.
It's not as if he installed IE where he might not have known he was opening a hole. He knew it.
I think a slap on the wrist, 60 hours of community service say would have been enough to have him think, 'darn I did something stupid' and of course it should be a misdemenor (it was right?), he didn't hit anyone over the head no need to take away his voting rights.
you get punished
For years now we have been reading comments about What Randal Should Have Done.
It's easy to be critical from a distance. But before you're too smug in your assessment, walk a mile in his shoes, or in today's terms, sit for an hour at Randal's shell prompt. Many of us do every single day.
Randal was doing pretty much what many sysadmins do as an ordinary matter of course: secure and protect the systems they are responsible for. It's the job they're hired for, you know?
I've always felt that this amounted to a personality clash that spun out of control, bruised the ego of an Intel senior PHB, and then completely escaped from reality when it was referred as a criminal matter to the local gendarmerie.
Unless you live in or next to Washington County, Oregon, as I do, it may be hard to understand the pressure that develops when the local cops get a call from the largest employer in your area and the most powerful company in the state.
I remind everyone here that Randal was an Intel contractor with a one-line contract that basically ended up being interpreted in a completely arbitrary way.
Randal would be the first to say he did some things that weren't wise, but there was never any intent of illegality or damage to his client, the mighty Intel Corporation.
Intel has rightly gotten a big old black eye over this entire episode, at least among those who bother to learn the details, and at least as far as I know has not repeated this stupidity.
Randal has managed to keep going, dealing with an onerous legal case, the threat of jail, an extraordinarily out of whack fine, and daunting legal costs.
The Oregon law that all this hooked on is widely regarded as badly written and prone to misuse (I've written some Oregon law in my time, not in this particular area, and it's easy to see how this happens in the legislative process).
The gross sense of disproportion is the lesson I have learned from this sorry episode. It is sobering for any of us who take on sysadmin duties under any circumstances. As security becomes an ever more complex and consequential issue, that is a lesson everyone should take seriously. Just because you are doing the best you can, all of us have our flaws. What protection do you have if someone decides to settle a grudge with you and have the full weight of an ill-defined law and an immensely powerful legal apparatus thrown on you?
Good luck to Randal. He handled this with a lot more diplomacy and good cheer than many of us would probably have mustered.
--------
Bill Gates Is My Evil Twin.
If anyone gets anything out of reading the accounts, from both sides, it's make sure your employer knows what you are doing and approves of it. Some are very cool about innovating and others, like Intel, punish the talented while the stupid and greedy prosper (for any of you who'd like to know why /. has such a pro AMD bent, this is a good place to start understanding.)
@ Intel it's "CYA" or "See Ya Later"
A feeling of having made the same mistake before: Deja Foobar
Randal is totally innocent.
If I found out that someone who was not a sysadmin or security analyst was running a password cracker on my systems, I'd be very pleased.
Lets face it, it's a pain in the ass to setup passwords crackers, and if a "White Hat" Hacker decides to break into my mailserver, he's really doing me a service.
As an example of similar activity, just the other day I found a man trying to unlock my mailbox with a screwdriver by prying the door off. I was actually comforted by the gesture, since I can now send a bug report to the post office and request that they install a stronger door.
Conformity is the jailer of freedom and enemy of growth. -JFK
I was looking forward to meeting Randal at the "Learning Perl" class in portland, but he was sick. Thou a nice guy named Tad McClellan tought the class. We talked about Randal for a few minutes. Randal just used bad judgement, but there was never criminal intent.
I really hate how the laws are using this non-violent, non-profit hacking as a crime. He should of been fired for breaking company policy, but a crime? He didnt steal anything, a password file was used on a company computer to run crack, he was planing to use it for the good of the company.
I wish I owned a large enough company like microsoft or oracle, I could use my business and political weight to bring attention to matters like this. If Bill Gates announce he was moving all his companies from Oregon because of the way they treat thier citizens, maybe Randal would get a pardon. Look how Adobe called the FBI and they acted, the government supports the larger companies.
Is it me, or is the laws and poltical dealings of of our Goverment piss you off? If it wasnt for 911 goverment reform would be taking place. But now its Terrorist threats and cyber laws.
I better watch what I say, freedom of speech seems to be a passing fad.
Crackers are bad enough. Password stealing crackers who put INLINE SOUND on thier webpages should be shot.
-- I Am Not A Terrorist.
Could you imagine a Beowulf Cluster of Oregon Supreme Courts?
Convicts people for innocent activities even faster than before...
I'm torn. On one hand, his books have helped me out quite a bit.
On the other hand, as a professional, erm, one would think he'd have known enough to clear this with higher ups.
From what I understand from reading random blurbs on his page, and random, "Free Schwartz!"esque sites, he brute forced some password files to try and prove to management that they should renew a contract on him.
Words of the wise to techies: Corporations don't fsck around when it comes to security. And you are not expendable - you are nothing to management.
Cover your own arse, or have it handed to you. Sad, but that's the way it works.
This guy had a sense of entitlement that was a little bit dangerous, I think. Suppose he is never caught running crack. Suppose his contract isn't renewed, and he feels bitter at having been past over. He just might then want to act on his knowledge of those passwords to do something malicious as an act of revenge.
That's not the kind of employee you would want working for you.
fuck you, it isn't christ-mas for me.
I recently read an article in The Oregonian (newspaper) that said politicians are seriously looking at Oregon's court system; they've made some rather unpopular rulings lately. As I recall the issue the article discussed was regarding a ballot measure that voters passed, but the state Supreme Court ruled unconstitutional, because in the eyes of the court, the ballot measure combined two seperate issues on the same measure, which is illegal (as it should be, IMHO), but the two issues really didn't look like they were unrelated at all.
Sorry I don't remember the details, but anyway, don't think everyone in Oregon agrees with the courts on this sort of thing.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Ok, the guy did something wrong. The only thing I want to know is how Intel feels it deserves 72k in restitution?
Of course, just after I hit Submit, I found the link to the article:
Rulings may put Oregon courts on trial next year
The article is dated 11/26/01 and the only keep one month available for free online, so that link may expire soon.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Then change the channel
http://web.archive.org/web/20011024075944/http://w ww.rahul.net/jeffrey/ovs/
-- Ender, Duke_of_URL
Maybe what this guy did was wrong...He did break into Intel's system, and that is naturally a great worry to Intel.
But to slap a felony on him is obserd. He didn't hurt anyone...felonies should be reserved for serious violent crimes, like bank robbery, assault, rape, murder, etc.
This should be on par with a traffic infraction, like speeding. In fact, it should carry a less severe penalty than speeding -- him breaking into a system poses no physical threat to anyone, unlike speeding, which can endanger people's lives.
social sciences can never use experience to verify their statemen
Hear hear. I've been in this position and I always have asked, too.
...
Not because I live in the state of Oregon but because it is the right thing to do (and my knowledge of right and wrong far predate the law in question).
I think the major problem with Randal was that Intel had no idea of what he was actually doing, found out, freaked out. Freaki
ng out was a reasonable response.
The fact that the freaking out resulted in a criminal charge and conviction is unfortunate. Washington County (where Intel's Oregon facilities are located) is far, far more conservative than Multnomah County (where Portland, OR is mostly located). In Multnomah County some sort of non-criminal solution would've been the result, most likely.
The Appeals Court and Supreme Court, though, don't rule on whether or not the conviction is "reasonable" but whether or not the conviction meets the test of law.
That's not unreasonable, that's how judicial review is meant to work. The law as written is unreasonable, but not unconstitutional and therefore no constitutional grounds for overturning the conviction exist. There's no doubt about the evidence, so there's no evidenciary grounds for overturning the conviction.
So
1. Randal sinned in a relatively minor way, but sinned nonetheless.
2. Intel and a hard-assed Washington County prosecutor decided to go after him in a major way (makes you wonder about past interactions, doesn't it? I would think that a single well-placed manager could've derailed this train if she'd thought Randal deserved grace).
3. The law doesn't violate the Oregon or Federal Constitution (nor your state's, most likely). Therefore the Court of Appeals and Supreme Court, whatever their private view of the overreaction resulting in his conviction, have no basis for overturning it. (of course, they may actually want him to burn at the stake, but we don't know that, the Oregon Supreme Court is actually fairly liberal).
OK, going someplace you don't belong is not a minor infraction it is trespassing. I've heard many people say...well he didn't hurt anyone....that is not the point.
Would you like any stranger walking into your house, sitting on you couch watching TV and eating potato chips? The intruder isn't hurting anyone right????
We don't need any new cyber-space, techno laws for this type of activity, we have ample existing legislation...it's called trespasing and property law. You shouldn't go someplace that isn't yours or you aren't authorized to use.....period.
-ted
Comment removed based on user account deletion
...in the immortal words of Nell Carter.
So let me get this straight. This guy's a contractor at Intel. Which means he's probably contracted for other tech companies before, and will do the same after his stint at Chipzilla. Then he's caught cracking security left and right.
How was Intel to know this guy wasn't going to walk off the job and drop this information off at his next job, or sell it to the highest bidder? Like it or not a company the size of Intel has billions of dollars in IP that it must take steps to protect.
This turkey got off easy!
If you think about it, most companies would handle this sort of thing quietly, because the negative PR and legal fees is not worth it for them just to get rid of a consultant. Given the small area, they could have easily got him blacklisted in a nice and silent manner. No muss, no fuss.
So, why did they send all of the legal guns after him? Good question, but he must have _really_ pissed someone off.
Serves ya right for stealing computer time.
Perl + Theft is still a crime.
Open source + Theft is still a crime.
He could have been reading pre$idents email,
and finding specs/schematics on soon to
be released CPU's. Think of the damage he could
have caused. He might have wanted to benefit financially, or damage their networks and data.
Or maybe release proprietary info on anonymous
bulletin boards as revenge for any perceived
mistreatment. I think that clearly his intentions
were good. But there was an extreme risk to intel.
It's somewhat like taking a handgun to the
airport in the name of testing security.
I'm looking for a bolt hole too, I want out of this sinking ship. But I'd like to go somewhere nice.
India American ex-pat areas sound nice.
New Zealand also sounds nice.
What's Japan got that you like so much?
-- Ender, Duke_of_URL
Eight years later and Randall's still trying to get the blot off of his record and get his money back. (Thank goodness the highly rated comment that said noone would hire him is completely misinformed!)
Yet, the Intel VP who picked 'pre$ident' for his password and shared it with his secretary, thus compromising secure information, in violation of company policy ("knowingly and without authorization," as the Oregon law says) is not in court at all. Same law. Same crime.
"Oh, but that law's not too vague. It's only intended to be used against bad people, and the judges will make sure of that."
Secession is the right of all sentient beings.
for this guy, I really don't feel sorry for him.
Crack a password on a computer that does not belong to you, or you do not have permission to crack, then you pay the price.
Couldn't happen to a nicer guy.
Nothing like this ever happens in a vacuum, but it's not like you'll ever hear the actual story from R.S., much less Intel or Jethro and Jed in the Washinton County Courts.
Hope you enjoy picking up roadside garbage in one of those really nifty orange vests, merlyn. I'll always think of you when I see the chain gangs cutting down blackberry bushes on The Sunset.
This is like taking a gun to the airport, to
make sure that security is working well. If it's not your job to test the security, and you go about testing it, then you will have a lot of unpleasantness to deal with when you are caught.
Sure, you're intentions are good, but that is not
enough to justify your actions.
A couple of years ago in newsgroups such as comp.sys.amiga.games and alt.emulators.uae we used to get frequent requests for ADFs (the Amiga equivalent of console 'ROMs') of old Amiga games. While some people (including myself) saw no harm in effectively 'pirating' a ten-year-old game which is no longer on sale, a few of the more fanatic Amigans would argue that theft is theft, regardless of the circumstances. "After all," they would argue, "Would you like it if I walked into your house, drank your beer and drove off with your car?"
A little logical reasoning can see the flaw in this argument. The point is that while accessing a computer system without authorisation is indeed as much of a crime as any other, it's not the exact same thing as physical tresspassing or theft, and can't be treated exactly as such.
Think of it this way: The law in America, I believe, says that if a guy walks onto your property without permission, it's a crime, period. What happens if my dog runs into your garden, and I run in to remove my dog from your property before he runs all over your prize flowerbed? The law says I've committed a crime, when I've actually done you a favour.
Now, what happens when a guy accesses some data on your computer via a security flaw in your system, which you didn't intend to give him access to? Yes, it's a crime... but does that necessarily mean it's a bad thing? On one hand, he could destroy valuable data on your computer if he wanted. On the other, he might simply e-mail you and advise you to download a security patch for your operating system.
In any case like this, the most important thing is not whether a person commits a crime - it's whether they actually do anything wrong.
you shut up, you smelly retard.
well i think maybe he diserved to be fired or even at the most pay a small fine. but not this. screw intel
This has already been discussed to death but I'll put my $0.02 in.
Schwartz is an ass, who also happens to be a good tech. writer. Personally I think the folks at Intel should have de-listed him from their list of contractors on the first incident and notified his employers at O'Reilly, who also should have terminated any contracts due to breach of trust.
Indeed, that's the situation: breach of trust and breach of security. Perhaps theft in the case of password files, but not to the degree of felony charges. Does stealing a key or card-key usually result in anything more than petty thief charges unless further thefts occur??
Any reprimands/punishments should not have gone further than his employement.
As a student at Oregon State University (go Beavs) I had the opportunity to listen to Schwartz explain the situation in which he was currently a victim. There is no doubt in my mind that his behavior was professional and responsible. He was doing a favor, volunteering his time and clock cycles, to improving a gaping security hole. It is the responsibility I would hope for from any professional.
To be condemned for his behavior sends a message to all that security problems should be ignored to be exploited later by the truly dangerous, rather than exposed by the people whose job it is to improve the security of his and his peer's domains.
I was glad to have heard him speak to us, and I think this man is certainly not the criminal he is accused. Rather than condemn him, we, as a community that believes in improving security and protecting systems, should support him in his endeavor to beat a law that was inappropriately inaugurated on him.
> Last time I checked, people didn't get put into
> labor camps
We call them prisons here, and we 'privatize' them, and allow the corporations to sell the goods produced by the prisoners. They're certainly not 'labor' camps now are they?
> and tortured for doing spiritual aerobics
Inadequate food, etc, etc. Talk to Amnesty International about Sheriff Joe.
> did they get tortured and imprisoned for 33
> years because they were vocal about their
> believe that their country should be free.
Talk to the AIM guys, who're still in prison. Roughly comprable.
All I can say is...
May the Schwartz be with you!
$20 says he was planning (if not already already doing so) to read Intel employee email...
... at least that's what I did when I ran an NT password file at an old job through LOphtCrack. haha
I don't buy this "just testing their password security" crap.
Perl sucks anyway.
If the world indeed does have a pecker, Oregon is it!
Just curious, did "merlyn" wear a wizard costume to court? Maybe that's why he got such a harsh sentence?
"Yes, it's a crime... but does that necessarily mean it's a bad thing? "
You are retarded.
..don't work for Intel.
Eventually, Intel will have to settle for sysops of much less ability than Randall Schwartz, and they'll be owned by every J. Random script kiddie in the world.
Then, when they go forth into the job market trying to find someone who will do what a decent sysadmin should do (like, say, run crack against their passwords files and alert people with lame PW's like "pre$ident"), they'll hear "gee, I'd like to take your money and help you guys, but it's just too dangerous."
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Comment removed based on user account deletion
No "need" to take away his "rights"...Gee how did we allow the government to take away "RIGHTS"? Rights are just that.....RIGHTS, NOT priveledges which can be denied.... Congress was given ENUMERATED "authority" to ensure our RIGHTS were to be PROTECTED and GUARDED against ALL infringements, but THIS government sees to it that ALL "rights" are turned into a priveledges, and thus DENIABLE AT WILL or WHIM of the in-power resident nazi head-of-state we now have. People READ the constitution's Bill of RIGHTS..no place does it mention the authority of the government to remove, deny of infringe upon the RIGHTS of the people that are solely reatained BY the people...EVER! Any changes to the constitution and the bill of rights MUST BE VOTED UPON BY THE PEOPLE! I carry a copy of the constitution and the bill of rights with me everyplace I go....it IS the bible of freedom for me! I make sure people see it on my dash...they know I have read it and I also make sojourns into the court library as well! I MUST know ALL of my rights, or be led astray by the lying politicians that somehow "know" the rights I hold better than do I..I think NOT!
206.39.38.2, DDN-BLK-36, DOD NET INFO CENTER. 800.365.3642 206.36.0.0-206.39.255.255 NET RANGE.
(Look at my friggin' nickname, I just had to say it).
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
One thiong i cannot stand is a man who cannot face up to his punishment. if you cannot do the time, then do not do the crime. He knew very damn well what he was doing wa s illegal and he did it anyway. he got his kicks, enjoyment or whatever from his act and now he is whining because he doesn't want to pay for them.
Big deal he was supposedly a nice guy or generous or wrote successful books. many others have done the same and they do not run password cracking programs on their employees network. Would it be any different if he worked at a bank and ran a safe-cracker on the safe, or used a skeleton key to gain acccess to all the safety deposit boxes.
He broke into something by illegal means and got caught and I have heard so much of his whining about being innocent and persecuted that I hope the supreme court does hear the case and finds him guilty of even more stuff and gives him life for being a whiner.
Once in a while, we run up against a person who truly and arrogantly believes that ability to do something equates to permission. Perhaps the notion is also somewhat childlike as well.
I'm not sure why exactly, but I get flashbacks to movies like "Lawnmower Man."
I understand the giddy feeling of power some of us have over the people we work for -- they don't fully understand what we do, what we know or what we're capable of. We're wizards, magicians and gods. SOMETIMES the power goes to our heads and the case with this guy is NOT unique.
The unfortunate side effect of being a wizard/magician/god is that people will fear us as well as admire us. The current trends in legislation prove it. Much of it amounts to "you're guilty because we suspect you of it."
Even I went through my "script kiddy" phase... had more than one internet account/connection pulled out from under me due to suspected hacking activities. Luckily, that's the worst that happened to me and I learned my lesson in life.
I can't agree with the "witch hunt" atmosphere used in the judicial systems at the moment. If they want to create special laws for handling "cyber crimes" then do so by using judges and juries capable of handling these cases! Don't expect laypeople to be able to understand what it is they are judging in this case. And when it comes to the notion of "jury of peers" I can certainly see where the system is failing to address what a peer is in this case.
They aren't stupid -- the situation is geared to give the prosecution the edge where ignorance and fear is the weapon used against the accused. But that does deny the accused of a fair trial doesn't it? How can this important issue be brought out into the open and corrected?
One big lesson from this for big companies like Intel and Adobe is that having your problems discussed on Slashdot is VERY costly.
I've read a lot of the posts, and they have the effect of making Intel seem less like an interesting place to work. The good people may just not apply in the future, and that may mean that nothing will stop Intel's decline.
Bush's education improvements were
tux:~ # lspci
00:00.0 Host bridge: Advanced Micro Devices [AMD] AMD-751 [Irongate] System Controller (rev 23)
00:01.0 PCI bridge: Advanced Micro Devices [AMD] AMD-751 [Irongate] AGP Bridge (rev 01)
00:07.0 ISA bridge: Advanced Micro Devices [AMD] AMD-756 [Viper] ISA (rev 01)
00:07.1 IDE interface: Advanced Micro Devices [AMD] AMD-756 [Viper] IDE (rev 03)
00:07.3 Bridge: Advanced Micro Devices [AMD] AMD-756 [Viper] ACPI (rev 03)
00:07.4 USB Controller: Advanced Micro Devices [AMD] AMD-756 [Viper] USB (rev 06)
00:0a.0 Ethernet controller: 3Com Corporation 3c905B 100BaseTX [Cyclone] (rev 30)
00:0c.0 Multimedia video controller: Brooktree Corporation Bt848 TV with DMA push (rev 12)
01:05.0 VGA compatible controller: nVidia Corporation Riva TnT2 [NV5] (rev 11)
What I want to know is whay didn't they just fire him, previous to the neccessity of pressing criminal charges.
Seems like a rather drastic punishment. If they had repeatedly warned him as the case, although not the physical or electronic evidence exhbits seems to suggest (from what I was able to discern), they should have simply terminated his employment and thereby solved thier suggested security problem.
I'd love to know what intel's damages are too.. sounds to me like they are trying to bill Mr. Schwartz for the case they trumped up against him..
as if thier chips are not expensive enough.
Schwartz is laughing his ass off right now. While the prosecutor concentrated on a couple of insignificant security offenses, Schwartz has been engaged in a far more beastly act: promoting Perl. He has polluted the minds of thousands of programmers with his putrid language and gotten away scott free!
The Yahoo page requires cookies and other junk in order to be able to be displayed, while Randall's own archive does not.
Brad Knowles
http://daily.daemonnews.org/ -- if you're not
Folks, evolutionary pressures exists even in our field and Mr. Schwartz has simply failed to make the cut for the next generation. In the wild if a creature gets so focused on personal gain that it forgets to watch out for threats it's gone. Same here; He got so busy looking for next month's income that he lost it all.
At best Mr. Schwartz is a modern example of foolishness in action, and it bit him sorely. Cracking passwords without authorization to gain unathorized access to a system is _cracking_, period. There was nothing ethical or acceptable about it. He himself has placed himself at the same level as the rest of the script kiddies.
This man is not a peer, he's a fool. Learn from his mistakes and move on.
Confined though we are, infinity dwells within.
How is this guy different then Microsoft? They both broke the law. They both must have known what they were doing wasn't right. At least on the ethical level. They've both dragged out the cases against them. Appealing every judgement against them. They both claim to be just good guys trying to help the customer. I don't want Microsoft's help and I don't want this guys help.
Somebody made the excuse he is no worse then some kiddie. Kids are at least kids and might not know what they are doing is wrong. What's his excuse for a total lack of basic ethics?
Sheesh. You can tell when all the old Usenet geeks find something on Slashdot they care about.
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
For years now we have been reading comments about What Randal Should Have Done.
It's easy to be critical from a distance. But before you're too smug in your assessment, walk a mile in his shoes, or in today's terms, sit for an hour at Randal's shell prompt. Many of us do every single day.
Many of us do which? Sit at his shell prompt (breaking and entering, or theft of services, depending on how we got to it)? Walk a mile in his shoes? Criticize Randal?
Randal was doing pretty much what many sysadmins do as an ordinary matter of course: secure and protect the systems they are responsible for. It's the job they're hired for, you know?
There's a big difference between what Randal did and being responsible. For example, he could have asked permission (shocker!), he could have set up a test environment, he could have simply not done it. Sure, it was his job to secure those systems, but... Well, if my job is to secure a bank, and I go breaking into the vault to test security, without permission, that's just plain foolish. Any reasonable adult should know better. Period. Randal obviously did not. Hey, now he knows, and it *only* cost him money and time and (in some circles) reputation.
I've always felt that this amounted to a personality clash that spun out of control, bruised the ego of an Intel senior PHB, and then completely escaped from reality when it was referred as a criminal matter to the local gendarmerie.
What was it then? An unauthorized (for that specific system) individual got access, and started trying to break passwords. Sounds criminal to me... Oh, wait, he was a *consultant* to Intel. Remind me of that argument next time I consult for a bank... "Of course I should be able to get into the vault! I want to test security!" Seriously, if it wasn't criminal, what was it? Stupidity? Ego (i.e. "I'm the admin, I should be able to get everywhere, they'll understand when I'm done")?
I remind everyone here that Randal was an Intel contractor with a one-line contract that basically ended up being interpreted in a completely arbitrary way.
Then in addition to learning that he should not hack into systems his client did not give him permission to, he needs to get a better contract next time...
Randal would be the first to say he did some things that weren't wise, but there was never any intent of illegality or damage to his client, the mighty Intel Corporation.
Actually, there *was* intent of "illegality" on his part. Did he or did he not intend to gain access to a system for which he was not explicitly granted permission, for whatever reason? Is that, or is that not, illegal in Washington county, Oregon?
And, there are *plenty* of other things which get people thrown in jail in which no harmful intent was present. Pot is one example... I can't see how my buying and using pot harms anyone but me, but hey, if the cops catch me, I may very well wind up in prison. Intent is irrelevant for certain "crimes."
Intel has rightly gotten a big old black eye over this entire episode, at least among those who bother to learn the details, and at least as far as I know has not repeated this stupidity.
I imagine Randal, too, has found himself suffering from an obsidian orb. He's just lucky that, in the words of another poster, he isn't in Federal "pound me in the ass" prison. He's lucky that he doesn't have to worry about being bought by the guy with the most cigarettes.
Randal has managed to keep going, dealing with an onerous legal case, the threat of jail, an extraordinarily out of whack fine, and daunting legal costs.
Yeah, he's my hero... You realize that by lauding Randal for having kept on keeping on, you lessen the accomplishments of people who have kept on in the face of *real* burdens, right? You do realize that there are people who's lives have been completely and utterly ruined through no fault of their own, right? Randal is *lucky* that all he had to pay was some reputation and cash. You wanna talk about people carrying on in the face of adversity, look at some of the poor bastards who've been hamstrung, lost homes, businesses, everything, because some idiot at the IRS made a typo. Learn about that stuff, *then* come back and talk about Randal as if he's some kind of hero.
The Oregon law that all this hooked on is widely regarded as badly written and prone to misuse (I've written some Oregon law in my time, not in this particular area, and it's easy to see how this happens in the legislative process).
So what? Prohibition was widely regarded as a bad idea, and yet lots of folks went to prison over it. Drug laws are widely regarded as badly written, and yet people wind up in prison, for years, over it. Why should Randal's case be any different?
The gross sense of disproportion is the lesson I have learned from this sorry episode. It is sobering for any of us who take on sysadmin duties under any circumstances.
I can agree with you on this point. It *was* completely out of proportion.
As security becomes an ever more complex and consequential issue, that is a lesson everyone should take seriously. Just because you are doing the best you can, all of us have our flaws. What protection do you have if someone decides to settle a grudge with you and have the full weight of an ill-defined law and an immensely powerful legal apparatus thrown on you?
Don't forget your own stupidity for having done the "crime" the poorly written law defines. Don't forget your own stupidity for having decided to circumvent the proper process for getting permission to do the thing in the first place. Basically, the best way to avoid getting arrested for something is to avoid doing it. He did it, and, regardless of *his* rationale and the poor wording of the law, he's been found guilty.
and then asks for the courts mercy because he is a orphan. Mr. Schwartz apparently knew what he was doing, knew it was illegal then did it anyway. Just like Mr. Schwartz I too can break into things (in my case houses). However you don't see me doing it for ANY reason without the owners permission. Why - BECAUSE IT'S WRONG AND ILLEGAL! Houses or compters - different things same idea. What Mr. Schwartz would like us to believe is that for some reason we should treat him differently than someone that breaks into our house. Keyboard or lockpicks - same idea different targets - same result if you get caught. I really don't feel sorry for you I think that the justice system worked magnificantly!
When I go to the pages defending Schwartz, I can't figure out what he was accused of. There's huge discussion on how unfair things are, but Intel's claim is hidding under sub links. What Schwartz claims really happened, I have yet to find.
It's just like urban legends. You can tell the real ones from the fake ones. Real ones have real URLs.
Real inocents give all the details up front.
'SBEMAIL!' is better than a goat!!
It's extremely refreshing to note that at least somebody has smelt the coffee over there. Even if the standard /.'er doesn't see it after some witty moderation by the me-me-me-generetion of the libertarian task force.
So, even though I'm not completely in harmony with the actual communist ideals - I prefer socialism with more of a "eco fascist" touch with much less focus on human wellfare - I agree fully on your point on the olicarghy of the investers ruling the world (not just America, but everywhere - look at Russia, China, EU, and indirectly the third world as well), and the consequences it brings to the well-being of an average citizen, foreigner, animal, or anything else than the bank account of the inner circle. And this is not paranoia or something not really existing brought you by the servants of Papa Stalin - everything is completely transparent and public to research if you just have a few hours to spend on it.
A good starting point for the uninitiated could be e.g. Chomsky's Profit Over People, not a perfect compilation of essays, but thought provoking.
______________
OTTERS RULE.
I have a friend who shot his father with a .357. His dad died and Jeff was sent to prison. I went to church and band with Jeff; I knew him pretty well. I think it was bad judgement. He was suprised when he found that his dad had died. He was trying to make a point about his importance in the family. He didn't intend to kill his dad.
Jeff is in prision. Jeff should be in prison (though the length of his sentence is debatable.)
Bad enough judgement is criminal.
Swartz didn't commit murder, but Jeff's story better illustrates my point.
Joe
With regard to the criminal law, though, the law in Oregon appears flawed in the sense that there appears to be no suggestion that Mr. Schwartz cracked the password file for any other reason than to test the security of the system. There appears to be no motive to steal, or kill, or cover up evidence of a non-computer related crime.
You effectively have a law here which was framed with the external intruder in mind, which when applied to an internal user - one employed to work on the computers of the company - fails the test of reasonability.
Speaking personally, my experience with computer consultants is that playing around with technology and doing things with company systems that they are not supposed to is just what they do, at least the good ones. It is the nature of the beast.
"Well, put a stake in my heart and drag me into sunlight."
The Best of Amateur Hour, starring Randy Shwartz. The idiot got his hand caught in the proverbial cookie jar, and got it slapped but good. He deserves everything he got in this matter. What a moron -- and a whiny one at that.
Okay, "slashdot sponsored" is the wrong word. Mediated through slashdot or organised via slashdot, I might say. Intel's adverts on slashdot would probably influence Slashdot's editorial board not to endorse this hypothetical boycott directly, but most of the moderation is done by readers (with no economic interest in slashdot) who certainly wouldn't feel so bound. Also, Slashdot carried this story which is not pro-intel any way you slice it.
Pulling their ads off of slashdot in response to such a boycott (or even threatening to do so) would be PR hari kiri with a rusty knife.
This isn't really a big enough action on Intel's part to justify a general boycott, put in perspective with the actions of other companies with a similar market cap, it's total small fry. It still makes me plenty angry.
The good and new comes from no quarter where it is looked for, and is always something different from what is expected.
I read the police report.
in essence he told the officer that he was cracking passwords so he could continue to gain access if he was found out. He was cracking the systems, he got caught... He was also told not to do it again and he continued to do so. This kind of stuff lawyers love to eat up... "You were caught once, told not to do it and you did it again..." Can't use the old "I didn't know I wasn't supposed to do that!", defense.
Also, a word of legal advice, you don't have to talk to the police, you don't have to give them information if you're suspected of a crime, keepa you mouth shut! Even if you're innocent anything you say can be used against you, so don't try to explain, let your legal mouthpiece do the talking. It's certainly better that way.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
You can find the Google cache of the "straightforwardly partisan look at the complicated case of Intel vs. Schwartz" here.
"I don't trust goats," --To Catch a Spy
You're being a troll, every government abridges some basic human right. I don't think your felons should have their voting right taken away, but as a pragmatist I don't think taking away someone's basic right of movement after they kill my grocer is so horrible.
And well changes in the US constitution don't require a popular vote, they require a vote by congress and a majority of states. The states are also required to have some sort of limited democracy, that's it. Read your constitution carefully.
He wasn't the sysadmin for the computers he was cracking. Everyone reading this should ask themselves: if you were a guest on a system would you feel it was legal or illegal to run pw cracking programs on that computer?
This is the most important point in showing his state of mind. Either he is stupid or he was clearly doing something he knew was wrong. Take your pick. Since I don't know the guy, I can't tell which it is.
HERE
/.ers work, but i know most Fortune 500 companies would not give you essentially 3 strikes to get your sh|t together.
Randal had moved the process to Brillig about 5 or 6 months ago, after this process was discovered on a system named Mink. He mentioned he was told not to run it on Mink and at this time he moved it to Hermes, which he found too slow for his needs. He then changed it slightly, and moved it back to Mink where it was found for a second time. This occurrence resulted in the Mink system administrator to remove his account, and Randal then moved the process to Brillig.
not sure where most
he should have been canned the first time his access to MINK was found to be against company policy. guess this instance shows the evils of how big bureaucratic companies work when: someone allowed him to be found out on MINK not once, but twice and yet still be allowed to work at Intel where he then did the same policy violation on BRILLIG.
I would say this was asking nicely.
/* Half alive and half dead too, work is for suckers and the sucker is you. - "Half-life" by Local H*/
no where did i find an instance of Randall doing this to prove to Intel execs their passwords were insecure. got any links where your info came from?
he casually mentioned this lame excuse when being questioned by the authorities (both Intel and Police) but no where was it shown he told anyone in Intel that their passwords were insecure.
what was mentioned by Randall was that he wanted access to these computers for his own purpose and did so basically b/c he was could.
please do some reading
PS - i enjoy the look into his background, where essentially he has had prior problems of this same nature.
/* Half alive and half dead too, work is for suckers and the sucker is you. - "Half-life" by Local H*/
He is honest about the fact that his contract at Intel's Supercomputer division was about to expire and he was trying to find a reason for them to continue to keep him employed
Funny how no one seems to have problem with this. In other words, he was acting purely out of self interest. Gamesmanship has its risks, and my only response to Shwartz would be, "deal with it."
Many of us are the same way. When the putzes in IT invent some new rule that passwords have to be changed every three weeks, must be no shorter than 17 characters, and no SSH connections are allowed, we usually just ignore them because they're stupid.
Small organizations deal with these issues of personality much better than do large organizations. If the goal is to get as much productivity out of a workforce as possible, then a little bit of flexibility and figuring out how to accomodate the tempermental anti-authority programmers that do a lot to increase your bottom line makes a hell of lot more sense than reporting your pains-in-the-asses to the police.
I can relate to Schwartz and his actions. Places that I've worked at have been gracious enough to cut me some slack and not try to have me arrested when I've thrown a pissy fit and chmodded everything 777. In return, I code until my fingers are numb and I can't stay awake any more.
That kind of deal obviously doesn't work at Intel and other large inflexible corporations, and they're certainly not going to change. I'm not that comfortable with being guarded and paranoid - I'd rather just be myself - so my choice is to work at the smaller places with people I can trust not to call the cops if I'm being a dork.
This shouldn't be a legal/criminal/hacking/security/policy issue. It's a geek personality issue, and companies that want to make the best use of geeks would do well to grok it.
I like my G4. This is the longest period I have ever haad the same computer and I am still having a hard time justifying the purchase of a new one. My 450 MHz PowerPC G4 chip just chugs along without a hitch. Even when I throw the latest video games or high end video editting at it there is no slow down. I think I will buy a G5 when they come out just to justify get a DVD burning drive inside a complete package.
>get permission to crack the passwords. So when
>the admin found out that Schwartz was running
>Crack he informed the security guys at Intel.
In other words, intel security was a lot better than this wannabe suspected . . .
hawk
Makes sense to me.
Makes me a lot more nervous than it makes sense though. I live here in Portland, and I've gotten in trouble at work for the same kind of stuff.. inappropriate use of network resources, annoying my boss, etc. I am thankful that my employer didn't throw me in jail.
josh
If you disagree with the Oregon courts you're not fully aware of what this case is about. Educate yourself before you post flame bait :-)
Whether or not Schwartz is guilty, his case is being used as case law to prosecute a Lane County (Oregon, obviously) teenager currently who worked at a local ISP. His ISP did colocation, and as part of the colocation he felt it was his place to secure these systems. After all, if they get hacked it's his ISPs bandwidth that gets used. So he ran a brute force passwd cracker on a few systems. One of the owners of the colocated boxes noticed this, and rather than alert the ISP, he called the cops. Without questioning the ISP or the kid, he was arrested and has been held in Juvenille Hall ever since. I think this is a gross abuse of the original intent of the Oregon Information Security Act, and I urge anyone who lives in Oregon to write your representatives!
-gfm
You were nor arguing with me. I told you to cut out the analogies, somebody else was arguing on the thread with you.
You may not realize this but on public forums like this different people may join the thread and make comments. you should look at the names before you shoot off your mouth perhaps.
War is necrophilia.
I work for a law firm, and back before we had our nifty Linux firewall and DSL connection, one of the attorneys had (ugh!) a modem and dialled-up directly to the internet every so often to check her personal e-mail.
One day (so I'm reminded every month or so), our then "computer-guy" came in to set up something and ended up walking out with the attorney's modem. It just so happens that he re-sells old computer parts and that's probably what he intended to do with it, but I (to this day) will defend what he did because I would probably do the same.
The point is: his job, even though he was an outside consultant, was to take care of our computer systems, including the information on them. Having someone dialling out on the internet without even firewalling their machine (this was before we had virus scanners, too) was not in our best interests.
Had he tried to explain this to either the boss (just now learned to use e-mail) or the attorney in question (would be damned to not have the best computer in the place), he would have been answered with blank stares. More importantly, though, it would have been his fault when the entire network got a virus and all of our client files were lost. Like I said, I would have done the same thing, no explanation or permission necessary;
because the status quo these days is to assume that management and employees are all morons, actively trying to defeat whatever security you have in place to protect them, and without the knowledge or wherewithal to actually learn why "Pre$ident" is just as bad a password as none at all.
"I assumed blithely that there were no elves out there in the darkness"
Locksmiths have master keys that can get them into all sorts of buildings and vehicles, so by your argument, they are "granted access" to them.
"Hardly used" will not fetch you a better price for your brain.
Comment removed based on user account deletion
Actually this is kind of incorrect. Now if Mom placed perminent permissions on everything inside the house and then put a notice on the fridge that said you can not touch the money that is sitting out on the counter. Now your getting close to what this is about. Although most people don't have a relationship with there ISP in the same way as there Mom. So the notices and permissions are important. "But you didn't say that I couldn't do it!" This is actually quite incorrect as permissions say this specifically. Then notices/policies enforce this or add on to.
At the risk of being moderated as a troll again...
Your points are noble, but the problem with your argument is the lack of forseable intent. Yes, removing the dog from my property may be an act of good intent; but how did I know that in advance of your actions?
Trespass and property law exists because it is impossible to determine a persons intent before the action is committed. If we could do that we could have prevented the tragedy of september 11th.
I think a viable solution is to enforce existing trespass law, and give Judges the legal headroom to dismiss cases of obvious good intent. This is why mandatory sentence laws mostly suck...they do not take into account good intentions.
-ted
5 times more than gun violence, yet I don't see you advocating the abolition of cars.
I am from a gun culture. SE Ohio is a hunters wet dream. Often most of the boys were absent from school on the first day of deer season. Everyone had guns, often several. I learned to shoot before I was 8. Yet, the only person I personally knew that died from gun violence died from a self inflicted gun shot wound. I lost several of my friends in car accidents. I am lucky myself to be alive, having had several car accidents.
To me guns are safe, and cars are deadly. If we abolished cars then we could save 5 times as many lives as abolishing guns.
But this really isn't about saving lives is it? It is about the political agenda that you are trying to promote.