Slashdot Mirror
McOwen Case Settled
ewilts writes: "Back in July, you ran a story about David McOwen, a computer adminstrator at DeKalb Technical College in Georgia, who was being charged for installing SETI software on school computers. This case has now been settled. See also the EFF press release
on McOwen's web site." Update: 01/18 16:11 GMT by M : It was software from distributed.net, not SETI.
Although he got off relatively light, the precident set here is that sysadmins can no longer choose to install software at will. As a sysadmin for a large media congolmerate, I find it more and more difficult to simply administer my systems because all the suits want to know every move I make three weeks in advance. This decision simply adds an element of criminality to an already bad situation.
It's a pretty steep fine for installing a non-malicious piece of software.
It's not mentioned in the article, but it seems to me that the $2,100 figure was determined by picking an amount "just a little more than what he would have made had he won".
--
E_NOSIG
He didn't own the computers... they weren't his property. He had no right to install anything on those PC's that wasn't related to work. He got off easy.
This generally looks like a reasonable settlement. The monetary damages are a bit dissapointing, though. Remember to ask permission (and get that permission in writing) when you make large, questionable, changes to the systems you are responsible for.
This story has been convered in a recent Slashback article: here.
Jesus, folks, Our government needs a head dunking. 30 years for a benign program on a few machines, (I live near there, it isn't a large campus) as opposed to 6-10 for MURDER? Hot damn, he didn't kill anybody....let's just be really glad he got off "light"
Sent from your iPad.
Being a native Georgian (southwest Georgian for that matter...Albany - a REAL backwater), and a comparatively savvy technogeek, I am filled with horror. These idiot lawyers are going to do everything they can to make a name for themselves in whatever context they consider important, intelligence be damned. Of course, if in doing so, they drag the name of Georgia back into the yeehaw days (Gawrsh, Goober, that there computey-thang shor is makin' them nekkid wimmens look purty an' all. Gimme a chaw.), they don't care.
Georgia is full of intelligent, growing technologists - startups, academics, and all-around geeks. These barristers' motives are pure old-fashioned power plays, making a name for themselves and wielding power over those who don't respect them. Please don't consider all of us Georgians hicks; we geeks live in a meritocracy separate from these backwater jackasses we elect or appoint to office.
What'dya mean there's no BLINK tag!?
Update - January 17, 2002 Georgia V McOwen Case closed!
= 39&threadid=593069
Electronic Frontier Foundation Media Release
For Immediate Release: January 17, 2002
Contact:
Lee Tien
Senior Staff Attorney
Electronic Frontier Foundation
tien@eff.org
+1 415 436-9333 x102 (office), +1 510 290-7131 (cell)
David Joyner
Attorney
Kenney & Solomon
CDJoyner66@aol.com
+1 770 564-1600
Distributed Computing Prosecution Ends with Whimper Not Bang
Georgia Man's Ordeal Ends
San Francisco - David McOwen can finally see the light at
the end of the tunnel. After about two years of facing the
prospect of years in prison and more than $400,000 in fines
and restitution, the former DeKalb Technical College systems
administrator has accepted an offer by the state of Georgia
that will bring his legal nightmare to an end.
Since February 2000, McOwen has been the target of a
"computer trespass" investigation and then prosecution. His
crime? In 1998, he installed a distributed-computing client
(like the SETI@home screensaver) on the college's PCs in
order to participate in a distributed decryption contest. In
early 2000, the school administrators threatened McOwen with
criminal charges and called in the Georgia Bureau of
Investigation. The threat of more than $400,000 in liability
was based solely on the use of the school computers, valued
at 59 cents per second.
Under the terms of the deal, announced today, McOwen will
receive one year of probation for each criminal count, to
run concurrently, make restitution of $2100, and perform 80
hours of community service unrelated to computers or
technology. McOwen will have no felony or misdemeanor record
under Georgia's First Offender Act.
"David never should have been prosecuted in the first place,
but we're glad that the state decided to stop," said Senior
Staff Attorney Lee Tien of the Electronic Frontier
Foundation (EFF). "This is a very good result for David. He
very likely could have won if the case had gone to trial,
but trials cost money and you never know what will happen."
Tien explained that much of the case against McOwen turned
on whether he had fair notice that installing the
Distributed.net client software was prohibited. Under the
Georgia computer trespass statute, criminal liability may
only be imposed if the person uses the computer or network
with knowledge that the use is unauthorized. "From what I
can tell, the state would have had a hard time proving
beyond a reasonable doubt that David knew he wasn't
authorized to install the software," Tien said. "I can't
help but feel that this was a face-saving deal for the
state."
"The state's claim of up to $815,000 for computer time seems
to fit an old pattern that we've seen before," Tien said. In
one of the first cases championed by EFF, a man faced years
in prison for obtaining and publishing an internal BellSouth
document initially valued at almost $80,000. The case was
dropped after evidence was introduced that it was publicly
available for $13.
The issue raised by McOwen's prosecution isn't an isolated
one, Tien added. Distributed computing is an important
scientific tool that can harness the spare cycles of
numerous personal computers into the virtual equivalent of a
supercomputer. The SETI@home screensaver, for instance,
allows computer users all over the world to aid in the
search for extraterrestrial intelligence. Last year,
however, the Tennessee Valley Authority banned the SETI@home
program from its computers, declaring it a risk to computer
security.
While McOwen's legal problems appear over, they've taken a
serious toll. He resigned from his job at DeKalb soon after
the school threatened him. And he was fired from his next
job at Cingular Wireless last August because of the bad
publicity surrounding the case.
EFF wishes to praise and give special thanks to David
Joyner, McOwen's attorney at Kenney & Solomon, for all of
his hard work. Thanks are also owed to McOwen's supporters
at FreeMcOwen.com and MachineThoughts.com for publicizing
the case and raising money for his legal fund.
Legal defense fund for the McOwen case:
http://forums.anandtech.com/messageview.cfm?catid
About EFF:
The Electronic Frontier Foundation is the leading civil
liberties organization working to protect rights in the
digital world. Founded in 1990, EFF actively encourages and
challenges industry and government to support free
expression, privacy, and openness in the information
society. EFF is a member-supported organization and
maintains one of the most-linked-to websites in the world at
http://www.eff.org/
#include sig.h
Now, of course, he gets off light from the government.. but jeeze, think of the internet traffic charges he's gonna rake up from being slashdotted. YOU MEAN HEARTLESS PEOPLE! Have you no decency? Give the man a break.
A lot of people seem to be under the impression that the client he was running was SETI@home and was therefore innoculous.
Well, he was running some distrubuted.net-type decryption client where he would have WON MONEY had he been the one to find a key.
Not so humanitarian and innoculous now, is it?
Years in prison and a $400,000 fine are extremely way beyond reason, but I can see how this was a crime as he stole company resources for personal gain.
The $2100 fine does seem reasonable as I think he would have won $2000.
Also note that in nearly every jurisdiction there are tons of other laws that could apply, and thus the rapist would get a similarly large number of counts.
California for example says that sodomy (defined as anal penetration) with someone unwilling or underage (2 counts if they are both unwilling *and* underage) is a seperate crime. There are other, similar, laws that make various differentiations between very similar acts, so usually a rapist can still end up with 10+ counts and probably well over 30 years
This is typical of many law enforcment efforts. If they want to save face, even though they know they screwed up, they get you to cop to a lesser plea.
You have seen this in the recent ebook case, as well as in your typical negotiations with other infractions, such as traffic tickets.
You also see the compulsion to save face in death row (and other) cases, where many prosecutors outright refuse to allow DNA testing that might prove a man innocent. It is like pulling teeth to get the tests done. Even though it is often a matter of life and death.
"Saving Face" is obviously more important, even though it makes them look foolish.
"It is a greater offense to steal men's labor, than their clothes"
Wow! I'm sitting on a friggin' gold mine. Who in their right mind would ever pay upwards of $35 for ONE MINUTE of time on a PC?? You can buy a good system that's paid for itself in just one hour of time!! Lets see, going by the usual inflated legal dollers, this 1.5Ghz P4 I've been burning in for the last two weeks has just wasted $713,000. boggle.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
Perhaps it's a precedent for telling sys admins to stick to their jobs and keep the best interests of their employers in mind when installing software. This isn't about "sys admins choosing" it's about the appropriate use of someone else's property.
When I discovered that a developer had installed SETI on my co's production ecommerce servers ("but I nice'd it!") I had the loser fired -- after disabling the software. Am I against SETI? No (nor am I "for" it; I don't care). But the purpose of our servers, bandwidth, etc., is not racking up points in the SETI project.
Now, we have other servers that are intended for fun and exploration. But our production servers?
-- @rjamestaylor on Ello
Just so you know:
Under the terms of the deal, announced today, McOwen will receive one year of probation for each criminal count, to run concurrently, make restitution of $2100, and perform 80 hours of community service unrelated to computers or technology. McOwen will have no felony or misdemeanor record under Georgia's First Offender Act.
A: None. The Universe spins the bulb, and the Zen master merely stays out of the way.
<Cut to courtroom somewhere in the USA>
Defendant: "...and then I installed the application on all the computers."
Prosecutor: "You did this, fully aware that it was vulnerable and subject to attacks, which may paralyze the company email system, compromise data, or worse?"
Defendant: "Yes."
Gallery: *GASP*
Prosecutor: "And what was this application?"
Defendant: "MS Outlook."
The prosecutor, appearing struck, glances at a shadowy figure in the gallery who bears some resemblance to John Ashcroft in a trenchcoat and fedora, the figure quickly draws a finger across his throat and the prosecutor recomposes himself.
Prosecutor: "Your honor, the prosecution humbly requests all charges be dropped and that the defendant be released!"
A feeling of having made the same mistake before: Deja Foobar
And anyway.. Consider SETI@home software's track record for security compared to, say, some larger commercial companies. I'm always getting paranoid rants via e-mail about how we can't be trusted, yet people download netscape and install microsoft products as if they are any safer and don't slow your machine down needlessly.
- Matt Lebofsky - SETI@home
So this means that before i install anything, good or bad, that i must *explain* each and *every* piece of code, and clear it with the people that entrust me with their network and am paid to be the expert on, and responsible for its upkeeep? What if i install VNC, antivirual update, research software for a better network, prety much anything they decide they dont like that day.. i goto jail? Seems to me our ablity to even do our jobs has just been limited drastically. Sure, wholesale personal use is wrong, but the way it sounds now im libel if managemnts mind changes tomrrow on anything.....
---- Booth was a patriot ----
You know, I always wondered about this "... no record ..." business. When I apply for a job, I'm often asked if I was ever arrested. In Illinois, where I lived for a time, if you get stopped for a traffic violation, and given a ticket, you are technically arrested -- read the ticket. (Of course, IANAL, and the usual disclaimers apply).
For simple violations, like an illegal lane change (which was the charge I faced, and got dismissed in court), you are genereally released on your promise to either (a) pay the fine, or contest the charge. In Illinois, you can pay extra, admit guilt, take a driver's ed course, and have no record.
But what's the point, when one is asked if one was ever "arrested"? To say no, because there was no record of the arrest might work, but it would be deceitful.
Of course, in the interest of completeness, many job application forms do explicitly exempt arrests for routine traffic violations.
You could've hired me.
Production systems are controlled environments - last thing you need is some unaudited, unexpected and unauthorised changes messing them up.
...or opening up a security hole.
Every piece of software installed present a potential threat. Did it come from a reliable source? Does it have security flaws? Obviously, there has a be a reasonable balance between maintaining security and giving users the flexibility they need to do their jobs. I get very irritated when a company won't let me install software I need -- or just want! -- on my desktop at work.
This balance tips increasingly in favor of security as if installation is (1) on a server, (2) on a production server, (3) on a lot of machines. Maintaining that balance is a sysadmin's job. And this guy was definitely not doing his job.
All that said, aren't criminal charges just a little out of line? He should just have been professionally reprimanded, or maybe fired. But a lawsuit?
I don't think that in any way the guy should have had a huge fine or gone to jail over this. It's a firing offense, nothing more. He was wrong, I would have fired him. That would have been the end of it...
Contrary to popular belief, coding is not all free blow-jobs and beer. Those things cost MONEY!
Funny, I've never seen one that didn't. Though, they all disclaim that such information will not be used to affect a hiring decision. (I know, then why ask?)
You could've hired me.
You realize, of course, that it's too late for you. As soon as you begin a public crusade against authority (regardless of the piddly details of who's right and who's wrong), you've lost. Give up your argument, and either get back to posting, posting offtopic and being modded down, or stop coming back for more. Posts like this (and many others) are useless and are only going to solidify the resolve of those in charge. Personally, I don't blame them. One or two whines and bitches is understandable, but I've read over 20 posts that are more or less carbon copies of this one int he last 4 days alone! Like, whats the point? It's useless! It takes a big man to give up a fight, and an even bigger one if he still believes he's ideologically in the right .. but I'm sure you got it in you.
.. shit, mod me OT! Who cares?
And
"Old man yells at systemd"
If said house keeper is rifling through the papers on my desk in the study which she was explicitly to stay out of, then it wouldn't be unreasonable for her actions to be considered at least trespassing.
Yes, that is unreasonable. It is also absurd.
By giving that person a housekey you have granted them access to your premesis. By definition they cannot be tresspassing.
Violating your privacy, yes. If you locked the drawer and didn't give them a key (they picked the lock, or scrounged the key from another drawer and opened it), then you might have a case for unauthorized access to whatever materials were locked up (breaking into a client's safe isn't legal). However, if you left those papers in an unlocked state, then you'll have to come up with some law other than tresspass or breaking-and-entering to prosecute them on. If there isn't one, and there may not be, then you still have the recourse of firing the offendor and suing for damages (if any).
This case is nothing short of rediculous, and a primary example of one of the most fatal flaws in American justice: the fact that a person can be financially coerced into pleading guilty to something they did not do simply because the financial cost and potential risk of standing by their innocence is too great and their unjust accuser happens to hold all of the (financial and power) cards.
America isn't going to be destroyed by bin laden and his idiot followers, but by lawyers, and governments, like this one. Indeed, if anything such acts of terror breath new life into decaying regimes, delaying the disunity and ultimate demise of a society whose legislative, judicial, and executive systems are so riddled with injustice and corruption that no significant social contract remains. Such a society is ripe for destruction from within, regardless of how draconian the secret police (FBI et al) may become, and this is but one of a myrid of symptoms to that affect.
I was once asked the question as to whether I would prefer to live during the rise or decline of a civilization. I niavely answered that I would prefer the decline, because then I could enjoy the fruits of previous generations' labors while leading a decadent life of my own, without regard to the future. Now that I am in a position to actually observe the dysfunction and decline of my own culture, particularly of the democracy which makes it possible, I have discovered two truths: (1) decadence has nothing whatsoever to do with decline, contrary to popular puritan myth, but corruption and injustice are directly related and (2) decline isn't inevitable, but it is inevitable if the people are too lazy, or too distracted, to be vigilant and root out the injustice and corruption which is its primary cause.
The Future of Human Evolution: Autonomy
Fines should match losses, and perhaps offer a bit of a deterrant. However, I can't see how the loss of otherwise unused computer time could be quantified. Bandwidth is another issue, but I see quantifying that as iffy a best. At most, this looks like trespass with no property damage or service interruption.
You could've hired me.
Since when is okay to NOT allow system administrators to administrate their own software on the systems. They are system administrators. Installing software should be their own right, and the point of the fscking job!
Zodiac Survey
I thought you downloaded a file from SETI and mucked about with it for 20 something hours and then sent your findings back to SETI.
How much bandwidth could that possibly take up?
Further, there's money to be had? I thought I was just helping out.
I have got to start reading the FAQs.
Oh and as for the topic:
I'd be POed too if someone was running crap on my systems. But I'd likely just have him remove it and force him to buy me an expensive lunch. Many of my business disputes are settled with the purchase of an expensive lunch.
This
SecurtyFocus
Financial Motive Alleged
Willard says that McOwen was singled out for prosecution partly because he had ignored his supervisor's warnings. "In this case, Mr. McOwen was expressively prohibited by his superiors from downloading these programs and was informed on many occasions by his supervisors to stop downloading programs," said Willard. "They were aware that he was doing it and he had gone in and cleaned it up on numerous occasions." Joyner insists McOwen received no such warning.
Prosecutors also claim that McOwen had a financial motive for volunteering the school's machines. McOwen was a top producer on distributed.net for "Team AnandTech," a group sponsored by a hardware forum site which is still the second ranking contributor to the RC5 research project. A $1,000 prize goes to the individual contributor who recovers the RC5 encryption key. "McOwen placed a program on computers, that in his estimation would benefit him personally, including computers that has sensitive student financial and identity information without authorization," says Willard. "There is concern about the program itself compromising or providing the basis to compromise sensitive personal or financial information, there is the matter of Mr. McOwen's unauthorized activities on this computer, and finally there is the point that there was misappropriation of state property."
He was warned several times, and the software had repeatedly been uninstalled. This isn't the only article I've read that discussed this fact. I may not agree with the charge or the penalty, but he should have been fired for ignoring his supervisors continued requests.
but decided against it. When I was working for the university we ghosted machines and we thought hmmm we could put SETI on all of them as they went out! Give the university a little credit, let it run in the bankground, and most of these machines went to individuals who would not come near to using all the speed of a 500 MHZ machine. However, we thought for a moment and said "Do we really want to risk it?" The obvious answer was no and that idea was filed away in the cylindrical file cabinet. Its good to use good judgement. He's lucky to not be doing time.
HT
Hi,
I'm writing in response to your sig. I may be interested in a trade, if you're up for it.
What do you think?
Ok, so being that I actually went to this school to learn C programming (making deans list a couple times), perhaps I should lighten up on my perspective of the usefulness of the EFF.
Meaning this hits close to home for me. But the EFF is still a small organization and, like the ACLU, has little choice but to be very selective about taking on cases that are inherently helpful to promoting the EFF and their fund raising efforts.
But I Still Think and Believe that there are more fundamental issues in regards to the Electronic Frontier as it applies to our freedoms, that really should be and need to be addressed.
As the article seems to say, McOwen should never have been charged in the first place. This should be a good enough indication that there are more fundamental issues in need of addressing.
Comment removed based on user account deletion
is not that his employer took action.
I think we can all agree for the most part that, in a way, he should have known better.
The scary part is that for something as minor as this, they tried to get him on 9 felony counts, facing 120 years in prison and something like a million bucks in fines/restitution.
hawk
Precisely. In order to successfully prosecute a case like this, an employer should have to show that they were playing network nazi with every employee from the CEO/Governor/HMFIC on down. And one counterexample should be enough to get the case dismissed.
CEE5210S The signal SIGHUP was received.
What is most disturbing about this case is the utter lack of any moral compass on the part of the prosecutors in this case. You have a sysadmin who installed software which burned spare cycles and inadvertently raised the phone bill. It's a mistake, accidents happen, to go after him because he didn't have explicit permission is a disgrace. These immature imbeciles can't get over their pique at seeing the costs incurred and go after him like he's some kind of uber hacker. This is the guy THEY hired to run their network. In a situation like this you learn a lesson, you don't rehire the guy, you don't give him a reference then you move on.
When you look at what they inflicted on McOwen and what they TRIED to inflict on him, I want to lock the prosecutors and their co-conspirators up for what is in my opinion a criminal conspiracy to contrive to convict an innocent man. This is a real bonfire of the vanities. You have career prosecutors who were prepared to destroy a life over this, and others supporting that to cover their ass and deny any responsibility.
How these miserable excuses for human beings can sleep at night I don't know. Just one of these prosecutors or middle managers is a thousand times more dangerous than a roomfull of McOwens.