Slashdot Mirror
Randal Schwartz's Charges Expunged
After 13 years, Randal Schwartz has had his conviction expunged. In effect, legally it never happened.
If you haven't heard about this one before, my take is that as a contractor at Intel, Randal did some over-zealous white-hat cracking free-of-charge; this embarrassed some people in management (he pointed out that their passwords were terrible) and management then chose to embarrass themselves further by having him convicted of a felony under an 'anti-hacking' law. More info can be had from the Friends of Randal Schwartz.
Congratulations to Randal - it's nice to actually read a good news story with regards to the legal system.
BlackNova Traders
Congratulations Randall, its great news to hear that the legal system actually works once in a while.
--
Cheers Gene
"I've started the process of removing "I'm a felon" from my natural vocabulary"
Ouch....that's no fun. I wonder how much was paid in legal fees for nothing to happen. Over 13 years, that's sure to be a lot.
This sig is neither interesting, nor humorous. Including meta-humor.
The terrible thing about character assassination is that the event never had to happen. All you have to do is start a rumor about travel expenses and the victim is as good as blacklisted at big dumb companies where lip service is given to leadership but obedience and conformity are valued above all else.
Friends don't help friends install M$ junk.
Except that it did.
And all the effects can never be erased.
For example any "lists" he's been added to over the last 13 years will not be updated to reflect his new 'never was a criminal' status. Be it terrorist watch lists, no fly lists, FBI persons of interest list, or whatever else, not to mention his prints will remain in the system, etc, etc.
The former CEO of aforementioned computer company actually wrote a business book with the word "paranoid" in its title. A bad match for top shelf Perl hackers, who are some of the quickest, wittiest, and down-to-earth people in our business.
Congratulations Mr. Schwartz.
...did he get his $68,000 back from Intel?
The best way to pass out embarassing information is anonymously. Burn some CD's with the info and leave them around randomly, in places untraceable to you.
Don't touch the CD's with your fingers.
Destroy the CD burner when you're done.
Buy the CD burner secondhand at a garage sale. Pay cash.
Steal the CDs from a college student.
Don't leave the CD in a place where there's a camera.
What else. Help me out here.
Rely on someone else to find the data and spread it around. No need to get yourself into trouble. Have some Common Sense. Do you know what I am speaking of?
Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
In other news:
Paleotechnologist and connoisseur of pretty shiny things.
and Randall still can't get a clearance without being upfront about it.
... Good on ya, Randall!
Basically it means he can tell a police officer he's never been arrested and doesn't need to disclose it on a non-clearance employment application or any "low grade" background check like rentin an apartment.
With that out of the way, Randal has helped me out on comp.lang.perl (right before it went moderated) so
In the future, I would want to not be isolated from my friends in the Space Station.
Expungement is the sealing of a criminal record so it is not publicly available. The consequence might be that you can deny you have a criminal record, but it is quite different from a pardon, which is forgiveness of a crime and the penalty associated with it.
don't cut it off www.mgmbill.org
The independent contractor shall...
The in-house employee shall...
May not seem a good use of time, unless you consider the value of staying out of the criminal legal system.
Luke, help me take this mask off
A. The Federal Bureau of Investigation, and
B. The Oregon State Police, and
C. The Oregon State Corrections Division, and
D. The Arresting Agency, Portland Police Bureau. So the FBI can't use it against him. The PDF file is a copy of the expungement order from the court.
This charming example of Perl programming appeared in the first two editions of Schwartz's book "Learning Perl", published by O'Reilly. It serves as an introduction to Mr. Schwartz as well. I kinda wished they'd left it as an appendix to the book, which is now in its fourth edition.
Whatever happened to Chip Salzenberg? He seems to have pretty much vanished since mid-2006.
Done with slashdot, done with nerds, getting a life.
#!/usr/local/bin/perl -w
no strict; local $laws;
join qw(we wish Randal well);
__END__
Zen tips: Pay attention. Don't take it personally. Believe nothing.
The slashdot crowd has a short memory.. This is not a simple issue of "embarassing the management", as the summary states. In fact, in all the original writeups, I don't remember ever hearing executive passwords being an issue. The issues were egregious violations of corporate security policy, and basic logic:
- His position at Intel was not involved in security, intrusion detection, or other areas that might actually call for "white hat hacking" as part of the job function. He was a contractor, not an Intel employee, which I'm sure made Intel even more concerned about his security violations.
- He had installed backdoors on Intel machines, which allowed him to access the Intel network from outside the company.
- He took passwd files and ran cracking tools against them to break other users passwords.
- Not only was he cracking password files from Intel organizations, he was using Intel systems to crack password files from other companies, including O'Reilly and Associates.
See this writeup for information from the person involved in shutting him down.
Whether this was "white hat" hacking could be debated. In any case, it was fucking stupid. Bypassing network security for an inbound back door?!? Cracking password files from other companies on Intel computers?!? These are just stupid moves, which anyone should expect to get fired for doing.
That's great. Coincidentally enough, I just became aware of Randall Schwartz the other day when I listened to the FLOSS Weekly podcast where they interviewed him. It was a good listen (as always) - he talks about this case if anyone's interested.
A lot of the time, agencies (and even the courts) don't follow expunge orders. They conviniently "forget", so you have to hire a lawyer to follow up and make sure the court order was actually followed.
Everything I need to know I learned by killing smart people and eating their brains.
SCO is being drained to death by the unfair legal assault by IBM. I hope that SCO wins $2-3 billions in the end. They certainly deserve it.
Intel demands procedural thinking and operates with a Borg-like group think. I believe this is due to the extremely vertical nature of management and the existence of powerpoint and netmeeting. Employees that "march to a different drummer" are shown the door. Randal did not follow the rules and was beaten down as an example.
and Randall still can't get a clearance without being upfront about it.
As someone who has gone through a security background check, worked at Intel and read the decision of the appeals court: I would be fairly surprised if Randal was able to get a security clearance even even if no conviction had occurred. The undisputed portions of the case suggest that Randal lacked an ethical barrier between him and either his curiosity about things for which he did not have access or his desire to gain respect by demonstrating his skill. This was 13 years ago maybe he has changed, I don't know.
Whether his intentions at the time were noble or not: he logged onto a system for which he knew his account should have been deleted; he ran a gate program on the system (after previously being told to stop running a gate on other systems); he cracked one of the passwords to someone with higher access on the system; he then logged on to the system using the cracked user's account; he transferred the password file to another machine; he ran crack on this other machine; he turned up 35 weak passwords; he said nothing; he left for a while to teach a class; he came back; he still said nothing; he re-ran crack on another faster machine (this is apparently what eventually got him caught).
Randal claims he did all this to re-gain respect at Intel's supercomputer division. I have no reason to doubt this is honest. The fact that he so freely gave so much information to the police suggests to me that he was trying to convey that he had no intention of harming Intel's business. However it is very, very bad judgment. Now if you were the agent assigned to his security background check, looking to see if his character demonstrates a likelihood of compromising sensitive information, even unintentionally, what would you think?
Education is a better safeguard of liberty than a standing army.
Edward Everett (1794 - 1865)
A good follow-up would be to read John M Barrie's The Great Influenza to find out how 1984 was in part inspired by the US under the administration of Woodrow Wilson.
A Shadeless room is a brighter room.
have you rehabilitated yourself?
parturiunt montes, nascetur ridiculus mus
I was once working as an engineer at a secure facility, where one of my friends explained to me that he had never actually planned on working there. He figured he'd let them pay them while the background check was in progress, but never expected to actually be cleared (the interview with the Feds went something like Q: "So what about all these hits of acid they found in your refrigerator?", A: "Well, they were there.")
But they did indeed give him a clearence, I would infer because they concluded he wasn't vulnerable to blackmail on the point, and so on.
And I have to say that the opinion of "someone who has gone through a security check" isn't terribly authoritative, unless you were turned down for having a similar background to Randal's.
Yeah, so a copy of the order was issued. Then what? They're all going to meticulously remove their records on him. Hardly, this will just get added to those records. So, yeah, when they pull up his file which will still exist, they'll see his past, and the fact that they won't be allowed to use it.
Sort of like instructing a jury to disregard testimony. They might be able to try, and I'm sure they do their level best, but its never really gone.
I think at least he'd be in jail and therefore an "un-person" so far as publicising his plight.
He'd definitely not have written his book or any of his articles. Apart from his personal plight, Perl (and therefore the internet) would be greatly lessened.
We should all thank him for his work and reflect on what might have been
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
At a sufficiently high level, a security check is not something you 'fail' or 'pass' - it's simply a risk assessment that clarifies to those that are planning to use your services which areas of risk they need to manage. It's not a tick box process that HR does over lunch - it takes months of investigative work. There is a simple way to get through that: do. not. lie.
Insert
Are your machines Opteron or Xeon?
From the article:
I don't have my gun possession rights restored yet, but apparently that's
merely a formality with the BATF, and I'll be taking care of that soon.
(sarcasm on)
Well Thank God because it's a miracle that you survived these past 13 years without a gun. Certainly this is the most important part of getting your name cleared.
(sarcasm off)
Dear Upper Management:
Would you please give me written permission to read slashdot during my breaks, so that I can better understand the current issues with computer security and unauthorized use of company computers. And would you mind signing that with a blue pen and giving me the original and you can keep the photocopy.
Thank You.
I look forward to following it. Then again, anyone would have to be insane to hier you wouldn't they?
In many countries to this day once you are in the legal system you are trapped forever.
The US legal system is one of the best in the world. remember, it's not some all knowing God sitting on a throne, it's a system with people. Yeah, it's not perfect, it's just better then anything else.
The Kruger Dunning explains most post on
Just one of my many learning experiences. How many have you had? {grin}
From their comments, a lot of people think that expungement is vindication. It's not.
After a certain time passes many crimes can be expunged if you apply to do so. Requirements and eligibility vary from state to state, but essentially you're saying, "I've been a good boy, so let me out of the corner." It's not the court saying you weren't guilty. It's the court saying they won't hold it against you any more.
What expungement is:
The removal of a discipline from a person's disciplinary record so that it is as though the discipline was never imposed. Link.
An order of the Court to seal the record of certain convictions if statutory criteria are met. The defendant must initiate the process by filing a petition through the Probation department. Link.
Official and formal erasure of a record or partial contents of a record. Link.
What a pardon is:
Action by an official of an executive branch of government relieving a criminal from a conviction. Link.
So yes, it's different from a pardon, but it's not just sealing the record, it's official forgiveness.
I'm glad that my co-workers and my management saw now to prosecute me. I did get called on the carpet once and had to explain that I had just finished Cliff Stohl's excellent book "The Cukoo's Egg". The last chapter points out that the biggest weakness in computer security is the user. I was able to "crack" 20% of the unix passwords (including root). I pointed out the weak root password to the admin for that subnet and he just shrugged it off. He knew that I was an admin for a different network and was a trustworthy individual. He completely missed my point; If I could crack it, then anybody else with the proper tools and know-how could do the same.
Anyway, if things had gone differently I may have been in the same position as this poor soul.
JSL
I'm unaware of any accusations of sexism against Randal Schwartz. Perhaps you could enlighten me? Or did you just get on a roll with the adjectives and not want to stop?
Laws do not persuade just because they threaten. --Seneca
>So the FBI can't use it against him.
"can't" != "won't".
Nostalgia's not what it used to be.
No examples of Schwartzian transform? I'm disappointed in you all.
I still have mine from my previous position (they're a DoD contractor)... the SSBI only goes back 7-10 years, depending on the level of clearance you're after (e.g. a civil IT-3 rating only requires a light background check, IT-2 was something like 5-7 years back, and IT-1 was 10 years back). That said, IIRC I remember the SF-86 asking if you had ever had a felony or other conviction that wasn't, say, something little like a traffic ticket. If his conviction was expunged, I believe he can put that in there too... but he'd better be damned ready and able to explain it. Wouldn't kill his chances outright, but it would certainly make things damned tough. Big fat disclaimer: I'm keeping way the hell away from voicing any opinions as to the wisdom (or any lack thereof) of what the guy did, Intel's reactions to it, and suchmuch. Cheers, /P
Quo usque tandem abutere, Nimbus, patientia nostra?
And I have to say that the opinion of "someone who has gone through a security check" isn't terribly authoritative, unless you were turned down for having a similar background to Randal's.
Or unless I read through the appeals proceedings of those who were denied and appealed the decision. They mask the names of people and companies involved and make that material freely available. But you didn't check that, did you? I have a pretty good idea of what disqualifies you. If they didn't give a clearance to anybody who has done drugs, we'd have barely any Ph.D.'s with a clearance. As long as it wasn't recent use, they don't care as long as you don't lie about it.
Education is a better safeguard of liberty than a standing army.
Edward Everett (1794 - 1865)
IMHO, Intel should admit they made a mistake and pay him for his legal fees. Ever since I heard about this case, I have always steered any purchasing I could toward AMD simply because of the case. If enough people did that, and told Intel about it, maybe they would do the honorable thing. Or at least make a donation in the same amount to the perl foundation or whatever.
:)
blogosphere: go
Liberty uber alles.
My only hope is that all commercial airline pilots have already done their obligatory gear-up landings while still flying small GA aircraft...
I'd really not like to experience the thrill of being a passenger on a 747 during a gear-up landing.
"Alcohol, Tobacco, Firearms, and Explosives" should be a convenience store, not a government agency.
I don't think so. Anyone who isn't at making least six figures or in possession of world-class charisma, has a better chance of making it to Tijuana on an airplane wearing an "I have a bomb" t-shirt.
For security clearance, they pretty much want to see if you are vulnerable to blackmail, dishonest, willing to take a bribe, etc.
So you see some weird things: a current drug addiction might be a problem, whereas a previous illegal drug use would not be. Having an affair with the neighbor's dog might be a problem, but not if your wife/priest/minister/rabbi already know about it and don't care. A felony conviction for money laundering, misuse of company resources, corporate espionage, etc., might be a problem while a felony rape conviction might not. If you lie to your interviewer, you are definitely denied.
Secret clearance is basically a credit and criminal background check. Pretty hard to get denied. Once you get into the higher levels, that's when they start interviewing the neighbor's dog.
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
Look, I was sympathetic toward you until I read that last comment. What you did was wrong and it was certainly not part of your official duties. Obviously the punishment meted out was excessive in proportion to the "crime", but please do not try to claim that you were somehow fscked while doing the job Intel hired you to do.
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
I know someone who was a passenger in a commercial airliner where the captain came on and said, "well, the control tower looked at the landing gear twice and assures me that they're down, but the indicator says they're not, so we're asking everyone to assume crash positions for landing."
The plane landed fine.
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock