Slashdot Mirror
One for the Kids
Reprinted with permission.
CyberWire Dispatch // copyright © October 8, 1999 // All rights reserved
Jacking in from the "Mr. Rodgers" port:
By Lewis Z. Koch
CWD Special Correspondent
The Department of Justice has either lost its collective mind, lost all sense of its own history or is just too damned busy trying to figure out who really gave the order to waste a couple dozen kids in the Waco debacle.
The DOJ has produced a "Hacking Story" kids web page and on it they have a cartoon woman holding "the scales of justice" - only she's not blindfolded.
The page also has a bewigged judge, peering over his glasses, looking stern, squinting down approvingly as perhaps the thumb screws are tightened on another hapless hacker who has fallen into the clutches of a Justice Department searching for another "teachable moment."
Now -- and I am not making this up - there is an "Internet Do's and Don'ts" on this kids page subtitled "Think about it."
Think about this: your tax dollars paid for this.
The "Think About It" section starts off, "People who break into computers ('hackers') destroy property and records and invade privacy. What's privacy worth to you?"
That's a very good question boys and girls. To understand it, how about a bit of a history lesson first.
Perhaps we should we ask what privacy is worth of the family of Dr. Martin Luther King Jr. whose privacy the FBI invaded for years, bugging his bedrooms and his phone conversations. What was Dr. King's privacy worth? Or the other people whose privacy was invaded as they interacted with Dr. King?
Or are there two standards of privacy, boys and girls - one for the government rule-breakers and one for hacker rule-breakers?
This is called a "double standard" boys and girls. Can we spell "hypocritical?" Perhaps we should do an Internet search with the key words "black bag jobs" and "FBI." (And for extra credit, try "Iran-Contra.")
The page goes on to ask, "What information about you (or your parents) do you think is private: medical information?..."
Good question. But perhaps an even better one to ask, boys and girls, is why is all that medical data available in the first place? Why isn't it encrypted? You know, in code, so no one can read it? We'll come back to that, later.
It might be that the insurance companies want the data to be open, so they can easily read it as it goes from Internet site to Internet site, medical data traveling across the Internet, just as carefree as can be. The insurance companies want to make it easy for themselves, so they can keep track of all the medical records.
Precautions to keep it out of the hands of, say, the FBI or private detectives, or people who can monitor all those records speeding about the Net would cost money, and insurance companies need lots of money, so they can give part of it to politicians. The insurance companies like to share and we all know sharing is a good thing, isn't it, boys and girls?
Yes, Jenny, you have a question? What, Aetna doesn't share with you? Shame on them. Maybe you should run for Congress. Yes, you'll get extra credit.
Maybe the DOJ should put up a web page for insurance companies, asking them all kinds of fun questions. Inquiring little minds want to know.
The DOJ kids page would have children worry about hackers knowing what grade you got in English or Math or how much money you have and how much money you owe and your letters to a friend and a boyfriend or girlfriend. Are those good questions boys and girls?
Well, on the one hand, most fifth graders, frankly, don't give a shit (oops, sorry about that boys and girls) -- aren't all that concerned about grades or how much freaking money an eleven year old is making. And as to the money they owe... please, let's not get carried away boys and girls.
The DOJ kids page goes on like some blithering 3rd grade teacher in Kansas set to make a fulsome argument for creationism, "When you write something, how important is it to be able to find it again...How important is it that data in computers not be altered...[like] grades?..."
Maybe next week, boys and girls, we can all sit down and write a Freedom of Information request and find out how many people worked the wonderful prose on the kids page. And then we can total up how much they make a year in our special math class! I'll bet it goes way, way, way over $100,000. You think that is a lot of money, don't you? Do you know the expression "chump change" boys and girls?
Time to write another letter, boys and girls. This one goes to the Secretary of Commerce William M. Daley. You know him from your fun history books, the son of Richard J. Daley, who had his Red Squad break into peoples' homes, bug their bedrooms and offices phones looking for information for decades until a Federal Judge had to tell them to stop.
Mayor Daley wanted to know all about people who disagreed with him. And that's the same Richard J. Daley whose handpicked State's Attorney's police murdered two Black Panther members while they slept in their beds.
Well, Richard J's son, William M., is the man who, along with lots and lots of FBI agents and CIA agents and NSA agents, has been fighting for weak encryption rather than strong encryption. Strong encryption, boys and girls, prevents people from reading your personal correspondence or records. Now the Department of Justice wants to bug your computers to prevent you from utilizing strong encryption the way it is supposed to work. Weak encryption makes it so much easier to read your grades.
Let's have a show of hands. Who wants the government to know everything about us and for us to not know anything about the government? Anyone? Anyone? Later, let's all look up "data mining" on the Internet. We can probably find out lots of cool things about your parents that they don't want you to know.
Now let's talk about the best part of the "Think About it" page:
"Some hackers think that if they 'don't alter anything' or 'don't mean to alter anything' they haven't done any harm. But they are stealing telephone and computer time. They also crash systems so they won't work. How do we use information systems today? What would happen if systems like the air traffic control system or the 911 system suddenly stopped working?"
Now, let's be real good students, boys and girls. What's real strange about those ideas? Remember when we learned that word "stereotype?" It's bad to stereotype, isn't it boys and girls? Rachel or Brian, can you tell me what the stereotype is here? Riiiiighht. Good. Both of you! You want to know who, exactly, are those "some hackers" the page refers to. Do they have names? The kids page seems to be telling us that all hackers are bad.
Well, one group of hackers calls themselves L0pht. And they have cool names like Silicosis, Brian Oblivion, John Tan, Dr. Mudge, Kingpin, Space Rogue, Weld Pond and Dildog. Some of them also belong to a hacker group called "Cult of the Dead Cow." Isn't that a great name to scare a U.S. Attorney! Almost makes you want to be a hacker, doesn't it?
You get to testify before the United States Senate and describe how thoughtless the United States government is when it tries to hide software vulnerabilities. You know what? United States Senators were so impressed they even autographed their own pictures for them! Isn't that cool? Tomorrow we'll look up the words "duplicity" and "stupidity."
So I guess the lesson is "some hackers" can be good hackers, unless the DOJ kids page authors or the DOJ itself wants to challenge the United States Senate. What do you think? Maybe MTV would even do a celebrity death match segment DOJ v. the Senate.
How about those last ideas boys and girls, about systems crashing? Why is it some people have become centa-billionaires or just plain billionaires by making computer software full of flaws and mistakes and bugs, causing the programs to crash all by themselves or to be crashed by some silly 16-year-old script kiddie? Are these very rich men ever asked why a multitude of software users is made to endure their bug-ridden products?
No, Rebecca, no need to answer, that was what we call a "rhetorical" question.
What do you think your parents would do to General Motors or Ford if their car or truck totally self destructed by itself or fell apart at the slightest fender bump?
Yes, Brian? Oh, I see, well I am sorry about your father's Yugo...
You know the concept of "bankruptcy?" Don't you think it's only fair, boys and girls, that the software billionaires should shoulder some of the responsibility for the flaws in their product rather than putting the blame on the heads of "some hackers?" Maybe the Justice lady should put her blindfold back on and administer justice without fear or favor. What do you think, children?
Tomorrow's assignment, boys and girls, is to read the latest issue of Phrack, write a synflood script and wear your "Free Kevin Mitnick" T-shirts at assembly.
Yes, Brian? Of course you get extra credit for your creative use of "Back Orifice," but tomorrow, please restore the school's network to its rightful owner. Thank you. Class dismissed.
[To subscribe to CWD, send a message to:
Majordomo@vorlon.mit.edu
In the first line of the message put:
Subscribe CWD]
What I'm listening to now on Pandora...
IMHO, if the Justice Department wants to start looking into computer crime, how about looking into how a *lot* of computer companies (and by no means do I just mean MS, although they are one of the major perps) put out buggy software and then sell the security or software patches?
So, you either have to buy the "upgrade" or face having your data deleted or corrupted by a hacker or by a bad bit of code. In the tone of the article, "Can we say 'Blackmail'? I knew we could." Wasting time and resources on crackers is such BS -- maybe one in ten thousand ever get caught or in trouble, and meanwhile these crooked computer software companies are costing the economy billions in wasted money.
Put a few CEOs in prison and let 'em rot for a few years without a trial. I'm sure that meets with the DOJ's blind-justice-for-all philosophy.
----
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
Why not make an equivlent site for the DOJ, Senate and various other Government authorities?
:) and that is what i call good use of taxpayer money!
"Lawmaking: do's and don'ts:"
1. Do not make stupid cryptography laws.
2. Do not waste taxpayer's money on stupid sites.
3. Do not feed our childern with bullshit.
4. Above all, try not to be hypocrite.
or,
"Are you a good Legislator?"
1. "my friend D. from the FBI and I wanted to bug people, but it cost a lot of money. then joey found out he can use taxpayer money to do this FOR FREE! but i've heard wasting taxpayers money is bad"
2. "my friend Z from the NSA brags that he can boycott every piece of high-cryptography software from being exported outside of the US. and then, he can toy around with people's basic rights with total disregard to the constitution. he wants me to help him by cancelling the constitution altogether".
or, how about "Stupid laws hurt Senators, making it harder for them to get re-elected"?
The possibilities are limitless
Cracking is a crime. I won't suggest it ought to be a crime. I won't say I'm happy it's a crime. But it is a crime. AKA illegal, breakin de law, no-no, stoppit.
While cracking is a crime, it is perfectly appropriate for the DOJ to enforce laws against it. One of the most effective measures against criminal activity is preventive education. AKA propaganda, ministry of truth, marketing, flak.
The activities described on the cited page are illegal. The people most commonly engaged in them are young. The DOJ is using the bully pulpit in a means that is just as effective and admirable as the "Just say No" campaign of the 80's. I don't agree with anti-drug laws, and I don't agree with some anti-cracking laws, but I have complete respect for the men and women who must enforce those laws, regardless of their wisdom.
-konstant
-konstant
Yes! We are all individuals! I'm not!
Just because some members of the Government style themselves above the law does NOT mean that it's Open Season on the world's data resources.
Encryption - that's a sounder argument. Prevention of abuse is, IMHO, superior to an eye-for-an-eye attitude. Strong Encryption is the equivalent of handing out portable force-field generators to everyone. If you can set, and enforce, your own boundaries, you don't need to break other people's, out of fear, vengence, or spite.
Yes, I agree that the web page being ripped to shreds is a paranoid rag that demeans it's audience and discredits children's intelligence. On the other hand, most of the counter-arguments fall in the same category. Doing the exact opposite can sometimes be really doing the same.
IMHO, cracking won't be a problem, once IPv6 is FULLY implemented (with flow control labels!) over the Internet, along with a strong flavour of IPSEC and QOS algorithms such as RED, CBQ and ECN, and Windows is replaced with fortified Linux or fortified flavors of BSD (such as OpenBSD).
How so? IPSEC prevents attackers knowing what data is important and what isn't. Sniffing passwords or data becomes impossible. (Funny how the article didn't mention this. If you only encrypt the important stuff, then everyone knows where the important stuff is.)
IPSEC also makes port scanning more complex, for private sites. Simply have the stack reject packets from a source not on a list of known OK sites.
Then there's IPv6, with flow control and packet prioritisation, and all those lovely QOS algorithms. DOS attacks, say by SYN flooding, become impossible. The priority of the packets would drop, and the packets discarded, by the network itself. If the culprit failed to respond to an ECN request to turn the noise down, the net would be capable of automatically locking out the offender.
A fortified OS, such as Linux with the International patches and the various security patches that are floating around, provides you with a solid fortress. Breaking past the prior barriers would be hard enough, but defeating a strong OS, with secure applications, would be next to impossible.
If you want to put crackers out of business, don't invest in slings and arrows. A hilltop fortress, equipt with a Romulin cloaking device, a battery of sensors and early-warning devices, granite walls fifty feet thick and a hundred feet high, with interlocking blocks, and titanium gates, will serve you much better. What's more, the fort turns out to be cheaper.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Can someone please explain the American obsession with privacy? I cannot recall any enlightenment thinkers who explicit mention privacy as a natural right of man. It would seem to me that privacy cannot be a natural right of man. If all my actions were private then the contract I have with society (i.e. Locke's social contract) would be unenforcible. If society cannot determine that I have committed a crime because it violates my right to privacy then how can any crime be punished?
It seems that privacy is not a natural right. Locke didn't mention it and, consequently, Jefferson didn't mention it.
If privacy is not a natural right, then privacy is a priviledge granted by the society only when appropriate. As such, one does not have the right to absolute privacy.
However, just because absolute privacy is not a natural right doesn't mean that privacy is not a good thing.
Therefore, making an argument with the assumption that the right to absolute privacy is guaranteed is incorrect.
Andrej
Share bicycle touring info worldwide: http://wheretocycle.com
Did anyone read the rest of the Internet Dos and Don'ts page? Did the "reviewer?"
That article abosolutely reams one lousy page and one lousy "Don't" on another page and then implies that it's okay to copy materials including term papers.
As a parent of two future "netizens" (god, how I hate that word), I saw the DOJ's page a little differently.
Oh yeah, it's as hokey as hell and my kids will probably never see it. But what about the warning not to talk to strangers on the internet? What about alerting an adult if you get a suspicious email? Those aren't good ideas? Does the "reviewer" have kids? Is the "reviewer" old enough to have kids?
There also happens to be information on how to surf, how to use the internet as a library and what kinds of cautionary procedures a child needs to know. Setting my children loose on the internet is like setting them loose on the streets with a bike. I can't and don't want certain things regulated -- like I wouldn't want it regulated that large trucks are not allowed on *any* street at *any* time. That would seriously impair deliveries and commerce -- not to mention my paycheck -- relies on such things as deliveries. Heck, I work across the highway from a GM plant that is my city's largest employer. So "yay big trucks!" But you can be damn sure I'm going to tell my children to be cautious where they ride their bikes -- watch out for big trucks or stay off of major streets until you're more certain.
Same with the 'net.
I'm not saying we need to regulate the hell out of privacy and computing and the net and all the things the under-25 crowd thinks will seriously impair their abilities to get ahead. But I am going to arm my kids with common sense and even, gasp, techo-ethics.
And all the DOJ is doing is being an advisor. MacGruff the internet crime dog or something. I don't know how useful that page really is, but I don't think it's *harmful.* Geeze. It's up to me as a parent to be there for my kids anyway.
And somehow, in the apparently childless (not to mention child-like) "reviewer's" mind, this ends up being a highly-charged political issue about privacy and your rights on-line.
As in my previous post, all I can say is:
"Huh?"
Consigned to flames of woe.
--
Deja Moo: The feeling that
Time is Nature's way of keeping everything from happening at once... the bitch.
...is good for the gander.
Is breaking into my computer bad or not?
Is breaking into my computer illegal or not?
Whether those things are bad or not isn't really the point. The point is that if it's bad for you or me or "evil hackers" to do, then it's also bad for our democratically-elected government to do. If it's illegal for one, it's illegal for the other. Or should be. The fact that it isn't - that there are separate rules in play for governments and wealthy corporate interests - is what this article is illuminating. And it needs to be illuminated. The DOJ is doing its best to keep that information from becoming widely known.
Should children be encouraged to respect my privacy, my property and the law, or not?
That one's easy - of course they should. As should the government. The latter has a less-than-stellar record in that department tho'. The law should be respected, at least in as far as the law is fair and just, and fairly and justly enforced. Where the law is unfair and unjust, it deserves no respect, from children or anyone else.
"how about looking into how a *lot* of computer companies [...] put out buggy software and then sell the security or software patches?"
If I could be sued for every bug in every program I have written [...]
Ah. This is what we call a straw-man argument. The statement centered around the buggy software and selling the fixes. Your response focuses on an imagined scenario where you get sued for every bug. The original author never introduced such a scenario, of course, but that does not seem to trouble you.
The likely scenario to develop from a re-evaluation of such extortion tactics is that software firms would have to start shipping updates to their users (or making them readily available) without being able to make more money from the sale of these "fixes".
What you have now is more like a protection racket where MS can demand that you pay 100s of dollars to upgrade to a new version of their software because, of course, they're not going to continue supporting Word 97. Hell, that's two years old! Same deal with just about all software nowadays.
Open Source may eventually end up addressing this, we'll see. What I would expect to happen is to see lots of little project forks, not to go off an support different functionality, but to support old versions with their existing functionality. For example, some people just can't upgrade to perl 5 (yes, perl 4 was last touched years and years ago, but how long do you expect to have your car?)
Someone could take over bug-fixing of the old perl 4 source, starting their own project to do so.
Same with Linux 2.0. Or Red Hat 4.2!
This could become a booming business, but not one that most companies would want to burden themselves with.
I say keep software free and clear. Don't introduce parasitic lawyers into what is, despite griping from people like yourself, very nearly a perfect industry.
Wow. So, you think that the problems with crypto, privacy, predatory market practices (for which MS is not the world's worst offender, but tries quite hard) and so on, are right in line with what we should expect and accept? Or, do you consider these to be part of the "very nearly" in "very nearly perfect"? In that case, what would be "bad"?
I really don't think that you and I are in the same industry.
I completely agree.
I think criticial thinking is something that's not emphasized nearly enough (if at all) in the US education system today.
Whether it's laws or science, we need to teach kids more about free speech and the scientific method.
What do we do instead? Teach them what's good and what's bad.. and what the "correct" answer on a science exam is. Why do we do this? My guess is that it's because it's far easier to tell a kid things in clear black and white so they don't talk back to you. Adults don't want kids talking back to them.
Imagine a kid challenging your commands or telling the science teacher that he thinks his exam was graded incorrectly.
In the long run, these kids grow up to be credulous and apathetic as adults.
One complaint I have with the article (no, not the overall point; I largely agree with that) is the way it seems to link unrelated or superficially-related events as if there were a kind of cause-and-effect relationship between them. Yeah, sure, Richard Daley did dishonorable, even illegal things. But that has no bearing on whether the things his son William M. are dishonorable or illegal. It sounds to me like William M. Daley is indeed doing dishonorable, possibly illegal things. They'd be dishonorable and possibly illegal even if daddy had been a saint. So why bring up "the sins of the father?" It only makes an otherwise good argument look bad.
Of ourse this is true, no one argues with this, usually. My problem with the government, having committed more crimes than I can ever imagine, has NO CREDABILITY.
Our leaders in this country should be the most moral and intelligent people in the country, and the most commited to improving the lives of the average population. But no, they're commited to the most childlike philosophy of all...money. Token concern for the poor and the environment, education, the list goes on.
"Mommy, I want some candy right now or I'm gunna kick and scream!" So EXCUSE ME if I have no respect for the government who isn't much more mature than a child.
Don't get me wrong, there are some great things about this country. We have more freedom than people in most countries. What most people don't realize, is that this is because of the common man DEMANDING our basic rights as laid out in the constitution. Those in power never made a difference for social justice compared to the average citizens who tried to make a difference. Our government tries to make a stable society, but stable for who? The elite.
When slavery ended, it wasn't because Abraham Lincoln wanted it to, it was because people wrote anti-slavery papers/newsletters, educated the poulation, and DEMANDED it.
We don't have 40 hour work weeks and safe work conditions because rich company owners wanted it, it's because people unionized in the early 1900's and DEMANDED it.
When women were finally allowed to vote, it wasn't bacause the men in power wanted to share that power, it's because average women organized and DEMANDED it.
When civil rights bills were passed, it wasn't because Kennedy/LBJ/other presidents wanted it, it's because the civil rights movement DEMANDED it.
Many people who have been forgotten by history died for these causes, these are the people I have respect for, not the power elite.
So when the department of justice spouts off to kids about not causing trouble, this is what I think. When the government uses technology to subvert and control the population, I won't apologize for having no respect for them. Their track record gives them no moral authority to tell me whats right and wrong. No one has that authority because no is perfect. The government's track record just gives them a whole lot less that everyone else.