Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
FileGate - Cyberterrorist Republicans or Careless Dem Sysadmins?

By imrdkl in News
Sun Jan 25, 2004 at 06:54:15 AM EST
Tags: Security (all tags)
Security

A junior staff member of Senator Orrin Hatch (R-Utah) was recently put on leave for improperly accessing Democratic memos from a shared Senate fileserver. In a statement on the matter, Sen. Hatch said, "I am mortified that this improper, unethical and simply unacceptable breach of confidential files may have occurred on my watch." A Republican staff member who read the memos claims, however, that there was "no hacking, no stealing, and no violation of any Senate rule".

It seems clear that the Democrat's IT services in the US Senate need to be more methodical about protecting their party's documents. Nevertheless, modern computer security laws say that it's wrong to access data to which you have no permission, regardless of whether there is protection on the data or not. The fact that the data was accessed from an unsecured shared fileserver which is used by members of the bi-partisan judiciary committee is irrelevant.


The culprit in this case is said to be an unnamed junior Senate aide who used the fact that the permissions on the Democrat's shares were a little loose to grab copies of various reports and memos which were not intended for his perusal. The news reports state that the files were confidential - although it's unclear whether they were marked as such. Neither were the documents encrypted or protected individually, not even via the simple built-in mechanisms available in most word-processing and e-mail software.

Liberal blogs and pundits around the web are making a pretty big deal of this incident, with some even saying that the Republicans' access and subsequent use of the Democrats' memos was nothing less than a violation of the Patriot Act's cyberterrorism clauses. They further claim that these acts of illegitimate access have been going on for over a year - a systematic violation.

Manual Miranda is the chief judicial nominee adviser in the Senate majority leader's office, and a primary recipient of the e-mail messages and memos which were accessed. Miranda described the junior staff aide who actually took the data as someone who had a great deal of time on his hands, and claimed that the memos were of little value. Miranda said,

"There appears to have been no hacking, no stealing, and no violation of any Senate rule. . . Stealing assumes a property right and there is no property right to a government document. . . . These documents are not covered under the Senate disclosure rule because they are not official business and, to the extent they were disclosed, they were disclosed inadvertently by negligent [Democratic] staff."
Whether the memos are deemed official business may be the central issue in the eventual case and punishment of those who got access to them, because the contents of at least some of them were leaked to the press. Several memos concerning the Democrat's policies regarding judicial appointments were leaked to, and later reported by Robert Novak, a conservative columnist. Novak is also at the center of another investigation, involving who the leaked identity of a undercover CIA agent whose husband argued against the Iraq war. That investigation led to the convening of a grand jury just yesterday. The Wall Street Journal and the Washington Times also allegedly received copies of the Democratic memos.

In any case, the investigation this latest Republican hot potato is being conducted by the Senate Sergeant-at-Arms William Pickle and is nearing it's end, with a report due to the Judiciary Committee soon.

See also:

  • New York Times
  • Boston Globe
  • Knox News
  • Fox News
  • Hill News
  • Sponsors

    Voxel dot net
    o Managed Hosting
    o VoxCAST Content Delivery
    o Raw Infrastructure

    Login

    Poll
    Who's to Blame?
    o Systems Administrators for the Democrats 28%
    o Junior Republican staff members with too much time on their hands 9%
    o Underhanded, immoral Republican Senators 23%
    o Careless, naive Democratic Senators 3%
    o GWB 13%
    o Rusty 17%
    o Other 3%

    Votes: 126
    Results | Other Polls

    Related Links
    o recently put on leave
    o convening of a grand jury
    o William Pickle
    o nearing it's end
    o New York Times
    o Boston Globe
    o Knox News
    o Fox News
    o Hill News
    o Also by imrdkl


    Display: Sort:
    FileGate - Cyberterrorist Republicans or Careless Dem Sysadmins? | 166 comments (137 topical, 29 editorial, 3 hidden)
    This is as unethical as Watergate. (2.83 / 18) (#10)
    by waxmop on Fri Jan 23, 2004 at 10:53:47 AM EST

    This section from the Boston Globe article made me take this seriously:
    Republican staff members of the US Senate Judiciary Commitee infiltrated opposition computer files for a year, monitoring secret strategy memos and periodically passing on copies to the media, Senate officials told The Globe.

    From the spring of 2002 until at least April 2003, members of the GOP committee staff exploited a computer glitch that allowed them to access restricted Democratic communications without a password. Trolling through hundreds of memos, they were able to read talking points and accounts of private meetings discussing which judicial nominees Democrats would fight -- and with what tactics.

    This wasn't just a bored staffer goofing around in Windows Explorer and stumbling onto an unprotected folder. Multiple people knew about the unrestricted access and nobody did the honorable thing. Furthermore, they used the access to plan strategy.

    Washington, DC has hordes of very tech-savvy unemployed workers looking for jobs after so many firms in Northern Virginia (MicroStrategy, AOL, Worldcom, etc) imploded. Finding somebody to set up a secure file server would have been trivial.
    --
    We are a monoculture of horsecock. Liar

    Nothing like selective quoting. (2.50 / 10) (#14)
    by porkchop_d_clown on Fri Jan 23, 2004 at 10:58:58 AM EST

    Here's another selective quote:

    "They (the Republicans) said that in the summer of 2002, their computer technician informed his Democratic counterpart of the glitch, but Democrats did nothing to fix the problem."

    Sounds to me like the Republicans did do the honorable thing. Here's another example of "honor":

    "And, at the request of the NAACP, the Democrats delayed any hearings for the Sixth Circuit Court of Appeals until after it heard a landmark affirmative action case -- though a memo noted that staffers "are a little concerned about the propriety of scheduling hearings based on the resolution of a particular case."

    In other words, these leaked memos reveal that the Democrats were tampering with judicial selection at the request of the NAACP, in order to alter the outcome of a case. I'm pretty sure judge tampering isn't "honorable".

    Did you forget to read the entire article?

    --
    "the internet is to the techno-capable disaffected what the United Nations is to marginal states: it offers the illusion of empowerment and c
    [ Parent ]

    huh? (2.90 / 11) (#16)
    by waxmop on Fri Jan 23, 2004 at 11:04:52 AM EST

    I don't understand why it becomes ok to exploit a security flaw after warning about it. Would a burglar be able to use this logic? Have any virus writers succeeded in legally defending themselves with these arguments? Federal employees take an oath when you become a federal employee to behave ethically, and this was clearly unethical.

    Second, arguing that the Democrats behave dishonorably themselves doesn't really matter.
    --
    We are a monoculture of horsecock. Liar
    [ Parent ]

    For a couple of reasons (2.00 / 7) (#18)
    by porkchop_d_clown on Fri Jan 23, 2004 at 11:10:03 AM EST

    First - we have been given no evidence that the Republicans did any of the things that the Democrats accuse them of. They claim the Republicans were secretly exploiting a security flaw, the Republicans claim that they did, in fact, warn them about the flaw. The only evidence presented that Republicans were actually reading their files is that an e-mail related to a leaked document was "hard drive stamped" by a Republican staffer. I don't know about you, but I've never heard of e-mails being "hard drive stamped" before.

    Second - arguing that we should ignore the Democrat's race-bashing and potential violation of judge tampering laws because the Republicans broke a lesser law? I'm sorry, but shouldn't both be equally important?

    --
    "the internet is to the techno-capable disaffected what the United Nations is to marginal states: it offers the illusion of empowerment and c
    [ Parent ]

    Neither point holds water (none / 2) (#69)
    by kmcrober on Sun Jan 25, 2004 at 02:42:03 PM EST

    First - Media sources were given information from these internal documents; that seems to be fairly solid evidence that there was improper access to the files.  

    Moreover, the idea that the Republicans had a hunting license for those documents because they "warned" the Democrats is very strange.  Firstly, it's not clear - "we have been given no evidence that" the Republicans did so, and it's been denied by other parties.  More importantly, it doesn' make any difference.  Legally, warning someone that you're about to pilfer their confidential documents does not - let's be absolutely clear here - does NOT give you carte blanche to steal and distribute those documents.  

    Second, there have been questionable activities on both sides of the confirmation fight.  But the Democrats' scheduling process is netiher race-bashing nor improper judicial tampering; having just gone through the MPRE process, I'm fairly up to date on the ethical standards, and the scheduling doesn't amount to any serious problem.  Should we ignore the potential problems it raises?  Certainly not.  Neither should anyone (A) steal files and lie about it in order to turn a political profit on the issue or (B) make overblown allegation of "race-bashing" or "judge tampering" to distract attention from the real ethical violations at issue.

    It used to be that the Republican rank-and-file could make a fairly legitimate claim to a high standard of ethics.  Iran-Contra and Watergate aside, there was a focus on responsibility and accountability.  Now?  They say a fish rots from the head down; the party has seen how far hypocrisy and outright lies can take them, and the brakes are off.

    [ Parent ]

    wha? (none / 2) (#72)
    by emmons on Sun Jan 25, 2004 at 04:50:39 PM EST

    "Media sources were given information from these internal documents; that seems to be fairly solid evidence that there was improper access to the files."

    What kind of logic is that? They may have been internal documents, but that alone doesn't give them any legal protections. That the press got a hold of them is irrelevant; it determins nothing about their origin, only that they ended up somewhere.

    The files were reportedly on an open file server. Ya know, like your "Shared Documents" folder in XP. Let me repeat: The documents were on an open file share. No password was required, no snooping, no hacking, nothing more grand nor sinister than a network browser. It's akin to posting them to a website that doesn't require a password, but only telling a few people the URL. If other people happen to find the site, does that mean they broke the law in doing so?

    The republicans claim that they were nice and told the democrats about their security problem, but the democrats did nothing to fix it. Whether or not they said it is irrelevant, the files were still on an open file share and the documents still have no legal protections in and of themselves. They're still being posted out in the open. The democrats still decided not to at least password protect them.. how is that then the republicans' fault?

    Let me repeat a very important point in all of this: the documents' confidentiality is not legally protected in and of themselves. They are not classified nor they are not official confidential congressional business. If they were locked in, for instance, a hotel room somewhere and someone broke into the room to take them, that would be of course illegal because of the breaking and entering. If, however, they were found tacked to a message board in a senate hallway somewhere and someone made a copy of them... well, that might have been dumb of the person who posted them there, but that doesn't make it illegal for the other person to copy them.

    No laws where broken in the accessing of the files. Since the documents don't have any other legal protections, no law was broken in distributing them, regardless of who they were distributed to. Was it immoral? Perhaps, but that doesn't make it illegal.

    ---
    In the beginning the universe was created. This has made a lot of people angry and been widely regarded as a bad move.
    -Douglas Adams

    [ Parent ]

    I think it's illegal in addition to immoral (none / 3) (#75)
    by kmcrober on Sun Jan 25, 2004 at 05:46:20 PM EST

    Well, the parent post asserted, "we have been given no evidence that the Republicans did any of the things that the Democrats accuse them of."  The Democrats accuse Republican staffers of accessing confidential documents without permission and leaking them to conservative media outlets.  Conservative media outlets were demonstrably provided with information from confidential congressional documents; I think that's pretty solid evidence that the allegations are at least partially accurate.  There is always an alternative explanation, even with the best evidence; sure, the Democratic staffers could have leaked their own notes to the press.  But it's hard to imagine Democratic congressmen or their staff forking confidential information over to Novak or the Wall Street Journal.

    Let's be very, very clear about your second point - the fact that the Democratic staffers may have negligently failed to secure the documents does not make their seizure and public dissemination by the Republicans kosher.  It would make a difference if we were talking about trade secrets and civil litigation, but not in criminal access violations.  The relevant federal standard, IIRC, is "unauthorized access" - technical barriers such as encryption can be circumstantial evidence of restricted authority to access, but are not required.

    A totally unprotected document can be confidential.  The only valid argument that can be made, and you touch on this, is that the documents were not intended to be restricted access or confidential.  I think that even this is a non-starter - these were internal memorandums concerning political strategy.  They were clearly not meant for public dissemination.  The operatives responsible for pilfering and leaking the documents clearly knew that his actions would be perceived as unethical.  And that's the rub; this casual act of political espionage might escape legal sanction, especially under the auspices of Bill Frist and Orrin Hatch.  This isn't the sort of administration known for holding its friends accountable if there's a large enough escape hatch.

    But these actions were clearly, clearly unethical.  A staffer pilfered internal memos not meant for his eyes, and passed them out to mouthpiece media sources in order to selectively embarass their political enemies.  Whether or not there is a technical criminal violation, there has clearly been a serious ethical breach on the part of the staffers who took the information and the congresspeople who overlooked their malfeasance.  I'm willing to give the media a pass on this one; I'm a fan of open government, and slow to criticize media publicizing internal documents no matter how they were procured.  But this kind of partisan theft blurs the line on acceptable practices even for the eventual recipients of the data.

    [ Parent ]

    na, just unethical. (none / 2) (#91)
    by emmons on Mon Jan 26, 2004 at 03:47:46 AM EST

    "The relevant federal standard, IIRC, is 'unauthorized access' - technical barriers such as encryption can be circumstantial evidence of restricted authority to access, but are not required."

    Well, instead of relying on one's fallible memory, let's review the relevant statutes. Namely, USC 18.I.47.1030, "Fraud and related activity in connection with computers."

    § a(1) would be your closest bet to the "no technical barriers necessary" claim, but it applies only to espionage.

    § a(2)(B) comes close, but the documents weren't from a department or agency of the government; they're party papers. If they were congressional busines, they'd be protected by this one, but then the staffer would probably have access to them anyhow.

    § a(3) doesn't work either. The file share was apparantly not non-public, "computer glitch" or no.

    Reading the statute, it seems the general theme is that government information is illegal to access without explicit authorization, regardless if there's protection. However, non-government stuff is only protected by the law when it's related to financial and other related records, or if there is a protection mechanism in place. Again, these papers are not government business, they are party business.

    A totally unprotected document can be confidential.

    Indeed, but let me repeat an important point: a document's being thought of as confidential does not give it any legal protections. The documents in question, by themselves, are completely legal to distrubte. They are not official senate business, nor are they classified. They are party strategy papers. Hence, the only protection against their being distributed is how well they are physically protected by those who wish to keep them confidential.

    If these documents were dropped in the hallway by a democratic staffer and a republican staffer were to pick them up, go "hmm, this is interesting" and hand it to his friendly news reporter, that would not be illegal at all. It would have been dumb of the democratic staffer, but the republican's actions would be perfectly legal.

    Going one step further, if said democratic staffer were a moron and posted said documents to his senator's website and some republican staffer read them there and said "hmm, this is interesting," printed them off and gave them to his friendly news reporter, that would also not be illegal. It was moronic of the democratic staffer, but again, the republican did nothing wrong.

    Now, if said democratic staffer weren't necessarily a moron, but yet not too bright when it comes to computers, and posted the documents to a public share on a file server, and some republican staffer stumbled upon them there and said "hmm, this is interesting," printed them off, and gave them to his friendly news reporter, that would also not be illegal. It was stupid of the democratic staffer, but again, the republican did nothing wrong.

    In industry there is a legal mechanism called the "trade secret." Basically, if a company makes a good-faith effort to keep sensitive informaiton private, that information is legally protected from distribution by someone who obtains it illegally. If there is no effort made at securing the information, there are no legal protections for the documents.

    Regarding the documents in question here: there was no effort made at securing them, therefore there are no legal protections for them. Does what the republicans did with them look bad? Absolutely, incredibly. Do I like what they did with them? Not at all. Do I like republicans in general? Not usually. Were their actions in this case illegal? Not really.

    One last thing: "A staffer pilfered internal memos not meant for his eyes, and passed them out to mouthpiece media sources in order to selectively embarass their political enemies."

    Welcome to politics.

    ---
    In the beginning the universe was created. This has made a lot of people angry and been widely regarded as a bad move.
    -Douglas Adams

    [ Parent ]

    what i find funny about this entire thread ... (none / 3) (#106)
    by naught on Mon Jan 26, 2004 at 11:24:32 AM EST

    .. is that if the party affiliations were swapped, the arguments would be swapped too.

    yay, partisan discussion!

    --
    "extension of knowledge is the root of all virtue" -- confucius.
    [ Parent ]

    heh (none / 2) (#117)
    by emmons on Mon Jan 26, 2004 at 03:02:49 PM EST

    I can see that, but I'm not a republican. I don't even really like the current administration much. I just see democrats who are completely pissed off at the republicans in general (understandably so), and are trying to make a big deal out of something that really isn't.

    However, if I weren't here making essentially the same arguments I have, some raving lunatic of a republican would be instead- and he'd probably be much less careful about how he argues it. After all, if all you want is a good debate, it doesn't matter how well you present your material; your side will always agree and the other will always disagree.

    ---
    In the beginning the universe was created. This has made a lot of people angry and been widely regarded as a bad move.
    -Douglas Adams

    [ Parent ]

    You're in the right statute, (none / 1) (#136)
    by kmcrober on Tue Jan 27, 2004 at 05:30:42 PM EST

    But as I commented when I pointed to §1030 earlier, I think (a)(2) applies for a variety of reasons (see supra).  The key language there is "intentionally accesses a computer without authorization or exceeds authorized access" in order to gain X, where X is defined by the various subclauses.  Again, supra.  It's arguable, certainly, but I think the theft qualifies in at least a couple of those clauses.

    Under §1030(a)(2)(B) and (C), it's a crime to exceed authorized access and obtain "information from any department or agency of the United States" and/or "information from any protected computer if the conduct involved an interstate or foreign communication."  I think this is both; letters and memos from Senators to their staff are Senatorial communications, and almost certainly involve interstate communications at some level.  Not necessarily, but I think it's pretty probable.  So it doesn't matter if the documents read "confidential" or "private", or whether or not they were password protected or encrypted - they were obviously beyond the authorized access of Republican staffers.  They were clearly private internal documents he wasn't supposed to read.

    Again, as I've explicitly said several times already, this is not the trade secrets standard.  You're exactly right that these factors would be dispositive under that standard, but this is different.  People aren't required to password-protect private documents in order to apply criminal liability to eavesdroppers and thieves.  The protection requirement in trade secrets law is the exception rather than the rule, having IP roots in common with the requirement that you defend your trademark.  Sort of.  

    Your last point, however, is right on the ball - it's politics as usual, and the arguments would be reversed if the parties were reversed.  I'd still think it was illegal, but I wouldn't get all fired up about it.  Just like conservatives demanded impeachment for Clinton's lies about sex but defend Bush's lies about war, we tend to give passes to the pols we like.  

    But, in my mind, the problem with that is ignoring wrongdoing in our party, not pointing out the legitimate and significan malfeasance of the opposition.

    [ Parent ]

    indeed (none / 1) (#141)
    by emmons on Wed Jan 28, 2004 at 02:53:35 AM EST

    I like your last point the best. If only we applied the same standard to "our" politicians as we did to "theirs".

    Politics is too much of a game, and because of that in the end nobody wins.

    In this matter, I contend that it's not a huge deal- certainly not as big as some democrats are trying to make it. I think this because.. well, look at how we're splitting hairs over the legal definitions and how the matter of it being "wrong" hinges on which way we split them. If something isn't obviously wrong, it's not really an outrage.

    Now, about this legal business:

    I'm happy to see that you've done some homework. Discussions become much more interesting and educational when people slow down for a few minutes to think about and/or research what they write. Thank you. I'm even more intrigued now that I notice the law.harvard.edu in your email address.. and hopeful that I'm merely misunderstanding you.

    To that end, let me cut to the chase here and hopefully save a lot of time with a couple questions. Be careful since they're purposefully loaded, but please be precise. Geez, I sound like a professor. :0

    Had the documents been, for whatever reason, physically sitting out in the open- like on the floor of a public hallway- would it still have  been illegal for the republicans to copy them and distribute those copies? If so, why?

    Had the file share that the republican staffer accessed been empty, would it still have been illegal for him to have done so, and why? Assume that he needed no password or special tools to do so, only a "keen set of eyes", so to speak.

    ---
    In the beginning the universe was created. This has made a lot of people angry and been widely regarded as a bad move.
    -Douglas Adams

    [ Parent ]

    One point (none / 1) (#153)
    by toganet on Fri Jan 30, 2004 at 11:01:44 AM EST

    I'd like to refine the analogy a little in respect to the staffer 'finding' the documents.

    I think the act of copying files from an unprotected fileshare is like opening an unlocked office door and making copies of papers that are in plain sight on the desk.  Saying that they were "dropped in the hallway" removes the intentionality of the act.

    What I mean to say is, if the staffer had indeed found these documents on the floor in a public area, and leaked them to the press, then sorry, but that's the way the game is played.  One might even allow that the staffer accidentally stumbled upon the unprotected share whilst looking for something else, and found the documents.  Subsequent trips to that share, motivated by a desire to receive information that was not intended for them, is clearly unethical.

    Why didn't the Dems fix it when they were notified?  Well, then they couldn't make a big fuss about it during the horse race.

    Johnson's law: Systems resemble the organizations that create them.


    [ Parent ]
    Yep (none / 0) (#159)
    by emmons on Fri Jan 30, 2004 at 02:58:48 PM EST

    I'd say it's more like posting them to a message board in a hallway, or maybe on a desk with the window open. They're out in view of the public, one just has to go there. There are no doors to open- that implies going somewhere one is normally not allowed to go. Intentionality is irrelevant to the legality of it.

    Either way though, it's dirty politics on both sides.

    ---
    In the beginning the universe was created. This has made a lot of people angry and been widely regarded as a bad move.
    -Douglas Adams

    [ Parent ]

    Probably not (none / 0) (#157)
    by kmcrober on Fri Jan 30, 2004 at 12:44:27 PM EST

    I think toganet has the right idea as to the basic ethical issues.  On your particular hypotheticals, no, I don't think either would be illegal under this act - the first because it's not access to a computer, and the second because nothing was damaged or improperly obtained.

    Would the be illegal under other statutes (which I presume is what you're really getting at)?  Mmmmmmm... probably not.  I don't know for sure, though; you'd have to parse the language of whatever statute was operative pretty carefully.  

    The first would probably turn on whether the documents were marked "confidential" or otherwise private...  It's entirely possible that it's illegal to distribute internal Congressional documents without permission, but I don't know.  

    The second would seem to be exactly what this law is meant to cover, but as I said, it slips in between the cracks since there was no damage done or valuable thing obtained.  There might be equivalent legislation, say in the PATRIOT Act, but again, I just don't know.

    [ Parent ]

    thank you (none / 0) (#160)
    by emmons on Fri Jan 30, 2004 at 03:02:34 PM EST

    Thank you, hopefully now you can now better understand my point.

    The documents, by themselves, have no legal protections- regardless of where they're placed. Unless you can enlighten me to some statute with which I'm not aware, I don't believe that simply stamping "confidential" on a document entitles it to legal protections. Perhaps you could ask one of your professors, but I imagine that such a law would be major free speech violation.

    The file share, by itself, probably has no legal protections.

    Now, if the documents are congressional documents rather than party documents, they're entitled to legal protections on their own and the "probably" part of my second statement becomes much more important because it's government inforamtion and 1030 is much more strict in those cases. However, these are party strategy documents.

    We're dealing with two seperate issues and I think that you got them mixed together. The legal protections of the documents themselves, and the legal protections of where they were stored.

    The documents, no matter how embarrasing, are not illegal to copy and distribute. The file share was not protected and was thus effectively "out in the open," therefore the documents on that file share gain no additional legal protections.

    Perhaps this is a fitting analogy: if the docuemnts were sitting on a desk in an office with an open window, photographing the documents and distributing copies of the documents from that photograph would not be illegal. One is allowed to look into open windows and see whatever he sees. He's also allowed to talk about what he sees. If, however, the documents were in a brief case (perhaps in a fancy hotel room) and one had to break into the room to copy the documents, the breaking and entering would be illegal. If he took the documents instead of copying them that would also be theft. The criminal is still allowed to talk about what he saw, however.

    I brought up trade secret law because it IS a special case. Normally, illegally obtained documents are still legal to distribute. Trade secret law makes it illegal to distrubute them in that case.

    It is my contention that since the server was not protecting the documents, they were effectively in the open and therefore accessing them was not illegal. By extension, copying them was not illegal either.

    Immoral, perhaps, but not illegal.

    ---
    In the beginning the universe was created. This has made a lot of people angry and been widely regarded as a bad move.
    -Douglas Adams

    [ Parent ]

    Remember, I'm arguing this is under 1030 (none / 0) (#161)
    by kmcrober on Fri Jan 30, 2004 at 04:49:55 PM EST

    That makes the access illegal regardless of whether or not the files were protected; the statute doesn't reference any requirement for explicit confidentiality.  Just accessing files clearly not intended for the malfeasor would trigger criminal liability under 1030, even if the server was misconfigured.  The staffer knowingly exceeded his access to a government computer and caused damage and/or obtained something of value.  

    Your open window analogy is off-point; you'd have to assume a statute making it illegal to knowingly look into windows you know you aren't supposed to see into.

    You raise a pretty interesting question, though, as to what would happen to people who distributed the documents without actually being the one to obtain them.  Some sort of accessorial liability?  Probably not, given how on-the-bubble the core crime is, but maybe.  So you might be right that copying them from the original copies the Republican staffer made wasn't illegal.  

    [ Parent ]

    Well, (none / 0) (#164)
    by emmons on Sat Jan 31, 2004 at 01:40:13 AM EST

    You just said that had the file share been empty, it would be legal to view it. How, then, is it suddenly illegal when there are documents there?

    My open window analogy is completely to the point- like looking through an open window, the staffer did not need to exceed the access he had to the computer. He looked at the thing through the network and saw documents. My argument is that the content of those documents does not suddenly make the looking illegal.

    The entire argument here stems from the broadness and ambiguity of the term "authorized." I believe that since the staffer wasn't unauthorized, that is he wasn't banned from seeing them, it's ok. You contend that since they weren't intended for him, he is implicitely not authorized to see them. I don't buy that because that definition limits free speech to much, but whatever...

    I've searched for case law that better defines the meaning of "authorized" and found that the courts haven't yet decided upon a definition (second to last paragraph). Therefore, neither of us can win this argument. Shall we call it a draw and both admit that we don't know whether it was illegal?

    ---
    In the beginning the universe was created. This has made a lot of people angry and been widely regarded as a bad move.
    -Douglas Adams

    [ Parent ]

    Two prongs (none / 0) (#165)
    by kmcrober on Sat Jan 31, 2004 at 03:10:47 AM EST

    Because to be illegal under 1030, as I see it, you have to do two things - exceed your access, and obtain information/communications.  So if the fileshare was empty, you wouldn't reach the threshold for 1030.  I suppose just the acces itself might be illegal under some other provision; I don't know.

    But you're right that "access" under 1030 seems pretty undefined.  Courts are terrible at making that kind of technical determination, and I guess it's not going to even get to that phase in this case; like we said, it's not like this is going to go to court.

    I wonder if the experience will encourage legislators to tighten/rationalize computer security legislation, though?

    [ Parent ]

    ah (none / 0) (#166)
    by emmons on Sat Jan 31, 2004 at 03:08:40 PM EST

    It would be nice if legislators wrote laws that were more specific... but that would require them to know what they're talking about in the first place. Unfortunately, politicians and lawyers tend not to be the most technically savy people in the world...

    Good conversation though; you made me research and learn a bit. Thanks. :)

    ---
    In the beginning the universe was created. This has made a lot of people angry and been widely regarded as a bad move.
    -Douglas Adams

    [ Parent ]

    attn kmcrober (none / 1) (#148)
    by Battle Troll on Thu Jan 29, 2004 at 11:57:59 AM EST

    Could you quash this guy? Thanks.
    --
    Skarphedinn was carrying the axe with which he had killed Thrainn Sigfusson and which he called 'Battle Troll.'
    Njal's Saga, ca 1280 AD
    [ Parent ]
    Hahaha (none / 0) (#158)
    by kmcrober on Fri Jan 30, 2004 at 01:22:12 PM EST

    Thanks for pointing that out - I would have missed it.  It's my favorite kind of crazy.

    I talked to a judge last semester and asked him if he ever got militant separatists - the kind of people who insist they can't be prosecuted/senteced by a court because it has gold fringes on the flag, making it a court martial, which means it's unconstitutional to be used in civil matters, which means...  blah blah blah.  He said he gets them occasionally, and he loves them.  They're apparently pretty entertaining (except for the opposing counsel who have to deal with them more regularly), but they do cause serious delays and sometimes problems in the courts, since judges are supposed to give pro se litigants plenty of slack.

    There's a stupendously amazingly entertaining web compendium of these arguments out there somewhere, but I can't remember the address and Google didn't pull it up right away.  I'll look again later, and post it if I find it; I just love the radical theory.

    [ Parent ]

    it's one thing if you're American (none / 0) (#162)
    by Battle Troll on Fri Jan 30, 2004 at 06:04:50 PM EST

    And you're questioning the American system - but it rubs me the wrong way coming from a Swede whose argument boils down to a fundamental misunderstnading of the relationship between judges and law in Anglo-American society. Ah, what can you do with an arrant Continentality?
    --
    Skarphedinn was carrying the axe with which he had killed Thrainn Sigfusson and which he called 'Battle Troll.'
    Njal's Saga, ca 1280 AD
    [ Parent ]
    Ethics (2.28 / 7) (#43)
    by Ogygus on Sat Jan 24, 2004 at 12:07:25 PM EST

    Federal employees take an oath when you become a federal employee to behave ethically

    Too bad politicians don't have to do the same.

    The mice will see you now.
    [ Parent ]
    If they did that they wouldn't be politicians.(NT) (none / 2) (#68)
    by porkchop_d_clown on Sun Jan 25, 2004 at 02:20:06 PM EST


    --
    "the internet is to the techno-capable disaffected what the United Nations is to marginal states: it offers the illusion of empowerment and c
    [ Parent ]

    You sure aren't a techie. (none / 2) (#62)
    by Qwaniton on Sun Jan 25, 2004 at 12:12:38 PM EST

    There's no security flaw here. The Jackasses didn't set up their ACLs right, and the Elephants took advantage of it. There's no ethical problem here. (At least in Washington. This isn't nearly as bad as some of the other things Congresscritters do...)
    I don't think, therefore I
    [ Parent ]
    isn't nearly as bad as...? (none / 3) (#102)
    by jameth on Mon Jan 26, 2004 at 10:43:19 AM EST

    Holy crap! They've done worse things! Since this is comparatively less evil, lets just call it not evil. After all, why not just lower our standards ever time people prove themselves despicable?

    [ Parent ]
    Stealing? (none / 3) (#97)
    by trezor on Mon Jan 26, 2004 at 07:02:21 AM EST

    I've said it before, and I'll say it again:

    How excatly is it stealing if nobody lost anything?

    A burglar breaking into a house, taking your possesions is clearly different than coping a file. See? Somebody lost something vs nobody lost anything.

    Jeez, you guys. Get a grip. Stop beeing RIAA-drones.


    --
    Richard Dean Anderson porn? - Now spread the news

    [ Parent ]
    Be realistic (none / 2) (#100)
    by jameth on Mon Jan 26, 2004 at 10:41:43 AM EST

    It's theft in the sense that we don't have a much better common word for the activity of illegally viewing something and taking for yourself the value contained theirin, despite this being blatantly against the desires of the owner of what you viewed.

    At least, I can't think of one off the top of my head. If you can, please inform. Until then, I'll just go ahead and broaden the definition of the word 'steal'.

    [ Parent ]

    Illegal how? (none / 2) (#103)
    by trezor on Mon Jan 26, 2004 at 10:48:48 AM EST

      It's theft in the sense that we don't have a much better common word for the activity of illegally viewing something and taking for yourself the value contained theirin, despite this being blatantly against the desires of the owner of what you viewed.

    If I am stupid enough to put documents out in the public (ie. on a unprotected, passwordless samba-share, as matters are in this case) and someone reads it, how is that illegal?

    Maybe the owner of the document didn't want everyone to read it, but he did put it publicly accessible. How is it then illegal to access it?

    Of. BTW, I never intended you to read my post, I just happended to put it in a public forum. You read my post illegaly, and I'll be calling the police any second now. You agree that makes sense, right?

    Then again, maybe the stupidity of some shouldn't make criminals of others.


    --
    Richard Dean Anderson porn? - Now spread the news

    [ Parent ]
    Quite Right (none / 1) (#125)
    by jameth on Mon Jan 26, 2004 at 08:17:24 PM EST

    Completely immoral, but likely not illegal. We'll see how the chips fall when the investigation's done, but it was most likely just another bit of grossly immoral behavior on the part of the politicians.

    [ Parent ]
    How about this? (none / 1) (#154)
    by toganet on Fri Jan 30, 2004 at 11:06:48 AM EST

    Call a catalog store, say, LLBean.  User your cell phone.  Give them your credit card while I listen in with my fancy monitoring equipment (or better yet, just eavesdrop).

    Now I have your credit card info.  I buy stuff.

    But don't get mad.  I didn't steal anything -- you still have your credit card, right?

    Johnson's law: Systems resemble the organizations that create them.


    [ Parent ]
    Nothing like hypocrisy (2.50 / 8) (#21)
    by steve h on Fri Jan 23, 2004 at 11:14:34 AM EST

    You are also indulging in selective quoting.

    "Other staffers, however, denied that the Democrats were told anything about it before November 2003."

    Looks to me like it's all up in the air at the moment.

    And even if they told them once, in 2002, and the message didn't get through, it was still utterly unethical to access those files for a year.

    [ Parent ]

    Well, yeah, that kind of the point. (2.00 / 7) (#23)
    by porkchop_d_clown on Fri Jan 23, 2004 at 11:25:51 AM EST

    To show how hypocritical it is to cut-and-paste only the bits that you agree with, right?

    And, yeah, you're right - it's all up in the air right now. We have a lot of accusations about "over a year" but the only thing vaguely like evidence is one e-mail apparently tied with one leaked document from a few months ago.

    It could turn out to be a minor scandal, a major scandal, or it could turn out to be nothing at all. It could also turn out to be a Democratic smoke screen to distract from the way the "party of the people" was jiggering the nominations process at the request of special interests.

    --
    "the internet is to the techno-capable disaffected what the United Nations is to marginal states: it offers the illusion of empowerment and c
    [ Parent ]

    Whoa - hold on (2.66 / 6) (#70)
    by kmcrober on Sun Jan 25, 2004 at 02:54:44 PM EST

    I mean, partisan posting is one thing.  That's like my favorite hobby.  But "jiggering the nominations process at the request of special interests"?  

    The vast majority of Bush's nominees have gone through.  Almost all of them, like Judge Prado on the Fifth Circuit, were looked at pretty closely and voted on in due course.  Prado's a strong conservative, but was affirmed because he has a good record of judicial impartiality, and the few allegations of activism didn't outweigh that.  Bush has had more success than Clinton did with his nominees, due largely to the Democrats' focus on the most egregiously improper nominations.  

    We won't even go into the Republican hypocrisy of complaining that the opposition party has no right to hold up nominations.  Some people have no shame.

    The ones that have been filibustered - Pickering, Estrada, and Owen especially - have severe problems and are all - ALL - the product of special interest politics.  Possibly the woman from California, too, but I honestly don't know much about her.

    Owen is a terrible judge.  She is widely disrespected by the Texas bar, where she has a reputation as something of a slacker and an outright activist.  Even Bush's own general counsel called one of her opinions impermissible activism - she read into an abortion law some novel language requiring girls to have some religious education before they could have an abortion.  

    Pickering has a troubling record on health issues, on race relations, and on labor rights.  Estrada has no real record at all, and does not have the kind of experience on the bench generally required to sit a circuit.  When the Dems complain about his lack of record, they aren't saying, "We want all his files because we think they'll embarass Bush!"  They're saying, "Holy shit, this guy has never really sat on any important or difficult cases.  He has no track record whatsoever for impartiality or competence; we have only the word of an administration that is clearly dedicated to nominating judges based on politics alone."

    The Democrats don't need a smokescreen to cover their filibustering - it's the most honorable and ethical thing they could do.  Bush is destroying faith in the nomination process and pissing on the idea of a bipartisan judiciary.  You might want these radical pro-life, anti-labor judges on the circuits, but don't pretent that the opposition to them is based on special interests.  Special interests secured their nominations - it's up to the opposition now to vote up the legitimate and qualified candidates (which they've done over and over again) and put a roadblock in the path of the abusive and unqualified political animals.

    [ Parent ]

    the content of the memo was (2.00 / 4) (#82)
    by porkchop_d_clown on Sun Jan 25, 2004 at 09:26:27 PM EST

    that (a) the NAACP wanted them to delay a nomination until after a certain case was heard and (b) several staff members were "uncomfortable" doing this.

    Now, IANAL, but that might be considered judge tampering. If not, then, no problem, I suppose.

    --
    "the internet is to the techno-capable disaffected what the United Nations is to marginal states: it offers the illusion of empowerment and c
    [ Parent ]

    Nope (none / 3) (#83)
    by kmcrober on Sun Jan 25, 2004 at 09:37:43 PM EST

    (From the speed of this response, can you tell I'm desperate for an excuse not to study?)

    It's pretty straightforward politics.  Both sides want cases to come out certain ways, and both sides are trying to structure the judiciary in ways favorable to their agenda.  But it's not judicial tampering - that would be trying to influence a present judge, or (possibly) nominating a judge to get a particular outcome on a particular case.

    Now, Cheney taking Scalia duck hunting a few days after the S. Ct. took up the open-government case against Cheney?  That looks like judicial tampering.  Won't be taken seriously - Scalia will either recuse himself or pretend it's no big deal, and from a practical perspective it isn't.  There was never, at any point, any question over whether Scalia would rule in Cheney's favor.  It's a 100% dead solid lock, so it's a little weird to call it an attempt on Cheney's part to alter the outcome of the case.  But it looks bad, and the judicial system is uniquely sensitive to looking bad.  

    I guess it's the same thing here.  Your spider sense is tingling because you don't like the idea of politicians meddling to get particular outcomes out of the courts.  Fair enough, I feel the same way.  But I get the same willies from the nominations of ideological and political creatures like Owen that you get from the NAACP's interests.  Both are attempts to influence the courts through politics, but neither are illegal.

    This hasn't been a very coherent post, I guess.  My basic point is this - the dems are (A) responding to the GOP's cynical attempt to engineer a more conservative judiciary and (B) doing it through the normal political process.  If they were slipping money to judges, or offering them better appointments, that would be tampering.  Holding off an nomination hearing until a case is heard to prevent an ideologue from being slipped onto the court strikes me as neither illegal nor unethical.

    [ Parent ]

    Fair enough. (2.75 / 4) (#87)
    by porkchop_d_clown on Sun Jan 25, 2004 at 11:10:01 PM EST

    At this point I'm going to wait for the investigation to finish. It should be fun.

    --
    "the internet is to the techno-capable disaffected what the United Nations is to marginal states: it offers the illusion of empowerment and c
    [ Parent ]

    factual misdirect. (none / 3) (#73)
    by Wah on Sun Jan 25, 2004 at 04:51:57 PM EST

    They (the Republicans) said that in the summer of 2002, their computer technician informed his Democratic counterpart of the glitch

    That would be only a Republican knowing of the glitch and a Democrat.  Both sys-admins and likely to think their bosses are jack-asses anyway.

    Sounds to me like the Republicans did do the honorable thing

    Sound to me like a Republican might have done the write thing, and the rest did a wrong thing the moment they started using that information.  And their wrong multiplied over time.
    --
    sometimes things just are that way and that's it. They're true. Sure, Popper, et. al., may argue otherwise, but they're dead. You get it? Yet?
    [ Parent ]

    also (2.75 / 4) (#74)
    by Wah on Sun Jan 25, 2004 at 04:55:22 PM EST

    accidentally hit post...

    In other words, these leaked memos reveal that the Democrats were tampering with judicial selection at the request of the NAACP, in order to alter the outcome of a case. I'm pretty sure judge tampering isn't "honorable".

    This is politics as usual, and only stands as a useful criticism if the R. release their internal memos over the same period, all of them, and these lack such political strategy discussions.  Special interests work to alter politics, film at 11.  Spying is an ethical thing.  Voters tend to hold politicos to at least the appearance of propriety.
    --
    sometimes things just are that way and that's it. They're true. Sure, Popper, et. al., may argue otherwise, but they're dead. You get it? Yet?
    [ Parent ]

    Not really (2.71 / 7) (#28)
    by godix on Fri Jan 23, 2004 at 12:41:16 PM EST

    The most disturbing and unethical part of watergate was that the President himself not only knew it was going on, he ordered it. In this particular case it appears, at least for now, that no high ranking official in Congress knew about it and the Presidential office had nothing at all to do with any of it. The investigation may later show otherwise but for the moment I don't think this is nearly as bad as watergate.

    I will do whatever the Americans want, because I saw what happened in Iraq, and I was afraid.
    - General Qaddafi
    [ Parent ]
    Hmm... (none / 3) (#60)
    by jools on Sun Jan 25, 2004 at 10:26:17 AM EST

    But how do we know Hatch didn't know?

    [ Parent ]
    We don't (none / 1) (#85)
    by godix on Sun Jan 25, 2004 at 10:59:43 PM EST

    but in this country we are supposed to assume innocence until proven guilty. It cuts both ways, Clinton and democrats aren't the only ones that get away scot free lying their ass off. There should be an investigation seeing if Hatch knew and if so can it be proven he knew. Unsuprisingly enough, there is such an investigation going on.

    I will do whatever the Americans want, because I saw what happened in Iraq, and I was afraid.
    - General Qaddafi
    [ Parent ]
    See also (2.16 / 6) (#31)
    by NaCh0 on Fri Jan 23, 2004 at 04:44:33 PM EST

    http://slashdot.org/article.pl?sid=04/01/22/1433208

    Cut and paste your favorite faux outrage into this story.

    Thanks.

    --
    K5: Your daily dose of socialism.

    Feh (none / 1) (#33)
    by imrdkl on Fri Jan 23, 2004 at 06:53:44 PM EST

    I'm tempted to cancel, now.

    [ Parent ]
    Guantanamo + Tribunal ? (none / 2) (#35)
    by IriseLenoir on Fri Jan 23, 2004 at 08:25:54 PM EST

    I thought they were mutually exclusive...
    "liberty is the mother of order, not its daughter" - Pierre-Joseph Proudhon
    Fixed, thanks. (none / 2) (#41)
    by imrdkl on Sat Jan 24, 2004 at 08:40:30 AM EST

    nt

    [ Parent ]
    Heh. (1.08 / 23) (#37)
    by Kasreyn on Fri Jan 23, 2004 at 11:41:51 PM EST

    Indeed, some are saying that the Republicans' access and subsequent use of the Democrats' memos was nothing less than a violation of the Patriot Act's cyberterrorism clauses. They further claim that these acts of illegitimate access have been going on for over a year.

    Mountain out of molehill: GO!

    Just because some flunky who had a Cisco night class was able to crack the fileserver of a bunch of criminals and drop-outs who can barely vote for a new unconstitutional law without drooling on themselves, is no real cause for alarm.

    Btw: William Pickle? I guess if a kid receives more than 1000 swirlies in High School, he goes on to become Sergeant-at-Arms of the Senate. (giggle). Of course, it's not close to the worst name I've ever heard - a Korean-American gentleman by the name of Dong Phuk.


    -Kasreyn


    "Extenuating circumstance to be mentioned on Judgement Day:
    We never asked to be born in the first place."

    R.I.P. Kurt. You will be missed.
    Why "Or"? (2.62 / 8) (#39)
    by Happy Monkey on Sat Jan 24, 2004 at 07:45:24 AM EST

    Could be both.
    ___
    Length 17, Width 3
    OR is 1 or the other or both (2.33 / 6) (#40)
    by lukme on Sat Jan 24, 2004 at 08:36:43 AM EST

    XOR is either one or the other.


    -----------------------------------
    It's awfully hard to fly with eagles when you're a turkey.
    [ Parent ]
    But the title is written in English (2.66 / 9) (#45)
    by big fat idiot on Sat Jan 24, 2004 at 12:37:53 PM EST

    Where the word 'or' does not have the same meaning as in certain programming languages.

    [ Parent ]
    Is it either a logical OR or an English OR? (none / 3) (#52)
    by lukme on Sat Jan 24, 2004 at 08:43:05 PM EST

    I wasn't refering to any programming language, just plain logic.


    -----------------------------------
    It's awfully hard to fly with eagles when you're a turkey.
    [ Parent ]
    OR (2.60 / 5) (#55)
    by Tyler Durden on Sun Jan 25, 2004 at 01:54:46 AM EST

    When used in human languages, or usually means XOR.  You can have the AK-47 or you can have the rocket launcher.  It's not usually the case that someone means you can have either or both.  

    Jesus Christ, EVERYONE is a troll here at k5, even the editors, even rusty! -- LilDebbie
    [ Parent ]

    in english (2.00 / 5) (#59)
    by the sixth replicant on Sun Jan 25, 2004 at 10:23:04 AM EST

    you say "either....or..." for a XOR. Or is the same in english as it's used in, say, mathematics and logic.

    ciao

    [ Parent ]

    I think it's context based (3.00 / 5) (#64)
    by Bjorniac on Sun Jan 25, 2004 at 01:24:49 PM EST

    "You can vote Democrat or Republican.", "Mark your scripts A or B", "Tick Yes or NO", all are implied XOR from context. There are plenty more. People do not speak in translated symbolic logic. For another example, people often in english use "if" to mean "if and only if" eg, "We accept cheques if you've got a cheque guarantee card." In fact, in this case, it could be an "only if" as if your cheque is drawn on the bank of mars they may still refuse you even though you have a cheque guarantee card.
    Freedom for RMG! Join the Jihad...
    [ Parent ]
    yes (none / 1) (#99)
    by the sixth replicant on Mon Jan 26, 2004 at 09:37:40 AM EST

    i should have said this..it's a bit more elegant :)

    ciao

    see my other comment too

    [ Parent ]

    I don't think so (none / 2) (#66)
    by big fat idiot on Sun Jan 25, 2004 at 02:14:33 PM EST

    I can't think of any English sentence that sounds natural that uses "or" in a non-exclusive fashion. This doesn't mean that such do not exist, but they are very rare in natural conversations.

    On the other hand, I can think of many English sentences where "or" is used in an exclusive fashion. "I'm going to get an A or a B in my class" is equivalent to "I'm going to get either an A or a B in my class". If you are in a restaurant and the waiter asks "do you want the pie or the cake for desert?", he will be very confused if you answer "yes" meaning both.

    [ Parent ]

    yes but you're using the fact (none / 1) (#98)
    by the sixth replicant on Mon Jan 26, 2004 at 07:15:39 AM EST

    that we also use common sense. since i can't be at school AND at home at the same time then the "or" is automatically a xor. if there is ambiguity, then we use "either...or...", hence or is inclusive

    we usually use "or" as a way of separating choices (which is most of your examples), so in fact this is another definition of "or"

    ciao

    PS most people also confuse logic with truth, so statements like A implies B are provable but can still not be true, like "if i am a unicorn then i have a horn" are logical but don't really make sense in english (due to the use of common sense and the defining features of using a natural language) blah blah blah

    [ Parent ]

    hold on (none / 2) (#155)
    by toganet on Fri Jan 30, 2004 at 11:22:01 AM EST

    "if i am a unicorn then i have a horn" are logical but don't really make sense in english

    What's wrong with that?  The above statement is logically proveable a priori.  Despite the fact that there is no a posteriori evidence for the existence of a unicorn, it does not change the fact that unicorns are defined as having one (and only one) horn.

    I think what you mean is that the logical content of a statement does not guarantee it's material factuality.

    You probably meant to use an example like this:

    "If the ground is wet then it must be raining."

    This statement seems true, but it is actually an example of affirming the consequent.

    Johnson's law: Systems resemble the organizations that create them.


    [ Parent ]
    Or (none / 2) (#119)
    by debillitatus on Mon Jan 26, 2004 at 03:34:00 PM EST

    Well, there are examples of inclusive or's in English all of the time. For example, one might say, "Only math or computer science students should take this course", and of course you're not explicitly trying to exclude double majors from this.

    Damn you and your daily doubles, you brigand!
    [ Parent ]

    It's neither. (none / 2) (#151)
    by Estanislao Martínez on Thu Jan 29, 2004 at 07:45:22 PM EST

    When used in human languages, [...]

    I'm happy you hear you're an expert in typological linguistics.

    or usually means XOR.

    No, it doesn't. And it doesn't mean boolear "or" either. As I'll show you right below

    You can have the AK-47 or you can have the rocket launcher.

    From this English statement you can infer one of the following (but not both):

    1. You can have the AK-47.
    2. You can have the rocket launcher.
    That is, English "or" allows you in some range of instances to infer exactly one disjunct without invoking further premises.

    No boolean connective can do this. Neither "p OR q" nor "p XOR q" allows the inference of either of the disjuncts unless some extra premise is invoked.

    A true boolean OR and XOR statement conveys the inforation that one of the disjuncts is true, but no information about which one is true. The natural language "or" in the sentence above conveys that both possibilities in fact hold, but only one can be made actual.

    The boolean connectives are inspired by certain uses of English words like "or", "and" and "if", but to attempt to understand the English words on the model of boolean algebra is wrong.

    --em
    [ Parent ]

    To put it more succintly: (none / 2) (#152)
    by Estanislao Martínez on Thu Jan 29, 2004 at 07:53:29 PM EST

    You can have the AK-47 or you can have the rocket launcher.

    If English "or" were the boolean connective XOR, if I truthfully told you that statement, it would mean that you have permission to have one specific weapon of the two (say, the AK-47), but you wouldn't know which of the two I just gave you permission for. That is, you would know that the disjunction is true, but not which of the disjuncts is true.

    --em
    [ Parent ]

    Move Along, Nothing to See Here (2.06 / 16) (#42)
    by Bad Harmony on Sat Jan 24, 2004 at 08:47:44 AM EST

    If you post your internal memos on a public bulletin board, you shouldn't be shocked and amazed when others read them. There was no "hacking" involved in this case.

    54º40' or Fight!

    It's easy to see which of us are the techies. (2.20 / 5) (#53)
    by porkchop_d_clown on Sat Jan 24, 2004 at 10:11:31 PM EST

    The non-techs are the guys who think this is like someone leaving money in their drawer at home and someone broke in and took it.

    The techs are the guys who think this is like someone threw a pile of money down on the sidewalk and can't understand how someone could just walk off with it.

    heh.

    --
    "the internet is to the techno-capable disaffected what the United Nations is to marginal states: it offers the illusion of empowerment and c
    [ Parent ]

    It was clearly not authorized (none / 2) (#108)
    by dachshund on Mon Jan 26, 2004 at 12:18:49 PM EST

    f you post your internal memos on a public bulletin board, you shouldn't be shocked and amazed when others read them

    It's more like leaving your briefcase in a public place, and having someone else go through and read the confidential documents.

    Are you suggesting that the Republicans had any reason to believe they were authorized to read those files, simply because someone forgot to password-protect a share?

    [ Parent ]

    Exactly (none / 1) (#156)
    by toganet on Fri Jan 30, 2004 at 11:24:39 AM EST

    Since you left your house unlocked, I was allowed to go in and take whatever I wanted, right?

    Johnson's law: Systems resemble the organizations that create them.


    [ Parent ]
    Both. (2.87 / 8) (#44)
    by maximumlobster on Sat Jan 24, 2004 at 12:25:38 PM EST

    There's only one reasonable conclusion for who's to blame. Both are. No matter how world-readable the files were, the Republican knew that he shouldn't be rooting around in there. And the Dem. Sysadmin should just flat-out know better. Both should be fired for this.

    the sysadmin? (3.00 / 9) (#61)
    by frozencrow on Sun Jan 25, 2004 at 11:24:56 AM EST

    I have read a number of people blaming the sysadmin for permissions problems, so I would like to point something out. (Disclaimer: I am a sysadmin.)

    Sysadmins do not put the files on the shares (at least, not when they're in "sysadmin mode.") A sysadmin (probably) set up the share, but all this means is that someone told the sysadmin to set it up. The person doing the telling may or may not have mentioned that there would be sensitive data on the share, and it's also possible that the share WAS NOT INTENDED to have sensitive data on it. Left to their own ends, the users will usually use the easiest mechanism they have available to share data, sensitivity be damned. If nobody ever thinks to tell the sysadmin that people have been putting sensitive data on share X, then the sysadmin is obviously not going to know that there is a problem that needs to be addressed. One example of this from my workplace would be the externally-facing fileserver. We learned one day that people were putting sensitive data on it since they were too cheap to buy a fileserver of their own. We removed the anonymous upload privs immediately and started phasing it out, but for a few years that thing was a veritable bonanza of sensitive information.

    Even if the sysadmin knew that there was a problem and wanted to fix it, there's no guarantee that the sysadmin will be allowed to fix the problem. It is fairly common for this sort of thing to happen, especially when the fix to the problem involves taking a well-loved functionality away from the users. Where I work, there is a problem with the configuration of certain machines. I know there is a problem. I want to fix it. I even fixed it, once upon a time, and I got hauled into a meeting for a thorough dressing down for my trouble. The problem is still in there today because manager and VP types use the functionality that the configuration problem gives them.

    Sysadmins cannot be held to be completely responsible for the security of the network, or, alternately, they cannot be held responsible for the complete security of the network. At best, this is naive. Yes, attempt to educate the users. Yes, attempt to reasonably secure things. No, don't blame me when someone else comes along and breaks it.

    [ Parent ]

    I'll be your server tonight (none / 1) (#86)
    by crh on Sun Jan 25, 2004 at 11:04:44 PM EST

    Does anyone know what kind of server this was? Windows? Novell? Samba? NFS? AppleShare?

    Who had ultimate (rood/Administrangler) control? Was such control shared? How was the share in question configured, and who had the neccessary access to change the configuration?

    I don't think it's possible to assign any blame anywhere until those and many other questions are answered, and I don't think we're going to get those answers any time soon.

    [ Parent ]

    Hehehe (2.20 / 5) (#50)
    by regeya on Sat Jan 24, 2004 at 04:17:38 PM EST

    The first report I read suggested that the problem has existed (and the "leaks" have been made public) since some time in 2001.

    Wow, it only took the Democratic IT services three years to find out about a permissions problem? Kick ass. Score one for the Democrats!

    [ yokelpunk | kuro5hin diary ]

    Maybe (none / 3) (#56)
    by bigbtommy on Sun Jan 25, 2004 at 03:50:47 AM EST

    But, if I was a US citizen, I'd rather have the Dems spend three years to chmod a few files than have them supporting mindless copyright term extensions and crappy laws like the DMCA (which has infiltrated itself over here in Europe as the European Union Copyright Directive).
    -- bbCity.co.uk - When I see kids, I speed up
    [ Parent ]
    Sweet! (2.50 / 8) (#54)
    by tthomas48 on Sat Jan 24, 2004 at 10:44:27 PM EST

    By most people respondings logic I can hack into the new electronic voting machines and play around in there. After all, I'm only entering an insecure system and accessing public documents - votes - after all it's not like they're top secret or anything.

    Wrong. (2.60 / 5) (#57)
    by arcade on Sun Jan 25, 2004 at 08:57:09 AM EST

    There is a major difference between making something available for everyone (open file permissions) and having a security vulnerability someone has to break through.

    If the republican had used a buffer overflow or some other exploit, then it would be like breaking into an office. If, however, he took a look at files made _available for everyone to read_, which they _were_ if the file permissions were open - then it's like reading something posted on a public bulletin board.

    I really don't see the problem with what this republican has done. It's not wrong. It's not unethical. At least not in my book.



    --
    arcade
    [ Parent ]
    Wrong (2.80 / 5) (#58)
    by johnny on Sun Jan 25, 2004 at 09:55:28 AM EST

    Where I work, I don't leave private stuff on a public bulletin board. However, I work in a cube -- without a lockable door. So sometimes I leave private papers on my desk, in a folder. I have to trust that my co-workers are ethical people and won't go reading stuff that is obviously not meant for them to read. If I found somebody in my cube, reading, say, my medical bills, I would not be satisfied with an answer that "the door was open and the folder was not locked."

    yr frn,
    jrs
    Get your free download of prizewinning novels Acts of the Apostles and Che
    [ Parent ]
    Hmm... (1.66 / 6) (#65)
    by tthomas48 on Sun Jan 25, 2004 at 01:37:39 PM EST

    So the concept wrong is not really a matter of whether or not you're supposed to be doing something, and more an issue of how much technology you need to do it. Interesting. If getting the information out of the system could be done by 98% of K5ers you say it is not wrong to get the information (accessing unprotected Windows shares you know you shouldn't). If only 5% could get it, it is wrong (accessing voting information you know you shouldn't). Jackass. Pull your Republican Head out of your Republican Ass. If you know you shouldn't be accessing the information then it's wrong. Period. End of Story. If Microsoft had all their source code on an open share and you downloaded it and posted it on the net, I'm quite sure that the courts would hand you some hefty jail time and fines. There is 0 difference here. But then again, as the Republicans like to point out, we don't teach morality in the classrooms so you can hardly be blamed for having none.

    [ Parent ]
    That was my point (none / 2) (#71)
    by johnny on Sun Jan 25, 2004 at 03:52:44 PM EST

    Either I don't write well or you don't read well. hmmm

    yr frn,
    jrs
    Get your free download of prizewinning novels Acts of the Apostles and Che
    [ Parent ]
    You write fine (none / 1) (#90)
    by rusty on Mon Jan 26, 2004 at 02:07:32 AM EST

    I think tthomas48 hit the wrong "reply" link.

    ____
    Not the real rusty
    [ Parent ]
    Yurp. (none / 1) (#126)
    by tthomas48 on Mon Jan 26, 2004 at 08:20:35 PM EST

    Got the wrong link. Sorry.

    [ Parent ]
    There is no difference (none / 3) (#92)
    by arcade on Mon Jan 26, 2004 at 04:25:22 AM EST

    In my eyes, there is absolutely no difference between putting something on an open share, a web server or an ftp server.

    If the source code was accessible from a publicly accessible web-server, nobody would think it was wrong for people to download it.

    If the source code was accessible from a publicly accessible ftp-server, most people would think it was okay to download it.

    If the source code is on an open smb-share, a lot of people think it is somehow 'wrong' to access it.

    Personally I don't see the difference between the three scenarios. If it is publicly available, it is publicly available. It doesn't matter if it is on web, ftp, smb or whatever. Just because less people understand the technical matters of ftp doesn't mean there is a difference.

    --
    arcade
    [ Parent ]

    The difference is who your audience is (none / 1) (#135)
    by zakalwe on Tue Jan 27, 2004 at 12:15:04 PM EST

    If I leave a private document sitting on a desk while I leave the room for five minutes, it isn't ethical for someone to come in and look at it. If I tell tell someone they can have the document, and where to get it, then they are within their right to do so. If I put the document on a public noticeboard, then anyone can read it.

    In none of these cases have I altered the physical security or protection on the document - the only difference is in where I put it, and what I say about it. Why should the rules change just because its an electronic document?

    [ Parent ]

    Don't agree. (2.80 / 5) (#67)
    by limekiller on Sun Jan 25, 2004 at 02:18:25 PM EST

    arcade writes:
    "If the republican had used a buffer overflow or some other exploit, then it would be like breaking into an office. If, however, he took a look at files made available for everyone to read, which they were if the file permissions were open - then it's like reading something posted on a public bulletin board.  I really don't see the problem with what this republican has done. It's not wrong. It's not unethical. At least not in my book."

    Incorrect.

    If the person accessing the files could or should have reasonably known that the files they were accessing were files they should not have been accessing, they were in the wrong, morally if not legally (but probably legally, too).

    A simple real-world example would be if you explored an abandoned building.  Should you not be there?  Who knows?  Maybe there are no signs posted and you honestly don't know.  If it turns out that you shouldn't have been there, and the cops pick you up, they're gonna say "don't do that again" and that's pretty much it.

    If, however, you go inside of a building that you know -- by whatever means -- to be off-limits, then you are engaging in dishonest activities.

    It's really that simple.

    What you're saying, effectively, is that if I'm foolish enough to not put my wallet too securely into my pocket and it falls out, hey, it's yours for the taking.  After all, you didn't cause it to fall out.  You're just taking what was there and unprotected, despite knowing that it belonged to me and it wasn't yours.  And that position is indefensible.

    Look, I know that there is a lot of partisanship on this one but I think it's safe to say that if the situation were reversed, it would be the Dems saying "ah, no big deal" and the Republicans screaming bloody murder.

    But I'm fully prepared to say that this is wrong no matter who does it and demonstrably so.

    Regards,
    Jason

    [ Parent ]

    Digital millenium? (none / 2) (#96)
    by trezor on Mon Jan 26, 2004 at 06:45:56 AM EST

    You obviously haven't entered the digital millenium yet, now have you?

    How can you treat taking a physical object, the wallet for your own keepings and downloading/copying a file even by the same prinicples?

    It's not like anything were stolen here. Information was posted, insecurely, and therefore read by a few people more than it might have been intended for. Oh, shocking news!

    If George Bush by accident leaves his "top-secret" plans for election fraud 2004 right in front of my nose, am I to blame if I read it?

    There's nothing more to it than that, so don't make it.


    --
    Richard Dean Anderson porn? - Now spread the news

    [ Parent ]
    Nullo (none / 2) (#133)
    by limekiller on Tue Jan 27, 2004 at 08:15:41 AM EST

    trezor writes:
    "If George Bush by accident leaves his "top-secret" plans for election fraud 2004 right in front of my nose, am I to blame if I read it?  There's nothing more to it than that, so don't make it. "

    The worst sort of Kuro5hin types are the ones that tend to end their posts with "end of story"-like comments.  I get a big laugh out of them.

    To answer your question, "yes," you'd be to blame if you read it.  

    The other day I was at work and found a pile of someone's W4 forms.  Was I just plain curious?  Sure.  Did I read what was contained within?  No, except for the name part to know who to return it to, because that's none of my business and reading it -- despite the fact that someone dropped it and it came into my hands though no act of my own -- is immoral.

    In this situation the problem is even worse because a person went out of their way to access the files they knew they should not be reading.  This is a little like me opening a file cabinet I know someone left unlocked to read someone else's W4.

    Regards,
    Jason

    PS: Please stop replying to people with the caveat that you've spoken and that's the final word on the issue.  It comes off as juvenile.  People are going to have angles on issues that you have possibly not considered and (gasp!) you might actually be wrong.

    [ Parent ]

    Partisan Battles (none / 1) (#127)
    by tthomas48 on Mon Jan 26, 2004 at 08:23:57 PM EST

    I disagree that things would be the same if the tables were reversed. The key difference between Republicans and Democrats is believing that the ends always justify the means. Democrats simply don't do this as reliably. Most Democrats would admit Clinton was wrong to have lied under oath in his civil trial , but I sincerely doubt if the tables were turned that Republicans would do the same.

    [ Parent ]
    Posted on a Bulliten Board (none / 1) (#77)
    by MyrddinE on Sun Jan 25, 2004 at 06:04:04 PM EST

    I would consider this similar to a Republican aid walking into the public offices of a Democrat, and snapping photos of documents that are posted on a cork board there.

    He knows he is taking things they were using internally. And he's deliberately copying them for personal use. But on the other hand the Democrats are being extremely lax in putting these files up on a public, open, accessible area. No locked doors, no 'Employees Only' signs. Just post-it notes on the wall containing personal business.

    If someone put memos up on a publicly available cork board, it would be the idiot who pinned them there who gets in trouble. But when someone puts documents on a publicly available file server, it's the person who copies them that gets in trouble. Ignorance regarding computer systems should not make you immune to the consequences of your actions. Making a file publicly available on an open network is just like making a document publicly available in an unlocked room.

    That's my opinion.

    [ Parent ]

    the duration of access is incriminating (none / 3) (#93)
    by jimjamjoh on Mon Jan 26, 2004 at 05:57:46 AM EST

    it is reasonable to argue that the private documents were stumbled upon because they were improperly secured. however, that defense becomes unreasonable when the insecurity is not reported to the owner but instead repeatedly capitalized upon for a year to gain continued access to the private documents.

    if i leave my curtains open and you walk by and happen to glance inside, that's understandable. but not when you pull up a chair and camp outside my window, looking in...that's invasion.

    [ Parent ]

    What indictment?! (none / 3) (#63)
    by phr on Sun Jan 25, 2004 at 12:36:09 PM EST

    The linked article about the Grand Jury for the Plame case doesn't say anyone has been indicted. I don't think anyone has been indicted yet.

    Oops (none / 2) (#78)
    by imrdkl on Sun Jan 25, 2004 at 06:24:29 PM EST

    Yes, that was a misstatement. I meant to write that the grand jury had been convened, and only that. If an editor sees this, I'd appreciate a correction.

    [ Parent ]
    18 USC Sec. 1030 (3.00 / 10) (#76)
    by kmcrober on Sun Jan 25, 2004 at 05:57:46 PM EST

    "§ 1030. Fraud and related activity in connection with computers"

    §1030(a) "Whoever

    (2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains--
         (B) information from any department or agency of the United States; or
         (C) information from any protected computer if the conduct involved an interstate or foreign communication;
    (3) intentionally, without authorization to access any nonpublic computer of a department or agency of the United States, accesses such a computer of that department or agency that is exclusively for the use of the Government of the United States or, in the case of a computer not exclusively for such use, is used by or for the Government of the United States and such conduct affects that use by or for the Government of the United States;

    shall be punished as provided in subsection (c) of this section."

    Subsection (c) provides for imprisonment up to ten years and a fine, although I'm not sure how large the fine is supposed to be.

    I've omitted inapplicable sections, although it's arguable that there could be more violations if you consider the information taken to be something "of value."  That's not a difficult argument to make ("value" doesn't always equate to pecuniary worth, and you could say, for instance, that it was worth $X to Novak in increased book/paper sales to get juicy info), but it's not an easy one to make, either.

    Moreover, the definitions in the title make it clear that unauthorized access to a computer includes exceeding your authorized access, which is what happened here.  These sections sometimes make that explicit, and sometimes don't say anything.  Oversight or intentional, I don't know.

    All I can say for sure is that if Republican documents were leaked, Hatch and Frist and Rove would be screaming bloody murder.  The double standard here is disturbing, but it's political.  As far as I know, the actual investigation is being handled by the Sergeant at Arms, and as far as I know, the core nonpartisan Congressional staff is fairly reliable and independent.  I think the GOP umbrella will certainly prevent loyal party apparatchiks from being sanctioned for their services to the party, but at least we'll get a quasi-honest investigation of the whole affair.

    non public... (none / 1) (#88)
    by mmuskratt on Mon Jan 26, 2004 at 01:16:14 AM EST

    The server was considered public, the dem tech neglected to password protect the shares...both sides shared info on the server, so that would be considered the GOP's escape clause/legal "out."

    [ Parent ]
    Doesn't matter... (none / 2) (#89)
    by kmcrober on Mon Jan 26, 2004 at 01:22:30 AM EST

    Again, the fact that the Dem techs didn't secure the files almost certainly does not matter.  Negligence in protecting an asset can sometimes come into play in civil matters - trade secrets are a good example.  But here, it's irrelevant.  What matters is if the actor in question knew that he did not have authorization to obtain the files, and I can't imagine any adult human being looking at internal political strategies from the opposing party and not knowing they were confidential.  


    [ Parent ]
    I have little faith (none / 1) (#122)
    by mmuskratt on Mon Jan 26, 2004 at 07:25:41 PM EST

    that this will go much further. I actually agree with you, preferring to see the heavy-handed rules the GOP likes to enforce applied to their own staffers. Unfortunately, I doubt much will come of it. More probably, the spin machine in Washington will make the Dems appear to be whining over spilled milk, and will expose their internal memos as being worse than the snooping/access...

    [ Parent ]
    Quick parallell analyses (none / 2) (#95)
    by trezor on Mon Jan 26, 2004 at 06:36:48 AM EST

      "§ 1030. Fraud and related activity in connection with computers" §1030(a) "Whoever (2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains--

    Have you been authorized to access my webserver? Guess your a crook if you visit it then.


    --
    Richard Dean Anderson porn? - Now spread the news

    [ Parent ]
    Yes (none / 1) (#101)
    by sllort on Mon Jan 26, 2004 at 10:43:01 AM EST

    As long as your webserver houses:

         (B) information from any department or agency of the United States; or

         (C) information from any protected computer if the conduct involved an interstate or foreign communication

    Since your web server is by definition not a "protected computer", it would have to house B.

    You're right that the law is way too broad.
    --
    Warning: On Lawn is a documented liar.
    [ Parent ]

    Party anyone? (none / 1) (#104)
    by trezor on Mon Jan 26, 2004 at 10:57:13 AM EST

    The documents involved were party-documents. Not state, not goverment, but party-documents.

    In other words: not covered or protected by the law you chose to cite.


    --
    Richard Dean Anderson porn? - Now spread the news

    [ Parent ]
    My bad (none / 1) (#113)
    by sllort on Mon Jan 26, 2004 at 01:33:17 PM EST

    I thought they were Senate memos.
    --
    Warning: On Lawn is a documented liar.
    [ Parent ]
    Doesn't Apply (none / 2) (#105)
    by CENGEL3 on Mon Jan 26, 2004 at 11:00:19 AM EST

    It's already been stated that the server in question (indeed the documents in question) was not used to conduct "bussiness of the Government of the United States"....it was a government owned computer provided to members of the Senate to conduct "Party Bussiness".

    It's also highly questionable whether any of the laws that protect non-governmental computers could be applied. No actual intrusion or unauthorized access took place. The staffer in question had legitimate access to the server where the files were stored (both parties kept files on that server). He did not attempt to excede his level of access nor did he circumvent any security measure designed to protect said data. The documents in question were placed on a public share with no access restrictions on it.

    It would be the equivalent of my inadvertantly posting a private communication from my companies CEO to a public portion of my companies intranet and then accusing another employee of the company of a crime if they read it.

    Was it inappropriate of the staffer to use the information... absolutely. Unethical.... yeah, a bit though FAR LESS unethical then many other things which occur routienely in politics. Illegal.... doubtfull.

    The thing I find EXTREMELY DISTASTEFULL is that the people screaming the loudest now are the very same people that didn't even bat an eyebrow when the CONFIDENTIAL FBI FILES of 400+ prominant conservatives were "accidently" delivered to Democratic National Comitee HQ during the Clinton administration. Double standard indeed!

     

    [ Parent ]

    Oh, NOW it is a "technicality" (none / 1) (#115)
    by sphealey on Mon Jan 26, 2004 at 02:51:22 PM EST

    The thing I find EXTREMELY DISTASTEFULL is that the people screaming the loudest now are the very same people that didn't even bat an eyebrow when the CONFIDENTIAL FBI FILES of 400+ prominant conservatives were "accidently" delivered to Democratic National Comitee HQ during the Clinton administration. Double standard indeed!
    Whereas for my part, I find it interesting that the very same people who say that "criminals" should not be released on "technicalities" (such as violations of Constitutional rights to fair search and seizure) suddenly go all legalistic and technical when the subject is, say, a Senate Republican staffer. Or John Pointdexter.

    I would think that in order to remain true to their principles, said staffers would waive any right not to be prosecuted under the applicable statutes since they would not ever want to get by on a "technicality".

    Oh yeah, could you address "moral clarity" in your reply?

    sPh

    [ Parent ]

    Whoever said that (none / 1) (#120)
    by CENGEL3 on Mon Jan 26, 2004 at 03:44:44 PM EST

    I don't recall anyone ever saying that prosecuters should ignore the law and prosecute people just because it is "right" rather then because they actualy broke the law.

    I have occasionaly expressed the sentiment that people SHOULDN'T be prosecuted and convicted ONLY because of technicalities. The law should exist to serve the interests of justice and if a persons conviction does not serve the interests of justice then it should not be applied. However, I have NEVER advocated the reverse. A person should not be convicted of a law that they did not techically break... even if such a conviction serves justice. THAT (IMO) is far too perlious a road to take.

    Furthermore, a person can NEVER "wave thier right NOT to be prosecuted". Authorties must respect all persons rights even if they ask to wave them. It is obligated to provide all persons equal protection under the law.

    Finaly, I'm sure what you want me to address in terms of "moral clarity"?

    The staffer certainly did something that was moraly and ethicaly wrong..... but in terms of moral and ethical failures in modern politics this registers fairly low on the scale....there certainly are far more serious issues then this that haven't (and aren't) gotten the same degree of attention this has.... or don't you agree that moral and ethical failures can have degrees of gradation.


    [ Parent ]

    I think it does... (none / 1) (#137)
    by kmcrober on Tue Jan 27, 2004 at 05:40:14 PM EST

    But it depends on what the machine was used for, probably where it was, etc.  I haven't seen anything saying explicitly what the documents were, but my impression is that they were internal memos between Senate staffers.  That makes it Senate business.  I think it would have to be DNC communications from and to DNC people before it would be excised from the language of the statute.

    Also, I think your analogy is wrong.  It's more like you shared an intranet with another, competing company, and they rifled through the public server picking up your internal communications and using them against you publicly.  It's certainly exceeding your authorization to use a public server to read and disseminate documents that you clearly aren't supposed to have access to.

    Bear in mind, though, that you're making solid arguments; this is how the legal argument would come down (depending, like I said, on what the actual facts about the machine and the documents are).  I just come down on the other side of the fence.

    [ Parent ]

    Depends on whose ox has been gored (none / 1) (#140)
    by ghosty on Tue Jan 27, 2004 at 09:20:35 PM EST

    And I find it EXTREMELY DISTASTEFUL (heh) that the party that demanded an FBI investigation over the leaking of Bush's debate tape is now claiming that the taking of political documents is unimportant.

    That episode was actually much more troubling because someone <cough>Karl Rove</cough> obviously manufactured the whole event in an attempt to smear the Gore campaign. Karl must have been really pissed off when Gore's people reported it to the FBI themselves (honest people, Go figure!)



    [ Parent ]

    The Dems were being a tad careless (2.77 / 9) (#80)
    by proles on Sun Jan 25, 2004 at 06:45:42 PM EST

    But at the same time, if I accidentally leave my door unlocked, that doesn't make stealing from me right.  It's still a bad thing to do, even if it's easy.
    If there is hope, it lies in the proles.
    Wrong is wrong. (none / 3) (#84)
    by Rendition on Sun Jan 25, 2004 at 10:28:14 PM EST

    Still it's wrong what they did even if it was a dumb move to keep the door open. I wonder what the political ramifications of this will be.
    FirstAdopter.com - where early adopters discuss great stuff first!
    [ Parent ]
    Stealing? (1.00 / 4) (#94)
    by trezor on Mon Jan 26, 2004 at 06:33:50 AM EST

    Said short: If nobody lost anything, how is that stealing?

    Get away with your contaminated logic you **AA-drone!


    --
    Richard Dean Anderson porn? - Now spread the news

    [ Parent ]
    He's not being literal (3.00 / 6) (#109)
    by dachshund on Mon Jan 26, 2004 at 12:28:07 PM EST

    I agree. And servers don't have doors, so how could anyone have left the server's door unlocked?

    In this case, the top-level poster is making what's called an "analogy". In this case, the unlocked door represents the unsecured share. The "stealing" in this case is a metaphor for the unauthorized viewing and distribution of confidential memos; both, in this case, are damaging to the victim.

    This usage is acceptable because the poster is clearly not implying that espionage and theft are the same thing; rather, he's simply drawing a parallel for the purposes of illustrating a point. The RIAA, on the other hand, actually considers copyright infringement to literally be theft. This is why many posters are annoyed when they speak up; and they're not wrong to do so. You, on the other hand, have simply reacted to the words without looking at their meaning.

    [ Parent ]

    This restores my faith, actually (none / 3) (#107)
    by jmzero on Mon Jan 26, 2004 at 12:01:22 PM EST

    People are always floating wild conspiracy theories about the government, so it always makes me happy when government types get caught at piddly crap like this - well, piddly in comparison with, you know, Illuminati Pyramid Timecubes.  

    Bill Clinton couldn't even get serviced in secret.  Again, good news.  

    I rejoice in our bumbling, stupid, petty, human political establishment.  Things run about the same way as they do at every other organization, and the sins we uncover are about the same.  Excellent.
    .
    "Let's not stir that bag of worms." - my lovely wife

    Glad you're so confident.. (none / 2) (#124)
    by Morkney on Mon Jan 26, 2004 at 07:59:13 PM EST

    Has it not occured to you that that is exactly what they want you to think?

    [ Parent ]
    Dear America: (2.90 / 11) (#110)
    by trener on Mon Jan 26, 2004 at 12:42:21 PM EST

    Stop appending 'gate' to everything that you hope might turn into a political scandal. Watergate was called Watergate because that was the fucking hotel's name.

    YES!!!!! (none / 1) (#129)
    by undermyne on Mon Jan 26, 2004 at 11:51:49 PM EST

    *racious applause*

    "You're an asshole. You are the greatest troll on this site." Some nullo

    [ Parent ]
    And stop exporting fads (none / 1) (#149)
    by Tatarigami on Thu Jan 29, 2004 at 05:15:28 PM EST

    When one of my country's political leaders was caught going shopping for clothes with funds intended for educational television, the papers had to call it 'Undiegate'.

    [ Parent ]
    Change the title (none / 1) (#111)
    by abe ferlman on Mon Jan 26, 2004 at 01:01:43 PM EST

    It should read "and", not "or".

    What Ho Kuro5hin? (none / 1) (#112)
    by Arthur Dent on Mon Jan 26, 2004 at 01:30:00 PM EST

    I normally expect a higher level of discourse here, and even though I am mainly a lurker, I am disappointed that no one has pointed to the gist of the problem:
    The fact that although the files were supposed to be protected, they were not, due to a technical misconfiguration. That implies that though the democrats believed that the files were not world readable, they were accessible to the republicans.

    Quote:
    A technician hired by the new judiciary chairman, Patrick Leahy, Democrat of Vermont, apparently made a mistake that allowed anyone to access newly created accounts on a Judiciary Committee server shared by both parties -- even though the accounts were supposed to restrict access only to those with the right password.

    Ethics is the "gist" of the problem (none / 3) (#114)
    by sphealey on Mon Jan 26, 2004 at 02:46:09 PM EST

    Sorry, have to disagree. Fundamentally and totally.

    As the CIO, senior sysadmin, and chief bottle washer at a mid-sized manufacturing company, I have complete and total access to everything on the corporate network. I can access every confidential file, no one could stop me, and only one person in the entire company (the CFO) would have even a ghost of a chance of knowing I had done so.

    Have I ever taken advantage of this? Read my performance reviews stored on the president's home directory? Perhaps more importantly, read my corporate rivals'? Taken a quick look at the financial numbers?

    No, I have not. And if I found one of my employees doing so I would (a) escort them out the door as of that instant (b) recommend to the president that we call the police and request criminal prosecution.

    WHETHER OR NOT the files were easily accesible (and I am guessing they were not), the Republicans had absolutely no ethical, and probably no legal, right to put their grubby eyeballs on them. Not a right in the world.

    That, gentlemen, is the issue.

    sPh

    [ Parent ]

    what kind of sysadmin are you? (none / 1) (#130)
    by Barbarian on Tue Jan 27, 2004 at 05:20:55 AM EST

    Open shares all the over the place? What happens when someone gets the latest worm?

    [ Parent ]
    Not the point, dude (none / 1) (#131)
    by sphealey on Tue Jan 27, 2004 at 06:47:26 AM EST

    There aren't open shares on the systems I am responsible for. At least, not to the best of my ability (weak though that may be); if there were as many hours in a day as a year I don't think anyone could yet keep up with what Microsoft issues.

    But - that's not the point. If I find an open share in the executive area, I (a) fix it (b) notify the appropriate people. I don't start reading everything in the directory named "Confidential"

    sPh

    [ Parent ]

    Also, accounts not documents (none / 1) (#134)
    by SnowDogAPB on Tue Jan 27, 2004 at 08:25:16 AM EST

    Worth noting from the original poster's quote:

    made a mistake that allowed anyone to access newly created accounts

    It doesn't say anyone could read the data, it said anyone could access the accounts.

    If I, just for kicks, try to log in as the CEO of my company and find it has no password enabled, does that mean I'm legally and morally allowed to start browsing his files?

    Come now.  If this was some kid who had "hacked" his way past an insecure server to get at these files, the kid would be in a locked room with the Men In Black right now.


    [ Parent ]

    if they used Linux this would not have happened (none / 1) (#147)
    by modmans2ndcoming on Thu Jan 29, 2004 at 11:17:28 AM EST

    because when you create a new account there, if you don't set the groups, the new account cannot enter the groups and the error would have been noticeable right away since the new person could not read the info in the group folder.

    [ Parent ]
    cyber terrorist? (none / 1) (#116)
    by Rendition on Mon Jan 26, 2004 at 02:54:10 PM EST

    Isn't it a wee-bit of a hyperbole to call this terrorism? When people are dying out there and this was a case of an open unsecured file structure?
    FirstAdopter.com - where early adopters discuss great stuff first!
    Judicial nominations lead to (none / 1) (#123)
    by mmuskratt on Mon Jan 26, 2004 at 07:31:19 PM EST

    seats on the Supreme Court...seats on the Supreme Court lead to appointing presidents who lose the popular vote and stop recounts, presidents then use broad powers to draft things like the PATRIOT Act which is then used to do things like convict/arrest/hold computer "hackers." If the rules apply to anyone, who is to say that these people aren't terrorists or at the very least, guilty of treason for exposing secrets of our government to the media? The point being, there is a double-standard here, and the Dems are quite correct in applying it to the Republicans. Maybe the laws will change because of it...I'm not holding my breath.

    [ Parent ]
    So the News since yesterday is -- a scapegoat! (none / 1) (#118)
    by marcmengel on Mon Jan 26, 2004 at 03:18:23 PM EST

    Interesting, since I read the Boston Glob article about this yesterday, they've apparently nominated a scapegoat (the unnamed junior staffer...).

    I wonder what they promised the poor staffer to get him to go along with the story -- or is he unnamed 'cause they haven't picked him yet?

    Cynically yours...

    What makes you think (none / 1) (#121)
    by Fredrick Doulton on Mon Jan 26, 2004 at 06:50:49 PM EST

    that the incompetent Admins were Democrats? Is political affiliation a prerequisite for working as a system administrator?

    Bush/Cheney 2004! - "Because we've still got more people to kill"

    If you read the article, you'd know. (none / 2) (#132)
    by porkchop_d_clown on Tue Jan 27, 2004 at 08:11:45 AM EST

    the Admin was a Democratic senator's appointee.

    --
    "the internet is to the techno-capable disaffected what the United Nations is to marginal states: it offers the illusion of empowerment and c
    [ Parent ]

    I wonder (none / 2) (#128)
    by kuro5hinatportkardotnet on Mon Jan 26, 2004 at 08:33:27 PM EST

    if the party names were reversed, what would be happening right now.

     

    Libertarian is the label used by embarrassed Republicans that long to be open about their greed, drug use and porn collections.
    I can answer this (none / 2) (#139)
    by Bill Melater on Tue Jan 27, 2004 at 07:54:37 PM EST

    The parties in question would be called Starcomed and Snacilbuper.

    [ Parent ]
    heh (none / 1) (#142)
    by kuro5hinatportkardotnet on Wed Jan 28, 2004 at 04:33:30 AM EST


     

    Libertarian is the label used by embarrassed Republicans that long to be open about their greed, drug use and porn collections.
    [ Parent ]
    mainstream media inaccuracy (none / 1) (#138)
    by Thyrsus on Tue Jan 27, 2004 at 05:44:53 PM EST

    I've seen several comments that draw conclusions from details in reports given in the mass media. I saw an article on Ars Technica pointing out that the mainstream media is utterly unreliable on this sort of thing. All we can reasonably know was that the Republicans saw some documents that the Democrats had on a computer. I will hope that the report from the Senate Seargent at Arms will be more definitive.

    politicians not understanding technology... (none / 2) (#143)
    by wakim1618 on Wed Jan 28, 2004 at 02:18:29 PM EST

    But we at K5 should know better. Where I once worked, there were several shared drives on the network. Everyone had a personal directory whose access privileges can be set by the owner but pretty much, everyone set it to public because we were all researchers who shared a variety of projects. Also, most of us didn't want to deal this. At the same time, we received regular visitors who had access to our directories for upto several weeks at a time. There were all kinds of info that should not have been public (such as referee reports and letters of reference) but we were a relatively small group who worked on the basis of trust.

    I see the same issues in any setting where people work together on a variety of projects. It is just another tedious task to set access privileges that will change over time. It takes a great deal of trust and self-restraint not to exploit these 'weaknesses' in the system. Moreover, I don't check to see who has accessed my files. I expect my colleagues to let me know when they have updated a jointly used file.

    So this finger pointing is besides the point. I don't believe that Dem operatives are of higher moral fiber than GOP operatives. I don't believe that Dems are dumb and haven't already figured this out.


    If I wanted dumb people to love me, I'd start a cult.

    New "leaking" technique (none / 1) (#145)
    by cpghost on Wed Jan 28, 2004 at 06:33:42 PM EST

    Next time some politicians want to spread rumors, they don't have to "leak" something to the press anymore. Just put some documents on a poorly secured server, and them blame all others that the documents leaked to the general public.
    cpghost at Cordula's Web
    [ Parent ]
    ever think about making yourselfs one group (none / 1) (#146)
    by modmans2ndcoming on Thu Jan 29, 2004 at 11:13:45 AM EST

    and visitors another group?

    then you can all share your files and visitors cannot.

    [ Parent ]

    Files like this shouldn't be hosted by Taxpayers (none / 2) (#144)
    by Rich0 on Wed Jan 28, 2004 at 03:06:49 PM EST

    My question is why are documents on legislative strategy being hosted on servers paid for by taxpayers in the first place?

    My feeling is that anything stored on a congressional fileserver paid for by taxpayers should be accessible to anyone from either party.  

    Servers to keep track of bills and agendas and all that make perfect sense - and the public should pay for them since they serve the public interest.  Filibusters and backroom deals do NOT serve the public interest - and WE should NOT be paying to support them.

    To me the embarassment to our country isn't that the Republicans were snooping around in the Democrats dirty laundry, but rather that the Dem's had dirty laundry to snoop in.  And yes - I realize that the Republicans probably had files that were just as lousy on their fileshares.

    Perhaps people will realize that if you draft up filibuster strategy documents then they could get leaked.  Then they might decide to use the legislative process the way that it was intended - not to ABUSE it.

    And I still don't know why we haven't gotten rid of the lousy procedures used by the Senate which allow filibusters in the first place.  Ditto for committee chairs who can pigeonhole bills indefinitely.  

    The political strategy documents merely illustrate how both sides of the aisle exist mainly to serve themselves...

    The Dems had it coming (none / 2) (#150)
    by bobbuck on Thu Jan 29, 2004 at 05:55:56 PM EST

    Under Bill Clinton, FBI files were released on most of his political opponents. That was illegal without any question. The memos leaked from the judiciary committee, however, were public record. They were on public computers, concerning the appointment of public officials by the US Senate. It would be immoral to withhold this information from the public. Shouldn't the public know that the Democrats wanted to block Miguel Estrada because he is Hispanic? Shouldn't the public know that suspected Christians are automatically disqualified or that the Dems held a nomination for one attorney they favor?

    Modern security rules... (none / 1) (#163)
    by bodrius on Fri Jan 30, 2004 at 10:03:22 PM EST

    Let me ask the stupid question:

    If there is no protection for a publicly accesible file, how do you know whether you are accesing them without permission?
    Freedom is the freedom to say 2+2=4, everything else follows...

    Copies of the memos (none / 0) (#167)
    by imrdkl on Wed Feb 04, 2004 at 06:00:21 AM EST

    Are now available (pdf), albeit with a somewhat republican-leaning analysis.

    Miranda to Resign - Dems press on for more punishm (none / 0) (#168)
    by imrdkl on Thu Feb 05, 2004 at 04:03:11 AM EST

    The saga continues, with Manual Miranda agreeing this week to resign, under pressure from Sen. Hatch. Some Republican senators are worried that his replacement won't serve their interests as well as Miranda did.

    FileGate - Cyberterrorist Republicans or Careless Dem Sysadmins? | 166 comments (137 topical, 29 editorial, 3 hidden)
    Display: Sort:

    kuro5hin.org

    [XML]
    All trademarks and copyrights on this page are owned by their respective companies. The Rest © 2000 - Present Kuro5hin.org Inc.
    See our legalese page for copyright policies. Please also read our Privacy Policy.
    Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
    Need some help? Email help@kuro5hin.org.
    My heart's the long stairs.

    Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!