Well, well. Once again we have another instance of the general establishment not understanding the slightest thing above computing, software, etc. and making up there own rules to do what they want.

Let's look at the points of the case :

1. He downloaded a distributed software package.

Okay, fair's fair, he was warned, but for God's sake, if

one of the students at the campus had done this there

wouldn't have been half the furor.

Also, they guy resigned 18 months before any charges

were brought, so what were they investigating for all

that time?

2. Second, as he chose to resign, after being suspended,

and nothing was stolen, altered, lost etc. it's surely a

civil matter between employer and ex-employee?

3. They claimed they paid 59c every second. Hey! this is an

academic institution, so a) that time would have had to

be paid for anyway and b) these were idle computers, so

rather than wasting the power used keeping them on doing

nothing, it would surely be better for them being used to

do something which has a positive effect for everyone.

4. The trespassing charge would be required if he was

accessing areas he wasn't authorised to be, but surely as

the college computer technician he had de-facto

authorisation for every part of the system, so how could

it be trespass.

5. They request restitution "equal to the amount of money

paid to state workers to uninstall the programs from 500

PCs".

I'm sorry but most distributed computing projects allow

easy removal of the program (usually an un-install

option built into the software or a link to a seperate

program to do the same).

So how much would it cost for one person to do this for

500 machines, most of whom are usually located in large

groups together?

6. The prosecutors also contend that he "deliberately

ignored the college's written computer usage guidelines".

Again, I'm sorry, but most guidelines I've seen are

telling students not to install any software at all, so

how was he supposed to abide by this if he was doing a

Y2K upgrade on these computers? Think people!

7. "..informed on many occasions by his supervisors to stop

downloading programs".

Which programs? From what I understand on the above,

they didn't notice this until Dec 99, then suspended him

in Jan 00. How many notices could they POSSIBLY have

given him in this space of time??

8. "..including computers that has sensitive student

financial and identity information without

authorization ... there is concern about the program

itself compromising or providing the basis to

compromise sensitive personal or financial information".

Hellloooo! Are you totally asleep! If they had even the

slightest clue about computer security, they'd know this

sort of information should be stored on an isolated

computer, especially of it's that sensitive. Or if

that's not possible, you encrypt it. Oh, but wait! What

was that program doing. It was testing an encryption

standard. DUH!!!

I think this is just a case of someone thinking that this would be good way to get some publicity for their career, especially in light of the events of recent months!

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/300/9341#9341