SecurityFocus contributor Mark Rasch."> Lazy Workers May Be Deemed Hackers
      Digg this story   Add to   (page 1 of 2 ) next 
Lazy Workers May Be Deemed Hackers
Mark Rasch, 2009-08-25

Richard Wolf did more than daydream at work.

From his office job at the Shelby City (Ohio) Wastewater Treatment plant, he was browsing adult Web sites, including one called Adult Friend Finder to meet women. When some of the women asked Wolf for nude pictures, he bought a digital camera, took pictures, and e-mailed them using his work computer.

In a communication with a dominatrix that advertised online, the woman proposed a "no-sex" session for $150, to which Wolf replied that, while he would love to be with her, he could not because he had "a lot of financial issues on my plate," but that he might contact the woman at some time in the future.

Apparently Wolf spent a lot of time browsing these Web sites – about 100 hours over the course of several years, for which he was paid by the city about 23.92 an hour including his benefits. When caught, Wolf admitted that what he did was in violation of established work practices and "unethical and wrong." He fully expected to be fired for his activities.

What Wolf did not expect was to be indicted. For the time he was supposed to be working but was surfing the Web, Wolf was charged with theft of his employer’s money for unauthorized use of property, and was charged with soliciting sex for money. The court concluded that he conversations between Wolf and the dominatrix was enough to establish at least a solicitation of sex, if not an agreement to have sex for money.

The recent Ohio State appellate case (pdf) demonstrates that computer, e-mail and Internet use policies that restrict the use of company computer systems can lead not only to termination of employees but to their prosecution and incarceration as well. More troubling for companies drafting computer use and computer security policies is the fact that Wolf was charged with computer hacking – yes, hacking.

Redefining Hacking

The Ohio law on computer crime, Ohio Revised Code 2913.04(b), like similar laws in many jurisdictions, provides that:

(a) person, in any manner and by any means, including, but not limited to, computer hacking, shall knowingly gain access to . . . any computer, computer system, computer network, . . . beyond the scope of the express or implied consent of, the owner…

Many jurisdictions prohibit not only computer hacking — that is, the unauthorized access into a computer — but also "exceeding the scope" of authorization to access or use a computer. This distinction derives from a case in the early 1980s where an Internal Revenue Service (IRS) employee from Boston was unsuccessfully charged with breaking into the agency's computers when he used his lawful access to the computer to read files of taxpayers he was not authorized to read.

Story continued on Page 2 

Mark D. Rasch is an attorney and technology expert in the areas of intellectual property protection, computer security, privacy and regulatory compliance. He formerly worked at the Department of Justice, where he was responsible for the prosecution of Robert Morris, the Cornell University graduate student responsible for the so-called Morris Worm and the investigations of the Hannover hackers featured in Clifford Stoll’s book, "The Cuckoo’s Egg."
    Digg this story   Add to   (page 1 of 2 ) next 
Comments Mode:
Lazy Workers May Be Deemed Hackers 2009-08-26
Anonymous (1 replies)
Lazy Workers May Be Deemed Hackers 2009-08-27
batz (1 replies)
Re: Lazy Workers May Be Deemed Hackers 2009-10-09
Alan W. Rateliff, II


Privacy Statement
Copyright 2010, SecurityFocus