Convicted sysadmin calls for 'common sense' cyber laws

IT consultant and author Randal Schwartz has called for common sense in the development of cyber laws.

Schwartz, who was convicted of computer crime against Intel in the US in 1995, spoke exclusively to Computerworld at last week's SAGE-AU (System Administrators' Guild of Australia) conference in Hobart, said that, with the present state of cyber laws "you don't need to intend harm to be a criminal".

"The law in Oregon is clearly wrong by making crimes out of legal actions," Schwartz said. "We need to have sensible laws that address the inconsistency between electronic and physical security."

While working as a contract systems and network administrator at Intel, Schwartz used a password-cracking tool to check if iWarp, " a joint project between Intel and Carnegie Mellon University " had any crackable passwords.

"While I was waiting to tell someone of the 48 crackable passwords, my crack run was discovered by Intel security," he claims. "Within 48 hours there was a search warrant passed and the police took my statements out of context."

According to Schwartz, he was acting at all times without malicious intent and doing "what I thought would be helpful to the people who were feeding me".

As a result, Schwartz was convicted of three felonies, paid $US67,000 in restitution, sentenced to 480 hours of community service, a three-month deferred jail sentence and put on five years probation.

"By proper enforcement of copyright law in Australia you become a felon for forwarding e-mail," he said. "Such laws have worldwide connotations and need to [clarified] so people don't accidentally become felons."

Freehills IT and privacy special council Duncan Giles said that, although copyright is present in an e-mail there may be an implied licence it to be re-transmitted.

"If organisations have clear e-mail policies, breach of confidence is more likely than copyright," Giles said. "Systems administrators need to be fully aware of their organisation's policies regarding privacy and security. The sysadmin can do things that are consistent with their role, because most Australian laws relate to the unauthorised use of computers."

Schwartz said the outcome would have been tougher had the case happened now.

With his five-year probationary period over, Schwartz is now free to travel to any country "which will let me in".

"Australia has rejected my last two electronic visa applications, but I eventually got here, "he said.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Carnegie Mellon University AustraliaFreehillsIntelMellonVisa

Show Comments
[]