FREE KEVIN MITNICK! (oh, he is?)
October 14, 2000 6:17 PM   Subscribe

FREE KEVIN MITNICK! (oh, he is?)
Yahoo Internet Life interview with Mitnick (shh about posting stories from big sites). Interesting: how clueless he appears to be about the commercial web (and other post-1995 internet developments). Be very strange to go to jail when we did for what he did and, really, miss out ...
posted by sylloge (21 comments total)
 
I am not sure that the evolution of the web would be something in his league. It's one thing to crack into banks and phreak around but taking down Amazon with denial of service attacks almost seems beneath him.

If anything, the evolution of the Internet might have helped catch him sooner.

posted by Brilliantcrank at 8:00 PM on October 14, 2000


I never liked Kevin Mitnick, nor the whole 'Free Kevin' theory. Kevin Mitnick deserved what he got. The whole hacker ethic of "all information should be free, and some isn't, we'll have to steal it." is unacceptable to me. This theme has been present in the many documents written by 'hackers' that I've read. Some information is private, some information is owned by others, and if people don't want you to have their private information, you can't have it. Mitnick was a guy with little common sense, who thought he was just playing around and gaining knowledge. What he did was theft, and no one has a right to compromise the security of someone else's livelyhood. These people give a bad name to the origin of the word hacker, the people who helped created this great internet we have today.If I steal top secret document from the government, then put it back and tell them how to stop me from stealing it, that doesn't change the fact that I stole something I had no right to in the first place.
posted by tomorama at 8:40 PM on October 14, 2000


Tomorama, I'm uncomfortable with your use of the term "theft" to describe Mitnick's actions.

If I steal your car, you have no car, and I have thus deprived you of your means of transportation - thus I have committed theft. But if I copy the plans for the car you're going to build, you still have the plans. You haven't lost the plans; you've lost exclusive access to them. In this case, have I "stolen" the plans? In the sense that I have acquired them without your permission, yes - but not in the sense that I have taken away something that is yours.

Should the law consider this a category of theft? Maybe, but maybe not. Unauthorized duplication of information is not the same problem laws against stealing cars were designed to solve. Blindly assigning matter-based ideas about property rights to information objects seems like a recipe for a poorly thought out disaster to me. Just because we have been thinking about it that way, does that mean we should continue to do so? This whole idea is very new, after all - as a society we've only had a quarter of a century or so to think about it.

-Mars
posted by Mars Saxman at 9:11 PM on October 14, 2000


I disagree with tomorama, but can definitely appreciate his opinion. My philosophy and personal preference toward personal liberty outweigh my concerns for justice and security. Once again I find myself questioning what position we at MetaFilter are in to determine the facts of Kevin's situation. Did Kevin really do some tangible damage or is his contention that he was only "a pain in the ass" true? Was the case against him just cooked up, or eggagerated? I'd prefer harm to an institution that realizes a profit over the loss of freedom to an individual, especially someone of Kevin's talents. I keep wondering why govmn't doesn't take guys like this and put their talents to work in a positive and productive way instead of attempt to make an example of them? It appears that all of his exploits were due to user and administrative incompetence which, as we all know, are more than rampant with pretty much all computing services/organizations. I don't see any reason to think that people in the world are going to spontaneously get smarter, so why bother this guy and possibly deprive him of his rights or opportunities? And why dislike him when he's human like the rest of us?
posted by greyscale at 9:22 PM on October 14, 2000


acquired them without your permission = theft
posted by Brilliantcrank at 9:34 PM on October 14, 2000


Mars, the law does consider that a category of theft. Sorry, but you can rationalize all you want. Kevin Mitnick was a thief, which is why he went to prison.

If I have a mailing list, and you manage to abscond with a copy of it and use it to send out your advertising, I am damaged even though I retain a copy. First, what you're selling may be in competition to me (and since customers have finite income, in a sense it is no matter what you're selling). Second, it may make the customers mad at me and make them stop buying my products.

But the point is that intellectual property is just as protected as physical property under the law. That's all.

And you're wrong when you say that we've only been dealing with this for 25 years. The precedents on this kind of thing go back far longer than that. (Mailing lists existed long before there were computers, for instance.)

Grey, if I leave the front door to my house unlocked, it doesn't give you the right to walk in and take my TV. If you do, you'll still be guilty of theft. If a computer system leaves security holes, it doesn't make it legal to take advantage of them.

I can't believe that after all this time people are still trying to claim that Kevin Mitnick got a raw deal. He got exactly what he deserved: a fair trial and a long prison sentence.
posted by Steven Den Beste at 9:41 PM on October 14, 2000


By the way and just in passing, everything we're talking about is covered by copyright law. Any information which I produce and keep secret is automatically covered by copyright, and taking a copy without permission is a violation of copyright.

And that is a form of theft. And the legal precedents for copyright go back 300 years. (Copyright is mentioned in the US Constitution, 1787.)

25 year? pfeh

There's no legal difference between proprietary information kept on a computer and proprietary information kept on blueprints or handwritten in a book. It's all covered by copyright, and legal precedent for copyright goes back an long way.

posted by Steven Den Beste at 9:47 PM on October 14, 2000


> acquired them without your permission = theft

But only if it's been 120 years since you first made it. Or something.
posted by holloway at 10:01 PM on October 14, 2000


I think SDB perfectly said everything I was thinking about writing before scrolling down to his post. Copying computer information certainly constitutes theft, because whenever you take some kind of software, you copy it. It can't be considered in the same terms at stealing a car because it's not totally physical. You don't pick up the program off the system you gained unauthorized access to and take it with you, your terminal makes a copy of the information and saves it for you. That's theft. Intellectual or otherwise, it's theft.SDB is also correct on the issue of taking advantage of ignorance. If the acne faced kid at McDonalds leaves his cash register open while he turns around to get your fries, that doesn't give you any authority to take the money, and later advising the manager how to fix this "security hole" doesn't give you an excuse.
posted by tomorama at 11:16 PM on October 14, 2000


I don't want to speak for Mars - he can do that for himself. Still, it seems to me that the interesting question is not, "Is that theft," but "Should that be theft".

The fact that something is legal or illegal now does not mean that it should continue that way into the future. Personally, I advocate complete personal liberty provided it doesn't infringe on somebody else’s rights to liberty or protection from harm.

Now, I’d say Mitnick probably did cross that line. Cloning phones and running up huge bills created genuine administrative expense and was probably a tedious and difficult thing for the people that got the bills. I know I wouldn't want to have to deal with that red tape. That aside, I do think the punishment was and continues to be excessively harsh. For the most part, how were these companies significantly harmed by his actions? His major "crime" seems to be violating the companies’ rights to privacy. To which I respond – companies these days don’t seem to think that we as private citizens should have a right to privacy, so why should we extend that protection to companies. If anything, companies in this sense should have less rights than individuals.

Just my two cents.

posted by willnot at 12:00 AM on October 15, 2000


I really wonder how many of these infantile hackers would keep their "information wants to be free" rhetoric if they were artists or writers who depend on their own creative content to make a living. Does your novel really want to be free? Do you feel stupid putting an anthropomorphic view on inanimate things? You should.

This "philosophy" is just an excuse to go out and fuck with other peoples technology. Instead of setting up a computer club and having friends make secure machines and bets to break them, they go out and screw with others property. Sure, no one really feels sorry for some big faceless corporation, but what about those people on the phone with their cell providers trying to prove they didn't call Canada for 4 hours this weekend.

The worst part is losers like Mitnick have inspired a whole mob of wanna-be crackers/script kiddies/whatever. I don't need their style of bullshit libertarianism hacker ethic driving themselves into my webserver and deleting stuff I don't have a backup for or sending out fake email with my name.

I mean who doesn't "advocate complete personal liberty" as one mefi put it. Do people go around and demand that rights they think are moral and correct be taken from them? Of course not.

So what if companies don't think you should have privacy, you should be the one contacting your legislators not cloning phones and calling yourself some kind of activist. Say you take down my ISP because they serve up some content that goes against your hacker/libertarian ethic. Guess what? The downtime hurts the customer a lot more than the company. And by hurting the customer you've just made an enemy out of someone who might have sympathized with your point of view.
posted by skallas at 1:35 AM on October 15, 2000


Tomorama, you really hit the nail on the point (wrong end) with this one:

>If the acne faced kid at McDonalds leaves his cash
>register open while he turns around to get your fries,
>that doesn't give you any authority to take the money,
>and later advising the manager how to fix >this "security hole" doesn't give you an excuse.

For this analogy to work at all, the "you" in the story would have to return the money along with the instructions (since the "restaurant" still had what it did after the beginning). I'm sure any manager would be happy to get a problem pointed out to him in that case.

But the simplification inherent in reducing Mitnick's actions to those of the hypothetical McDonald's patron misses the precise point that this is really complex and not analogical to (let alone isomorphic with) any of the cannonical examples of more familiar property law.

It is complex for just the reason that willnot brought up: are, we as society, in agreement that the current set of intellectual property laws? (Laws which have changed constantly throughout this century, especially in the last 25 years -- Steven, read this Atlantic Monthly article originally posted in this horrible thread.)

Our laws aren't dropped down from God (at least, civil and criminal laws aren't (well, civil and criminal laws aren't dropped down by God where we live anyway)). We have to decide what kind of society we want and alter, delete or create the laws that afford the desired result.

I don't think it's fair to put someone in jail for five years (and enforce significant further restrictions) for what Mitnick did. Treason, enormous fraud, reckless endangerment on a large scale, in those case, perhaps. But for the nuisance, this is unreasonable (and for the cell time, a punitive fine plus damages would have been fine).

The point is, Steven thinks he should go to jail. I disagree. There is no obvious neutral ground on which we can settle our disagreement, so the issue is complicated and recalcitrant. This is new territory (there weren't systems to hack or software to crack 40 years ago).
posted by sylloge at 2:51 AM on October 15, 2000


You know, whenever I see something like "Free Kevin Mitnick", my inner voice adds on "with every purchase of $10 or more."
posted by plinth at 6:54 AM on October 15, 2000


"I don't need their style of bullshit libertarianism hacker ethic driving themselves into my webserver and deleting stuff I don't have a backup for or sending out fake email with my name."

Your problem -- and not just yours, I see others here doing it too -- is that what you're describing are not the actions of a hacker.

They call themselves hackers, but a better term is "cracker." The media has redefined "hacker" over the past few years, but the original meaning of it -- and the meaning that applies to Mitnick -- is "One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations."

A hacker recently hit Slashdot. He broke into the database, posted a story to the site saying he broke in as proof, secured the hole so nobody else could take advantage of it, and emailed the site owners exlpaining exactly what he did.

Hackers do not break into a website and type "rm -rf /". Hackers are not interested in destroying data. They're just interested in seeing if they can get past your security.

The slashdot story is here, by the way.
posted by CrayDrygu at 11:42 AM on October 15, 2000


Mars, the law does consider that a category of theft. Sorry, but you can rationalize all you want. Kevin Mitnick was a thief, which is why he went to prison.

I'm not arguing with this. The law certainly does consider what Mitnick did a category of theft, as evidenced by the fact that he was convicted and punished for it.

But that's not what I'm talking about. I don't think the law has much of anything to do with "right" or "wrong", and I refuse to think of what Mitnick did as "wrong" or to describe it with morally loaded terms like "theft" merely because it was illegal. I want to think about it first. Maybe it is the law that is wrong - it's certainly been wrong before.

So I'm thinking about it. The only way to imagine "intellectual property" laws in the real world would be to postulate some star trek style duplicating machine. Like this: You locked your car in your garage. Mitnick picked your lock, snuck in, ran his star trek duplicator on your car, snuck back out, and locked your door behind him. Then he stashed his brand new copy of your car in his garage, where it will sit, collecting dust, to remind him of how cool his duplicating machine is. That's essentially what he was sent to jail for doing.

"Theft" of digital information does not deprive the original owner of anything other than exclusive access to that information. This is not the same situation as theft of matter, which does deprive the original owner of access to their property. The harm done is of a different order of magnitude.

There's no legal difference between proprietary information kept on a computer and proprietary information kept on blueprints or handwritten in a book. It's all covered by copyright, and legal precedent for copyright goes back an long way.

I agree, there's no legal difference, and that's the problem. Information stored on paper and information stored on a digital device do not act according to the same rules, and governing them with the same laws strikes me as a dubious and error-prone way of approaching things.

One reason for copyright is to ensure that people don't buy cheap knockoffs thinking they're getting the real thing, thus damaging the original creator's reputation. With paper, this makes sense, because quality degrades with each copy. With computers, this is silly; quality never degrades. Another reason is to allow publishers to recoup their investment in expensive publishing hardware (printing press, ink, etc). It's much more expensive to produce a book than to read one. Again, with computers this is silly: I have to have a computer to read what you sent me, and with that computer I can just as easily send it to someone else. Once the work is created, cost of publication is practically nil.

When you really get down to it, there is one, and only one, justification for applying intellectual property laws to digital information: to grant a legal monopoly on the distribution of a particular piece of information.

Is this something we, as a society, really want to do?

Are the publishers of music, movies, literature, software, and everything else really so weak and powerless that we have to create laws to guarantee payment for the use of their products? Is there no way to create a digital publishing business model that doesn't involve threatening to have the police come beat down your door and throw you in jail if you don't play along? I find it hard to believe that there isn't a better way.

That's really all I'm arguing. I do not believe that the current situation is the best way, or even a very good way. Any system which relies on the use of force to the degree that the copyright system does has got to have something wrong with it.

-Mars
posted by Mars Saxman at 12:12 PM on October 15, 2000


But the point is that intellectual property is just as protected as physical property under the law.

No it isn't, Steven. There are numerous differences in how the law treats physical property and property such as trademarks, copyrighted material, and patents. Anyone who equates the appropriation of intellectual property to physical theft is grossly oversimplifying the issue.

A question for those of you who are championing Mitnick's prison sentence: What did he steal? Who was hurt?
posted by rcade at 1:57 PM on October 15, 2000


Hackers do not break into a website and type "rm -rf /". Hackers are not interested in destroying data. They're just interested in seeing if they can get past your security.That still doesn't make it any less wrong. If a weird guy breaks into my house just to see if he can get through the alarm, then leaves without touching anything and tells me how to fix the alarm, it doesn't change the fact that I don't want the creep in my house to begin with. If anything, he could send the alarm company his hypothesis of how the security can be broken.
posted by tomorama at 2:06 PM on October 15, 2000


Mars, a lot of proprietary information is of enormous value, but would be of lesser value if taken and spread around. And your contention that the only reason to protect that info is because of movies and TV programs is hopelessly naive.

Are you an engineer? It doesn't sound like it, or you'd know that there's a lot more secret information around than you seem to acknowledge.

In some cases corporations which come up with new technologies make a conscious choice to not patent. Rather, they keep the information describing the invention or process secret. The reason is that you have to publicize what you're doing to get a patent, and sometimes they don't want to because it may give away other things they're doing. Also, the technology in question may be valuable for more than 19 years. As long as you can keep it secret, you still get exclusive use.

If I have knowledge of a process for accomplishing something which I maintain as a secret, which gives me a commercial advantage over my competitors because they must use a slower or less efficient or more expensive method (or because they can't do it at all) then having that information taken from me and spread around does me incalculable damage.

One example of how that might operate: I'm in the process of developing something I hope to patent. I'm far enough along so that the end is clear and that I can be sure that the invention will work, but not yet to the point where I'm ready to file. Someone breaks in and steals a copy of the information describing my invention -- and one of my competitors hurries up and brings out something similar enough to represent "prior art", thus preventing me from getting my patent. I've just been badly damaged and have lost the value of an enormous investment in R&D.

Here's a different example: Sprint PCS places a subsidy lock on every phone they sell. What that does is a little complicated to explain (read the link) but the point of it is to make the phone so it can only be "homed" on Sprint's system. Because of that, they can sell the phone at a considerable discount (and they do; they're selling the phones for less than a third of what they cost from the manufacturer) because they make the money back on service fees. Each and every phone has a unique lock code, which is required to get in and modify the NAM, which is where among other things the home system is identified. Since the phone is locked to Sprint, only Sprint can collect service fees on that phone. They may not make back their subsidy on every single phone, but on average they do.

If someone were to break into Sprint's files and nab the database where all those subsidy lock codes were held, and then to publish it, then every Sprint user in existence would be able to unlock their phones and move them to other service providers. Sprint would lose the money they spent subsidizing the sales price of all of those phones, but would no longer recoup that money in service fees. It would probably put them out of business.

Any attempt to try to claim that taking secret information from me can cause me no harm is bunk.

And trying to pretend that this is all about movies and TV is silly.

posted by Steven Den Beste at 3:11 PM on October 15, 2000


Someone breaks in and steals a copy of the information describing my invention -- and one of my competitors hurries up and brings out something similar enough to represent "prior art"

Steven - Why does A necessarily equal B? If I take it and don't publish it or do anything with it, then how are you harmed? Then we're talking about the corporate equivalent of breaking into your sister's room and reading her diary.

Certainly it's not a very cool thing to do, and your sister rightly feels violated by the act, but is it worth more than 5 years of jail time? The courts said yes, because they bought your argument that simply losing exclusive access to information necessarily diminishes its value.

What a lot of people here are asking is, is that really true, and is that the way the laws should be written? Mitnick raises his own interesting question. If the corporations really "lost" the exaggerated amount of money that they claim as a result of his actions, then why didn't they report it in their FTC filings as they are required to by law?

The implied answer being - well they didn't really lose it. They just wanted to make an example of some punk hacker, cracker whatever - it's all semantic anyway. In order to do that, they had to inflate the amount of damages done, and so they made this false argument that somehow A has to lead to B.

I think he was wrong. I think he should have been punished for what he did, but really – what did he do that was so bad it required locking him up for five years plus the punishment they’re continuing to subject him to?

posted by willnot at 5:07 PM on October 15, 2000


Ironic, isn't it?
If this poor bastard had ever learned to talk to girls, he would have been saved the trouble of going to prison and BECOMING someone's girl. And don't tell me he wasn't on the short list of easy lays on the cellblock.
Joking, Joking.....I kid the hackers....
posted by Optamystic at 11:53 PM on October 15, 2000


Steven:

Are you an engineer? It doesn't sound like it, or you'd know that there's a lot more secret information around than you seem to acknowledge.

My job title is "software development engineer", though I have a hard time using such a rigorous word to describe the messy process that is writing code. I'm surrounded by secret information; I spend my entire day working with it. The entire industry is shot through and through with secrets: protected by law, obfuscation, dirty tricks, and lies.

Secrets and the laws that protect them are the source of a tremendous amount of wasted time and frustration. They make software harder to develop, harder to make reliable, and less useful in general. They prevent programmers from sharing information that would be helpful, valuable, or even just interesting. The only people they benefit are the shareholders of the major software publishers, who can take advantage of the secrets and their legal protection to extract huge profits from customers who have no choice but to pay. Everyone else - all the millions of us who have to work on and with the protected products - are inconvenienced and forced to do extra work to get around the roadblocks.

I take a very skeptical look at laws protecting secrets precisely because I know what secret information is around, and because I know how high is the cost of keeping it secret.

Any attempt to try to claim that taking secret information from me can cause me no harm is bunk.

As you've demonstrated with the patent example and the Sprint subsidy lock example, if someone discovers someone else's secret and makes the information public, they can prevent the other person from realizing an expected profit, thus putting a great deal of investment to waste.

One can argue that to cancel an expected profit is to cause harm, I suppose. It is, however, a different (and I would argue lesser) sort of harm than to take away a valuable thing that already exists - as the usual meaning of "theft" implies.

To what degree should the government be in the business of protecting expected returns on investments?

Investment implies the risk of failure. Sprint may not make a profit on their phones even if they do keep the subsidy lock database secret. Your patent may be irrelevant the moment it's granted due to someone else's invention of a better way to solve the problem a month later.

On the other hand, the release of a secret like the phone locks you described does not guarantee the failure of the investment. Even if the database were publicly available, many people wouldn't bother to look up and unlock their phone; many people would stick with Sprint anyway. Who's to say how much of Sprint's expected profit would actually be cancelled by the release of that secret? It's the future, it's speculation; we don't know.

Again, to what degree should the government be in the business of guaranteeing profit from an investment, and to what degree should people be responsible for keeping their secret data secret?

And trying to pretend that this is all about movies and TV is silly.

I understand that, but look who's driving changes to copyright law right now.

-Mars
posted by Mars Saxman at 3:24 PM on October 16, 2000


« Older   |   Honey, I'm home... Newer »


This thread has been archived and is closed to new comments