Copy Link
Add to Bookmark
Report
40Hex Issue 12 File 006
40Hex Number 12 Volume 3 Issue 3 File 006
This article is being written for 40-hex, because I believe
communication is the key to helping computing obtain its maximum
potential. I do not agree with all of the philosophies of many virus
writers. This article does not endorse the views of anyone other than
myself :), and does not endorse any other material that will appear in
this or any other issue of 40-hex. Many of the ideas expressed in this
article appeared in one of my submissions to Computer Underground
Digest. I'm writing this because I've had some good honest conversations
with some of the Phalcon/Skism people, and I appreciate them listening
to my views (even though they don't agree with them all).
Again, I am not going to get into this "not all viruses are meant to be
destructive, not everyone who calls a virus exchange BBS will use
viruses for evil purposes, some anti-virus product developers lie to
scare the users" business. I agree with all of this, and if you don't,
then you will have to find that out for yourself. Virus writers already
know this is true. If you are not a virus writer, and really don't know
what is going on, and are reading this magazine thinking that we need
laws to shut these guys down, you should do some investigation on your
own and find out what is really going on in the virus arena. These
arguments only cloud the issues, and the issue here is "What is going
on?". I can't tell you everything that is going on because I don't know,
but I tell you this much: Something's happening here....What it is ain't
exactly clear...
Computer viruses are programs but they are also more than 'just
programs'. I did an in-depth study of virus exchange BBS and found that
the viruses themselves did not have a signifant impact on the users. It
was more a case of certain attitudes having impact, and of the
(necessary) reaction on the part of security personnel and a-v product
developers having impact. By necessary action, I mean that each time a
virus writer releases a virus to a virus exchange BBS (losing control
over it) or releases it code in a magazine, people get scared.
Developers then have to put detection for that virus in their scanners.
Updates cost money. Some of this has changed since my study. More
viruses are being found in the wild. Some of this is due to their
intentional release, their availability on virus exchange BBS. Still,
the majority of the problem is not the distribution of the viruses but
the fostering of some of the attitudes. On the positive side, we see
some people finally calling for "responsible" action. Only time will
tell how long it lasts. To me, the P/S E-Mail virus site was a very bad
choice on the part of the administrators and I am glad it is gone.
Still, it was better than some situations which actively encourage using
viruses to cause damage. We don't yet live in that ideal world where we
can trust other people to act nice.
People want to say they can't help what someone else does with a virus
if they give it to them, but by exercising some common sense and
responsibility, they -can- help. It's not so much to ask considering the
future of cyberspace and it's freedoms are at stake here. If people keep
going like they are now, soon we will have laws that say we CANNOT give
certain code to anyone. Don't believe it? Read on.
When I talked about laws in the Fido Virus echos, virus writers told me
there is NO way there will be any laws against virus exchange BBS,
anywhere, ever. Free Speech. WRONG. Do you think I just pull this stuff
out of thin air?
It's not illegal to have such BBS in America. Not yet. They are illegal
in other countries. Specifically, the Dutch law (art.350a (3), 350b (2)
Sr.) addresses the distribution of computer viruses. "Any person who
intentionally or unlawfully makes available or distributes any
information (data) which is meant tto do damage by replicating itself in
an automated system shall be liable to a term of imprisonment not
exceeding four years or a fine of 100,000 guilders."
In Sweden, it's starting to sound more like this:
Anyone, who, without authorization - erases, modifies, or destructs
electronically or similarly saved or data, or anyone who, creates,
promotes, offers, makes available, or circulates in any way means
destined for unauthorized deletion, modification, or destruction of such
data, will, if a complaint is filed, receive imprisonment for up to
three years, a fine, or if there is considerable damage, five years
sentence.
Is that clear enough? It is against the law in Holland to INTENTIONALLY
(i.e. on purpose, i.e. if you put it online, you knew you put it there)
to make available ANY data (program) that can do damage..specifically a
replicating program. That means virus. And don't forget that magic word,
"extradition". The Swiss laws are in draft stage.
Now, a lot of virus writers say they can't be held responsible for a
virus doing damage if they don't mean for it to escape, or if someone
else uses it. Wrong again. The law of negligence allows victims of
accidental injury to sue to obtain compensation for losses caused by
another's negligence. But, it's even more applicable if you consider the
aspect of torts. You can have what is called an intentional tort (which
is what lawyers use to refer to suits that try to get dollars for
damages, such as libel, fraud). In these kinds of cases, you may think
just because you didn't mean for your virus to 'escape' you are not
legally responsible (forgetting about ethics for a minute. A lot of
virus writers seem to think if its not illegal to do xyz, xyz is
therefore ok to do. So lets put ethics aside and look at legalities).
You are indeed legally responsible because all that is necessary to
establish intentional torts is that you -intended- to do the act (write
the virus) that caused the harm. The law of negligence allows victims of
accidental injuries to sue for compensation due to negligence. This of
course refers to U.S. law, and is not in any way a complete reference,
but you can get the general idea. You don't just have free rein.
But, the law is not the solution, in my opinion. However, you can force
it to become the solution if you do not take responsibility for your
actions. If you keep making these viruses available indiscrimately, you
are creating LAWS, just as surely as if you had written the law with
your own hand.
Stop to think for a moment of the implications of this. The Dutch
enacted laws as the abuse of computerized equipment increased. While
some laws already existed that addressed computer crime, it became clear
that some intentional damage was being done that was slipping through
the loopholes in the law. Something must be going on that caused them to
react so strongly, to specifically include virus exchange bulletin
boards in this legislation. What was going on? Malicious damage.
Incitement. Actions that helped people to do damage. What is this
"incitement"?
Incitement. That is a term that is getting a lot of publicity now, with
Mike Elansky held on $500,000 bail for distributing a text file on his
BBS. The file contained the following text:
! Note to Law-enforcement type people: ! ! This file is intended
to promote ! ! general havoc and *ANARCHY*, and ! ! since your
going to be the first ! ! assholes up against the wall.. there ! !
isnt a damn thing you can do about ! ! it, pigs!
!
It may be distasteful to some people, but the kind of information
included in the file was the same 'anarchy' type information you can get
at your local library. Does it merit a young man being locked up with an
almost impossible bail? It's no worse than a lot of the graffitti you
can find in Manhattan, or LA, and it's no worse than you can hear on a
lot of albums. To me personally, it's just silliness. I know the fellow
who wrote the file, and I don't find him to be a threatening anarchist.
He's a fine person, who wrote the above as a parody-spoof. It is not
much different than the things you hear in the halls at most high
schools these days. I'm not saying it's a desireable manner of
expressing dissatisfaciton with the system, but its *NOT* the devil
incarnate.
Someone had it on their BBS, someone downloaded it, and now, the BBS
sysop is in jail for it. Something's happening here...
Fear. People are afraid. They are chasing the shadowy ghost, and imagine
it is 'the virus writer' or 'the hacker'. Well, virus writers and
hackers may do some of these things, but the majority of them do not.
the publicity. Why? Because they want it. And, what happens when they
want it, and get it? More fear. The real ghost is ignorance and fear,
not the virus writer or hacker. On the other hand there ARE some very
malicious people out there. And, maybe to protect people from them, we
will need laws. The way it stands right now, no one knows who is
malicious and who is not because everyone is hiding behind the "law".
This will change, very soon, if people do not stop thinking they can
just do whatever they like because its "legal". Laws are established
when new situations come about, and some people are pushing the envelope
here.
One thing that is happening is that people are afraid to say something
is wrong. We all have to stop being afraid to say something is WRONG. It
is WRONG to destroy or damage data of other people.
It's WRONG to encourage people to do it. and, if you can't figure out
what encourages people, then you had better figure it out soon, because
we don't have much time left.
I say you better figure it out fast because right now, people are up in
arms about computer viruses. They have every right in the world to
expect they shouldn't have to be on guard against any 'toys' that happen
to escape. They certainly deserve to be protected from people who
malicious release, or -irresponsibly release- viruses. They should not
have to learn every in and out of DOS to protect themselves. For most
people, computers are work. They are not just hack-o-matik machines
waiting to be explored. No one has the right to destroy other people's
information. Just like we don't want the government or other people to
just do whatever they feel like with -our- information, we have to
respect other people's rights to -their- information.
It isn't working. There are still people who are doing malicious things
with viruses. In talking with a lot of virus writers, I've pretty much
gotten the same story. After a while, it's just not fun to do it
anymore, and they evolve into learning more about code in general. They
no longer upload it to unsuspecting people. Most of them don't even use
virus exchange BBS, because there is just not any point. You can only
get excited over FF/FN so many times, and sooner or later you move on to
other things. But there is still a problem. Newcomers to the virus scene
pass thru the same stages; they release their viruses either through
incompetence or purposeful maliciousness, to 'prove' themselves. It's
almost like a rite of passage.
It is this group, the intentionally malicious, that are drawing all of
the attention. It is this group that forced the hand of the Dutch
government. It is this group, malicious virus writers and hackers that
are drawing the attention of the the Legislators and Judiciary in the
United States, Canada, and now Switzerland.
Consider that we are living in a truly global society. The laws cannot
forever be bound by traditional territorial borders. Think of the
implications for the future. Being held hostage by one's freedoms tends
to make one rethink their "Rights". -------
--
SGordon@Dockmaster.ncsc.mil / vfr@netcom.com bbs: 219-273-2431
fidonet 1:227/190 / virnet 9:10/0 p.o. box 11417 south bend, in 46624
*if you don't expect too much from me then you might not be let down*
----
I originally had a huge response for this, but I found that a
majority of my arguments were more aimed at the point of view she was
explaining, rather then her viewpoint. The bottom line is, laws that
regulate information are horrible. If it happens, it is unenforcible.
I do not believe that virus writers should be 'nice', or politically
correct, and I dont ever plan on removing virus source from 40Hex.
Another problem with her article is the part about virus writers doing
whatever they like just because it is 'legal'. The point is, because
it IS legal, we can write viruses. People also break the law and
distribute viruses. It is NOT wrong to write a virus. By any morality.
It is wrong to use it on someone else's computer illegally. For the
most part I agree with Sara Gordon. Before you go about saying she is a
narc, and she did this, and she did that, just ask yourself what have
you done about virus legislation. If it is equal to zero, zilch, nada,
etc., then you should at least give her the credit of doing something to
help the underground, despite the rumors. I don't care whether you
trust Sara Gordon, but realize that in this issue she is definately
fighting the legislation.
