« Howard Dean is Nuts | Main | Disputing the Communitarian Malaise--One Mouse Click at a Time »

Democrats, the Filibuster, and Theft

Not often can I say that I've scooped my local CLS blog-rival, the so-left-we-don't-blog-on-the-right-of-your-browser Filibuster. They've decided that the 'scoop of the year' must be this Boston Globe piece on how Republican's 'infiltrated' 'secret' files.

Of course, readers of this site will have been alerted quite a while ago that the 'hacking' consisted of nothing more than Democrats leaving their files on servers that hadn't been secured. By any reasonable definition of 'hacking' or 'intrusion' (and I'm sure my lefty-but-fair techie-blogger Len will back me up on this), taking a file from a folder you've been given access to just doesn't cut it. Furthermore, everyone agrees that the mistake was made because the Democrats hired their own technical consultants to revise the way the committee's computers worked, and those consultants screwed the pooch. [1]

This makes one ponder at the opening paragraph of the Boston Globe article:

Republican staff members of the US Senate Judiciary Commitee infiltrated opposition computer files for a year, monitoring secret strategy memos and periodically passing on copies to the media, Senate officials told The Globe.

You see, 'secret' here means 'put in a folder where anyone on the committee can see them, and not labelled secret anywhere thereon' and 'infiltrated' means 'opening up the shared folder of your workgroup' (which some of you might think of as your G: drive if you're at Columbia).

Of course, the Filibuster mentions the story twice, and claim that the GOP 'stole' these documents. Since the Filibuster and the Columbia Political Union are part of my university, I'm going to throw down that gauntlet: find me a statute, make me a case, and given a decent grasp of the technical competencies involved show me how this is theft. (Note that the Globe either had fewer cajones or more caution than to call this activity 'stealing.')

Update: The Boston Globe continues its coverage, pointing to the Committee for Justice's fact sheet arguing no rules were broken. I'm not sure I buy that: there may very well have been some ethical rules broken. But if so, theft seems pretty extreme.

[1] Full disclosure: I received every bit of my formal training in how to be a Systems Administrator from the U.S. Senate. If the mistake is what the papers have said it was, this was a basic error. No one who received Senate training should have made this mistake.

TrackBack

TrackBack URL for this entry:
http://www.threeyearsofhell.com/cgi-user/mt/mtPleaseLinktoMe.cgi/359

Comments

I just want to applaud the use of the phrase "screwed the pooch." It doesn't get used enough.
I'm going to throw down that gauntlet: find me a statute, make me a case, and given a decent grasp of the technical competencies involved show me how this is theft. As a non-lawyer I'm not in a position to do so rigorously, but it occurs to me that there is potentially an issue of unauthorised copying of data here. Had the unsecured folder contained (for example) music tracks, it would have been illegal to take copies without permission. Why are memos different ? Also, as someone with a certain amount of knowledge of server administration, I'm not sure that something being 'secured' is even well defined (although that may not stop the law from pretending it is !) For example, I'm sure that I'm better at extracting files from computers than your average politician. Does that mean that it's OK for *me* to leak to the press any file I can get my grubby paws on ? If not, then at what particular level of skill does the copying of files become theft ?
I suspect you're right about the levels of incompetency involved. Still, the decent thing to do would have been to say 'hey buddy, your files are lying there where any unscrupulous so and so could read them, you might want to tidy them up a bit' Now we all know that's maybe asking a bit much of men who are selected at least in part for their moral standards, but hell, they've been caught with their hands in the till and now they're gonna have to say sorry. Not for their 3133t h8x0r skills, but for being shady buggers.
FYI, the Boston Globe's follow-up story (GOP Downplays Reading of Memos) is at: http://www.boston.com/news/nation/articles/2004/01/23/gop_downplays_reading_of_memos/
Bateleur: I'm not fully aware of the relevant law, but unauthorized copying of music is violation of copyright. While sometimes called 'theft,' it's somewhat different. As for someone of greater skill at 'extracting files': wouldn't you say that a good dividing line for 'skill' would be whether the administrator of the system had assigned permissions to you to view those files? Can you steal something to which you've been assigned permissions? As the fact sheet put out by the Committee for Justice points out: "The documents were disclosed through the window labeled 'My Network Places.'" What lower level of skill are you going to assign? ;)
OK, there are two ways of looking at network share permissions. You can explicitly allow permission to access or you can explicitly deny permission to access. In this case, the snoopers in question were not specifically denied permission to access to the share in question but they were also not specifically allowed persmission to access the files. Its obviously an open and shut case of electronic trespass IF they were explicitly denied permission to access the files and they managed to circumvent the access control mechanism, but this is NOT the case. While it may be unethical to view these materials given that they weren't explicitly allowed permission to do so, it certainly is no violation of any law that I am aware of. Think of the web server example, if I post files (non copyrighted material) to a directory on my web server that I don't tell anyone about, but I don't explicitly deny access permissions, I have no case against someone who finds and downloads that material. Hey, I am as left leaning as you can find on many topics, but in this case, 1) whoever set up that share does not deserve the title of network administrator, and 2) does anyone really think that if the roles were reversed that the dems wouldn't be reading the material on an open share? This is a non issue. A sysadmin needs to get fired, end of story. A MINOR ethical lapse, but one that could be expected give the situation. I really hate the Globe's coverage of this as if its Watergate... sheesh
"[L]efty-but-fair", eh? A Greater Compliment I cannot possibly receive. :-) Much as I would like to whip myself into a righteously indignant fury and quote Henry L. Stimson's famous comment that "Gentlemen do not read each other's mail" (or confidential memos, talking points papers, draft briefings etc., etc., ad nauseam), the fact o'the matter is that if the Dems left sensitive information on an unprotected directory/folder on a server which staffers for both parties had read access (at minimum; I'll wager that the sysadmins left permissions at the default NT/2K permissions, which is basically Full Control for Everyone), then they got what was coming to them. Absent some statute or other rule that specifically defines that kind of behavior as "cracking"/"hacking", I wouldn't think of this as cracking/hacking. Windows NT/2000 has allowed file and directory level access control all the way back to Windows NT 3.5 (which is when I got involved in NT system administration), and any reasonably competent NT/2K sysadmin knows that. There's no excuse for what's happened here. The front door was left completely unlocked. Quoth Anthony: "everyone agrees that the mistake was made because the Democrats hired their own technical consultants to revise the way the committee's computers worked, and those consultants screwed the pooch." You're being too kind, methinks. The consultants screwed a whole pack o'pooches. Sensitive partisan documents should have been kept on a separate server to which only members of the relevant party should be given access. Putting such documents on a shared server was asking for trouble, even with proper file/directory level access controls.
Ah, Len, thanks for the confirmation. Now no one will doubt that I'm being partisan in my administrative position. (However--a whole pack of pooches? PETA already dislikes me, Len, there's a limit to what I can get away with.) The only reason I can see for not having separate servers for each part of the committee is lack of resources--which are more scarce than one might expect in the Senate. There may only be the one file server. Personally I'd consider adequate permissions on the same server to be sufficient: unless the average technical acumen of Senate staffers has risen dramatically since I was there, I doubt there's a huge hacking risk.
Here is an interesting paper from NYU Law Review (Nov. 2003) which dicusses the legal meanings of "authorization" and "access" as it applies to computer crime, and how those meanings are still being fleshed out in the courts. Personally, I think the staffers' behavior was rude, but not illegal.
8307 black jack is hot hot hot! get your blackjack at http://www.blackjack-dot.com

Post a comment

NOTICE TO SPAMMERS, COMMENT ROBOTS, TRACKBACK SPAMMERS AND OTHER NON-HUMAN VISITORS: No comment or trackback left via a robot is ever welcome at Three Years of Hell. Your interference imposes significant costs upon me and my legitimate users. The owner, user or affiliate who advertises using non-human visitors and leaves a comment or trackback on this site therefore agrees to the following: (a) they will pay fifty cents (US$0.50) to Anthony Rickey (hereinafter, the "Host") for every spam trackback or comment processed through any blogs hosted on threeyearsofhell.com, morgrave.com or housevirgo.com, irrespective of whether that comment or trackback is actually posted on the publicly-accessible site, such fees to cover Host's costs of hosting and bandwidth, time in tending to your comment or trackback and costs of enforcement; (b) if such comment or trackback is published on the publicly-accessible site, an additional fee of one dollar (US$1.00) per day per URL included in the comment or trackback for every day the comment or trackback remains publicly available, such fee to represent the value of publicity and search-engine placement advantages.

Giving The Devil His Due

Choose Stylesheet

What I'm Reading

cover
D.C. Noir

My city. But darker.
cover
A Clockwork Orange

About time I read this...


Shopping

Projects I've Been Involved With

A Round-the-World Travel Blog: Devil May Care (A new round-the-world travel blog, co-written with my wife)
Parents for Inclusive Education (From my Clinic)

Syndicated from other sites

The Columbia Continuum
Other Blogs by CLS students

De Novo
Theory and Practice
Liberal Federalism?
Good News, No Foolin'


Althouse
Nancy Pelosi covers her head and visits the head of John the Baptist.
Vlogging in from Austin.
Omikase/"American Idol"


Jeremy Blachman's Weblog: 2007
Happy Passover
Looking for Advice re: LA
Google Books


Stay of Execution
What I've Learned From This Blog, or My Yellow Underpants
The End
Mid Thirties


Legal Theory Blog
Program Announcement: Summer Programs on the Constitution at George Washington
Book Announement: Political Foundations of Judicial Supremacy by Whittington
Entry Level Hiring Report


The Volokh Conspiracy
Making the Daily Show:
Civil unions pass New Hampshire House:
Profile of Yale Law Dean Harold Koh:


Crescat Sententia
Hillary II
Hillary
Politics and Principal/Agents


Law Dork
Election Approaches
Following Lewis
New Jersey High Court: 'Same Rights and Benefits'


IrishLaw
Homecoming
Surveying the revival
Birds of paradise


Half the Sins of Mankind
Cheney Has Spoken Religious conservatives who may ...
Does Ahmadinejad Know Christianity Better Than MSN...
Borders as Genocide In discussions of climate chan...


pf.org
Progress
For lovers of garden gnomes...and any China-freaks out there
We Interrupt Your Regularly Scheduled Programming


Ideoblog
Does SOX explain the flight from NY?
More Litvak on SOX effect on cross-listed firms
What did the market learn from internal controls reporting?


The Yin Blog
Iowa City = Riyadh
Jeffrey Rosen's "The Supreme Court"
Geek alert -- who would win between Battlestar Galactica and the U.S.S. Enterprise?


Letters of Marque
Graduation
And there we are
Oil!


BuffaloWings&Vodka
Signing Off


Dark Bilious Vapors
Jim (The Waco Kid): Where you headed, cowboy?
Bart: Nowhere special.
Jim: Nowhere special. I always wanted to go there.
Bart: Come on.
--"Blazing Saddles"

Technical Difficulties... please stand by....
The Onion should have gotten a patent first....


Legal Ethics Forum
Interesting new Expert DQ case
Decency, Due Care, and The Yoo-Delahunty Memorandum
Thinking About the Fired U.S. Attorneys


Ex Post
Student Symposium- Chicago!
More Hmong - Now at Law School
Good Samaritan Laws: Good For America?


Appellate Law & Practice
Those turned over documents
CA1: courts can’t help people acquitted of crimes purge the taint of acquitted conduct
CA1: restrictions on chain liquor stores in Rhode Island are STILL okay


the imbroglio
High schoolers turn in plagiarism screeners for copyright infringement
talisman
Paris to offer 20,600 bikes at 1,450 stations to rent by the end of the year


The Republic of T.
The Secret of the Snack Attack
links for 2007-04-04
Where You Link is What You Get

Distractions for stressed law students

The Other Side: Twisted AnimationsSomething Positive, a truly good webcomic

Syndicate This Site

Sitemeter

Technologies


Stop Spam Harvesters, Join Project Honey Pot