At 01:24 -0700 2001.08.30, Dmitry Kohmanyuk
=?KOI8-R?B?5M3J1NLJyiDrz8jNwc7Ayw==?= wrote:
>On Wed, Aug 29, 2001 at 09:00:42AM -0400, Chris Nandor wrote:
>> Sklyarov violated federal law by reverse-engineering software.  If you
>> focus on the fact that he is a "whistleblower," then you just emphasize
>> that he did exactly what the DMCA is designed to prevent: discovering and
>> reporting of software flaws.
>
> Dmitry wrote his program in Russia, and he is Russian citizen.
> The world is not governed by U.S. federal law.

He was in the United States.  It is a bad law, but that doesn't change the
fact that he was in the U.S.  If I broke Russian law, I probably wouldn't
go to Russia.

--
Chris Nandor                      pudge@...    http://pudge.net/
Open Source Development Network    pudge@...     http://osdn.com/

* Dave Mitchell
| The logical extension to this analogy is that having noticed the
| door is open, we step just inside the room to have a quick look - to
| see whether the rightful occupant is in the room, or whether there's
| signs of anything wrong, etc.

In the recent case the looking-around was made more problematic IMHO
because the person took some photocopies of the papers on the table in
order to proof that the door indeed _was_ open.  The copies came not
flying out of the room right into his hands...

| [ Oh no - fors-discuss is heading for another analogy-fest ;-) ]

R', adding to it ;-)

Dave Mitchell wrote:
> merlyn@... (Randal L. Schwartz) wrote:
> > Going back to a parallel... if I wander by an open doorway that I
> > think should ahve been locked, am I permitted to call the supervisor
> > without being arrested for trespassing?
>
> The logical extension to this analogy is that having noticed the door is
> open, we step just inside the room to have a quick look - to see whether
> the rightful occupant is in the room, or whether there's signs of anything
> wrong, etc.

Or "to look if indeed this is the room we thought should be locked".


A couple of guys here in NL noticed a window to the bank open at night
when they were walking the dog. They notified the bank.

The bank says they will pay attention. However not much changes.  They
notified the bank again.

A couple of weeks, the window is dutifully closed.

Then one day the window is left open again.

Now they climb into the window, and take pictures to prove that it's
not just the toilet that they get acces to.

They get arrested after they report the banks mistakes.

			 Roger.

--
** R.E.Wolff@... ** http://www.BitWizard.nl/ ** +31-15-2137555 **
*-- BitWizard writes Linux device drivers for any device you may have! --*
* There are old pilots, and there are bold pilots.
* There are also old, bald pilots.

merlyn@... (Randal L. Schwartz) wrote:
> Going back to a parallel... if I wander by an open doorway that I
> think should ahve been locked, am I permitted to call the supervisor
> without being arrested for trespassing?

The logical extension to this analogy is that having noticed the door is
open, we step just inside the room to have a quick look - to see whether
the rightful occupant is in the room, or whether there's signs of anything
wrong, etc. At this point one of two scenarios happen.
First, someone appears out of nowhere and spots us in the room. Suitably
embarassed, we try to explain what we're doing. Depending on our stature,
we either get thanks, or arrested for attempted theft.

The second scenario is that after having had a quick scan of the office to
ensure everything is ok, we report it (mentioning the fact that we looked
inside), and again get thanked for our trouble or arrested.

The problem is that few people can resist the urge to 'have a quick look',
be it computers or corridors, and as soon as we do, we leave ourselves
reliant on colleagues/employers/juries making a value judgement about our
*intentions* rather than our actions.

And as we all know, 9 times out of 10 our colleagues say "thanks for
checking my office", and 9 times out of 10 they say "he's running crack
- call the police!". For some reason 'hacking' invariably receives the
worst of all possible interpretations. :-(

[ Oh no - fors-discuss is heading for another analogy-fest ;-) ]

* Dave Mitchell, Senior Technical Consultant
* Fretwell-Downing Informatics Ltd, UK.  Dave.Mitchell@...
* Tel: +44 114 281 6113.                The usual disclaimers....
*
* Standards (n). Battle insignia or tribal totems

print+qq&$}$"$/$s$,$*${$}$g$s$@$.$q$,$:$.$q$^$,$@$*$~$;$.$q$m&if+map{m,^\d{0\,},
,${$::{$'}}=chr($"+=$&||1)}q&10m22,42}6:17*2~2.3@3;^2$g3q/s"&=~m*\d\*.*g

>>>>> "Tom" == Tom Phoenix <rootbeer+fors-d@...> writes:

Tom> On Thu, 30 Aug 2001, David Keegel wrote:
>> getting legislators to focus more on intent (eg: requiring clear
>> mal-intent for computer crime offenses) seems a realistic goal.

Tom> I agree. But it won't be easy to accomplish, since I'm sure that most
Tom> legislators (judges, juries, reporters, columnists, employers) think that
Tom> "breaking in" to a computer shows sufficient "mal-intent" all by itself.
Tom> "After all", they'll say, "if you broke into my _home_, we wouldn't need
Tom> to show that you had evil intentions."

Tom> So, this has convinced me (and surely just about everyone on this list)
Tom> that we should look at the intent as well as the deed. But what can we say
Tom> to convince all of those other folks that the intent of West (Schwartz,
Tom> Sklyarov, you, me) was benign? Or not merely benign, but (in several
Tom> cases) with a helpful intent?

That's brilliant, Tom.  I hadn't seen it that way.

We need to show that "breaking in" is done by both white hats and
black hats.  That *is* different from the way it's done in the real
world.  We can design a lock, and test it in a lab, and then install
it in a door, and not test that door because we know the door is
correct.  But we can't build complex systems that way... we have to
field-test them, and field-test them repeatedly, because systems
change.

So one of the things that was probably missing in my defense case was
how frequently Crack had actually been run, and that this is a normal
(and Intel-mandated) tool.  And that sysadmins frequently run
assistance tests on each other's boxes, and sometimes discover and
report errors in setups even when it's not in their charter (like
Brian West) even without running formal tests.

Going back to a parallel... if I wander by an open doorway that I
think should ahve been locked, am I permitted to call the supervisor
without being arrested for trespassing?

What if when I push my garage door opener, expecting to open my door,
I also open the neighbor's door?  Should I be arrested for breaking
into my neighbor's house?  This is pretty close to what Brian West
did.  Will the jury/prosecutor understand?  Can we please not make it
illegal for our unintentional acts to be considered felonies?  Or even
our intentional acts performed on behalf of the owner to demonstrate
the flaw?

As an aside, does anyone have any connections to get to Brian?  I want
to talk to him about his defense strategy, and share notes.

--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@...> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

On Thu, 30 Aug 2001, David Keegel wrote:

> getting legislators to focus more on intent (eg: requiring clear
> mal-intent for computer crime offenses) seems a realistic goal.

I agree. But it won't be easy to accomplish, since I'm sure that most
legislators (judges, juries, reporters, columnists, employers) think that
"breaking in" to a computer shows sufficient "mal-intent" all by itself.
"After all", they'll say, "if you broke into my _home_, we wouldn't need
to show that you had evil intentions."

So, this has convinced me (and surely just about everyone on this list)
that we should look at the intent as well as the deed. But what can we say
to convince all of those other folks that the intent of West (Schwartz,
Sklyarov, you, me) was benign? Or not merely benign, but (in several
cases) with a helpful intent?

--
Tom Phoenix       Perl Training and Hacking       Esperanto
Randal Schwartz Case:     http://www.rahul.net/jeffrey/ovs/

] On Wed, 29 Aug 2001, Dave Sill wrote:
]
] > jasons@... wrote:
] >
] > >... We need a way to help the legal system show leniency when people
] > >were dumb versus being intentionally malicious.
] >
] > That's [why] we have judges and juries. Theoretically. In reality, as
] > we all know, the system doesn't always work the way it was supposed to
] > work.

Tom Phoenix wrote:
] But it's hard to explain technical issues (by definition), and it's
] especially difficult to explain them to legislators, prosecutors, judges,
] and juries. To these folks, there's no difference between what a cracker
] does and what Brian West did (or what Randal did, or Dmitry Sklyarov, or
] you, or me).

I agree with most of this thread.  But I don't think this is just
a problem of people not understanding technical issues.  I'd like
to go back to what Jason was saying.

I think an important part of this jigsaw is "intentionally malicious".
This is an issue which is not technical in nature, and its something
that the legal system has been looking at for hundreds of years - its
nothing new, except apparently in computer crime laws.  In my neck of
the woods, I believe the legal system calls it "criminal intent", YMMV.

If you try to get legislators, prosecutors, judges, and juries to
understand detailed technical issues, 90% of the time their eyes will
glaze over and you will get nowhere.  But the legal system already
understands phrases like "intentionally malicious", so getting
legislators to focus more on intent (eg: requiring clear mal-intent
for computer crime offenses) seems a realistic goal.

__________________________________________________________________________
  David Keegel <djk@...>  URL: http://www.cyber.com.au/users/djk/
Cybersource P/L: Unix Systems Administration and TCP/IP network management

On Wed, 29 Aug 2001, Dave Sill wrote:

> jasons@... wrote:
>
> >... We need a way to help the legal system show leniency when people
> >were dumb versus being intentionally malicious.
>
> That's [why] we have judges and juries. Theoretically. In reality, as
> we all know, the system doesn't always work the way it was supposed to
> work.

But it's hard to explain technical issues (by definition), and it's
especially difficult to explain them to legislators, prosecutors, judges,
and juries. To these folks, there's no difference between what a cracker
does and what Brian West did (or what Randal did, or Dmitry Sklyarov, or
you, or me).

It isn't that these people aren't smart. But they have trouble seeing (or
believing) that someone who _does_ understand these technical issues could
be that dumb, even for a moment.

In related news, Bruce Schneier recently wrote:

     The Internet is a new and strange place to lawmakers. [...] The
     punishments do not fit the crimes. In the 1800s in the American West,
     stealing horses was often punished by death. The extreme punishment
     was because horses were so important to society, and people would not
     tolerate the disruption. The Internet is becoming increasingly
     important to industrialized society, and I worry that this kind of
     extreme punishment will continue.

         http://www.counterpane.com/crypto-gram-0108.html

We need to keep reminding ourselves and others in our field not to be
mistaken for horse thieves, and to keep educating folks outside our field
that merely looking at a horse doesn't mean that we're stealing it.

--
Tom Phoenix       Perl Training and Hacking       Esperanto
Randal Schwartz Case:     http://www.rahul.net/jeffrey/ovs/

jasons@... wrote:

>... We need a way to help the legal system show leniency when people
>were dumb versus being intentionally malicious.

That's what we have judges and juries. Theoretically. In reality, as
we all know, the system doesn't always work the way it was supposed to
work. And then there's the mandatory sentencing that takes discretion
away from prosecutors and judges.

-Dave

"Chris Nandor" <yahoo@...> writes:

> At 05:26 -0700 2001.08.29, merlyn@... wrote:
> >We need to move.  We need to provide safe harbor for whistleblowers!
>
> None of these cases are about the simple process of whistleblowing.
>
> So anyway, people are not being prosecuted for whistleblowing, they are
> being prosecuted for clear violations of the law.  Sklyarov broke a bad
> law, one we should fight to overturn.  West dumbly broke a reasonable law,
> and should be shown a great deal of leniency.

Good points Chris.

What about some kind of 'Code of Conduct' that suggests reasonable
behaviour in light of security flaws? This could help illumnitate the
gray area between suspicious but cracker-like behavior and suspicious
but samaritan-like behavior.

Attending Randall's JACPH's would be best, education is always best,
but in some sense people will always be dumb and allow their
curiousity to have them do things. We need a way to help the legal
system show leniency when people were dumb versus being intentionally
malicious.

jas.

At 05:26 -0700 2001.08.29, merlyn@... wrote:
>We need to move.  We need to provide safe harbor for whistleblowers!

None of these cases are about the simple process of whistleblowing.

Sklyarov violated federal law by reverse-engineering software.  If you
focus on the fact that he is a "whistleblower," then you just emphasize
that he did exactly what the DMCA is designed to prevent: discovering and
reporting of software flaws.

West didn't merely blow a whistle; he downloaded files that he had no right
to download, and he did so knowingly.  His intentions may have been pure (I
have no reason to doubt them); but he should have gone to one of your JACPH
talks.  Breaking the law (theft) is not a good way to tell people their
system is insecure.  He should have known better.

What needs to happen with West is twofold: we need to educate people on the
Right and Wrong ways to notify people of security holes (OK, maybe there is
no Right way, but the way he did it was certainly Wrong); and we need to
treat people who screw up as he did with leniency (since it is clear from
his actions he had no intention of doing anything wrong; if he had such
intentions, he never would have notified them).

So anyway, people are not being prosecuted for whistleblowing, they are
being prosecuted for clear violations of the law.  Sklyarov broke a bad
law, one we should fight to overturn.  West dumbly broke a reasonable law,
and should be shown a great deal of leniency.

--
Chris Nandor                      pudge@...    http://pudge.net/
Open Source Development Network    pudge@...     http://osdn.com/

See <http://www.salon.com/tech/feature/2001/08/29/west/>,
"How do you fix a leaky net?".

This stuff scares me.  And this is a federal case of felony-charging a
whistleblowing Good Samaritan who has no confusing contra-indications
(as some have argued about my case).

We need to move.  We need to provide safe harbor for whistleblowers!

How many more Brian West's and Dmitry's do we need to prove this point?

--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@...> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

Interesting parallels to my own ongoing case found in comp.risks:

     Date: Sat, 25 Aug 2001 10:12:13 PDT
     From: "Peter G. Neumann" <neumann@...>
     Subject: Follow-up on Oklahoma whistleblower

     Sheldon Sperling <Sheldon.Sperling@...>, the U.S. Attorney in the
     Brian K. West case, has responded to various e-mail protests on his handling
     of the case.  He claims that West was not arrested and has not been charged.
     However, an investigation is pending, to determine whether West
     "intentionally accessed a computer without authorization or exceeded
     authorized access (to access a computer with authorization and to use such
     access to obtain or alter information in the computer that the accesser is
     not entitled so to obtain or alter), (2) whether the employee thereby
     obtained information from a protected computer (a computer which is used in
     interstate or foreign commerce or communication), and (3) whether the
     conduct involved an interstate communication.  18 USC 1030."  [The full
     statement from Sperling is included in a message from Declan McCullagh,
     which is accessible at http://www.politechbot.com/ .]

     I have noted in this space before that when there is no security in place,
     the alleged culprit cannot have exceeded authority when no authority is
     implied.  As long-time RISKS readers will recall, this issue came up
     relating to the trial of Robert Tappan Morris: in 1988, the Internet worm
     never exceeded authority, because no authority was required to use the
     sendmail debug option, to use the .rhosts mechanism, to execute the finger
     daemon, or to read an unprotected encrypted password file.  I wonder how
     if prosecutors will ever figure this out!

     As long as we attempt to shoot the messenger and hide lame security behind
     overly broad laws, weak security will prevail, and whistleblowers will be
     much rarer than glassblowers.  (For example, DMCA is among other things an
     attempt to outlaw whistleblowers.)

See http://www.macintouch.com/newsrecent.shtml for the longer story.

We must get laws off the books that punish people trying to do good.

We need the equivalent of the "Good Samaritan" protection already
granted in other circumstances.

What can we do to get this into the heads of the legislators and
judicial decision makers?

--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@...> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

As a humorous account, my buddy Harry wrote the following text
in response to a posting in pdx.singles asking what I did.

Just passing it along for a bit of humor -- it doesn't get all the
facts straight, so I'm not endorsing this as canonical, mind you.

==================== snip

>I've already said that I'm socially ignorant in a previous posting at one
>time, but can someone please tell me what exactly happened in 1995?  I
>remember hearing something about it, but I don't remember exactly what all
>happened....  ?

I realize you were still in elementary school. :)  But here goes:

Once upon a time a big rich company thought it might not be very
secure in how it handled it's computers. so they went out into the
forrest (silicon forrest)  and found a Wizard who kindly said he would
come and help the Large, rich, wealthy and entirely stupid Company- to
secure or at least restrict the un-lawful use of their company
computers. He worked and cast spells and removed demons and worked
potions until he thought he had gathered together all the loose ends
the Big Wealthy company had just left lying around so that any Evil
Dwarf might steal them. Then, in an effort to make sure he had gotten
them all, the kindly Wizard cast a spell and created a Homunculus that
he gave the power to try and get in past his spells and Potions. This
it did. and it tried and it tried and it tried and the potions and
spells logged all these attempts and the Wizard cast new spells and
new Potions were made. And the Homunculus tried again and again.
All was going good until the companies Department head thought to
himself, if the wizard does real well I might be out of a job? So he
went searching for signs that the Wizard was using BLACK MAGIC to cure
the problem. Sure enough, the Homunculus looked a great deal like a
BLACK MAGIC program once written by an EVIL DWARF!
So the Department head screamed in his bosses ear, the wizard is a
BLACK MAGICIAN he shall surely bring information to our enemies.
But the truth was, the Wizard was a kindly and thoughtful Wizard. He
just wasn't thinking about the paranoia that runs in Persons of Power
Positions known as Department Heads.
So, the Thought Police came and told the Wizard- Go out from here oh
iniquitous one and sojourn far from this place. And the Wizard said,
sure. Then, when he had cleaned out his desk, he thought, oh no, I
forgot to clear off all my spells and Potions and to put the
Homunculus to sleep. So he did a few spells and incantations from his
Home and cleared up his work.  But the Department Head had put HIS
incantations on the Company and saw the workings of the Kindly Wizard.
He flew into a rage and cried aloud -"Even from home he doth try to
take my job!" and smote his breast and tore out his hair. Then he
rushed with the evidence of the Kindly Wizards workings from home to
the Head of the Security department who took it to the FBI a large
organization of Buffoons and Clowns who think they know much, but also
can't find their ass with both hands (just ask Mr. Cooper of Peru).
And they thought, AH HA! We shall make an example of this Wizard so
that no other Wizard shall dare to do what he has done. So they
Arrested him, charged him and tried and convicted him on charges that
most Judges couldn't understand, much less figure out if what he had
done was illegal. But Convicted he was and the FBI was happy, the
Security Chief was happy, the Department Head was happy (till he lost
his job) and the company found a way to keep from paying it's fees to
the Wizard, who lost lots of money, personal status, and now carries a
tag calling him a Felon. But for all this trouble, the kindly wizard
made lots of friends who think him the best of all Kindly Wizards.
The Company still has enough holes to make a Swiss cheese envious and
the FBI still can't find it's ass with both hands, even when the NSA
(another large ineffectual organization which spends lots of money
without showing anything for it) Helps out.
The Moral of this story:
When you become a true Wizard oh little Apprentice, get it in writing
what the Big, Wealthy Company is paying you to do and what you have
permission to do to make them secure. Oh, And learn to tell Department
managers to go fuck themselves.

--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@...> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

>Larryo wrote:

>> As I understood it, the court held that we should have had an opportunity to
>> contest the outside attorney fees claim, and the case was remanded to the
>> trial court for a rehearing on that issue.
>
>> The C of A seems to have ignored the larger issue about the restitution
>> order in toto, the effect of which is probably to affirm what was done in
>> the trial court.   Whether we can revisit that issue at this juncture,
>> without an appeal to the Supreme Court, is problematic.

Steve wrote:

>The decision sez,
>
>"Restitution order reversed and remanded for reconsideration; otherwise
>affirmed."
>
>To me this means that the whole amount of the restitution was thrown back to
>the trial court; i.e. even though the restitution amount was justified by
>itemizing costs of different kinds, there is no separate "order" for Randal to
>pay outside attorneys' fees.
>
>It would be odd if this principle of "necessity" cited by the appeals court
>only applied to attorneys' fees.  The point of restitution is to compensate a
>victim for actual costs.  Without a necessity test, such as a chance for the
>defense to counter, the victim can throw in whatever they can get the court to
>approve.
>
The problem is that the entire section on that assignment of error must be
read, not just the mandate.  The court said that we had raised several
questions about the restitution order but that only one required discussion.
That can easily be read to mean that the rest of the questions we raised are
without merit, and I can assure you with some certainty that Bonebrake will
read it exactly that way.

There is a latin phrase in the law for that:  The C of A is said to have
affirmed what the trial court did "sub silentio," which translates as "under
silence" or "without any notice having been taken."

Unless we persuade the Supreme Court to review the decision, Bonebrake will
simply address that portion of the restitution order regarding outside
attorney fees and reaffirm the balance of the restitution decision.

Parenthetically, this decision becomes more and more apparently outrageous
the more often that I read it.  Look at the use of the definition of "take,"
for example.  Does the court not presuppose that the password file was
*moved,* as opposed to *copied,* notwithstanding that they KNOW that it was
only copied?

And does this whole discussion not ignore the element, which the state
should have had to prove BRD, of the intent to deprive the owner thereof?

I mean, was there any evidence that he appropriated the password file to
himself or a third person?  No.  He copied it from one Intel computer to
another *and then went off to teach a class.*

I am just appalled!!

LarryO

Larryo wrote:

> >>>>>> "boerio" == boerio  <boerio@...> writes:
> >
> >boerio> Does this mean that the restitution that Randal was told to
> >boerio> pay no longer needs to be paid?  At least, that's how I read
> >boerio> this.  It would be cool if it were true.
>
> Randal wrote:
>
> >* Please note that the following is based on a cursory examination of
> >* the document in question, and is merely my understanding.  My
> >* lawyers may later tell me something different.
> >
> >No, it means that unless we appeal this decision, the only action that
> >will be taken is a hearing to re-visit the restitution amount.  The
> >only amount in contest is the amount paid by Intel to outside
> >lawyers. The appellate court found that it was not reasonable for
> >Intel to claim fees paid to outside lawyers, since Intel has an
> >internal counsel, and also had the district attorney to offer
> >consultation regarding criminal activity.  I don't have my notes in
> >front of me, but I believe this amount was less than $10,000 of the
> >$67,471.45 I paid for restitution, so it's a very minor "win" in that
> >sense.
>
> As I understood it, the court held that we should have had an opportunity to
> contest the outside attorney fees claim, and the case was remanded to the
> trial court for a rehearing on that issue.

> The C of A seems to have ignored the larger issue about the restitution
> order in toto, the effect of which is probably to affirm what was done in
> the trial court.   Whether we can revisit that issue at this juncture,
> without an appeal to the Supreme Court, is problematic.

The decision sez,

"Restitution order reversed and remanded for reconsideration; otherwise
affirmed."

To me this means that the whole amount of the restitution was thrown back to
the trial court; i.e. even though the restitution amount was justified by
itemizing costs of different kinds, there is no separate "order" for Randal to
pay outside attorneys' fees.

It would be odd if this principle of "necessity" cited by the appeals court
only applied to attorneys' fees.  The point of restitution is to compensate a
victim for actual costs.  Without a necessity test, such as a chance for the
defense to counter, the victim can throw in whatever they can get the court to
approve.

-- SP





>
> "Once in awhile you get shown the light  in the strangest of places
>  if you look at it right."                           (Hunter/Garcia)
>
> LarryO
>
>
>
>
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
>
>

>>>>>> "boerio" == boerio  <boerio@...> writes:
>
>boerio> Does this mean that the restitution that Randal was told to
>boerio> pay no longer needs to be paid?  At least, that's how I read
>boerio> this.  It would be cool if it were true.

Randal wrote:

>* Please note that the following is based on a cursory examination of
>* the document in question, and is merely my understanding.  My
>* lawyers may later tell me something different.
>
>No, it means that unless we appeal this decision, the only action that
>will be taken is a hearing to re-visit the restitution amount.  The
>only amount in contest is the amount paid by Intel to outside
>lawyers. The appellate court found that it was not reasonable for
>Intel to claim fees paid to outside lawyers, since Intel has an
>internal counsel, and also had the district attorney to offer
>consultation regarding criminal activity.  I don't have my notes in
>front of me, but I believe this amount was less than $10,000 of the
>$67,471.45 I paid for restitution, so it's a very minor "win" in that
>sense.

As I understood it, the court held that we should have had an opportunity to
contest the outside attorney fees claim, and the case was remanded to the
trial court for a rehearing on that issue.

The C of A seems to have ignored the larger issue about the restitution
order in toto, the effect of which is probably to affirm what was done in
the trial court.   Whether we can revisit that issue at this juncture,
without an appeal to the Supreme Court, is problematic.

"Once in awhile you get shown the light  in the strangest of places
  if you look at it right."                           (Hunter/Garcia)

LarryO

] Can someone clarify something for me here ... near the top of the appeals
] court review is the following text:
]
]  Restitution order reversed and remanded for reconsideration; otherwise
]  affirmed.
]
]  Defendant appeals from a judgment of conviction of three counts of
]  computer crime. ORS 164.377. We reverse the order of restitution, but
]  otherwise we affirm.
]
] Does this mean that the restitution that Randal was told to pay no longer
] needs to be paid?  At least, that's how I read this.  It would be cool if
] it were true.

I'm no lawyer, but my reading of this is that the Court thinks Randal
has a point:
    He contends that $8,779.45 in attorney
    fees incurred by Intel should not have been included in the
    restitution amount that he was required to pay.

    ... specifically whether it was "reasonable and necessary" for
    Intel to retain outside counsel to advise it when it could have more
    cheaply obtained the same advice from its in-house counsel or from the
    District Attorney.

I'm slightly more optimistic than Randal on what happened, I read it
as saying that the burden of proof on the $8,779.45 now lies with the
State, Intel and the Trial Court.

So if they want to collect that $9k as well as the other restitution,
Intel & the State would need to go back to the Trial Court and prove
it was appropriate, after this time giving Randal the chance to argue
that Intel hiring outside counsel was not necessary, so he shouldn't
have to pay for it.


Another interesting (but subtle) facet of the judgement is
    The state observes that ORS 164.377(3) criminalizes alteration
    of a computer only when a person KNOWS that he or she is without
    authorization.

    Confronted with
    the phrase "without authorization," a potential violator of ORS
    164.377(3) would be reasonably certain that he or she would run afoul
    of that prohibition by doing something to a computer in violation of
    the policy of the company that owned the computer without having
    sought permission for an exception to the policy.

This suggests that there was a burden of proof on the State to show
that Randal did know at the time that he was "without authorization"
on counts 2 and 3.  Or it sounds like that is what the Appeal Court
would expect to happen at trial.

I suggest that there is a significant difference between:
	 Randal knew that he was without authorization
and
	 Randal did not know that he had authorization

The first case would mean Randal knew he was doing something bad,
and the second case would apply if Randal didn't know what Intel
would think about his actions.

Is it too late now to argue that
	 Randal did not know that he was without authorization
on the basis that at the time Randal was unclear exactly what he
was authorized to do and what was unauthorized?

This wouldn't get very far on count 1 (Randal was informed about
company policy at the time), but might be useful for counts 2 & 3.
Unless someone told Randal beforehand that he was not allowed to
run crack, copy password files from SSD, etc.

__________________________________________________________________________
  David Keegel <djk@...>  URL: http://www.cyber.com.au/users/djk/
Cybersource P/L: Unix Systems Administration and TCP/IP network management

>>>>> "boerio" == boerio  <boerio@...> writes:

boerio> Does this mean that the restitution that Randal was told to
boerio> pay no longer needs to be paid?  At least, that's how I read
boerio> this.  It would be cool if it were true.

* Please note that the following is based on a cursory examination of
* the document in question, and is merely my understanding.  My
* lawyers may later tell me something different.

No, it means that unless we appeal this decision, the only action that
will be taken is a hearing to re-visit the restitution amount.  The
only amount in contest is the amount paid by Intel to outside
lawyers. The appellate court found that it was not reasonable for
Intel to claim fees paid to outside lawyers, since Intel has an
internal counsel, and also had the district attorney to offer
consultation regarding criminal activity.  I don't have my notes in
front of me, but I believe this amount was less than $10,000 of the
$67,471.45 I paid for restitution, so it's a very minor "win" in that
sense.

--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@...> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

Can someone clarify something for me here ... near the top of the appeals
court review is the following text:

	 DEITS, C. J.

	 Restitution order reversed and remanded for reconsideration; otherwise
	 affirmed.

	 DEITS, C. J.

	 Defendant appeals from a judgment of conviction of three counts of
	 computer crime. ORS 164.377. We reverse the order of restitution, but
	 otherwise we affirm.

Does this mean that the restitution that Randal was told to pay no longer
needs to be paid?  At least, that's how I read this.  It would be cool if
it were true.

      - Jeff

] Seven years after my arrest, and nearly six years after my conviction,
] and almost two years after our Appeals Court argument presentation,
] the Oregon Appeals court has filed their decision on 4 Apr 2001.
] Here's the summary from the newsletter... the referenced URL is the
] full text of the decision.
]
]     State v. Schwartz (CA A91702)
]
]     http://www.publications.ojd.state.or.us/A91702.htm
]

The Court seemed to be hinting that while it didn't think the statute
was "vague", another avenue would be to suggest that it was "over-broad"
``
    Defendant does not argue that ORS 164.377(3) is unconstitutionally
    overbroad because it reaches speech protected by Article I, section 8.
''

Hmm, interesting.  Let's see where this takes us.

I want to send a message to my friend, John Public <john@...>.
It's about what I think of a movie I saw yesterday.  So I compose an
email and send it.  It is transmitted to Oregon ISP's mail server,
which appends my message into /var/mail/john.

Now ORS 164.377(3) says
      "Any person who knowingly and without authorization alters, ...
       any computer ... or any data contained in such computer, ...,
       commits computer crime."

Did I alter the data contained in an Oregon ISP computer?  Yes, the
file /var/mail/john was altered.  Did I knowingly alter that data?
Well, I wanted my e-mail transmitted to John Public's mailbox, so I
guess so.  Did I have authorization from Oregon ISP to do that?  No.

Oops, looks like I broke Oregon law.

Now, suppose I was a US citizen.  What does this do for my right to
freedom of speech?  I'm expressing my personal opinions to another
US citizen who wants to hear what I have to say.

But this law stops me from exercising my First Amendment rights, unless
I first get permission from John's ISP.  And how do I get authorization?
E-mailling postmaster@... would cause the same problem.

Now let's look at another scenario.

I set up an account with www.oregon-web-mail.com to maintain a mailbox
for me at their facilities in Oregon.  Later I get sent an e-mail from
a spammer to that mailbox.

Now I can point Oregon law enforcement at the spammer (assuming I can
find the spammer's real details), and tell them to prosecute the spammer
for violation of ORS 164.377(3).  The spammer didn't get authorization
from oregon-web-mail.com to alter my mailbox there.

I don't even need to live in Oregon to do this, as long as my mailbox
is in Oregon.

Maybe this ridiculously stupid statute has a silver lining after all.
At least by targetting almost everyone who interacts with someone else's
computer, it can also be used against spammers.

__________________________________________________________________________
  David Keegel <djk@...>  URL: http://www.cyber.com.au/users/djk/
Cybersource P/L: Unix Systems Administration and TCP/IP network management

Seven years after my arrest, and nearly six years after my conviction,
and almost two years after our Appeals Court argument presentation,
the Oregon Appeals court has filed their decision on 4 Apr 2001.
Here's the summary from the newsletter... the referenced URL is the
full text of the decision.

     State v. Schwartz (CA A91702)

     http://www.publications.ojd.state.or.us/A91702.htm

     AREA OF LAW: EVIDENCE

     Defendant appeals from a judgment of conviction of three counts
     of computer crime. ORS 164.377. Defendant worked as an
     independent contractor for Intel Corporation and was charged with
     computer crime after he copied passwords and a password file from
     Intel computers onto his computer. He appeals the trial court's
     decision.  Held: (1) Even assuming that the search warrant or its
     execution involved illegal police conduct, defendant's statements
     were not obtained by exploitation of any such conduct and
     consequently were properly admitted. (2)Parties are not entitled
     to present evidence of "legislative facts" as a matter of right.
     (3) The computer crime statute, ORS 164.377(3), is not
     unconstitutionally vague, because a potential violator or
     enforcer of the statute can be reasonably certain what conduct it
     prohibits. (4) Because the state presented sufficient evidence to
     prove that defendant took the property of another for the
     purposes of theft, ORS 164.377(2)(c), the trial court did not err
     in denying defendant's motion for judgment of acquittal. (5) To
     be properly included in a restitution award, attorney fees must
     be reasonable and necessary pecuniary damages. (6) Defendant was
     not entitled to merger of his convictions on counts two and
     three, because the acts that formed the basis for each violation
     were separated by a "sufficient pause" to allow defendant to
     renounce his criminal intent. Restitution order reversed and
     remanded for reconsideration; otherwise affirmed.

As you can tell by that last statement, it's not the news I was
looking for, and that quite frankly I'm very disappointed and sad.

I'm working with my legal team now to lay out my options and determine
the appropriate response.  I won't be able to comment on that until
things are final.

[Steve Pacenka - can you copy this text and the corresponding URL text
to the FORS site?  Thanks.]

--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@...> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

If you're seeing this (and I bet you are!), then we've successfully
moved you from the old Teleport hosting of this list to the
Yahoo!Groups (formerly egroups.com) hosting.

I'm sad to see Teleport go.  I've been with Teleport since it was a
small machine in the back of Jim Deibele's "TechBook" technical book
store.  Jim and I became acquainted when I needed an email-savvy
bookstore to provide dual-autographed copies of the first Camel book
in winter 1990.  He offered to take orders, both by phone and by
email, and ship them at $40/copy, and got many takers during those
first few years.  His BBS machine became one of the first
public-access ftp/telnet-capable machines in the area, offering Unix
dialup shell accounts to whomever put up the $10/month.  Later, that
became PPP accounts, and then over the years, Techbook grew up to be
Teleport, the largest ISP in the Pacific Northwest, with something on
the order of 30,000 subscribers, but still operated by Jim and an able
staff.

Last year, Jim sold the operation to OneMain, and OneMain is not in
the Unix shell game, so we shell users started counting the days.  One
by one, services that Jim had established got ripped down, and as of
two months ago, the mailing list machine was gone.  Last month,
the Unix Shell machine was also turned off... the end of an era.

In the midst of this, OneMain got bought out by Earthlink, confusing
the support issues even further, so even though I've paid for some
sort of access until I think July of this year, I can't even get them
to recognize my password any more, so there's a bunch of files sitting
on the disk that I cannot reach, and a bunch of email sent to
merlyn@... that I'll probably never see.

Those of you following my case closely also recognize Jim as one of
the witness in my trial, since it was the "techbook" break-in that got
me thinking about how I hadn't yet played with Crack v.4.  And Jim's
"thank you" mail spurred me on to look around at how else I could
help, since I already had Crack running on a fairly unloaded machine.

So, "techbook -> teleport -> onemain -> earthlink" is no longer
hosting this list.  We old-timers mourn its passing, and wish the best
of luck to Jim in wherever his money and desire is now taking him.

For the FORS-relevant section of this posting, check out the
Slashdot thread at

<http://slashdot.org/comments.pl?sid=01/03/13/208259&threshold=-1&commentsort=3&\
mode=nested&cid=42>

and feel free to comment there or here about it.

I have some other things to say about the ongoing case, but I'll save
it for another post.

Your list nanny, and subject of occasional discussion,
Randal

--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@...> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

> Actually, this is taking much longer than expected.

As I remember, this Appeals Court severely restricted the
length of the brief that could be filed, to the extent that
some excellent grounds of appeal had to be actually
omitted.  That position of the Appeals Court, already
preposterous, is entirely inconsistent with the time they
are taking.

Cheers!

Jeffrey Kegler

---
You are currently subscribed to fors-discuss as:
ListSaver-of-fors-discuss@...
To unsubscribe send a blank email to leave-fors-discuss-23114F@...

>Still no word on the appeal, after 14 months.  My lawyers have
>suggested to me in the past (if I understand them correctly) that a
>quick decision in this case would work to my detriment, because the
>constitutional issues take a long time to research properly.  So, the
>fact that it's been a long time, while frustrating, is actually a good
>thing, methinks.
>
Actually, this is taking much longer than expected.  I don't know whether
it's good or bad.  That search warrant affidavit stank - I don't like it
taking this long to figure that out.

LarryO


---
You are currently subscribed to fors-discuss as:
ListSaver-of-fors-discuss@...
To unsubscribe send a blank email to leave-fors-discuss-23114F@...

Very nice 16-page article on "Perl Whirl 2K", where I was mentioned
about 80 times in the article (including a nice picture), and a few
paragraphs on the ongoing case, including a mention of the "Friends of
Randal Schwartz" website.

Just hit the stands.  Bought five copies for my mother. :) Online in a
few weeks as well.

Mmmm.  Popular press coverage. :)

Also, we've now passed another milestone.  I'm now no longer
on either supervised *or* bench probation, as of September 10th.
This being *five years* since I was sentenced.

Still no word on the appeal, after 14 months.  My lawyers have
suggested to me in the past (if I understand them correctly) that a
quick decision in this case would work to my detriment, because the
constitutional issues take a long time to research properly.  So, the
fact that it's been a long time, while frustrating, is actually a good
thing, methinks.

As always, keep spreading the word.  I'm looking for more
opportunities to give JACPH talks and get press, so if you can hook me
up, lemme know.

--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@...> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

---
You are currently subscribed to fors-discuss as:
ListSaver-of-fors-discuss@...
To unsubscribe send a blank email to leave-fors-discuss-23114F@...

A story on "convicted hackers" on slashdot today prompted me to post a
reply, which has gotten some interesting followup.

Check it out, or add to the discussion, starting at:

         http://slashdot.org/article.pl?sid=00/09/02/1733212

Thanks.

--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@...> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

---
You are currently subscribed to fors-discuss as:
ListSaver-of-fors-discuss@...
To unsubscribe send a blank email to leave-fors-discuss-23114F@...

------- Forwarded Message

Return-Path: <owner-policy-posts@...>
Received: from dont.panix.com (dont.panix.com [166.84.0.211])
	 by am-dew.nevada.edu (8.8.8/8.8.8) with ESMTP id RAA31719;
	 Mon, 22 May 2000 17:38:18 -0700 (PDT)
Received: from localhost (localhost [[UNIX: localhost]])
	 by dont.panix.com (8.8.8/8.8.8/PanixLC1.6) id KAA18465
	 for policy-posts-outgoing; Mon, 22 May 2000 10:50:21 -0400 (EDT)
Received: from mail1.panix.com (mail1.panix.com [166.84.0.212])
	 by dont.panix.com (8.8.8/8.8.8/PanixLC1.6) with ESMTP id KAA18455
	 for <policy-posts@...>; Mon, 22 May 2000 10:50:19 -0400 (EDT)
Received: from 166.84.0.204 (web7.panix.com [166.84.0.204])
	 by mail1.panix.com (Postfix) with SMTP id 3460431287
	 for <policy-posts@...>; Mon, 22 May 2000 10:50:19 -0400 (EDT)
From: info@...
To: policy-posts@...
Subject: Policy Posts 6.11: Senate Internet Crime Bill on a Fast Track
Message-Id: <20000522145019.3460431287@...>
Date: Mon, 22 May 2000 10:50:19 -0400 (EDT)
Sender: owner-policy-posts@...
Precedence: bulk
Reply-To: info@...
Status:


CDT POLICY POST Volume 6, Number 11 May 22, 2000

A BRIEFING ON PUBLIC POLICY ISSUES AFFECTING CIVIL LIBERTIES ONLINE
from
THE CENTER FOR DEMOCRACY AND TECHNOLOGY

CONTENTS:

(1) Senate Bill Would Make Federal Offenses of Minor Computer Abuses
(2) Assistance to Foreign Governments; Expanded forfeiture and Wiretap
Authority
(3) Other Provisions in S. 2448: Satellite Viewing; Notice and Opt-out; Spam
(4) Extending Pen Register Surveillance to the Internet


________________________________________________________________

(1) SENATE BILL WOULD MAKE FEDERAL OFFENSES OF MINOR COMPUTER ABUSES

Legislation on a fast track in the Senate would make minor computer hacking
a federal felony, investigated by the FBI and the Secret Service. The bill
is S. 2448, the "Internet Integrity and Critical Infrastructure Protection
Act." It was introduced by Sen. Orrin Hatch (R-UT), chairman of the Senate
Judiciary Committee, and Sen. Charles Schumer (D-NY).

Procedural posture: The Senate Judiciary Committee had actually scheduled
the bill for a vote on May 18. That was put off one week, to Thursday,
May 25. The Committee is also considering holding a hearing on May 24 or
25, with a witness list at present heavily weighted with current and former
law enforcement officials.

S. 2448 was introduced before the recent "love bug" virus hit computers
worldwide, and has no relevance to that or other recent viruses and attacks,
all of which, including the Melissa virus and the denial of service attacks
in February, were already federal felonies, even when created and launched
from overseas.

The main effect of S. 2448's criminal provisions would be to extend federal
jurisdiction over minor computer abuses not previously thought serious
enough to merit federal resources. Currently, federal jurisdiction exists
for some computer crimes only if they result in at least $5,000 of aggregate
damage or cause especially significant damage, such as any impairment of
medical records, or pose a threat to public safety. Any virus affecting more
than a few computers easily meets the $5,000 threshold. S. 2448 would
eliminate the $5,000 threshold.

Specifically, the bill would make it a felony to send any transmission
intending to cause damage or to intentionally access a computer and
recklessly cause damage, punishable for up to 3 years in prison, even if
the damage caused is negligible. In addition, the bill would make it a
misdemeanor to intentionally access any computer and cause damage, even
unintentional damage, again regardless of the extent of such damage. Also,
for certain hacking offenses, the maximum punishment would be doubled
from 5 years to 10 for first offenses.

Among the conduct that would become a federal crime under S. 2448:

*     a private sector employee snoops without authorization on a
       co-worker's computer and accidentally deletes a file or a message;

*     a teenage hacker modifies a friend's vanity Web page as a joke.

S. 2448 is available at
http://thomas.loc.gov/cgi-bin/query/z?c106:S.2448.IS:

CDT will be posting additional information about S. 2448 at our new
Cyber Security page, http://www.cdt.org/security/.


_______________________________________________________________

(2) S. 2448 AUTHORIZES ASSISTANCE TO FOREIGN GOVERNMENTS; EXPANDS
FORFEITURE AND WIRETAP AUTHORITY

Another part of S. 2448 permits the US Attorney General to provide
computer crime evidence to foreign law enforcement authorities "without
regard to whether the conduct investigated violates any Federal computer
crime law." It is unclear whether this expands the Justice Department's
investigative authority to investigate lawful conduct in the US at the
request of foreign governments.

Other criminal law sections of S. 2448 would --

*     amend the forfeiture law in ways that could result in seizure by
       the government of the house in which sat a computer used in
       hacking;

*     expand the authority of the US Secret Service to investigate
       computer crimes;

*     expand wiretap authority by making all computer crimes a predicate
       for wiretaps, a change that would be especially sweeping in light
       of the provisions extending the federal computer crime law to fairly
       insignificant criminal conduct.

________________________________________________________________

(3) OTHER PROVISIONS IN S. 2448: SATELLITE VIEWING; NOTICE AND
OPT-OUT; SPAM

S. 2448 contains several provisions that its sponsors labelled privacy
protections, although they would do little to advance privacy. The
bill would --

*     prohibit satellite TV service providers from disclosing information
       about their customers and their viewing habits unless the customers
       have affirmatively agreed ("opted-in") to such sharing. A large
       exception, however, allows disclosure to the government without
       notice and an opportunity to object, thereby giving satellite TV
       viewers less protection than existing federal law affords to cable
       TV subscribers.

*     require commercial Web sites to give visitors notice of data
       collection and sharing practices and the opportunity to opt-out.

*     make fraudulent access to personally identifiable information a
       crime - a provision that overlaps with current identity theft and
       fraud provisions in 18 USC sec. 1029, and that may also cover
       commercial collection of data.

*     make it a crime to send spam advertisement with falsified Internet
       domain name, header information, date or time stamp, originating
       email address, or other identifier.


_______________________________________________________________

(4) EXTENDING PEN REGISTER SURVEILLANCE TO THE INTERNET

If the Senate Judiciary Committee does take up S. 2448, it could serve as
the vehicle for other Internet crime and surveillance amendments. For
example, Sen. Schumer has introduced another bill that extends government
surveillance authority over the Internet in broad and ill-defined ways.

The second Schumer bill, S. 2092, focuses on pen registers, which collect
the numbers dialed on outgoing calls, and trap and trace devices, which
collect the phone numbers identifying incoming calls. These surveillance
devices have long been used by law enforcement in the plain old telephone
world. Because they are not supposed to identify the parties to a
communication nor whether the communication was even completed, the standard
for approval of a pen register is very low: the law provides that a judge
"shall" approve any request by the government that claims the information
sought is "relevant" to an investigation. This really says that the court
must rubber stamp any government request.

The pen register and trap and trace statute only applies to the numbers
dialed or otherwise transmitted on the telephone line to which the device
is attached. S. 2092 would extend the pen register and trap and trace
authority to all Internet traffic. It does so with very broad terminology,
stating that the pen register can collect "dialing, routing, addressing or
signaling information," without further definition.

S. 2092 also would give every federal pen register and trap and trace order
nationwide effect, without limit and without requiring the government to
make a showing of need, creating a sort of "roving pen register."

CDT's analysis of S. 2092 is at
http://www.cdt.org/security/000404amending.shtml


_____________________________________________________________


Detailed information about online civil liberties issues may be found at
http://www.cdt.org/.

This document may be redistributed freely in full or linked to
http://www.cdt.org/publications/pp_6.11.shtml.

Excerpts may be re-posted with prior permission of ari@...

Policy Post 6.11 Copyright 2000 Center for Democracy and Technology

- ---------------------------------------
CDT Policy Post Subscription Information

To subscribe to CDT's Policy Post list, send mail to majordomo@... In
the BODY of the message type "subscribe policy-posts" without the quotes.

To unsubscribe from CDT's Policy Post list, send mail to majordomo@...
In the BODY of the message type "unsubscribe policy-posts" without
the quotes.

Detailed information about online civil liberties issues may be found at
http://www.cdt.org/

------- End of Forwarded Message


---
You are currently subscribed to fors-discuss as:
ListSaver-of-fors-discuss@...
To unsubscribe send a blank email to leave-fors-discuss-23114F@...

I got the word from Marc Sussman (my lawyer) today that Judge Bonebrake
has granted my request to be transferred from supervised probation
to "bench probation".

For the first time since I was released on bail in late March 1994, I
am now free to leave Oregon, for any reason, without getting
permission from the government.

Tonight, I plan on driving across the bridge to Vancouver, Washington,
and take a digital picture of me standing in front of the "welcome to
Washington" sign, as soon as the outbound traffic dies down.

On the appeal front, we've still heard nothing, even though we had
"our day in court" some 10 months ago.  This could still take a while,
I'm told.

Thank you, as always, for your continued attention and publicity
regarding my case.  Let no one else fall as I have.

--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@...> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

---
You are currently subscribed to fors-discuss as:
ListSaver-of-fors-discuss@...
To unsubscribe send a blank email to leave-fors-discuss-23114F@...

I've added the comments submitted with the signatures
on the Letter to Intel to the web site:
<http://www.rahul.net/jeffrey/ovs/comments.html>

Cheers!

Jeffrey Kegler

---
You are currently subscribed to fors-discuss as:
ListSaver-of-fors-discuss@...
To unsubscribe send a blank email to leave-fors-discuss-23114F@...