What do you think about this apparently outrageous prosecution?
You must be logged in to the O'Reilly Network to post a talkback.

Showing messages 1 through 58 of 58.

• 59 cents a sec on bandwidth ?????
  2003-10-29 11:14:36  anonymous2 [Reply | View]
  
  
  hahahahahahahahahahahahaha i have a paymonthly plan wich costs about 13 dollars hahahahaha and i have a broadband connection hahahahahaha so i aint gettin prosecuted that other guys a nonce for gettin caught as for the company HA ther even bigger idiots than every one makes out to be they probably make double a month than what they pay out and there complaining i should slap them good looking.........idiots!

• economic correctness
  2003-05-11 20:04:56  anonymous2 [Reply | View]
  
  
  Indeed, the owner of the bandwidth has the right to determine its policies for useage and apprise employees of those rules. . . But, if there in no monetary loss or loss of services associated with that misuse, where is the crime ?
  Betcha they swat mosquitos with sledge hammers, too !

• Outrageous
  2003-05-06 19:24:13  anonymous2 [Reply | View]
  
  
  I would like to see these prosecutors persue real life threating cases with this energy..I can't beleive with all the missing children and un captured dangerous felons running loose, we are wasting our tax dollars on this.. UNBELIEVABLE

• This is an outrage.
  2003-02-27 10:47:19  anonymous2 [Reply | View]
  
  
  Whatever happen to the freedom of information. If I buy a book from the store, and when I'm finished reading it and choose to copy it for my friend to read, as long as I give credit to the writer and the publishing company, what's the big deal? Why should it be any different with a computer or digital information. It's outrageous the way our government is starting to run things, passing all this ridiculous legislation that prohibits this and that, and continually takes from the freedom our forefathers had intended for us to have as Americans. What in the world has happened to this country? It's ridiculous!!!

• david.birt@sympatico.ca
  2003-01-19 13:51:53  anonymous2 [Reply | View]
  
  
  HI.I THINK IT IS VERY UNJUST WHAT THEY ARE DOING TO MR MCOWEN.FOR GODS SAKE.WHAT ARE THEY GOING TO DO NEXT ARREST EVERYONE WHO USES A COMPUTER

• Sheesh the most Ridiculous thing i have heard ina long time
  2002-12-31 21:05:45  anonymous2 [Reply | View]
  
  
  I have nothing but sympathy for Joel,
  whose only fault was to work for a stupid institution.
  
  I am a lecturer here in India in one of the biggest universities and we have a dedicated connection to the net.
  
  So often the students and the faculties use it to download software over a couple of dayz.
  I fail to see what all this fuss is about

• utterly....completely....rediculous
  2002-07-25 22:09:30  maddog1331 [Reply | View]
  
  
  I have worked in the education system for awhile....and Ill tell you what this looks like to me. This fellow has made an enemy or enemies somewhere in the school, and those folks have blown this completely out of proportion. Also, I think it is being pursued because of politics....someone has made a big deal out of this, and if the case is now dropped, someone might get a bit mud on their face.
  
  As the article says, the school has to pay regardless of whether the bandwith is used or not. I believe this fellow David did something which he saw as beneficial, and would keep a resource (unused bandwith) from being wasted.
  
  No one is harmed, and some good could come of what he did. Any person with any sense should be able to see this.
  
  The above statement being said, what does this say about DeKalb Tech, the Georgia educational system, and the Georgia State Government?
  
  

• Power Brokers and Civil Disobedience
  2002-02-02 06:27:36  jpenney [Reply | View]
  
  
  Folks, it's time for open source fans to take action to protect our access to each other's technology.
  
  The transistor, the IC, the internet, the computer and all hi-tech were and are developed using money taken from the taxpayers of the united states. When AT&T had a monopoly, it was able to tax us by charging what it wanted for phone service, and it used that money to fund its research. When the military funds projects at high tech corporations (the military industrial complex - remember what Eisenhower said about that), the profits from the technology go to the companies who develop it with OUR MONEY. When NASA creates new technology by funding studies in universities using public money, and then transfers that technology, including patents and legal rights, to private corporations, we pay for it.
  
  Now the results of the research, and the profits derived thereby, have been given by the rich people's government to the rich people, and have become the "property" of large corporations, who are using the money to stifle those of us who believe in true democracy, where power belongs to the people, and where technology is used for bettering mankind. These guys obviously don't understand what Roddenberry was talking about.
  
  We as technical professionals need to realize now, that we hold sway over these corporations to a degree that they fear terribly and that they are scared to death of us realizing. And, we need to use that power to level the democratic playing field. The CEO and CIO and VP's certainly have no qualms about using their political power over us. They pay us just well enough to keep us content while they slowly drain away all the resources from which our power is drawn. Should we not turn the tables on them, now that they depend on us working for them? We have a code of ethics that is important to us. Do you think CEO's have a code of ethics? Do you think CIO's have a code of ethics? NO - THEIR code is, GET AS MUCH AS YOU CAN AND SCREW EVERYONE ELSE. That's not my code of ethics, and I don't want them running the world if that's how they think.
  
  The thing they fear most is that we'll stop behaving like good little boys and girls and that we'll actually take action to protect our interest. This sort of things scares the rich and dumb, because they don't have the brains to deal with logical sensible people - they like sheep. Well I'm no sheep, and I'm tired of these guys who know nothing and care nothing about the possible uses of technology for the benefit of all. It's time to take them down from their levels of incompetence and put them where they belong - on my software team, cleaning the CD-ROM burner with a Q-tip.
  
  Civil disobedience is the order of the day, and this event should trigger some of you to start your own little revolution.
  
  But you're worried about your job, right? High unemployment, right? Well, there's no need at all to put your job at risk over this. You can do this quietly. Do the corporations perform their societal sabotage in the open? No, of course not. They hide behind armies of lawyers and politicians - which we, the 98% of the country that isn't rich, pay for.
  
  So do we need to blatantly virus-ate computer networks? Do we need to openly shuffle bandwith over to our favorite non-profit? NO. But you are some of the smartest people in the world, and what CEO would know if you set up a free VPN for the shave-the-whales foundation? NONE. What CIO is knowledgeable enough about the actual technology to know anything about what the network is being used for? NONE. Who has the knowledge of whether you're running an internet chat service for the independent political party of your choice? NOBODY. Who would know if you set up a network trading board for local farmers to trade produce? ONLY YOU.
  
  You are the people who Lenin feared so much, he massacred them all. You are the people Stalin hated and strove to control with terror. You are the people with vocabularies hundreds of thousands of times larger than George Bush, and thinking capacity that he couldn't even accidentally dream about - WHY IS HE THE PRESIDENT AND NOT YOU?
  You are the people feared and hated by all who are lazy and stupid, because you provide the background against which they all appear lazy and stupid.
  
  You are the highly creative, the hard working, you know how to put in 90 hours a week when necessary, and you have control of immense resources of potential technological egalitarianism. Take these resources back from the corporations who have stolen them from the people of the democratic United States of America, and give them back to those people.
  
  It's up to you, the technology is under your control. Be smart about it though - don't kid yourself - if these rich people can screw you, they will, so keep your eyes open and keep some friends around for support if you get in trouble.
  
  Can't wait to see what happens when some fat boy reads this.
  
  JP

• Not that it matters now . . .
  2002-01-22 02:22:08  rholliday [Reply | View]
  
  
  Not that it matters now, since the State dropped the suit ( http://www.tacube.com/pages/mcowen.html ), but, technically (and admittedly sneakily) David McOwen IS guilty. Dave (username "ncdave") posted a very informative message on the laws involved ( http://www.oreillynet.com/cs/user/view/cs_msg/5307 ), however I question his final judgement. This is why:
  
  * As to Authorization generally: I'm sure that the installation of non-administration approved programs and/or programs not necessary to the function of the network nor directly conducive to the facilitation of the use of the network by, or the education of, the students of the university is forbidden in his contract as administrator. Think of all the bases covered by End User Licenses for even the simplest programs! A technical university I'm sure has all kinds of stipulations, and ignorance is not an excuse in contractual matters. You are expected to know what's in yours. That covers the WAS and KNEW portions of the burden of proof.
  
  * As to Computer Theft specifically : since Georgia put a value (US $0.59/sec.) on bandwidth, and it is counted as an expense by businesses and sold as a commodity by businesses, I believe it can technically be counted as the requisite "property" in the clauses. And that would at least fit the first statute: "... (1) Taking or appropriating any property of another, whether or not with the intention of depriving the owner of possession ..." if not the others.
  
  * As to Computer Trespass specifically: While it may in fact be hard for them to technically prove intention, circumstantially, McOwen did know how the Distributed.Net client functioned. Now this is again very deceitful (and we all know how honest governments are), but the client DOES fit the requirements in the statute. Granted it does not damage or obstruct the use of a computer, as Dave said, but it does alter the way it functions, however minimally. "... (3) Altering, damaging, or in any way causing the malfunction of a computer, computer network, or computer program, regardless of how long the alteration, damage, or malfunction persists ..." So even though it was only idle time, it altered it. There's point two, as well, "... (2) Obstructing, interrupting, or in any way interfering with the use of a computer program or data ..." The "program," if it actually needed to be named, could always be the operating system. Not that Windows needs any extra altering to cause trouble.
  
  So since the client fits all the slots, and McOwen knew it did all these things, intention could be either argued or circumvented as incidental when in reference to the authorization aspect.
  
  I'm not for David McOwen being charged and prosecuted. I think it's ludicrous and ill advised to the nth degree. So thank goodness this didn't make it to a Georgia court, because it could very well have gone through. Or so I feel, anyway.
  
  -Richard
  
  P.S.: Before you ask, no, I'm not a lawyer. Just a simple CS major with too much time on his hands. :) Which is why this could all quite possibly be inaccurate, inane crap. Feel free to let me know. rholliday_99@hotmail.com
• Not that it matters now . . .
  2002-01-22 02:47:14  rholliday [Reply | View]
  
  
  See also http://www.oreillynet.com/cs/weblog/view/wlg/1071

• what about people doing their online shopping using school comps? what about SETI?
  2002-01-04 17:54:50  allamneni_s [Reply | View]
  
  
  lets say he was wrong. and lets assume he deserves the punishment.
  
  why not prosecute employees who use school computers to do all their online shopping, download screensavers, use instant messengers, buy air tickets, and simply browse the net coz they are bored? surely there is some financial gain in some of these activities [think of not having to dialup from home for instance].
  
  think of the amount of bandwidth each employee consumes in doing things that are in no way related to their jobs in a single day.
  
  and what about students who installed SETI on their computers which are connected to the school networks. are they punishable too? how many students actually use the school network for doing purely academic work?
  
  what is needed is consistancy. misuse of resources[if any] has to be curbed. but the punishment has to be proportional to the economic loss suffered by the school. and the same rule has to be applied to all violators [students, administrators, technical ppl, faculty...].
  
  Clearly this is not going to happen. so why bother prosecuting one?

• McOwen is not guilty
  2001-12-22 00:22:27  ncdave [Reply | View]
  
  
  Under Georgia law, There are three elements that the State has to prove. It is not sufficient to show that he acted without authorization. He must have been without authorization, AND he must have KNOWN that he was without authorization, AND he must have INTENDED to do one of the SPECIFIC things that is forbidden by the statute... and the State has the burden to PROVE all three elements.
  
  That's the law.
  
  The State MIGHT be able to prove the first element, but it is doubtful that they can prove the second, and the third is impossible.
  Mr. McOwen's actions do not match the definition of the crimes with which he is charged. You may read the statute here:
  
  http://www.state.ga.us/cgi-bin/pub/ocode/ocgsearch?docname=OCode/G/16/9/93&highlight=computer%20trespass|computer%20theft|intention
  and here: http://www.uga.edu/~ucns/stddocs/compsys-proact.txt
  
  This is the relevant portion:
  
  | 16-9-93.
  |
  | (a) Computer Theft. Any person who uses a computer or computer
  | network with knowledge that such use is without authority and
  | with the intention of:
  |
  | (1) Taking or appropriating any property of another, whether
  | or not with the intention of depriving the owner of possession;
  |
  | (2) Obtaining property by any deceitful means or artful practice;
  | or
  |
  | (3) Converting property to such person's use in violation of an
  | agreement or other known legal obligation to make a specified
  | application or disposition of such property
  |
  | shall be guilty of the crime of computer theft.
  |
  | (b) Computer Trespass. Any person who uses a computer or computer
  | network with knowledge that such use is without authority and with
  | the intention of:
  |
  | (1) Deleting or in any way removing, either temporarily or
  | permanently, any computer program or data from a computer or
  | computer network;
  |
  | (2) Obstructing, interrupting, or in any way interfering with
  | the use of a computer program or data; or
  |
  | (3) Altering, damaging, or in any way causing the malfunction
  | of a computer, computer network, or computer program, regardless
  | of how long the alteration, damage, or malfunction persists
  |
  | shall be guilty of the crime of computer trespass.
  
  McOwen is charged with "computer theft" and "computer tresspass."
  
  But the text of the statute defining these crimes plainly says that for a person to be in violation of them he must have had the INTENTION of taking someone else's property for his own use (computer theft), and the INTENTION of damaging or obstructing the use of a computer (computer trespass).
  
  McOwen plainly intended neither. He intended no harm. He took nothing for himself. He did not personally benefit in any way from installing the RC5 program. He certainly did not intend to damage or obstruct the use of any computer. The RC5 program which he installed does neither.
  
  Plus, since this is a criminal matter, the State must PROVE all 3 elements of the alleged crime, INCLUDING criminal intent. The burden of proof is on the prosecution.
  
  This is important: For a person to be found guilty of either of these offenses, the State must prove THREE elements:
  1) That the person was without authority to do what he did, and
  2) That the peson KNEW he lacked that authority, and
  3) That the person INTENDED to do the things forbidden by the statute, such as damaging a computer or obstructing its use.
  
  Whether or not McOwen had proper authority to install the program is in dispute. He apparently thought so, or so he claims, and he clearly had authority to access the computers in question and make changes to their configurations. But it is alleged that he exceeded that authority when he installed the RC5 program.
  
  Perhaps so. But for the purposes of this case, it doesn't matter, because there can be no doubt that he did not INTEND the particular offenses forbidden in the statute. Therefore, according to the language of the statute, McOwen did not violate the law.
  
  -Dave
• I disagree
  2002-01-22 02:24:58  rholliday [Reply | View]
  
  
  Please see my later post to clarify.

• My view
  2001-10-23 06:28:02  freedom [Reply | View]
  
  
  While I will wholeheartedly agree that the punishment maximums being tossed around are absurd, I cannot bring myself to condone the use of taxpayers money in such a manner. This man should be forced to pay a fine of some rational amount. I do understand the motivation behind the RC5 project as I have been a member for over 2 years. I just do not believe in using OTHER PEOPLE's EQUIPMENT however you feel like using it just because you have the ability to install a piece of software. So, yes, the punishment sounds absurd, and I am sure it will not be handed down at anything even resembling the maximum sentences, but some form of punishment is due. Time to pay the price.
• But this makes you easy to control
  2002-02-02 06:56:06  jpenney [Reply | View]
  
  
  I agree that using other people's equipment is not proper, and I think that the world would be a much better place if all of us paid attention to the rules. After all, we all supposedly had a hand in making the rules, and the rules are there to benefit and protect society.
  
  Unfortunately, the people who brought this case are in no way concerned with rules. To them, rules are a tool to use to get what they want, and if you are willing to follow the rules, these people will gladly use you to get what they want.
  
  And what they want, is money.
  
  So - Who is using who's equipment?
  
  You and I pay taxes. These taxes (a portion of them) go to a public fund which is used to pay for things for the public. Some of these funds (a decreasing portion) go to the public, which includes all of our society, to educate themselves. Later these people derive profits from this education, and the profits are distributed somewhat equally. These people also take on varied careers and contribute to the diversity of our society.
  
  Some of these funds are given to private companies to pay for military development so we can defend ourselves when necessary, and the technology and profits derived from this development (i.e. research, or education) are given almost completely to the private companies that do the development. Their corporate officers get bonuses of several of my year's salary, they are given easy access to the institutions of government and are allowed to affect government policy, etc.
  
  How much more of the funds end up in the hands of private companies as opposed to being used to benefit the public?
  
  So again, who is using who's equipment?
  
  Is a network administrator using this state's equipment? Or is a citizen of the USA using equipment that he has paid for, lock, stock and barrel?
  

• Georgia prosecutors need to be prosecuted
  2001-10-10 08:59:33  rlwaldrop [Reply | View]
  
  
  In my opinion Mr. McOwen is a victim and should received punitive damages from the state in addition to the obvious, deserved acquittal and a formal apology for this misdirected attack.
  
  The prosecutors obviously don't have a clue about how to relate civic issues to new technological scenarios and should possibly be replaced and definitely repremanded.

• So ridiculous
  2001-09-28 00:20:56  fdnic [Reply | View]
  
  
  
  It is a ridiculous tragedy.
  How about David McOwen now?

• 78 years
  2001-08-04 11:02:41  sharkteeth [Reply | View]
  
  
  hello,
  
  an example from my computer running the dnetc-client.
  it's an athlon/650
  
  [Aug 01 18:13:49 UTC] The keyserver says: "Cow told me to change this proxy message so I did (ivo/1)"
  [Aug 01 18:13:55 UTC] Retrieved 51 RC5 packets (321 work units) from server
  [Aug 01 18:14:05 UTC] Sent 82 RC5 packets (652 work units) to server
  
  16 sec ca. 22kb -> 1408 bytes/s
  
  [Aug 02 17:20:58 UTC] The keyserver says: "Why is a cow2 ? Mu. (Ommmmmmmmmm)"
  [Aug 02 17:21:16 UTC] Retrieved 116 RC5 packets (688 work units) from server
  [Aug 02 17:21:31 UTC] Sent 90 RC5 packets (699 work units) to server
  
  33 sec ca. 29kb -> 900 bytes/s
  
  [Aug 03 18:23:08 UTC] The keyserver says: "Cow told me to change this proxy message so I did (ivo/1)"
  [Aug 03 18:23:18 UTC] Retrieved 69 RC5 packets (534 work units) from server
  [Aug 03 18:23:32 UTC] Sent 114 RC5 packets (676 work units) to server
  
  24 sec ca. 26kb -> 1110 bytes/s
  
  so let's do some math.
  
  the client needs ~25 seconds per day for update.
  in this time the client will transfer ~30kb.
  now we have 500 computers.
  
  NO, that's not 500*25 seconds, thats 500*30kb, period.
  
  the bandwith is also 15000kb/25s = 600kb/s (for about 25 seconds per day)
  
  and now it's going to be exciting.
  
  $415,951.49 in bandwith charges, 59 cents per second.
  
  $415,951.49 / 0.59 = 705002,5254237 seconds
  
  that's 28200 days a 25 seconds
  
  that's 77 years !!!
  
  ps: How old is the Georgia Attorney General ???
  
  
  

• Open Your Eyes...
  2001-08-02 08:04:55  netdvlp [Reply | View]
  
  
  As a person of few morals and not being religious, I hope I have some impact by saying, remember the "Golden Rule"? It's a truth that is unbecoming in the comments I've seen posted. I'm an application developer and though I've "played" around with *hacking* (mostly just on my own boxes), I don't go around messing with my employers' computers. They simply aren't mine to do with as I please. Sure, I've installed SETI before, I've installed Napster before, and other 3rd-party software on *my* work computer. But, never took advantage of being in the position to install software across my employer's network. Go home and setup a small network if you want.
  
  Basically, the case needs to be prosecuted and a *small* fine be imposed. The incident wasn't malicious and it was, or it seems, innocent. And, in reply to an earlier post questioning the merit of a severe punishment for a personal gain of *only* $1000 -- there's absolutely no logical reason to bring up the dollar amount ... $1 - $1000000 ... doesn't matter. The point is there was personal gain involved, regardless of the amount.
  
  In conclusion, how'd some of you network admins out there like it if someone that you gave network access to (outside of your organization - say a client with ftp access), installed scripts that they could run remotely on your systems anytime they wanted just to use your system's idle time? ... I think you'd mind just a little.
  
  Joe
• Hey Joe! Where u goin with that gun in your hand?
  2001-08-02 14:59:21  jakereuben [Reply | View]
  
  
  Dear Sir,
  
  Before commeting on what was wrote, you may want to pay more careful attention to detail. The point concerning the dollar amount is valid. If you re-read the post you will see that what I wrote is this: David was trying for the "chance"
  to win $1000, he wasn't owed $1000 which is what fraud would be. So therefore the dollar amount does matter. And also you may want to check your local laws as well. Them anount taken does matter in realtion to the severity of a crime. An exapmle would be theft of $50 of merchandise may be a Class C misdemanor but theft of $500 of merchandise would be a Class A misdemeanor- each carrying a different possibility of puinishment. Also Joe, the gold rule you refer to is this: "do unto others as you would have them do to you" The question is since the State of Georgia is a Great Big Enormous Power that can send its citizens to jail for 30 years for putting a program on some computers that did nothing mailicious- since the State holds the course of the future of that man in their hands- the question now falls into their lap, "how would you like to be treated?" David already broke the golden rule apparently (by your text) so therefore it would be moot to try an apply the Golden Rule at this point, dont ya think? Joe, I think you just wrote that letter to show us your knowledge of computers. Either way there is a man out there facig thirty years and an enormous fine for doing what? Putting a program on a computer. Maybe the state knows more about the operation of that program than even lil o David did... Is that what has you so bothered State of Georgia? Direct your anger then not at the first one you can grab but at the real offender.
  
  
  Still a Proud Texan
  
  Jake C Reuben

• Hello? State of Georgia?? Come back to Earth...
  2001-08-02 00:34:51  jakereuben [Reply | View]
  
  
  Perhaps the Stae of Georgia should be more interested in protectig the rights of it's citizens rather than bandwith. First, David was put in his role by the State of Georgia. Doesn't the State assume any liability of its own employee's actions? They hired him, they fired him. Furthermore, can the state prove that David knowingly violated the schools acceptable use policy? In other words can they prove he knew he was doing wrong before he did it. If not, it only leads to a more interesting question. Does the State of Georgia commonly charge it's ctizens with felonious activity when they otherwise do not kow they are commiting a felony? <- (a felony usually is committed due to gross disregard with prior knowledge of wrong) Also, by what means is the state ready to show that David was not in his role as an employee. In other words that he acted outside the realm of his employment for his own benefit? Before you answer that, consider this- the reward money was only $1000.00 , not one million. Also consider, you would think David would have been smart enough to realize the prize was redeemable by the owner of the computer. Which brings us to this- under what name did David have the distributed.net software registered? If it was his own, then the State has a motive, if under the school the state has no motive. Regardless, the crime commited would have been for the chance of a $1000.00 prize(uh hello Georgia? Back to Earth) And last, since the computers belong to the State why doesnt the state take into consideration the view of its TAXPAYERS? Well I have more I could write, this will do for now.
  
  A PROUD TEXAN
  
  JAKE C. REUBEN

• been there
  2001-07-25 10:26:30  jtpolk [Reply | View]
  
  
  This sort of stupidity happens quite often. Somewhere in the discussion the word ''hacking'' was used and someone whent off of the deep end.
  
  Earlier this year I was under criminal investigation by the state of Arizona. The Arizona Dept of Corrections web site was writing employee transfer requests into a file in a directory named _private (yea, a Front Page site on a Unix box), and they had left directory browsing on. I saw this, I reported it.
  
  I was informed that I had commited a felony and that the investigator was only calling me to inquire about by intent, and then based on his judgement of my intent, proscution would or would not occur.
  
  Did this investigator know ANYTHING about web server technology?? He knew, by his own admission, absolutely nothing.

• The case isn't about money ... it's power
  2001-07-18 11:29:17  markstinson1 [Reply | View]
  
  
  It's not about the money.
  The plantiffs want a 1/3 of the money. Sure everyone knows that $.59/second is outragous considering POTS long distance charges are around $0.10/minute at worst. The money is token amount in these days of million dollar lawsuits. It's a carrot for the jury to visualize and make the defendant look bad & evil for fraud & misuse.
  
  This case is about Precendence & Power.
  If they prosecute to the fullest, they can use this case and findings to take & grant unreasonable power to the State & University. Someone of a political nature see this as opportunity for their political agenda & lime light.
  
  This is just another example of FUD using a modern version of southern poticians ability to stir up a [legal/legit] lynch mob. They are going to take this life (ie. future) away.

• Mistakes...
  2001-07-18 10:00:41  toddh [Reply | View]
  
  
  Who in the IT community hasn't made a mistake.
  David loaded the DC clients...OK, so he was wrong. He was willing to diable/unload the clients if they only would have asked him. They could have explained thesituation to min. He probably felt pretty bad about the situation BEFORE all the legal stuff came down.
  Should they have fired him? They were within their rights, sure. But if he was a good SysAdmin, then replacing him could be quite costly, beside the hassle of interviewing, etc. If he was a marginal employee, then he may not have been worth keeping him around.
  I think going after him to the extent that they are is wrong. I work for a county office of education and one of our schools had kids from the school hack the network, steal a real IP address, extract passwords, etc. they got a slap on the hand and were told not to do it again. What dows it cost to recover from that? All the passwords need to be changed, systems and servers need to be checked, etc. That all costs money in man-hours. I think that is much worse than installing a DC client.
  I say reprimand him and give him a second chance (if his worth to the university calls for it)!

• Stupid...
  2001-07-18 09:12:07  chiron66 [Reply | View]
  
  
  Should he have lost his job. Yup. As an admin he should have realized that the bandwidth charges would pile up.
  I wonder though.... Would the school sue its students for all the napster and inapropriate uses they put the schools internet bandwidth to?
  Or is this just another example of executives fluffing up thier resume's by showing how "proactive" they are in hunting and "bringing to justice" all "evil hackers".
  

• Bandwidth Calculations
  2001-07-14 16:14:16  aluff [Reply | View]
  
  
  Most ISPs do not charge a flat fee for large connections these days, but use a usage model instead. The usage model most used is the "95th Percentile" calculation.
  
  * Periodic samples (usually every 5 minutes) are taken.
  * At the end of the billing period (1 month), the top 5% of the samples are dropped and the next highest value is used as the amount charged.
  
  If there are lots and lots of distributed computing clients, the sum usage increase might be enough to increase the bandwidth charges.
  
  Based on how distributed computing clients work, this seems a bit unlikely. However, DC clients were each grabbing large amounts of data from the master system periodically, with enough systems this could cause a large spike in bandwidth utilization. Enough spikes and the 95th percentile kicks in, resulting in extra charges.
  
  It's very possible that the University could blame David McOwen for a substantial amount of their monthly bandwidth charges. The fact that this occurred in December actually makes it worse for David, not better, as the delta between the non-DCC and DCC usage would be even greater.
  
  Unfortunately, the article doesn't say how much total bandwidth the university has installed. This would allow you to calculate the maximum possible cost involved.
  
  -Adrian Luff
  

• Attorney General of Georgia
  2001-07-13 15:11:31  carljparker [Reply | View]
  
  
  The phone number for the Georgia Attorney General's office is 404-656-3300. The AG is Mr. Thurbert E. Baker. Feel free to give him a call and let him know what you think of this case.
  
  Thanks,
  
  Carl

• Money or Time?
  2001-07-13 14:43:25  carljparker [Reply | View]
  
  
  The article is a little unclear regarding whether the University is actually seeking reimbursement of the $415,951.49. First, the article says that the state is seeking this amount from McOwen. Later, the article says that McOwen's lawyer, Joyner, says "it doesn't matter whether he comes up with the money."
  
  My understanding is that, in a computer crime, the total monetary damages are used to determine the severity of the sentence imposed (see http://www.grayarea.com/agsteal.html). I suspect the state is using the (seemingly) large estimate of damages in order to justify a more severe sentence.
  
  -- Carl
• Money or Time?
  2001-07-20 16:55:39  Richard Koman [Reply | View]
  
  
  The amount of money in question represents the financial loss the the school feels it has incurred. The remedy it is seeking is criminal prosecution, not restitution of the money. That's my understanding.

• how much of an admin was he
  2001-07-13 02:35:36  bry [Reply | View]
  
  
  the article doesn't tell us how much leeway he was given in the installation of programs etc.
  was he in fact aware that he had to ask permission to install this program, did they have a well worked out system for controlling the installation process. If so he must have know he was subverting this process, however I'm willing to bet they didn't have this well-defined process.

• Violators will be ... persecuted???
  2001-07-12 14:16:57  stardust [Reply | View]
  
  
  I am shocked that a state university would exercise such poor judgment. Would they call in the National Guard because someone's poodle is on the loose? Even if the school has a uniformly applied and extremely stringent policy stating that no new software will be installed without written permission, this reaction is completely out of proportion to the "crime" and to the fabricated "costs". The firing alone would be enough of an overeaction. Criminal charges? Outrageous!

• This is a friggin' joke!
  2001-07-12 11:15:21  robor [Reply | View]
  
  
  If David installed the dnet client without permission then he was in the wrong. I don't think anyone is debating that, even David. However, the state of GA is also in the wrong here. Rather than fix the problem in the quickest and most cost effective manner they waste taxpayer's money with a lawsuit.
  
  Here's how it should've happened... The dnet client is found. David is questioned about it. David admits he installed it. David is told that the client is not authorized on the machines and needs to be removed. David removes the clients (paid or unpaid - it doesn't matter). Then, if the school feels it's necessary they dismiss David. How much would that've cost?
  
  Instead... Dnet client is found. David is fired. A costly and totally unnecessary investigation begins. How many PC's are we talking about anyway? I've heard numbers of 300-600. I'll bet they could all be reloaded from scratch for the price this trial is going to cost. Another fine example of our red-tape laden government in action.
  
  Rob

• FromTheNorth?
  2001-07-12 04:58:07  tex [Reply | View]
  
  
  Is David McOwen from the North? Perhaps the people at Georgia State just wanted to screw him royally because they are suspicious of Northerners who know much more about technology than they do.

• Sympathies...but...
  2001-07-11 14:18:27  Shelley Powers [Reply | View]
  
  
  I have nothing but sympathy for David, and have great hopes that he doesn't spend jail time when he didn't intend harm. I hope that the judge and jury consider his "intent" during any trial.
  
  Having said that, though, I did want to say that installing software on any organization's machines without permission has been, is, and will always be a foolish, if not an illegal, thing to do. Regardless of the nobility of the intent, you're still introducing something into the organization's systems that could cause problems.
  
  In the bigger picture -- the concepts behind P2P aren't "new", but the public view of these concepts is; if we continue to bind legal behavior (or lack thereof) with P2P, actions such as David's will never be considered acceptable, and most likely will never be permissable.
  
  If nothing else, we need to use common sense when we use technologies based on P2P -- for the technology if not for ourselves.
  

• This is totally ridiculous and a big waste of taxpayer's money
  2001-07-11 11:27:22  kilowatt [Reply | View]
  
  
  If installing the RC5 client is punishable by such a ridiculously excessive penalty, the State of Georgia would be better off going after the advertisers that stick cookies on machines to track web usage without the users knowledge, and sending the results back to the advertisers, for commercial purposes no less.
  
  The RC5 client has been helpful in recovering stolen computers before, by tracing the IP the client used to connect from.
  It seems the State of Georgia would rather spend more taxpayer's money replacing a stolen machine, then recovering one.
  
  If the State of Georgia is paying 59 cents a second for bandwidth, they have already been taken to the cleaners.
• Absolutely - This is ridiculous BUT SHOULD BE OBVIOUS
  2002-02-02 07:03:58  jpenney [Reply | View]
  
  
  KW - Remember, when you say "The state of Georgia", you're talking about "The rich people in Georgia". They have the access and the control - not the people. So them spending the people's money on something that helps them cement their control makes PERFECT SENSE.
  
  Remember the goal of all human beings that this country is founded on - self interest.
  
  If the people who control the government can spend someone else's money to advance their own self interest, they always will - and the evidence is right here.
  
• RE: This is totally ridiculous and a big waste of taxpayer's money
  2001-07-11 11:33:02  phule [Reply | View]
  
  
  The 59 cents per second figure is completely and totaly false.
  
  David mis-represented this figure in his original post on Anandtech and no one has bothered to check up on it.
  
  It's simply wrong.
  
• Beside the point
  2002-02-02 06:59:59  jpenney [Reply | View]
  
  
• Phule ,based on what?
  2001-07-14 12:14:41  assimilator1 [Reply | View]
  
  
  Phule
  Where's the figures? ,what do you base your claim on that the figures he supplies are wrong?
• Notice how Troll, I mean Phule, doesn't respond? (NT)
  2001-07-18 05:28:19  robor [Reply | View]
  
  
  *
• WHAT CAN BE DONE TO HELP SUPPORT MCOWEN?
  2001-07-13 21:22:21  superpeer [Reply | View]
  
  
  Somthing needs to be done to help him. Who can supporters contact to get him the help he needs please?
• WHAT CAN BE DONE TO HELP SUPPORT MCOWEN?
  2001-07-14 12:12:47  assimilator1 [Reply | View]
  
  
  You can help him here http://forums.anandtech.com/messageview.cfm?catid=39&threadid=496588
• Really?
  2001-07-12 11:23:34  robor [Reply | View]
  
  
  Well then, if you're so positive the $.59/min figure is wrong then what is the accurate figure? How did the state come up with the damages? Fill us in...
  
  Rob

• Don't forget that RC5 is harmless...
  2001-07-11 10:45:41  assimilator1 [Reply | View]
  
  
  Comparing RC5 to a porn server or a DDOS attack is ridiculous ,there is NO comparision.
  RC5 is a legitimate scientific project.
  
  IF he did install it without permission then yes he should recieve some punishment ,which he already has seeing as he was asked to resign, but jail & $400k+ is totally excessive.
  No way did running RC5 cost anything close to that!.
• RE: Don't forget that RC5 is harmless...
  2001-07-11 11:26:34  phule [Reply | View]
  
  
  "Comparing RC5 to a porn server or a DDOS attack is ridiculous ,there is NO comparision.
  RC5 is a legitimate scientific project."
  
  You truly are cluless.
  
  It does NOT MATTER what he installed. It could be a program that did absolutly nothing. It is still illegial and a violation of the Accepable Usage policy.
  
  Your ignorance amazes me.
• RE: Don't forget that RC5 is harmless...
  2001-07-17 19:20:01  kevin_p_tracey [Reply | View]
  
  
  Well, well ... someone needs an injection of human genes don't they. Thank God, it coudn't happen here in Britain; we still see the law as something designed to protect people - not make someone some money. I'm genuinely deeply shocked that anyone would seek to defend such indefensible actions.
  By the way, I believe that in most civilized places of work one is allowed to foul up once in a while. You get a warning and if you continue only then do you get the sack. I can only assume that someone seriously hates the poor guy or else is one major league asshole.
  Perhaps jail and a crippling fine is too good for him ... why not hang, draw and quarter him. Don't forget to burn his house and sell any children he might have into slavery. That would teach him, right ?
• RE: Don't forget that RC5 is harmless...
  2001-07-14 12:04:56  assimilator1 [Reply | View]
  
  
  Phule your ignorace & arrogance is unbelieveable! ,of course it matters what the program does.One causes harm the other does not! duh!.
  And IF he did install it without permission then yes that should(has been) punished ,but not 15 yrs & $415k ,get real!
• Clueless yourself
  2001-07-11 15:34:03  jepar [Reply | View]
  
  
  Just leave the comfort of your destop computer for one second and walk outside, in the real world. Maybe with real life experience you would post comments that are more... human. This is not a binary computer issue "right or wrong".
  
  1. The extend of the immediate damage DOES matter. Running RC5 at work is childish compared to doing a DDOS say from work.
  
  2. Also the long term consequences of the actions have their wight. When you compare RC5 and porn, the long term implications are obvious.
  
  
  
  

• In regard to MONEY
  2001-07-11 10:41:33  vizaro [Reply | View]
  
  
  The university doesn't for internet based on data transferred. So, how did they lose money by these screensavers being installed.
  2) in reference to reconfiguring computers. Whoever wrote that the cost of reconfiguring computers is the money at question fails to understand the folowing point: David McOwen was the guy who configured the computers in the first place. Therefore, if they had simply told him to uninstall it, for free, i'm sure he would have done it rather than go to jail for 15 years.
  
  3) abuse? what abuse? Who lost anything? Maybe the state is just mad that he used their bandwith to help someone else for free...but this doesn't give them the right to prosecute. Universities are for education. Using lots of computers to solve hard problems ultimately add to the overall knowledge of mankind.
  
  ---V out.
• In regard to MONEY
  2001-07-17 22:54:49  zbuglady [Reply | View]
  
  
  I'm a university admin myself, and about a year ago I had an incident in which a student, without permission, installed the UNIX version of the software on one of the machines here. We had a chat about it, he was told not to do it again, and that was the end of it. But we're a private school, it was tying up only one CPU on a multi-cpu machine, and the individual who did it was a student rather than an employee.
  
  One detail that hasn't been mentioned is that for a period distributed.net was giving out prizes for teams that were able to crunch more. So in addition to other considerations, this individual on our machines (and perhaps the guy in the article) was in violation of our "don't use university property for personal gain" rules. Most universities have such rules, and the rules tend to be more stringent for state-owned machines.
  
  Distributed.net may or may not have worthy goals, but IMO it's up to the owners of the machines to decide whether or not they want to donate cycles to the cause and that's also stated on the distributed.net web site. Students pay tuition, I'm in charge of installing things on the machines and get them running, but that doesn't make any of us the owners. It's not a "get a PhD and take home an Ultra 10" deal, and there were no computers in my "10 year gift" catalogue.
  
  The charges sound draconian to me, and I hope that the worst case scenario doesn't become the final result. But we haven't heard the university's side. This guy could be anything from a kid working part time in the computing facility to fund his education to a long-time loose cannon who ran out of chances.
  
  BTW, for the individual in the Netherlands (?) who was asking about free speech -- the 1st amendment only gives you the right (with some qualifiers) to do what you want with your own printing press. It doesn't give you the right to appropriate the printing press of the guy down the road.
  
  Regards,
  
  PB

• what this article fails to point out
  2001-07-11 09:01:22  phule [Reply | View]
  
  
  What this article fails to point out is this:
  
  If David did not have permission to install the client on the states computers, then every single point mentioned above is moot.
  
  If David violated the Accepable Usage policy of the state by installing the clients, the state has EVERY SINGLE RIGHT to go after him under criminal prosecution.
  
  I think it shows extreme bias that the author of this article failed to mention this.
  
  What if David had set up something else on these computers, instead of the dnet client? What if he was running kiddie pr0n servers, or what if he set up all the machines to run DDOS attacks? Would there be this much support for him? No, of course not.
  
  But the fact remains: abuse is abuse is abuse under the law.
• Re: what this article fails to point out
  2001-12-22 00:42:32  ncdave [Reply | View]
  
  
  Phule wrote:
  
  > If David violated the Accepable Usage policy of
  > the state by installing the clients, the state
  > has EVERY SINGLE RIGHT to go after him under
  > criminal prosecution.
  
  That is not true. The DeKalb Tech AUP is not a criminal statute. The State only has the right to prosecute him criminally if he violated the law. That he did not do.
  
  If you annoy your manager, you can expect to be scolded or fired. If you knowingly violate your employer's policies then you DESERVE to be fired. But criminal prosecution should be reserved for... criminals. And criminals are people who violate criminal statutes.
  
  > But the fact remains: abuse is abuse is abuse
  > under the law.
  
  No, it isn't. "Abuse" is not defined in law, and is nor criminally prosecutable. CRIMES are what are defined under the law, and a careful reading of the statute plainly shows that McOwen is not guilty of the crimes with which he has been charged.
  
  -Dave
• what this article fails to point out
  2001-07-12 10:16:59  patree [Reply | View]
  
  
  agree with “What this article fails to point out is this” Please comment, but if David is the system administrator of the system, this implies that David has management responsibilities for the system. This also means that by that authority that has been granted by his position, he has rights to install and alter systems. He cannot be assumed to have committed the crime though deceit unless there is a policy that David has violated though the university change control system. Does this university have some stringent change control system or some policies about the systems written down that he has violated for his position at the university. Please someone fill in the blanks.

• Understand the money.
  2001-07-11 08:07:50  pie [Reply | View]
  
  
  David's tampering required the computers to be reconfigured. That costs money. That creates interruption. That delays projects. The figure is probably based on the stats. The stats help determine the number of tampered machines and the amount of work that needs to be undone. I suspect you'll find the charge is not for bandwidth, but based on it.
  
  Tamper with a machine, expect to pay the price.
• The question is why?
  2001-07-12 11:36:36  robor [Reply | View]
  
  
  Why pay so much money to reconfigure the machines when it was completely unnecessary? Why did the machines have to be totally reconfigured? David could've uninstalled the dnet client as quickly and easily as it was installed and it wouldn't have cost anywhere near this much money.
  
  It's not as if the dnet client is harmful. It uses spare CPU cycles. It doesn't mass Email or corrupt data like a trojan or virus. Why reload the PC's then? Security? The unknown factor? Are you telling me each time this school's network of PC's is compromised by a virus or trojan they totally reload the entire network? Do they also reload all of the PC's when a member if the IT staff is dismissed? After all he/she *might* have hidden harmful software on the network.
  
  This case should be dropped, period. If GA persues it I hope David wins and files a countersuit for damages and court costs (using the same formula the gov't used).
  
  Rob

• 15 years?? for installing a program?
  2001-07-11 04:56:31  sker [Reply | View]
  
  
  OMG, this is so insane!!
  
  Call me a conspiracy theorist, but I think the real reason for prosecuting McOwen is to halt the advance of p2p applications in general.
  P2p apps like freehaven and freenet pose serious threats for the investigative capabilities of law enforcement agencies. Since it's hard to ban p2p applications because of the first amendment *, they
  attack p2p from a whole other angle: the economic angle.
  Making it illegal to install a client because it consumes bandwidth will effectively 'kill' all Napster's, Gnutella's, Publius'es and other p2p apps out there.
  
  Any1 agree?
  
  greetz,
  
  el $ker, a worried student.
  
  * I'm a dutch law student, so correct me if I'm wrong; but this is freedom of speech right?
• 15 years?? for installing a program?
  2001-07-11 14:20:32  Shelley Powers [Reply | View]
  
  
  David wasn't charged because he installed a specific type of software -- he was charged because he installed the software illegally, without permission, and left a door open -- albeit with no intent to harm. It's not the software, it's the action that's being charged.
• 15 years?? for installing a program?
  2001-07-21 01:09:22  democritus [Reply | View]
  
  
  shelleyp wrote:
  >David wasn't charged because he installed a
  >specific type of software -- he was charged
  >because he installed the software illegally,
  >without permission, and left a door open --
  >albeit with no intent to harm. It's not the
  >software, it's the action that's being charged.
  
  I sincerely doubt that he'd have been charged if he'd installed the screen saver for the distributed project that's working on protein folding. I'd bet anything that it was the words "breaking encryption" that sent up a red flag to the attorney general. Someone no doubt has some weird half-baked notions that encryption breaking contests represent hackers, anarchy and the destruction of national security. Perhaps it occured to our dimwitted attorney general that computers that break sample messages for free could break real encrypted messages for free.
  
  It's like the story by physicist Richard Feynman who worked on the top secret Manhattan project. When he showed a general that the combination locks on their desks could be easily picked, the general didn't respond by changing the locks or by warning people not to trust the locks - no he responded by writing a memo telling people to change their combinations only if Richard Feynman had access to their desks. Great minds think...
  
  If we can scare the public away from decryption, the simple minded tyrant thinks...