when no authority is
implied. As long-time RISKS readers will recall, this issue came up
relating to the trial of Robert Tappan Morris: in 1988, the Internet worm
never exceeded authority, because no authority was required to use the
sendmail debug option, to use the .rhosts mechanism, to execute the finger
daemon, or to read an unprotected encrypted password file. I wonder how
if prosecutors will ever figure this out!
As long as we attempt to shoot the messenger and hide lame security behind
overly broad laws, weak security will prevail, and whistleblowers will be
much rarer than glassblowers. (For example, DMCA is among other things an
attempt to outlaw whistleblowers.)"