Reverse Hacker Awarded $4.3 Million 171
jcatcw writes "Shawn Carpenter was awarded a $4.3 million award — more than twice the amount he sought and money he thinks he'll never see. Carpenter worked for Sandia National Labs as an intrusion detection analyst. He anayzed. He detected. He reported. He was fired — in Janurary 2005 after sharing his results with the FBI and the U.S. Army. Computerworld asked him what he hoped to achieve in that investigation. Answer: 'In late May of 2004, one of my investigations turned up a large cache of stolen sensitive documents hidden on a server in South Korea. In addition to U.S. military information, there were hundreds of pages of detailed schematics and project information marked 'Lockheed Martin Proprietary Information — Export Controlled' that were associated with the Mars Reconnaissance Orbiter. ... It was a case of putting the interests of the corporation over those of the country.' Ira Winkler, author of Spies Among Us , said the verdict was 'incredibly justified. Frankly, I think people [at Sandia] should go to jail' for ignoring some of the security issues that Carpenter was trying to highlight with his investigation."
Re:Gray and pointless. (Score:5, Insightful)
Re:What Is A "Reverse Hacker"? (Score:5, Insightful)
Re:Am I The Only One Alarmed By.... (Score:5, Insightful)
Of course they do. Remember GM's cozy relationship with the Nazis. It's true once WW2 broke out that they didn't have direct control of operations in Germany, but leading up to WW2 they were quite aware that conflict was probable and that they'd be profiting by selling to both sides. Their chairman, Alfred Sloan, said that with respect to German factories, "We must conduct ourselves as a German organization."
For better or worse, we have set up corporations to reward simply any profitable behavior that is within the letter of the law. Or even close enough to get away with. We should not expect patriotic, or even moral behavior from them. Anybody who's ever been involved in a business ethics issue knows that the ultimate bottom line is whatever you can get away with. A committed person can get more from his coworkers and superiors, they are individuals after all and most of the time they usually have at least a common sense of decency that can be appealed to. But turn your back and you're right back to the bottom line.
This is especially insidious because people judge themselves, not against principles, but by how they compare to others. When other people are going along with something, there is a strong presumption that it must be OK. People will rationalize what they do to make it seem right, before they change what they do to conform to their own ideas of right, until eventually they lose sight of the difference between right and wrong. That's why good people end up doing bad things.
So we should not be shocked or suprised by this. This is the reason we have laws, and legal relief for unjust actions taken by corporations in their selfish financial interests. To force basic moral and civic responsiblity on organizations which are by design simple profit generating machines.
It's not shocking that corporations behave amorally. Nor is it punitive to reign them in when they use the special privileges they have been granted abusively. It's just realistic.
Re:Gray and pointless. (Score:1, Insightful)
The only thing that we're certain of is that Shawn Carpenter is clearly shown to have disregarded the straightforward and honest rules of his workplace. People do all sorts of dishonest deeds under the cloak of "patriotism" and the only incontrovertible evidence is that this dude is a cracker.
Re:Am I The Only One Alarmed By.... (Score:4, Insightful)
Actually no, we didn't. Obeying the law is not a requirement for any corporation as the "fines" levied from breaking any laws is simply the cost of doing business. If the profit gained by an action outweighs the consequences of legal action, then any legal punishment in the form of fines is the cost of doing business and "good for the shareholders".
Re:Gray and pointless. (Score:5, Insightful)
This is what we know.
1. This guy found an intrusion on his network, which because he was their network guy he was being employed to do.
2. He informed his employer that sensitive data was being stolen.
3. His employers did nothing because they're incompetent nitwits.
4. He, being a good American did what he was supposed to do and tracked down the people who stole the secrets and reported it to the FBI.
5. His bosses, now with egg all over their faces, fired him because he showed they were in fact incompetent nitwits.
Now beyond that, the whole lawsuit thing is frivilous. If I were this guy I would have walked into my congressmans office and started the conversation with, "Wanna hear how a goverment agency that gets billions of dollars of taxpayers money is letting its secrets get stolen?" I would then sit back and let the shit storm begin.
As for the dishonest deeds, I think it started with the people who were breaking into american computer systems and stealing the data.
Though I've always asked this question: If I was running a labratory that was working on some cutting edge military technology, why would I have any of the labs computers connected to the Internet???? Setup a secure isolated network and call it a deal!
Re:Most amazing quote from the article (Score:3, Insightful)
Was his wife's name Valerie Plame?
Same s**t, different authoritarian boss.
It's just a risk market. (Score:5, Insightful)
Bingo. I don't know why people get their panties in so much of a bunch over what corporations do. They're almost always utterly predictable. The only times when they aren't predictable, is when they're dominated by a particular personality, and then they tend to take on the irrationalisms (for better or worse) of the controlling person.
But most major corporations, run by boards of directors and their appointees, will do whatever is profitable based on the information and best-guess assessments that they have available. They will do this without regard to Law or really to Ethics, except insofar as those feed into the risk/benefit decisions.
I have no doubt that if the enforcement of laws against organ harvesting was lax enough, to the point where a person could expect to get away with it, corporations would probably get into that business, too. It's a straightforward calculation: what is the risk of getting caught, times the consequences of getting caught, and is that greater or less than the chances of succeeding, times the possible payout. If the latter exceeds the former, and it's greater than the opportunity cost, then the corporation does it. (And if they don't, someone else will. There's no such thing as universal ethics; you can always find somebody who'll "go there" regardless of how repugnant the opportunity for profit might be.)
You can look at an illegal act in the same way that an insurance company might approach a significant new risk: what are the odds of the insured-against action happening, and what would we have to pay out if that happened, so what should we charge in premiums? Except in the acting-illegally case, the "premiums" are what you'd need to expect you'd be able to get out of doing the illegal act, in order to make it, on average, worth doing.
So when you see a corporation dumping toxic waste, don't bother being surprised. Somebody, somewhere, did a calculation (either literally or figuratively), and decided that the potential gain of the dumping, even when the risk of getting caught was factored into it, was profitable.
As corporations get bigger and bigger, this is only going to become more apparent. If a major multinational corporation breaks some laws, it's probably not going to end the company. In the future, it could get to a point where they're so much bigger than governments, that no amount of illegal action would ever be 'fatal,' and thus they would follow the risk/benefit calculations even more closely, because they'd be able to more easily afford getting caught every once in a while (in the same way that a larger insurance company can sometimes offer lower premiums, because they're bigger and can absorb more risk).
Re:Gray and pointless. (Score:3, Insightful)
Well, if you go with the premise that you have enough information to determine that there's nothing shady going on then it's a foregone conclusion. But you don't have that information, and I don't have that information. All we have are selective leaks from "security sources" about the case. On his own admission Carpenter performed the followining unethical behaviors:
I'd say it's pretty clear that his ethics and morals are questionable based on the above. As I don't have oversight of US intelligence activities and can only point to a long past history of US misdeeds (including supporting and funding terrorists in Latin America -- carried out by another well-known "patriot" called Oliver North [wikipedia.org], the manufacture of evidence about Iraqi WMDs, the attacks made on CIA operatives by the neocons [wikipedia.org] etc.) I can only express a deep skepticism about what this self-confessed criminal was up to.
If you want to bury your head in the sand about the possibility that there's a little more to this than meets the eye then that's fine, but starting out with an assumption of honesty pretty much precludes all rational discussion. You should add all the above to your list of "this is what we know" and remove assumptions that he's a "good American". All we can observe are the publically reported parts of his behavior.
It'd be a good idea to add in to that list of "stuff we know" the information that Mr.Carpenter and his wife have obtained jobs in the heavily politicised Dept. of Homeland Security (I referenced that earlier here [slashdot.org] but a few people seem to think that my musings are un-patriotic deviations from groupthink and should be modded down to oblivion, so you might miss them).
Re:It's NOT as bad as that - you forgot about... (Score:5, Insightful)
If you don't like people dumping toxic waste, make it riskier to do so (through increased enforcement), and make the loss greater in the event that you are caught (stiffer penalties). That's going to directly affect the economic decision to dump or not dump.
Rather than arguing about morality or ethics, I think it's more useful to just assume that all large organizations are going to be run by sociopaths, and build the laws to cope with it. If every once in a while, it turns out that one of them isn't, then all the better.