40Hex Number 13 Volume 4 Issue 1 File 004 ------------------------------------------------------------------------- In 40Hex Number 12 Volume 3 Issue 3, Geoff Heap authored a commentary concerning the Department of Treasury's (Bureau of Public Debt) AIS Bulletin Board System, which was at the core of a controversy concerning the United States Government's role in computer information systems. Heap wrote: > [Not so] Recently, the AIS BBS was shut down because of an anonymous > letter which stated that the AIS BBS contained and distributed virus > source code and helped system hackers develop and test malicious > programs. While the AIS system did indeed contribute to fruitful research into malicious programs, computer viruses and the like, the immediate controversy surrounding its role as a representative of a United States government resource became apparent. Particular questions began to surface: o What was the purpose of this system? o Were computer viruses, virus source code and other malicious software being made available to those who could, in turn, use them for damaging or unethical purposes? o Was this system officially sanctioned by the Department of Treasury? If so, what was its official policy on the operation of this system? o Should the United States government, in any capacity, be operating a system such as AIS? In fact, the questions are too numerous to list, and the answers to them are subjective to personal opinion. Heap went on to write: > The Bureau of Public Debt has little to do with protecting our > country, and in regards to viruses, there is no agency who can protect > you from viruses. There is however a way you can protect yourselves. > It is through awareness that you can protect your data from the damages > incurred by malicious intent. The same awareness that the Bureau of > Public Debt was trying to make publicly available on AIS BBS. Before > the government did it, everyone else had already done it. This fact may > alarm some people, but I would estimate that there are well over 200 > other systems in the United States alone that currently distribute virus > code to people who very well could end up distributing it to other > people without their consent. I am a tax paying citizen of the USA, and > I know I would rather hear that we spend a couple hundred dollars > educating the public on computer viruses then hear about the thousands > of dollars in damage done by miscellaneous computer viruses that hit > companies and wipe out all their data. By closing down AIS BBS, the > door for virus writers to obtain virus source remains wide open, while > the people who could find the information valuable, if not necessary for > their jobs, just had the only door open to them slammed shut and locked, > maybe forever. It is hard to tell who hurts us more - Those who make it > harder for computer users to protect themselves, or those who sit in > blind ignorance. Heap expresses some valid points in the above paragraph, however, much of his sentiment is subjective opinion. While there are many private systems scattered throughout the digital landscape that do make malicious programs, viruses, stolen credit card information and other controversial or illegal data available on-line, the AIS system represented the first system established and apparently advocated by the United States government. (Although stolen credit card numbers are among the wares of many underground bulletin board systems, this was never one of the issues surrounding the AIS system.) The controversy surrounding the ethical issues of the AIS system are equally subjective, in fact, academic. The core issue, in my own subjective opinion, is whether the United States government has any business dabbling in that area to begin with. We, as a digital society, are standing on the threshold of a brave new world in telecommunications. Within our generation, we will witness the doors of the digital highways of the world opening to more and more people every day, from school children to genetic scientists to commercial and corporate conglomerates. It will touch all of our lives and make the world a much smaller place. The current political administration in the United States has recognized this, and has established their own policy on the "National Information Infrastructure," more commonly recognized by the acronym NII. While the impact and effects of the United States government's policies concerning the NII are yet to be determined, many still believe that participation of government in any capacity within the digital frontier can only lead to mismanagement, bureaucracy and abuses witnessed in other governmental agencies. Also, there are darker issues to consider, such as government-sponsored intelligentsia and encryption and privacy issues. All in all, many believe that the NII will lead to a new era in Big Brother for the 21st century. The intents and conceptions of the AIS may have been noble and genuine; I believe this to be the case. In fact, I commend Kim Clancy (who was the administrator of the AIS system) on her efforts in the computer and telecommunications security arena. To understand, research and educate on the topic alone merits commendation. There are, however, digital boundaries between "a good thing" and government sponsorship. Government influence or sponsorship always raises red flags in cyberspace. That's just the nature of the beast. Combine this with the fact that malicious software was possibly being provided by the AIS system, and you've got a political hot potato. The bottom line remains in question. No one argues the need for the ability to understand the nature of malicious software, nor the need for computer users to protect themselves. This argument is ludicrous. The argument remains, however, on the need or validity for the United States government to operate a system which may contribute to the existing problem. Disclaimer: Opinions expressed above are my individual views and do not reflect the opinions of US Sprint, nor are they intended to be construed as such. ________________________________________________________________________ Paul Ferguson Internet Engineer US Sprint Herndon, Virginia USA internet: ferguson@icp.net 8<-------------------- cut here ----------------------------------------- Paul Ferguson is currently an Internet Engineer for US Sprint in Herndon, Virginia. He has consulted in computer network and telecommunications technologies for numerous government agencies and corporations including NASA and Computer Sciences Corporation. Ferguson also previously indicated that he was the person who anonymously posted a message to the Usenet Newsgroup RISKS, which triggered the AIS Bulletin Board controversy. He can be reached on the Internet at ferguson@icp.net.