That makes up for one my screwups. I think we're about even now.
That's what I thought BEFORE I read the appeals court decision. The basic requirement when someone is "helping" improve security is to inform the sysadmins or network owner of the attempts and results. I run into that all the time when Snort finds some "helpful" individual running port scans on machines from inside the firewall at one of my customers. If he tells me what he's doing (preferably before, but after is tolerable) and tells me what he finds, there's no problem. However, Randall Schwartz didn't do that. He sat on his collection of decrypted passwords and didn't say anything until after he was caught. In fact, he did it twice over a 2 month period, without telling anyone. That's not helping anyone with security.
Permit me to speculate that such an explanation might be a good excuse fabricated by his attorney. I would susbscribe to this explanation if he had announced to Intel that a bunch of passwords were insecure. He could have done it anonymously and avoided retaliation. But, he didn't.
Here we agree. It was a major over-reaction on the part of Intel and should have been handled internally and quietly. For some unknown reason, Intel saw fit to turn this incident into a high profile legal action, probably to "set an example". Maybe there was a lull in the never ending AMD versus Intel litigation and the legal department needed some work.
Congrats. I've spent more time on the other side of the issue in having to deal with employees and consultants that double as hackers. Most of the threats tend to come from management, who should know better. I just lock the culprits account and wait for the inevitable angry phone call. A short yelling session along with the traditional recitation of the riot act, is usually sufficient to prevent all but the most hardened hacker from continuing to play. Where the problems start is when the attorneys get into the picture. They have only one method of solving a problem: legal action. Negotiation tends to be ignored and assumed to be a useless effort. I suspect what happened at Intel was that the PHB asked legal about his options and stupidly took their advice.
Now, back to the topic at hand. It's highly likely that some company or agency is going to "set and expample" of wireless hacking. It will probably be some person with an otherwise spotless reputation running port scans, WEP decryptors, or just Netstumbler on an allegedly secure wireless system. The primary purpose of the case will not really be to "set an example" as much as it would be to establish the evidence requirements, court proceedures, and judicial precidents required for conviction. Otherwise, each state will flounder erratically dealing with vague issues, such as what constitutes permission, while the district attorney refuses to prosecute due to lack of precidents.
Note that you do not have to be guilty to go broke. Randall Schwartz paid Intel about $60,000 in "restitution" and about $200,000 in legal fees. I'm not sure of the exact amounts, but that's quite a bit for an incident where no damage was done to the alleged victim.