L' Affaire Mattman

We used to play for silver
Now we play for life
One's for sport and one's for blood
At the point of a knife
Now the die is shaken
Now the die must fall
There ain't a winner in this game
Who don't go home with all
Not with all..
from Jack Straw by the Grateful Dead

I was originally going to write a column entitled Volume 2. This issue marks the beginning of my second year as a writer for Net4TV Voice. My very first column appeared April 26, 1998. This one will be in the April 25, 1999 issue, though I would be willing to bet that the paperboy announcement will not be out until the 26th. Anyone wishing to send me a card commemorating this anniversary may substitute a birthday card instead. Yes my first column came out on my birthday, making it a memorable day, the date my very first published work was released.

I was going to muse on how I have grown by writing this column and how the column has changed. Maybe I will leave those musings for my next anniversary because there is a hot topic to write about now.

You could legitimately ask me why I did not tackle the topic of the TOSing of Mattman last time when I had no topic. I knew the Mattman story would be covered in the news section. (In fact I had alerted Laura, the publisher, to the breaking story as I am sure several others also did.) I felt I would wait to write when there was time to apply more perspective to the story. I felt as a columnist my job is to reflect on the story and raise issues for you to think about, not to just merely report the news.

In some ways this story does tie in to my Volume 2 theme. As I look back into my archives, I see two past columns that are somewhat related to the Mattman controversy. Those two columns are "Terms of Service" from 7/22/98 and The Blue Mole Page: A Moral Dilemma" from 6/21/98. If anyone wishes to reread either or both of these, they are in the archives.

I would imagine the first question to be asked should be "Can WNI do this?". Actually they did do it, so we know they can. The question should probably be rephrased as "Can WNI do this while complying with the TOS?". Here is the relevant portion of the TOS.

6.2 Termination by WNI. WNI may terminate the Primary User Account (and thereby terminate all related Secondary User Accounts) at any time at WNI's sole discretion with or without prior notice or warnings. Upon such termination the Primary User will be notified by Postal Service mail at the address specified during the WebTV Network registration process. Such cancellations are only likely in the event of misuse of any part of the WebTV Network Access Product or the WebTV Network, delinquency in the payment of the Primary User Account, misconduct on the WebTV Network or for disruption or termination of Internet service in your area, although all cancellations shall be entirely at WNI's discretion.

This rather arbitrarily allows them to do anything! But of course when you pay your fees, you do get something too in the TOS--the right to access the WebTV network. Well not exactly, let's look at the TOS again.

7.2 No Warranties. The WebTV Network and its services are made available on an "as is" basis without warranties of any kind, express or implied, and WNI expressly disclaims all warranties of merchantability, fitness for a particular purpose and non-infringement in connection with the WebTV Network and its services. Neither WNI, its officers, directors, parent corporation, employees, partners or anyone else involved in creating, producing, promoting or delivering the WebTV Network shall be liable for any indirect, incidental, special or consequential damages, however caused and on any theory of liability, arising out of or in any way connected with the use of, or inability to use, the WebTV Network, whether based on contract, tort, strict liability or otherwise, even if WNI and/or any of its suppliers has been advised of the possibility of damages. Because some states/jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you.

Theoretically if WNI ever ceased services (ala NetChannel) according to the provisions of the TOS, you would still be liable to pay them until you formally cancelled your service. (The means of doing this are also outlined in the TOS in section 6.1). Somehow I think if you went to your credit card company and asked to cancel your automatic payment because the service is no longer being provided, I think they would comply with the request. In case you paid in advance by check and they cancelled and still felt that they deserved your money because of these provisions, I think various States' Attorney Generals would have a field day with class action lawsuits.

I think it would be fair to say that despite, their powers as granted by the TOS (which we all implicitly agreed to), WNI has not just arbitrarily thrown users off. We can see in the letter that was sent to Mattman that they have set up procedures to determine whether a user's services should be terminated. To my way of thinking, these procedures become our due process rights. When WNI says in its termination letter to Mattman that they have sent him several warning e-mails and yet he has received no warning e-mails, it is proof that they are not following their established procedure for terminating a user's account. I think we can all agree that despite their right to arbitrarily kick any user off, it should be incumbent on them to provide the user with the reasons for the termination and a chance to defend himself. After all, no one is perfect. The termination could be a mistake.

I would also argue that just because you can do something within the letter of the law does not make it the right thing to do. Let me illustrate what I mean by using an example from my life. Due to a quirk in the law in New York State, school boards do not have to allow absentee ballots in the elections (budget votes, election of school board members, and bond votes) that we conduct. There were never absentee ballots in our elections and as far as I know this was never a point of controversy until the winter of 1996. We had a bond vote in December 1996. Our area has many people (primarily senior citizens) who summer in Florida and are not physically present in the winter. At the time of this election, the issue of why absentee ballots were not provided for became an issue

We later took up this issue and it was somewhat divisive within our school board. There were a few board members who felt that the people being shut out of voting were not really community members and did not care about the common good. They argued that this was why we were given the right by state law to not allow absentee ballots if we so desired. There were others on my board who sympathized with this argument, but they felt very uncomfortable denying the right to vote to anyone. I argued that denying absentee ballots shut out more than the so-called "snowbirds". We were also shutting out college students away from home, the handicapped, those temporarily hospitalized, and those away for business reasons. And of course I also felt that it was not right for me to deny anyone the right to vote even if it was legal. To pass anything on our nine member board requires five votes. We passed adding absentee ballots to our elections by a vote of 5-3 (one member was absent). If I, or any of the other four who voted yes, had voted no (or even abstained), there would still be no absentee ballots.

One of the people who voted by absentee ballot in the first election conducted under the new rules was my own father. He is legally blind and entitled to an automatic absentee ballot due to his handicap. I could have legally denied my own father the right to vote. That might be legal, but I dare anyone to defend it on any moral ground.

One of the people who did not vote in that December election before absentee ballots were allowed was my son away at college. He had just voted for the first time by using an absentee ballot in the national election in November. There is another category of people who I could have denied absentee ballots to and made it very difficult for them to vote. Again, just because it is within the letter of the law does not make it morally right.

My argument concerning WNI's treatment of Mattman basically follows the same line of reasoning. Just because it is within the letter of the law (the TOS as written by WNI), does not make it morally right. I think WNI knows this. That is why the termination letter talks of previous warnings that went unheeded. Even they realize that even though they can toss someone off with no warning, they do in fact owe a warning. They owe the accused the right to change his or her behavior or possibly even the chance to prove that they did not do what they are accused of.

As I reread what I have written, it strikes me that I have not really spoken of Mattman's conduct. To me what WNI has done is more important. They are the ones who can change the TOS at any time. They are the ones who wrote the TOS and can arbitrarily enforce it. They are the ones who have power, not Mattman.

But, I will deal with Mattman's alleged offenses. We do not really know for what offense he was booted; his termination letter that he shared with our readers in the last issue does not give a specific reason. The two issues that seem to be the suspects are hacking the system and sharing the codes to download the game Doom for users of the Plus.

I think we would all agree that hacking the system violates the TOS. However, WNI thanked Mattman for his contribution in alerting them to a hole in their security. He was both offered free merchandise in the WebTV Store and thanked in the name of Bruce Leak, one of the WebTV founders. (In the news section of our last issue, he is pictured with the jacket that he picked out.) If this hacking was the reason for the termination, I think we could all agree that either the left hand did not know what the right hand was doing within corporate WNI or if they changed their thinking about what he had done that they at least owed him a warning. I believe given WNI's actions, it was fair for him to believe that WNI tacitly approved (or at least did not disapprove) of his actions.

That leaves us with the issue of Mattman sharing the codes to download Doom to the hard drives of Plus units. I am not going to raise the issue of whether this game was promised by WNI to Plus owners a long time ago; that issue is really not relevant. I would argue that if this was the conduct that resulted in Mattman's termination, it was still unfair. His termination letter said that he had not desisted in the prohibited conduct despite the numerous warning. Since he did not get the warnings, he was not given the opportunity to stop sharing those codes. As I argued earlier, I think this both violates the procedures that WNI has set up in terminating an account and is also just plain wrong even if it conforms to the rights that WNI unilaterally gives itself in the TOS.

At the top of the column I mentioned that this is my first column of my second year of writing for this (or any other) publication. To commemorate this I am going to do something with the column that I have never done before. I am now turning over a portion of this column to someone else. He will give a different viewpoint. This is not a point by point debate; neither of us has seen in advance what the other has written. It is meant to give different opinions so that you, the reader, have different viewpoints to consider. Please give Wolverine_X the same kindly attention that you have been giving to me.

MattMan was to different users different things. I think most could agree that he was helpful to both newbies and old timers alike. He gave to the masses of Plus users the game Doom. To those with an interest in the future, he gave previewers' information. He was also a "hacker", and a well respected one at that.

The issue that has caught the attention of the newsgroups and online publications like this one by storm is the TOS'ing of MattMan. That said let me tell you what this issue is NOT about. It is not about WebTV's rather large and broad by definition Terms of Service. Its not about WebTV's lack of security nor the "holes" in its network. It is about a man who has admittedly tried to exploit holes in WebTV's network and how those actions committed by him or by him as part of a larger group relate to WebTV's definition of the Terms of Service.

By Matt's own admission in his interview with Net4TV Voice, through his posts and through things attributed to him by other hackers, here is a short list of things Matt has done of his own volition since just last year.

He is responsible for the following tricks-- accessing deleted users, the NoSave/NoSend overrides, and the ability to directly access WebTV URLs, better known as the Info button trick. Matt did in fact successfully access Weekly/Test Drive in early Fall 1998 and again in Nov 1998. He released previewer information. Matt also told thousands how to download Doom via his posts in the newsgroups. He also accessed the Export Service and had access to what's known as an ID stealer.

Those actions by themselves may not warrant an account termination, but taken as a whole they very well may. At this point I'd like to state that the reasons for his TOS'ing are speculative by all parties other than WebTV. I am simply providing possible reasons for his account termination.

WebTV never wanted their pages saved or sent to by other users. The NoSave/NoSend trick circumvents that.

I mentioned he accessed Weekly/TestDrive in early Fall 1998. WebTV then blocked access to it. Obviously Matt was not deterred as he found another way to access that area by November 1998. This shows a premeditated effort on his part to get into an unauthorized area before and after WebTV tightened its security.

I am assuming the Export Service is yet another restricted area as I have never been there myself.

The leaking of the Doom information is huge. Not only was he again in an unauthorized area of the WebTV network, but it completely disregarded any possible licensing agreements WebTV had or has with idSoftware. In other words he cost the network a lot of money and aided in the violation of the TOS by anyone that downloaded it.

Now while I have no evidence that Matt used the SID stealer I do know he knew about it. What is a SID stealer used for? Could it used for stealing the silicon id # from your box? That number can be used to try and "hack" your box and get into your private files. That very same SID stealer was traded away for other hacking information.

WebTV's Terms of Service are quite clear in most every subject I've touched on. Section 6.2 describes quite clearly reasons for being TOS'ed. It also states quite clearly that WebTV does not have to give prior warning before account termination. Section 6.4 points out the length of time before one can return if terminated for abuse. Section 8.4 outlines how WebTV may or may not enforce the Terms of Service at their discretion. Item #1 under Usage By Type of Information defines what is considered private and what is not. Item #5 under the Subscriber Responsibility for Protection and Privacy covers WebTV's handling of our information during an investigation. Meaning they feasibly had access to both Matt's email and favorites.

Also you will not get any email address for Legal at WebTV by calling the 1-800 number. I have tried repeatedly and they quite simply don't have it.

After pointing out all of this I find several problems with this entire issue. Matt is a man who is brilliant enough to find and exploit holes in the WebTV network yet couldn't understand the TOS. He repeatedly tried to access unauthorized areas of WebTV even after they had blocked access. He did knowingly find ways to send and save files that WebTV had attempted to keep private. What I am showing is a pattern of decisions and actions on Matt"s part that could have resulted in his account termination.

Keep in mind these are only the things I could find. I am sure there is much more. Where are all the emails from these "corpies"? Most every "hacker" in a.d.w.h knows to back up their saved info, so where is the proof? WebTV will have dates and times of unauthorized access where is Matt's proof?

In the past I have compared the actions of the WebTV hackers and WebTV themselves as a game. The hackers access something or breach some form of security and WebTV counters by plugging the hole. The hackers then find new and inventive ways of getting around it. I'm sure that Matt doesn't feel this is a game anymore.

The fact is if these same actions were performed against any other company or service provider the results would be the same or worse.

The question that should be asked is who protects WebTV from the people that try and breach its security. If WebTV was reading our mail or accessing our copyrighted homepages would we not be outraged? Would we not sue them? You bet we would! So how then can anyone presume WebTV is in the wrong for protecting itself from a user that has by his own admission acted against the Terms of Service?

In closing I cannot believe we hold those that break binding agreements in such high regard. I cannot fathom that people are putting the blame in this case on WebTV and not squarely on the shoulders of Matt. WebTV has been forced to draw a line in the sand and unfortunately Matt was the first victim.

I think all of us can learn three things from this. 1)Take responsibility for your actions. 2)Read the Terms of Service 3)If you hack you could be caught. If you're caught you could be held accountable and your account could be terminated.

Thanks to Net4TV Voice for this opportunity. X

Thank you Wolverine_X. I hope that we have shown that people can disagree with one another without resorting to name calling or flaming. I hope that all who post in newsgroups whether the fire-walled WebTV groups, Usenet, or both can learn from our example. I am sure the readers of this column have a lot to think about.

As always your comments are welcome. You can send e-mail to voice@iacta.com and put Jeff G as the subject.