A lot of nonsense has been published in the press about computer hacker Robert Morris's "Internet worm" (the technically correct name for the program he wrote; a "virus" is a different thing). One would think that two members of the House of Representatives would have the resources to get the story right when complaining about Morris's sentencing {Free for All, May 19}. Sadly, this is not the case.

"Industry was counting on a tough sentence for Morris." I don't know which industries Reps. David Dreier and Wally Herger asked, but I suspect that the computer industry in general, and the two major computer makers whose machines were hit by the worm in particular, are happy that nobody so far has questioned their part in this event. After all, they released the software containing the security holes that allowed the worm to attack their machines.

One of those holes was a deliberate "back door" into the electronic mail system, put there by the author so he could maintain the software in the university environment where he wrote it; he forgot to remove the back door when he released the mailer for general use, and the computer companies who redistributed his program failed to remove it, too, even though they had the source code and supposedly examined it before releasing it.

"No one would excuse someone who broke into 6,000 businesses and military installations, destroyed important documents and stopped work for days." The Internet worm destroyed no data; it was incapable of doing so. Any site whose work was stopped for more than a day had incompetent administrators; the worm's behavior was completely understood within a day of its release, and preventive measures were broadcast on the same network the worm used to spread itself.

There is a more accurate analogy for what Morris did. A bunch of businesses and military installations use the same locksmith, who accidentally gives them all locks that can be opened with the same master key. Morris discovers this, obtains a key, goes to each door, opens it and throws in a bag full of confetti. He should have just sent them all a postcard telling them about the problem, granted; at least he didn't throw in firebombs or use the key to steal for his own gain.

All of these details came out in the technical press within a month of the release of the worm; they make Morris's sentence appear reasonable and appropriate. Either Dreier and Herger didn't know them or didn't understand them in their quest for Morris's blood.

-- John R. Bane