"m" == merlyn <merlyn@...> writes:

>>>>>> "Tom" == Tom Phoenix <rootbeer+fors-d@...> writes:

Tom> I agree. But it won't be easy to accomplish, since I'm sure that most
Tom> legislators (judges, juries, reporters, columnists, employers) think that
Tom> "breaking in" to a computer shows sufficient "mal-intent" all by itself.
Tom> "After all", they'll say, "if you broke into my _home_, we wouldn't need
Tom> to show that you had evil intentions."

m> We need to show that "breaking in" is done by both white hats and
m> black hats. That *is* different from the way it's done in the real
m> world. We can design a lock, and test it in a lab, and then install
m> it in a door, and not test that door because we know the door is
m> correct. But we can't build complex systems that way... we have to
m> field-test them, and field-test them repeatedly, because systems
m> change.

It would be best if we moved away for the whole house breaking analogy
to one where intent is relevant in the *current* body of law. Let's
face it, theory aside, 99% of people who enter your house without your
knowledge *will* probably want to rob you. Whereas the proportion of
people who access your system without specifically asking for
permission and who do not want to cause damage is, to hazard I guess,
orders of magnitude more frequent.

IANAL but intent is recognised as germaine in some legal areas (eg
intent to defraud, intent to commit harm) so it might be better to see
if there are any analogies there.

That said, in my experience you don't even need analogies. I have had
good results explaining the issues to my satisfaction in such cases to
people completely outside the computer industry by going slow, trying
not to come across like a raving fanatic and avoiding technical minor
points. Plying them with alchohol also helps :-)

Aloha,

Frossie

--
Joint Astronomy Centre, Hawaii http://www.jach.hawaii.edu/~frossie/
Cuteness can be overcome through sufficient bastardry --Mark 'Kamikaze' Hughes