fors-discuss : Message: Re: [fors-discuss] Hackers, Crackers, and the law

"Frossie" <frossie@...> writes:

> "m" == merlyn <merlyn@...> writes:
>
> >>>>>> "Tom" == Tom Phoenix <rootbeer+fors-d@...> writes:
>
> Tom> I agree. But it won't be easy to accomplish, since I'm sure that most
> Tom> legislators (judges, juries, reporters, columnists, employers) think that
> Tom> "breaking in" to a computer shows sufficient "mal-intent" all by itself.
> Tom> "After all", they'll say, "if you broke into my _home_, we wouldn't need
> Tom> to show that you had evil intentions."
>
> m> We need to show that "breaking in" is done by both white hats and
> m> black hats. That *is* different from the way it's done in the real
> m> world. We can design a lock, and test it in a lab, and then install
> m> it in a door, and not test that door because we know the door is
> m> correct. But we can't build complex systems that way... we have to
> m> field-test them, and field-test them repeatedly, because systems
> m> change.
>
> It would be best if we moved away for the whole house breaking analogy
> to one where intent is relevant in the *current* body of law. Let's
> face it, theory aside, 99% of people who enter your house without your
> knowledge *will* probably want to rob you. Whereas the proportion of
> people who access your system without specifically asking for
> permission and who do not want to cause damage is, to hazard I guess,
> orders of magnitude more frequent.

Agreed.

As Randall argued in his trial, our computers (as agents of our
bidding) access and modify the content of computers owned by other
organizations every day, without prior authorization from those
organizations. The computer domain is radically different than the
physical domain, and as such, existing precedent cannot be rotely
applied to computer cases.

Why should access to port 80 be considered perfectly legal while
running an ssh connection on port 23 not be? Both have the potential
to modify data on the other side of the fence, the difference is my
intent. Most port 80 accesses are requests for information being
made available by the organization. Someone talking to port 23 wants
shell access, and is walking into non-public space.

jas.

Expand Messages

Author

Sort by Date

... But it's hard to explain technical issues (by definition), and it's especially difficult to explain them to legislators, prosecutors, judges, and juries....

Tom Phoenix
rootbeer+fors-d@...

Aug 29, 2001
8:24 pm

] On Wed, 29 Aug 2001, Dave Sill wrote: ] ] > jasons@... wrote: ] > ] > >... We need a way to help the legal system show leniency when people ] > >were...

David Keegel
djk@...

Aug 30, 2001
12:16 am

... I agree. But it won't be easy to accomplish, since I'm sure that most legislators (judges, juries, reporters, columnists, employers) think that "breaking...

Tom Phoenix
rootbeer+fors-d@...

Aug 30, 2001
2:42 pm

... Tom> I agree. But it won't be easy to accomplish, since I'm sure that most Tom> legislators (judges, juries, reporters, columnists, employers) think that ...

merlyn@...

Aug 30, 2001
3:21 pm

... Tom> I agree. But it won't be easy to accomplish, since I'm sure that most Tom> legislators (judges, juries, reporters, columnists, employers) think that ...

Frossie
frossie@...

Aug 30, 2001
7:11 pm

... Agreed. As Randall argued in his trial, our computers (as agents of our bidding) access and modify the content of computers owned by other organizations...

jasons@...

Aug 30, 2001
7:59 pm

] On Thu, 30 Aug 2001, David Keegel wrote: ] ] > getting legislators to focus more on intent (eg: requiring clear ] > mal-intent for computer crime offenses)...

David Keegel
djk@...

Aug 31, 2001
1:51 am

... The logical extension to this analogy is that having noticed the door is open, we step just inside the room to have a quick look - to see whether the...

Dave Mitchell
davem@...

Aug 30, 2001
3:56 pm

... Or "to look if indeed this is the room we thought should be locked". A couple of guys here in NL noticed a window to the bank open at night when they were...

R.E.Wolff@...

Aug 30, 2001
4:26 pm

... OK ... OK ... Oops. Not OK. It's not legal, and even if they have the best intentions, it's not safe. Suppose someone sees them enter and calls the cops?...

Dave Sill
de5-fors-discuss@...

Aug 30, 2001
5:22 pm

... In that case, the bank's story IS: You only get access to the toilet, and if you'd be able to get out of that toilet, you wouldn't get access to anything...

R.E.Wolff@...

Aug 30, 2001
10:49 pm

* Dave Mitchell ... In the recent case the looking-around was made more problematic IMHO because the person took some photocopies of the papers on the table in...

Ralf Fassel
ralf@...

Aug 30, 2001
4:29 pm

... Correct, but what was of equal significance, we felt, was the apparent truth that the application of statutes which are grounded in ancient real property ...

larryo@...

Sep 3, 2001
9:05 pm

(I'm not a lawyer.) ] Sysadmins do things every day that, if their employer decides at a later ] time any one of which was "unauthorized," subject them to...

David Keegel
djk@...

Sep 4, 2001
12:20 am

... David> In that case, if you could show that you didn't realise at the time David> that the act was "without authorization" (because you had implicit David>...

merlyn@...

Sep 4, 2001
12:36 am

... One of the "problems" with your trial is that you should've said "NO" to the question: "Was this for personal gain?" . The way you answered that question...

R.E.Wolff@...

Sep 4, 2001
5:35 pm

... R> One of the "problems" with your trial is that you should've said "NO" R> to the question: "Was this for personal gain?" . R> The way you answered that...

merlyn@...

Sep 4, 2001
6:03 pm

... That you could, if it were not for ORS 161.115(1), which provides in part: (1) If a statute defining an offense prescribes a culpable mental state but does...

larryo@...

Sep 7, 2001
10:31 pm

Yahoo! Groups Tips

Did you know...

Messages

Yahoo! My Yahoo! Mail
	Sign In New User? Sign Up
		Tech - Groups - Help

Yahoo! Groups Tips

Did you know...

Best of Y! Groups

Messages