-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/07/10 19:51, Bruce Hill wrote:
> On Sat, Aug 07, 2010 at 07:40:40PM -0800, Christopher Howard wrote:
>>
>> Alaska Statute 11.46.740. Criminal use of computer.
>>
>> (a) A person commits the offense of criminal use of a computer if,
>> having no right to do so or any reasonable ground to believe the person
>> has such a right, the person knowingly accesses, causes to be accessed,
>> or exceeds the person's authorized access to a computer, computer
>> system, computer program, computer network, or any part of a computer
>> system or network, and, as a result of or in the course of that access,
>>
>> (1) obtains information concerning a person;
>>
>> (2) introduces false information into a computer, computer system,
>> computer program, or computer network with the intent to damage or
>> enhance the data record or the financial reputation of a person;
>>
>> (3) introduces false information into a computer, computer system,
>> computer program, or computer network and, with criminal negligence,
>> damages or enhances the data record or the financial reputation of a person;
>>
>> (4) obtains proprietary information of another person;
>>
>> (5) obtains information that is only available to the public for a fee;
>>
>> (6) introduces instructions, a computer program, or other information
>> that tampers with, disrupts, disables, or destroys a computer, computer
>> system, computer program, computer network, or any part of a computer
>> system or network; or
>>
>> (7) encrypts or decrypts data.
>>
>> (b) In this section, "proprietary information" means scientific,
>> technical, or commercial information, including a design, process,
>> procedure, customer list, supplier list, or customer records that the
>> holder of the information has not made available to the public.
>>
>> (c) Criminal use of a computer is a class C felony.
>>
>> - --
>> Christopher Howard
>
> Hey Chris,
>
> This law sounds good. It does not say you can not legal do these things to
> your own computer, or to which you have permission.
>
> And fyi, hacking is not the same as cracking. Hacking is what we do when
> we have to fix some blunder created by the distro, such as enabling ipv6
> by default, when we live in an area without any ipv6 <anything>.
>
> Cracking is when someone illegally ssh'es into your box, and decides to
> "rm -rf ~chris/homework" or some such.
>
> Peace,
> Bruce
I knew I'd get a few comments about the cracking vs. hacking thing.
Frankly, if you pick any random person off the street, and tell him you
are a hacker, he'll think you break into computer systems. If you tell
him you are a cracker, you will make a very different impression.
Furthermore, I've seen the signatures on files actually left by people
who have broken into a system. They called themselves "hackers". So I'll
call 'em hackers if I want to do so.
If I may, I'd like to take the opposing side against stiff criminal
penalties for hacking. A few arguments:
- The act of hacking alone does not imply criminal intent. For example,
a person who enjoys hacking for sport, might break into a system, and
then send off an e-mail to the administrator letting them know they
found a vulnerability.
- Stiff legal penalties discourage beneficial hacking. A spin off of
the previous point: If hacking is a felony offense, this discourages
hobbyists and people with good intentions from exploring the
vulnerabilities of remote systems, or from disclosing them if they
discover such vulnerabilities.
- This approach does not properly distinguish between crime and method.
For example, if I steal candy from a store, I should be charged with the
crime of stealing, not the crime of carrying an object out of a store.
Comparatively, the /results/ of my hacking should be judged: did I steal
(virtual) money? did I destroy information? et cetera.
- The laws fail to comprehend the differences between the modern
digital setting and the traditional environments in which crime occurs.
In many (most?) cases where computer "break-ins" occur, the "assailant"
is utilizing a deficiency in some service that has been freely exposed
to the public. (http://xkcd.com/327/) Arguably, liability could be
shifted back to those who provided and/or implemented the defective
software. Instead of playing that blame game, why not just judge the
/results/ of the hacking, that is: what damage was actually done?
- --
Christopher Howard
frigidcode.com
theologia.indicium.us
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkxeSBEACgkQQ5FLNdi0BcU/UwCeOvbCcBmduFgw1RNEig+hYbDp
t34AoIiZz5iSKF8tBqtFBQ1pNvzCIDt7
=93Xs
-----END PGP SIGNATURE-----
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Sat Aug 7 22:00:27 2010
This archive was generated by hypermail 2.1.8 : Sat Aug 07 2010 - 22:00:27 AKDT