How about an example? Some years ago the state rolled out a web app that req=
uired one to set a username and password. I did so totally lawfully, but dis=
covered soon enough that the programmer had not included "boilerplate" code t=
o address characters like "@" so each time I logged in I brought down the ap=
p. Upon discovering this I contacted the state immediately and adviser them o=
f what I had discovered.... And of course was blown off. So I did what any "=
hacker" would do, I wrote a little script to test to see if the db was up an=
d if it was log me in, then called back and told them what I had done.=20
There are half a dozen legal analyses buried in these simple few sentences, a=
nd arguably, under current law my logging in knowing that it would bring dow=
n the db was unlawful, as I knew that my actions would likely deprive others=
of access whether or not I intended that result, despite the fact that the "=
victim" had invited me to log in, despite the fact that I really didn't want=
to deprive others of access....
As side notes, the law attempts to balance competing interests, The law reco=
gnizes for example my interest in realty but may view trespass on my unfence=
d back 40 differently than entry into my house, even if I don't lock my doo=
rs. Also, one of the first concerns in any analysis is whether there is just=
iciable interest in issue.=
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Sun Aug 8 11:39:27 2010
This archive was generated by hypermail 2.1.8 : Sun Aug 08 2010 - 11:39:27 AKDT