-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/08/10 11:39, Marc Grober wrote:
> How about an example? Some years ago the state rolled out a web app that req=
> uired one to set a username and password. I did so totally lawfully, but dis=
> covered soon enough that the programmer had not included "boilerplate" code t=
> o address characters like "@" so each time I logged in I brought down the ap=
> p. Upon discovering this I contacted the state immediately and adviser them o=
> f what I had discovered.... And of course was blown off. So I did what any "=
> hacker" would do, I wrote a little script to test to see if the db was up an=
> d if it was log me in, then called back and told them what I had done.=20
>
> There are half a dozen legal analyses buried in these simple few sentences, a=
> nd arguably, under current law my logging in knowing that it would bring dow=
> n the db was unlawful, as I knew that my actions would likely deprive others=
> of access whether or not I intended that result, despite the fact that the "=
> victim" had invited me to log in, despite the fact that I really didn't want=
> to deprive others of access....
>
> As side notes, the law attempts to balance competing interests, The law reco=
> gnizes for example my interest in realty but may view trespass on my unfence=
> d back 40 differently than entry into my house, even if I don't lock my doo=
> rs. Also, one of the first concerns in any analysis is whether there is just=
> iciable interest in issue.=
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
>
Thanks for the example.
One of the points I was trying to emphasize earlier was that the digital
landscape is not the same as the traditional one. Those of us, for
example, who own a house, don't want people breaking into our houses as
night, whether or not we happen to lock the doors or put in advanced
security systems. This is a good thing.
But the digital world isn't quite the same. We put servers out on these
freely navigable networks, the servers exposes certain interfaces, and
then we expect people half-way around the world to remotely access those
interfaces in exactly the way we planned for them to do so.
Instead of specifically dealing the actual /crimes/ that could be done
remotely, the law just blanketly states that all "unauthorized"
exploration of the interfaces are felony offenses. Forget cases like we
heard of (or experienced) earlier, where such exploration might
ultimately have security or educational benefits.
To me, the law comes across as the typical government approach to
solving problems that they don't really understand. (Cup of DMCA, anyone?)
- --
Christopher Howard
frigidcode.com
theologia.indicium.us
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkxfQAwACgkQQ5FLNdi0BcUzxQCdEOM1149WqgspST/jRwZZx8fm
CLwAn1lhsmQ3xWVws7XqG4BFwCPw+hnE
=oL+a
-----END PGP SIGNATURE-----
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Sun Aug 8 15:38:17 2010
This archive was generated by hypermail 2.1.8 : Sun Aug 08 2010 - 15:38:17 AKDT