Re: [Full-Disclosure] House approves spyware legislation
From: Bankim J. Tejani (tejani_at_alum.rpi.edu)
To: RandallM <email@example.com> Date: Wed, 6 Oct 2004 23:18:12 -0400
While good in principle, this legislation is hopelessly unenforceable
and is almost certainly just election year politics. Somebody knows
this and is probably the 1 vote against it. Think about it:
Say that this was a law and someone does what you say and changes your
homepage or something similar with some spyware. Here are somethings
that any prosecutor or civil attorney would have to consider before
1) How can you prove what the setting was before? It's one thing for
you to know what it was, but another to prove it in a court of law.
Otherwise it's your word versus theirs.
2) How can you find out who exactly was the person or company that took
this action? You're talking about a massive time undertaking to trace
the packet data through every router between you and the accused.
3) Was their machine used by some hacker? This, unfortunately (or
fortunately, depending on how you see it), has been used in court and
proved to be a successful defense.
4) What was the motive for changing your computer specifically?
5) What type of crime is appropriate? Is it theft? trespassing?
moving your plant from your front yard to your back yard?
6) What is an appropriate sentence? The five minutes you lost changing
it back paid at your current salary? A fine? jail time?
I am not a lawyer, but only a little common sense about the law is
needed here. Some of these issues apply not only to this law, but all
forms of cyber-related law. Few organizations have successfully
prosecuted under any form of cyber law. The most notable so far has
been the RIAA, whose cases were never tested in court, but used to
torque people into paying fines rather than facing legal bills that
would bankrupt them.
If we keep passing unenforceable legislation, all we'll end up with is
a tomb of law with hundreds of thousands of lawyers looking through it
and an internet that's just as lawless as it is right now. On second
thought, keep passing those laws. <<searching for LSAT book>>
On 06 Oct, 2004, at 19:09, RandallM wrote:
> <|>On Wed, 6 Oct 2004 05:03:45 -0700, Gregory Gilliss
> <|><firstname.lastname@example.org> wrote:
> <|>> Great, Not that I'm any fan of spyware, but this is just
> <|>another law
> <|>> against hacking. Think - what's the difference between this and
> <|>> someone using XSS to "take control" of a computer? If you
> <|>r00t a box
> <|>> and deface the home page, then you've broken this law.
> <|>> <sigh> Instead of fixing the problem (poor software
> <|>security) we pass
> <|>> laws to punish the people who do the things that
> <|>illustrate the problem.
> <|>> Basic philosophical differences, blah blah blah ...
> <|>> Worst of all, do you really think that the spyware rackets
> <|>will slow
> <|>> down or cease because of this? Nope - they'll just migrate
> <|>out of the jurisdiction.
> <|>> -- Greg
> <|>End of Full-Disclosure Digest
> I guess one has to decide if browser hijacking is not the taking of
> property. I for one do not fine it amusing to open my browser and it
> been redirected to a hijacked page as my new Homepage!
> If this law would allow me...the user to bring down hell upon these
> then I'm all for it.
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Full-Disclosure - We believe in it.